Multiple Schemes for Mobile Payment Authentication Using...

Research ArticleMultiple Schemes for Mobile Payment Authentication UsingQR Code and Visual Cryptography

Jianfeng Lu1 Zaorang Yang1 Lina Li1 Wenqiang Yuan1 Li Li1 and Chin-Chen Chang2

1 Institute of Graphics and Image Hangzhou Dianzi University Hangzhou 310018 China2Department of Information Engineering and Computer Science Feng Chia University Taichung Taiwan

Correspondence should be addressed to Li Li lili2008hdueducn and Chin-Chen Chang alan3cgmailcom

Received 9 December 2016 Accepted 2 February 2017 Published 23 March 2017

Academic Editor Ching-Nung Yang

Copyright copy 2017 Jianfeng Lu et al This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

QR code (quick response code) is used due to its beneficial properties especially in the mobile payment field However thereexists an inevitable risk in the transaction process It is not easily perceived that the attacker tampers with or replaces the QR codethat contains merchantrsquos beneficiary account Thus it is of great urgency to conduct authentication of QR code In this study wepropose a novel mechanism based on visual cryptography scheme (VCS) and aesthetic QR code which contains three primaryschemes for different concealment levels The main steps of these schemes are as follows Firstly one original QR code is split intotwo shadows using VC multiple rules secondly the two shadows are embedded into the same background image respectivelyand the embedded results are fused with the same carrier QR code respectively using XOR mechanism of RS and QR code errorcorrection mechanism Finally the two aesthetic QR codes can be stacked precisely and the original QR code is restored accordingto the defined VCS Experiments corresponding to three proposed schemes are conducted and demonstrate the feasibility andsecurity of the mobile payment authentication the significant improvement of the concealment for the shadows in QR code andthe diversity of mobile payment authentication

1 Introduction

With the rapid development of global wireless networks andthe growing popularity of mobile devices such as mobilephones tablet PCs and handheld computers the userrsquos workand daily life become more and more convenient Mobilepayment as a quick payment way is prevalent in some risingmarkets [1] Furthermore QR code a new technology ofinformation storage transferring and recognition can bedecoded by mobile phone anywhere and thus has beenwidely used in some security sensitive applications [2] suchas payments [3ndash5]

Now QR code payment becomes one of the most main-stream in the mobile payment market However there existsome security risks using this means of payment For exam-pleQR code is stuck on thewall of one shopwhich representsthe merchantrsquos beneficiary accountThere exists no anticoun-terfeiting function in QR code Thus one cheater can tamperwith the private data of QR code using his own bank accountwithout any notification Thus the funds are transferred

to the attackerrsquos account during each subsequent deal Tofurther decrease the economic loss of the merchants causedby the described behavior and improve the security of mobilepayment authentication process for the general customersthe proposed mechanism in this study is applied to practicalscenario as shown in Figure 1 Three primary entities areconsidered the shop cloud server and mobile phone TheQR code carrying the original secret is split into shadow 1 andshadow 2 on the basis of a (2 2)VCS QR

1is the fusion result

of shadow 1 and carrier QR code The generation of QR2is

similar to QR1 Moreover QR

1is stored in the cloud server

while QR2is stuck on the wall of the shopThe mobile phone

holder photographs QR2and then scans QR

2to acquire QR

1

from the distributed cloud server Subsequently the mobilephone simulates the vision characteristic [6] of VCS to stackQR1and QR

2 The original QR code is restored and can be

accessed by the holderQR code presents some significant features such as small

size and the abilities to carry large and various data (such asimages text symbols and other types of information)These

HindawiMobile Information SystemsVolume 2017 Article ID 4356038 12 pageshttpsdoiorg10115520174356038

2 Mobile Information Systems

Original QR code

Aesthetic QR code

Aesthetic QR code

Store in

Shadow 1

Shadow 2Stuck on the wall

Stack

Cloud server

Split into

StackedQR code

(QR1)

(QR2)

Download QR1

Scan QR 2

Figure 1 One practical scenario of mobile payment authentication

Original QR code

Stacked QR code

Shadow 2

Shadow 1

Split into Stack

(a)

Stack

Original QR code

Stacked QR code

Shadow 2

Shadow 1

Original QR code

Split into

(b)

Figure 2 (a) Experiment result of [7] (b) Our experiment result

features can make up for the shortcoming of traditional VCSthat only decodes a simple image Therefore some relatedresearches [8ndash11] on security authentication based on thecombination of QR code and VCS have been conducted inrecent years In these papers QR code is split into severalshadows by using VCS since both of VCS and QR code arecomposed of black and white dots Besides VCS used in e-commerce bank secure login authentication and so on hasbeen studied [7 9 12]

Also Yang et al proposed that the split two shadowswere stored respectively in the mobile client and cloudserver to achieve the mobile phone authentication The twoshadows can also be stacked together and the original QR

code is restored as shown in Figure 2(a) If the scheme [13]is applied on specific QR code payment the shadows are onlyvulnerable

In this study the shadows are hidden in an undetectablestate using theQR code background fusion on such basis [13]Specifically two shadows are respectively embedded into twosimilar images and the results are fused with two identicalcarrier QR code by using QR code background fusionstrategy The two fusion QR codes can be stacked preciselysince QR code presents the characteristics of automatic iden-tification and independent positioning The stacked result isthe original QR code in carrier QR code [11] One example ofour experiment results is shown in Figure 2(b)

Mobile Information Systems 3

The main contributions of this paper are three schemeswith different principles and concealment levels for mobilepayment authentication

(1) In order to make the QR code as holistic as possibleafter the shadow is embedded Scheme I operates onthe basic unit of QR module and adopts the XORmechanismof Reed-Solomon (RS) In this scheme theoriginal QR code is split into two shadows using theproposed nonexpansion (2 2)-VCS the shadows havethe same size with the original QR code

