Application for Virtual Credit Cards and Certificate Issuing Stage

4.2 Application for Virtual Credit Cards and Certificate Issuing Stage

In this stage, User will conduct the services in applying for virtual credit cards to Issuer and the TSP that User chooses.

According to the goal in this stage, User will obtain the AID form Issuer and the TID and information of virtual credit cards form TSP. So, this stage can be subdivided into two stages, respectively:

1. User applying for AID

2. User applying for TID and virtual credit cards

4.2.1 Applying for AID Stage

1. User → Issuer: (𝐼𝐷_𝑈, 𝐼𝐷_𝑇𝑆𝑃, AID - request)

User delivers user information 𝐼𝐷_𝑈, TSP information 𝐼𝐷_𝑇𝑆𝑃 and applying request of virtual account (AID) to Issuer.

2. Issuer: (C= 𝑔^𝑥ℎ^𝑝𝑤mod p)

Issuer produces session key immediately after receiving the application delivered by User, and this session key is generated by using Diffie -Hellman key exchange. Issuer chooses a random number x  𝑍_𝑃^∗ and then produce cipher text

C =

𝑔^𝑥ℎ^𝑝𝑤 mod p.

The cipher text in this step ℎ^𝑝𝑤 adopts the password pw which is password of Users’

physical account only known by both Issuer and users.

‧

After receiving cipher text and parameters, User generates a random number y  𝑍_𝑃^∗ and decrypts the cipher text C. User calculates the new session key 𝑘^′= 𝑔^𝑥𝑦 and produces the session key K=H (𝑘^′

) by hash function, and then stores the session key

into the mobile phone.

Later, User calculates Y = 𝑔^𝑦 mod p and encrypts the cipher text 𝐶^′= EK

(𝐼𝐷_𝑈, 𝐼𝐷_𝐵, Timestemp, H(𝐼𝐷_𝑈, 𝐼𝐷_𝐵, Timestemp)) including User name, Issuer name and timestamp by new session key K.

5. User → Issuer: (Y, 𝐶^′) User sends Y and 𝐶^′ to Issuer

6. Issuer: (AID information, Ticket_U,TSP)

Issuer will encrypt the information generated in step4 by Users’ session key verify User’s information. The content of ticket is

‧ 國

立 政 治 大 學

‧

N a tio na

l C h engchi U ni ve rs it y

Ticket_U,TSP

= E_KI,TSP((𝐼𝐷_{𝐼𝑠𝑠𝑢𝑒𝑟}, AID, AID_Extime, AID_Limit, Timestemp2, K_U,TSP, Lifetime)

||Sig_SKI(ID_Issuer, AID, AID_Extime, AID_Limit, Timestemp2, K_U,TSP, Lifetime))

The Ticket_U,TSP is encrypted by key 𝐾_{𝐼,𝑇𝑆𝑃}. 𝐾_{𝐼,𝑇𝑆𝑃} is only known by Issuer and TSP.

7. Issuer → User: (E_K(AID, AID_Extime, AID_Limit, Ticket_U,TSP))

Issuer will encrypt the information to E_K(AID, AID_Extime, AID_Limit, Ticket_U,TSP) by session key K and deliver it to User.

8. User: ( D_K(E_K(AID, AID_Extime, AID_Limit, Ticket_U,TSP) ) )

After the receipt of the information delivered by Issuer, User will decrypt it to obtain relevant information of AID information and information of TSP communication.

Applying AID as shown in Figure 12.

‧ 國

立 政 治 大 學

‧

N a tio na

l C h engchi U ni ve rs it y

Figure 12. Flow of

applying for AID

4.2.2 Applying for TID and Virtual Credit Cards Stage

Before this stage, User must provide the access permission of the SE to TSP, and the SE needs to produce the public-private key pairs of the SE: 𝑃𝐾_𝑆𝐸, 𝑆𝐾_𝑆𝐸. The goal of

‧

this step is to apply for the TID account and the virtual credit card to TSP by User’s AID and others information.

User will send the information to TSP and request to apply for the virtual transaction account (TID) and the virtual credit card. First, User is needed to establish new and obtains the session key K_U,TSP with User. Then, TSP checks whether this AID is the same with the one in the certificate. After that, TSP generates a random number 𝑌_𝑇𝑆𝑃 and calculates a new session key 𝐾_𝑈^′_{,𝑇𝑆𝑃}^′ = H(𝑔^{𝑋𝑈𝑌TSP} mod p) then TSP connects to User’s SE for setting up.

4. Connect and access to SE by TSP, as shown in Figure 13.

‧ 國

立 政 治 大 學

‧

N a tio na

l C h engchi U ni ve rs it y

Figure 13. Flow of TSP access user’s SE 4.1 TSP → SE: (PK_TSP, Cert_TSP)

TSP delivers the TSP public key PK_TSP and the certificate Cert_TSP to SE.

4.2 After receipt of the certificate and confirmation of the TSP identity, the SE will produce a random number N, then encrypt N and 𝑃𝐾_𝑆𝐸 by 𝑃𝐾_𝑇𝑆𝑃 to E_PKTSP(𝑃𝐾_𝑆𝐸, 𝑁) and generate session key by hashing N, 𝐾_{𝑆𝐸,𝑇𝑆𝑃} = H(N).

