| With the advances in communication technology and the development of mobile terminal, mobile e-commerce is gathering more and more attention. The mobile wallet, a tool to make mobile payment, is becoming increasingly popular in the modern life. At present, mobile wallet exists mainly in two modes: smart card mode and software mode. The smart card mode has already been widely used, but the scope of its application is limited. In comparison, the software mode has a bigger range of applications and better development prospects, but its security issues such as the leak of the user's account information, fraudulent activities, etc. have raised public concern.Aiming to solve computer systems security issues, Trusted Computing technology has become a new research field of information security today. Trusted Computing technology aims to build confidence in the credibility of the source-point by integrating the hardware modules in the computer systems. Through the transmission of trusted chain, Trusted Computing technology can help to maintain the system's original and credible state, so as to establish a credible running-environment. In addition, the system users must be certified so as to ensure the credibility of user identity. Furthermore, the operations involved are consistent with system security policy, therefore, the Trusted Computing technology would not result in offensive incidents, and the security of the entire information system can be ensured.The primary objective of trusted computing technology is to enhance e-commerce security. This technology has now been deployed in many large computer systems. It can bring many new ideas and methods to the change of existing status of IT security management. Trusted Computing technology has been developed in the direction of embedded and mobile devices. TCG (Trusted Computing Group) has also specified clearly that the Trusted Computing technology can be applied to mobile devices. Trusted Computing, as defined by TCG is synonymous with four fundamental concepts: integrity measurement, certification boot, sealing and platform attestation. This article discussed about the software mode of the mobile wallets and its security design.This paper analyzed the current mobile commerce and mobile wallet technology, especially the payment security problems and security issues for mobile wallet; it proposed and designed a valuable solving method. A Trusted Platform Module is added both the mobile terminal and the server to build a credible hardware and operating system environment, and this concept is extended to the mobile wallet system design. By building a Trusted Computing Platform and creating user account information security, data security and other security measures, the mobile wallet and payment server technologies for the user and platform authentication are further enhanced. This ensured the confidentiality, integrity and non-repudiation of the data storage and transmission process.Trusted Computing Platform can ensure the safety of the operating system while launching, and the integrity, legality and correctness of configuration of the mobile wallet software. It can prevent the software from being attacked or tampered by virus. The key management mechanism in the TPM (Trusted Platform Module) itself was used to ensure the security of sensitive data and information storage of the mobile wallet system. The TPM platform identity certificate and the user keys or passwords stored procedure in the wallet system were used to enhance the platform authentication. Mobil wallet's registration, cancellation, payment and other processes and databases are designed based on the functional requirements of mobile wallet. And the process of using mobile wallet system called TSS to achieve TPM, such as binding, seal, signature of the security process and storage method was designed and implemented. Finally, the static integrity measurement of the system was tested and analyzed, which proved the design well. |
PDF Full Text Request