(2) To decrease the visual difference between the shadowand its surrounding region of the carrier QR codein Scheme I a two-level fusion strategy with a back-ground image and an aesthetic QR code strategy areproposed in Scheme II The first-level fusion processis to hide the shadow in the background image andthe second is to fuse the carrier QR code with thespecial region in the fused background image usingXOR mechanism of RS

(3) Scheme II only supports the fusion of binary back-ground image To achieve better aesthetic effect andconcealment the fusion strategy is adapted betweenthe carrier QR code and extracted regions of interest(ROI) by the error correction mechanism of QRcode in Scheme III Specifically the saliency map andmodule layout are used to figure out the saliencyvalues based on which the appropriate modules areselected as ROI The obtained ROI is the local regionin the background image replaced by the shadow

The rest of this paper is organized as follows Section 2introduces VCS and QR code The detailed descriptions ofthe three proposed schemes and their corresponding exper-iments are given in Section 3 The analysis of authenticationsecurity and conclusions are presented in Section 4

2 Preliminary

21 Visual Cryptography Visual cryptographic scheme(VCS) is a generalization of secret sharing and was firstproposed byNaor and Shamir in 1995 in their scheme [14] Anoriginal halftone image is divided into 119899 shared images andeach shared image is printed on a transparent film such thatany 119896 films stacked together can restore the original imageHowever for the casewith less than 119896films the original imagecannot be restored This program mainly uses the humanvisual system of color approximation principle Thereforethe secret image restoration can be implemented by a simplefilm superposition without any password calculation

Each pixel of the images is divided into smaller blocksThere is always the same number of white and black blocksIf a pixel is divided into two parts there are one white andone black block If the pixel is divided into four equal partsthere are two white and two black blocks In Figure 3 a pixelis divided into four parts and it has two different states If thepixel is white it can be divided into two blocks and each blockhas a black pixel and a white pixel When the secret image issplit the block is randomly filled into two shadowsWhen the

Shadow 2

Shadow 1

Secret module

Stacked

Figure 3 Construction of (2 2) VCS scheme

two blocks are superimposed together gray blocks appear tosimulate the white pixels If the pixel is black the two blocksare complementary When the two blocks are superimposedthey present black pixels Thus shadow images that are splitby secret image become a chaotic maps and no informationcan be inferred from the secret image Secret images canbe restored when the two shadows overlay Moreover thestacking process does not require any calculations

22 QR Code

221 RS Code Encoding Mechanism The 119899 bits RS codecontains 119896 data bits as parity code for the rest of the wordTheQR code is generated by RS codeThe generation processof QR code with RS code is presented as follows Firstlythe length of data region is 119896 in RS code according to theinput text secondly the input text is encoded based on theencoding rules of RS code the region filled by those codewords are considered as the valid data region and its length is119898 If the code words cannot completely fill the data region aterminator (0000) is adopted The padding bits are used tofill the extra data region known as the invalid data regionand its length is 119896 minus 119898 Moreover the RS code generates 119905parity bits according to the 119896 data bits Finally the generatedRS code combining with the timing pattern and alignmentpattern performs XOR operations with mask [15] Then thestandard QR code is generated

Figure 4 shows the distribution of RS code in theQR codePink and green parts are the data region with length of 119896and the orange part is the parity region with length of 119905 Theremaining parts are filled by timing pattern and alignmentpattern The pink part is the valid data region with length of119898 the green part is the invalid data regionwith length of 119896minus119898after the terminator

Black and white modules are randomly distributed inQR code which is a property of QR code Submodules ofVCS are also randomly distributed but submodule is fromimage decomposition Compared with VCS randomness inQR codes appears natural Concealment will be better in QRcode if we want to hide information

222 Construction of PBVM A series of RS codes can beacquired by Gauss Jordan elimination method [16] ThoseRS codes formulate a matrix and its previous section of thematrix is a unit vector matrix On this basis the concept ofpositive basis vector matric (PBVM) is proposed in which


m message bits t parity bits

p padding bits

Figure 4 RS code distribution in QR code

1

1

1

1

1

1

middot middot middot middot middot middot middot middot middot middot middot middot







k data area t parity area

k bits middot middot middot

Figure 5 PBVM

each line is a RS code the previous 119896 bits are data region andthe rear 119905 bits are parity region The subregion of 119896 lowast 119896 in thefront of the whole matrix is a unit vector matrix (as shownin Figure 5) PBVM is used to modify the data region of RScodes

223 XOR Mechanism of RS According to the literature[16] it is proved that RS code has the features of XORoperation whichmeans a new RS code can be acquired usingtwo different RS codes by performing XOR operation andthe new RS code still conforms to the standard form Forexample given the following RS codes with data bits 119896 = 3and parity bits 119905 = 2 the two RS codes are RS1 = 10010 andRS2 = 01011 then to perform the XOR operation RS3 = RS1oplus RS2 = 11001 it also can be observed that RS3 is also a validRS code

224 Error Correction Mechanism of QR Code QR code isdivided into 40 versions according to the image size Version 1consists of 21lowast21modules every following version comparedto the previous version increases four modules for each sideIn different versions of QR code each version of QR code hasfour error correction levels expressed with 119871119872 119876 and 119867the corresponding error correction capacities are 7 1525 and 30 respectively In this paper we will use errorcorrection mechanism to realize the blend of QR code andbackground image

Shadow 2

Shadow 1

Secret pixel

Stacked

Figure 6 Nonexpansible VCS scheme

3 Authentication Schemes for QRCode Payment

Because QR code and shadows of VCS are both composedof whiteblack dots we can combine VCS with QR codeto implement security authentication scheme Firstly VCSis used for authentication of QR code Then security forpayment will be further improved if shadow of VCS canbe concealed into the QR code undetectably In order toconceal shadow into QR code some aesthetic QR codemethods are adopted Sections 31 32 and 33 introduce someauthentication schemes for QR code payment in which VCSbased on QR module fusion with background image basedon XOR mechanism of RS and error correction mechanismof QR are used respectively

