State of The Art Secure Mobile Payment

This article has been accepted for publication in a future issue of this journal, but has not been
fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2963480, IEEE Access
Digital Object Identifier
State of the Art: Secure Mobile Payment

WENZHENG LIU1 , XIAOFENG WANG 2 , WEI PENG3
1
College of Computer, National University of Defense Technology, Changsha 410073, China (910972029@qq.com)
2
College of Computer, National University of Defense Technology, Changsha 410073, China (xf_wang@nudt.edu.cn)
3
College of Computer, National University of Defense Technology, Changsha 410073, China (wpeng@nudt.edu.cn)
Corresponding author: Xiaofeng Wang (xf_wang@nudt.edu.cn),Wei Peng (wpeng@nudt.edu.cn)
This research was supported in part by a project of the National Key Research and Development Program of China under Grant
2017YFB0802300.
ABSTRACT With mobile payments popular around the world, payers can conduct a payment anytime
and anywhere. While providing great convenience, mobile payment also brings many payment security
issues. This paper is the first comprehensive review of secure mobile payment. We classify the mobile
payment into TPC(third-party payment company)-led mobile payment and Bank-led mobile payment, and
based on this, summarize the system structure of mobile payment. Then we discuss the mobile payment
security technology framework from Tokenization, PAN(bank card primary account number) binding, and
Secure Payment Authentication, respectively. Besides, this paper introduces secure technologies(hardware
and software) used in these procedures, discusses and analyzes the security issues that they have been
encountered, summarise open issues, and proposes future development directions. In the end, we give the
discussion and comparison of popular and representative mobile payment applications, including Alipay,
Wechat Pay, Apple Pay, Samsung Pay, and Google Pay.
INDEX TERMS Tokenization, symmetric cryptosystem, hybrid cryptosystem, PAN binding, TOTP, remote
payment, near-field payment.
I. INTRODUCTION personal computer, etc.

Since modern times, payment methods have tremendously The classification of mobile payment varies from different
changed remarkably. In the beginning, people paid in cash. perspectives. According to the distance of mobile payment,
Then, the bank card was invented as a new medium for it can be divided into the near-field payment and the remote
payment. Today, modern technology even further put bank payment. According to the communication of the user’s
cards into mobile phones. In China, Alipay and WeChat mobile terminal, it can be divided into offline payment and
are two main mobile payment providers. Mobile payment is online payment.
blooming in China and gradually creates a no cash society. In
the United States and Europe, Apple, Google, and Samsung CONTRIBUTION
have joined MasterCard, Visa, and other card organizations
By analyzing mainstream mobile payment applications and
to promote their respective payment programs. And In other
their secure payment technologies, we divide mobile pay-
parts of the world, such as Southeast Asia, South America,
ment into TPC-led(third-party payment companies led) and
and Africa, are gradually being covered [16] by it. Mobile
Bank-led payment. TPC-led mobile payment is organized
payment has become a general trend in the world and consti-
by a third-party payment company that is responsible for
tutes an increasingly substantial portion of payments [15].
the payment authentication and fund settlement functions.
Mobile payment is defined by the Mobile Payment Fo- The representative providers are Alipay, Tencent, Paypal,
rums1 to be “ transaction of both parties for specific goods etc. On the contrary, for the Bank-led mobile payment, the
or service, using a mobile terminal device as a carrier, and bank is responsible for the payment authentication and fund
a commercial transaction implemented through a mobile settlement functions directly, which representative providers
communication network.” The mobile payment terminal may are Apple, Google, and Samsung.
be a mobile phone, a personal digital assistant, a portable
In both TPC-led and Bank-led mobile payments, payment
1 Mobile Payment Forum is a global, cross-industry alliance of leading
security is the most crucial requirement. In this paper, mobile
organizations from the mobile and financial industries dedicated to realizing payment security is divided into the Tokenization, PAN(bank
the full potential of mobile commerce. card primary account number) binding, and secure payment
VOLUME 10, 2019 1
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
W.L et al.: State of the Art: Secure Mobile Payment
authentication, respectively. the list of acronyms used in this paper. These acronyms are
For the Tokenization, we start with a brief overview of not only used in the text but also used in figures and tables.
motivation to use tokenization in mobile payment and then
summarise and analysis centralized tokenization and dis- TABLE 1. List of acronyms used in this paper
tributed tokenization, respectively. Finally, this paper pro-
poses several open issues and present a recommendation for PAN primary account number
TOTP time-based one-time password
further research. TPC third-party payment company
For the PAN binding, we focus on how a PAN is bound to TSP token service provider
the mobile phone, which can be divided into third-party trust TR token requestor
URL uniform resource locator
protocol and PAN anti-leakage protocol. This paper detailed NFC near-field communication
introduces the third-party trust protocol, sets a security model MST magnetic secure transmission
for PAN anti-leakage scene, and discusses the technology TEE trusted execution environment
that may use for it. SE secure element
HCE host-based card emulation
For the Payment Authentication, we concentrate on how FPE format-preserving encryption
a bank or third-party company authenticates the transaction CCEP contactless card emulation payment
information. All mobile payment authentication is divided IB-FPE identity-based format-preserving encryption
into remote payment authentication, time-based one-time
password (TOTP) payment authentication, and card emula-
tion payment authentication: A. MOBILE PAYMENT SYSTEM STRUCTURE
• remote payment authentication: first, there is an intro- In this subsection, we show the system structure of the entire
duction for its payment method and process of authentica- mobile payment. In the introduction section, the mobile
tion. Furthermore, we summarize its representative academic payment is divided into TPC-led mobile payment and Bank-
research; led mobile payment. So our description will be based on this
• TOTP payment authentication: we begin to introduce the classification. In Figure 1, starting from the bank card, the left
deployment of TOTP payment, and then detailed discussed part represents the Bank-led mobile payment, and the right
the algorithm of TOTP payment. In the end, we give a part represents the TPC-led mobile payment.
discussion and propose several open issues; First, we list main participating entities:
• card emulation payment authentication: this paper first • Payer: The entity that initiates the transaction;
describes the authentication algorithm, and then summarises • Mobile terminal: It is an internet mobile device with a
its security issues encountered and points out the future mobile payment application installed;
research direction. • Payee: The entity that accepts the transaction;
In the last section, it has a discussion and comparison in • Bank-led payment provider: It cooperates with banks
terms of security, usability, and availability for popular mo- or card organizations and use their advantages of hardware
bile payment applications. Then we analyze their strengths and software to support Bank-led payment. Representatives
and weaknesses with the reasons that cause them, discuss are Apple, Samsung, and Google, etc;
the possible future development of secure mobile payment • TPC-led payment provider: It is responsible for per-
technologies, and highlighted some issues that need to be forming payment authentication and fund settlement func-
resolved. tions in place of the bank in the TPC-led payment. Repre-
sentatives are Alipay and Wechat, etc;
ORGANIZATION • Mobile payment provider: All bank-led payment
In conjunction with the objective mentioned above objec- providers and TPC-led payment providers are collectively
tives, the remainder of this study is organized based on called mobile payment provider;
the primary research areas of mobile payment security: in • Card organization: It authorizes members(usually
Section II, we introduce the mobile payment system struc- banks) to issue cards, accepts card transactions, and operates
ture and security technology framework. In Section III, we its own international regional processing network;
present the tokenization technology. In Section IV, PAN • Bank: It issues the bank card, and cooperates with the
binding technology is reviewed. Section V contains remote card organization for mobile payment;
payment authentication security. Section VI introduces TOTP • Token service provider: It is responsible for generating
payment security. In Section VII, we focus on the Bank- and managing tokens which are generally provided by card
led payment security and give a comprehensive comparative organizations or banks.
discussion of popular mobile payment applications. Next, we describe the procedure of mobile payment.
The first step is bank card binding. Different from tradi-
II. MOBILE PAYMENT SYSTEM STRUCTURE AND tional bank card payments, PANs are not allowed to store on
SECURITY TECHNOLOGY FRAMEWORK the phone or the server of mobile payment providers. PANs
In this section, we summarise the mobile payment system are also cannot be transmitted frequently over the insecure
structure and security technology framework. Table 1 shows channel. Thus, the token is required in place of the real PAN.
2 VOLUME 10, 2019
Payer
P1: Apple pay, Google pay,Samsung pay P1:Alipay,Wechat,Paypal

