Abstract
In this paper, we propose a trusted mobile payment environment (TMPE) based on trusted computing and virtualization technology. There are a normal operating system (OS) and a trusted OS (TOS) in TMPE. We store the image of TOS in a memory card to hinder tampering. The integrity of TOS is protected by means of a trusted platform module (TPM). TOS can only be updated through a trusted third party. In addition, virtualization technology is applied to isolate TOS from normal OS. Users complete ordinary affairs in normal OS and security-sensitive affairs in TOS. TMPE can offer users a highly protected environment for mobile payment. Moreover, TMPE has good compatibility in different hardware architectures of mobile platforms. As the evaluation shows, TMPE satisfies the requirement of mobile payment well.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Cheetah Mobile. Security report about Chinese mobile pay ment in 2013-2014 [EB/OL]. [2014-04-12]. http://www.ijinshan.com/news/img/20140213/20140313baogao.pdf(Ch).
Lin P, Chen H Y, Fang Y, et al. A secure mobile electronic payment architecture platform for wireless mobile networks[J]. Wireless Communications, IEEE Transactions on, 2008, 7(7): 2705–2713.
Hussin W H, Coulton P, Edwards R. Mobile ticketing system employing TrustZone technology[C]//Mobile Business, 2005. ICMB 2005. International Conference on. Sydney: IEEE Press, 2005: 651–654.
Winter J. Trusted computing building blocks for embedded linux-based ARM trustzone platforms[C]//Proceedings of the 3 rd ACM Workshop on Scalable Trusted Computing. Alexandria: ACM Press, 2008: 21–30.
Trusted Computing Group. TCG Mobile Trusted Module Specification [EB/OL].[2014-03-29]. http://www.trustedcom-putinggroup.org/files/resource_files/87852F33-1D093519-AD0C0F141CC6B10D/Revision_6-tcg-mobile-trusted-module-1_0.pdf.
Trusted Computing Group. TPM Main Specification [EB/OL]. [2014-04-03]. http://www.trustedcomputinggroup.org/resources/tpm_main_specification.
Bugiel S, Ekberg J E. Implementing an application-specific credential platform using late-launched mobile trusted module[C]//Proceedings of the 5th ACM Workshop on Scalable Trusted Computing. New York: ACM Press, 2010: 21–30.
Li Q, Zhang X, Seifert J P, et al. Secure mobile payment via trusted computing[C]//Trusted Infrastructure Technologies Conference, 2008. APTC’08. Third Asia-Pacific. Wuhan: IEEE Press, 2008: 98–112.
Kastanas M. Limbo-android [EB/OL].[2014-03-14]}. https://code.google.com/p/limbo-android/
USB Implementers Forum Inc. On-The-Go [EB/OL]. [2014-04-04]. http://www.usb.org/developers/onthego/.
Google Inc. Android NDK [EB/OL].[2014-04-18]. https://developer.android.com/tools/sdk/ndk/index.html.
Kaspersky Labs. The statistics of Kaspersky security center security payment technology [EB/OL].[2014-04-27]. http://www.kaspersky.com.cn/internet-security-center/infographics/safe-money.htm(Ch).
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: Supported by the National Basic Research Program of China (973 Program) (2014CB340600), the National Natural Science Foundation of China (61173138, 61103628, 61103220) and the Intel Collaborative Research Project
Biography: WANG Juan, female, Ph.D., Associate professor, research direction: trusted computing, access control, cloud security and SDN security.
Rights and permissions
About this article
Cite this article
Wang, J., Lin, W., Li, H. et al. A trusted mobile payment environment based on trusted computing and virtualization technology. Wuhan Univ. J. Nat. Sci. 19, 379–384 (2014). https://doi.org/10.1007/s11859-014-1028-y
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11859-014-1028-y