Secure and efficient mobile payment using QR code in an environment with dishonest authority

Abstract

Quick response (QR) code payment has become the mainstream of mobile payment in China. However, severe security threat greatly influences consumer confidence. Unifying security and convenience of QR code is a difficult issue. The paper proposes a secure and efficient mobile payment (SEMP) solution where signed and encrypted payment data are embedded into QR code. Since private keys are issued by fully distributed private key generators (PKGs), no matter malicious user, dishonest third party payment platform (TPP), or dishonest PKG, can not impersonate a legal person to authorize a payment or eavesdrop on the communication to obtain privacy information. The scheme has confidentiality and unforgeability. Especially, it can resist against authority attacks. Since no public key certificate is required, it has clear advantage over existing PKI schemes. The comparisons with related schemes show our SEMP scheme maintains less communication cost, while it provides higher security level. So it can better meet security and convenient requirements of mobile payment and it can apply in the QR code payment environment with dishonest authority.