基于NFC技术的手机支付研究

上海交通大学硕士学位论文基于NFC技术的手机支付研究姓名：雷洪斌申请学位级别：硕士专业：计算机技术指导教师：邱卫东;张宗平20071101NFC20071112NFC2007111220071112NFC1NFCNFCWAPNFCWAPNFCNFCC6SIMNFCNFCWIMSTKWPKINFCNFCNFCWIMSTKWKPINFC2TheResearchofmobilepaymentbasedonNFCABSTRACTTheappearanceofNFCtechniqueenrichesthemethodsofthemobilepayment.Therearesomemethodsofthemobilepayment,suchasbyusingmessageorWAP,butusingNFCtechniquehasmoreadvantagethanusingmessageorWAPinthefieldoffrequentsmallpayments,becausethemobilebyusingNFCtechniquedon'tneedtosendmessagetoacknowledgement,toselectsubmenusinthemenufrequentlywhileitcanfinishthepaymentwhenneartothereadcard.Inthispaper,firstly,Ianalysethepaymentprocessfromindustrychain,operationmodeandthecurrentexistingmobilepaymentmethodsasawhole.Secondly,IintroducetheNFCtechniqueandamethodbasedontheSIMcardwithC6interfaceandNFCchipsindetail.Atlast,IintroducethenewpaymentmethodbyusingSTKtechniquebasedonWIMcardwhichcanrealizethecombinationbetweenWPKIsecuritysystemandmobilewithNFC.Ithasakernelframeworkwhichisamobilepaymentplatformandmobilewalletmanagementsystemfoundedbythethirdauthenticationorganization,ChinaUnionPayandoperators.ItsupportthesecurityguaranteebyusingthedoublesecretkeysandauthenticationsforthemobilepaymentwithNFC.KEYWORDS:mobilepaymentNFCWIMSTKWKPINFC51.1[1]TR603[2]¾220¾225240¾25¾WAPUSSD¾POSface-to-face[1]()20051026p.1.[2]EUROPEANCOMMITTEEFORBANKINGSTANDADS,“BUSINESSANDFUNTIONALREQUIREMENTSFORMOBILEPAYMENTS,TR603,”February,2003,p.10-11.NFC61.21.2.1FelicaNFCNTTDoCoMoSonyFelicaNTTDoCoMoMifareFelicaNFCNFC[3]200510OrangeLaSerVinciNFC200NFCD50020066SKNFC400NFCVisa20000VisaCingular(NFC)PayPass1.2.22000[29][3]NFCA200628[29]NFC200506NFC72004129CDMA1XBREWCDMA1XCDMA1XSPCDMA1XIC8002006627(NFC)NFC32209WAPSiteCFCANFCNFC81.3NFCNFC[4]NFCNFC3220D500NFCNFCNFCNFCNFC??NFCNFCNFCRFIDNFC20066RFIDRFIDNFC[4]20052p.58-61NFC92.1()SIM[5]G2G3SKTSIMSMSWAP[5]WPKIWAP200612NFC10()2.2:[28]2.2.1100:;;2.2.2[28]20053p.10-11NFC11():;;SKT2.2.3()Paybox.netAGBIMWebSphere:PS;;;;2.3Paybox33l[6][6]UnitedArabEmiratespayboxfeaturesworldofmobilecommerceinDubai,:SMSWAPJ2MEFelica2.3.1/:FSP()[7]2.1Figure2.1FrameworkofsimplemobilepaymentInternet[7]AndersCerveraAnalysisofJ2MEfordevelopingMobilePaymentsystemsMaster'sThesisITUniversityofCopenhagen2002.8NFC132.1ActionParties1PurchaseinitiationEnduser/Merchant2Userand/orAccountidentificationEnduser/FSP3AuthorizePaymentFSP/FSP4PaymentauthorizedFSP/Merchant5Recipient+contentMerchant/Enduser6PaymentcaptureMerchant/FSPPCMPSPISFSPID2.3.2SMSSMS(ShortMessageService)GMSPhasel70160(USGSM)SMS:End-userMerchant5Bill1SMS:Requestcontent2Requestcontent3Content:Ringtoneetc.4Content:Ringtoneetc.PSP/FSP6$2.2SMSFigure2.2FrameworkofSMSsystemEnd-userPSP/FSPEnd-userNFC14XXXXPSP/FSPMerchantFSPEnd-userMerchantMerchantPSP/FSPMerchantPSP/FSPPSP/FSPMerchantPSP/FSPPSP/FSPEnd-userPSP/FSPEnd-user567PSP/FSPEnd-userMerchantSMSPSP/FSPPSP/FSPSMSSMSSMS0.1SIMSTKSMS90%MobiletoMobile10%SMSMOPAY2.3.3WAP1WAP[8]WAP(WirelessApplicationProtocol)InternetPDAWAPWAE(WirelessApplicationEnvironment)WSP(WirelessSessionProtocol)WTP(WirelessTransactionProtocol)WTLS(WirelessTransportLayerSecurity)WDP(WirelessDatagramProtocol).WAPInternetWAP[8]WAPForum,WAP2.0TechnicalWhitePaper,(2.3)WAPWTLSWTLSWTLSWTLSWTLSWTLSWAPWAPB-S:CGIWAPWAPWAPWAPWAPWAP2WAPWAPWTLS/TLSWIMWMLScriptSignTextNFC16(WIM):WIMGSMSIMWTLS:()WIMWIMSIMWMLScriptSignText:WAPWMLScriptCrypto.SignTextsignTextWIMPINWTLS(WirelessTransportLayerSecurity)[9]WTLSTLSProtocolWTLSSSLTLSWEBTLSWAP3WAPWAPNokiawalletWAPWAPWAPPINPINWTLSWIMWAPECML(ElectronicCommerceModelingLanguage)NokiawalletNokia631063101WAPWAP:[9]WirelessapplicationForumLtdWirelessapplicationProtocolWirelessTransportLayerSecuritySpecification1998.4NFC17(1)B/SInternetWAP:WDPWTPWAPWMLHTML(2)WAP1.XWAPInternetWAP:WAP.20TLS(3)WAP2.3.4J2MEJ2ME(Java2MicroEdition)SunJavaJ2ME(Configuration):CLDC(ConnectedLimitedDeviceConfiguration)[10]CDC(ConnectedDeviceConfiguration)CLDCPDA(KVM)JAVACDCMDIP[26](MobileInformationDeviceProfile)CLDCMIDletMIDlet:(Active)(Pause)(Destroyed)MIDletsuiteMIDletJ2MEMIDletsuiteMDIPMDIPMDIPMDIP1.0MDIP2.0MDIP2.0:MIDP1.0httpBouncycastleXMLMIDP2.0httpsTrustMIDlet:MIDP2.0MIDletsuiteMIDP1.0MIDlets[10]SunMicorsystemsLtdJSR30JSR139ConnectedLimitedDeviceConfiguration(CLDC)[26]J2ME20053NFC18MIDletsuiteAPIMIDletsuiteMIDletsuiteMIDletsuiteAPIphonecallnetworkaccessmessagingandPersonalInformationManagement(PIM)MIDletsuiteMIDletsuiteInternet.X509PUBLICKEYINFRASTRUCTURE(PKI)WIMSIMUSIMMIDPX.509[11]WAPMIDletsuitePKCS#RSA+SHA-lbase4MIDlet2.4MDIP3Transfer7installationstatusreport8UsageDeploymentServerWEBServer1Applicationcreation2Applicationsigning4MIDletdownloadrequest5MIDletdownloadresponse6MIDletsignatureverificationandinstallation2.4MDIPFigure2.4MDIPsignedandvalidatedprocessMIDP2.0ProtectedDomainMIDletsuitePROTECTE