Research On Security Mechanism Of Mobile Payment System

Low in cost and well in convenience, the Mobile Payment receives more and more welcome from the consumer and gradually becomes a popular way of payment. However, many factors in the wireless environment, such as the bandwidth, the signal interference, the network interception, the illegal usage, the virus, even the characteristic of the mobile device itself, such as the low computing ability, the limitation of the memory, and so on, has to be considered, which makes the security technologies and the mechanisms originally used in the wired payment not suitable for the mobile payment. Therefore, it will not grow until the security technological hurdles have been overcome. At present, the mobile payment usually occurs in the micro payment situation, so the requirement of security is not very pivotal, but with the rapid development of the electronic commerce, it will gradually be applied to the macro payment situation, inevitably much higher and stricter requirement are needed. Therefore, the research of an efficient security mechanism, which provides the denial authentication ability, has a great theoretic and practical value.With these considerations, this dissertation makes efforts and provides results as follows:Firstly, a theoretic research is done for the Mobile Payment System (MPS), including the frame, industry chain, operation mode, function module, security technology, transport network, and WPKI of MPS. Secondly, security mechanism of MPS is studied, including the security of Authentication protocol and telecommunication network. Then five kinds of payment system are reviewed, and their securities are analyzed. Finally, two very efficient and provably-secure protocols are proposed for the micro and macro payment situation respectively, which are well suited for unbalanced networks consisting of devices with strict power consumption restrictions and wireless network with less stringent restrictions. They can provide the simplified and secure authentication methods in the user-end, and keep the messages secret and integrality. The former based on the shared-key cryptography meets practicability, simplicity, and strong notions of security. The latter based on the elliptic curve cryptography requires significantly less bandwidth and provides the denial authentication ability. Furthermore, it has lower computational burden and storage requirement on the user side.