31 Scheme I Based on QR Module and XOR Mechanism ofRS The original QR code is split into two halftone images asshadows at pixel level When one shadow is embedded to thecarrier QR code directly the aesthetic QR code is noticeablebecause of the visual difference of whiteblack dots Thusit is easy to be suspected and then it results in maliciousattacks Therefore in order to have a better concealment anew splitting shadowsmechanism based onQR codemoduleis designedThe shadow is embedded into the carrierQR codebased on XOR mechanism of RS Figure 6 shows the overallframework which can be described as follows

(1) The Generation of Shadows Considering that the moduleis taken as the basic unit in QR encoding and decoding eachmodule of the original QR code is divided into two modulesaccording to the defined rule (Figure 6) If the original QRcode module is white the obtained module pairs must beconsistent both white modules (as shown in the 2nd columnin Figure 6) When this pair is stacked a white moduleappears On the other hand if the original QR codemodule isblack the obtained module pairs must be complementary (asshown in the 3th and 4th columns in Figure 6) When thesecomplementary pairs are stacked a black module appearsEach module of the original QR code is handled accordingto the above defined rules and two shadows are obtainedThetwo shadows 1198781 and 1198782 have the same size as the original QRcode 119876

1 The proposed VCS can provide better concealment

for the subsequent fusion process


Table 1 Results of Scheme I

1198763

1198764

1198765(stacked QR code)

(1-1) (1-2) (1-3)

(1-4) (1-5) (1-6)

(1-7) (1-8) (1-9)

(2) The Fusion of Carrier QR Code and Shadows Given onecarrier QR code and shadow 119878

1 the local region of carrier

QR code with the same size as 1198781is modified with XOR

mechanism of RS The related rows in PBVM are obtainedif the modules between shadow 119878

1and the QR code 119876

2are

different One XOR operation is executed between RS of themodule and RS of the carrier QR code to generate a newRS To insert shadow 1 and shadow 2 into the carrier QRcode the processing steps are described as follows For eachmodule 119887

119894in shadows 1 or 2 it will be compared with the

original module 119888119894in carrier QR code If modules 119887

119894and 119888119894

are different the XOR operation will be executed to changemodule 119888

119894Meanwhile the related rows in PBVMare obtained

to generate a new RS in carrier QR codeAfter all of the different modules are processed an

aesthetic QR code1198763is generated The aesthetic QR code 119876

4

is obtained with 1198782in a similar way

(3) The Stack of QR Code Then we stack the two QR codes1198763and 119876

4 The original QR code 119876

1appears in the stacked

QR code 1198765and can be decoded precisely

The flowchart of Scheme I is shown in Figure 7 Someexperiments are conducted and results are listed in Table 1

From the front two rows in Table 1 we can find thatthe modules in the shadow are distinctly different from thesurrounding region of the carrier QR code In order to solvethe problemwe need tomodify the data region of the originalQR code to increase the number of black modules as much as

possible For example the better result is given in the last rowof Table 1

32 Scheme II Based on VCS and Fusion Strategy of Back-ground Image by XOR Mechanism of RS However Scheme Ihas some flaws For example there are somewhat differencesbetween the modified region and the surrounding regionSuch flaw can cause attackersrsquo suspicion easily and reducethe security of QR code to some extent So we proposean improved scheme based on VCS and fusion strategy ofbackground image with XOR mechanism of RS In SchemeII the two shadows are embedded into the same backgroundimage respectively Then the QR code is fused with theobtained background image based onXORmechanism of RSThe details are described as follows

(1)TheGeneration of ShadowsTheQR code1198761is divided into

two shadows (1198781and 1198782) based on traditional (2 2)-VCS

(2) Embed Shadows in Background Image Given a back-ground image (119868

1) the two shadows (119878

1and 1198782) are respec-

tively embedded into 1198681 The two background images (119868

2and

1198683) are obtained

(3) Fusion of Background Image and Carrier QR Code Thebackground images (119868

2and 1198683) and the QR code are fused

with XOR mechanism of RS The fusion steps are describedas follows Firstly background images are grayed using the


Stack

Original QR

Fuse

FuseCarrier QR

Aesthetic QR

Aesthetic QR

Stacked QR code (Q1) code (Q2)

code (Q3)

code (Q4)

code (Q5)

Shadow 1 (S1)

Shadow 2 (S2)

Cloud server

Stored in

Split into

Figure 7 Flowchart of Scheme I

method of weightedmean and partitioned into several blocksaccording to the size of QR code module Secondly theconsistency between every block and its corresponding QRcode module is evaluated by comparing their gray valueThen XOR operation is executed for QR code with PBVMif the comparison result is different Lastly the QR code andthe background image should be fused The detailed fusionstrategy formula is described as follows

119876 =

0 119879119894lt 1198790cap 119873119894= 0

minus1 119879119894gt 1198790cap 119873119894= 0

1 119879119894lt 1198790cap 119873119894= 1

0 119879119894gt 1198790cap 119873119894= 1

(1)

where 119876 = 0 represents that the background image thatis completely replaced 119876 = minus1 or 1 represents the centralregion of the specified module which is replaced by thecorresponding region of the QR code and the other region ofthe specified module is replaced by corresponding region ofbackground image 119879

119894represents gray average of gray block

1198790represents binary threshold which is obtained by Otsursquos

method119873119894is the module of QR code119873

119894= 1 represents white

block whereas119873119894= 0 represents black block

(4)The Stack of QRCodeThe two aesthetic QR codes (1198763and

1198764) are stackedThe original QR code in the stacked QR code1198765appears and can be decoded accuratelyThe flowchart of the Scheme II is given in Figure 8 The

embedded QR code (1198762and 119876

3) can be decoded accurately

The small QR code in the fused QR code can be decodedThe

secret information can be gained perfectly through decodingthe smaller QR code

For example when a blank background image is chosenthe result of Scheme II is shown in Figure 9

