Analysis and Research of Mobile Payment Terminal Based on Smart Card

0 Preface

Mobile payment is an important part of mobile e-commerce. Only when mobile payment is fully developed, mobile e-commerce will have a good development environment. For the special identities of operators, financial operability considerations require third-party organizations that are more focused on payment processing. Operators focus on system platform deployment and technology implementation, while financial institutions focus on financial transactions and other operations, so it is very necessary to establish a safe and efficient mobile payment system.

1 The concept of mobile payment

According to the definition of the mobile payment forum, mobile payment refers to the transaction between the two parties through a mobile device for certain goods or services. The mobile terminal used for mobile payment may be a mobile phone, a PDA, a mobile PC, or the like. Mobile payment is divided into two types: micro payment and macro payment. Micropayments are defined according to the definition of mobile payment forums. The transaction amount is less than US$10, which usually refers to the purchase of mobile content services; macropayment refers to payment behaviors with large transaction amounts, such as online shopping or close-up payment. The biggest difference between the two is the level of security requirements.

2 Secure payment method for mobile payment

Secure electronic transaction is a credit card-based electronic payment system specification proposed by Visa and MasterCard to ensure the security of card transactions on open networks. The SET specification uses the public system to authenticate the communicating parties, and uses DES data encryption algorithm, RC4 or any standard symmetric encryption method to encrypt and transmit information, and uses Hash algorithm to identify the authenticity of the message and whether it is falsified to maintain any openness. The security of personal financial information on the web. The main goal that SET has to achieve is the safe transmission of information on the Internet. Mutual authentication between the user and the merchant to determine the identity of both parties to the communication. It is generally the responsibility of a third party agency to provide credit guarantees for both parties to the online communication. The participants in the SET protocol are: (1) User: In the e-commerce environment, the user interacts with the merchant through the computer, and the user settles through the payment card issued by the card issuer. During the interaction between the user and the merchant, the SET can ensure that the user's personal account information is not leaked; (2) the card issuer: responsible for issuing a payment card for each user who wishes to make an electronic payment, and establishing a related account of the user. The card issuing institution pays for each certified transaction according to the regulations of different brand cards and relevant laws and regulations; (3) Merchant: The merchant provides goods or services, and uses SET to provide users with secure electronic payment services. At the same time, the merchant accepting the payment must have a relationship with the clearing house; (4) the clearing institution: it is a financial institution, which establishes the merchant account and handles the authentication and payment of the payment card; (5) the payment gateway: is the clearing institution Or specify a device provided by a third party that handles the payment information of the user and the merchant; (6) The Certificate Authority (CA) is a third party that provides authentication and may be composed of entities trusted by one or more parties to the transaction. Responsible for receiving and processing various registration requests and issuing corresponding certificates.

3 Analysis and research of the general model of mobile payment

The design of the generic model must ensure the scalability of the platform, while at the same time including the authority and security of the transaction, the privacy of the merchant or user. Therefore, based on the SEMOPS model, a trusted third party was introduced to act as an arbitration institution. The universal payment model is divided into five modules: user payment module, merchant module, payment processing module, data center, and trusted third party.

User payment module: The user payment module is composed of a mobile phone terminal with an NFC controller and a built-in STK card. The NFC device and the mobile phone controller are connected by an I2C bus, and the card and the mobile phone are ISO7816 communication standards, and are proposed with existing mobile phones. The difference between controlling NFC is that the card is used to control the NFC device. The specific implementation is to use the STK function of the card. This command can be an extended active command of GSM1 1.14. The terminal transmits the APDU command interpretation to the NFC to implement the SIM card. Control NFC function, you can control NFC to turn off communication and other functions. Compared with the existing NFC mobile phone, the STK card can verify the legal identity of the holder, control the opening and closing of the NFC device, prevent unauthorized transactions, and use the security features of the STK card for security. The certificate of the transaction can quickly generate a session key when the transaction occurs, and the signature and other information effectively protect the user's personal information.

Merchant module: In the prospect of NFC multi-purpose, the merchant module has a variety of implementation forms, the merchant module can be a POS-like card reading device, or the content provider can put the NFC device into the smart media machine. The certificate of the payment institution is placed in each merchant module, and the sensitive information such as the merchant information and the transaction amount is encrypted and signed when the transaction is generated.

Payment processing mechanism: the payment processing institutions are connected to each other in a ring, the payment processing organizations trust each other, and have mutual public key certificates, and the payment processing organization can process the user's request and can also process the merchant's request, and the user is authenticated according to the certificate. Or the merchant verifies and, at the same time, passes the verification, and re-signs the transaction information to a trusted third party for verification. The user or the merchant and the payment processing institution to which they belong have each other's public key certificate, and the user and the merchant's certificate are only stored in the home payment processing institution, and no certificate is transmitted during the mobile payment process, thereby saving the time of certificate exchange. .

Data Center: The data center has the same functions as the SEMOPS model. It is responsible for message routing and delivery between payment agencies. The data center system includes two parts: the consumer data load transfer and settlement center MIS. The settlement center MIS mainly completes data transmission management, data collection statistics, consumption data processing and corresponding query statistics, processing and payment processing organization communication data. Data load transfer, responsible for collecting consumption data to generate local data, and responsible for generating uploaded data packets.

Trusted third party: The trusted third party consists of a time stamp server and a certificate authority. It saves the public key certificate of each payment institution, is responsible for the verification of the payment processing organization, adds time stamps when passing the verification, prevents retransmission attacks, and gives Provide arbitration basis for future trading disputes. The client uses NFC channel for transmission. The ultra-short distance transmission improves security. The end of the entire transaction is controlled by the user's STK card, which increases the flexibility of the transaction. With the secure storage feature of STK, the transaction information is saved and convenient. Management; introduction of trusted third parties, providing arbitration for disputes arising from transactions, and adding timestamps to effectively prevent retransmission attacks that may occur in the system; payment processing agencies trust each other and have public key certificates for users and merchants, Connected into a ring, can handle the payment request of the merchant and the user at the same time, improve the scalability of the entire model; achieve a good anonymity throughout the transaction process, the user or the merchant is only responsible for the belonging payment processing organization, the other party cannot see Personally identifiable information of the transaction. The user or merchant only saves its own certificate and the certificate of the home payment processing organization, which can be conveniently and safely stored in the STK card with limited storage space.

4 Conclusion

The pace of development of mobile payment services is accelerating. There are two main ways to implement payment services: one is to complete payment through SMS, WAP and other remote control, and the other is to complete payment through proximity non-contact technology. The way SMS and WAP are implemented has obvious defects. Compared with SMS and WAP mobile payment, the NFC technology introduced in this paper has obvious advantages.

(Text / Department of Mathematics and Information Engineering, Fuyang Vocational and Technical College Ren Yanfei)

Stainless steel flour sifter is one of our products. It is made from food grade material which can pass FDA tests or even LFGB tests. When we want some fine flour in on baking, a flour sifter should turn up to finish this mission. We just pull the button on handle, flour will go through mesh on bottom of the sifter. As a manufacturer, we concentrate on creating more functional gadgets all the time. Because of this, we earn a good name between our customers with our ice cream scoop, measuring cup and spoon and cake ring.

Flour Sifters

Baking Sifter,Flour Sifters,Stainless Steel Sifter,Manual Flour Sifter

Yangjiang Kasonn Industrial & Trading Co., Ltd. , https://www.kasonn.com