| With the rapid development of mobile Internet industry, the dimension of users and business application of mobile e-commerce have entered a new stage. On Jun7th,2011, an internal report of China Mobile shows that the number of users of mobile phone has been over100million till2010and will reach200million in this year. Meanwhile, the amount of mobile payment’s money has been more than3billion yuan. From this, there is a broad market in the mobile payment. Meanwhile, mobile payment system is vulnerable and the security of mobile payment seriously restricts the popularity of mobile payment. How to ensure the security of the payment system and the non-repudiation of the identity in the trading process are the urgent problems needed to be solved.To solve the security issues in the mobile payment, this paper designs a mobile payment protocol based on CA system which uses the digital certificate to bind the user’s indentity and public key information.All the message is encrypted with a key, making the transaction information confidential and protecting the user’s transaction details. Meanwhile, every message is signed with the sender’s private key. If the acceptor authenticates the signed value with the sender’s public key successfully, the sender can not deny that he or she has sent this message, and the message is non-repudiation. Each transaction information is calculated the hash value. When the acceptor receives the information, he compares the hash value with the new calculated hash value to determine whether the information has been tampered, which ensures the integrity of the information.Finally, based on the proposed protocol, this paper implements the remote mobile payment system including the CA server, OCSP server, mobile client, the business server and the bank server. By testing, the results show that the system can ensure confidentiality, integrity and non-repudiation of information and has the great theoretical and practical value. |
PDF Full Text Request