Professional Documents
Culture Documents
fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2963480, IEEE Access
ABSTRACT With mobile payments popular around the world, payers can conduct a payment anytime
and anywhere. While providing great convenience, mobile payment also brings many payment security
issues. This paper is the first comprehensive review of secure mobile payment. We classify the mobile
payment into TPC(third-party payment company)-led mobile payment and Bank-led mobile payment, and
based on this, summarize the system structure of mobile payment. Then we discuss the mobile payment
security technology framework from Tokenization, PAN(bank card primary account number) binding, and
Secure Payment Authentication, respectively. Besides, this paper introduces secure technologies(hardware
and software) used in these procedures, discusses and analyzes the security issues that they have been
encountered, summarise open issues, and proposes future development directions. In the end, we give the
discussion and comparison of popular and representative mobile payment applications, including Alipay,
Wechat Pay, Apple Pay, Samsung Pay, and Google Pay.
INDEX TERMS Tokenization, symmetric cryptosystem, hybrid cryptosystem, PAN binding, TOTP, remote
payment, near-field payment.
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2963480, IEEE Access
authentication, respectively. the list of acronyms used in this paper. These acronyms are
For the Tokenization, we start with a brief overview of not only used in the text but also used in figures and tables.
motivation to use tokenization in mobile payment and then
summarise and analysis centralized tokenization and dis- TABLE 1. List of acronyms used in this paper
tributed tokenization, respectively. Finally, this paper pro-
poses several open issues and present a recommendation for PAN primary account number
TOTP time-based one-time password
further research. TPC third-party payment company
For the PAN binding, we focus on how a PAN is bound to TSP token service provider
the mobile phone, which can be divided into third-party trust TR token requestor
URL uniform resource locator
protocol and PAN anti-leakage protocol. This paper detailed NFC near-field communication
introduces the third-party trust protocol, sets a security model MST magnetic secure transmission
for PAN anti-leakage scene, and discusses the technology TEE trusted execution environment
that may use for it. SE secure element
HCE host-based card emulation
For the Payment Authentication, we concentrate on how FPE format-preserving encryption
a bank or third-party company authenticates the transaction CCEP contactless card emulation payment
information. All mobile payment authentication is divided IB-FPE identity-based format-preserving encryption
into remote payment authentication, time-based one-time
password (TOTP) payment authentication, and card emula-
tion payment authentication: A. MOBILE PAYMENT SYSTEM STRUCTURE
• remote payment authentication: first, there is an intro- In this subsection, we show the system structure of the entire
duction for its payment method and process of authentica- mobile payment. In the introduction section, the mobile
tion. Furthermore, we summarize its representative academic payment is divided into TPC-led mobile payment and Bank-
research; led mobile payment. So our description will be based on this
• TOTP payment authentication: we begin to introduce the classification. In Figure 1, starting from the bank card, the left
deployment of TOTP payment, and then detailed discussed part represents the Bank-led mobile payment, and the right
the algorithm of TOTP payment. In the end, we give a part represents the TPC-led mobile payment.
discussion and propose several open issues; First, we list main participating entities:
• card emulation payment authentication: this paper first • Payer: The entity that initiates the transaction;
describes the authentication algorithm, and then summarises • Mobile terminal: It is an internet mobile device with a
its security issues encountered and points out the future mobile payment application installed;
research direction. • Payee: The entity that accepts the transaction;
In the last section, it has a discussion and comparison in • Bank-led payment provider: It cooperates with banks
terms of security, usability, and availability for popular mo- or card organizations and use their advantages of hardware
bile payment applications. Then we analyze their strengths and software to support Bank-led payment. Representatives
and weaknesses with the reasons that cause them, discuss are Apple, Samsung, and Google, etc;
the possible future development of secure mobile payment • TPC-led payment provider: It is responsible for per-
technologies, and highlighted some issues that need to be forming payment authentication and fund settlement func-
resolved. tions in place of the bank in the TPC-led payment. Repre-
sentatives are Alipay and Wechat, etc;
ORGANIZATION • Mobile payment provider: All bank-led payment
In conjunction with the objective mentioned above objec- providers and TPC-led payment providers are collectively
tives, the remainder of this study is organized based on called mobile payment provider;
the primary research areas of mobile payment security: in • Card organization: It authorizes members(usually
Section II, we introduce the mobile payment system struc- banks) to issue cards, accepts card transactions, and operates
ture and security technology framework. In Section III, we its own international regional processing network;
present the tokenization technology. In Section IV, PAN • Bank: It issues the bank card, and cooperates with the
binding technology is reviewed. Section V contains remote card organization for mobile payment;
payment authentication security. Section VI introduces TOTP • Token service provider: It is responsible for generating
payment security. In Section VII, we focus on the Bank- and managing tokens which are generally provided by card
led payment security and give a comprehensive comparative organizations or banks.
discussion of popular mobile payment applications. Next, we describe the procedure of mobile payment.
The first step is bank card binding. Different from tradi-
II. MOBILE PAYMENT SYSTEM STRUCTURE AND tional bank card payments, PANs are not allowed to store on
SECURITY TECHNOLOGY FRAMEWORK the phone or the server of mobile payment providers. PANs
In this section, we summarise the mobile payment system are also cannot be transmitted frequently over the insecure
structure and security technology framework. Table 1 shows channel. Thus, the token is required in place of the real PAN.
2 VOLUME 10, 2019
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2963480, IEEE Access
Payer
Bank
The red road P in the right part of Figure 1 shows the P5, the third-party payment company obtains the token of
bank card binding process in TPC-led mobile payment. The the bank card, saves it locally and returns it to the mobile
process is as follows: terminal.
P1, a user opens the third-party payment application in- The red road P in the left part of Figure 1 describes the
stalled in the mobile terminal and enters the PAN on the bank bank card binding process at Bank-led mobile payment :
card binding interface; P1, the user opens the payment application and enters the
P2, the mobile terminal sends the PAN to the server of the PAN on the bank card binding interface;
third-party payment company via the secure channel; P2, the mobile terminal sends the PAN to the server of the
P3, the server interacts with the card organization; mobile phone manufacturer via the secure communication
P4, the card organization uses the token management network. Remainders of the processes match steps P3, P4,
module of the token service provider to generate a token and and P5 of the TPC-led mobile payment process.
contacts the issuing bank to obtain the confirmation message; No matter which payment application users use, the token
VOLUME 10, 2019 3
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2963480, IEEE Access
is always required to binding on the phone. ple’s habit of swiping cards and reuse of existing infras-
After completing the binding process, we begin to describe tructure, mobile phone manufacturers utilize their hardware
the payment process. advantages to corporate with banks directly and use mobile
phones to simulate the payment of the physical bank card.
