Table of Content

    15 October 2019, Volume 5 Issue 10
    Payment Risk Recognition Model Based on Stable Risk Feature Selection
    2019, 5(10):  858-864. 
    Asbtract ( )   PDF (1536KB) ( )  
    References | Related Articles | Metrics
    With the rapid development of mobile payment industry, the security of mobile payment has become an issue of great concern to the society. The arrival of the era of big data makes the establishment of risk identification model of mobile payment by means of big data become a feasible method to guarantee the security of mobile payment. There are two major problems in the process of using the thirdparty platform of mobile payment for data modeling: First, the timeliness and stability of the model should be guaranteed. Let the machine learning model learn the latest mobile payment risks and avoid repeated training as long as possible. Secondly, the risk control system of the thirdparty payment platform will intervene in many dangerous transactions based on the risk judgment of transactions and generate unlabeled data. How to use these unlabeled data is also a problem to be solved. The experimental results showed that the smooth feature is selected from these data can improve the stability of the model by comparing the statistical features of the training set and the test set data, and labeling the unlabeled data as negative samples can also improve the model effect.Key wordsmobile payment; big data decision; risk control; machine learning; feature selection
    A Survey of Research on Smartphone Fingerprinting Identification Techniques
    2019, 5(10):  865-878. 
    Asbtract ( )   PDF (1842KB) ( )  
    References | Related Articles | Metrics
    Nowadays, device fingerprinting identification technique is important in the trusted identity authentication area. The paper surveys smartphone fingerprinting identification techniques in literature, and describes the smartphone fingerprints based on hardware and software. In addition, this paper compares different fingerprinting features and common identification algorithms. Finally, it summarizes the privacy issues and potential future trends for smartphone fingerprinting techniques.
    An Efficient Certicateless Hybrid Signcryption Scheme for Electronic Authentication
    2019, 5(10):  879-886. 
    Asbtract ( )   PDF (868KB) ( )  
    References | Related Articles | Metrics
    Certificateless hybrid signcryption can solve the problem of the management of CA in public key encryption system and key trustee in the IBE encryption system. It also can handle messages of arbitrary length, which is applicable to electronic authentication. Analysis of the scheme proposed by Sun shows that the scheme cant resist dishonest recipients forgery attack and cant achieve public verification. This paper proposed an improved signcryption scheme to overcome these security problems, which satisfies undeniable, verifiability and forward security, and keeps its high efficiency. The improved scheme was proven to be secure under BDH assumption and CDH assumption in the random oracle model.
    Research on Group Encryption Technology Based on IBE
    2019, 5(10):  887-891. 
    Asbtract ( )   PDF (917KB) ( )  
    References | Related Articles | Metrics
    In view of the fact that simple key sharing schemes are not suitable for dynamic updating of group members and the problem that current standard applications can not effectively support group encryption, A group cryptosystem based on IBE is designed in this paper, which mainly includes group and identity management system, the IBE CSP which supports group encryption and the cryptographic server three modules. Users can register secure personal and group identifiers and unusable identifiers corresponding to the leaked private key in the identity and group management system, and meanwhile users can create, join, exit, manage and dissolve groups. The IBE CSP that supports group encryption and the cryptographic server both support group encryption and decryption and group shared key automatic update function. The two decryption methods are compatible with each other and users can choose by themselves. As most standard applications do not support IBE, and IBE does not have similar certificate revocation functions to deal with key leakage. The pseudo RSA digital certificate is designed to apply the group cryptography to the standard application, and the group identification is added with the time strategy and the indexing strategy to form an extended group identifier to update, recover or destroy the key, besides, it can be used when group members are dynamically updated.
    A Convenient Web Single Signon System
    2019, 5(10):  892-897. 
    Asbtract ( )   PDF (1815KB) ( )  
    References | Related Articles | Metrics
    Single signon has gained a wide range of applications due to its convenience to users. However, the traditional single signon technology still has some problems, such as the inability to cope with the Web applications left over from the development of the enterprise and the Web applications jointly developed by the enterprise. Some technologies can solve these problems, but they are more cumbersome to implement or may be accessed. The performance of Web applications has a significant impact. To this end, this paper proposes and implements a portable single signon system, which submits the login request of the Web application to the single signon server in the form of page code guidance, and then the server uses the password substitution technology to complete the single point log in. The single signon technology is simple to implement, and only a Web application can change a small amount of page code.
