| Mobile commerce, as a kind of e-commerce mode based on mobile networks and mobile devices, is quickly developed and play an increasingly important role in people’s daily life. The flexibility and convenience of mobile business more in line with the requirements of the new era of e-commerce, but also bring a series of unique security problems in the mobile environment, and the identity authentication is the most important and direct means to solve the problem of the security. Through certified the identity of the mobile business participants, the access control policies and authorization that matched the identity can be determined and the security operation of the mobile business activities can be ensured.In many payments and security scenarios in m-commerce, "many" but not "two" participants are involed. These participants can be consumer, merchant system, payment platform or bank system. In this environment, the current mainstream identity authentication mechanism is based on jump and multiple authentication, that is, the consumer may require input multiple authentication information. With the development of mobile technology, the performance gap between mobile network and mobile terminal and desktop environment is gradually narrowing, while the gap between input and output still exists. Complex multiple authentication process not only greatly reduces the efficiency, but also easy to subjective or objective to reduce the risk of the user’s awareness of risk preventing and subject to fishing, counterfeiting and other attacks and the personal privacy information leakage. Therefore, in the "parties" involved in the mobile commerce environment, reducing the number of sensitive information input and exchange, is the important way to improve the efficiency and safety of identity authentication.These above problems can be solved by using a kind of identity authentication based on virtualization agent, that is "identity prox", namely:consumers reach a contract with payment platform or bank in advance and reserve a security token, consumers in the mobile e-commerce site settlement behavior, on need to login payment platform or the banking system, but will provide a security token by encrypting processing sent to site, site as an intermediary send this security token to the payment platform or the banking system, after verification, mobile e-commerce site and payment platform can participate in the activities of the settlement without consumers. Using this mechanism, consumers don’t need to log in each trade payment platform, or the bank on the net, the whole process of mobile commerce will be streamlined, the transaction efficiency and trading experience will be greatly improved, by fishing and counterfeit attack risk will be greatly reduced. But this mechanism also brings new security issues, mainly focus on how to prevent from posing as a replay of mobile commerce website and how to prevent from the consumer’s transaction repudiation on. Therefore, the main research content of this article is to construct the identity authentication mechanism and solve the security problem.This paper mainly focuses on the participatory environment authentication mechanism which suitable for mobile commerce, convenient lightweight and trust relationship basis of safety in the transfer application virtualization as the main line, give full consideration to the user requirements and security needs of mobile commerce, put forward feasible model, framework and implementation process. Based on the above work, the main contribution and innovation of this paper are as follows:(1) Systematically studied the identity authentication mechanism of mobile environment, analyzed the existing problems of typical payment authentication mechanisms, put forward the relationship between security and complexity of operation in mobile commerce. Through the method of questionnaire survey, we get first-hand data and get the user acceptance degree of the main research content through data analysis. Summary of the above contents, proposed security needs, security framework and security policy in the mobile commerce.(2) For the first time, the conceptual model of mobile commerce identity authentication based on virtualization is proposed for multi participation mobile commerce. The model first define the trust domain, trust alliance, contracts, security token, direct trust and indirect trust, such as concept, then the working principle of the mode, the input, output and storage in each work line process are proposed based on concept, finally, according to the trust relationship of transfer to construct the identity authentication mechanism based on virtualization. The model simplifies the process of identity authentication for the two parties to participate in the identity authentication process, and puts forward the establishment of the trust, authorization, storage, maintenance rules, to ensure the safety of virtual authentication, and the content is the foundation of subsequent authentication scheme design.(3) From the perspective of practical application, instantiate the conceptual model and a variety of logic design schemes are formed. Logic design scheme adopting different mainstream identity authentication technology, on the one hand, to ensure the availability and the compatibility of logic design, on the other hand, the characteristics and applicable environment of the logic design scheme of different identity authentication technology are obtained by comparison. Mainly include:DPVA virtual authentication scheme based on dynamic password, DSVA virtual authentication scheme based on digital signature and CAVA virtual authentication scheme based on the trusted third party certification center. At last, the prototype system is analyzed, designed and developed by the simulation method of the information system, which is used to verify the feasibility, function and performance of the logic scheme.
|
PDF Full Text Request