1) The Payment Process of TPC-led Mobile Payment The green road B in the left part of Figure 1 describes the
In the TPC-led mobile payment, the user only interacts with payment process of card emulation payment. The process is
the TPC. After completing the settlement, the TPC sever as follows:
communicates with the card organization and bank. B1, the user activates the mobile payment using fingerprint
TPC-led mobile payment mainly consists of two payment or PIN, and the mobile terminal interacts with the PoS
methods, one is the TOTP payment, and the other is the machine using NFC to simulate the process of contactless
remote payment. card payment. Samsung mobile phone has the technology to
The blue road T in the right part of Figure 1 describes simulate the magnetic stripe card payment by MST;
the payment process of TOTP payment. The process is as B2, after the PoS machine authenticates the mobile ter-
follows: minal and obtains the payment information, it interacts with
T1, the mobile terminal generates a time-based one-time the card organization and sends the encrypted data which the
password (TOTP) and sends it to the PoS machine through same as IC card authentication required;
the quick response(QR) code or audio; B3, once the card organization obtains the token, it can
T2, the PoS machine sends the TOTP and transaction find the corresponding PAN by de-tokenization and contact
information to the payment service provider’s server via a the issuing bank to complete the transaction.
secure communication channel. Then, the server validates
the TOTP(detailed in section V), and confirms the payer and B. MOBILE PAYMENT SECURITY TECHNOLOGY
transaction information; FRAMEWORK
T3.1, case 1, If the user is paying with a third-party According to the payment procedure in mobile payment sys-
account balance, the server internally settle and complete the tem, we divide security technologies into tokenization, PAN
transaction; binding, and secure payment authentication. This subsection
T3.2, case 2, If the user uses a token(also called virtual provides a conceptual introduction to these technologies and
bank card) to pay, the server sends the token and transaction their sub-technologies from a framework perspective, which
information to the card organization (such as China Union- shows of Figure 2. Detailed discussion and analysis are
Pay, Visa, MasterCard, etc.). After the card organization re- presented in later sections.
ceives the token, it retrieves the corresponding PAN through Tokenization technology is presented in the left part of
de-tokenization and contacts the issuing bank to complete the Figure 2, which is used to generate tokens for PAN. It
transaction. can be divided into the centralized tokenization scheme and
The yellow road O in the right part of Figure 1 describes distributed tokenization scheme.
the payment process of remote payment. The process is as Centralized tokenization is a conventional and database-
follows: centric solution for tokenization, which all token re-
O1, a user uses the mobile phone to scan the QR code questors(TR) need to apply token in a common token server
in the store counter or the other way to obtain the URL or provider(TSP).
interface and use it to initiate a payment request; In distributed tokenization schemes, the generation of tok-
O2, after receiving the payment request from the user, the enization is not concentrated in one server but distributed in
TPC server validates the user’s identity(detailed in section various places. Each place can generate its unique token.
IV) through the authentication algorithm. The remainder In the middle of Figure 2 is the PAN binding technology.
process matches steps T3.1 or T3.2 of the TOTP payment It is used to protect bank card information from being leaked
process. when requesting the token. Generally, it can be divided into
attention: We need to explain why TPC-led mobile pay- third-party trust protocol and anti-leakage protocol.
ment users can use balance payments without the need to Third-party trust protocol allows users to directly send the
use a bank card. Generally, third-party payment companies bank card information to a third-party company and entrust
have their accounts in the bank. For instance, the process of them to interact with the card issued bank and bind the token.
transferring money to users’ Alipay accounts is to transfer PAN anti-leakage protocol allows users to complete the
money to the Alipay bank account. Thus, when a user pays bank card binding and token application without the third-
with the account balance, the money is still in the bank party company knowing the bank card information.
account of Alipay and has not moved. The right part of Figure 2 shows secure payment authenti-
cation. It can be divided into remote payment authentication
and near-field payment authentication.
2) The Payment Process of Bank-led Mobile Payment Remote payment authentication is consists of PIN authen-
Various bank and mobile phone manufacturers jointly pro- tication and biometric authentication. Users need to obtain
vide Bank-led mobile payment. In order not to change peo- a payment interface or website from the entity which he
4 VOLUME 10, 2019
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2963480, IEEE Access
Magnetic Contactless
Random Lookup TOTP QR code Audio stripe card card
FPE Face Fingerprint Biometric PIN code
number table authentication
Magnetic MST NFC Contactless authentication authentication
protocol protocol protocol
stripe card card
authentication authentication
protocol protocol
Symmetric Hybrid
cryptosystem cryptosystem
wants to pay. And then, users choose his financial account SE is a platform that can install, personalize, and man-
to complete the payment after they input his PIN code or age applications. It is a combination of hardware, software,
show his biometrics(such as the face, fingerprint, and iris) interfaces, and protocols that can securely store and use
to confirm. credentials for payment, authentication, and other services.
Near-field payment authentication is consist of time- An attacker can not extract sensitive information stored at the
based one-time password (TOTP) authentication payment SE. Conceptually, SE [25] [26] can be divided into hardware-
and card emulation authentication. In the TOTP authen- based SE, which include eSE(embedded SE) and UICC-
tication scheme, users generate a TOTP from the TOTP based SE(removable SE) and software-based SE, which is
generation algorithm; each password is valid for a specific HCE.
period of time and can pay only once. Its payment com- The TEE is a secure area of the main processor of a
munication mediums are the quick response(QR) code and connected device that ensures sensitive data is stored, pro-
Audio. Card emulation authentication simulates the payment cessed and protected in an isolated and trusted environment.
authentication as a physical bank card, such as a contactless There are three main technological implementations of TEE
card and magnetic stripe card. It payment communication [27]: 1)TrustZone, 2)Software Guard eXtension(SGX), and
mediums are near-field communication(NFC) and magnetic Memory Encryption Technology (MET). TrustZone [28] is
secure transmission(MST). a flexible hardware-assisted security technology proposed by
There are secure hardware basement technologies that play ARM, which partitions the hardware and software resources
a significant role in protecting the mobile user’s stored sen- of a System-on-a-Chip, by distinguishing the context of
sitive data and sensitive operation: secure element(SE) and execution in the secure and normal world. SGX [29] is an in-
Trusted Execution Environment(TEE). There is no separate novative secure extension to the Instruction Set Architecture
section to discuss hardware security in this article since there (ISA), a TEE based on a mechanism of "reverse sandbox"
is quite some literature [25] [26] [27] [28] [29] [30] [31] in which sensitive processes address space is protected – at
about it. But we will point out the function of mobile hard- CPU level – even against OS. MET [30] [31] is the hardware-
ware security technology when introducing and discussing assisted TEE scheme released by AMD that encrypts and
mobile payment security technologies. protects system memory.
VOLUME 10, 2019 5
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2963480, IEEE Access
All of these technologies are working together to protect stored at the secure element(SE). For usability, tokens can be
our private information and to secure each mobile payment. transferred through the most communication medium, such
as NFC, Internet, and Bluetooth, etc.