    Cloud-Collaboration Key Protection Mechanism
    2019, 5(10):  898-903. 
    Asbtract ( )   PDF (1233KB) ( )  
    References | Related Articles | Metrics
    tA basic principle of modern cryptography is that “all secrets are in the secret key”. The cryptographic algorithm is publicly available, but the key must be kept confidential absolutely, to ensure the security of the cryptography and the information system. In this paper, through a review of the history about the digital signature key protection mechanism, we analyze the security features of these mechanisms, introduce the cloud collaborative key protection mechanism which emerge in recent years, and the research progress and the industrial practices about this mechanism, and also analyze the technical features, security, use scenarios and future trends of it,analyze the value of the cloud collaborative key protection mechanism and the influence to cryptographyic industry.
    Designing and Implementation of Trusted Identity Verification Service
    2019, 5(10):  904-907. 
    Asbtract ( )   PDF (1481KB) ( )  
    References | Related Articles | Metrics
    With the development of the Internet+, the government is committed to promote the construction of trusted network system to ensure the public identity information privacy. This paper first introduces the background of identity information data privacy security and challenges under the Internet environment, then the solutions of trusted identity verification is introduced, and uses PKI technology and digital certificate to explain how to ensure the data privacy and security from the multidimensions. Finally, this paper introduces the application scenario.
    The Inquest Due to Electronic Signature in Several Legal Cases
    2019, 5(10):  908-912. 
    Asbtract ( )   PDF (1424KB) ( )  
    References | Related Articles | Metrics
    With the popularity of online payment, telecommunication fraud cant be prevented. Legal disputes between Banks and depositors are also increasing in the legal practice involving electronic banking transaction records. Among them, the core of the judgment is whether the transaction instruction is a true and effective instruction initiated by the depositors. In order to prove the reliability of the electronic signature involved in the case, this paper designs a suitable inquest scheme based on the “Electronic Signature Law”, according to several cases that the author has contacted. Centering on whether digital signature is reliable electronic signature, it conducts inspection on online banking transaction records, online banking transaction process and online banking transaction equipment. It provides support for banks to respond to lawsuits, and has obtained good results in practical applications.
    The Importance of the Construction of Network Identity Security Technology Research Center
    2019, 5(10):  913-917. 
    Asbtract ( )   PDF (714KB) ( )  
    References | Related Articles | Metrics
    In the future, with the rise of new technology forms such as cloud computing, big data and artificial intelligence, the development of network industry, network security is becoming more and more important. To realize network security, we should keep the core technology in our own hands as far as possible, so as to realize the domestic substitution of foreign hardware and software, in order to avoid being in a passive position. Network identity authentication, as the first level of information security protection, has assumed a vital role, while the network identity authentication chip is the core of this level. Modern information security is becoming more and more dependent on cryptochips. Commercial password chips have become more and more common in peoples work and life. Such as in the computer, mobile phones, are also built-in password protection chip. Thus, the security of the password chip determines the security of information to a large extent. The security of the chip depends on the password algorithm and the security of the password algorithm and its implementation on the chip.
    Security Analysis of IoT Device Identity Authentication
    2019, 5(10):  918-923. 
    Asbtract ( )   PDF (2306KB) ( )  
    References | Related Articles | Metrics
    The development of the Internet of things (IoT) has led to the emergence of a large number of smart home devices on the market, which greatly improved the quality of our lives. As the key entry device in smart home and the first line of defense for home security, smart door locks have become the focus of security researchers. Smart door locks are essentially fixed devices that require authentication credentials to be opened, and integrate multiple digital authentication technologies. They are also an excellent object to study the security of identity authentication for IoT devices. In this paper, smart door lock is taken as an example to analyze the security of identity authentication through attack experiments. According to the analysis results, several security risks faced by identity authentication are summarized, and security recommendations are given for these security risks.