Token is stored Bank card
in the SE
QR code Audio
B1:Encry_k(Token)
MST T1:TOTP
O1:URL
P5:Token QR code
NFC P2:PAN
P2:PAN O1:URL
P5:Token
Payee O2:Payment
T2:TOTP request
Bus Shop Subway
Bank-led payment
company company
provider
Street vendor Third-party payment
provider
B2: Encry_k(Token)
P3:PAN
Internal
T3.1:
payment
P5:Token
T3.2:PAN
P4:PAN P3:PAN
P4:Token OR
P5:Token
B3,T3.2:PAN Bank
B3,T3.2:Token Card
organization
Token service
provider PAN
Bank
FIGURE 1. Mobile payment system framework.
The red road P in the right part of Figure 1 shows the P5, the third-party payment company obtains the token of
bank card binding process in TPC-led mobile payment. The the bank card, saves it locally and returns it to the mobile
process is as follows: terminal.
P1, a user opens the third-party payment application in- The red road P in the left part of Figure 1 describes the
stalled in the mobile terminal and enters the PAN on the bank bank card binding process at Bank-led mobile payment :
card binding interface; P1, the user opens the payment application and enters the
P2, the mobile terminal sends the PAN to the server of the PAN on the bank card binding interface;
third-party payment company via the secure channel; P2, the mobile terminal sends the PAN to the server of the
P3, the server interacts with the card organization; mobile phone manufacturer via the secure communication
P4, the card organization uses the token management network. Remainders of the processes match steps P3, P4,
module of the token service provider to generate a token and and P5 of the TPC-led mobile payment process.
contacts the issuing bank to obtain the confirmation message; No matter which payment application users use, the token
VOLUME 10, 2019 3
is always required to binding on the phone. ple’s habit of swiping cards and reuse of existing infras-
After completing the binding process, we begin to describe tructure, mobile phone manufacturers utilize their hardware
the payment process. advantages to corporate with banks directly and use mobile
phones to simulate the payment of the physical bank card.
1) The Payment Process of TPC-led Mobile Payment The green road B in the left part of Figure 1 describes the
In the TPC-led mobile payment, the user only interacts with payment process of card emulation payment. The process is
the TPC. After completing the settlement, the TPC sever as follows:
communicates with the card organization and bank. B1, the user activates the mobile payment using fingerprint
TPC-led mobile payment mainly consists of two payment or PIN, and the mobile terminal interacts with the PoS
methods, one is the TOTP payment, and the other is the machine using NFC to simulate the process of contactless
remote payment. card payment. Samsung mobile phone has the technology to
The blue road T in the right part of Figure 1 describes simulate the magnetic stripe card payment by MST;
the payment process of TOTP payment. The process is as B2, after the PoS machine authenticates the mobile ter-
follows: minal and obtains the payment information, it interacts with
T1, the mobile terminal generates a time-based one-time the card organization and sends the encrypted data which the
password (TOTP) and sends it to the PoS machine through same as IC card authentication required;
the quick response(QR) code or audio; B3, once the card organization obtains the token, it can
T2, the PoS machine sends the TOTP and transaction find the corresponding PAN by de-tokenization and contact
information to the payment service provider’s server via a the issuing bank to complete the transaction.
secure communication channel. Then, the server validates
the TOTP(detailed in section V), and confirms the payer and B. MOBILE PAYMENT SECURITY TECHNOLOGY
transaction information; FRAMEWORK
T3.1, case 1, If the user is paying with a third-party According to the payment procedure in mobile payment sys-
account balance, the server internally settle and complete the tem, we divide security technologies into tokenization, PAN
transaction; binding, and secure payment authentication. This subsection
T3.2, case 2, If the user uses a token(also called virtual provides a conceptual introduction to these technologies and
bank card) to pay, the server sends the token and transaction their sub-technologies from a framework perspective, which
information to the card organization (such as China Union- shows of Figure 2. Detailed discussion and analysis are
Pay, Visa, MasterCard, etc.). After the card organization re- presented in later sections.
ceives the token, it retrieves the corresponding PAN through Tokenization technology is presented in the left part of
de-tokenization and contacts the issuing bank to complete the Figure 2, which is used to generate tokens for PAN. It
transaction. can be divided into the centralized tokenization scheme and
The yellow road O in the right part of Figure 1 describes distributed tokenization scheme.
the payment process of remote payment. The process is as Centralized tokenization is a conventional and database-
follows: centric solution for tokenization, which all token re-
O1, a user uses the mobile phone to scan the QR code questors(TR) need to apply token in a common token server
in the store counter or the other way to obtain the URL or provider(TSP).
interface and use it to initiate a payment request; In distributed tokenization schemes, the generation of tok-
O2, after receiving the payment request from the user, the enization is not concentrated in one server but distributed in
TPC server validates the user’s identity(detailed in section various places. Each place can generate its unique token.
IV) through the authentication algorithm. The remainder In the middle of Figure 2 is the PAN binding technology.
process matches steps T3.1 or T3.2 of the TOTP payment It is used to protect bank card information from being leaked
process. when requesting the token. Generally, it can be divided into
attention: We need to explain why TPC-led mobile pay- third-party trust protocol and anti-leakage protocol.
ment users can use balance payments without the need to Third-party trust protocol allows users to directly send the
use a bank card. Generally, third-party payment companies bank card information to a third-party company and entrust
have their accounts in the bank. For instance, the process of them to interact with the card issued bank and bind the token.
transferring money to users’ Alipay accounts is to transfer PAN anti-leakage protocol allows users to complete the
money to the Alipay bank account. Thus, when a user pays bank card binding and token application without the third-
with the account balance, the money is still in the bank party company knowing the bank card information.
account of Alipay and has not moved. The right part of Figure 2 shows secure payment authenti-
cation. It can be divided into remote payment authentication
and near-field payment authentication.
2) The Payment Process of Bank-led Mobile Payment Remote payment authentication is consists of PIN authen-
Various bank and mobile phone manufacturers jointly pro- tication and biometric authentication. Users need to obtain
vide Bank-led mobile payment. In order not to change peo- a payment interface or website from the entity which he
4 VOLUME 10, 2019
Secure mobile payment
Tokenization PAN binding Secure payment authentication
Centralized Distributed Third PAN Near-field Remote

tokenization tokenization party trust anti-leakage payment payment
protocol authentication authentication
protocol
Database Distributed PIN code

TOTP Card emualtion Biometric
system authentication
authentication authentication authentication
Magnetic Contactless
Random Lookup TOTP QR code Audio stripe card card
FPE Face Fingerprint Biometric PIN code
number table authentication
Magnetic MST NFC Contactless authentication authentication
protocol protocol protocol
stripe card card
authentication authentication
protocol protocol
Symmetric Hybrid
cryptosystem cryptosystem
FIGURE 2. Mobile payment security technology framework.
wants to pay. And then, users choose his financial account SE is a platform that can install, personalize, and man-
to complete the payment after they input his PIN code or age applications. It is a combination of hardware, software,
show his biometrics(such as the face, fingerprint, and iris) interfaces, and protocols that can securely store and use
to confirm. credentials for payment, authentication, and other services.
Near-field payment authentication is consist of time- An attacker can not extract sensitive information stored at the
based one-time password (TOTP) authentication payment SE. Conceptually, SE [25] [26] can be divided into hardware-
and card emulation authentication. In the TOTP authen- based SE, which include eSE(embedded SE) and UICC-
tication scheme, users generate a TOTP from the TOTP based SE(removable SE) and software-based SE, which is
generation algorithm; each password is valid for a specific HCE.
period of time and can pay only once. Its payment com- The TEE is a secure area of the main processor of a
munication mediums are the quick response(QR) code and connected device that ensures sensitive data is stored, pro-
Audio. Card emulation authentication simulates the payment cessed and protected in an isolated and trusted environment.
authentication as a physical bank card, such as a contactless There are three main technological implementations of TEE
card and magnetic stripe card. It payment communication [27]: 1)TrustZone, 2)Software Guard eXtension(SGX), and
mediums are near-field communication(NFC) and magnetic Memory Encryption Technology (MET). TrustZone [28] is
secure transmission(MST). a flexible hardware-assisted security technology proposed by
There are secure hardware basement technologies that play ARM, which partitions the hardware and software resources
a significant role in protecting the mobile user’s stored sen- of a System-on-a-Chip, by distinguishing the context of
sitive data and sensitive operation: secure element(SE) and execution in the secure and normal world. SGX [29] is an in-
Trusted Execution Environment(TEE). There is no separate novative secure extension to the Instruction Set Architecture
section to discuss hardware security in this article since there (ISA), a TEE based on a mechanism of "reverse sandbox"
is quite some literature [25] [26] [27] [28] [29] [30] [31] in which sensitive processes address space is protected – at
about it. But we will point out the function of mobile hard- CPU level – even against OS. MET [30] [31] is the hardware-
ware security technology when introducing and discussing assisted TEE scheme released by AMD that encrypts and
mobile payment security technologies. protects system memory.
VOLUME 10, 2019 5
All of these technologies are working together to protect stored at the secure element(SE). For usability, tokens can be
our private information and to secure each mobile payment. transferred through the most communication medium, such
as NFC, Internet, and Bluetooth, etc.
III. FUNDAMENTAL OF VIRTUAL BANK CARD: To summarise, the tokenization scheme has its advantages
TOKENIZATION in three aspects of mobile payment:
In this section, we discuss the tokenization technology. First, first, its deployment cost is very low, which ensures com-
we start with a brief overview of the motivation to use patibility with existing infrastructure;
tokenization in mobile payment. So the reader will be able second, it protects the user’s sensitive information, since
to better appreciate the steps taken in the ongoing activity. cardholder’s card number and the validity of the card does
Then we summarise and analysis centralized tokenization not appear in the transaction;
and distributed tokenization in Section III. A and Section third, it restricts adversary’s action, because tokens only
III.B, respectively. Finally, we propose several open issues can be used in the limited transaction scenario;
and present a recommendation for further research. finally, it reduces the probability of fraudulent transactions.
In the digital payment field, the bank card is a mainstream Summarizing from the EMVCo Payment Token Specifica-
payment medium. With the increasing popularity of business tion Technical Framework v2.1 [19], PCI Security Standard
through on the Internet, each company needs to maintain its Council v3.2.1 [10], and requirement of card organizations
customer’s bank card information in some form. Bank card [12], we conclude that a tokenization scheme needs to satisfy
data leakage is considered to be one of the severe threats to the following four requirements:
any company [17] [18]. Such violations will not only bring • the generated token does not change the format of the
severe economic losses to banks and companies but also bank card PAN;
severely damage its brand image and reduce people’s trust • the bank identification code(BIN) of a token cannot be
in digital payment. identical to the BIN of the original PAN;
Payment Card Industry Security Standards Council (PCI • tokens satisfy the Luhn algorithm;
SSC) is an organization established by payment card com- • tokens can be flexibly made with some restrictions.
panies, which is responsible for the development and de- Attention: Many readers confuse the token in the mobile
ployment of payment security technologies and ensures the payment with the token in the identity authentication, and
security of credit card data. In particular, PCI SSC has they believe that the payment can be authenticated as long
developed a PCI Data Security Standard (PCI DSS) [10]. as the token is presented. This is incorrect. In the field of
The standard specifies the security mechanism which card mobile payments, tokens are a string of unique numbers that
data are required to guarantee during payment. PCI DSS are used instead of PANs for storage and transmission. The
requires organizations that process card payments to protect conceptions of the token in the different fields of computer
cardholder data when they store, transmit, and process them. security have a different meaning.
Enterprises, merchants, and payment providers face severe
challenges to secure their high-value sensitive data. Replac- A. CENTRALIZED TOKENIZATION TECHNOLOGIES
ing PAN with a token is one of the data protection and audit Centralized tokenization(Figure 3) is a conventional and
scope reduction methods recommended by the PCI DSS. database-centric solution for tokenization, which all token
In 2014, the international chip card standardization organi- requestors(TR) need to apply token in a common token server
zation EMVCo set token as a substitute in the physical bank provider(TSP).
card [19]. The token can be used the same as PAN, which
means that there is no need to update the already installed
PoS (Point of Sale) terminals. Tokenization is a process of re- TR
placing a traditional bank card PAN to a token with a unique
numeric value. Payment token can be used in all aspects
of bank card transactions and can be used across industries
TSP
so that it has versatility. The procedure of token generation
is done by the token service provider (TSP). When TSP is
issuing a token, it can flexibly make some restrictions, such as
the use for individual businesses, online application, offline
application, etc. It can also limit the value, time, and location
of tokens. When necessary, tokens can be destroyed and re-
issued. Deployment of tokenization technology can save a lot FIGURE 3. tokenization service provider of centralized tokenization
of money since it ensures compatibility with existing infras-
tructure. For security, the EMVCo Payment Token Specifi- Summary from [9] [10] [11] [13] [14], a TSP of centralized
cation Technical Framework v2.1 [19]provides examples of tokenization system generally has the following components:
secure storage of tokens on a device. For instance, it can be • An algorithm for token generation : It is a process to
transferred into the trusted execution environment(TEE) or create a token corresponding to the primary account number
6 VOLUME 10, 2019
(PAN). Some of the algorithm options are format-preserving

