Design and Implementation of the Authentication System for In-app Billing in Mobile Environments

석호준; Seog-Gyu Kim

Journal of The Korea Society of Computer and Information

Abbr : JKSCI
2016, 21(2), pp.61-69
Publisher : The Korean Society Of Computer And Information
Research Area : Computer Science

석호준 ¹ , Seog-Gyu Kim ²

¹ 안동대학교
² 안동대학교

ABSTRACT

In this paper, we propose the authentication server system that prevent hacking in In-app billing applications. And we also propose the methods to verify electronic receipt for the payment of internal app payments and to check the integrity of the applications. Then we designed the payment metabolic system that checks between products-offer list and paid subscription if payment system is hacked with new hacking technologies different from existing ones. And then we implemented proposed authentication system and experimented with about 10,000 average internal application payments per an hour. It shows that proposed system has defensive techniques that counter attacks against in-app billing but it takes more than 0.8916 seconds than no-certification system that is considered as relatively short time.
KEYWORDS

In-app billing , authentication system , mobile application , prevent hacking
REFERENCES (9)

[confproc] Ho-Jun Seok / 2015 / An Authentication Sever System for In-App Purchase / Proceedings of KSCI Conference 2015

[other] Wonnam Lee / 2014 / A Study on the Android Vulnerability of Rooting/App Integrity Verification Module

[journal] Yuxue Piao / 2013 / Structural and Functional Analyses of ProGuard Obfuscation Tool / 한국통신학회논문지B / 한국통신학회 38 (8) : 654~662

[web] Google / In-app Billing Security and Design / http://developer.android.com/google/play/billing/billing_best_practices.html

[web] Google / In-app billing Version3 API / http://developer.android.com/google/play/billing/api.html

[web] Jordan Kahn / Apple’s in-app purchasing process circumvented by Russian hacker / http://9to5mac.com/2012/07/13/apples-in-app-purchasing-process-circumvented-by-russian-hacker/

[confproc] Mulliner Collin / 2014 / Virtual Swindle:an automated attack against in-app billingon android / Proceedings of the 9th ACM symposium on Information computer and communications security

[web] Jinsun Hong / Mobile Game Hacking / http://www.inven.co.kr/webzine/news/?news=128022

[web] Crossdotcom / Lucky Patcher / http://www.kgezzang.tk/173
KCI Citation (0)

KJC Korea
Journal Central

Statistics

Tools