Research Of Mobile Micro-Payment Scheme Based On Electronic Wallet

With the rapid development of mobile Internet and mobile devices, more and more people begin to use mobile phone and other mobile terminals to access Internet and all kinds of application services. A large number of service providers begin to provide value-added services for this kind of clients. For instance, web sites can benefit from providing searching service to enable clients download music, a video clip and electronic documents, etc. And the expenses of a involved user has to pay for this kind of online transaction is relatively small, usually a few cents (or less). So the reality limits the use of macro payment mechanism requiring high transaction costs and computational overhead. Micro-payment mechanisms have been put forward to solve the issue of "small payment". Digital wallet is a payment tool commonly used by e-commerce, especially suitable for micro electronic payment. Digital wallet is a software that help customer perform secure electronic transaction and keep transaction records. E-wallets act as a secure bridge between customers and merchants.Features of micro-payments is that cost of transaction is small, but trading volume is huge. Hence it demands high efficiency for implementation. During the process of online payment,secure payment is a important problem to be solved. Security problems such as intercepted user privacy information, stolen user account or password information, Trojan invasions or phishing sites etc.,will result in the loss of user assets. On the other hand, a malicious user will also try to re-spend a obtained electronic money. Because of complexity of payment environment and the performance limitation on the mobile payment devices, analysis and design of mobile micro-payment security protocols encounter many difficulties and challenges.How to design a secure and effective mobile payment security protocol is of great significance.The work of this thesis is to study how to implement secure and efficient、easy to be implemented mobile payment security protocols based on the electronic wallet. Then our study is mainly focused on the following aspects:(1) The thesis combines micro-payment technology with E-wallet to design mobile payment security protocols to enhance security and efficiency. Hash chain and public key algorithms are used to put forward a secure mobile micro-payment scheme based on E-wallet. Mobile micro-payment schemes based on E-wallet consist of three parties:customer、merchant and TPP, in which customers and merchants have accounts administrated by TPP. E-wallet can help customer to accomplish secure mobile micro-payment transactions, prevent customers from double spending, and provide secure management of customers’ accounts. The proposed scheme can guarantee authentication between TPP and users and information integrity.(2) It is very important for a user and server to confirm the identity of both sides in the open network. Given that the existing solutions based on public-key cryptosystem place a burden on performance of mobile terminals, it limits the application of public-key cryptosystem to mobile devices. In this thesis, a password authentication scheme is presented, which is suitable for mobile devices since symmetric key algorithms are used by the scheme to improve resource requirement. Two-way authentication between a client and server is realized via password and symmetric key algorithms. The scheme can not only complete secure session key exchange but also ensure user anonymity and privacy. While security is guaranteed, performance is also enhanced.(3) One-dimensional one-way hash chain has been widely applied to micro payment schemes because of its simplicity and effectiveness..But it has limitations in performance when handling the problem of multi-denomination. The thesis extends the UOBT model by the two-dimensional hash chain to present an algorithm to support verification of multiple payment nodes of different nominal value. It can be seen from the comparison results that the performance of hash operation and authentication of root nodes has been improved considerably.