III. FUNDAMENTAL OF VIRTUAL BANK CARD: To summarise, the tokenization scheme has its advantages
TOKENIZATION in three aspects of mobile payment:
In this section, we discuss the tokenization technology. First, first, its deployment cost is very low, which ensures com-
we start with a brief overview of the motivation to use patibility with existing infrastructure;
tokenization in mobile payment. So the reader will be able second, it protects the user’s sensitive information, since
to better appreciate the steps taken in the ongoing activity. cardholder’s card number and the validity of the card does
Then we summarise and analysis centralized tokenization not appear in the transaction;
and distributed tokenization in Section III. A and Section third, it restricts adversary’s action, because tokens only
III.B, respectively. Finally, we propose several open issues can be used in the limited transaction scenario;
and present a recommendation for further research. finally, it reduces the probability of fraudulent transactions.
In the digital payment field, the bank card is a mainstream Summarizing from the EMVCo Payment Token Specifica-
payment medium. With the increasing popularity of business tion Technical Framework v2.1 [19], PCI Security Standard
through on the Internet, each company needs to maintain its Council v3.2.1 [10], and requirement of card organizations
customer’s bank card information in some form. Bank card [12], we conclude that a tokenization scheme needs to satisfy
data leakage is considered to be one of the severe threats to the following four requirements:
any company [17] [18]. Such violations will not only bring • the generated token does not change the format of the
severe economic losses to banks and companies but also bank card PAN;
severely damage its brand image and reduce people’s trust • the bank identification code(BIN) of a token cannot be
in digital payment. identical to the BIN of the original PAN;
Payment Card Industry Security Standards Council (PCI • tokens satisfy the Luhn algorithm;
SSC) is an organization established by payment card com- • tokens can be flexibly made with some restrictions.
panies, which is responsible for the development and de- Attention: Many readers confuse the token in the mobile
ployment of payment security technologies and ensures the payment with the token in the identity authentication, and
security of credit card data. In particular, PCI SSC has they believe that the payment can be authenticated as long
developed a PCI Data Security Standard (PCI DSS) [10]. as the token is presented. This is incorrect. In the field of
The standard specifies the security mechanism which card mobile payments, tokens are a string of unique numbers that
data are required to guarantee during payment. PCI DSS are used instead of PANs for storage and transmission. The
requires organizations that process card payments to protect conceptions of the token in the different fields of computer
cardholder data when they store, transmit, and process them. security have a different meaning.
Enterprises, merchants, and payment providers face severe
challenges to secure their high-value sensitive data. Replac- A. CENTRALIZED TOKENIZATION TECHNOLOGIES
ing PAN with a token is one of the data protection and audit Centralized tokenization(Figure 3) is a conventional and
scope reduction methods recommended by the PCI DSS. database-centric solution for tokenization, which all token
In 2014, the international chip card standardization organi- requestors(TR) need to apply token in a common token server
zation EMVCo set token as a substitute in the physical bank provider(TSP).
card [19]. The token can be used the same as PAN, which
means that there is no need to update the already installed
PoS (Point of Sale) terminals. Tokenization is a process of re- TR
placing a traditional bank card PAN to a token with a unique
numeric value. Payment token can be used in all aspects
of bank card transactions and can be used across industries
TSP
so that it has versatility. The procedure of token generation
is done by the token service provider (TSP). When TSP is
issuing a token, it can flexibly make some restrictions, such as
the use for individual businesses, online application, offline
application, etc. It can also limit the value, time, and location
of tokens. When necessary, tokens can be destroyed and re-
issued. Deployment of tokenization technology can save a lot FIGURE 3. tokenization service provider of centralized tokenization
of money since it ensures compatibility with existing infras-
tructure. For security, the EMVCo Payment Token Specifi- Summary from [9] [10] [11] [13] [14], a TSP of centralized
cation Technical Framework v2.1 [19]provides examples of tokenization system generally has the following components:
secure storage of tokens on a device. For instance, it can be • An algorithm for token generation : It is a process to
transferred into the trusted execution environment(TEE) or create a token corresponding to the primary account number
6 VOLUME 10, 2019
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2963480, IEEE Access
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2963480, IEEE Access
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2963480, IEEE Access
6, finally, mobile terminals store the token at hardware for V. TPC-LED PAYMENT SECURITY: REMOTE PAYMENT
mobile payment transactions. AUTHENTICATION
Remote payment is a method that the mobile terminal of the
B. PAN ANTI-LEAKAGE PROTOCOL AND OPEN ISSUES payer can complete the payment far from the payee. This
approach is similar to web page payment. But it takes full
In the beginning, the vast majority of mobile payment
advantage of mobile terminals, allowing users to complete
providers are large Internet companies, and their security
identity authentication and confirm payment anytime, any-
is relatively reliable. Therefore, they are eligible for real
where. Its payment process has been described in section
bank card information. However, with the development of
II.A.
mobile payment, many small and medium-sized companies
In this section, we focus on authentication methods and
participate in the mobile payment. These companies are far
algorithms used in remote payment. First, we introduce the
less reliable than the previous payment service providers, and
remote payment authentication method widely used. Then we
they are no eligible to contact real bank cards. Therefore,
discuss the relevant authentication methods in the academic
there is a gradual need to design a PAN anti-leakage protocol
area, analyze their advantages and disadvantages, and pro-
for mobile payments.
pose possible future development directions.
In this paper, we set the security model for such issues.
There are three kinds of entities: A. THE AUTHENTICATION METHOD OF REMOTE
• mobile terminal; PAYMENT
• Third-party mobile payment company; There are two types of authentication methods for remote
• bank and card organization. payment, one is PIN code authentication, and the other
we assume that: is biometric identification. The biggest difference between
• Third-party mobile payment company will store the these two types is that the former needs to authenticate PIN
sensitive information or hijacked by the adversary A; at the remote server, while the latter is usually authenticated
• messages are communicated over an insecure channel; biometric locally. In essence, both payment methods are
• the communication channel is susceptible to eavesdrop- based on the hybrid cryptosystem. After the user applies for
ping, deletion, or modification, which are executed by adver- these two payment methods, the third-party server sends a
sary A. certificate containing the public key pk and the private key sk
to the user. pk and sk ensure the security of remote mobile
The target of the PAN anti-leakage protocol: users
payments.
must complete the binding operation with the bank without
exposing the PAN to any other entities.
1) PIN code authentication
In 2016, Alibaba Group proposed a protocol [36] based
PIN authentication is a traditional authentication method and
on an authorization certificate. In this protocol, the mobile
is widely used in physical bank card payment.
terminal communicates with the card organization or banks
The process of PIN code authentication is:
through the secure channel to send the default certificated
1, user input a 6 digits PIN number;
instructions issued by the payment service provider. Al-
2, user’s mobile terminal encrypts the PIN and other infor-
though there are very few schemes designed directly for
mation:
PAN binding, there are some for similar scenes. Similar
M = Signaturesk (P IN, transaction inf ormation),
to Alibaba’s scheme, these related schemes use certificates
and sends them to the payment service provider;
based on asymmetric passwords. 3, if the PIN passes the verification V alidatepk (M ), the
From a different perspective, we find that the field of payment service provider will accept the payment, otherwise,
public cloud data auditing maybe provides efficient solutions reject.
to this problem. There are also have three kinds of entities
are involved in the scenario, namely data owners, the cloud 2) Biometric identification
server, and a third-party auditor (TPA). TPA is responsible for The process of biometric identification is:
checking the integrity of cloud data on behalf of cloud users 1, the user inputs his biometric feature;
in case they do not have the time, resources, or feasibility to 2, the user’s terminal collects the user’s biometrics and
monitor their data and return audit reports for them. However, compares them with the biometrics stored at local hard-
due to regulatory and financial incentives, cloud servers are ware(usually at SE);
unable to disclose managed data to TPA [8]. These two 3, if the user’s biometrics passed the certification, the
issues have very similar technical requirements. Besides, mobile terminal will send certification information and trans-
zero-knowledge proof may also help solve the issues. A zero- action information
knowledge proof of knowledge protocol [56] enables a prover M = Signaturesk (C, transaction inf ormation) to the
(P) to convince a verifier (V) that some statement is true, but payment service provider;
the verifier learns nothing except the validity of the statement. 4, the payment service provider accepts the payment if it
passes the verification V alidatepk (M ).
