| Recently, mobile payment has become a popular research topic. In addition, the mobile payment market is growing at a very fast rate every year. Promising market prospect has attracted a lot of companies and developers to join in the mobile payment industry. Mobile payment applications which relay on secure element have become more and more rich. Secure Element(SE), such as UICC and smart SD card in mobile phone, is a hardware chip which can protect user’s sensitive information and provide a secure and trusted execution environment. This thesis mainly focuses on how the device applications can access the SE in mobile phone conveniently and securely during the payment application development.At present, the methods used to access secure element vary due to the different types of secure element. This thesis studies several key problems about how to access the SE securely under a model of accessing secure element and then solves these problems. The model is similar to middle layer software. It provides a set of unified interfaces for mobile application developers. Developers can use these APIs to access secure element easily and securely. Furthermore, the access model provides transparency for differences between the underlying interfaces to access secure elements. At the bottom layer of the model, there are different interfaces for accessing SE,which can be used to transfer data to different secure element directly. The model requires that these underlying APIs are invisible for developers.This thesis studies the principles of accessing SE and related specifications. Based on the model of access, some key problems while accessing SE are studied. Corresponding solutions are put forward to address the problems above and implement a secure framework of accessing SE finally. The main work and contributions are listed as follow:1. Studies the access rules and implements the access control module in the framework according. The module can verify the applications and make sure that only legal applications can access the SE, what’s more, it can filter the commands sending to SE.2. Proposes and implements a mutual authentication mechanism based on challenge-response. A mutual authentification procedure is performed when API callers invoke the underlying APIs, which guarantees that only legal applications are capble of invoking the underlying APIs. In this approach, the problem of illegal invocation to the underlying API is solved.3. Studies and realizes the white-box cryptographic algorithm based on DES. Use white-box cryptography to hide key information used in mutual authentication procedure.The key does not appear while perfoming encryption and decryption, which can avoid the risk of key leakage from codes.4. Focuses on the methods of processing interface files which are used to access smart SD cards. Because the ways of processing interface files vary according to different kinds of smart SD cards, a set of unified APIs of accessing different smart SD cards are realized, the APIs take all types of interface files into consideration.5. According to the model, design and implement a secure framework of accessing SE, which provides a set of unified interfaces for application developers. By using this framework, device applications can access the SE in a secure way. |
PDF Full Text Request