From Figure 8 we find that the shadows appear abruptlyin the QR code In this case the QR code is attacked easilyThus the security of QR code is hard to ensureThe selectionof background image is crucial The better results will betested in Table 2 by selecting some special binary backgroundimage

From Table 2 we find the shadows are hidden with noaffection in the binary background images This scheme hasgood security and concealment It is suitable for mobilepayment

33 Scheme III Based on VCS and Fusion Strategy ofBackground Image with Error Correction Mechanism of QRScheme II is implemented with XOR mechanism of RSHowever the selected background image is only valid forbinary image In order to enlarge the selectable backgroundimage XOR mechanism adopted in Scheme II is replaced byerror correction mechanism of QR code Thus Scheme III isdesigned as shown in Figure 10

In Scheme III a color background image is selected Localregion of the color background image is replaced by oneshadow as shown in Figure 10 Then the selected carrierQR code and the modified background image are fused withthe method of error correction mechanism The shadow ishidden in the carrier QR code It is hard to notice the hiddenshadow and the security is enhanced When two aestheticQR codes are stacked the original QR code appears and can


Aesthetic QR

Aesthetic

Original QR

PBVM

PBVM

Stack

Fusionstrategy

Fusionstrategy

Carrier QR Stacked QR code (Q1) code (Q2)

QR code (Q3)

code (Q4)

code (Q5)

Shadow 1 (S1)

Shadow 2 (S2)

I1

I1

I2

I3

Cloud server

Stored in

Qr

Q998400r

Split into

Figure 8 Flowchart of Scheme II

(a) (b) (c)

Figure 9 Simple results of Scheme II (a) (b) and (c) represent 1198763 1198764 and 119876

5 respectively

be decoded accurately The main differences are stated in thesecond step and the third step compared with Scheme II



(2) The Selection of Color Background Image In Scheme IIIthe background image is selected widelyThe color image hasrich information such as texture color and shapes whichcan be utilized sufficiently to hide the shadows The regionof interest (ROI) in the background image is selected andreplaced by the shadows The modified background image isobtained

(3) Fusion Strategy of Background Image and QR Code Theerror correction mechanism of QR code can be adopted tofuse themodified background image and the carrierQR codeThe details are described as follows

Firstly the positions of modules of the carrier QR codeare marked as module layout The saliency map is generatedaccording to ROI The saliency map and module layoutare used to figure out saliency values and then sort and

select propermodules as changeable regionsThe hierarchicalmodule replacement rules are proposed

Secondly the binary operation for the modified back-ground image is done The modified background image ispartitioned into blocks as the size of QR code module

Thirdly the block in the ROI with the correspondingQR code module is compared The corresponding module ismodified if the comparison result is different The modifica-tion rule is as follows if the module is white it is replaceddirectly by black module Otherwise it is replaced directly bywhite module

Finally the third step is repeated for every module inthe ROI The modified background image is fused with thecarrier QR code as the method of Scheme II

Some related experimental results with Scheme III arelisted in Table 3 Compared with Scheme II the backgroundimages present a variety of diversity including grayscale andcolor images Due to the rich background images the shad-ows are perfectly fused into the background image to furtherstrengthen the concealment of shadow The attacker wouldnot pay much attention to the fused QR code Therefore the


Table 2 Experimental results of Scheme II

Aesthetic QR code (1198763) Aesthetic QR code (119876

4) Stacked QR code (119876

5)

(2-1) (2-2) (2-3)

(2-4) (2-5) (2-6)

(2-7) (2-8) (2-9)

(2-10) (2-11) (2-12)

(2-13) (2-14) (2-15)

(2-16) (2-17) (2-18)

(2-19) (2-20) (2-21)


Table 2 Continued



5)

(2-22) (2-23) (2-24)

Fusionstrategy

Fusionstrategy

Stack

Aesthetic QR

Aesthetic

Original QR

Carrier QR

Stacked QR code (Q1)

code (Q2)

QR code (Q3)

code (Q4)

code (Q5)

Shadow 1 (S1)

Shadow 2 (S2)

I1

I1

I2

I4

I3

Cloud server

Stored in

Obtainsaliency

map

Errorcorrection

mechanism

Qr

Split into

Figure 10 Flowchart of Scheme III

authentication function can be implemented and the securityof mobile payment is ensured

4 Discussion and Conclusion

Three schemes are proposed in this paper formobile paymentauthentication in which VCS XOR mechanism of RS anderror correction mechanism of QR code are adopted Thesecurity performance primarily depends on VCS and its con-struction Shadows are generated by splitting the original QRcode based on VCS and have pseudorandom characteristicsimilar to noise It is almost impossible for the attacker torecover the secret information from each individual shadowBecause of the random splitting for each pixel the secretinformation cannot be iteratively calculated using the existingtechnologies which can be proved using probability theoryThe probability of a pixel that is induced in the secret image

is 13 if only a 2times2 block from a shadow is knownThereforethe probability of the entire 84times84 of the shadow is estimatedto be (13)7056

With QR code being used widely for mobile paymentQR code is attacked more frequently If QR code is replacedor tampered with it will cause huge economic losses Thusthe real payment QR code is split to shadows and embeddedin a large carrier QR code in the proposed schemes Toincrease the uniformity between the shadow and the carrierQR code and improve its concealment of the shadow thefusion among the shadow background image and carrierQR code is executed using XOR mechanism of RS or errorcorrectionmechanismofQR codeWhen the carrierQR codeis scanned it will jump to the Internet web downloadingthe other carrier QR code By stacking the two carrierQR codes the real payment QR code will appear on themobile


Table 3 Experimental results of Scheme III



5)

(3-1) (3-2) (3-3)

(3-4) (3-5) (3-6)

(3-7) (3-8) (3-9)

(3-10) (3-11) (3-12)

(3-13) (3-14) (3-15)

(3-16) (3-17) (3-18)

(3-19) (3-20) (3-21)


Table 3 Continued



5)

(3-22) (3-23) (3-24)

(3-25) (3-26) (3-27)

