Design And Implementation Of Tokenization System For Payment

With the rapid development of mobile Internet and O2 O, mobile payment industry has become the most promising sunrise industry, numerous science and technology companies, or enterprises are chasing for its magical. By using of mobile payment technology,the troubles from from the cash transactions are solved, and the efficiency of payment is promoted Meanwhile, through the combination of different industries, concept such as intelligent city is derived, which brings people much convenience. However, the payment technology, which should be pay for attention, did not match the speed of payment industry development. Meanwhile, user’s information leakage incident happens frequently,which leads to great threat for the payment security. In order to solve the security problem, the payment industry is also put forward a lot of technical solution. For example,to store user’s payment information in the mobile terminal equipment SE(Secure Element), which should work together with the TSM(Trusted Service Manager).However,this method is not supported by majority of service providers, since the SE and TSM are not under their control. Meanwhile, the SE is very expensive.With the expect to solve the problem of payment security becoming more and more strong, a technology called HCE(Host Card Emulation) came out, which,the EMVCo officially launched the concepts and specification of Tokenization, which is using the cloud SE way to replace the terminal hardware SE. And in order to reduce the security risk of passing payment information from HCE to the cloud SE, EMVCo organization put forward the concept of Tokenization specification. Tokenization is a technology which turns user’s sensitive information into a tag, called Token, to pay in the payment network instead of PAN or any other user’s sensitive information to expose outside, and the true PAN need to turn from Tokenization system through special line connection.After this, a stolen Token will not bring any threat to to user’s sensitive personal information. Specification also made the combination of related instructions and guidance of the matters of using token,the involving user roles and how to combine the existing network processes.This paper describes a design and implement of Tokenization system for payment which is based on the rules and requirements mentioned above. The main works and contributions of this paper are as follows:1. Research on technology and solutions of sensitive information security, compares the advantages and disadvantages of traditional technology and Tokenization method.2. Research on related specifications of Tokenization technology, and gives the system summary design and requirements combined with actual payment process.3. Based on the research and design above, this paper realizes all required Tokenization system function modules, and designs the business processes according to the actual situation.4. Finally this paper realize a complete TSP server, provides a complete Tokenization service, and the server and its function modules are perfect tested.In conclusion, this paper researches, designs and implements a payment Tokenization system, provides complete functions and reasonable tests.