Journal of Digital Contents Society (디지털콘텐츠학회 논문지)

Digital Contents Society (한국디지털콘텐츠학회)
권호 표지
DOI QR코드

DOI QR Code

Secure Mobile Credit Card Payment Protocol based on Certificateless Signcryption

무인증서 서명 암호화 기법을 이용한 안전한 모바일 신용카드 결제 프로토콜

  • 최희진 (고려대학교 정보보호대학원 정보보호학과) ;
  • 김형중 (고려대학교 정보보호대학원 정보보호학과)
  • Received : 2013.01.24
  • Accepted : 2013.03.28
  • Published : 2013.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

The increase of the smartphone users has popularized the mobile payment and the mobile credit card users are rapidly getting increased. The mobile credit cards that currently used provide its users with the service through downloading mobile credit card information into USIM. The mobile credit card saved in USIM has the minimized information for the security and is based on PKI. However certificate-based payment system has a complicated procedure and costs a lot of money to manage the certificates and CRL(Certificate Revocation List). Furthermore, It can be a obstacle to develop local e-commerce in Korea because it is hard for foreigners to use them. We propose the secure and efficient mobile credit card payment protocol based on certificateless signcryption which solve the problem of certificate use.

스마트폰 사용의 증가로 인해 모바일을 통한 결제가 대중화되고 모바일카드 이용자도 급격하게 증가하고 있다. 현재 사용되어지는 모바일카드의 대부분은 USIM(Universal Subscriber Identification Module) 칩에 신용카드 정보를 다운받아 사용자에게 서비스를 제공한다. USIM에 저장되는 모바일카드는 통신사의 USIM 칩에 보안을 위한 최소한의 정보를 저장하고 관리하며 PKI(Public Key Infrastructure) 기반의 인증서 체계를 사용하고 있다. 그러나 PKI 기반의 결제 시스템의 경우 처리 절차가 복잡하고, 인증서 및 CRL(Certificate Revocation List) 관리에 많은 비용이 필요하다. 특히 인증서가 없는 외국인의 경우 국내 전자상거래를 이용할 수 없기 때문에 국내 전자상거래 발전을 저해하는 요인으로 작용할 수 있다. 따라서 본 논문에서는 인증서 사용의 문제를 해결한 모바일 환경에 적합한 무인증서(certificateless) 기반의 서명 암호화 기법을 이용한 안전한 신용카드 결제 프로토콜을 제안한다.

Keywords

References

  1. http://www.gartner.com/it/page.jsp?id=208315, "Worldwide Mobile Payment Transaction calue to Surpass $171.5 Billion"
  2. A. Shamir. "Identity-based crypto systems and signature schemes." In Advances in Cryptology, volume196 of LNCS, pages 47-53. Springer-Verlag, 1985
  3. Kenneth G. Paterson "A comparison between traditional public key infrastructures and Identity-based Cryptography" Information Security Technical Report Volume 8, Issue 3, pp. 57-72, July 2003, https://doi.org/10.1016/S1363-4127(03)00308-X
  4. M. Barbosa and P.Farshim "Certificateless signcryption" Cryptology eprint archive : report 2008/143. Available from : http://eprint.iacr.org/2008/143.
  5. C. Wu and Z. Chen. "A new efficient certificateless signcryption scheme." In International Symposium on Information Science and Engineering, ISISE'8., volume 1, pages 661-64, 2008.
  6. S.S.D. Selvi, S.S. Vivek, and C.P. Ragan. "On thesecurity of certificateless signcryption schemes." Cryptology ePrint Archive : Report 2009/298, Available from : http://eprint.iacr.org/2009/298.
  7. W. Xie and Z. Zhang. "Efficient and provably-securecertificateless signcryption from bilinear maps." Cryptology ePrint Archive : Report 2009/578, Available from : http://eprint.iacr.org/2009/578.
  8. W. Xie and Z. Zhang. "Certificateless Signcryption without Pairing." Cryptology ePrint Archive : Report2010/187, Available from : http://eprint.iacr.org/2010/187
  9. Eun wha Jhee, Ae young Kim, Sang ho Lee "Improving the Security of Mobile Credit Card Payment Protocol for USIM-based Smart Phone" Journal of Computing Science and Engineering, 17(4), April 2011.
  10. S. Kungpisdan, B. Srinivasan and P. Le, "A secure account-based mobile payment protocol, " Proc. of ITCC 2004, vol.1, pp.35-39, 2004.
  11. X. Wu, O. Dandash and P. Le, "The design and implementation of a smartphone payment system based on limited-used key generation scheme, "Third International Conference on Information Technology : New Generations, pp.458-463, 2006.
  12. X. Wang and N. Cui, "Research of security mobilepayment protocol in communication restrictions scenarios, " Computational Intelligence and Security, pp.213-217, 2009.
  13. S. Fourati, "Protocol specification core functions ofVisa International 3-D security protocol, " Wireless Communications, Issue 7, pp.353-360, 2002.
  14. Sang-Kyu Byun "Analysis for the Smart Phone Ecosystem and its Economic Spillover Effects" Journal of Digital Contents Society Vol.12, pp.205-216, 2011. https://doi.org/10.9728/dcs.2011.12.2.205

Cited by

  1. Design and Implementation for Card Holder Initiated Card Payment System Using the Mobile Devices vol.13, pp.4, 2014, https://doi.org/10.9716/KITS.2014.13.4.245