本文選題：移動支付　切入點：Android　出處：《東南大學(xué)》2016年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著移動手機(jī)的普及以及移動網(wǎng)絡(luò)基礎(chǔ)設(shè)施的大力發(fā)展,電子商務(wù)和互聯(lián)網(wǎng)經(jīng)濟(jì)日益活躍。人們已經(jīng)培養(yǎng)成了在手機(jī)上進(jìn)行在線交易的習(xí)慣,即移動支付。通過移動支付,人們可以隨時隨地的進(jìn)行網(wǎng)絡(luò)支付,包括訂機(jī)票、訂酒店、訂電影票等一系列的消費(fèi)業(yè)務(wù)以及各種支付場景。這種隨時隨地的方式極大地方便了人們的生活日常,節(jié)省了大量的時間和精力。雖然這種方式極大地豐富了我們的生活,使得我們可以足不出戶的購買到喜歡的物品。但對于司法機(jī)關(guān)來講：由于移動支付的網(wǎng)絡(luò)性使得其具有隱蔽性,使得在對某些案件的偵破過程中帶來了一些麻煩。更由于移動互聯(lián)網(wǎng)是在短短幾年間普及,所以針對于此的研究相對比較少,這方面的研究具有緊迫性和實用性。對于普通大眾來說：雖然移動支付便利了我們的生活,可是由于數(shù)據(jù)的傳輸以及現(xiàn)有系統(tǒng)的局限使得我們的信息不斷被泄露,這一方面可能被不法分子利用,另一方面可能被一些正規(guī)公司收集作為大數(shù)據(jù)時代的一個數(shù)據(jù)進(jìn)行分析。雖然大數(shù)據(jù)時代可以極大地方便資源的對接和資源的更佳利用,但是其對于我們普通用戶的行為數(shù)據(jù)化越來越引起恐慌。尤其支付數(shù)據(jù)由于其特殊的敏感性,我們一方面既不希望自己的訂單被泄露,自己的消費(fèi)習(xí)慣被預(yù)測然后每天面對數(shù)之不盡的推銷電話,另一方面我們不希望自己的賬號甚至密碼被泄露造成財產(chǎn)的損失。針對上面兩方面即司法和普通人群的需求,本文主要解決了這兩個問題：(1)針對司法機(jī)構(gòu),我們設(shè)計了智能手機(jī)取證系統(tǒng),描述了其主要的子模塊。首先通過UML建模工具著重分析了取證系統(tǒng)的需求,然后對其基本的通訊錄、短信、通話記錄進(jìn)行了提取分析,而后針對支付寶8.0版本進(jìn)行了鎖屏密碼的逆向分析。并針對結(jié)果編寫了該模塊的代碼,并且做了MFC模塊的測試程序。最后我們提出了仿真登陸模塊。它是建立在已經(jīng)獲得類似鎖屏密碼的關(guān)鍵信息的基礎(chǔ)上。登錄仿真模塊后就可以對應(yīng)用的其他關(guān)鍵信息學(xué)如銀行卡號,交易細(xì)節(jié)等進(jìn)行司法取證和分析。(2)針對普通用戶的安全隱私需求,我們設(shè)計了針對移動第三方支付的安全協(xié)議。由于目前主流的第三方支付是基于SSL (Secure Sockets Layer,安全套接層)協(xié)議的,故其存在依賴第三方保密承諾的問題。而可能是代表未來的SET (Secure Electronic Transaction)協(xié)議,卻由于基礎(chǔ)設(shè)施的不滿足以及我國還未構(gòu)建完善的信用支付體系而得不到推廣。本協(xié)議正是基于前兩者,提出基于身份的拉格朗日插值密鑰管理協(xié)議的安全支付協(xié)議。結(jié)果表明我們不但滿足了信息傳輸?shù)臋C(jī)密性、完整性、不可否認(rèn)性而且滿足了交易各方的信息隔離。商家只能獲得訂單信息,而對其隔離持卡人的賬號及密碼信息。銀行可以獲得賬號及密碼信息,但是隔離訂單的具體信息。第三方平臺只是負(fù)責(zé)中轉(zhuǎn)信息的支付平臺,具有面對消費(fèi)者的統(tǒng)一前臺界面,又具有集成了各個銀行支付網(wǎng)關(guān)的后臺,但對其隔離訂單信息以及賬號密碼信息,與此同時它又負(fù)責(zé)了交易雙方?jīng)_突時候的仲裁。本文的貢獻(xiàn)在于對于當(dāng)前研究較少但是具備高實用性的手機(jī)取證進(jìn)行研究并且設(shè)計了針對移動的第三方支付協(xié)議。取證系統(tǒng)根據(jù)實際的司法需求,著重對支付寶8.0版本進(jìn)行了關(guān)鍵信息提取,具有很高的實用性。支付協(xié)議很好地解決了移動支付過程中的信息隔離問題,并且在安全前提下大大提高了支付效率。
[Abstract]:With the vigorous development of the popularity of mobile mobile phone and mobile network infrastructure, e-commerce and the Internet economy has become increasingly active. People have been trained to conduct online transactions on the mobile phone habits, namely mobile payment through mobile payment, the people can whenever and wherever possible the payment network, including tickets, hotel booking, booking tickets etc. a series of consumer business as well as a variety of payment scenarios. This way whenever and wherever possible great convenience to people's daily life, save a lot of time and energy. Although this way greatly enrich our lives, so we can stay at home to buy love items. But for the judiciary: due to a network of mobile payment because of its concealment, so in the process of solving some of the cases brought some trouble. Because the mobile Internet is in short A few years of popularity, so research in this relatively little research in this area, it is urgent and practical. For the general public: Although the mobile payment convenience to our life, but because of the data transmission and the existing system because of the limitation of our information has been leaked, this may be illegal use, on the other hand may be some formal company to collect the data as a big data era were analyzed. Although the use of the era of big data can greatly facilitate