| With popularization and development of mobile commerce, the mobile payment has drawn more and more attentions, and the security of it has been the focus. As communication security almost starts from the handshake process, safe identity authentication is necessary to ensure the development of mobile payment.Through analyzing the research situation and application status of identity authentication and Dynamic Password, some advantages were founded such as the simple realization, low cost, no third party notarization. These advantages show that Dynamic Password is quite suitable for limited mobile payment environment. But through analyzing the security of Dynamic Password, the result is that it doesn't support mutual authentication and is hard to resist decimal attack and middlemen attack. Therefore, the authentication mechanism must be improved in order to achieve the security of identity authentication based on Dynamic Password. This paper improve the authentication mechanism by signature and encryption algorithm based on identity, and design a lightweight authentication protocol based on Dynamic Password identification scheme in mobile payment environment. This protocol can fit the limited mobile terminal computation, support mutual authentication, resist decimal attack and middlemen attack. All of this satisfies the mobile payment security needs. Among the authentication protocol analysis methods, formal analysis of security protocol is effective method. At last, the designed protocol is proved to satisfy the security objectives such as data confidentiality, identity and data authentication by BAN logical analysis. |
PDF Full Text Request