HCE技术在移动支付中的应用研究
发布时间:2018-11-12 18:43
【摘要】:NFC移动支付是一种新型的支付手段,受到很多用户和服务提供商的青睐。NFC移动支付其主要方式是用手机来模拟智能卡,传统的手机卡模拟是基于安全芯片(Secure Element,SE)的卡模拟,但是由于供应商之间的恶意竞争和SE移动支付技术的封闭性,使得手机卡模拟技术发展的非常缓慢,因此NFC移动支付也跟着受到了很大程度上的限制。主机卡模拟(Host Card Emulation,HCE)是近年来推出的新兴技术,目的在于降低NFC手机支付技术的门槛,其打破了传统的使用安全元素进行NFC卡模拟的局限性,尤其是在Android的4.4系统版本之后增加了HCE作为系统的一个服务,这样大大促进了NFC移动支付的发展。HCE技术安全元素完全由软件实现,它虽然脱离了对硬件安全元素的依赖,但是无论软件如何实现,还是无法达到硬件级别的安全性。因此,安全性问题是HCE技术发展所面临的最大难题。本文对HCE技术进行了系统的研究,取得了如下的研究成果:1.对NFC移动支付进行了研究。首先是对NFC移动支付的原理进行了研究,分析目前常见的三种传统卡模拟方式和工作原理,对每种卡模拟的优势和缺点进行了详细的了解,接着对HCE技术进行了说明,并指出了HCE技术相对与传统的卡模拟技术的优势。2.对HCE技术的安全性进行了分析,指出了其依赖于手机操作系统存在的安全威胁,并提出了几种增强HCE安全性的解决方案。通过对几种不同的解决方案进行对比,提出了远端SE的HCE应用模型。该模型将敏感信息的存储和处理从本地转移到远端服务器中来完成,然后移动设备使用网络与远端服务器进行交互,这样大大增加了HCE的安全性。此外,对远端SE的HCE应用模型的业务流程进行说明,提出了三个不同的应用场景,并对三个不同的应用场景的模型进行了说明。3.根据远端SE的HCE应用模型,设计了一种远程刷卡系统。首先对系统的架构进行了设计。整个系统有若干模块组成,模块功能在设计方案里进行了详细描述。在此基础之上,提出客户端和服务端的设计方案,设计了身份认证协议和安全交易协议。身份认证协议用来保证客户端和服务端之间的认证安全。安全交易协议用来保护客户端和服务端交互的数据安全。4.采用Android操作系统作为HCE的运行平台,使用Java对远程刷卡系统进行了实现,并对实现的系统进行了测试,结果表明系统工作正常,完成了远程刷卡的预期目标,证明了远程刷卡系统的可行性和有效性。
[Abstract]:NFC mobile payment is a new payment method, which is favored by many users and service providers. The main way of NFC mobile payment is to use mobile phone to simulate smart card. Traditional mobile card simulation is based on security chip (Secure Element, SE) card simulation, but due to the malicious competition among suppliers and the closure of SE mobile payment technology, the development of mobile card simulation technology is very slow, so NFC mobile payment is also restricted to a large extent. Host card simulation (Host Card Emulation,HCE) is a new technology introduced in recent years, which aims at lowering the threshold of NFC mobile phone payment technology, and breaks the limitation of traditional NFC card simulation using security elements. Especially after the 4.4 system version of Android, HCE was added as a service of the system, which greatly promoted the development of NFC mobile payment. The security element of HCE technology is completely realized by software, although it is independent of the dependence on hardware security elements. However, no matter how the software is implemented, the hardware level of security can not be achieved. Therefore, the security problem is the biggest problem faced by the development of HCE technology. In this paper, the HCE technology has been systematically studied, and the following research results have been obtained: 1. NFC mobile payment is studied. First of all, the principle of NFC mobile payment is studied, and three common traditional card simulation methods and working principles are analyzed. The advantages and disadvantages of each card simulation are understood in detail, and then the HCE technology is explained. The advantages of HCE technology compared with traditional card simulation technology are pointed out. 2. This paper analyzes the security of HCE technology, points out the security threats that depend on the mobile phone operating system, and puts forward several solutions to enhance the security of HCE. By comparing several different solutions, a HCE application model of remote SE is proposed. The model transfers the storage and processing of sensitive information from the local to the remote server, and then the mobile device uses the network to interact with the remote server, which greatly increases the security of the HCE. In addition, the business process of the HCE application model of remote SE is explained, three different application scenarios are proposed, and the models of three different application scenarios are explained. 3. According to the HCE application model of remote SE, a remote credit card printing system is designed. Firstly, the architecture of the system is designed. The whole system has several modules, the module function is described in detail in the design scheme. On this basis, the design scheme of client and server is proposed, and the identity authentication protocol and secure transaction protocol are designed. Authentication protocols are used to secure authentication between client and server. Secure transaction protocol is used to protect the data security of client and server interaction. 4. The Android operating system is used as the running platform of HCE, and the remote credit card system is realized with Java, and the system is tested. The results show that the system works well and achieves the expected goal of remote credit card. The feasibility and effectiveness of remote credit card printing system are proved.
