计算机工程与应用 ›› 2011, Vol. 47 ›› Issue (20): 109-112.

• 网络、通信、安全 • 上一篇    下一篇

多商家微支付方案的安全分析与改进

练 斌1,2,陈恭亮1   

  1. 1.上海交通大学 信息安全工程学院,上海 200240
    2.浙江大学 宁波理工学院 信息科学与工程分院,浙江 宁波 315100
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2011-07-11 发布日期:2011-07-11

Security analysis and improvement of micro-payment scheme for multiple merchants

LIAN Bin1,2,CHEN Gongliang1   

  1. 1.School of Information Security Engineering,Shanghai Jiaotong University,Shanghai 200240,China
    2.School of Information Science and Engineering,Ningbo Institute of Technology,Zhejiang University,Ningbo,Zhejiang 315100,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2011-07-11 Published:2011-07-11

摘要: 高效通常是基于PayWord改进的微支付方案的必备属性,而单Hash链对多商家支付是常见的实现方式。通过分析,揭示了相关方案的安全隐患,并提出一个称为ACO的全新的方案。针对所分析的方案提出的Hash碰撞问题,ACO能够以可证明的方式予以消除。剖析了ACO支付协议的设计意图,并通过详细对比实现代价和系统效率,显示了ACO的实用性。

关键词: 微支付, Hash碰撞, 效率, 多商家

Abstract: High efficiency is always an essential attribute of an improved micro-payment scheme based on PayWord,and single Hash chain paying for multiple merchants is one of common methods.After analyzing security of the correlative schemes,hidden dangers are revealed.Then a new scheme,named ACO,is presented,which can be proved to solve the problem of Hash-collision mentioned in the analyzed schemes.The design intentions of ACO protocol are explained,and by comparing cost and efficiency in detail,the practicability of ACO is demonstrated.

Key words: micro-payment, Hash-collision, efficiency, multiple merchants