【摘要】：隨著移動(dòng)智能終端的不斷普及和網(wǎng)上銀行業(yè)務(wù)的快速發(fā)展,移動(dòng)支 付交易越來越多,支付形式也在不斷變化,終端用戶對(duì)移動(dòng)支付的依賴 性逐漸增強(qiáng)。同時(shí),移動(dòng)支付活動(dòng)的安全問題也隨之出現(xiàn),終端的硬件 和軟件威脅、無線網(wǎng)絡(luò)和移動(dòng)支付處理平臺(tái)的安全性也成了用戶關(guān)注的 問題。本文以提高和改善移動(dòng)支付系統(tǒng)安全性作為主要研究方向,旨在 找到相應(yīng)的安全策略,進(jìn)而搭建一個(gè)安全的移動(dòng)支付平臺(tái)。本文主要從多個(gè)角度對(duì)移動(dòng)支付體系的安全風(fēng)險(xiǎn)進(jìn)行詳細(xì)的分析 和研究,并提出一系列的安全性策略。論文所做的主要工作是相關(guān)背景 技術(shù)知識(shí)的調(diào)研,包括基于SMS、WAP、NFC的支付方式和移動(dòng)支付 的關(guān)鍵安全技術(shù)。將整個(gè)移動(dòng)支付體系分為三個(gè)層次：應(yīng)用層、交易層 和支付處理層,具體地分析了各層的功能；接著從移動(dòng)終端、無線網(wǎng)絡(luò) 和支付過程三個(gè)部分來分析移動(dòng)支付體系的安全性。針對(duì)移動(dòng)終端的安 全,分成硬件安全和應(yīng)用軟件兩方面,分析可能造成交易信息泄露或者 用戶銀行賬戶信息泄露等一系列威脅；無線網(wǎng)絡(luò)部分主要針對(duì)當(dāng)WAP 和WIFI的安全技術(shù)漏洞進(jìn)行分析,包括信息傳輸過程的保密性、身份 認(rèn)證性和訪問控制等,并給出應(yīng)對(duì)策略；還對(duì)已有的電子支付協(xié)議SET 進(jìn)行了改進(jìn)建議,提出了基于ECC的新協(xié)議用于移動(dòng)支付環(huán)境中,最 后對(duì)新協(xié)議的安全性和性能進(jìn)行了評(píng)估。理論分析證明ECC比RSA的 效率高很多,同時(shí)新協(xié)議在簽名、證書驗(yàn)證、非對(duì)稱和對(duì)稱加密次數(shù)上 較SET協(xié)議也明顯減少,這樣當(dāng)前移動(dòng)終端和網(wǎng)絡(luò)能力完全可以支撐該 協(xié)議,保證安全有效的移動(dòng)支付過程。
[Abstract]:With the popularity of mobile intelligent terminals and the rapid development of Internet banking, mobile branches
Paying more and more transactions, changing the form of payment, and end-users' dependence on mobile payment.
The problem of security in mobile payment activities also arises.
And software threats, the security of wireless network and mobile payment processing platform has also become the concern of users.
The purpose of this paper is to improve and improve the security of mobile payment system as the main research direction.
In this paper, the security risk of mobile payment system is analyzed in detail from several angles.
And research, and put forward a series of security strategies. The main work of the paper is related background.
Research on technology knowledge, including payment methods based on SMS, WAP and NFC, and mobile payment.
The key technology of security is to divide the whole mobile payment system into three levels: application level and transaction level.
And the payment processing layer, specifically analyzing the functions of each layer; and then from the mobile terminal, the wireless network.
And the payment process three parts to analyze the security of the mobile payment system.
The whole analysis is divided into two aspects: hardware security and application software. Analysis may cause transaction information leakage or
User bank account information leakage and other threats; the wireless network part is mainly targeted at WAP.
And WIFI security technology vulnerability analysis, including the confidentiality of information transmission process, identity
Authentication and access control are also given, and the existing electronic payment protocol SET is also presented.
Suggestions for improvement are put forward, and a new protocol based on ECC for mobile payment environment is proposed.
The security and performance of the new protocol are evaluated. Theoretical analysis proves that ECC is better than RSA.
The efficiency of the new protocol is much higher than that of the new protocol.
The SET protocol is also significantly reduced, so that the current mobile terminals and network capabilities can fully support this.
The protocol ensures a safe and effective mobile payment process.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前6條

1 張險(xiǎn)峰,秦志光,劉錦德;橢圓曲線加密系統(tǒng)的性能分析[J];電子科技大學(xué)學(xué)報(bào);2001年02期

2 劉磊;;安全技術(shù)在移動(dòng)支付中的應(yīng)用[J];硅谷;2012年16期

3 洪琳,李展;數(shù)字簽名、數(shù)字信封和數(shù)字證書[J];計(jì)算機(jī)應(yīng)用;2000年02期

4 李北金;張力;;基于WAP的電子支付的安全性研究[J];微計(jì)算機(jī)信息;2008年06期

5 王曼珠,何文才,楊亞濤,魏占禎;無線局域網(wǎng)IEEE802.11的安全缺陷分析[J];微電子學(xué)與計(jì)算機(jī);2005年07期

6 許羅德;;推動(dòng)移動(dòng)支付業(yè)務(wù)融合發(fā)展[J];中國(guó)金融;2013年01期

，

本文編號(hào)：2127955