A Hybrid Authentication Service System for 2D Barcode in O2O Application

doi:10.3969/j.issn.1671-1122.2014.08.012

Abstract

Abstract: As an information carrier, the 2D barcodes can bring consumers quick and convenient shopping experiences. However, the 2D barcodes must overcome the security challenges in the mobile internet environment, such as information leak and tampering, user authentication and repudiation. The capacity of 2D barcodes used in O2O application is limited and not suitable for embedding the digital certificates and certificate chains to utilize user authentication in traditional PKI system. In this paper, a technical solution is proposed to authenticate the electronic tag data in 2D barcodes, which is combining PKI and IBC cryptography. The length of public key in IBC, which is generated according to dedicated rules from digital certificates of PKI entity, is shortest to be used in 2D barcodes. The private key is securely delivered to the end user using a handshake authentication protocol. The signature and verification process are also designed to meet the security requirements in O2O appliances. Based on the proposal, the private keys of IBC system can be securely transferred to the users, and a trusting chain for the IBC digital signatures is established from the PKI digital certificates. A trusting network framework may be set up to authenticate the electronic tag data, and meet the security challenges in the capacity limited 2D barcodes, including data privacy, user authentication and trusting chain, etc.

Key words: 2D barcode, O2O, authentication service, PKI, IBC

CLC Number:

TP309

ZHANG Yong-qiang, TANG Chun-ming. A Hybrid Authentication Service System for 2D Barcode in O2O Application[J]. 信息网络安全, 2014, 14(8): 67-70.

References

[1] Theo Pavlidis, Jerome Swartz, Ynjiun P. Wang. Fundamentals of Bar Code Information Theory[J].IEEE Computer, 1990,23(04): 74-86.
[2] 孙飞.二维码在O2O电子商务模式中的应用[J].科技信息,2013,(19)：88-89.
[3] 韩韦.手机二维码应用及安全性分析[J].信息与电脑(理论版),2012,(07) ：19-20.
[4] 樊景博,刘爱军,赵玉霞.基于PKI的电子商务安全的研究与实现[J].商场现代化,2007,(23)：152-153.
[5] RSA Laboratories. PKCS #7: Cryptographic Message Syntax Standard[S]. Version 1.5, 1993.
[6] 龚传,刘鹏,宗锐,等.公钥基础设施PKI信任模型研究[J].计算机安全,2009,(04)：79-83.
[7] 樊钢.一种在电子商务中应用二维条码和数字签名技术的方案[J].电脑知识与技术,2007,(6)：1219.
[8] 梁英宏.刘义春.基于PKI的二维条码电子消费券及其系统设计[J].计算机应用研究,2012,(06)：2161-2164.
[9] 袁开国.基于PKI和数字签名的可信二维码方案[P].中国:201210214286,2012-11-14.
[10] 袁开国.基于PKI和二维码的产品溯源方案[P].中国:201210214265.2,2012-06-19
[11] 娄国哲,卢锡城.二维条码和数字签名技术在办公自动化中的应用[C].2007北京地区高校研究生学术交流会通信与信息技术会议论文集（上册）,2008: 771-775.
[12] 杨军,刘艳,杜彦蕊.关于二维码的研究和应用[J].应用科技,2002,(11) ：11-13.
[13] A. Shamir. Identity-based Cryptosystems and Signature Schemes[C]. CRYPTO 1984, LNCS 196, pp. 47-53.
[14] D. Boneh, M. Franklin. Identity Based Encryption from the Weil Pairing[C].CRYPTO 2001, LNCS 2139, pp. 213-229.
[15] Institute of Electrical and Electronics Engineers, Inc. IEEE P1363.2 draft D20, Standard Specifications for Password-Based Public-Key Cryptographic Techniques[S], March 2005.
[16] H. Krawczyk, M. Bellare, R. Canetti. HMAC: Keyed-Hashing for Message Authentication[R]. Informational, Network Working Group, Request for Comments: 2104, Feb., 1997.
[17] M. Myers, R. Ankney, A. Malpani, et al. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol-OCSP[R]. Standards Track, Network Working Group, Request for Comments: 2560, June 1999.