4.3 SE → TSP: (𝐸_{𝑃𝐾𝑇𝑆𝑃}(𝑃𝐾_𝑆𝐸, 𝑁))

SE delivers the encrypted message E_{𝑃𝐾𝑇𝑆𝑃}(𝑃𝐾_𝑆𝐸, 𝑁) to TSP.

4.4 TSP: (D_SKTSP(𝐸_{𝑃𝐾𝑇𝑆𝑃}(𝑃𝐾_𝑆𝐸, 𝑁), 𝐾_{𝑆𝐸,𝑇𝑆𝑃} = H(N), E_{𝐾𝑆𝐸,𝑇𝑆𝑃}(𝑁 + 1)))

After TSP’s receipt of the information of SE, it decrypts ciphertext and obtains a

‧ 國

立 政 治 大 學

‧

N a tio na

l C h engchi U ni ve rs it y

random number N, then generate session key 𝐾_{𝑆𝐸,𝑇𝑆𝑃} by N. After that, TSP encrypts

N+1 by

𝐾_{𝑆𝐸,𝑇𝑆𝑃} then sends to SE.

4.5 TSP → SE:( E_{𝐾𝑆𝐸,𝑇𝑆𝑃}(𝑁 + 1))

The TSP delivers E_{𝐾𝑆𝐸,𝑇𝑆𝑃}(𝑁 + 1) to the SE.

4.6 TSP → SE: (N+1)

SE verifies the correctness of N+1, so as to confirm the whether the delivery process has been modified.

4.7 SE → TSP: (E_{𝐾𝑆𝐸,𝑇𝑆𝑃}(𝑟𝑒𝑠𝑢𝑙𝑡))

SE encrypts the result (success or fail)by 𝐾_{𝑆𝐸,𝑇𝑆𝑃} to E_{𝐾𝑆𝐸,𝑇𝑆𝑃}(𝑟𝑒𝑠𝑢𝑙𝑡) and sends to TSP.

5. TSP (Block 1, 𝐶𝑒𝑟𝑡_𝑢^′_{𝑐𝑎𝑟𝑑})

After receiving SE’s public key, TSP produces the TID and issues the virtual credit card, certificate and block 1. This block contains Users’ TID account, TID limit and expiration date, which are signed by the TSP, as shown in Figure 14.

‧

The certificate of virtual credit cards including:

𝐶𝑒𝑟𝑡_𝑢^′_{𝑐𝑎𝑟𝑑} = 𝑆𝑖𝑔_{𝑆𝐾 𝑇𝑆𝑃}{TSP, 𝐼, 𝑇𝐼𝐷, 𝑃𝐾_𝑆𝐸, 𝑁, 𝐹, 𝐸}, I is Users’ Issuer identify and public key of Users’ SE, N is quota limit of the virtual credit card, F is the number allowed to the off-line transaction, and E is the expiration date of the card. TSP records TID and User’s AID into the TSP database.

6. TSP → User: (E_K

U′,TSP′(Cert_u^′_card, TID, block 1), 𝑔^{𝑌𝑇𝑆𝑃})

TSP encrypts the certificate of virtual credit card and block1 by session key K_U^′_,TSP^′ to E_K cipher text to obtain the certificate of the virtual credit card and the and block, then stores it into the mobile phone.

8. User → SE: (block 1)

User delivers the block 1 to SE for verification.

9. SE: (𝑟₁, ℎ₁ = (𝑟₁, block1))

SE choose a random number 𝑟₁ after receipt of the block 1 and calculates a hash value by hash function of the block 1, ℎ₁ = H(𝑟₁, block1), then stores hash result ℎ₁ in the SE.

10. SE → User: (Record Success) SE responds Record Success to User

‧ 國

立 政 治 大 學

‧

N a tio na

l C h engchi U ni ve rs it y

After the completion of this step, User will obtain the consumable TID virtual credit card. The AID consumable value will be larger than TID credit card, so in the process of consumption, there will be no circumstance like that User can overdraw consumption because the total amount of the TID credit card is never greater than AID amount.

Apply for TID and virtual credit cards show as figure 15.

‧ 國

立 政 治 大 學

‧

N a tio na

l C h engchi U ni ve rs it y

Figure 15. Flow of applying for TID and virtual credit cards

‧

consumption. In the process of transaction, the protocol can ensure that the identities of the merchant and User can be confirmed in case that any one of them will deny this transaction in the future. User can ensure the integrity of the transaction and ensure that the merchant don’t modify the transaction amount, and also ensure that the merchant cannot collect the transaction information of User.

In this stage, there will be the different cases about the first consumption or the nth consumption of User, so in this section we will describe two conditions respectively.

4.3.1 Consumption for the First time

At this moment, User has got the TID and TBC that he has just applied for to TSP, and the TBC length is 1. sequence of User, public key of the merchant, name of the merchant, transaction time, cost and available balance .Then the merchant will sign block 2 and put it in TBC.

As shown in Figure 16

在文檔中 可預防雙重支付的離線小額匿名交易機制 - 政大學術集成 (頁 50-60)