论文标题:移动电子商务安全支付的研究
Study on Mobile E-Commerce Safety Payment
论文作者
论文导师 李月;张劲松,论文学位 硕士,论文专业 电子与通信工程
论文单位 吉林大学,点击次数 102,论文页数 68页File Size1335K
2006-10-20论文网 http://www.lw23.com/lunwen_96211112/
随着Internet与移动技术的飞速发展,作为Internet技术之一的电子商务与移动技术的巧妙结合——移动电子商务,为服务商创造了新的机会与挑战。但由于制约移动电子商务发展的安全支付问题没有得到很好的解决,移动电子商务的应用只停留在简单的可以预先确定的缴费类定向支付的业务上,还不是一种完全意义上的电子商务支付模式,不可能满足移动电子商务的支付需求。本文分析了移动电子商务的特点与优势,针对移动环境特点,寻求基于移动安全技术的解决方案。根据当前国内外技术发展现状和实际业务需求,本文主要研究基于WAP,SMS的移动电子商务安全解决方案和基于上述各技术的安全认证体系。WAP通信是靠WAP协议栈中的WTLS的安全层进行身份验证和数据加密的,不是真正端到端的安全。为了做到端到端的安全,本文在研究分析基于WAP协议的内容提供商自备WAP网关的解决方案及网关导航型解决方案的基础上,提出了基于WAP的WTLS移动电子商务安全解决方案,并用于了中国移动电子商务技术支持系统。本文在研究了基于STK端到端传输安全解决方案,基于WAP+STK解决方案以及基于STK的移动PKI解决方案的基础上,提出了切合实际的基于STK的移动电子商务解决方案的应用:通过营业厅的POS完成对STK卡的定制。并针对目前国内CA呈诸侯割据态势,本文提出在CA建设中,中国移动集团不应重复建设,只需在国内三家大的CA ( CTCA, CFCA和协卡CA)中,扶持一家CA的战略构想和具体实施策略。 同时对移动电子商务交易模式进行分类,解决移动客户缴费难的问题,并举例进行了说明。 在以上的工作基础上,文中提出了中国移动集团移动电子商务交易系统的建设方案、移动电子商务电子信用及认证体系和移动电子商务计费系统的建设。最后设计了基于WAP的双加密模型,实现了端到端的安全,并用于WAP手机缴费应用系统。
1. introduction The mobile commerce is one kind of new e- commerce transaction pattern, is a skillfully combine of e-commerce and mobile technology,it offers new chance and challenge to the SP.Because of the transaction terminal particularity,the mobile commerce transaction process has the remarkable difference with the ordinary electronic commerce transaction.Because of the limitation of the mobile termination movement environment, the browser, the agreement, the description language and so on, increased the mobile electronic commerce safe authentication difficulty. Restricted by the unsettlement of the safety payment of mobile e-commerce, the application of the mobile e-commerce only lingers on the simple foreseeable directional payment, which isn"t a unqualified e-commerce and conn"t satisfy the payment of the mobile e-commerce. Providing a safety payment mobile e- commerce for the present commerce market has became an imperative question. 2. based on mobile security technology solution 2.1 WAP based WTLS mobile electron secure solution WAP communication depends on the WTLS safe level of WAP protocol stack to carry out the status authentication and the data encryption, but the WAP communication protocol’range is only from mobile to to the WAP gateway,therefore the safe communication finished at WAP gateway,it was not the true end-to-end security. In order to achieve the end-to-end security, supplies for oneself the WAP gateway in the research analysis based on the WAP protocol content provider the solution and in the gateway navigation solution foundation, proposed mobile electronic commerce safe solution based on the WAP WTLS, and used in the Chinese mobile electronic commerce technical support system. Deploying WAP ProxyServer in a bank, this server completely contains the first generation of WAP gateway function, causes the bank to be allowed immediately the WAP handset bank service investment preliminary movement according to the first generation of plan; after simultaneously joins the enhancement function of the WTLS module it is also an enterprise proxy server
|