encrypt, cryptographic hash functions, and random number TR
generators.
• Card-Vault : It is a repository that typically stores TSP
pairs of PANs and tokens together with other information TSP TSP
needed for token mapping. Since it contains PAN, it must
be specially protected according to PCI DSS requirements. TSP TSP
• Cryptographic Key Management : This module is a
set of mechanisms for creating, using, managing, storing, TSP TSP
and protecting keys used to protect PAN data and other data TSP
involved in the tokenization system.
Article [11] discusses the security of tokenization systems
in which the author consider three different attack scenarios:
• IND-TKR : Tokens are only public. This represents the
most realistic scenario where an adversary has access to the FIGURE 4. tokenization service provider of distributed tokenization
tokens only, and the card-vault data remains inaccessible.

• IND-TKR-CV : The tokens and the contents of the card-
vault are public. This represents an extreme scenario in which is not concentrated in one server but can be distributed in
the adversary gets access to the card-vault data also. various places. Each place can generate its unique token.
• IND-TKR-KEY: This represents another extreme sce- Distributed tokenization technology has gradually become
nario in which the tokens and the keys are public. a hot spot for research, and several patent works have been
Let T KR[CV ] : K×X×D → T ×Y be a tokenizer. Then produced.
the advantage of an adversary A in the sense of IND-TKR, In the scheme of Terence [32], It set up a static lookup table
IND-TKR-CV and IND-TKR-KEY are defined as in each TSP and proposed a hierarchical system for handing
definition 1 : AdvTind−tkr
KR (A) = |P r[Exp − IN D − sensitive strings of characters. MICRO proposed a scheme
A 1 based on Feistel Cipher and a hierarchical structure [33].
T KR ⇒ 1] − |,
2 In 2016, Mattsson [34] proposed a table-connect distributed
definition 2 : AdvTind−tkr−cv
KR (A) = |P r[Exp − IN D − scheme.
A 1 Summary from the requirement of [19] [10] [12] [33]
T KR − CV ⇒ 1] − |,
2 [32] [34], we believe a ideal distributed tokenization system
definition 3 : AdvTind−tkr−key
KR (A) = |P r[Exp − IN D −
1 should have the following components:
A
T KR − KEY ⇒ 1] − |, • A algorithm for distributed token generation : It is a
2
K, a key generation algorithm; X is a finite set of primary process to create a token corresponding to a primary account
account numbers; D is a finite set of associated data; T is a number (PAN), and all distributed TSP can generate token
finite set of tokens; Y is a string associated with the token; locally. A PAN can request different tokens from multiple
CV is a card-vault; T KR is a tokenizer. TSP.
All definitions follow the style of a chosen-plaintext attack • A distributed token mapping procedure : It refers to
and may be made stronger by giving the adversary additional the procedure used to associate a token with a PAN. TSP must
power of obtaining PANs corresponding to tokens of its be able to translate any token generated by any TSP at any
choice. time to the correct PAN.
• A distributed Cryptographic Key Management : This
module is a set of mechanisms for creating, using, managing,
B. DISTRIBUTED TOKENIZATION TECHNOLOGIES storing, and protecting keys used to protect PAN data and
Although traditionally centralized tokenization has been other data involved in token generation at the distributed
widely used, it also has been exposed to some critical prob- environment.
lems [33]:
• Complexity and cost: Managing large replicated token Figure 6 shows the structure of distributed tokenization
databases is both difficult and expensive, and increases the scheme, which summary from the latest schemes [33] [32]
scope of PCI audits; [34]. Tokenization equipment can be used for tokenization
• IIntegrity: Inaccurate analytics and other application and de-tokenization. And it can have multiple and distributed
correlation due to credit card numbers sometimes being in different geographical locations. User A may exchange
replaced by more than one token; tokens for PAN in tokenization equipment A and can also
• Performance and scale: Tokenization performance is request de-tokenization operations in tokenization equipment
slow and very difficult to scale. B, and vice versa. In this way, there is no central database to
To deal with these problems, people proposed distributed store PANs and tokens.
tokenization(Figure 4), in which the generation of the token
VOLUME 10, 2019 7
De-token De-token De-token De-token

request Client A request Client C request Client B request Client D
TOKENIZAION EQUIPMENT 1 TOKENIZAION EQUIPMENT 2
Tokenization Database D1-A Database D2-A

Tokenization
server T1-A Token generator server T2-A Token generator
Hardware platfom A Hardware platfom A
Tokenization Database D1-B Database D2-B

Tokenization
server T1-B Token generator server T2-B Token generator
Hardware platfom B Hardware platfom B
Token request Token request Token request Token request

Client A Client B Client C Client D
FIGURE 5. The structure of Distributed Tokenization System
C. OPEN ISSUES AND RECOMMENDATION FOR IV. PAN BINDING SECURITY

