摘要
国际芯片卡标准化组织(EMVCo)于2016年发布3-D Secure 2.0协议,用于在移动互联网背景下,发卡行对持卡人和商户的身份进行认证。3DS 2.0协议通过在身份认证流程中引入目录服务器,保障了身份认证过程中的机密性和不可抵赖性,利用消息认证码保障了信息的完整性。3DS 2.0协议基于风险评估判断,执行平滑型、挑战型两种认证模式,提升了认证效率,改善了用户体验。首先介绍了3DS 2.0协议的研究背景,详细解释了该协议的工作流程,从机密性、完整性和不可抵赖性等角度分析了该协议的安全性能。接着分析了3DS 2.0协议相对于1.0版本的进步,介绍了本协议对金融领域特别是支付领域可能产生的影响。最后,分析了本协议技术路线应用于其他应用场景的前景。
EMVCo released the 3-D secure 2.0 protocol in 2016,which is used to complete the identity authentication of cardholders and merchants in the context of mobile Internet.3DS 2.0 protocol introduces directory server into the identity authentication process to ensure confidentiality and non-repudiation,and uses message authentication code to ensure the integrity of information.Based on the judgment of risk assessment,3DS 2.0 protocol improves the authentication efficiency and user experience through two authentication modes:frictionless mode and challenge mode.This paper introduces the research background of 3DS 2.0 protocol,explains the workflow of the protocol in detail,and analyzes the security performance of the protocol from the perspectives of confidentiality,integrity and non-repudiation.Then,it analyzes the progress of 3DS 2.0 compared with version 1.0,and introduces the possible impact of this protocol on the financial field,especially the payment field.Finally,it analyzes the prospects of applying this protocol to other application scenarios.
作者
彭启维
陈恭亮
周志洪
PENG Qi-wei;CHEN Gong-liang;ZHOU Zhi-hong(Shanghai Jiaotong University,Shanghai 201100,China;Shanghai Key Laboratory of Integrated Administration Technologies for Information Security,Shanghai 201100,China)
出处
《通信技术》
2020年第11期2795-2801,共7页
Communications Technology
基金
国家重点研发计划“电子货币新原理与新方法研究”(No:2017YFB0802500)。