【学位授予单位】:西安电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TN929.53
[Abstract]:NFC mobile payment is a new payment method, which is favored by many users and service providers. The main way of NFC mobile payment is to use mobile phone to simulate smart card. Traditional mobile card simulation is based on security chip (Secure Element, SE) card simulation, but due to the malicious competition among suppliers and the closure of SE mobile payment technology, the development of mobile card simulation technology is very slow, so NFC mobile payment is also restricted to a large extent. Host card simulation (Host Card Emulation,HCE) is a new technology introduced in recent years, which aims at lowering the threshold of NFC mobile phone payment technology, and breaks the limitation of traditional NFC card simulation using security elements. Especially after the 4.4 system version of Android, HCE was added as a service of the system, which greatly promoted the development of NFC mobile payment. The security element of HCE technology is completely realized by software, although it is independent of the dependence on hardware security elements. However, no matter how the software is implemented, the hardware level of security can not be achieved. Therefore, the security problem is the biggest problem faced by the development of HCE technology. In this paper, the HCE technology has been systematically studied, and the following research results have been obtained: 1. NFC mobile payment is studied. First of all, the principle of NFC mobile payment is studied, and three common traditional card simulation methods and working principles are analyzed. The advantages and disadvantages of each card simulation are understood in detail, and then the HCE technology is explained. The advantages of HCE technology compared with traditional card simulation technology are pointed out. 2. This paper analyzes the security of HCE technology, points out the security threats that depend on the mobile phone operating system, and puts forward several solutions to enhance the security of HCE. By comparing several different solutions, a HCE application model of remote SE is proposed. The model transfers the storage and processing of sensitive information from the local to the remote server, and then the mobile device uses the network to interact with the remote server, which greatly increases the security of the HCE. In addition, the business process of the HCE application model of remote SE is explained, three different application scenarios are proposed, and the models of three different application scenarios are explained. 3. According to the HCE application model of remote SE, a remote credit card printing system is designed. Firstly, the architecture of the system is designed. The whole system has several modules, the module function is described in detail in the design scheme. On this basis, the design scheme of client and server is proposed, and the identity authentication protocol and secure transaction protocol are designed. Authentication protocols are used to secure authentication between client and server. Secure transaction protocol is used to protect the data security of client and server interaction. 4. The Android operating system is used as the running platform of HCE, and the remote credit card system is realized with Java, and the system is tested. The results show that the system works well and achieves the expected goal of remote credit card. The feasibility and effectiveness of remote credit card printing system are proved.
【学位授予单位】:西安电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TN929.53
【相似文献】
相关期刊论文 前10条
1 叶惠;全球移动支付分析与展望[J];通讯世界;2004年06期
2 傅冬;为移动支付呐喊[J];电子商务世界;2004年08期
3 唐绮薇;;移动支付的多种运营模式[J];数字通信世界;2005年12期
4 ;后金融时代的移动支付[J];数据通信;2006年04期
5 肖晓;;移动支付,,无处不在的魅力[J];上海信息化;2007年07期
6 翟丹妮;;我国移动支付运营模式的分析[J];中国新通信;2007年22期
7 宋颖;;移动支付之综述篇 全球移动支付发展现状[J];通信世界;2008年01期
8 师群昌;帅青红;;移动支付及其在中国发展探析[J];电子商务;2009年02期
9 陈琛;;移动支付小步前行“摸石头”的阶段[J];通信世界;2009年22期
10 陈琛;;湖南:移动支付的星星之火[J];通信世界;2009年22期
相关会议论文 前9条
1 秦成德;;现场移动支付的技术选择[A];经济发展与管理创新--全国经济管理院校工业技术学研究会第十届学术年会论文集[C];2010年
2 张志华;索炜;;移动支付现场应用远程支付账户的几种方案[A];2011年通信与信息技术新进展——第八届中国通信学会学术年会论文集[C];2011年
3 邱翔;;我国近场移动支付技术标准的确立发展分析[A];两化融合与物联网发展学术研讨会论文集[C];2010年
4 高丛;;移动支付与金融中介是竞争还是合作?[A];通信发展战略与管理创新学术研讨会论文集[C];2006年
5 尤昊;郑会颂;;我国移动支付企业的运营效率及其影响因素研究[A];社会经济发展转型与系统工程——中国系统工程学会第17届学术年会论文集[C];2012年
6 胡s
本文编号:2327897
本文链接:https://www.wllwen.com/kejilunwen/wltx/2327897.html