FURTHER RESEARCH PAN binding is the process that the user binding the bank
For the generation algorithms of the token, neither the tra- card for mobile payment. PAN binding security is to protect
ditional secret key encryption scheme nor the public key the user’s sensitive information at the binding process, which
encryption scheme can achieve this goal since generated consists of Third-party trust protocol and PAN anti-leakage
token need meet special requirements(mentioned at the be- protocol.
ginning of this section). Because their encrypted ciphertext In this section, we first describe the process at Third-party
far exceeds the length of bank cards, and can not preserve the trust protocol from the perspective of security. Then, we
format. Therefore, centralized tokenization schemes gener- propose the concept of the PAN anti-leakage protocol and
ally use random number generators(RNGs) based database give a discussion for open issues.
[10] [19], and distributed tokenization use the encryption
based on lookup table [33] [32] [34]. A. THIRD-PARTY TRUST PROTOCOL
Format-preserving encryption(FPE) [2]can be a useful In Third-party trust protocol, users and banks trust the secu-
method since it have been used to solve many similarly rity of third-party companies completely and send sensitive
issues [3] [4] [5] [6]. To apply FPE in either centralized or information directly to them. The detailed protocol process
distributed tokenization schemes is a research direction. is as follows:
From our perspective, the decentralized tokenization 1, user open the payment application which installed at the
scheme is the future research direction, since it improves mobile terminal to start binding the bank card, and enter the
security and tokenization efficiency, and reduce storage cost. PAN;
However, the research status of the distributed tokenization 2, the mobile terminal sends the PAN over the encrypted
system is still work-in-progress. Terence [32] and Ulf [34] channel(such as Secure Sockets Layer) to the server of the
only implement distributed tokenization operation, but the payment service provider;
de-tokenization operation still requires a centralized server. 3, the payment service provider initiates a binding request
Although Mirco [33] implements distributed tokenization to the bank card organization or bank
and de-tokenization operations, all TSPs store the same 4, the card organization confirms the binding with the card
fractional token table. Existing format-preserving encryption issuing bank. The bank then sends a random code to the
algorithms are difficult to apply in distributed tokenization user’s mobile phone via a short message, allowing the user to
schemes. But in 2017, Bellare [1] proof the security of enter the random code on the mobile phone for confirmation.
identity based format-preserving encryption(IB-FPE). After 5, after the user confirms, the issuing bank will reply with
analysis Bellare’s IB-FPE scheme, we find it has many confirmation information to the card organization. The card
distributed properties. Therefore, we believe that there is organization uses the TSP to generate a token and return it
a significant breakthrough for tokenization technology to to the payment service provider, which then stores the token
design distributed tokenization schemes based on IB-FPE. with the user’s account on the server and sends it to the user’s
mobile phone.
8 VOLUME 10, 2019
6, finally, mobile terminals store the token at hardware for V. TPC-LED PAYMENT SECURITY: REMOTE PAYMENT
mobile payment transactions. AUTHENTICATION
Remote payment is a method that the mobile terminal of the
B. PAN ANTI-LEAKAGE PROTOCOL AND OPEN ISSUES payer can complete the payment far from the payee. This
approach is similar to web page payment. But it takes full
In the beginning, the vast majority of mobile payment
advantage of mobile terminals, allowing users to complete
providers are large Internet companies, and their security
identity authentication and confirm payment anytime, any-
is relatively reliable. Therefore, they are eligible for real
where. Its payment process has been described in section
bank card information. However, with the development of
II.A.
mobile payment, many small and medium-sized companies
In this section, we focus on authentication methods and
participate in the mobile payment. These companies are far
algorithms used in remote payment. First, we introduce the
less reliable than the previous payment service providers, and
remote payment authentication method widely used. Then we
they are no eligible to contact real bank cards. Therefore,
discuss the relevant authentication methods in the academic
there is a gradual need to design a PAN anti-leakage protocol
area, analyze their advantages and disadvantages, and pro-
for mobile payments.
pose possible future development directions.
In this paper, we set the security model for such issues.
There are three kinds of entities: A. THE AUTHENTICATION METHOD OF REMOTE
• mobile terminal; PAYMENT
• Third-party mobile payment company; There are two types of authentication methods for remote
• bank and card organization. payment, one is PIN code authentication, and the other
we assume that: is biometric identification. The biggest difference between
• Third-party mobile payment company will store the these two types is that the former needs to authenticate PIN
sensitive information or hijacked by the adversary A; at the remote server, while the latter is usually authenticated
• messages are communicated over an insecure channel; biometric locally. In essence, both payment methods are
• the communication channel is susceptible to eavesdrop- based on the hybrid cryptosystem. After the user applies for
ping, deletion, or modification, which are executed by adver- these two payment methods, the third-party server sends a
sary A. certificate containing the public key pk and the private key sk
to the user. pk and sk ensure the security of remote mobile
The target of the PAN anti-leakage protocol: users
payments.
must complete the binding operation with the bank without
exposing the PAN to any other entities.
1) PIN code authentication
In 2016, Alibaba Group proposed a protocol [36] based
PIN authentication is a traditional authentication method and
on an authorization certificate. In this protocol, the mobile
is widely used in physical bank card payment.
terminal communicates with the card organization or banks
The process of PIN code authentication is:
through the secure channel to send the default certificated
1, user input a 6 digits PIN number;
instructions issued by the payment service provider. Al-
2, user’s mobile terminal encrypts the PIN and other infor-
though there are very few schemes designed directly for
mation:
PAN binding, there are some for similar scenes. Similar
M = Signaturesk (P IN, transaction inf ormation),
to Alibaba’s scheme, these related schemes use certificates
and sends them to the payment service provider;
based on asymmetric passwords. 3, if the PIN passes the verification V alidatepk (M ), the
From a different perspective, we find that the field of payment service provider will accept the payment, otherwise,
public cloud data auditing maybe provides efficient solutions reject.
to this problem. There are also have three kinds of entities
are involved in the scenario, namely data owners, the cloud 2) Biometric identification
server, and a third-party auditor (TPA). TPA is responsible for The process of biometric identification is:
checking the integrity of cloud data on behalf of cloud users 1, the user inputs his biometric feature;
in case they do not have the time, resources, or feasibility to 2, the user’s terminal collects the user’s biometrics and
monitor their data and return audit reports for them. However, compares them with the biometrics stored at local hard-
due to regulatory and financial incentives, cloud servers are ware(usually at SE);
unable to disclose managed data to TPA [8]. These two 3, if the user’s biometrics passed the certification, the
issues have very similar technical requirements. Besides, mobile terminal will send certification information and trans-
zero-knowledge proof may also help solve the issues. A zero- action information
knowledge proof of knowledge protocol [56] enables a prover M = Signaturesk (C, transaction inf ormation) to the
(P) to convince a verifier (V) that some statement is true, but payment service provider;
the verifier learns nothing except the validity of the statement. 4, the payment service provider accepts the payment if it
passes the verification V alidatepk (M ).
VOLUME 10, 2019 9
TABLE 2. Comparision with the previous proposed remote authentication schemes
security attributes Odelu [59] H.Shen [61] Tseng [58] et al. Tsai-Lo [57] Roy [62] Chatterjee [63]
Cryptography ECC
√ ECC
√ ECC Pairing
√ Hash Function
√ Chaotic
√ Map
Stolen mobile device attack √ √ NA
√ √ √ √
replay attack √ √ √ √ √ √
Password guessing attack √ √ √ √ √ √
Privileged insider attack √ √ √ √ √ √
DoS attack √ √ √ √ √ √
Known session key secrecy √ √ √ √ √ √
Forward secrecy √ √ √ √ √
User impersonation attack √ × √ √ √
Server impersonation attack √ ×
√ × √ √ √
Ephemeral secret key leakage attack √ √ × √ √
Revocation √ NA
√ NA √ √
Secure mutual authentication × √ ×
√
No server database × × √ √ × ×
No registration server database × × √ ×
√ ×
√
Low communication overhead × × √ × √ √
Low computation overhead × × √ ×
Black/white free list for user ×
√ ×
√ √ ×
√ × ×
√
New user scalability ×
Biometric remote authenticate × × × × × ×
Biometrics verify entirely locally, which is the reason why During the authentication process, the user completes the PIN
the payment app does not support biometric authentication or biometrics verification locally to decrypt the secret key
after devices been rooted or jailbroken. and then using the secret key for server side authentication.
All the authentication factors neither authenticated by the
B. OPEN ISSUES AND RECOMMENDATION FOR server. From our perspective, It is a future research direction
FURTHER RESEARCH to design a scheme in which the server can confirm a remote
To authenticate the user’s identity, there was a lot of protocol authentication user input a plurality of factors provided at the
proposed for authentication. Lee [52] proposed a fingerprint time of registration.
based remote user authentication scheme using smart cards. In addition to cryptography, neural network is gradually
To overcome the weaknesses of Lee [52], Kim [53] proposed being applied to the authentication of biometrics. More than
a new fingerprint based authentication scheme using smart 20 years ago, there are scholars proposed neural network for
cards. In 2010, Chun Tang Li [54] has proposed a new human face detection [39] [40] [41]. But it was not realized
biometrics-based authentication using smart cards. Then, Li at the time. Now, with the development of deep learning,
Xiong [55] proposed a scheme to overcome the weaknesses deep learning neural network has been used for biometric au-
in [54] scheme. thentication [42] [43] [44] [45]. Its authentication efficiency
With the widespread use of the distributed system, the
and usability far exceed cryptography-based solutions. In
design of biometrics based authentication scheme for dis-
our opinion, to design a deep learning neural network based
tributed environments become a focus issue. There are a lot
remote payment scheme is a very practical research direction.
of schemes based on Fuzzy extractor [83], ECC and bilinear
pairing. Yoon [60] and Shen [61] proposed a biometrics
based authentication scheme for the distributed environment VI. TPC-LED PAYMENT SECURITY: TOTP PAYMENT
using ECC. Tsai [57] and Tseng [58] refer to the existing AUTHENTICATION
scheme and use the bilinear pairing to make the registration
center no longer participate in the authentication. Roy [62] TOTP payment is a payment method that can complete
proposed a lightweight remote user authentication scheme one transaction with once one-way information transfer(from
without use ECC and pairing. In 2018, Chatterjee [63] pro- user to PoS machine). This type of payment method is
posed a new authentication scheme using chebyshev chaotic gradually occupying the global payment market.
map, which has high security and low computation. Table The payment applications using TOTP include Alipay,
2 shows the representative proposed scheme on the multi- WeChat, etc. Figure 6 shows the 18-digit digitally-generated
servers environment. QR codes using by WeChat.
Summarizing the current results, we find that the exist- In this section, we begin to introduce the deployment of
ing remote biometric authentication scheme has made great TOTP payment, and then detailed describe the algorithm of
progress in security. The main direction of the research is to TOTP payment. In the end, we give a discussion and propose
lower the computation and communication overhead. While several open issues for it.
most of the proposed schemes use PIN and biometrics to
encrypt the secret key issued by the registration service.
10 VOLUME 10, 2019
password by using the pre-stored token, device ID, and the

