Design And Development Of A Payment Authentication System Of E-bank Based On Short Signature

With the increasing popularity of the Internet and the rapid development of e-commerce, e-banking has been a key component of e-commerce development. Security is getting increasingly prominent that needs urgent settlement especially in the authentication of e-bank payment.This paper firstly introduces non-certification short signature scheme based on bilinear pairing. This scheme can solve the complexity and high cost resulting from the generation, management, transportation and verification of certification, which is in the traditional Public Key Cryptography system based on certification. In this scheme, KGC(Key Generation Center) is responsible for storing system parameters and generating partial private key for user, and the private key consists of the partial private key and user-determined secret value (after it is determined by the user himself)-Meanwhile, user’s secret value and the user ID can generate together the user’s public key. According to this method of key generation, the user’s whole private key cannot be obtained by others, which ensures its confidentiality.According to the proposed short signature algorithm, this paper also presents a payment authentication architecture of e-bank based on short signature. The architecture consists of four modules:web server, e-bank service gateway, web gateway and mobile client. The main process is described as follows:in stepl, web server transports transaction data submitted by the user to the e-bank service gateway; in step2, the e-bank service gateway calculates the hash value of the transaction data; in step3, the web gateway module packages the transaction data and its hash value in the form of XML(Extensible Markup Language), and transmits the XML data to the mobile client through CTP(Client TCP/IP Push); in step4, after the user has confirmed the transaction data, the short signature is generated by the private key in the SD card of the user’s mobile phone; in step5, the user manually enters the short signature result into web browser, which will submit the short signature to the e-bank service gateway; in step6, the transaction will be completed after the short signature is correctly verified by the security authentication server, and the result is displayed in web page for user. In this scheme, we use the SD-KEY storage technology and mobile terminal to generate a short signature, so we can sign user’s transaction data through mobile client securing the confidentiality of user’s private key. Thereby, users can fully confirm every ongoing transaction data and ensure the non-repudiation, which results in improved security of e-bank.In the final section, this paper proposes a short signature entry using DTMF(Dual-Tone-Multi-Frequency), which improves the proposed short signature scheme on web browser. The new scheme simplifies the submit process of short signature and deepens user experience.