【摘要】：隨著移動通信技術(shù)的飛速發(fā)展,移動互聯(lián)網(wǎng)面臨著許多原本針對傳統(tǒng)互聯(lián)網(wǎng)的威脅和攻擊。與此同時,運(yùn)營商、第三方平臺等業(yè)務(wù)平臺提供的移動終端業(yè)務(wù)日益繁多,用戶量快速增長,再加上移動互聯(lián)網(wǎng)自身網(wǎng)絡(luò)情況復(fù)雜,移動互聯(lián)網(wǎng)的安全問題越來越受到人們的重視。作為整個移動互聯(lián)網(wǎng)安全的重要支撐部分,終端用戶的信息安全也面臨著巨大的挑戰(zhàn)。因此,設(shè)計一個移動終端用戶信息保護(hù)系統(tǒng),不僅對于移動終端用戶信息安全至關(guān)重要,而且能夠為移動互聯(lián)網(wǎng)安全提供一定程度的支撐。這個系統(tǒng)能夠在盡量小的代價下,有效對用戶的身份、用戶的操作或發(fā)起服務(wù)請求的移動終端應(yīng)用進(jìn)行安全鑒權(quán)。 本文的目的是設(shè)計一個在保證移動終端用戶體驗的情況下,滿足現(xiàn)有安全需求的,針對移動終端用戶信息保護(hù)的安全方案。本文重點介紹了終端用戶在安全平臺側(cè)的鑒權(quán)邏輯,并在此基礎(chǔ)上實現(xiàn)了終端用戶信息保護(hù)系統(tǒng)。 本文分析總結(jié)了在目前移動互聯(lián)網(wǎng)環(huán)境下,終端用戶在和應(yīng)用平臺交互過程中所面臨的安全風(fēng)險,并結(jié)合具體實例總結(jié)了現(xiàn)有終端用戶保護(hù)機(jī)制的不足�；谶@些安全風(fēng)險和當(dāng)前機(jī)制的不足,本文主體部分介紹了筆者所設(shè)計的終端用戶信息保護(hù)系統(tǒng)。首先,介紹了本系統(tǒng)所使用的終端用戶身份認(rèn)證機(jī)制,該機(jī)制基于傳統(tǒng)的認(rèn)證框架,并根據(jù)移動通信的特點加入了容錯機(jī)制,同時采取了響應(yīng)的安全加固,兼顧了一定的安全性和實用性。接著,從系統(tǒng)整體框架、系統(tǒng)層次、系統(tǒng)中各部分通信協(xié)議三個角度描述了整個系統(tǒng)的架構(gòu)。整個系統(tǒng)分為終端側(cè)、安全平臺和業(yè)務(wù)平臺三個部分,詳細(xì)介紹了其核心部分安全平臺的功能,并介紹了實現(xiàn)這些功能的相關(guān)組件。接著,詳細(xì)介紹了終端用戶與安全平臺交互過程中的鑒權(quán)流程,主要分為三個階段：用戶注冊、用戶訂購、能力調(diào)用,并介紹了相關(guān)的安全參數(shù)的設(shè)計、相關(guān)的鑒權(quán)技術(shù)及安全算法。同時,本文對該系統(tǒng)做了相應(yīng)的功能測試和性能測試。 最后,本文總結(jié)了本論文完成的主要工作并提出了需要進(jìn)一步研究的問題。經(jīng)總結(jié),可以看到本文所設(shè)計并實現(xiàn)的終端用戶信息保護(hù)系統(tǒng)能夠滿足當(dāng)前用戶的需求,但隨著終端用戶的持續(xù)增長,該系統(tǒng)進(jìn)一步提升的空間還很大。
[Abstract]:With the rapid development of mobile communication technology, mobile Internet is facing many threats and attacks against traditional Internet. At the same time, operators, third-party platforms and other business platforms are providing more and more mobile terminal services, and the number of users is growing rapidly. In addition, the mobile Internet itself has a complex network situation. People pay more and more attention to the security of mobile Internet. As an important part of the security of mobile Internet, the information security of end users is also facing a huge challenge. Therefore, the design of a mobile terminal user information protection system is not only very important for mobile terminal user information security, but also can provide a certain degree of support for mobile Internet security. The system can effectively authenticate the identity of the user, the operation of the user or the mobile terminal application that initiates the service request at the lowest possible cost. The purpose of this paper is to design a security scheme for the information protection of mobile terminal users under the condition of guaranteeing the mobile terminal user experience and satisfying the existing security requirements. This paper mainly introduces the authentication logic of the end user on the side of the security platform, and realizes the information protection system of the end user on this basis. This paper analyzes and summarizes the security risks faced by end-users in the process of interacting with the application platform under the current mobile Internet environment, and summarizes the shortcomings of the existing end-user protection mechanism combined with concrete examples. Based on these security risks and the shortcomings of the current mechanism, the main part of this paper introduces the end-user information protection system designed by the author. Firstly, this paper introduces the end-user authentication mechanism used in this system, which is based on the traditional authentication framework, and adds fault-tolerant mechanism according to the characteristics of mobile communication, and adopts the security reinforcement of response. It takes into account the safety and practicability. Then, the architecture of the whole system is described from three angles: the whole system framework, the system level, and the communication protocols in each part of the system. The whole system is divided into three parts: terminal side, security platform and business platform. The functions of its core security platform are introduced in detail, and the related components to realize these functions are introduced. Then, the authentication process of the interaction between the end user and the security platform is introduced in detail, which is divided into three stages: user registration, user order, ability call, and the design of related security parameters. Related authentication techniques and security algorithms. At the same time, this paper has done the corresponding function test and the performance test to this system. Finally, this paper summarizes the main work accomplished in this paper and points out the problems that need further study. In conclusion, we can see that the end-user information protection system designed and implemented in this paper can meet the needs of current users, but with the continuous growth of end-users, there is still a lot of room for further improvement of the system.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 黃志偉;付航;;解析移動通信安全機(jī)制,構(gòu)建下一代可信網(wǎng)絡(luò)[J];電信工程技術(shù)與標(biāo)準(zhǔn)化;2009年07期

2 唐韶華;Lamport一次性口令認(rèn)證方案的改進(jìn)(英文)[J];華南理工大學(xué)學(xué)報(自然科學(xué)版);2001年08期

3 李魯群,李明祿;面向Java手機(jī)Web Service技術(shù)應(yīng)用集成研究[J];計算機(jī)工程;2005年03期

4 羅作民;朱燕;程明;;Web服務(wù)測試工具SOAPUI及其分析[J];計算機(jī)應(yīng)用與軟件;2010年05期

5 袁丁,范平志;一個安全的動態(tài)口令鑒別方案(英文)[J];四川大學(xué)學(xué)報(自然科學(xué)版);2002年02期

6 王濱;劉剛;;動態(tài)口令認(rèn)證方案的研究與改進(jìn)[J];計算機(jī)工程與設(shè)計;2007年12期

7 熊光彩;慕_晨，

本文編號：2347389