(3-28) (3-29) (3-30)

Therefore our schemes can satisfy the security require-ment of QR code payment As shown in the experimentsthe shadows and carrier QR code are mixed to be a uniformobject The application scenarios of the proposed schemeswill be further explored in future work

Competing Interests

The authors declare that they have no competing interests

Acknowledgments

This work was mainly supported by National Natural ScienceFoundation of China (no 61370218)

References

[1] DAOrtiz-Yepes ldquoA review of technical approaches to realizingnear-field communicationmobile paymentsrdquo IEEE Security andPrivacy vol 14 no 4 pp 54ndash62 2016

[2] P Subpratatsavee and P Kuacharoen ldquoInternet banking trans-action authentication using mobile one-time password and QRcoderdquo Advanced Science Letters vol 21 no 10 pp 3189ndash31932015

[3] B Zhang K Ren G Xing X Fu and CWang ldquoSBVLC securebarcode-based visible light communication for smartphonesrdquoin Proceedings of the 33rd IEEE Conference on Computer Com-munications (IEEE INFOCOM rsquo14) pp 2661ndash2669 TorontoCanada May 2014

[4] H Suryotrisongko Sugiharsono and B Setiawan ldquoA novelmobile payment scheme based on secure quick response pay-ment with minimal infrastructure for cooperative enterprisein developing countriesrdquo ProcediamdashSocial and Behavioral Sci-ences vol 65 pp 906ndash912 2012

[5] P De and J Eliasson ldquoAn assessment of QR code as a userinterface enabler for mobile payment apps on smartphonesrdquoin Proceedings of the 7th International Conference on HCI(IndiaHCI rsquo15) pp 81ndash84 Guwahati India December 2015

[6] J M McCune A Perrig andM K Reiter ldquoSeeing-is-believingusing camera phones for human-verifiable authenticationrdquo inProceedings of the IEEE Symposium on Security and Privacy vol4 pp 110ndash124 May 2005

[7] L Feng and Q Y Wei Cheating Prevention of Visual Cryptogra-phy Springer International Berlin Germany 2015

[8] S Nseir N Hirzallah and M Aqel ldquoA secure mobile paymentsystem using QR coderdquo in Proceedings of the 5th InternationalConference on Computer Science and Information Technology(CSIT rsquo13) pp 111ndash114 March 2013

[9] N Buckley A K Nagar and S Arumugam ldquoVisual secretsharing between remote participantsrdquo International Journal ofComputer Applications vol 103 no 2 pp 8ndash17 2014

[10] A Espejel-Trujillo I Castillo-Camacho M Nakano-Miyatakeand H Perez-Meana ldquoIdentity document authentication basedon VSS and QR codesrdquo Procedia Technology vol 3 pp 241ndash2502012

[11] W-P Fang ldquoOffline QR code authorization based on visualcryptographyrdquo inProceedings of the 7th International Conferenceon Intelligent InformationHiding andMultimedia Signal Process-ing (IIHMSP rsquo11) pp 89ndash92 October 2011


[12] C Chan andC Lin ldquoANewCredit Card Payment SchemeUsingMobile Phones Based on Visual Cryptographyrdquo in Intelligenceand Security Informatics vol 5075 of Lecture Notes in ComputerScience pp 467ndash476 Springer Berlin Germany 2008

[13] C Yang J Liao F Wu and Y Yamaguchi ldquoDeveloping visualcryptography for authentication on smartphonesrdquo in IndustrialIoT Technologies and Applications vol 173 of Lecture Notes of theInstitute for Computer Sciences Social Informatics and Telecom-munications Engineering pp 189ndash200 Springer InternationalPublishing Cham 2016

[14] M Naor and A Shamir ldquoVisual cryptographyrdquo in Advancesin CryptologymdashEUROCRYPT rsquo94 (Perugia) vol 950 of LectureNotes in Computer Science pp 1ndash12 Springer Berlin Germany1995

[15] C Li T Q Zhang and Y Liu ldquoBlind recognition of RScodes based on Galois field columns Gaussian eliminationrdquoin Proceedings of the 8th International Congress on Image andSignal Processing vol 2015 pp 836ndash841 Shenyang China 2015

[16] R Cox ldquoQartcodesrdquo April 2012 httpresearchswtchcomqart

Submit your manuscripts athttpswwwhindawicom

Computer Games Technology

International Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014


Distributed Sensor Networks


Advances in

FuzzySystems

Hindawi Publishing Corporationhttpwwwhindawicom

Volume 2014


ReconfigurableComputing

Hindawi Publishing Corporation httpwwwhindawicom Volume 2014


Applied Computational Intelligence and Soft Computing

thinspAdvancesthinspinthinsp

Artificial Intelligence

HindawithinspPublishingthinspCorporationhttpwwwhindawicom Volumethinsp2014

Advances inSoftware EngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014


Electrical and Computer Engineering

Journal of

Journal of

Computer Networks and Communications


Hindawi Publishing Corporation

httpwwwhindawicom Volume 2014

Advances in

Multimedia


Biomedical Imaging


ArtificialNeural Systems

Advances in


RoboticsJournal of



Computational Intelligence and Neuroscience

Industrial EngineeringJournal of


Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014


Human-ComputerInteraction

Advances in

Computer EngineeringAdvances in



Original QR code

Aesthetic QR code

Aesthetic QR code

Store in

Shadow 1

Shadow 2Stuck on the wall

Stack

Cloud server

Split into

StackedQR code

(QR1)

(QR2)

Download QR1

Scan QR 2

Figure 1 One practical scenario of mobile payment authentication

Original QR code

Stacked QR code

Shadow 2

Shadow 1

Split into Stack

(a)

Stack

Original QR code

Stacked QR code

Shadow 2

Shadow 1

Original QR code

Split into

(b)