current time as input.
The present algorithm may be an arbitrarily formed irre-
135201604588241400 versible algorithm.
• time synchronization algorithm (TOTP);
• event synchronization algorithm (HOTP);
• the challenge-response algorithm (OCRA);
FIGURE 6. Time-based One-time payment password The process of the algorithm is as follows:
1, the mobile terminal uses the timestamps, token, and
HOTP algorithm to generate a dynamic password;
A. THE DEPLOYMENT AND AUTHENTICATION 2, then it merges dynamic password and device Id to
PROCESS OF TOTP PAYMENT generate one-time identity password;
For clear description, we provide Figure 7 to show the entire 3, it generates first information by using the token, one-
process: time identity password, and hash algorithm;
4, it merges first information and the one-time identity
1) Deployment Process password to generate TOTP.
1, when the user first uses the TOTP payment in the pay-
ment application, the server generates a unique device ID
corresponding to the token and send it to the user’s terminal 2) TOTP Authentication Algorithm
together: The authentication algorithm is as follows:
• Token: The seed used to generate the TOTP code. This 1, the server of payment server provider finds the cor-
token is what we have introduced in section II; responding token with the device ID of the authentication
• Device ID: It is used to identify the mobile terminal password;
uniquely; 2, the server uses the token and the first default algorithm
2, After sending the token and the device ID to each to verify the dynamic password:
terminal, the server needs to store the mapping relationship 1) the trusted dynamic password list is first to be calculated
between the token and the device ID. (the trusted dynamic list includes multiple trusted dynamic
passwords);
2) Authentication Process 2) if it found that a specific trusted dynamic oral delivery is
1, When the user starts a TOTP payment, he/she needs to consistent with the above-mentioned dynamic password, the
open the payment interface, then the terminal will immedi- dynamic password verification passes;
ately generate a TOTP using the token, ID, timestamp, and 3) the server uses the first information and the second
TOTP algorithm; present algorithm to verify the second information.
2, the mobile terminal passes TOTP to the PoS machine The latest TOTP algorithm of Alipay and WeChat may
by near-field communication method(generally is QR code differ from this, but we can sure that the basic ideas and
or audio); methods are similar.
3, then the PoS machine transmits the TOTP and transac-
tion information to the payment service provider; C. OPEN ISSUES AND RECOMMENDATION FOR
4, finally, the payment service provider uses the same FURTHER RESEARCH
token, ID, and decryption algorithm to verify the TOTP. The security issues of TOTP payments are receiving
widespread attention. Not only because it has a lot of users,
B. TOTP PAYMENT AUTHENTICATION ALGORITHM but it does also have a lot of security risks. It cannot avoid
Many banks have enhanced their security by using One- the security issues encountered by traditional OTP, such as
Time Password (OTP) as another authentication method in Trojans, man-in-the-middle attack, relay attack, etc.
addition to the traditional username and password method Xiao long Bai [81] proposes an attack called STLS, where
[76] [77]. Then OTP is used for transaction verification at the an active attacker can sniff a payment token, and stop the
mobile terminal [79] [78]. Recently, Google uses the 2-step transaction by various means. Then the attack can quickly
authentication framework to enhance the OTP approach [38]. transmit the token to the colluder which uses it for different
But the place where OTP shines is Time based One-Time transactions. This attack poses a realistic threat to TOTP
Password(TOTP) payment, which nearly billion of OTPs payment.
consumed every day in the world [80]. Subsequently, Alipay proposed a solution in the latest
patent [37], which uses the front camera of the mobile
1) TOTP Generation Algorithm terminal to scan the PoS to obtain a unique code, so that
In Figure 8, we summarise an algorithm that widely used in the generated TOTP is bound to the current PoS machine.
TOTP payment, in which the terminal calculates the dynamic However, by the time we finish the manuscript, the solution
VOLUME 10, 2019 11
Mobile Terminal PoS machine Server

sends the token and the token corresponding device ID
writes token and

device ID to
hardware storage
scans the password

queries the token
generates a and send the
corresponding to
dynamic password password to the
the device ID
server
verifies the
returns the verify result password
FIGURE 7. The deployment and process of Time-Based One-Time password Payment.
of the patent has never been applied, and this secure issue in his hands cannot provide. There are already have some
always existed. location-based authentication schemes [46] [47] [48] [49].
Spolaor [82] uses the public charger to steal information But they are not currently suitable for TOTP payment. In
from the charging mobile terminal. In this attack, as long as these schemes, in order to complete the authentication, the
the user opens the payment interface, the adversary can get user must interact with other entities multiple times. It is not
the QR code. meet the requirement of TOTP payment, which completes
The security of TOTP payment is a very important issue, one transaction with once one-way information transfer, and
but there are little academic researches on it. even on the offline environment. But we believe that apply
In this section, we set the security model for such issues. location-based authentication schemes to TOTP payment is a
There are three kinds of entities: research direction.
• mobile terminal;
• PoS machine; VII. BANK-LED PAYMENT SECURITY: CARD
• Third-party mobile payment company; EMULATION PAYMENT AUTHENTICATION
we assume that: Banks and mobile phone manufacturers jointly provide
• mobile terminal are in an environment that is easy to Bank-led mobile payment. Banks and EMVCo mainly offer
monitor; interactive authentication protocol [20] [21] for mobile pay-
• messages are communicated over a public insecure chan- ments card emulation payments. And mobile phone manu-
nel; facturers provide hardware support for the specifications, and
• messages in public channel are susceptible to eaves- responsible for mobile terminal security.
dropping; deletion or modification, which are executed by The contactless card emulation payment(CCEP) is the
adversary A. main representative of Bank-led payment, which is advanced
• users present a TOTP once to complete a transaction. quickly in recent years. Its market size is estimated to grow
We believe that when generating TOTP, it is a good idea from USD 6.70 Billion in 2016 to USD 17.56 Billion by 2021
to bind it with PoS machine related information. But this [64].
is also a contradiction because the user’s mobile terminal The first contactless card payment was implemented in
does not know any information about the PoS machine when 1995 by Seoul Bus Transport. Since then, many IT leading
the user producing the TOTP. From our perspective, perhaps companies (Apple, Google, Samsung) started to integrate a
information around the PoS machine is what we need, such contactless card payment process into mobile phones. Google
as the approximate location of the PoS machine. Because the first launched a CCEP system in 2011, which called Google
payment mobile terminal is close to the PoS machine, so it Wallet. Apple Pay and Samsung Pay then followed in 2014
has a high probability of providing the same approximate and 2015, respectively. After that, Google rebrands Google
location, but the adversary in other places and the PoS Wallet to Android Pay.
12 VOLUME 10, 2019
Current time Token

HOTP
algorithm
Dynamic password (n digits) Device ID(m digits)
combination
Token
One-time identity
password(n+m digits)
HMAC-SHA algorithm
First information(K digits) combination
TOTP(First information(K digits) ||

