Research On Security Analysis And Improvement Technology Of Protocol Implementation In Mobile Payment Scene

With the rapid development of mobile intelligent terminals and mobile Internet,mobile payment is becoming more and more popular,and the application of third-party payment as the main way of mobile payment is developing rapidly.Different from the traditional mobile payment methods,the third-party payment application introduces the entities of the third-party payment platform besides users and businesses.Third-party payment platform independently formulates application third-party payment protocol,and application developers provide payment services for users through SDK of integrated platform.At present,payment platform and application market do not detect payment security defects in the application of integrated payment function,nor regulate and supervise the behavior of application developers,which leads to different degrees of security problems in the application of integrated payment function.On the basis of the above analysis,this paper makes a security analysis of the application of third-party payment protocol,and proposes a protocol improvement scheme for mobile payment scenario.This paper analyses the security of the application of third-party payment protocol,summarizes the common mobile payment scenarios and processes,and analyses the security factors,typical security defects and security incidents of the application of third-party payment protocol.Key storage location,order and order signature generation location,application network protocol and application communication information encryption are all very important security factors in the implementation of the protocol.Based on these security factors,this paper implements a set of Android application third-party payment defect detection tool.Based on the security analysis of third-party payment protocols,this paper proposes a protocol improvement scheme for mobile payment scenarios.The scheme takes corresponding security measures for the security factors of the application of third-party payment protocol,which guarantees the security of the application of third-party payment protocol.At the same time,an improved SM9 and SM4 hybrid encryption application communication protocol is proposed.SM4 session key is negotiated by SM9 key encapsulation algorithm,information is encrypted by SM4 algorithm,and information transformation steps are added before SM4 algorithm is encrypted.The application of communication protocol guarantees the communication security of the application and enhances the security of the implementation of the third party payment protocol.This paper tests the function and performance of Android shopping application system to prove the correctness,practicability and security of the system,and uses Android application third-party payment defect detection tool to detect the defects of market applications and Android shopping application system,which further illustrates the security and practicability of the system.