Popularization of smartphones results in quantitative and qualitative expansion of applications that utilize mobility and computing capability of the smartphones. A payment service application using a mobile phone among many mobile applications has been spotlighted as service that may give much convenience to users. In the payment service application, various payment means, such as a mobile wallet, are integrated in one application so that various payment services can be conveniently provided to users through a smartphone. There are several payment methods using the smartphone, but a payment service of the mobile wallet is carried out through wireless communication between various near-distance wireless terminals. However, wireless communication is basically vulnerable to attack. Thus, a secure session management technique between near-distance terminals is positively necessary to carry out various services using a mobile terminal.
A technique of sharing a secret key between both communication terminals is necessary for secure session management. The most known method of sharing a secret key is a Diffie-Hellman (DH) protocol, which is vulnerable to man-in-the-middle attack. Many key exchanging techniques including a station-to-station (STS) protocol have been proposed so as to solve the problem of man-in-the-middle attack. However, since these key exchanging techniques including a STS protocol require a previously-shared value or a trusted third party (TTP), they are not suitable for use in a mobile payment service. This is because it is difficult for a payment service using a mobile phone to have a previously-shared value with various communication terminals or to have a common TTP, such as a Public Key Infrastructure (PKI).
In addition, when a hash value relating to a shared key (session key) established through a DH protocol is used as an authentication code, the size of the authentication code is too large to be used in an out-of-band (OOB) channel, and the hash value is vulnerable to pre-image attack.