VOLUME 10, 2019 9
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2963480, IEEE Access
security attributes Odelu [59] H.Shen [61] Tseng [58] et al. Tsai-Lo [57] Roy [62] Chatterjee [63]
Cryptography ECC
√ ECC
√ ECC Pairing
√ Hash Function
√ Chaotic
√ Map
Stolen mobile device attack √ √ NA
√ √ √ √
replay attack √ √ √ √ √ √
Password guessing attack √ √ √ √ √ √
Privileged insider attack √ √ √ √ √ √
DoS attack √ √ √ √ √ √
Known session key secrecy √ √ √ √ √ √
Forward secrecy √ √ √ √ √
User impersonation attack √ × √ √ √
Server impersonation attack √ ×
√ × √ √ √
Ephemeral secret key leakage attack √ √ × √ √
Revocation √ NA
√ NA √ √
Secure mutual authentication × √ ×
√
No server database × × √ √ × ×
No registration server database × × √ ×
√ ×
√
Low communication overhead × × √ × √ √
Low computation overhead × × √ ×
Black/white free list for user ×
√ ×
√ √ ×
√ × ×
√
New user scalability ×
Biometric remote authenticate × × × × × ×
Biometrics verify entirely locally, which is the reason why During the authentication process, the user completes the PIN
the payment app does not support biometric authentication or biometrics verification locally to decrypt the secret key
after devices been rooted or jailbroken. and then using the secret key for server side authentication.
All the authentication factors neither authenticated by the
B. OPEN ISSUES AND RECOMMENDATION FOR server. From our perspective, It is a future research direction
FURTHER RESEARCH to design a scheme in which the server can confirm a remote
To authenticate the user’s identity, there was a lot of protocol authentication user input a plurality of factors provided at the
proposed for authentication. Lee [52] proposed a fingerprint time of registration.
based remote user authentication scheme using smart cards. In addition to cryptography, neural network is gradually
To overcome the weaknesses of Lee [52], Kim [53] proposed being applied to the authentication of biometrics. More than
a new fingerprint based authentication scheme using smart 20 years ago, there are scholars proposed neural network for
cards. In 2010, Chun Tang Li [54] has proposed a new human face detection [39] [40] [41]. But it was not realized
biometrics-based authentication using smart cards. Then, Li at the time. Now, with the development of deep learning,
Xiong [55] proposed a scheme to overcome the weaknesses deep learning neural network has been used for biometric au-
in [54] scheme. thentication [42] [43] [44] [45]. Its authentication efficiency
With the widespread use of the distributed system, the
and usability far exceed cryptography-based solutions. In
design of biometrics based authentication scheme for dis-
our opinion, to design a deep learning neural network based
tributed environments become a focus issue. There are a lot
remote payment scheme is a very practical research direction.
of schemes based on Fuzzy extractor [83], ECC and bilinear
pairing. Yoon [60] and Shen [61] proposed a biometrics
based authentication scheme for the distributed environment VI. TPC-LED PAYMENT SECURITY: TOTP PAYMENT
using ECC. Tsai [57] and Tseng [58] refer to the existing AUTHENTICATION
scheme and use the bilinear pairing to make the registration
center no longer participate in the authentication. Roy [62] TOTP payment is a payment method that can complete
proposed a lightweight remote user authentication scheme one transaction with once one-way information transfer(from
without use ECC and pairing. In 2018, Chatterjee [63] pro- user to PoS machine). This type of payment method is
posed a new authentication scheme using chebyshev chaotic gradually occupying the global payment market.
map, which has high security and low computation. Table The payment applications using TOTP include Alipay,
2 shows the representative proposed scheme on the multi- WeChat, etc. Figure 6 shows the 18-digit digitally-generated
servers environment. QR codes using by WeChat.
Summarizing the current results, we find that the exist- In this section, we begin to introduce the deployment of
ing remote biometric authentication scheme has made great TOTP payment, and then detailed describe the algorithm of
progress in security. The main direction of the research is to TOTP payment. In the end, we give a discussion and propose
lower the computation and communication overhead. While several open issues for it.
most of the proposed schemes use PIN and biometrics to
encrypt the secret key issued by the registration service.
10 VOLUME 10, 2019
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2963480, IEEE Access
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2963480, IEEE Access
verifies the
returns the verify result password
of the patent has never been applied, and this secure issue in his hands cannot provide. There are already have some
always existed. location-based authentication schemes [46] [47] [48] [49].
Spolaor [82] uses the public charger to steal information But they are not currently suitable for TOTP payment. In
from the charging mobile terminal. In this attack, as long as these schemes, in order to complete the authentication, the
the user opens the payment interface, the adversary can get user must interact with other entities multiple times. It is not
the QR code. meet the requirement of TOTP payment, which completes
The security of TOTP payment is a very important issue, one transaction with once one-way information transfer, and
but there are little academic researches on it. even on the offline environment. But we believe that apply
In this section, we set the security model for such issues. location-based authentication schemes to TOTP payment is a
There are three kinds of entities: research direction.
• mobile terminal;
• PoS machine; VII. BANK-LED PAYMENT SECURITY: CARD
• Third-party mobile payment company; EMULATION PAYMENT AUTHENTICATION
we assume that: Banks and mobile phone manufacturers jointly provide
• mobile terminal are in an environment that is easy to Bank-led mobile payment. Banks and EMVCo mainly offer
monitor; interactive authentication protocol [20] [21] for mobile pay-
• messages are communicated over a public insecure chan- ments card emulation payments. And mobile phone manu-
nel; facturers provide hardware support for the specifications, and
• messages in public channel are susceptible to eaves- responsible for mobile terminal security.
dropping; deletion or modification, which are executed by The contactless card emulation payment(CCEP) is the
adversary A. main representative of Bank-led payment, which is advanced
• users present a TOTP once to complete a transaction. quickly in recent years. Its market size is estimated to grow
We believe that when generating TOTP, it is a good idea from USD 6.70 Billion in 2016 to USD 17.56 Billion by 2021
to bind it with PoS machine related information. But this [64].
is also a contradiction because the user’s mobile terminal The first contactless card payment was implemented in
does not know any information about the PoS machine when 1995 by Seoul Bus Transport. Since then, many IT leading
the user producing the TOTP. From our perspective, perhaps companies (Apple, Google, Samsung) started to integrate a
information around the PoS machine is what we need, such contactless card payment process into mobile phones. Google
as the approximate location of the PoS machine. Because the first launched a CCEP system in 2011, which called Google
payment mobile terminal is close to the PoS machine, so it Wallet. Apple Pay and Samsung Pay then followed in 2014
has a high probability of providing the same approximate and 2015, respectively. After that, Google rebrands Google
location, but the adversary in other places and the PoS Wallet to Android Pay.
