The Research On Security Of APP For Mobile Bank Software Based On Chip Smart Card

With the rapid growth in mobile banking users,the problem of security for mobile internet payment becomes prominent increasingly.Scammers stealing bank card informationand customer capital through a virus,phishing site and Trojan remote control,which brings more challenges to mobile financial security.Therefore,it is an urgent problem to develop a secure payment scheme which can be applied in mobile environment.Through analysis and research of the security risks of mobile terminal in a wireless environment,this paper proposes a security solution to meet the demand for mobile banking,which is based on the combination of public key certificate technology and chip smart card.The security architecture of mobile banking includes the security of client identity authentication,the security of transaction data transmission and Non-repudiation of transaction data.Chip smart card protects the security of the mobile phone bank by a combination of public key certificate technology.At the same time,the chip smart card and SIM card are installed in the mobile phone together to solve the problem of inconvenient possession for both audio Key and Bluetooth Key and the problem which SD Key can not be compatible with iOS.Specific work as follows:(1)Analysis of mobile banking security issues and requirements:This paper analyzed the security problems of mobile phone bank system,mainly for the user's system,mobile banking system security requirements and security risk.,it is concluded that mobile phone bank mainly need solve the problem of identity authentication,transmission security and non-repudiation.To solve the problems,the technology with combination of public key certificate is employed to design a mobile banking system security process,including the client bank PIN protection,message integrity and key between the client and application server domain encryption process,certificate application process,the certificate of the login process,data signature and verify the signature process.(2)Design and implementation of COS safety system:This paper refer to the state password bureau smart card related specification,design and implement chip smart card security COS.Safe COS set command parsing and control mechanism provide entry access for the upper application.The setting key management mechanism ensures the safety of key.The setting access authentication mechanism ensures the safety of chip smart card access and also equipped with sensitive data hard isolation scheme to protectthe security of the COS.According to regulatory requirements,the financial industry information security products of country need to carry out the transformation and gradually prohibit the use of foreign products.Combined with the actual needs of banks,safe COS in addition to supporting the RSA algorithm,but also support SM2 asymmetric algorithm.The mobile phone bank can modified the parameters of certificate according to the requirements of the certificate parameters,in other word,it can support the national certificate.(3)Design and implementation of security middleware:Design and realize the safe and easy to integration middleware.The security middleware includes API interface,channel management,security control and disperse the key store.Security middleware API interface which refer to CSP interface design provides APIs of the data encryption,signature and verification signature for mobile banking.It makes chip smart card can convenient integration into the existing mobile banking APP.Channel management,security control and spread the key store part together control API access security and improve the security of mobile banking APP.(4)Chip smart card comprehensive test:Through the preparation of forward use cases and reverse use cases,the security middleware and security COS were tested.The test results are consistent with the expected results,and verify the security of the intermediate value and security of the various functions of COS,security to meet the expected requirements.In this paper,the design and implementation of the chip smart card security solutions can solve the problem of mobile banking transaction security,at the same time provides better convenience,and achieved good results in practical application in the bank.