Strong anonymous mobile payment against curious third-party provider

Article
  • 64 Downloads

Abstract

M-commerce provides convenient services and has developed rapidly in recent years. But security and privacy have always been major concerns for most users. Among existing payment systems, PayPal as well as Alipay has a third-party payment provider (TPP) but does not provide anonymity. Bitcoin provides anonymity but its decentralized framework without TPP causes high energy consumption and security attack issues. Further information can be deduced from the public decentralized ledger, Bitcoin cannot offer strong privacy guarantees. Therefore, unifying strong anonymity, security and efficiency is challenging in mobile payment. This paper proposes a strong anonymous mobile payment against a curious third-party provider (SATP). A ticket as a new means of payment is partially blindly signed by TPP using certificateless cryptographic primitives. SATP can ensure confidentiality of payment data, non-repudiation and revocation of payment operation, and anonymity of payer’s identity. Especially, it can enable a user to pay anonymously even in face of a curious TPP. Performance analysis shows that SATP avoids high energy consumption like Bitcoin, and its communication cost is less than that of the existing anonymous research work.

Keywords

Mobile payment Ticket Strong anonymous Revocation Partially blind signature 

Notes

Acknowledgements

This work was supported by the Major Research Project for Social Science Innovation and Development of Anhui Province (Grant No. 2017ZD005), the Visiting Scholar Projects of Anhui Province for Excellent Young and Middle-aged Backbone Talents (Grant No. gxfxZD2016305), and the Natural Science Foundation of Anhui Province (Grant No. 1608085MF141). We would like to thank the anonymous referees and Editors for their valuable comments and suggestions.

References

  1. 1.
    Isaac, J. T., & Zeadally, S. (2014). Design, implementation, and performance analysis of a secure payment protocol in a payment gateway centric model. Computing, 96(7), 587–611.CrossRefGoogle Scholar
  2. 2.
    Preibusch, S., Peetz, T., Acar, G., & Berendt, B. (2016). Shopping for privacy: Purchase details leaked to PayPal. Electronic Commerce Research and Applications, 15, 52–64.CrossRefGoogle Scholar
  3. 3.
    Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system.Google Scholar
  4. 4.
    Bohannon, J. (2016). The Bitcoin Busts. Science, 351(6278), 1144–1146.  https://doi.org/10.1126/science.351.6278.1144.CrossRefGoogle Scholar
  5. 5.
    Conti, M., Lal, C., & Ruj, S. (2017). A survey on security and privacy issues of Bitcoin. arXiv preprint arXiv:1706.00916.
  6. 6.
    Miyazaki, A. D., & Fernandez, A. (2001). Consumer perceptions of privacy and security risks for online shopping. Journal of Consumer Affairs, 35(1), 27–44.CrossRefGoogle Scholar
  7. 7.
    Specification, S. S. E. T. (1997). Book 3: Formal protocol definition. In SET Secure Electronic Transaction LLC, Version (p. 1).Google Scholar
  8. 8.
    Bellare, M., Garay, J. A., Hauser, R., Herzberg, A., Krawczyk, H., Steiner, M., et al. (2000). Design, implementation, and deployment of the iKP secure electronic payment system. IEEE Journal on Selected Areas in Communications, 18(4), 611–627.CrossRefGoogle Scholar
  9. 9.
    Pukkasenung, P., & Chokngamwong, R. (2016). Review and comparison of mobile payment protocol. Advances in parallel and distributed computing and ubiquitous services (pp. 11–20). Singapore: Springer.CrossRefGoogle Scholar
  10. 10.
    Han, J., Yang, Y., Huang, X., Yuen, T. H., Li, J., & Cao, J. (2016). Accountable mobile E-commerce scheme via identity-based plaintext-checkable encryption. Information Sciences, 345, 143–155.CrossRefGoogle Scholar
  11. 11.
    Isaac, J. T., Zeadally, S., & Cámara, J. S. (2012). A lightweight secure mobile payment protocol for vehicular ad-hoc networks (VANETs). Electronic Commerce Research, 12(1), 97–123.CrossRefGoogle Scholar
  12. 12.
    Isern-Deya, A. P., Magdalena Payeras-Capella, M., Mut-Puigserver, M., & Ferrer-Gomila, J. L. (2012). Anonymous, secure and fair micropayment system to access location-based services. In Trustworthy ubiquitous computing (pp. 227–247).Google Scholar
  13. 13.
    Sekhar, V. C., & Sarvabhatla, M. (2012). Secure lightweight mobile payment protocol using symmetric key techniques. In International Conference on Computer Communication and Informatics (pp. 1–6).Google Scholar
  14. 14.
    Gong, P., & Li, P. (2015). Further improvement of a certificateless signature scheme without pairing. International Journal of Communication Systems, 27(10), 2083–2091.CrossRefGoogle Scholar
  15. 15.
    Yeh, K. H. (2017). A secure transaction scheme with certificateless cryptographic primitives for IoT-based mobile payments. IEEE Systems Journal, 99, 1–12.CrossRefGoogle Scholar
  16. 16.
    Shamir, A. (1984). Identity-based cryptosystems and signature schemes. In Crypto (vol. 84, pp. 47–53).Google Scholar
  17. 17.
    Zhang, F., Safavi-Naini, R., & Susilo, W. (2003). Efficient verifiably encrypted signature and partially blind signature from bilinear pairings. In Indocrypt (vol. 2904, pp. 191–204).Google Scholar
  18. 18.
    Chow, S., Hui, L., Yiu, S., & Chow, K. (2005). Two improved partially blind signature schemes from bilinear pairings. Information security and privacy (pp. 355–411). Berlin: Springer.Google Scholar
  19. 19.
    Li, F., Zhang, M., & Takagi, T. (2013). Identity-based partially blind signature in the standard model for electronic cash. Mathematical and Computer Modelling, 58(1), 196–203.CrossRefGoogle Scholar
  20. 20.
    Boneh, D., & Franklin, M. (2001). Identity-based encryption from the Weil pairing. In Annual international cryptology conference (pp. 213–229). Berlin: Springer.Google Scholar
  21. 21.
    Pointcheval, D., & Stern, J. (1996). Security proofs for signature schemes. In Eurocrypt (vol. 96, pp. 387–398).Google Scholar
  22. 22.
    Wang, N. W., Huang, Y. M., & Chen, W. M. (2008). A novel secure communication scheme in vehicular ad hoc networks. Computer Communications, 31(12), 2827–2837.CrossRefGoogle Scholar
  23. 23.
    Chen, L., Ng, S. L., & Wang, G. (2011). Threshold anonymous announcement in VANETs. Selected Areas in Communications, 29(3), 605–615.CrossRefGoogle Scholar
  24. 24.
    Calandriello, G., Papadimitratos, P., Hubaux, J. P., & Lioy, A. (2007). Efficient and robust pseudonymous authentication in VANET. In International workshop on vehicular ad hoc networks, Vanet 2007, Montréal, Québec, Canada (pp. 19–28). OAI.Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Anhui Finance and Trade Vocational CollegeHefeiChina
  2. 2.School of Computer and InformationHefei University of TechnologyHefeiChina

Personalised recommendations