Research Of Mobile Payment Security Based On NFC

With the development of wireless communication technology and the popularity of smart phones, mobile payment is more and more rapid development, more and more people use mobile terminals to pay online or offline. NFC technology is used in mobile payment field become a near-field payment way, bank cards, coupons, etc. are loaded into NFC enabled mobile phone, using NFC technology and POS terminal communication can complete the payment activities, greatly enhance the offline payment experience. In practical applications, NFC technology is vulnerable to eavesdropping, data tampering, data corruption, cloning and phishing attacks, resulting in the leak of user privacy data which is a serious threat to financial information and the user’s property security, so it’s important to study the security of NFC mobile payment. The focus of this paper is to study the problem of user privacy protection and identity authentication technology in the process of mobile payment, to prevent the leakage of user’s privacy information and to ensure the validity of the user.As an important privacy protection.method, pseudonym-based privacy protection methods have been widely used in many applications. In such applications, the user’s identity is represented by a pseudonym, which is generated by the third trusted services manager randomly and has no relation to the user’s real identity, however, it requires a storage space to maintain the pseudonyms, overhead of managing revocation list, and communication costs for issuance of pseudonyms. In this paper, we mainly study the privacy protection technology and identity authentication technology. Though analyzing the existing privacy protection and identity authentication, proposed an improved privacy protection security protocol, user self-update pseudonym without the help of TSM, no additional space is required to store pseudonym sets.Identity authentication technology is used to ensure that only legitimate users can enjoy the corresponding services. Based on the idea of privacy protection, an improved anonymous authentication scheme is proposed for the authentication of NFC devices and POS terminals, and provides the session key used for the encryption of transaction information. Mobile payment authentication scheme based on mobile phone token and PIN code is proposed to be used for authentication and security transactions in mobile payment system. The main innovations of this paper include:(1) Study on the pseudonym generation and Chebyshev mapping, proposed an improved NFC-based privacy protection protocol, use self-updateable pseudonym method protect user privacy information.(2) Based on the idea of privacy protection, proposes a mutual authentication protocol based on the idea of privacy protection, which is used for mutual authentication between NFC mobile phone and POS terminal to ensure the validity of user’s identity, and use of Scyther tools to verify the protocol.(3) Proposes a payment authentication protocol based on phone token, token information and user identity information and mobile phone equipment to bind to ensure its uniqueness, only legitimate users can transactions with the mobile payment system during the payment process. Design the NFC mobile payment system model.The proposed protocol is applied to the model, and analyzed the security and feasibility of the proposed model.