Research On Security Technology For NFC Mobile Payment

In recent years,with the rapid development of mobile Internet and the improvement of the performance of mobile devices,mobile payment has gradually replaced traditional cash payment as one of the most popular payment methods due to its convenience.The development prospect is very impressive.As one of the representatives of mobile payment,NFC payment is mainly based on NFC technology.NFC technology has short communication distance,low cost and encryption by hardware modules,so NFC payment is more convenient and safer than other mobile payment methods.Most NFC payments are now based on card emulation mode.The mobile terminal in this mode can simulate a bank card or a bus card.As long as the mobile terminal is close to the POS terminal of the merchant,the transaction can be successfully completed.It has greatly improved the user's offline payment experience.Although NFC payment is very convenient to use,in actual applications,NFC payment faces security threats such as eavesdropping,data tampering,data corruption,phishing,man-in-the-middle attacks,replay attacks,etc.,which can easily lead to risks such as personal privacy disclosure and property damage.Therefore,it is important to conduct security research on NFC payments.This paper studies the abovementioned security threats.Based on the existing NFC payment scheme,according to different trading scenarios,two NFC mobile payment schemes are proposed.The two schemes can not only ensure the data security of payment transactions,but also good protection of the user's personal privacy.The certificateless signcryption technology has two functions of signature and encryption,which can realize user identity authentication and encryption of payment information.It also solves the problem of key escrow and certificate management of traditional public key cryptography.Anonymous technology is one of the most frequently used methods of user privacy protection nowadays.The user's real identity is replaced by a valid anonymous identity.It is difficult for an attacker to know the user's true identity through an anonymous identity.Based on the analysis of existing identity authentication technology and privacy protection technology,an NFC payment scheme based on certificateless signcryption technology is proposed.The anonymous transaction account dynamically updated realizes the anonymity and unlinkability of transactions.It is a good way to protect the privacy of users.The scheme does not need to perform complicated bilinear pairing operations,and there is no certificate management problem,besides the execution efficiency is high,it is suitable for a small amount of transaction scenarios.Group signature technology is widely used to protect the privacy of users.It is mainly because of its anonymity and unlinkability.The verifier can only determine that the signature is signed by the group members,but the true identity of the signer cannot be determined.Only the group manager can know the true identity of the signer,so it is also traceable and is ideal for mobile payments.Based on the existing NFC payment privacy protection technology,this paper proposes an improved NFC privacy protection payment scheme based on group signature technology and token technology.The scheme uses a relatively mature traditional encryption method to encrypt data,and joins the certificate authentication method,which is highly secure and suitable for large-value transaction scenarios.The innovations of this paper are as follows:(1)An NFC payment scheme based on certificateless signcryption technology is proposed.Each time a new random number is combined with a partial private key to generate a complete private key for signing a message,the one-time secret is realized,and the private key leakage is reduced as well as the resistant to replay attacks.The user communicates with the service provider by the anonymous account,communicates with the merchant by the dynamically updated anonymous transaction account,and realizes the anonymity and unlinkability of the transaction,and the user's personal privacy is well protected.(2)An improved NFC privacy protection payment scheme is proposed.The group signature technology is used to realize the unlinkability and anonymity of transactions between users and merchants.The anonymous account is used to realize anonymous communication between users and trusted third-party platforms.Combined with token technology and public key certificate authentication technology,it can effectively protect identity authentication between transaction entities.The session key is dynamically updated,one at a time,to reduce the risk of key compromise,and has anti-replay attack attributes.