Research And Implementation Of Mobile Payment Security Technology In Android

With the rapid development of mobile Internet and smart terminal devices,more and more people use mobile terminal devices for online or offline mobile payment.Mobile payment has also developed rapidly and become an indispensable part of people's lives.With the increasing number of mobile payment users and payment methods,the corresponding security issues have become more and more.In the Internet today,information security is particularly important,involving everyone's personal privacy information,property security information,and so on.Therefore,the security issue in mobile payment has also received more and more attention.The security risks in mobile payment mainly come from malicious app applications of mobile terminal devices,SSL/TLS vulnerabilities,payment application vulnerabilities,data leakage,and incomplete SMS authentication.Since the short message verification has the advantages of high time-sensitive password,low cost,easy implementation and simple and convenient,the current service for the network uses the short message verification code to verify the user identity.However,when these services involve the user's personal privacy information and property security information,the security of the SMS verification code is particularly important.At present,most SMS authentication codes are transmitted in plain text,and it is easy to be stolen by SMS verification code for verification.In the common telecom fraud case,it is the main means to defraud the user's SMS verification code to impersonate the user to log in or trade.Therefore,for the privacy of users,the security of SMS verification code is especially important.Based on the analysis of the above problems,this paper proposes a mobile payment system based on SMS verification service.The main research work of this paper includes:(1)A mobile payment scheme based on certificateless encrypted SMS verification code is proposed.Firstly,aiming at the security of basic identity information of users in mobile payment,the idea of tokenization technology is introduced.The unique identifier ID is generated by using PAN code to realize the anonymity of basic identity information of users and protect the privacy of personal information of users.Secondly,in the identity authentication,the user name,password and SMS verification code are used fortwo-factor authentication to ensure the security of the user during identity authentication.Taking into account the security of some private key transmissions,the use of XOR solves the problem of private key leakage of mobile terminals.Considering the security of the SMS verification code,the SMS verification code is signed with the certificateless public key.Even if the ciphertext is leaked,the attacker cannot obtain the real SMS verification code,thereby avoiding the risk of the SMS verification code being leaked.Finally,a reliable,secure and efficient mobile payment solution was designed.(2)A mobile payment scheme based on lattice cipher encrypted short message verification code is proposed.According to the security of user's basic identity information,we still use the idea of tagging technology to ensure the anonymity of user's basic identity information.For user authentication process,hash chain technology is used to achieve authentication.Considering the current development of quantum technology and the threat of quantum computing to traditional public key cryptography,the NTRU algorithm is used to encrypt the short message verification code with the characteristics of anti-quantum computing and efficient encryption and decryption,and the ECC signature algorithm is used to authenticate the signature.A secure and efficient mobile payment scheme is designed.(3)Implement a mobile payment system based on the Android platform.Using the first two mobile payment solutions,design a relatively simple app application system on the android platform.Perform functional tests and performance tests on the system.The final test results are good,and the system implemented on the android platform using the mobile payment scheme in this paper is applicable to the mobile terminal device operating environment.