One-time identity password(n+m digits) )
FIGURE 8. Time-Based One-Time Password Algorithm for TOTP Payment.
Magnetic stripe card emulation is the card emulation au- Transaction Counter (ATC). Cryptographic password is the
thentication scheme proposed by Samsung. It is a technology token mentioned in some related literature, which misleads
that simulates the mobile terminal as a traditional magnetic many readers;
bank card. The MST sends a magnetic signal from the user’s • cryptographic key [70] : This key, stored in the secure
device to the reader of the PoS machine (which can simulate hardware(TEE or SE), is static or dynamic, depending on the
the physical card swiping without upgrading the terminal’s card brand/network. Static cryptographic keys are used over a
hardware). Almost all PoS machines with card readers can relatively long period of time and in multiple key exchanges,
use MST technology. Since magnetic stripe cards are gradu- whereas a dynamic key is generated for each exchange. Some
ally being phased out in the market, so it is only used as an articles confuse the cryptographic key and token, which also
auxiliary payment method for CCEP. mislead many readers.
In this section, we first describe the CCEP authentica- Then, we introduced SE-based card emulation and HCE-
tion algorithm. Then, we summarise the security issues en- based card emulation [13].
countered in CCEP. Finally, we give a comparison between In SE-based card emulation payment, sensitive informa-
mainstream mobile payment applications, including Alipay, tion stored in SE. token stored at SE, and cryptography key
Wechat, Apple Pay, Google Pay, and Samsung Pay. generator applications host in the SE. SE act as the role of the
bank card integrated chip.
A. CONTACTLESS CARD EMULATION PAYMENT In HCE-based car emulation payment, a remote server of
AUTHENTICATION ALGORITHM SEs termed the cloud of secure elements is proposed. The
According to the EMVCo Specifications [20] [21], the pro- study reports a smartphone with HCE functionality remotely
cess is based on the specifications of physical contactless using a SE, hosted on a server, through the establishment of a
cards. secure TLS channel. Token and cryptography key generator
First, we need to explain the meaning of some concepts in applications are hosted in the remote SE which usually
contactless card emulation payment authentication: located at TSP. This payment method has the following
• tokenization: It is a procedure to replace sensitive PAN difference between the SE-based one:
values with non-sensitive token values; • All service providers who want to provide HCE-enabled
• token: It is a string of numbers that has the same format NFC services need to make business agreements with their
as the PAN. In some technical essay or literature about TSP.
tokenization, they called token to virtual PAN(VPAN) or • For an HCE-based NFC Service of a service provider, the
digital PAN(DPAN), but according to the requirement of [19] only cost is the NFC reader and backend server installation
[10] [12], token is the most accurate name; and maintenance.
• cryptographic password [70] : It contains encrypted • After de-tokenization of user token and application token
data derived from the token, timestamp, and Application values on TSP’s server in each transaction, the authorization
VOLUME 10, 2019 13
TABLE 3. Security Issues of CCEP
Attack Remarks
Bond [22] pre-play attack poor random generation
Bond [23] pre-play attack do not impose any encryption between communication
Roland and Langer [65] cloning attack adversary learn the necessary data for cloning
Francis [75] relay attack passive monitoring card
Chothia [72] relay attack not require a specific hardware
WangZhao [74] relay attack
Vila [71] relay attack using off-the-shelf NFC-enabled Android devices
Cavdar [73] relay attack
Michael Roland [66] relay attack relay attacks on Google Wallet
Michael Roland [67] relay attack software-based relay attacks on existing applications
Margraf [68] relay attack relay attacks on Apple pay
response is first directed to the Service Provider, enabling the transaction, ARC = 1 and IS generates a MAC encrypted
service providers to track transactions and retain their users’ by the secret key skT C , ARQC, and ARC. This MAC is
transaction details. called as ARPC;
• Users can easily register to the TSP and get support from 5) IS sends ARPC to PoS machine which relays it to M if
it to disable their SE. ARC = 1. Otherwise, it cancels the transaction;
Next, we describe the CCEP authentication algorithm 6) M verifies ARPC. If the verification value and ARC
based on what we mentioned above. are 1, M generates the second cryptogram TC to show
• The binding bank card issuer IS has a private sk and a transaction is complete. It generates a random number r and
public pk. use skm to sign r, n, CT , T C, timestamps, R1 , and R2 ;
• The mobile terminal M shares a symmetric key K with 7) M sends the signature and TC to PoS machine;
its binding bank card issuer IS. It also has a private skm a 8) the PoS machine verifies if the signature and the data
public pkm . pkm is signed by IS’s private key sk. All these are valid;
keys are stored in the secure element. 9) the PoS machine contacts with the IS to receive the
The process of authentication consists of five phases: reimbursement;
1, the user activates the contactless simulated payment 10) the IS gives the PoS machine proof of transaction
function of the mobile terminal by using the PIN code or completion and confirms that it execute the reimbursement.
biometric identification, and puts the mobile phone into the
sensing range of the PoS machine; B. SECURITY ISSUES ENCOUNTERED
2, PoS machine detects mobile terminal C; The security issues encountered by traditional contactless
3, PoS machine sends the transaction T to M . Then, cards are also difficult to avoid on CCEP. Table 3 sum-
M responds with its public key pkm and card information marizes the attacks that CCEP suffered. Bond [22] [23]
such as token and expiration date. If pkm is verified by show pre-play attacks were detected because of poor random
PoS, continues. There are three types of data authentication generation. Roland and Langer [65] discovered a cloning
methods: attack. The most important attack specific for CCEP is relay
• Static Data Authentication; attack, which show at Vila [71], Chothia [72], Cavdar [73],
• Dynamic Data Authentication; WangZhao [74] and Francis [75] . Chothia [72] provides a
• Combined Data Authentication. solution of relay attacks for the first. The current EMVco
4, PoS sends a random number n to request a cryptogram [20], therefore, take precaution partly against relay attacks
generation from M . There are three types of cryptograms using the solution proposed by Chothia [72]. But the solution
exist: provided by Chothia does not protect against malicious who
• Transaction Certificate is used for the offline; can execute relay attacks differently than MiM-adversaries.
• Authorization Request Cryptogram is used for online; Roland applied relay attacks to google wallet and other
• Application Authentication Cryptogram is used to cancel existing applications [66] [67]. Margraf [68] shows that relay
the transaction. attacks cannot be avoided on Apple pay.
5, Online Verification:
1) M increases its counter CT and generates a secret key
skT C by using CT and K; C. DISCUSSION AND OPEN ISSUES
2) M generates the cryptogram Authorization Request Based on the content of this article, We summarize a compar-
Cryptogram: a MAC of n,CT ,T with using skT C ; ison for mainstream payments in Figure 9.
3) M sends the cryptogram AC to PoS machine which From the perspective of security technology, Samsung Pay,
relays it to IS with the card information; and Apple Pay are the most secure scheme, followed by
4) IS verifies ARQC and possibly validate the information Google. TOTP payments of Alipay and WeChat are the most
of M . If ARQC passes verification and card is validated for unreliable scheme.
14 VOLUME 10, 2019
TPC-Led Bank-led
Alipay Wechat Pay Apple Pay Google Pay Samsung Pay
Payment method Near-field remote Near-field remote Near-field Near-field Near-field
System System and System support System and System and System and System and
Compatibility
support only hardware only hardware hardware hardware hardware
Hardware cost Low Hign Low Hign Hign Medium Hign
Payment range 0.1-0.6m * 0.1-1m * 0.04-0.1m 0.04-0.1m 0.04-0.1m
Tokenization system Centralized Centralized Centralized Centralized Centralized Centralized Centralized
Payment QR code and
Internet QR code Internet NFC NFC NFC and MST
communication Audio
Interactive × √ × √ √ √ √
TEE √ √ √ √ √ √ √
SE × × × × rSE HCE rSE

PIN or PIN or
Payment PIN or PIN or biometric biometric biometric
TOTP biometric TOTP PIN or biometric
authentication and EMVCo,TOTP and and
EMVCo,TOTP EMVCo,TOTP
Unprotected Unprotected
Sensitive information Locol SE Local SE Local SE Cloud SE Local SE
hardware hardware
Anti-eavesdropping
× √ × √ √ √ √
attack resistance
Relay attack
× × × × × × ×
resistance
Password guessing
√ √ √ √ √ √ √
attack resistance
Root or jailbreak
× × × × √ √ √
attack resistance
Stolen device
× √ × √ √ √ √
attack resistance
Man in the middle

