Mobile Security Payment Scheme Based On Identity-based Password Algorithm + SMS Verification Code

With the progress of mobile communication technology and the rapid popularization of intelligent devices,mobile payment has become an indispensable payment method in people's daily life,covering more and more dimensions of people's lives.Currently,when large amount transactions are involved,financial institutions usually use short message service(SMS)verification code to authenticate users.However,the SMS verification code mobile payment scheme based on the certificatebased public key cryptosystem(Certificate-Based Public Key Cryptosystem,CBPKC)is still insufficient,which is mainly manifested in the following aspects: First,the SMS verification code is transmitted in plaintext,which is easy to be stolen by attackers through technical means such as radio monitoring.Second,the security of the payment scheme depends heavily on SMS verification code,once the SMS verification code is stolen,the security of payment scheme will be lost.Third,the payment scheme is established under the CBPKC system,and its mobile devices require additional resources to store,transmit,and verify digital certificates,which increases the burden of mobile devices and wireless networks.Based on the analysis of the above problems,this thesis proposes an identity-based password algorithm + SMS verification code mobile payment scheme.The main work of this thesis includes:(1)A new mobile payment scheme for SMS verification code is established under the identity-based public key cryptography.In this scheme,users and bank servers join an identity-based cryptography system.Users and bank servers no longer need digital certificate-based authentication before each communication,which greatly reduces the computing and storage costs of mobile devices and wireless networks.(2)The process of payment verification has been improved.After receiving the SMS verification code input by the user,the mobile bank client generates a digital signature of the SMS verification code using the user's private key,and obtains the current time stamp,then encrypts the time stamp,the SMS verification code and the digital signature and sends it to the bank authentication server for verification.After the bank certification server passes the inspection,the payment service server is notified to perform such operations as transfer.SMS verification code and digital signature together provide security for this scheme,which makes it impossible for an attacker to pass the authentication of bank authentication server by SMS verification code alone,and ensures that this scheme can protect the security of users' capital and property.(3)This thesis analyzes the security of the proposed mobile payment scheme based on the identity algorithm + SMS verification code,and compares it with other schemes in terms of attack resistance and payment verification efficiency.The results show that this scheme has high security,strong anti-attack and better payment verification efficiency.The mobile payment scheme is simulated systematically,the experimental data shows that with the increase of the number of mobile terminals,the response delay of the system is small,and the system is stable and robust.Therefore,this scheme is feasible,and can solve the problem that the SMS verification code cause property loss after being stolen.