A Kind Of Security Mobile Payment System Design And Implementation

The mobile payment industry was born under the circumstance of the rapid development and popularity of smart phone. The widespread use of mobile payment can accelerate the traditional consumption process and make people’s daily lives convenient. Especially, on-site mobile payment is a public demand. Mobile payment has advantages including carry-on, real-time and speedy. It can increase the efficiency of payment and has a huge development potential. Based on the analysis of the research status of mobile payment system, the constraints of communication technology and the security risk of the framework are urgent problems to be solved. With the research on improving the usability and security of mobile system, a new system is proposed in this paper that has theoretical and practical value.The mobile payment framework proposed in this paper adopts software security technology and aims at constructing a security mobile payment framework based-on NFC(Near Field Communication). It is suitable for the payment of both merchant and different individuals. By combining White-Box and challenge-response authentication protocol to uniquely identify a mobile phone, it ensures that the payment software can be only run on specific device with a specific bank account. Contactless transactions are conducted through NFC to exchange sensitive data between clients and POS terminals to facilitate the payment process. The process is fast and secure. Furthermore, a mature White-Box cryptographic technology is used to protect key and the security of the payment system, which is run in White-Box attack environment.The proposed mobile payment structure SOMNP(Security framework for on-site mobile NFC payment) fully considers the limitation of mobile payment environment. The non-agent structure is applied for the mobile payment framework, which is proposed in the paper. The customer account is bound with mobile device by constructing the identity authentication server and equipment binding technology. The digital signature technology of PKI is abandoned for limited mobile payment environment. Authentication algorithm based on symmetric key is used in the paper to realize non-repudiation and makes use of NFC technology to form the communication channel between business man and customers. When designing the system, the principle of layered structure and high expansibility is considered so that the system will be more flexible and convenient.The prototype system of the proposed mobile payment structure is designed and implemented on Android platform. The module design and core algorithm of it is elaborated in the paper. The result of the prototype system is given to verify the feasibility of the framework. Finally some deficiencies and the future work are put forward in the paper.