12 VOLUME 10, 2019
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2963480, IEEE Access
combination
Token
One-time identity
password(n+m digits)
HMAC-SHA algorithm
Magnetic stripe card emulation is the card emulation au- Transaction Counter (ATC). Cryptographic password is the
thentication scheme proposed by Samsung. It is a technology token mentioned in some related literature, which misleads
that simulates the mobile terminal as a traditional magnetic many readers;
bank card. The MST sends a magnetic signal from the user’s • cryptographic key [70] : This key, stored in the secure
device to the reader of the PoS machine (which can simulate hardware(TEE or SE), is static or dynamic, depending on the
the physical card swiping without upgrading the terminal’s card brand/network. Static cryptographic keys are used over a
hardware). Almost all PoS machines with card readers can relatively long period of time and in multiple key exchanges,
use MST technology. Since magnetic stripe cards are gradu- whereas a dynamic key is generated for each exchange. Some
ally being phased out in the market, so it is only used as an articles confuse the cryptographic key and token, which also
auxiliary payment method for CCEP. mislead many readers.
In this section, we first describe the CCEP authentica- Then, we introduced SE-based card emulation and HCE-
tion algorithm. Then, we summarise the security issues en- based card emulation [13].
countered in CCEP. Finally, we give a comparison between In SE-based card emulation payment, sensitive informa-
mainstream mobile payment applications, including Alipay, tion stored in SE. token stored at SE, and cryptography key
Wechat, Apple Pay, Google Pay, and Samsung Pay. generator applications host in the SE. SE act as the role of the
bank card integrated chip.
A. CONTACTLESS CARD EMULATION PAYMENT In HCE-based car emulation payment, a remote server of
AUTHENTICATION ALGORITHM SEs termed the cloud of secure elements is proposed. The
According to the EMVCo Specifications [20] [21], the pro- study reports a smartphone with HCE functionality remotely
cess is based on the specifications of physical contactless using a SE, hosted on a server, through the establishment of a
cards. secure TLS channel. Token and cryptography key generator
First, we need to explain the meaning of some concepts in applications are hosted in the remote SE which usually
contactless card emulation payment authentication: located at TSP. This payment method has the following
• tokenization: It is a procedure to replace sensitive PAN difference between the SE-based one:
values with non-sensitive token values; • All service providers who want to provide HCE-enabled
• token: It is a string of numbers that has the same format NFC services need to make business agreements with their
as the PAN. In some technical essay or literature about TSP.
tokenization, they called token to virtual PAN(VPAN) or • For an HCE-based NFC Service of a service provider, the
digital PAN(DPAN), but according to the requirement of [19] only cost is the NFC reader and backend server installation
[10] [12], token is the most accurate name; and maintenance.
• cryptographic password [70] : It contains encrypted • After de-tokenization of user token and application token
data derived from the token, timestamp, and Application values on TSP’s server in each transaction, the authorization
VOLUME 10, 2019 13
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2963480, IEEE Access
Attack Remarks
Bond [22] pre-play attack poor random generation
Bond [23] pre-play attack do not impose any encryption between communication
Roland and Langer [65] cloning attack adversary learn the necessary data for cloning
Francis [75] relay attack passive monitoring card
Chothia [72] relay attack not require a specific hardware
WangZhao [74] relay attack
Vila [71] relay attack using off-the-shelf NFC-enabled Android devices
Cavdar [73] relay attack
Michael Roland [66] relay attack relay attacks on Google Wallet
Michael Roland [67] relay attack software-based relay attacks on existing applications
Margraf [68] relay attack relay attacks on Apple pay
response is first directed to the Service Provider, enabling the transaction, ARC = 1 and IS generates a MAC encrypted
service providers to track transactions and retain their users’ by the secret key skT C , ARQC, and ARC. This MAC is
transaction details. called as ARPC;
• Users can easily register to the TSP and get support from 5) IS sends ARPC to PoS machine which relays it to M if
it to disable their SE. ARC = 1. Otherwise, it cancels the transaction;
Next, we describe the CCEP authentication algorithm 6) M verifies ARPC. If the verification value and ARC
based on what we mentioned above. are 1, M generates the second cryptogram TC to show
• The binding bank card issuer IS has a private sk and a transaction is complete. It generates a random number r and
public pk. use skm to sign r, n, CT , T C, timestamps, R1 , and R2 ;
• The mobile terminal M shares a symmetric key K with 7) M sends the signature and TC to PoS machine;
its binding bank card issuer IS. It also has a private skm a 8) the PoS machine verifies if the signature and the data
public pkm . pkm is signed by IS’s private key sk. All these are valid;
keys are stored in the secure element. 9) the PoS machine contacts with the IS to receive the
The process of authentication consists of five phases: reimbursement;
1, the user activates the contactless simulated payment 10) the IS gives the PoS machine proof of transaction
function of the mobile terminal by using the PIN code or completion and confirms that it execute the reimbursement.
biometric identification, and puts the mobile phone into the
sensing range of the PoS machine; B. SECURITY ISSUES ENCOUNTERED
2, PoS machine detects mobile terminal C; The security issues encountered by traditional contactless
3, PoS machine sends the transaction T to M . Then, cards are also difficult to avoid on CCEP. Table 3 sum-
M responds with its public key pkm and card information marizes the attacks that CCEP suffered. Bond [22] [23]
such as token and expiration date. If pkm is verified by show pre-play attacks were detected because of poor random
PoS, continues. There are three types of data authentication generation. Roland and Langer [65] discovered a cloning
methods: attack. The most important attack specific for CCEP is relay
• Static Data Authentication; attack, which show at Vila [71], Chothia [72], Cavdar [73],
• Dynamic Data Authentication; WangZhao [74] and Francis [75] . Chothia [72] provides a
• Combined Data Authentication. solution of relay attacks for the first. The current EMVco
4, PoS sends a random number n to request a cryptogram [20], therefore, take precaution partly against relay attacks
generation from M . There are three types of cryptograms using the solution proposed by Chothia [72]. But the solution
exist: provided by Chothia does not protect against malicious who
• Transaction Certificate is used for the offline; can execute relay attacks differently than MiM-adversaries.
• Authorization Request Cryptogram is used for online; Roland applied relay attacks to google wallet and other
• Application Authentication Cryptogram is used to cancel existing applications [66] [67]. Margraf [68] shows that relay
the transaction. attacks cannot be avoided on Apple pay.
5, Online Verification:
1) M increases its counter CT and generates a secret key
skT C by using CT and K; C. DISCUSSION AND OPEN ISSUES
2) M generates the cryptogram Authorization Request Based on the content of this article, We summarize a compar-
Cryptogram: a MAC of n,CT ,T with using skT C ; ison for mainstream payments in Figure 9.
3) M sends the cryptogram AC to PoS machine which From the perspective of security technology, Samsung Pay,
relays it to IS with the card information; and Apple Pay are the most secure scheme, followed by
4) IS verifies ARQC and possibly validate the information Google. TOTP payments of Alipay and WeChat are the most
of M . If ARQC passes verification and card is validated for unreliable scheme.
14 VOLUME 10, 2019
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2963480, IEEE Access
TPC-Led Bank-led
Alipay Wechat Pay Apple Pay Google Pay Samsung Pay
Payment method Near-field remote Near-field remote Near-field Near-field Near-field
System System and System support System and System and System and System and
Compatibility
support only hardware only hardware hardware hardware hardware
Hardware cost Low Hign Low Hign Hign Medium Hign
Payment range 0.1-0.6m * 0.1-1m * 0.04-0.1m 0.04-0.1m 0.04-0.1m
Tokenization system Centralized Centralized Centralized Centralized Centralized Centralized Centralized
Payment QR code and
Internet QR code Internet NFC NFC NFC and MST
communication Audio
Interactive × √ × √ √ √ √
TEE √ √ √ √ √ √ √
Root or jailbreak
× × × × √ √ √
attack resistance
Stolen device
× √ × √ √ √ √
attack resistance
Samsung Pay [69] [70] and Apple Pay [68] use trust- case is very different. Alipay and WeChat almost completely
zone and SE to protect sensitive information and transaction occupy the Chinese market, and they are rapidly spreading
authentication. They also use the interactive NFC and the in Southeast Asia and many other developing countries, and
EMVCo protocol to ensure secure transactions. And their even gradually gain recognition in the European and Amer-
payment range is very narrow, effectively preventing eaves- ican markets. While the other three scheme is slow to pro-
dropping attacks. mote. Although they are recognized in developed countries,
The difference between Google payment and Samsung consumers in these countries seem to prefer cash or physical
or Apple is the introduction of HCE technology. It can bank cards. And their promotion in other developing regions
store sensitive information in the cloud. Google use HCE to is struggling.
remove the limitation of SE, which effectively reduce costs
The high compatibility of Alipay and WeChat pay is the
and hardware requirement of the mobile terminal without
vital point. Their mere hardware requirements for mobile
significantly reducing security. Although it just removed the
devices and the mobility of payment software have much
SE, it has brought a lot of development possibilities for the
improved the user experience. For a lot of small merchants,
mobile terminal with such high integration.
the scanning code replaces the PoS machine, which greatly
Alipay and WeChat solutions have no technology to pro-
saves the cost of equipment. So Alipay and WeChat almost
tect sensitive information except trustzone. Once the device
ruled mobile payments in some underdeveloped regions and
is lost or invaded, it is easy for others to get valuable informa-
gradually expanded to developed areas.
tion. And the combination of QR code and TOTP is natural
to have eavesdropped. Moreover, the recognition distance of The high prices and low compatibility of equipment pro-
the QR code is very long, and the eavesdropper can even duced by Apple, Samsung, and Google is the most important
preemptively scan code and steal the money. reason. Besides, Apple Pay and Samsung Pay do not have
However, from the actual performance in the market, the their financial account ecology. They are only used to replace
VOLUME 10, 2019 15
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2963480, IEEE Access
bank cards for internet and near-filed payment, which will [13] Busra, Ozdenizci , O. Kerem , and C. Vedat . "A Tokenization-Based
result in very few financial transactions they can do. The last Communication Architecture for HCE-Enabled NFC Services." Mobile
Information Systems 2016(2016):1-20.
but not the least, It is very inconvenient to use at roadside [14] JeffStapleton, and RalphSpencerPoore. "Tokenization and Other Meth-
stalls or small shops. These shops have low profits will not ods of Security for Cardholder Data." Information Systems Security
want to prepare a PoS machine for such payment. These 20.2(2011):9.
[15] Del Rowe, Sam. "Information supplement: The Rise of Mobile Wallets,
reasons have greatly reduced people’s motivation to use CRM Magazine 2017." Available at "https://www.questia.com/magazine/
them. 1G1-499761586/the-rise-of-mobile-wallets-and-what-marketers-need".
[16] Chainnews. "The rise of e-wallet: overview of the global mobile pay-
In the future, we believe that the research direction of TPC-
ment market in 2018." Available at "https://www.chainnews.com/articles/
led payment should be security. The first is the protection of 930281876657.htm".
sensitive information, followed by the study of TOTP pay- [17] Jeb Su. "Data Breach Alert: Over 1 Million Credit Card Data From The
U.S., South Korea Have Been Leaked", Forbes, 2019.
ment anti-eavesdropping, and finally, the payment protection
[18] Tara Siegel Bernard; Tiffany Hsu; Nicole Perlroth; Ron Lieber. "Equifax
of lost devices. For Bank-led payments, the main research Says Cyberattack May Have Affected 143 Million in the U.S.." The
direction should be payment portability. The first is to reduce New York Times, 2017. Available at "https://www.nytimes.com/2017/09/
the cost of use, then the payment method without adding 07/business/equifax-cyberattack.html".
[19] EMVCo. "Payment Tokenisation Specification, v.2.1, 2019". Available at
any hardware(such PoS machine), and finally to increase the "https://www.emvco.com/document-search/?action=search_documents&
scope of their financial business. emvco_document_technology[]=payment-tokenisation/".
[20] EMV Contactless Specifications for Payment Systems, Book C-2: Kernel
From our point of view, in the field of mobile payment, Ad- 2 Specification
vanced technology cannot thoroughly dominate the market as [21] EMV Integrated Circuit Card Specifications for Payment Systems,
the requirements and capabilities of consumers vary. But the Book2:Security and Key Management
[22] Bond, Mike , et al. "Be Prepared: The EMV Pre-play Attack." IEEE
technologies that meet the economic strength and lifestyle of Security & Privacy 13.2(2015):56-64.
local people can adapt to the market. [23] Bond, Mike; Omar Choudary; Steven J. Murdoch; Sergei Skorobogatov;
Ross Anderson. "Chip and Skim: Cloning EMV Cards with the Pre-Play
Attack." In 2014 IEEE Symposium on Security and Privacy, 2014, 49–64.
ACKNOWLEDGMENT San Jose, CA, IEEE. https://doi.org/10.1109/SP.2014.11.
This work is supported by the National Key Re- [24] Alves T. "TrustZone : Integrated Hardware and Software Security[J]."
White Paper, 2004.
search and Development Program of China under Grants [25] Coskun V; Ozdenizci B; Ok K. "A Survey on Near Field Communication
2017YFB0802300. (NFC) Technology[J]." Wireless Personal Communications, 2013, 71(3),
2259-2294.
