| Nowadays,mobile payment has become an increasingly popular means of payment for Chinese people.Among them,mobile payment based on security components has been widely used because of its portability and certain security.Typical applications include Apple's APPLE PAY,Huawei's Huawei PAY,Mil et's Rice PAY,Mobile Bus Card,Mobile E-wallet,UnionPay Cloud Flash,etc.However,in these mobile payment applications,the security and user experience of the card concerns constantly expose,which has drawn more and more attention.In existing researches,the Global Platform Organization(GP)first defined a set of Access Rules Application(ARA)standards,which al ows multiple application publishers to use their own mobile client programs independently to manage their own applications in security components.Once this set of standards was introduced,it received a warm response from the industries.Both SmartCard API and China Telecom Corporation have implemented this set of standards one after another.Each mobile phone manufacturer and application publisher also follow this set of standards to set their own mobile payment systems.However,in practice,the author of this thesis finds that under certain circumstances,there are security vulnerabilities in this mode,and when the number of access rules from the application and access rules is too large,it will also lead to poor performance.In order to solve the above problems and achieve secure and efficient access control,this thesis has conduceted the following researches to improve the security and perofmrance issues.1.Improve security.Leveraging cryptographic techniques,we use the asymmetric publicprivate key to verify the signature in the access rule instead of the value judgment method to control the access of the mobile client in the access rule module.At the same time,we cancel the conflicting mechanism in the complicated access rule,which improves the security.2.Enhance performance.By using the shareable interface in Java Card API,the ARA-C are saved in the ARA-M,which saves the time for the ARA-M to obtain the rules from each ARA-C,realizes centralized control and management,and improves the low performance.3.Integrate security and performance improvement.On the basis of enhancing security and improving performance,the unified integration has been carried out.The access rule control has not only been guaranteed in the security respect,but also greatly improved in the performance respect.In summary,focusing on the application standard of access rules defined by global platform organization,this thesis studies,designs and implements a more secure access rules model in view of the security vulnerabilities and low performance problems in this standard;this thesis also improves the performance of the model.Finally,the author looks forward to the future research.In the future,adapting the proposed security/performance improvements and national encryption standards of China to the security component of mobile deivces needs further study,which helps in securing the current mobile payment systems efficiently. |
PDF Full Text Request