Skip to main content
SpringerLink
Log in

Analysis and Improvement on a Mobile Payment Protocol with Outsourced Verification in Cloud Service

  • Computer Science
  • Published:
Wuhan University Journal of Natural Sciences

Abstract

Mobile wallet is a very convenient means of mobile payment to allow the clients to conduct the payment via their mobile devices. To reduce the computation burden of resourcesconstraint mobile devices, a few mobile wallet protocols with outsourced verification in cloud computing were proposed. But in some of the protocols, there exist the risk of a colluding attack of the customer and the untrusted cloud server. In this paper, we propose an improved protocol, in which the payment information is protected by Hash function and random number. The malicious customer and cloud server cannot change the payment information to conduct a collusion forgery attack to defraud the merchant. The security analysis indicates that the proposed improved protocol can enhance the security in terms of correctness, unforgeability and traceability without increasing the computational burden.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Amoroso D L, Magnier-Watanabe R. Building a research model for mobile wallet consumer adoption: The case of mobile Suica in Japan [J]. Journal of Theoretical and Applied Electronic Commerce Research, 2012, 7 (1): 94–110.

    Article  Google Scholar 

  2. Shibin D, Kathrine J. A secure and hybrid approach for key escrow problem and to enhance authentic mobile wallets [J]. Smart Innovation, Systems and Technologies, 2019, 105: 81–89.

    Article  Google Scholar 

  3. Varghese B, Buyya R. Next generation cloud computing: New trends and research directions [J]. Future Generation Computer Systems, 2018, 79 (3): 849–861.

    Article  Google Scholar 

  4. Kang B Y, Wang J Q, Shao D Y. Certificateless public auditing with privacy preserving for cloud-assisted wireless body area networks [J]. Mobile Information Systems, 2017, 2017: 2925465.

  5. Wu T Y, Tseng Y M, Huang S S, et al. Non-repudiable provable data possession scheme with designated verifier in cloud storage systems [J]. IEEE Access, 2017, 5: 19333–19341.

    Article  Google Scholar 

  6. Qin Z, Sun J F, Wahaballa A, et al. A secure and privacy-preserving mobile wallet with outsourced verification in cloud computing [J]. Computer Standards and Interfaces, 2016, 54: 55–60.

    Article  Google Scholar 

  7. Al-Riyami S, Paterson K. Certificateless public key cryptography [C]// Advances in Cryptology-ASIACRYPT 2003, Proceedings of the 9th International Conference on the Theory and Application of Cryptology and Information Security. Berlin: Springer-Verlag, 2003: 452–473.

    Google Scholar 

  8. Cao S, Lang X, Liu X, et al. Probably secure and efficient certificateless aggregate signature [J]. Netinfo Security, 2019, 19(1): 42–50(Ch).

    Google Scholar 

  9. Xiong H. Cost-effective scalable and anonymous certificateless remote authentication protocol [J]. IEEE Transaction and Information Forensics and Security, 2014, 9(12): 2327–2339.

    Article  Google Scholar 

  10. Kang B Y, Xu D. A secure certificateless aggregate signature scheme [J]. International Journal of Security and Its Applications, 2016, 10(3): 55–68.

    Article  Google Scholar 

  11. Chen Y M, Cheng X G, Wang S, et al. Research on certificateless group signature scheme based on bilinear pairings [J]. Netinfo Security, 2017, 17( 3): 53–58(Ch).

    Google Scholar 

  12. Liao Y J, He Y C, Li F G, et al. Analysis of a mobile payment protocol with outsourced verification in cloud server and the improvement [J]. Computer Standards and Interfaces, 2018, 56: 101–106.

    Article  Google Scholar 

  13. Kang B Y, Wang J Q, Shao D Y. Attack on privacy-preserving public auditing schemes for cloud storage [J]. Mathematical Problems in Engineering, 2017, 2017: 8062182.

  14. Kang B Y, Wang M, Jing D Y. An off-line payment scheme for digital content via subliminal channel [J]. Journal of Information Science and Engineering, 2018, 34: 171–192.

    Google Scholar 

  15. Wu T Y, Tseng Y M. Publicly verifiable multi-secret sharing scheme from bilinear pairings [J]. IET Information Security, 2013, 7(3): 239–246.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Tianjin Polytechnic University, Tianjin, 300387, China

    Baoyuan Kang, Jianqi Du, Lin Si & Mingming Xie

Authors
  1. Baoyuan Kang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianqi Du
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lin Si
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mingming Xie
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Baoyuan Kang.

Additional information

Foundation item: Supported by the Applied Basic and Advanced Technology Research Programs of Tianjin (15JCYBJC15900)

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kang, B., Du, J., Si, L. et al. Analysis and Improvement on a Mobile Payment Protocol with Outsourced Verification in Cloud Service. Wuhan Univ. J. Nat. Sci. 24, 223–228 (2019). https://doi.org/10.1007/s11859-019-1389-3

Download citation

  • Received:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11859-019-1389-3

Key words

CLC number

Search

Navigation