| 摘要: |
| 二维码付款在小额免密支付中被广泛应用,但是它所面临的“隔空盗刷”问题却是一个重要的安全隐患。“隔空盗刷”是指不法分子趁消费者不备,通过盗摄非法获取消费者的付款码,进而对付款码进行扫描,盗取财产。针对这一问题,本文提出了一种面向移动支付防盗刷的动态二维码水印算法。首先,付款端根据从服务器获取的原始支付令牌生成原始水印序列和新的支付令牌,对原始水印序列使用(t,n)门限秘密共享技术生成多份水印序列。然后,对每份水印序列进行校验和卷积编码,生成多份待嵌入的水印序列并将其以半鲁棒的方式嵌入到由新的支付令牌生成的二维码图像中。最后,多张带有水印的付款码图像以预设帧率连续循环播放在亮码设备上。扫描端需捕获若干张带有水印的付款码图像后,才可提取出原始水印序列从而恢复原始支付令牌,完成付款验证。本文对现场支付场景、现场盗刷场景和协同盗刷场景等三种场景下的支付效率和防盗刷效率等指标进行了实验测试。在正常支付场景下,支付的成功率为100%,支付用时为1000±250ms。在现场盗刷场景和协同盗刷场景下,本文各进行100次盗刷实验,记一分钟内成功提取原始水印序列为盗刷成功,结果显示攻击者均无法在指定时间内成功提取原始水印通过验证实现盗刷。本文所提出的动态二维码水印防盗刷方案可有效抵御盗刷犯罪,是一种有效且无需用户额外操作的安全解决方案,将有助于更好地保护消费者小额移动支付安全。 |
| 关键词: 移动支付 动态二维码 半鲁棒数字水印 秘密共享 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2025.05.10 |
| 投稿时间:2023-11-09修订日期:2023-12-14 |
| 基金项目:本课题得到浙江省自然科学基金(No. LY23F020011), 国家自然科学基金(No. 62171244, No. 61901237), 宁波市自然科学基金-青年博士创新研究项目(No. 2022J080)以及阿里巴巴创新研究计划资助。 |
|
| Dynamic QR Code Watermarking Algorithm for Anti-Theft Mobile Payment |
| LI Hongbang,CHEN Jiale,DONG Li,WANG Rangding,SUN Weiwei,ZHANG Yushu |
| Faculty of Electrical Engineering and Computer Science, Ningbo University, Ningbo 315211, China;The Key Lab of Mobile Network Application Technology of Zhejiang Province, Ningbo 315211, China;Alibaba Group Orange Shield Information Technology Co, Hangzhou 311121, China;College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 210016, China |
| Abstract: |
| QR code payment is widely used in the small amount of confidential payment, but it faces the problem of “remote theft”, which is an important security risk. The problem of “remote theft” refers to the illegal elements taking advantage of the consumer’s unpreparedness, illegally obtaining the consumer’s payment code through take photographs without permission, and then scanning the payment code and stealing the property. To address this problem, this paper proposes a dynamic QR code watermarking algorithm for mobile payment anti-theft. First, the payment side generates the original watermark and a new payment token based on the original payment token obtained from the server, and generates multiple copies of the watermark sequence using (t,n) threshold secret sharing technique for the original watermark sequence. Then, checksum and convolutional coding are performed on each watermark sequence to generate multiple copies of the watermark to be embedded and embed them in a semi-robust manner into the QR code image generated from the new payment token. Finally, the plurality of payment code images with watermarks are continuously looped on the bright code device at a preset frame rate. The scanning side needs to capture several payment code images with watermarks before the original watermark information can be extracted to recover the original payment token and complete the payment verification. In this paper, the payment efficiency and anti-theft efficiency and other indexes under three scenarios, including on-site payment scenario, on-site theft scenario and coordinated theft scenario, are tested experimentally. In the normal payment scenario, the success rate of payment is 100%, and the payment time is 1000±250 ms. In the on-site theft scenario and collaborative theft scenario, this paper conducts 100 theft experiments each, and the successful extraction of the original wa termark within one minute is recognized as the success of theft, and the results show that the attackers are unable to successfully extract the original watermark to realize the theft through the authentication in the specified time. The dynamic QR code watermarking anti-theft scheme proposed in this paper can effectively defend against “remote theft” crimes, and is an effective security solution that does not require any additional operation by the user, which will help to better protect the security of consumers’ small amount of mobile payment. |
| Key words: mobile payment dynamic QR codes semi-robust watermarking secret sharing |