[26] Roland M; Langer J; Scharinger J. "Relay Attacks on Secure Element-
REFERENCES Enabled Mobile Devices[C]." IFIP International Information Security Con-
[1] Bellare, Mihir, and Viet Tung Hoang. “Identity-Based Format-Preserving ference, 2012.
Encryption.” In Proceedings of the 2017 ACM SIGSAC Conference on [27] L. Coppolino; S. D’Antonio; G. Mazzeo; L. Romano, "A comprehensive
Computer and Communications Security - CCS ’17, 1515–32. Dallas, survey of hardware-assisted security: From the edge to the cloud." Internet
Texas, USA: ACM Press, 2017. https://doi.org/10.1145/3133956.3133995. of Things, 2019, vol. 6, p. 100055, Jun.
[2] Bellare, Mihir, et al. "Format-Preserving Encryption." Lecture Notes in [28] Maene; Pieter, et al. "Hardware-Based Trusted Computing Architectures
Computer Science 45.5(2009):295-312. for Isolation and Attestation." IEEE Transactions on Computers. 2018, 67.3,
361-374.
[3] Liu Z, Jia C, Li J, et al. "Format-preserving encryption for DateTime[C]//
[29] F. McKeen; I. Alexandrovich; A. Berenzon; C.V. Rozas; H.Shafi; V.
IEEE International Conference on Intelligent Computing & Intelligent
Shanbhogue; U.R. Savagaonkar. "Innovative instructions and software
Systems." 2010.
model for isolated execution." in: Proceedings of the 2nd International
[4] Weiss M, Rozenberg B, Barham M. "Practical Solutions For Format-
Workshop on Hardware and Architectural Support for Security and Privacy,
Preserving Encryption[J]." Computer Science, 2015.
HASP, 2013.
[5] LIiu Z L, Li M, You X Y, et al. "Format-preserving encryption for PNG
[30] D. Kaplan. "AMD x86 Memory Encryption Technologies." USENIX
image[J]." Transaction of Beijing Institute of Technology, 2013, 33(12):
Association, Austin, TX, 2016.
1263-1268.
[31] S. Mofrad; F. Zhang; S. Lu; W. Shi. "A Comparison Study of Intel
[6] Palgon G, Chambers J, Konisky D. "System and methods for format SGX and amd Memory Encryption Technology." 2018, pp. 1–8, doi
preserving tokenization of sensitive information", U.S. Patent 8,458,487[P]. 10.1145/3214292.3214301.
2013-6-4. [32] Terence Spies, Mountain View, CA(US),Richard T.Minner, Carmichael,
[7] Li Min, Liu Zheli, You Xiaoxiao, et al. "Format-preserving encryption CA(US), "system for protecting sensitive data with distributed tokeniza-
model for sensitive information[J]." Journal of Nankai University(Natural tion." U.S. Patent 8595850 B2, 2013,11.26.
Science), 2012(5). [33] Micro Focus. "Secure Stateless Tokenization (SST)." Available at "http:
[8] Yu, Yong , et al. "Public cloud data auditing with practical key update and //files.asset.microfocus.com/4aa6-5576/en/4aa6-5576.pdf".
zero knowledge privacy. " Australasian Conference on Information Security [34] Ulf Mattsson. Cos Cob, CT(US), "table-connected tokenization." US
& Privacy Springer International Publishing, 2016. 9237006 B2, 2016, 1.12.
[9] Shmueli, Erez , et al. "Implementing a database encryption solution, design [35] Ulf Mattsson. Stamford, CT(US), "distributed tokenization using several
and implementation issues." Computers & Security 44(2014):33-50. substitution steps." US 8745094 B2, 2014, 6.3.
[10] PCI Security Standards Council. "Payment Card Industry(PCI) [36] Jun Yi. Alibaba Group, CN(China). "Method and device for account
Data Security Standard, v.3.2.1, 2018." Available at "https: binding and business processing." CN 107204957 A, 2016, 3.16.
//www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf? [37] Xiaoxiao Mao. Alibaba Group, CN(China), "Scan code operation method
agreement=true&time=1565925137854". and device." CN 107231389 A, 2016, 3.23.
[11] Díaz-Santiago, S., Rodriguez-Henriquez, L. M., & Chakraborty, D. (2016). [38] Grosse, Eric , and M. Upadhyay . "Authentication at Scale." IEEE Security
"A cryptographic study of tokenization systems." International Conference & Privacy 11.1(2013):15-22.
on Security and Cryptography (Vol.15, pp.413-432). IEEE. [39] JUELL. "A hierarchical neural network for human face detection." Pattern
[12] Tokenization Payment Solution of UnionPay Card Networking Joint Tech- Recognition 29.5(1996):781-787.
nical Specification, v2.1, China UnionPay, 2015. Available at "https://max. [40] Lawrence, Steve, et al. "Face recognition: a convolutional neural-network
book118.com/html/2017/0304/94286515.shtm". approach." IEEE Transactions on Neural Networks 8.1(1997):98-113.
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2963480, IEEE Access
[41] Lin, Shang Hung, S. Y. Kung, and L. J. Lin. "Face recognition/detection by [66] Roland M. "Applying recent secure element relay attack scenarios to the
probabilistic decision-based neural network." IEEE Transactions on Neural real world: Google Wallet Relay Attack[J]." Computer Science 2012.
Networks 8.1(1997):114-32. [67] Roland M. "Software-Based Relay Attacks on Existing Applications[M].
[42] Sun, Yi, X. Wang, and X. Tang. "Deep Learning Face Representation by Security Issues in Mobile NFC Devices." Springer International Publishing,
Joint Identification-Verification." (2014). 2015.
[43] Wang, Weihong, et al. "Face Recognition Based on Deep Learning. Human [68] Margraf M, Lange S, Otterbein F. "Security Evaluation of Apple Pay at
Centered Computing." 2014. Point-of-Sale Terminals[C]." International Conference on Next Generation
[44] Liu, Jianzheng, C. Fang, and C. Wu. "A Fusion Face Recognition Ap- Mobile Applications, 2016, IEEE.
proach Based on 7-Layer Deep Learning Neural Network." A Fusion Face [69] "Platform Security." Available at "https://developer.samsung.com/
Recognition Approach Based on 7-Layer Deep Learning Neural Network. tech-insights/knox/platform-security".
2016. [70] "Device-side Security: Samsung Pay, TrustZone, and the TEE." Available
[45] Lebedev, A., et al. "Face verification based on convolutional neural net- at "https://developer.samsung.com/tech-insights/pay/device-side-security".
work and deep learning." IEEE East-west Design & Test Symposium 2017. [71] Vila, José; Rodríguez, Ricardo J. "Practical Experiences on NFC Relay
[46] Ashfield, James; David Shroyer; Douglas Brown. "Location based authen- Attacks with Android." Revised Selected Papers of the International Work-
tication of mobile device transactions." U.S. Patent No. 8,295,898. 23 Oct, shop on Radio Frequency Identification Springer-Verlag New York, 2015,
2012. Inc.
[47] Govindarajan, Gunasekaran. "Location-based authentication." U.S. Patent [72] Chothia, T. , et al. "Relay Cost Bounding for Contactless EMV Payments."
