| NFC near field payment brings a safe and convenient payment experience for the user. The traditional NFC card simulation is based on hardware, called virtual card simulation. Through security chip embedded in mobile phone, it provides a reliable environment for storage and operation of sensitive information in the transaction process. Secure Element is introduced to improve the security of mobile payment, but it also leads to the extension of the industrial chain, making the card simulation technology development very slow.Host card simulation (HCE) is a new technology in recent years. The goal of HCE is to reduce the threshold of NFC mobile payment. HCE is another way to implement NFC card simulation. In this mode, an application running on a mobile phone or a remote server is used to complete the function of SE. It shortens the industry chain and reduces the cost of the service provider but also reduces security. Mainstream HCE security solutions include host programs, TEE solutions and cloud storage solutions.In order to take the safety and the cost of mobile payment into account, and explore the feasibility of HCE security solutions, the work of the project is carried out from five aspects.Firstly, the article makes a Comparative analysis between the traditional hardware solution based on NFC and the software solution based on HCE. The security advantages and disadvantages of traditional NFC payment are analyzed. The advantages of HCE are analyzed too.And three kinds of HCE security solutions are compared to highlight the advantages of cloud storage security solutions.Secondly, based on the cloud storage security solution, the concept of cloud security element management system is proposed. The storage of sensitive information and secure operations are transferred from the local to the cloud. The design of cloud security element management system is divided into several modules. And the function of each module and the design of the program are detailed described.Thirdly, the program implementation based on the module design is made. The system is divided into four modules: NFC card reader module,HCE card simulation module, the communication protocol stack design module and the cloud server implementation module. The NFC card reader module and HCE card simulation module are achieved through Android NFC programming. Then, the cloud server module is implemented using nginx+PHP+Mysql combination. Finally, using the PKI public key cryptosystem and the knowledge of the network request protocol, the communication protocol stack is designed and implemented.Fourthly, using the token technology of Pay Apple for reference, the random mapping algorithm for card numbers of the system is designed.And A high efficiency PKI signature algorithm combined with application scenarios is designed. The efficiency and security of the system are improved from the angle of algorithm optimization.Finally, the functional testing of the entire cloud security management system is carried out. The whole process of intelligent card consumption is simulated and the response time of the system is tested to prove the security and feasibility of cloud security element management system. |
PDF Full Text Request