Research On Security Of Mobile Payment

With the trends of information, the computer has put its fingers into all the corners of the society, and the electronic commerce also gets more and more popular. The application scope of mobile telecommunication is extending more and more widely along with the popularity of mobile telecommunication. Mobile payment makes use of many merits of mobile telecommunication. Compared with electronic commerce by wire network, mobile electronic commerce has a lot of advantages. It reinforces the traditional electronic commerce. The mobile electronic commerce by cell phone is popular because of its agility characteristic. In addition to voice service, short message service (SMS) is widely used for its convenience and practicability. Firstly, the development, advantage and disadvantage, technology, threats during the mobile electronic commerce have been described in this thesis. Then the emphasis of this thesis is the security of mobile payment. Authentication and key agreement is the key of mobile access security. Due to the limited computation and storage of user equipments and the constrained bandwidth of channels, access security for mobile systems are based on symmetric cryptosystem. With the advances of mobile data service and mobile commerce, it becomes more and more important to adopt asymmetric cryptosystem to provide all-sided security services such as non-repudiation. A scheme constructing AK protocols using self-certified public key system is proposed. Based on the new scheme, an Authenticated Key Agreement protocol is presented and extended to elliptic curve to be fitted to mobile environment. After the analysis of SMS service and its security problem, we find that the security of SMS service can be based on such truth. That is, the SIM card can be looked on as a security agent. The application stored in the SIM card will run according to the developers' purpose. The owner of cell phone can not disturb the performance of applications. Based on such a commerce environment, we establish a secure and efficacious protocol for mobile electronic commerce. In this protocol, the evidence problem based on reliable client is pointed out. Without public key signature algorithm, the evidence problem is solved by symmetric cipher and hash function. The SIM card's ability of computing and storing is no longer limited to evidence problem. Dispute on business affairs will be solved fairly, and the benefits of honest part can be protected. According to the research on fair electronic contract, a fair contract protocol for two-party and a fair contract protocol for multi-party are designed. It's used to protect the profit of each party during the mobile payment. With the analysis of the protocol, it is proved to be practicable, efficient and secure.