北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2008, Vol. 31 ›› Issue (4): 90-93.doi: 10.13190/jbupt.200804.90.012

• 研究报告 • 上一篇    下一篇

基于直接匿名认证的Card-not-Present支付系统

刘明辉1,辛 阳1,杨义先1,李忠献1,2   

  1. 1. 北京邮电大学 网络与交换技术国家重点实验室,北京100876; 2. 天津市国瑞数码安全系统有限公司 北京研发中心,北京100088
  • 收稿日期:2007-12-25 修回日期:1900-01-01 出版日期:2008-08-30 发布日期:2008-08-30
  • 通讯作者: 刘明辉

A Card-not-Present Payment System Using Direct Anonymous Attestation Mechanism

LIU Ming-hui1, XIN Yang1, YAN Yi-xian1, LI Zhong-xian1,2   

  1. 1. State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China; 2. Beijing Research and Development Center, Tianjing National Cybernet Security Limited, Beijing 100876, China)
  • Received:2007-12-25 Revised:1900-01-01 Online:2008-08-30 Published:2008-08-30
  • Contact: LIU Ming-hui

摘要:

以使用Europay, MasterCard and Visa(EMV)卡的card-not-present(CNP)支付系统为研究对象,分析现有网上支付协议的优缺点;引入装载可信计算平台模块(TPM)的计算机模拟EMV卡和读写设备,设计了一个基于TPM直接匿名认证技术的网上支付系统,解决了CNP支付面临的需要外接读写设备、缺乏可信通信信道等问题。

关键词: Card-not-Present支付, 支付安全, 可信计算模块, 直接匿名认证

Abstract:

Abstract: The investigation object is Internet-based card-not-present(CNP) payment system using Europay, MasterCard and Visa(EMV)cards. The advantages and disadvantages of several existed payment protocols based on Internet are analyzed. Computers with trusted platform modules are introduced to emulate EMV smart cards and the interface devices for use in Internet-based CNP transactions, then, a payment system project using direct anonymous Attestation technology is put forward. This project resolves obstacles that CNP transaction is up against.

Key words: card-not-present payment, payment security, trusted platform modules, direct anonymous attestation

中图分类号: