Android-Based Mobile Payment Security Research And Implementation

Mobile payment has becoming a quick and convenient payment with the popularityof smart phone and the increase of the number of applications, but payment security solutions are more focused on the hardware leve rather than software leve, software-based security solutions’ research is not as rich as hardware-based either. So the issue of smartphone’ security has caused more and more people’s attention, especially on Android phone, which has the highest market share.The research objectives of this article will be an implemention of an Android service which can be used by any applications to ecrypt local personal informations, especially for payment applications to encrypt personal bank account information when users try to use them in a payment process or in another trading software. The security payment service can provide the service that users don’t need to input the excactly account information and password by import the encrypted and saved local bank account information that users have typed before. Besied, when users are required to input the password, the service will provide a random numerical soft keyboard to protect the users from Android Trojans to steal the password by remember the location of the touch point on the sreen.This article will illustrate how to implement this comprehensive solution included encryption technology, inter-process communication in Android and random numerical soft keyboard step by step, and how the service can be used by developed an Android wallet to present.This article cost a whole year to finish, and the solution was once considered to use in an actual project when I was an intern in a company, but it didn’t happened because the company decied to make a free application due to some business reasons.The solution is not working or applied in business, but the protencial of the solution can still be found.After a whole years’ work, all the developing work has been done included the inter-process communication, encryption technology and random numerical soft keyboard. To make the IPC I use the Android Interface Definition Language-AIDL to develop the service interface for activity, for encryption, I used AES algorithm and CBC work mode in the service, the AES algorithm code is rewrite from a C-based OpenSSL library. The random numerical soft keyboard is totally based on the openness of Android system because Android provide a open interface to defined a new soft keyboard. But after test and consideration, there are still some places can be improved in the future, such as the image and voice recognition can be used in the authentication beside numerical input.