    Research on Application of IoT Based on Domestic Cryptographic Algorithms
    2019, 5(10):  924-928. 
    Asbtract ( )   PDF (753KB) ( )  
    References | Related Articles | Metrics
    With the maturity and development of the Internet of things, the application scenarios of the Internet of things have become larger and larger, and the environment is more complex. This complex application environment has led to a large number of security problems, which have even evolved into a threat to personal safety. For example, in the vehicle networking environment, the attack on vehicle IT systems may lead to complete control of vehicles, thus causing a threat to passengers lives. In the medical environment, more and more medical devices, including implantable medical devices, fully have the function of network access. The data generated by the patients body belongs to the category of personal privacy, so there is a huge risk of information leakage. In the field of smart home, more and more smart appliances have become part of the Internet of things, including traditional refrigerators, televisions, washing machines, air conditioners, smoke sensing systems related to security, fire sprinkler systems, fingerprint locks, electronic cats eyes and so on. There are a lot of security management and privacy data security problems. As the underlying security infrastructure of the domestic cryptographic algorithm, how to reasonably apply in various scenarios has become an important task.
    Research on Identity Federation Interoperability of Identity Management Systems
    2019, 5(10):  929-934. 
    Asbtract ( )   PDF (775KB) ( )  
    References | Related Articles | Metrics
    With the advent of the era of electronic authentication 2.0, the boundaries of identity management have evolved and been gradually broken, and the interconnection between identity management services through the identity federation frame has become the main mode of current network applications. A range of identity federation schemes and standards such as SAML, OpenID, OAuth, FIDO have emerged. Most of the highest visited websites and the most used mobile APPs in China provide identity federation services or support for to login through accounts of other applications. However, the current identity federationrelated implementations are bound to a specific single identity federation scheme, and there is no mutual reference between different identity federation schemes. In order to solve this problem, first of all, the existing identity federation scheme and standards are analyzed, and the different functions that identity management system can achieve when performing identity federation operation are proposed as the identity federation interoperability capability of identity management system; Then, for these capabilities, the function and security requirements that identity management system should have possessed and realizedand , and finally, taking the OpenID as an example, the application method of the proposed requirement in the actual identity federation process is given, which verified the availability of relevant requirements.
    Research on Reconstruction and Recognition of Human 3D Shapes from Images and Videos
    2019, 5(10):  935-943. 
    Asbtract ( )   PDF (1711KB) ( )  
    References | Related Articles | Metrics
    Biometric-based Authentication has a bright future. However, there are still many technical problems to be solved in its application: for example, face recognition technology has not achieved the desired accuracy, and recognition based on a single biometric is susceptible to various factors such as occlusion and pose. We proposed a technical idea of reconstructing 3D shapes from 2D imagesvideos and recognition. Using a large number of implanted 3D shape knowledge constraints, combined with classification decision algorithm to analyze and evaluate 2D imagesvideos to finish object detection and alignment, 3D shape reconstruction and recognition. In addition, we also discussed how to solve the “face-swap attack” in remote face recognition.
    Summary of Mobile Payment Security Technology
    2019, 5(10):  944-952. 
    Asbtract ( )   PDF (2064KB) ( )  
    References | Related Articles | Metrics
    The popularization of mobile payment has brought convenience yet risks to users information and wealth. In recent years, more and more security technologies in this field have been proposed and applied with the deepening of research. In this article, we introduce PDRR model namely a theory of protection, detection, response and recovery, involving patching of hardware and software, active sniffing of latent threat and proper management toward sudden attack and disasters, which supports the security of mobile payment and gives instruction across the board. Besides, we also review major achievements and research directions in this field including security chip, application security, identity authentication with hardware and biological features, magnet secure transmission as a state of art technology and wireless public key infrastructure, etc. Finally,we also talk about big data and block chain which may add to security in the future. As for the technology of big data, it can be applied for net flow analysis which can be used to defend against advanced persistent threat, while block chain is considered to be a brand framework of mobile payment in the future.