× × × × × × ×
attack resistance
Low
communication √ × √ × × × ×
overhead
Low computation
√ × √ × × × ×
overhead
Secure mutual
× √ × √ √ √ √
authentication
FIGURE 9. Comparison of mainstream mobile payments.
Samsung Pay [69] [70] and Apple Pay [68] use trust- case is very different. Alipay and WeChat almost completely
zone and SE to protect sensitive information and transaction occupy the Chinese market, and they are rapidly spreading
authentication. They also use the interactive NFC and the in Southeast Asia and many other developing countries, and
EMVCo protocol to ensure secure transactions. And their even gradually gain recognition in the European and Amer-
payment range is very narrow, effectively preventing eaves- ican markets. While the other three scheme is slow to pro-
dropping attacks. mote. Although they are recognized in developed countries,
The difference between Google payment and Samsung consumers in these countries seem to prefer cash or physical
or Apple is the introduction of HCE technology. It can bank cards. And their promotion in other developing regions
store sensitive information in the cloud. Google use HCE to is struggling.
remove the limitation of SE, which effectively reduce costs
The high compatibility of Alipay and WeChat pay is the
and hardware requirement of the mobile terminal without
vital point. Their mere hardware requirements for mobile
significantly reducing security. Although it just removed the
devices and the mobility of payment software have much
SE, it has brought a lot of development possibilities for the
improved the user experience. For a lot of small merchants,
mobile terminal with such high integration.
the scanning code replaces the PoS machine, which greatly
Alipay and WeChat solutions have no technology to pro-
saves the cost of equipment. So Alipay and WeChat almost
tect sensitive information except trustzone. Once the device
ruled mobile payments in some underdeveloped regions and
is lost or invaded, it is easy for others to get valuable informa-
gradually expanded to developed areas.
tion. And the combination of QR code and TOTP is natural
to have eavesdropped. Moreover, the recognition distance of The high prices and low compatibility of equipment pro-
the QR code is very long, and the eavesdropper can even duced by Apple, Samsung, and Google is the most important
preemptively scan code and steal the money. reason. Besides, Apple Pay and Samsung Pay do not have
However, from the actual performance in the market, the their financial account ecology. They are only used to replace
VOLUME 10, 2019 15
bank cards for internet and near-filed payment, which will [13] Busra, Ozdenizci , O. Kerem , and C. Vedat . "A Tokenization-Based
result in very few financial transactions they can do. The last Communication Architecture for HCE-Enabled NFC Services." Mobile
Information Systems 2016(2016):1-20.
but not the least, It is very inconvenient to use at roadside [14] JeffStapleton, and RalphSpencerPoore. "Tokenization and Other Meth-
stalls or small shops. These shops have low profits will not ods of Security for Cardholder Data." Information Systems Security
want to prepare a PoS machine for such payment. These 20.2(2011):9.
[15] Del Rowe, Sam. "Information supplement: The Rise of Mobile Wallets,
reasons have greatly reduced people’s motivation to use CRM Magazine 2017." Available at "https://www.questia.com/magazine/
them. 1G1-499761586/the-rise-of-mobile-wallets-and-what-marketers-need".
[16] Chainnews. "The rise of e-wallet: overview of the global mobile pay-
In the future, we believe that the research direction of TPC-
ment market in 2018." Available at "https://www.chainnews.com/articles/
led payment should be security. The first is the protection of 930281876657.htm".
sensitive information, followed by the study of TOTP pay- [17] Jeb Su. "Data Breach Alert: Over 1 Million Credit Card Data From The
U.S., South Korea Have Been Leaked", Forbes, 2019.
ment anti-eavesdropping, and finally, the payment protection
[18] Tara Siegel Bernard; Tiffany Hsu; Nicole Perlroth; Ron Lieber. "Equifax
of lost devices. For Bank-led payments, the main research Says Cyberattack May Have Affected 143 Million in the U.S.." The
direction should be payment portability. The first is to reduce New York Times, 2017. Available at "https://www.nytimes.com/2017/09/
the cost of use, then the payment method without adding 07/business/equifax-cyberattack.html".
[19] EMVCo. "Payment Tokenisation Specification, v.2.1, 2019". Available at
any hardware(such PoS machine), and finally to increase the "https://www.emvco.com/document-search/?action=search_documents&
scope of their financial business. emvco_document_technology[]=payment-tokenisation/".
[20] EMV Contactless Specifications for Payment Systems, Book C-2: Kernel
From our point of view, in the field of mobile payment, Ad- 2 Specification
vanced technology cannot thoroughly dominate the market as [21] EMV Integrated Circuit Card Specifications for Payment Systems,
the requirements and capabilities of consumers vary. But the Book2:Security and Key Management
[22] Bond, Mike , et al. "Be Prepared: The EMV Pre-play Attack." IEEE
technologies that meet the economic strength and lifestyle of Security & Privacy 13.2(2015):56-64.
local people can adapt to the market. [23] Bond, Mike; Omar Choudary; Steven J. Murdoch; Sergei Skorobogatov;
Ross Anderson. "Chip and Skim: Cloning EMV Cards with the Pre-Play
Attack." In 2014 IEEE Symposium on Security and Privacy, 2014, 49–64.
ACKNOWLEDGMENT San Jose, CA, IEEE. https://doi.org/10.1109/SP.2014.11.
This work is supported by the National Key Re- [24] Alves T. "TrustZone : Integrated Hardware and Software Security[J]."
White Paper, 2004.
search and Development Program of China under Grants [25] Coskun V; Ozdenizci B; Ok K. "A Survey on Near Field Communication
2017YFB0802300. (NFC) Technology[J]." Wireless Personal Communications, 2013, 71(3),
2259-2294.
[26] Roland M; Langer J; Scharinger J. "Relay Attacks on Secure Element-
REFERENCES Enabled Mobile Devices[C]." IFIP International Information Security Con-
[1] Bellare, Mihir, and Viet Tung Hoang. “Identity-Based Format-Preserving ference, 2012.
Encryption.” In Proceedings of the 2017 ACM SIGSAC Conference on [27] L. Coppolino; S. D’Antonio; G. Mazzeo; L. Romano, "A comprehensive
Computer and Communications Security - CCS ’17, 1515–32. Dallas, survey of hardware-assisted security: From the edge to the cloud." Internet
Texas, USA: ACM Press, 2017. https://doi.org/10.1145/3133956.3133995. of Things, 2019, vol. 6, p. 100055, Jun.
[2] Bellare, Mihir, et al. "Format-Preserving Encryption." Lecture Notes in [28] Maene; Pieter, et al. "Hardware-Based Trusted Computing Architectures
Computer Science 45.5(2009):295-312. for Isolation and Attestation." IEEE Transactions on Computers. 2018, 67.3,
361-374.
[3] Liu Z, Jia C, Li J, et al. "Format-preserving encryption for DateTime[C]//
[29] F. McKeen; I. Alexandrovich; A. Berenzon; C.V. Rozas; H.Shafi; V.
IEEE International Conference on Intelligent Computing & Intelligent
Shanbhogue; U.R. Savagaonkar. "Innovative instructions and software
Systems." 2010.
model for isolated execution." in: Proceedings of the 2nd International
[4] Weiss M, Rozenberg B, Barham M. "Practical Solutions For Format-
Workshop on Hardware and Architectural Support for Security and Privacy,
Preserving Encryption[J]." Computer Science, 2015.
HASP, 2013.
[5] LIiu Z L, Li M, You X Y, et al. "Format-preserving encryption for PNG
[30] D. Kaplan. "AMD x86 Memory Encryption Technologies." USENIX
image[J]." Transaction of Beijing Institute of Technology, 2013, 33(12):
Association, Austin, TX, 2016.
1263-1268.
[31] S. Mofrad; F. Zhang; S. Lu; W. Shi. "A Comparison Study of Intel
[6] Palgon G, Chambers J, Konisky D. "System and methods for format SGX and amd Memory Encryption Technology." 2018, pp. 1–8, doi
preserving tokenization of sensitive information", U.S. Patent 8,458,487[P]. 10.1145/3214292.3214301.
2013-6-4. [32] Terence Spies, Mountain View, CA(US),Richard T.Minner, Carmichael,
[7] Li Min, Liu Zheli, You Xiaoxiao, et al. "Format-preserving encryption CA(US), "system for protecting sensitive data with distributed tokeniza-
model for sensitive information[J]." Journal of Nankai University(Natural tion." U.S. Patent 8595850 B2, 2013,11.26.
Science), 2012(5). [33] Micro Focus. "Secure Stateless Tokenization (SST)." Available at "http:
[8] Yu, Yong , et al. "Public cloud data auditing with practical key update and //files.asset.microfocus.com/4aa6-5576/en/4aa6-5576.pdf".
zero knowledge privacy. " Australasian Conference on Information Security [34] Ulf Mattsson. Cos Cob, CT(US), "table-connected tokenization." US
& Privacy Springer International Publishing, 2016. 9237006 B2, 2016, 1.12.
[9] Shmueli, Erez , et al. "Implementing a database encryption solution, design [35] Ulf Mattsson. Stamford, CT(US), "distributed tokenization using several
and implementation issues." Computers & Security 44(2014):33-50. substitution steps." US 8745094 B2, 2014, 6.3.
[10] PCI Security Standards Council. "Payment Card Industry(PCI) [36] Jun Yi. Alibaba Group, CN(China). "Method and device for account
Data Security Standard, v.3.2.1, 2018." Available at "https: binding and business processing." CN 107204957 A, 2016, 3.16.
//www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf? [37] Xiaoxiao Mao. Alibaba Group, CN(China), "Scan code operation method
agreement=true&time=1565925137854". and device." CN 107231389 A, 2016, 3.23.
[11] Díaz-Santiago, S., Rodriguez-Henriquez, L. M., & Chakraborty, D. (2016). [38] Grosse, Eric , and M. Upadhyay . "Authentication at Scale." IEEE Security
"A cryptographic study of tokenization systems." International Conference & Privacy 11.1(2013):15-22.
on Security and Cryptography (Vol.15, pp.413-432). IEEE. [39] JUELL. "A hierarchical neural network for human face detection." Pattern
[12] Tokenization Payment Solution of UnionPay Card Networking Joint Tech- Recognition 29.5(1996):781-787.
nical Specification, v2.1, China UnionPay, 2015. Available at "https://max. [40] Lawrence, Steve, et al. "Face recognition: a convolutional neural-network
book118.com/html/2017/0304/94286515.shtm". approach." IEEE Transactions on Neural Networks 8.1(1997):98-113.
16 VOLUME 10, 2019
[41] Lin, Shang Hung, S. Y. Kung, and L. J. Lin. "Face recognition/detection by [66] Roland M. "Applying recent secure element relay attack scenarios to the
probabilistic decision-based neural network." IEEE Transactions on Neural real world: Google Wallet Relay Attack[J]." Computer Science 2012.
Networks 8.1(1997):114-32. [67] Roland M. "Software-Based Relay Attacks on Existing Applications[M].
[42] Sun, Yi, X. Wang, and X. Tang. "Deep Learning Face Representation by Security Issues in Mobile NFC Devices." Springer International Publishing,
Joint Identification-Verification." (2014). 2015.
[43] Wang, Weihong, et al. "Face Recognition Based on Deep Learning. Human [68] Margraf M, Lange S, Otterbein F. "Security Evaluation of Apple Pay at
Centered Computing." 2014. Point-of-Sale Terminals[C]." International Conference on Next Generation
[44] Liu, Jianzheng, C. Fang, and C. Wu. "A Fusion Face Recognition Ap- Mobile Applications, 2016, IEEE.
proach Based on 7-Layer Deep Learning Neural Network." A Fusion Face [69] "Platform Security." Available at "https://developer.samsung.com/
Recognition Approach Based on 7-Layer Deep Learning Neural Network. tech-insights/knox/platform-security".
2016. [70] "Device-side Security: Samsung Pay, TrustZone, and the TEE." Available
[45] Lebedev, A., et al. "Face verification based on convolutional neural net- at "https://developer.samsung.com/tech-insights/pay/device-side-security".
work and deep learning." IEEE East-west Design & Test Symposium 2017. [71] Vila, José; Rodríguez, Ricardo J. "Practical Experiences on NFC Relay
[46] Ashfield, James; David Shroyer; Douglas Brown. "Location based authen- Attacks with Android." Revised Selected Papers of the International Work-
tication of mobile device transactions." U.S. Patent No. 8,295,898. 23 Oct, shop on Radio Frequency Identification Springer-Verlag New York, 2015,
2012. Inc.
[47] Govindarajan, Gunasekaran. "Location-based authentication." U.S. Patent [72] Chothia, T. , et al. "Relay Cost Bounding for Contactless EMV Payments."
Application No. 11/586,932, 2012, 23 Oct. Financial Cryptography and Data Security, 2015, Springer Berlin Heidel-
[48] Hammad, Ayman, and Patrick Faith. "Location based authentication." U.S. berg.
Patent No. 9,721,250. 2017,1, Aug. [73] Cavdar, D.; E. Tomur. "A Practical NFC Relay Attack on Mobile De-
vices Using Card Emulation Mode." In 2015 38th International Con-
[49] Zhang, Feng, Aron Kondoro, and Sead Muftic. "Location-based authenti-
vention on Information and Communication Technology, Electronics
cation and authorization using smart phones." 2012 IEEE 11th International
and Microelectronics (MIPRO), 2015, 1308–12. Opatija, Croatia: IEEE.
Conference on Trust, Security and Privacy in Computing and Communica-
https://doi.org/10.1109/MIPRO.2015.7160477.
tions, 2012.
[74] Wang, Zhao , et al. "Implementation and analysis of a practical NFC relay
[50] Zhengwei Zhu. "Sound wave payment method and related devices" CN
attack example." Second International Conference on Instrumentation IEEE
103761648 A[P], 2014.
Computer Society, 2012.
[51] C Zhang , J Huang. "Sound wave payment method and system." CN
[75] Francis, Lishoy, et al. "Practical NFC Peer-to-Peer Relay Attack Using
103927657 A[P], 2014.
Mobile Phones." Radio Frequency Identification: Security and Privacy
[52] Lee, J. K., S. R. Ryu, and K. Y. Yoo. "Fingerprint-based remote Issues. Springer Berlin Heidelberg, 2010.
user authentication scheme using smart cards." Electronics Letters [76] Subpratatsavee, Puchong , and P. Kuacharoen . "Transaction Authentica-
38.12(2002):554. tion Using HMAC-Based One-Time Password and QR Code." Computer
[53] H.S. Kim, S.W. Lee, and K.Y. Yoo, “ID-based password authentication Science and its Applications. Springer Berlin Heidelberg, 2015.
scheme using smart cards and fingerprints.” ACM SIGOPS Oper. Syst. Rev., [77] Mulliner, Collin , et al. "SMS-Based One-Time Passwords: Attacks and
vol. 37, no. 4, pp. 32–41, Oct. 2003. Defense." International Conference on Detection of Intrusions & Malware
[54] Chun Tang. Li and M.S. Hwang, “An efficient biometrics-based remote Springer-Verlag, 2013.
user authentication scheme using smart cards.” J. Netw. Comput. Appl., vol. [78] Chow, Yang Wai , et al. "Authentication and Transaction Verification
33, no. 1, pp. 1–5, Jan. 2010. Using QR Codes with a Mobile Device." International Conference on
[55] Li, Xiong , et al. "Cryptanalysis and improvement of a biometrics-based Security, Privacy and Anonymity in Computation, Communication and
remote user authentication scheme using smart cards." Journal of Network Storage Springer International Publishing, 2016.
and Computer Applications 34.1(2011):73-79. [79] Barmawi, Ari Moesriami . "A Visual One-Time Password Authentication
[56] Schnorr, C. . "Efficient Identification and Signatures for SmartCards." Scheme using Mobile Devices." International Conference on Information &
Workshop on the Theory & Application of of Cryptographic(1989). Communication Security 2014.
[57] Tsai, Jia Lun , and N. W. Lo . "A Privacy-Aware Authentication Scheme [80] Huandian Technology, "The world consumes hundreds of millions
for Distributed Mobile Cloud Computing Services." IEEE Systems Journal of QR codes every day." Available at "http://baijiahao.baidu.com/s?id=
9.3(2015):805-815. 1643551736838897329&wfr=spider&for=pc".
[58] Tseng, Yuh Min , et al. "List-free ID-based Mutual Authentication and Key [81] Xiaolong Bai and Zhe Zhou and XiaoFeng Wang and Zhou Li and
Agreement Protocol for Multi-server Architectures." IEEE Transactions on Xianghang Mi and Nan Zhang and Tongxin Li and Shi-Min Hu and Kehuan
Emerging Topics in Computing 4.1(2016):102-112. Zhang. "Picking Up My Tab: Understanding and Mitigating Synchronized
[59] Odelu, Vanga, Ashok Kumar Das, and Adrijit Goswami. “A Se- Token Lifting and Spending in Mobile Payment." 26th USENIX
cure Biometrics-Based Multi-Server Authentication Protocol Using Smart Security Symposium (USENIX Security 17), 2017, 978-1-931971-
Cards.” IEEE Transactions on Information Forensics and Security 10, no. 9 40-9, Vancouver, BC, 593–608, Available at "https://www.usenix.org/
(September 2015): 1953–66. https://doi.org/10.1109/TIFS.2015.2439964. conference/usenixsecurity17/technical-sessions/presentation/bai",USENIX
[60] Yoon, Eun Jun , and K. Y. Yoo. "Robust biometrics-based multi-server Association.
authentication with key agreement scheme for smart cards on elliptic curve [82] Spolaor, Riccardo , et al. "No Free Charge Theorem: a Covert Channel
cryptosystem." Journal of Supercomputing 63.1(2013):235-255. via USB Charging Cable on Mobile Devices." International Conference on
[61] H. Shen, C. Gao, D. He, and L. Wu, "New biometrics-based authentica- Applied Cryptography & Network Security Springer, Cham, 2017.
tion scheme for multi-server environment in critical systems." Journal of [83] Dodis, Yevgeniy , L. Reyzin , and A. Smith. "Fuzzy Extractors: How
Ambient Intelligence and Humanized Computing 6.6(2015):825-834,2015. to Generate Strong Keys from Biometrics and Other Noisy Data." In-
[62] Roy, Sandip, Santanu Chatterjee, Ashok Kumar Das, Samiran Chattopad- ternational Conference on the Theory and Applications of Cryptographic
hyay, Neeraj Kumar, and Athanasios V. Vasilakos. “On the Design of Techniques Springer, Berlin, Heidelberg, 2004.
Provably Secure Lightweight Remote User Authentication Scheme for
Mobile Cloud Computing Services.” IEEE Access 5 (2017): 25808–25.
https://doi.org/10.1109/ACCESS.2017.2764913.
[63] Chatterjee, Santanu , et al. "Secure Biometric-Based Authentication
Scheme Using Chebyshev Chaotic Map for Multi-Server Environment."
IEEE transactions on dependable and secure computing, 2018.
[64] "Contactless payment market by solution, service, payment mode, vertical
- global forecast to 2021." https://www.marketsandmarkets.com/Market-
Reports/ contactless- payments- market- 1313.html
[65] Roland. Michael, J. Langer. "Cloning credit cards: a combined pre-
play and downgrade attack on EMV contactless." Proceedings of the 7th
USENIX conference on Offensive Technologies USENIX Association,
2013.
VOLUME 10, 2019 17
WENZHENG LIU received the M.S. degree in