the docking and resource resources better, but for us ordinary user behavior data is more and more panic. Especially the payment data because of its special sensitivity on the one hand, we can not hope that their orders were leaked, their spending habits are predicted and then face the countless calls every day, on the other hand we Don't want your account or password is compromised by the loss of property. According to the above two aspects namely the demand of justice and the general population, this paper mainly solve the two problems: (1) according to the judiciary, we designed an intelligent mobile phone forensics system, describes its main sub modules. Firstly, through the UML modeling tools on analysis of the evidence system, then the basic communication book, text messages, call records are extracted and analyzed, and then the reverse analysis of the lock screen password for Alipay version 8. And write the code according to the results, and the MFC module test procedures. Finally, we propose a simulation landing module it is built in. Have basic similar key information on the lock screen password. You can login module and other key information on the application of science such as bank card transaction details, etc. Judicial Forensics and analysis. (2) aiming at security and privacy needs of ordinary users, we design a security protocol for mobile payment by the third party. Because of the main third party payment is based on SSL (Secure Sockets Layer, SSL) protocol, so its existence depends on third party security and may commit to. Represent the future of the SET (Secure Electronic Transaction) protocol, but because the infrastructure does not meet and our country has not constructed a perfect credit payment system rather than promotion. This protocol is based on the first two, Lagrange put forward the interpolation key management protocol of secure payment protocol based on identity. The results show that we not only meet the transmission of information confidentiality, integrity, non repudiation and meet the information isolation trading parties. Businesses can obtain the order information, and the isolation of the cardholder's account and The password information can be obtained. The bank account number and password information, but the specific information isolation order. The third party platform is responsible for the transfer of information of the payment platform, with a unified interface of consumers, but also has integrated various bank payment gateway in the background, but the isolation order information and account password information on it, at the same time it is responsible for. When both parties conflict arbitration. The contribution of this paper is to study the less but with high practicability of the mobile phone Forensics Research and design for mobile third party payment protocol. According to the actual needs of the judicial forensic system, focusing on the Alipay 8 version of the key information extraction, has very high practicability. The payment protocol a good solution to the information isolation problem of mobile payment process, under the premise of safety and greatly improve the efficiency of the payment.

【學(xué)位授予單位】：東南大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2016
【分類號】：TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 紀(jì)耀;李W，

本文編號：1649569