Application No. 11/586,932, 2012, 23 Oct. Financial Cryptography and Data Security, 2015, Springer Berlin Heidel-
[48] Hammad, Ayman, and Patrick Faith. "Location based authentication." U.S. berg.
Patent No. 9,721,250. 2017,1, Aug. [73] Cavdar, D.; E. Tomur. "A Practical NFC Relay Attack on Mobile De-
vices Using Card Emulation Mode." In 2015 38th International Con-
[49] Zhang, Feng, Aron Kondoro, and Sead Muftic. "Location-based authenti-
vention on Information and Communication Technology, Electronics
cation and authorization using smart phones." 2012 IEEE 11th International
and Microelectronics (MIPRO), 2015, 1308–12. Opatija, Croatia: IEEE.
Conference on Trust, Security and Privacy in Computing and Communica-
https://doi.org/10.1109/MIPRO.2015.7160477.
tions, 2012.
[74] Wang, Zhao , et al. "Implementation and analysis of a practical NFC relay
[50] Zhengwei Zhu. "Sound wave payment method and related devices" CN
attack example." Second International Conference on Instrumentation IEEE
103761648 A[P], 2014.
Computer Society, 2012.
[51] C Zhang , J Huang. "Sound wave payment method and system." CN
[75] Francis, Lishoy, et al. "Practical NFC Peer-to-Peer Relay Attack Using
103927657 A[P], 2014.
Mobile Phones." Radio Frequency Identification: Security and Privacy
[52] Lee, J. K., S. R. Ryu, and K. Y. Yoo. "Fingerprint-based remote Issues. Springer Berlin Heidelberg, 2010.
user authentication scheme using smart cards." Electronics Letters [76] Subpratatsavee, Puchong , and P. Kuacharoen . "Transaction Authentica-
38.12(2002):554. tion Using HMAC-Based One-Time Password and QR Code." Computer
[53] H.S. Kim, S.W. Lee, and K.Y. Yoo, “ID-based password authentication Science and its Applications. Springer Berlin Heidelberg, 2015.
scheme using smart cards and fingerprints.” ACM SIGOPS Oper. Syst. Rev., [77] Mulliner, Collin , et al. "SMS-Based One-Time Passwords: Attacks and
vol. 37, no. 4, pp. 32–41, Oct. 2003. Defense." International Conference on Detection of Intrusions & Malware
[54] Chun Tang. Li and M.S. Hwang, “An efficient biometrics-based remote Springer-Verlag, 2013.
user authentication scheme using smart cards.” J. Netw. Comput. Appl., vol. [78] Chow, Yang Wai , et al. "Authentication and Transaction Verification
33, no. 1, pp. 1–5, Jan. 2010. Using QR Codes with a Mobile Device." International Conference on
[55] Li, Xiong , et al. "Cryptanalysis and improvement of a biometrics-based Security, Privacy and Anonymity in Computation, Communication and
remote user authentication scheme using smart cards." Journal of Network Storage Springer International Publishing, 2016.
and Computer Applications 34.1(2011):73-79. [79] Barmawi, Ari Moesriami . "A Visual One-Time Password Authentication
[56] Schnorr, C. . "Efficient Identification and Signatures for SmartCards." Scheme using Mobile Devices." International Conference on Information &
Workshop on the Theory & Application of of Cryptographic(1989). Communication Security 2014.
[57] Tsai, Jia Lun , and N. W. Lo . "A Privacy-Aware Authentication Scheme [80] Huandian Technology, "The world consumes hundreds of millions
for Distributed Mobile Cloud Computing Services." IEEE Systems Journal of QR codes every day." Available at "http://baijiahao.baidu.com/s?id=
9.3(2015):805-815. 1643551736838897329&wfr=spider&for=pc".
[58] Tseng, Yuh Min , et al. "List-free ID-based Mutual Authentication and Key [81] Xiaolong Bai and Zhe Zhou and XiaoFeng Wang and Zhou Li and
Agreement Protocol for Multi-server Architectures." IEEE Transactions on Xianghang Mi and Nan Zhang and Tongxin Li and Shi-Min Hu and Kehuan
Emerging Topics in Computing 4.1(2016):102-112. Zhang. "Picking Up My Tab: Understanding and Mitigating Synchronized
[59] Odelu, Vanga, Ashok Kumar Das, and Adrijit Goswami. “A Se- Token Lifting and Spending in Mobile Payment." 26th USENIX
cure Biometrics-Based Multi-Server Authentication Protocol Using Smart Security Symposium (USENIX Security 17), 2017, 978-1-931971-
Cards.” IEEE Transactions on Information Forensics and Security 10, no. 9 40-9, Vancouver, BC, 593–608, Available at "https://www.usenix.org/
(September 2015): 1953–66. https://doi.org/10.1109/TIFS.2015.2439964. conference/usenixsecurity17/technical-sessions/presentation/bai",USENIX
[60] Yoon, Eun Jun , and K. Y. Yoo. "Robust biometrics-based multi-server Association.
authentication with key agreement scheme for smart cards on elliptic curve [82] Spolaor, Riccardo , et al. "No Free Charge Theorem: a Covert Channel
cryptosystem." Journal of Supercomputing 63.1(2013):235-255. via USB Charging Cable on Mobile Devices." International Conference on
[61] H. Shen, C. Gao, D. He, and L. Wu, "New biometrics-based authentica- Applied Cryptography & Network Security Springer, Cham, 2017.
tion scheme for multi-server environment in critical systems." Journal of [83] Dodis, Yevgeniy , L. Reyzin , and A. Smith. "Fuzzy Extractors: How
Ambient Intelligence and Humanized Computing 6.6(2015):825-834,2015. to Generate Strong Keys from Biometrics and Other Noisy Data." In-
[62] Roy, Sandip, Santanu Chatterjee, Ashok Kumar Das, Samiran Chattopad- ternational Conference on the Theory and Applications of Cryptographic
hyay, Neeraj Kumar, and Athanasios V. Vasilakos. “On the Design of Techniques Springer, Berlin, Heidelberg, 2004.
Provably Secure Lightweight Remote User Authentication Scheme for
Mobile Cloud Computing Services.” IEEE Access 5 (2017): 25808–25.
https://doi.org/10.1109/ACCESS.2017.2764913.
[63] Chatterjee, Santanu , et al. "Secure Biometric-Based Authentication
Scheme Using Chebyshev Chaotic Map for Multi-Server Environment."
IEEE transactions on dependable and secure computing, 2018.
[64] "Contactless payment market by solution, service, payment mode, vertical
- global forecast to 2021." https://www.marketsandmarkets.com/Market-
Reports/ contactless- payments- market- 1313.html
[65] Roland. Michael, J. Langer. "Cloning credit cards: a combined pre-
play and downgrade attack on EMV contactless." Proceedings of the 7th
USENIX conference on Offensive Technologies USENIX Association,
2013.
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2963480, IEEE Access
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.