Figure 2 (a) Experiment result of [7] (b) Our experiment result

features can make up for the shortcoming of traditional VCSthat only decodes a simple image Therefore some relatedresearches [8ndash11] on security authentication based on thecombination of QR code and VCS have been conducted inrecent years In these papers QR code is split into severalshadows by using VCS since both of VCS and QR code arecomposed of black and white dots Besides VCS used in e-commerce bank secure login authentication and so on hasbeen studied [7 9 12]

Also Yang et al proposed that the split two shadowswere stored respectively in the mobile client and cloudserver to achieve the mobile phone authentication The twoshadows can also be stacked together and the original QR

code is restored as shown in Figure 2(a) If the scheme [13]is applied on specific QR code payment the shadows are onlyvulnerable

In this study the shadows are hidden in an undetectablestate using theQR code background fusion on such basis [13]Specifically two shadows are respectively embedded into twosimilar images and the results are fused with two identicalcarrier QR code by using QR code background fusionstrategy The two fusion QR codes can be stacked preciselysince QR code presents the characteristics of automatic iden-tification and independent positioning The stacked result isthe original QR code in carrier QR code [11] One example ofour experiment results is shown in Figure 2(b)







2 Preliminary



Shadow 2

Shadow 1

Secret module

Stacked



22 QR Code







p padding bits


1

1

1

1

1

1










Figure 5 PBVM




Shadow 2

Shadow 1

Secret pixel

Stacked










1198763

1198764


(1-1) (1-2) (1-3)

(1-4) (1-5) (1-6)

(1-7) (1-8) (1-9)






2are




119894and 119888119894





4
















2and






Stack

Original QR

Fuse

FuseCarrier QR

Aesthetic QR

Aesthetic QR


code (Q3)

code (Q4)

code (Q5)

Shadow 1 (S1)

Shadow 2 (S2)

Cloud server

Stored in

Split into



119876 =

0 119879119894lt 1198790cap 119873119894= 0

minus1 119879119894gt 1198790cap 119873119894= 0

1 119879119894lt 1198790cap 119873119894= 1

0 119879119894gt 1198790cap 119873119894= 1

(1)



















Aesthetic QR

Aesthetic

Original QR

PBVM

PBVM

Stack

Fusionstrategy

Fusionstrategy


QR code (Q3)

code (Q4)

code (Q5)

Shadow 1 (S1)

Shadow 2 (S2)

I1

I1

I2

I3

Cloud server

Stored in

Qr

Q998400r

Split into


(a) (b) (c)


5 respectively
















5)

(2-1) (2-2) (2-3)

(2-4) (2-5) (2-6)

(2-7) (2-8) (2-9)

(2-10) (2-11) (2-12)

(2-13) (2-14) (2-15)

(2-16) (2-17) (2-18)

(2-19) (2-20) (2-21)


Table 2 Continued



5)

(2-22) (2-23) (2-24)

Fusionstrategy

Fusionstrategy

Stack

Aesthetic QR

Aesthetic

Original QR

Carrier QR


code (Q2)

QR code (Q3)

code (Q4)

code (Q5)

Shadow 1 (S1)

Shadow 2 (S2)

I1

I1

I2

I4

I3

Cloud server

Stored in

Obtainsaliency

map

Errorcorrection

mechanism

Qr

Split into











5)

(3-1) (3-2) (3-3)

(3-4) (3-5) (3-6)

(3-7) (3-8) (3-9)

(3-10) (3-11) (3-12)

(3-13) (3-14) (3-15)

(3-16) (3-17) (3-18)

(3-19) (3-20) (3-21)


Table 3 Continued



5)

(3-22) (3-23) (3-24)

(3-25) (3-26) (3-27)

(3-28) (3-29) (3-30)


Competing Interests


Acknowledgments


References

























Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in









2 Preliminary



Shadow 2

Shadow 1

Secret module

Stacked



22 QR Code







p padding bits


1

1

1

1

1

1










Figure 5 PBVM




Shadow 2

Shadow 1

Secret pixel

Stacked










1198763

1198764


(1-1) (1-2) (1-3)

(1-4) (1-5) (1-6)

(1-7) (1-8) (1-9)






2are




119894and 119888119894





4
















2and






Stack

Original QR

Fuse

FuseCarrier QR

Aesthetic QR

Aesthetic QR


code (Q3)

code (Q4)

code (Q5)

Shadow 1 (S1)

Shadow 2 (S2)

Cloud server

Stored in

Split into



119876 =

0 119879119894lt 1198790cap 119873119894= 0

minus1 119879119894gt 1198790cap 119873119894= 0

1 119879119894lt 1198790cap 119873119894= 1

0 119879119894gt 1198790cap 119873119894= 1

(1)



















Aesthetic QR

Aesthetic

Original QR

PBVM

PBVM

Stack

Fusionstrategy

Fusionstrategy


QR code (Q3)

code (Q4)

code (Q5)

Shadow 1 (S1)

Shadow 2 (S2)

I1

I1

I2

I3

Cloud server

Stored in

Qr

Q998400r

Split into


(a) (b) (c)


5 respectively
















5)

(2-1) (2-2) (2-3)

(2-4) (2-5) (2-6)

(2-7) (2-8) (2-9)

(2-10) (2-11) (2-12)

(2-13) (2-14) (2-15)

(2-16) (2-17) (2-18)

(2-19) (2-20) (2-21)


Table 2 Continued



5)

(2-22) (2-23) (2-24)

Fusionstrategy

Fusionstrategy

Stack

Aesthetic QR

Aesthetic

Original QR

Carrier QR


code (Q2)

QR code (Q3)

code (Q4)

code (Q5)

Shadow 1 (S1)

Shadow 2 (S2)

I1

I1

I2

I4

I3

Cloud server

Stored in

Obtainsaliency

map

Errorcorrection

mechanism

Qr

Split into











5)

(3-1) (3-2) (3-3)

(3-4) (3-5) (3-6)

(3-7) (3-8) (3-9)

(3-10) (3-11) (3-12)

(3-13) (3-14) (3-15)

(3-16) (3-17) (3-18)

(3-19) (3-20) (3-21)


