Features | Protocols | ||||
---|---|---|---|---|---|
Eun et al. (2013) | Ashrafi and Ng (2009) | Google’s host card emulation (HCE) (https://www.securetechalliance.org/publications-host-card-emulation-101/) | Soft card’s NFC payment (https://www.mobilepaymentstoday.com/companies/media/isis/, https://www.gosoftcard.com/) | SPPMC (our proposal) | |
Authentication | Y | Y | Y | Y | Y |
Confidentiality | Y | Y | Y | Y | Y |
Integrity | Y | Y | Y | Y | Y |
Non-repudiation | N | N | N | N | Y |
Credentials are generated and stored in tamper-resistant hardware | N | N | N | N | Y |
QES (qualified electronic signature) | N | N | N | N | Y |
Does the framework ensure secrecy of payment information | Y | N | N | N | Y |
Does the framework ensure secrecy of order information | Y | N | N | N | Y |
Does the framework ensure anonymity of client (C/U) from POS, AB and eavesdropper | Y | N | N | N | Y |
communication privacy | Y | N | N | N | Y |
Does the framework ensure information privacy | Y | N | N | N | Y |
Avoids double spending and over spending | Y | N | N | N | Y |
Does the framework withstand replay attack | Y | Y | Y | Y | Y |
Does the framework withstand impersonation attack | Y | Y | Y | Y | Y |
Does the framework withstand MITM (man-in-the-middle attack) attack | Y | Y | Y | Y | Y |
Does the framework withstand multi-protocol attack | N | N | N | N | Y |
Is the framework/protocol verified with formal logic or formal tool | N | N | N | N | Y |