簡易檢索 / 詳目顯示

回結果列表
研究生: 謝東龍
Hsieh, Tung-Lung
論文名稱: 以NFC設計P2P行動商務交易認證平台
Design of a P2P Mobile-Commerce Transaction Authentication Platform by Near Field Communication
指導教授: 李威勳
Lee, Wei-Hsun
學位類別: 碩士
Master
系所名稱: 管理學院 - 電信管理研究所
Institute of Telecommunications Management
論文出版年: 2014
畢業學年度: 102
語文別: 中文
論文頁數: 66
中文關鍵詞: NFCSemi-Offline P2P交易認證模式行動交易認證協定
外文關鍵詞: NFC, Semi-Offline P2P transaction authentication, Mobile-Commerce, Two-way transaction authentication
相關次數: 點閱:159下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 由於網路的快速發展,網路購物交易變成人們生活不可或缺的一部分。雖然網路購物帶來方便性,但是它不像實體購物,透過面對面來執行交易認證,當下完成銀貨兩訖,並且有發票當作交易憑證,因此容易衍生問題。
    在文獻上,有眾多提出安全性的機制及相關研究,例如:第三方交易平台機制、改良SET的安全機制,雖然有解決傳統無第三方交易平台的參與,仍無法有效解決交易認證的問題,例如:Online的交易認證模式容易產生第三方交易平台的效能瓶頸,除此之外存在單向作弊的風險,僅由單方與第三方做交易認證的動作,容易產生偽造及竄改的風險。
    在本研究中,設計一個行動交易認證協定的機制,將傳統Online交易認證模式改良成Semi-Offline的P2P交易認證模式並且搭配NFC非接觸的特性,由買賣雙方P2P Online的方式做交易內容的交易認證,使得雙方當下可以得到交易認證檔並且解開比。另一方面雙方與第三方交易認證中心做Offline的交易糾紛處理,解決雙方的問題。Semi-Offline的P2P交易認證模式主要目的為解決單向交易作弊的風險,降低買方被欺騙的可能性,並且減輕第三方交易認證中心在傳統第三方交易平台所負擔的Overload。本研究機制除了達到網路購物交易的安全需求規範之外,也達到本研究所制定的雙向交易認證、雙向身分認證安全需求等功能。
    根據執行效能分析比較之下,本系統的執行效能時間比傳統SET不管是否有數位信封的加密或其他市場上的機制更有效率,除此之外,在安全性方面也能跟SET相抗衡。因此本研究所提出來的協定不但適用於電子商務,更適合應用於行動裝置上。

    In recent years, online shopping transaction has gradually evolved from e-commerce to m-commerce because handled mobile device grew rapidly. Furthermore, m-commerce provides a variety of services and applications and no limit of space and time for people.
    Because of this, network security problem became the most important issue and most attention problem for online shopping transaction. The online shopping unlike traditional physical shopping, execute transaction authentication through by type of face to face, then finish transaction of the goods are delivered and the bill is cleared. Although many scholars proposed security mechanism to solve online shopping security problems and proposed related research to discuss them, those mechanism still cannot completely solve all online shopping security problems.
    In this work, we improved traditional online transaction authentication mode to Semi-Offline P2P transaction authentication mode and match character of near field communication (NFC). The main purpose of the research is solved risk of one-way transaction cheating to achieve two-way transaction authentication and reduce TTAC overload. According to computing time of transaction authentication performance, demonstrating our proposed MTAP is more efficiency than traditional SET with digital envelope, traditional SET without digital envelope and other protocol in the current market. Therefore, we proposed protocol not only apply to e-commerce but also apply to m-commerce.

    表目錄 VIII 圖目錄 IX 第一章 緒論 1 1.1研究背景與動機 1 1.2研究目的 6 1.3研究架構 7 第二章 文獻回顧 8 2.1第三方交易平台驗證機制 8 2.2 SET(Secure Electronic Transaction)與SET相關研究 12 2.3近場通訊(Near Field Communication, NFC) 15 2.4網路購物的安全需求規範 16 2.5相關演算法技術 18 2.5.1非對稱式金鑰加密演算法(asymmetric cryptosystem) 18 2.5.2 MAC訊息認證碼(Message Authentication Code) 19 2.5.3憑證(Certificates) 20 2.5.4雙向身分認證(Two-way authentication) 21 第三章 P2P 行動商務交易認證平台 23 3.1系統構想 25 3.2安全參數及名詞符號表 26 3.3行動商務交易認證平台(Mobile-Commerce Transaction Authentication Platform, MCTAP) 27 3.4交易認證訊息設計 31 3.5行動交易認證協定(Mobile Transaction Authentication Protocol, MTAP) 33 3.6第三方交易認證中心(Trusted Transaction Authentication Center, TTAC) 38 3.6.1註冊與發卡 38 3.6.2卡片安全機制 39 3.6.3交易糾紛處理 40 3.7買方交易與賣方交易(Buyer Transaction, BT& Seller Transaction, ST) 44 3.7.1 NFC免帳號密碼登入 44 第四章 系統需求驗證分析與效能分析 46 4.1系統需求驗證分析 46 4.2效能分析 49 第五章 系統平台設計 52 5.1系統平台角色 52 5.2使用者案例圖 53 5.3系統需求 54 5.4系統流程 55 5.5系統平台架構與功能 56 5.6系統開發環境 57 5.7 Smart card設計 58 5.7.1 APDU介紹 58 5.7.2系統APDU 60 第六章 結論與未來研究方向 62 6.1結論 62 6.2商業模式討論 63 6.3未來研究方向 64 參考文獻 65

