摘要
针对典型电子支付协议存在的安全目标单一,不能满足日益提高的安全需求等问题,提出了一种能够满足认证性、密钥新鲜性、密钥秘密性、非否认性、公平性、可追究性和原子性等多种安全属性的复合型安全支付协议,该协议的认证子协议基于令牌概念设计,能够实现高效认证及会话密钥协商。通过引入公钥证书证明协议主体的身份、借助可信方传递付款收据以及采用FTP方式传送电子货币和付款收据等方式提出了支付子协议。使用逻辑分析方法对该协议进行严格逻辑推理验证,结果表明该协议能够满足多种安全属性。
In view of the existing problems of the payment protocols,e.g.security goal is single,increasing security requires are not been satisfied.This paper proposed a compound payment protocol,which satisfies a variety of security properties,such as authenticity,freshness of key,secrecy of key,non-repudiation,accountability,fairness and atomicity.The authentication sub-protocol of the new protocol can authenticate identities of the important entities in the foremost time,and the session keys used for transaction are negotiated efficiently.The payment sub-protocol is designed by using the following improvements.The first improvement is introducing certificates to prove the identities of the protocol entities.The second is transmitting the payment receipts by the trusted party.The third is using FTP to transport electronic cashes and payment receipts.The new protocol is proven to satisfy a variety of security properties by the logical analysis.
出处
《计算机应用研究》
CSCD
北大核心
2012年第7期2672-2677,共6页
Application Research of Computers
基金
国家"863"计划基金资助项目(2007AA01Z471)
国家自然科学基金资助项目(60473021)
河南省重点科技攻关项目(112102210015
072102210029)
河南省基础与前沿技术研究计划项目(122300410175)
