As an information carrier, the 2D barcodes can bring consumers quick and convenient shopping experiences. However, the 2D barcodes must overcome the security challenges in the mobile internet environment, such as information leak and tampering, user authentication and repudiation. The capacity of 2D barcodes used in O2O application is limited and not suitable for embedding the digital certiifcates and certiifcate chains to utilize user authentication in traditional PKI system. In this paper, a technical solution is proposed to authenticate the electronic tag data in 2D barcodes, which is combining PKI and IBC cryptography. The length of public key in IBC, which is generated according to dedicated rules from digital certiifcates of PKI entity, is shortest to be used in 2D barcodes. The private key is securely delivered to the end user using a handshake authentication protocol. The signature and veriifcation process are also designed to meet the security requirements in O2O appliances. Based on the proposal, the private keys of IBC system can be securely transferred to the users, and a trusting chain for the IBC digital signatures is established from the PKI digital certiifcates. A trusting network framework may be set up to authenticate the electronic tag data, and meet the security challenges in the capacity limited 2D barcodes, including data privacy, user authentication and trusting chain, etc.%二维码作为一种信息载体,可以实现电子商务应用的线上与线下(O2O)并行互动,为消费者带来更便捷和快速的消费体验。但是,二维码不能有效应对移动互联网环境下的信息泄露、信息篡改、身份认证、抵赖性等安全挑战。文章针对二维码信息容量有限,无法在其中嵌入传统PKI体系的数字证书及证书链的问题,提出了一种结合PKI与IBC密码体制的技术方案,按照预先定义的规则为已持有数字证书的用户生成IBC密钥对,充分利用IBC密码体制中公钥信息量较少的优势。文章设计了密钥对申请及发放的协议流程,以及使用IBC密钥对来完成数字签名及验证的过程,同时借助数字证书的状态来判断用户是否有效,满足在O2O应用过程中的安全需求。该技术方案实现了在已建立PKI体系的场合下完成IBC密钥对的分发,有效解决了二维码在O2O应用中电子标签数据的认证问题,并且建立了基于数字证书的IBC数字签名信任链,满足数据传输的机密性、用户身份识别、信任关系的建立等安全目标,尤其适用于信息容量受到限制的二维码类型。
展开▼