    1.A. Menezes, P. V. Oorschot, and S. Vanstone. (1997). Handbook of Applied Cryptography. CRC Press.
    2. Abdel-Hamid, A. A., Badawy, O., & Bahaa, S. (2012). PA-SET: Privacy-aware SET protocol. Paper presented at the Computer Theory and Applications (ICCTA), 2012 22nd International Conference on.
    3. Chin-Chen, Chang, Jen-Ho, Yang, & Kai-Jie, Chang. (2012). An Efficient and Flexible Mobile Payment Protocol. Paper presented at the Genetic and Evolutionary Computing (ICGEC), 2012 Sixth International Conference on.
    4. Clemer, L. (2010). Information Security Concepts: Confidentiality, Integrity,Availability, and Authenticity.
    5. Jara, Antonio J., Zamora, Miguel A., & Skarmeta, Antonio F. G. (2009). Secure use of NFC in medical environments. Paper presented at the RFID Systems and Technologies (RFID SysTech), 2009 5th European Workshop on.
    6. Lee, Jung-San, & Lin, Kun-Shian. (2012). A robust e-commerce service: Light-weight secure mail-order mechanism. Electronic Commerce Research and Applications, 11(4), 388-396. doi: http://dx.doi.org/10.1016/j.elerap.2012.04.001
    7. Lu, S., & Smolka, S. A. (1999). Model checking the secure electronic transaction (SET) protocol. Paper presented at the Modeling, Analysis and Simulation of Computer and Telecommunication Systems, 1999. Proceedings. 7th International Symposium on.
    8. Maheshwari, Anita. (2012). Two Way Authentication Protocol For Mobile Payment System. International Journal of Engineering Research and Applications.
    9. Massoth, M., & Bingel, T. (2009). Performance of Different Mobile Payment Service Concepts Compared with a NFC-Based Solution. Paper presented at the Internet and Web Applications and Services, 2009. ICIW '09. Fourth International Conference on.
    10. MasterCard, Visa. (1996). Secure Electronic Transactions (SET) Specification.
    11. Matbouli, H., & Gao, Q. (2012). An overview on web security threats and impact to e-commerce success. Paper presented at the Information Technology and e-Services (ICITeS), 2012 International Conference on.
    12. Ondrus, J., & Pigneur, Y. (2007). An Assessment of NFC for Future Mobile Payment Systems. Paper presented at the Management of Mobile Business, 2007. ICMB 2007. International Conference on the.
    13. Paille, x, s, J. C., Gaber, Chrystel, Alimi, V., & Pasquet, Marc. (2010). Payment and privacy: A key for the development of NFC mobile. Paper presented at the Collaborative Technologies and Systems (CTS), 2010 International Symposium on.
    14. Pasquet, Marc, Reynaud, J., & Rosenberger, C. (2008). Secure payment with NFC mobile phone in the SmartTouch project. Paper presented at the Collaborative Technologies and Systems, 2008. CTS 2008. International Symposium on.
    15. Rehman, S. U., & Coughlan, J. (2012). Building trust for online shopping and their adoption of e-commerce. Paper presented at the Information Society (i-Society), 2012 International Conference on.
    16. Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM, 21(2), 120-126. doi: 10.1145/359340.359342
    17. Sabrina M. Shedid, Magdy El-Hennawy and Mohamed, & Kouta. (2010). Modified SET Protocol for Mobile Payment: An Empirical Analysis. International Journal of Computer 21 Science and Network Security, 289-295.
    18. Schneier, B. (1996). Applied Cryptography: Protocols, Algorithms, and Source code in C. 2nd edition, John Wiley & Sons, New York.
    19. Tan Soo Fun, Leau Yu Beng, Rozaini Roslan, and Habeeb Saleh Habeeb (2008). Privacy in New Mobile Payment Protocol. International Journal of Computer and Information Science and Engineering, 198-202.
    20. van der Merwe, A., Seker, R., & Gerber, A. (2005). Phishing in the system of systems settings: mobile technology. Paper presented at the Systems, Man and Cybernetics, 2005 IEEE International Conference on.
    21. Xu, Yong, & Liu, Jindi. (2010). Electronic Payment System Design Based on SET and TTP. Paper presented at the E-Business and E-Government (ICEE), 2010 International Conference on.
    22. 王旭正、楊中皇、李榮三. (2012). 電腦、網路與行動服務安全實務: 博碩文化.
    23. 張真誠、林祝興. (2006). 資訊安全技術與應用: 全華科技圖書股份有限公司.

    無法下載圖示 校內:2019-08-05公開
    校外:不公開
    電子論文尚未授權公開,紙本請查館藏目錄
    QR CODE