| With the increasing application of mobile payment, the security problem of mobile network has always been the main obstacle to hamper its development. The following problems as confidentiality, integrity and non-repudiation which are encountered in e-commerce also exist in the mobile commerce. WPKI (Wireless Public Key Infrastructure), as the wireless network certification technique, still retains the characteristics of PKI (Public Key Infrastructure) system, that is, user certificates are still required in order to bind the identity and public key, which means that people need to apply for the certificate, make updates, maintenance, etc. There is no doubt that rather high deploy expenses will rise for this small and medium-sized mobile payment system.If the user's identity can be directly converted into public key, the deploy expenses will be saved and the cost will be reduced. IBE (Identity-Based Encryptio) system is such a system. Finding the abstruseness of the Bilinear Diffie-Hellmen (BDH), IBE system makes use of bilinear mapping of elliptic curve to convert user's identity / role into a public key. The user's identity / role can be arbitrary string related with the identity of the user, e.g. mobile phone numbers, e-mail address, IP address, etc. Compared with the PKI system, the certificate management can be left out.This article firstly analyzes the PKI / WPKI systems, focusing on the analysis of organization and certificate of PKI system as well as the certificate preservation mechanism of PKI / WPKI system. For the private key / private key certificates, the documents and smart cards which are about a few thousand bytes are taken as the storage medium, while the common WPKI certificates are also about a few thousand bytes. Most of the existing PKI / WPKI system has used RSA cryptography. In order to improve security, RSA algorithm has to step up on the length of the public and private key, which makes the memory space of the public & private key and public & private key certificate larger and larger. In the PKI / WPKI system, the most secure way currently is to store the certificate into USBKEY, such as the silver shield used by the Industrial and Commercial Bank of China, and E lead used by People's Construction Bank of China. As the key memory, the hardware structure of USBKEY makes the users get access to the data only through the programming interface, which will guarantee the digital certificates saved in USBKEY not been copied. Moreover, each USBKEY has a PIN code protection. The USBKEY hardware and PIN code constitutes two necessary factors to use the certificate. However, mobile payment entities are usally mobile phones and PDA devices. The volume of USBKEY is obviously larger that it cannot fit for mobile phone and PDA devices.But for mobile phone and PDA devices which are so sensitive for storage space, if private key / private key certificates need to be safely stored, it is best to store the private key / private key certificates in SIM card or storage hardware security chip, however, the secure storage space for private key in these devices is very limited. The mobile phone we often use is in general 32K/64K, part of which has to be used to store other information. It can thus be seen that the IBE system which doesn't need certificates to bind users'identity is an ideal choice.Second, the article makes an in-depth analysis of the IBE encryption system based on the identity, gives a brief introduction of the important components of IBE system, makes a comparative analysis of its differences from PKI system, and actualize IBE prototype system combined with Boenh Franklin identity-based encryption scheme. IBE system is built on the issues as elliptic curves, bilinear Diffie-Hellmen problem, bilinear mapping, etc. It is composed of four sub-algorithms, and is set up in accordance with the order, Setup, Extract, Encrypt and Decrypt. The algorithm input security parameter k, and output the backing system parameters and the master-key. The system parameters are open to the public. The extract algorithm takes the system parameters, main key and a unique identity as the input, output and return a corresponding private key. The encryption algorithm takes the system parameters, identity and the plaintext as the input and output the cryptograph. The decryption algorithm takes the system parameters, cryptograph and the private key as the input and output plaintext. On this basis, the existing problems of IBE system are analyzed, mainly concentrated on the key escrow and private key update. There have been some papers discussing the solutions for these two issues. My team members and I also put forward a solution to solve the key escrow problem, that is, adding ID alias IBE scheme with a trusted third party PKG (Private Key Generator).Third, this article puts forward a mobile payment scheme on the basis of IBE prototype system. After application, the user can use cell phone number as the public key of IBE system, then a corresponding private key through system server is generated, and the private key is then written into mobile phone through SIM card reader to ensure the safety of IBE private key. During the transactions, the users can use STK menu to send transaction message to business. The business will use the user's mobile phone number as the public key to verify the transaction information and to decrypt, and this will be delivered to cell phone bank as the credence to get the payment.By analyzing the internal and external security threats faced by private key generator, the article put forwards a solution to solve security threats. The article concludes a comprehensive set of safety standards applied by PKG in the actual application. It put forwards a better solution to solve the key escrow problem, which is a kind of internal threats of private key generator. By adding assisted certificate party and achieve transfer of trust, the solution makes key escrow possible. The private key update is easy to be achieved by introducing alias identity. Analysis shows all the problems in the deployment of IBE system are solved at the same time the safety is ensured, and, the application scope of IBE system is significantly expanded.Finally, a study is made on SIM card system and file structure of mobile phone. There are two main documents in SIM card: DF directory documents and EF documents. All the documents are stored under 3F00 directory. Each application is stored in 2700 directory. Each application interfaces have corresponding international standards, for example, instructions and operation of SIM card must be in compliance with ISO7816 standards, in which the electrical characteristics of the SIM card, card operation command structure and command flow are set forth. On this basis, the storage place of the private key and the relevant parameters are set down. Based on the above studies, the IBE private key is successfully written into SIM card, which provides security for the private card when the mobile phone-based payment is concerned. |
PDF Full Text Request