Research And Implementation On Secure Element Access Rule Methodology For Mobile Payment

For the past few years, with the popularity of various kinds of smart cards and Android mobile phones, especially the extension of NFC technology, this indicates the coming of mobile payment era. Development of mobile payment applications become new hot spots of the whole industry. Smartcards which serves as the strategic point of connecting clients, mobile applications even mobile terminals during mobile payment procedure, thus, how to access them efficiently and generaly gains wide attention from many research institutions in the industry. Accessing smartcards refer to access applets installed in the secure elments. The kinds of smartcards involved in the thesis contain SWP-SIM, ASSD and financial IC card. At present, there are great otherness access schemes for each secure element, which can not satisfy the requirement of general access multi kinds of smartcards in the actual processing procedure from developers themselves. It increases the redundancy of programs, leads to miscellaneous operations, delays developing period for mobile applications, even results in obstacles for development of the industry. Meanwhile, access security cannot be assured in some scenarios, which leaves hidden troubles for charging procedure from malicious attack.To solve, accomplish credible, efficient and convenient general access, the research and contribution of this thesis can be summarized as follows: 1. Research on three mainstream secure elements’ production practices, application practices and access practices, as well as the corresponding access model. Focuses on NFC technology applied in contactless access model and JNI applied on the underlying data interaction. 2. Purifying functional and nonfunctional requirements from actual mobile payment system process, the thesis forms a system with four layers structure and can access various types of secure elements generally by using hierarchical design principle. 3. With the principle of high cohesion and loose coupling and the proper use of relevant design patterns, the thesis implements component framework by completing the unified interface information, adjusting the service sequence, supporting logic of general access and the underlying interaction models. The built-in models can ensure the safety of mobile payment process by enabling access control logic and the applied rule of the corresponding access application logic. The thesis researches the Android version 4.4 + external storage features affection on ASSD module and the corresponding schemes. 4. Prospect of following maintaning and updating operations, especially on scalability research over ASSD module, echo access rule mehtod’s non-functional requirement.As a whole, the thesis researches, designs, and implements a middleware type component which can enable access mainstream smart cards’ secure elements in general access rules. Meanwhile, the thesis ensures that the access security and subsequent maintainability at the same time.