Table 3 Continued



5)

(3-22) (3-23) (3-24)

(3-25) (3-26) (3-27)

(3-28) (3-29) (3-30)


Competing Interests


Acknowledgments


References

























Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in





p padding bits


1

1

1

1

1

1










Figure 5 PBVM




Shadow 2

Shadow 1

Secret pixel

Stacked










1198763

1198764


(1-1) (1-2) (1-3)

(1-4) (1-5) (1-6)

(1-7) (1-8) (1-9)






2are




119894and 119888119894





4
















2and






Stack

Original QR

Fuse

FuseCarrier QR

Aesthetic QR

Aesthetic QR


code (Q3)

code (Q4)

code (Q5)

Shadow 1 (S1)

Shadow 2 (S2)

Cloud server

Stored in

Split into



119876 =

0 119879119894lt 1198790cap 119873119894= 0

minus1 119879119894gt 1198790cap 119873119894= 0

1 119879119894lt 1198790cap 119873119894= 1

0 119879119894gt 1198790cap 119873119894= 1

(1)



















Aesthetic QR

Aesthetic

Original QR

PBVM

PBVM

Stack

Fusionstrategy

Fusionstrategy


QR code (Q3)

code (Q4)

code (Q5)

Shadow 1 (S1)

Shadow 2 (S2)

I1

I1

I2

I3

Cloud server

Stored in

Qr

Q998400r

Split into


(a) (b) (c)


5 respectively
















5)

(2-1) (2-2) (2-3)

(2-4) (2-5) (2-6)

(2-7) (2-8) (2-9)

(2-10) (2-11) (2-12)

(2-13) (2-14) (2-15)

(2-16) (2-17) (2-18)

(2-19) (2-20) (2-21)


Table 2 Continued



5)

(2-22) (2-23) (2-24)

Fusionstrategy

Fusionstrategy

Stack

Aesthetic QR

Aesthetic

Original QR

Carrier QR


code (Q2)

QR code (Q3)

code (Q4)

code (Q5)

Shadow 1 (S1)

Shadow 2 (S2)

I1

I1

I2

I4

I3

Cloud server

Stored in

Obtainsaliency

map

Errorcorrection

mechanism

Qr

Split into











5)

(3-1) (3-2) (3-3)

(3-4) (3-5) (3-6)

(3-7) (3-8) (3-9)

(3-10) (3-11) (3-12)

(3-13) (3-14) (3-15)

(3-16) (3-17) (3-18)

(3-19) (3-20) (3-21)


Table 3 Continued



5)

(3-22) (3-23) (3-24)

(3-25) (3-26) (3-27)

(3-28) (3-29) (3-30)


Competing Interests


Acknowledgments


References

























Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in





1198763

1198764


(1-1) (1-2) (1-3)

(1-4) (1-5) (1-6)

(1-7) (1-8) (1-9)






2are




119894and 119888119894





4
















2and






Stack

Original QR

Fuse

FuseCarrier QR

Aesthetic QR

Aesthetic QR


code (Q3)

code (Q4)

code (Q5)

Shadow 1 (S1)

Shadow 2 (S2)

Cloud server

Stored in

Split into



119876 =

0 119879119894lt 1198790cap 119873119894= 0

minus1 119879119894gt 1198790cap 119873119894= 0

1 119879119894lt 1198790cap 119873119894= 1

0 119879119894gt 1198790cap 119873119894= 1

(1)



















Aesthetic QR

Aesthetic

Original QR

PBVM

PBVM

Stack

Fusionstrategy

Fusionstrategy


QR code (Q3)

code (Q4)

code (Q5)

Shadow 1 (S1)

Shadow 2 (S2)

I1

I1

I2

I3

Cloud server

Stored in

Qr

Q998400r

Split into


(a) (b) (c)


5 respectively
















5)

(2-1) (2-2) (2-3)

(2-4) (2-5) (2-6)

(2-7) (2-8) (2-9)

(2-10) (2-11) (2-12)

(2-13) (2-14) (2-15)

(2-16) (2-17) (2-18)

(2-19) (2-20) (2-21)


Table 2 Continued



5)

(2-22) (2-23) (2-24)

Fusionstrategy

Fusionstrategy

Stack

Aesthetic QR

Aesthetic

Original QR

Carrier QR


code (Q2)

QR code (Q3)

code (Q4)

code (Q5)

Shadow 1 (S1)

Shadow 2 (S2)

I1

I1

I2

I4

I3

Cloud server

Stored in

Obtainsaliency

map

Errorcorrection

mechanism

Qr

Split into











5)

(3-1) (3-2) (3-3)

(3-4) (3-5) (3-6)

(3-7) (3-8) (3-9)

(3-10) (3-11) (3-12)

(3-13) (3-14) (3-15)

(3-16) (3-17) (3-18)

(3-19) (3-20) (3-21)


Table 3 Continued



5)

(3-22) (3-23) (3-24)

(3-25) (3-26) (3-27)

(3-28) (3-29) (3-30)


Competing Interests


Acknowledgments


References

























Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in




Stack

Original QR

Fuse

FuseCarrier QR

Aesthetic QR

Aesthetic QR


code (Q3)

code (Q4)

code (Q5)

Shadow 1 (S1)

Shadow 2 (S2)

Cloud server

Stored in

Split into



119876 =

0 119879119894lt 1198790cap 119873119894= 0

minus1 119879119894gt 1198790cap 119873119894= 0

1 119879119894lt 1198790cap 119873119894= 1

0 119879119894gt 1198790cap 119873119894= 1

(1)



















Aesthetic QR

Aesthetic

Original QR

PBVM

PBVM

Stack

Fusionstrategy

Fusionstrategy


QR code (Q3)

code (Q4)

code (Q5)

Shadow 1 (S1)

Shadow 2 (S2)

I1

I1

I2

I3

Cloud server

Stored in

Qr

Q998400r

Split into


(a) (b) (c)


5 respectively
















5)

