摘要
微信支付作为新生态移动支付,发展时间短但成长迅速,其中潜在的安全问题不可忽视。由微信支付的流程入手,并从信息安全、法律、业务方面对微信支付的安全性进行了分析,然后在此基础上构建出微信支付模型,包括微信支付协议模型和身份验证模型,最后得出结论。参考了当前已知的几种移动支付模型和协议,构建的符合微信支付流程的微信支付协议模型和微信支付的银行卡绑定协议则采用了零知识证明和博弈论分析,以及使用了椭圆曲线加密算法、MD5算法和RSA公钥加密算法。不足的是由于微信支付协议并没有公开,我们对其安全性分析与协议建模都是基于现行的微信支付流程和现有的支村模型。
As a new ecological mobile payment,WeChat Payment has developed for short time in a fast pace, with a series of unavoidable security problems. Based on the WeChat Payment process, the security of WeChat Payment was analyzed from the aspects of information security, law and operation. A new WeChat Payment model was proposed ac- cording to the analysis, including a protocol model of We(hat Payment and an identity authentication model, and final- ly the conclusion was drawn. All the work above is according to models and protocols of several mobile payments known. The proposed protocol model of We(hat Payment according with WeChat Payment process and a credit card binding protocol of We(hat Payment apply zero-knowledge proof and game theory,along with elliptic curve cryptog- raphy(ECC), message digest 5 algorithm(MDS) and RSA cryptography algorithm. A drawback of all the work is that the analysis is based on payment models known and current WeChat Payment process, as the We(hat Payment proto- col is not available to the public.
出处
《计算机科学》
CSCD
北大核心
2015年第B10期159-167,共9页
Computer Science
基金
本文受国家大学生创新项目(BEIJ2014110005)资助.
关键词
微信支付
支付协议
零知识证明
博弈论
MD5
WeChat Payment, Payment protocol, Zero-knowledge proof, Game theory, MD5 (Message Digest 5 Algo-rithm)
