| Mobile Payment had brought convenience to us, but at the same time it brought us some security risks. In order to improve safety, the current systems had to force users to remember a lot of passwords. Those kinds of methods not only failed to meet users’ demand for convenience and ease of use, but also could not realize the binding of the user and his identity, the identity of a user could be easily forged. How to improve the authentication security of a mobile payment system was the most important issue to consider, when designing and developing the system.As to solve the identity authentication problem, after analyzed the advantages and disadvantages of different identity authentication techniques, the paper proposed a two-way authentication solution based on fingerprint identification and WPKI. Using the fingerprint characteristics as the payment password could bind the user and his identity to solve user counterfeit. Using digital certificates for the authentication of systems and the authentication among systems could solve system fraud. At the same time, as for the security of the fingerprint characteristics in the process of transmission and storage, by analyzing the advantages and disadvantages of different encryption techniques, we decided to use ECC algorithm to distribute symmetric key, combined with AES algorithm to encrypt the fingerprint characteristics, to ensure the safety of fingerprint characteristics.Based on these studies, we designed and implemented a mobile payment system based on fingerprint identification and WPKI. Experiments and analyses showed that the proposed design of the system could effectively solve the impersonation problem in the process of mobile payment, improved the security of identity authentication. This paper had done some necessary exploration for mobile payment system, was a useful try for improving the security of mobile payment systems. |
PDF Full Text Request