(2-1) (2-2) (2-3)

(2-4) (2-5) (2-6)

(2-7) (2-8) (2-9)

(2-10) (2-11) (2-12)

(2-13) (2-14) (2-15)

(2-16) (2-17) (2-18)

(2-19) (2-20) (2-21)


Table 2 Continued



5)

(2-22) (2-23) (2-24)

Fusionstrategy

Fusionstrategy

Stack

Aesthetic QR

Aesthetic

Original QR

Carrier QR


code (Q2)

QR code (Q3)

code (Q4)

code (Q5)

Shadow 1 (S1)

Shadow 2 (S2)

I1

I1

I2

I4

I3

Cloud server

Stored in

Obtainsaliency

map

Errorcorrection

mechanism

Qr

Split into











5)

(3-1) (3-2) (3-3)

(3-4) (3-5) (3-6)

(3-7) (3-8) (3-9)

(3-10) (3-11) (3-12)

(3-13) (3-14) (3-15)

(3-16) (3-17) (3-18)

(3-19) (3-20) (3-21)


Table 3 Continued



5)

(3-22) (3-23) (3-24)

(3-25) (3-26) (3-27)

(3-28) (3-29) (3-30)


Competing Interests


Acknowledgments


References

























Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in




Aesthetic QR

Aesthetic

Original QR

PBVM

PBVM

Stack

Fusionstrategy

Fusionstrategy


QR code (Q3)

code (Q4)

code (Q5)

Shadow 1 (S1)

Shadow 2 (S2)

I1

I1

I2

I3

Cloud server

Stored in

Qr

Q998400r

Split into


(a) (b) (c)


5 respectively
















5)

(2-1) (2-2) (2-3)

(2-4) (2-5) (2-6)

(2-7) (2-8) (2-9)

(2-10) (2-11) (2-12)

(2-13) (2-14) (2-15)

(2-16) (2-17) (2-18)

(2-19) (2-20) (2-21)


Table 2 Continued



5)

(2-22) (2-23) (2-24)

Fusionstrategy

Fusionstrategy

Stack

Aesthetic QR

Aesthetic

Original QR

Carrier QR


code (Q2)

QR code (Q3)

code (Q4)

code (Q5)

Shadow 1 (S1)

Shadow 2 (S2)

I1

I1

I2

I4

I3

Cloud server

Stored in

Obtainsaliency

map

Errorcorrection

mechanism

Qr

Split into











5)

(3-1) (3-2) (3-3)

(3-4) (3-5) (3-6)

(3-7) (3-8) (3-9)

(3-10) (3-11) (3-12)

(3-13) (3-14) (3-15)

(3-16) (3-17) (3-18)

(3-19) (3-20) (3-21)


Table 3 Continued



5)

(3-22) (3-23) (3-24)

(3-25) (3-26) (3-27)

(3-28) (3-29) (3-30)


Competing Interests


Acknowledgments


References

























Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in







5)

(2-1) (2-2) (2-3)

(2-4) (2-5) (2-6)

(2-7) (2-8) (2-9)

(2-10) (2-11) (2-12)

(2-13) (2-14) (2-15)

(2-16) (2-17) (2-18)

(2-19) (2-20) (2-21)


Table 2 Continued



5)

(2-22) (2-23) (2-24)

Fusionstrategy

Fusionstrategy

Stack

Aesthetic QR

Aesthetic

Original QR

Carrier QR


code (Q2)

QR code (Q3)

code (Q4)

code (Q5)

Shadow 1 (S1)

Shadow 2 (S2)

I1

I1

I2

I4

I3

Cloud server

Stored in

Obtainsaliency

map

Errorcorrection

mechanism

Qr

Split into











5)

(3-1) (3-2) (3-3)

(3-4) (3-5) (3-6)

(3-7) (3-8) (3-9)

(3-10) (3-11) (3-12)

(3-13) (3-14) (3-15)

(3-16) (3-17) (3-18)

(3-19) (3-20) (3-21)


Table 3 Continued



5)

(3-22) (3-23) (3-24)

(3-25) (3-26) (3-27)

(3-28) (3-29) (3-30)


Competing Interests


Acknowledgments


References

























Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in




Table 2 Continued



5)

(2-22) (2-23) (2-24)

Fusionstrategy

Fusionstrategy

Stack

Aesthetic QR

Aesthetic

Original QR

Carrier QR


code (Q2)

QR code (Q3)

code (Q4)

code (Q5)

Shadow 1 (S1)

Shadow 2 (S2)

I1

I1

I2

I4

I3

Cloud server

Stored in

Obtainsaliency

map

Errorcorrection

mechanism

Qr

Split into











5)

(3-1) (3-2) (3-3)

(3-4) (3-5) (3-6)

(3-7) (3-8) (3-9)

(3-10) (3-11) (3-12)

(3-13) (3-14) (3-15)

(3-16) (3-17) (3-18)

(3-19) (3-20) (3-21)


Table 3 Continued



5)

(3-22) (3-23) (3-24)

(3-25) (3-26) (3-27)

(3-28) (3-29) (3-30)


Competing Interests


Acknowledgments


References

























Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in







5)

(3-1) (3-2) (3-3)

(3-4) (3-5) (3-6)

(3-7) (3-8) (3-9)

(3-10) (3-11) (3-12)

(3-13) (3-14) (3-15)

(3-16) (3-17) (3-18)

(3-19) (3-20) (3-21)


Table 3 Continued



5)

(3-22) (3-23) (3-24)

(3-25) (3-26) (3-27)

(3-28) (3-29) (3-30)


Competing Interests


Acknowledgments


References

























Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in




Table 3 Continued



5)

(3-22) (3-23) (3-24)

(3-25) (3-26) (3-27)

(3-28) (3-29) (3-30)


Competing Interests


Acknowledgments


References

























Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in
















Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in



Multiple Schemes for Mobile Payment Authentication Using...

Documents

Transcript of Multiple Schemes for Mobile Payment Authentication Using...