Tsinghua Science and Technology


mutual authentication, security, privacy, Universal 2nd Factor (U2F), mobile payment


With the increasing popularity of fintech, i.e., financial technology, the e-commerce market has grown rapidly in the past decade, such that mobile devices enjoy unprecedented popularity and are playing an ever-increasing role in e-commerce. This is especially true of mobile payments, which are attracting increasing attention. However, the occurrence of many traditional financial mishaps has exposed the challenges inherent in online authentication technology that is based on traditional modes of realizing the healthy and stable development of mobile payment. In addition, this technology ensures user account security and privacy. In this paper, we propose a Secure Mutual Authentication Protocol (SMAP) based on the Universal 2nd Factor (U2F) protocol for mobile payment. To guarantee reliable service, we use an asymmetric cryptosystem for achieving mutual authentication between the server and client, which can resist fake servers and forged terminals. Compared to the modes currently used, the proposed protocol strengthens the security of user account information as well as individual privacy throughout the mobile-payment transaction process. Practical application has proven the security and convenience of the proposed protocol.


Tsinghua University Press