Applied Math from Zhejiang University in 2016.
He is currently a PH.D student at College of
Computer, National University of Defense Tech-
nology, from 2017. His research interests include
applied of identity-based cryptography, Internet of
Thing, stream cipher, financial cryptography,data
security,and mobile cloud computing.
XIAOFENG WANG received the ph.D. degree

from the National University of Defense Technol-
ogy. His current research interests include trusted
network, network security and distributed intelli-
gent data processing. The corresponding author,
email: xf_wang@nudt.edu.cn.
WEI PENG was born in Dayi City, Sichuan,

China, in 1973. He received the M.S. and
Ph.D. degrees in computer science from the Na-
tional University of Defense Technology (NUDT),
China, in 1997 and 2000, respectively. From 2001
to 2002, he was a Research Assistant with the
School of Computer, NUDT, China, where he has
been a Research Fellow since 2003. His major
research interests are Internet routing, network
security, and mobile wireless networks.
18 VOLUME 10, 2019

State of The Art Secure Mobile Payment

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

State of The Art Secure Mobile Payment

Uploaded by

Copyright:

Available Formats

This article has been accepted for publication in a future issue of this journal, but has not been

Digital Object Identifier

State of the Art: Secure Mobile Payment

I. INTRODUCTION personal computer, etc.

VOLUME 10, 2019 1

W.L et al.: State of the Art: Secure Mobile Payment

W.L et al.: State of the Art: Secure Mobile Payment

P1: Apple pay, Google pay,Samsung pay P1:Alipay,Wechat,Paypal

FIGURE 1. Mobile payment system framework.

W.L et al.: State of the Art: Secure Mobile Payment

W.L et al.: State of the Art: Secure Mobile Payment

Secure mobile payment

Tokenization PAN binding Secure payment authentication

Centralized Distributed Third PAN Near-field Remote

Database Distributed PIN code

FIGURE 2. Mobile payment security technology framework.

W.L et al.: State of the Art: Secure Mobile Payment

W.L et al.: State of the Art: Secure Mobile Payment

(PAN). Some of the algorithm options are format-preserving

tokens only, and the card-vault data remains inaccessible.

W.L et al.: State of the Art: Secure Mobile Payment

De-token De-token De-token De-token

TOKENIZAION EQUIPMENT 1 TOKENIZAION EQUIPMENT 2

Tokenization Database D1-A Database D2-A

Tokenization Database D1-B Database D2-B

Token request Token request Token request Token request

FIGURE 5. The structure of Distributed Tokenization System

C. OPEN ISSUES AND RECOMMENDATION FOR IV. PAN BINDING SECURITY

W.L et al.: State of the Art: Secure Mobile Payment

W.L et al.: State of the Art: Secure Mobile Payment

TABLE 2. Comparision with the previous proposed remote authentication schemes

W.L et al.: State of the Art: Secure Mobile Payment

password by using the pre-stored token, device ID, and the

W.L et al.: State of the Art: Secure Mobile Payment

Mobile Terminal PoS machine Server

writes token and

scans the password

FIGURE 7. The deployment and process of Time-Based One-Time password Payment.

W.L et al.: State of the Art: Secure Mobile Payment

Current time Token

Dynamic password (n digits) Device ID(m digits)

First information(K digits) combination

TOTP(First information(K digits) ||

FIGURE 8. Time-Based One-Time Password Algorithm for TOTP Payment.

W.L et al.: State of the Art: Secure Mobile Payment

TABLE 3. Security Issues of CCEP

W.L et al.: State of the Art: Secure Mobile Payment

SE × × × × rSE HCE rSE

Man in the middle

FIGURE 9. Comparison of mainstream mobile payments.

W.L et al.: State of the Art: Secure Mobile Payment

16 VOLUME 10, 2019

W.L et al.: State of the Art: Secure Mobile Payment

VOLUME 10, 2019 17

W.L et al.: State of the Art: Secure Mobile Payment

WENZHENG LIU received the M.S. degree in

XIAOFENG WANG received the ph.D. degree

WEI PENG was born in Dayi City, Sichuan,

18 VOLUME 10, 2019

You might also like