基于OTA技術(shù)的手機錢包的安全機制研究
發(fā)布時間:2018-12-10 14:14
【摘要】:21世紀,隨著移動互聯(lián)網(wǎng)的高速發(fā)展和智能手機的日漸普及,各種新型支付方式不斷涌現(xiàn),,NFC近場支付便是其中之一。目前電信運營商、手機廠商和金融機構(gòu)的NFC布局正在加速,手機用戶可以更換專用SIM卡,安裝手機錢包客戶端,將手機模擬成各類電子卡片,利用基于射頻技術(shù)的近場通信完成刷卡消費。NFC近場支付的普及將引發(fā)一次電子設(shè)備使用方式革命,出門只需帶上手機,就可以在公交車,地鐵,超市,加油站,公司等地暢通無阻。NFC近場支付交易額占移動支付總比例雖然還很小,但潛在的市場空間巨大,業(yè)內(nèi)人士都很看好NFC手機支付前景。決定近場支付產(chǎn)業(yè)興衰的各種因素里,安全問題依然是非常重要的問題,因此本課題選取NFC近場支付領(lǐng)域的安全問題為研究對象,具有重要意義。 使用手機錢包進行近場支付之前,有兩個步驟必不可少:一是下載卡片應(yīng)用,二是給錢包充值,這兩個步驟都可以在營業(yè)廳完成,但是對用戶來說,每增加一項新應(yīng)用,或每次充值都要在營業(yè)廳辦理,非常不方便。因此運營商提出,將OTA空中下載技術(shù)應(yīng)用到手機錢包中,OTA使用無線通信網(wǎng)絡(luò)傳輸數(shù)據(jù),一方面提供了便利,另一方面也帶來各種安全問題。如果安裝了手機錢包的手機落入他人手中,安全措施不可靠,則可能被盜刷錢包賬號。OTA下載過程中,最受關(guān)注的安全問題是身份合法性和傳輸保密性。本課題的研究目的,是通過分析基于OTA技術(shù)的手機錢包業(yè)務(wù)所面臨的安全威脅,指出目前采用的身份認證和加密方式的不足,并提出改進方案,為手機錢包的登錄認證、卡片下載和空中充值提供必要的安全保障。 本課題完成工作包括以下幾個方面:針對靜態(tài)口令存在的易被竊取的安全風(fēng)險,提出基于PIN碼認證+靜態(tài)口令的雙保險身份認證,即使丟失手機,也不會被冒充身份;提出支付密碼+動態(tài)驗證碼的支付認證模式,即使靜態(tài)支付密碼被竊取,依然能阻止非法用戶操作;針對3DES密鑰較短且有弱密鑰的不足,改進適用于手機錢包的加密方案,利用MAC校驗保證數(shù)據(jù)完整性,采用安全性更高的AES算法生成會話密鑰Kc;對手機錢包客戶端進行需求分析,利用AndroidSDK開發(fā)平臺,采用Java語言開發(fā)設(shè)計實現(xiàn)了手機錢包客戶端的核心功能,并對其進行安全分析。結(jié)果表明,本課題提出的基于OTA技術(shù)的手機錢包安全方案,能有效保障卡片下載和空中充值的安全性,大大降低了數(shù)據(jù)泄露和錢包被盜用的安全風(fēng)險。本課題設(shè)計開發(fā)的手機錢包客戶端是開放且模塊化的,不針對某家具體的運營商,具有通用性和實用性,為運營商大規(guī)模發(fā)展近場支付業(yè)務(wù)提供了可靠的安全解決方案。
[Abstract]:In the 21st century, with the rapid development of mobile Internet and the increasing popularity of smart phones, a variety of new payment methods are emerging, NFC near field payment is one of them. At present, the NFC layout of telecom operators, mobile phone manufacturers and financial institutions is accelerating. Mobile phone users can replace special SIM cards, install mobile wallet clients, and simulate mobile phones into various electronic cards. The popularity of NFC near-field payment will lead to a revolution in the use of electronic equipment. When you go out with your mobile phone, you can use it on buses, subways, supermarkets, gas stations. Companies and other places unimpeded. NFC near field payment transactions as a percentage of the total mobile payment is still very small, but the potential market space is huge, industry people are very optimistic about the future of NFC mobile phone payment. Among the factors that determine the rise and fall of the near field payment industry, the security problem is still a very important issue. Therefore, it is of great significance to select the security problem in the field of NFC near field payment as the research object. There are two essential steps before using a mobile wallet for near-field payments: one is to download the card app, the other is to recharge the wallet, both of which can be done in the business hall, but for users, every new application is added. Or every recharge must be handled in the business hall, very inconvenient. Therefore, the operator proposes that the application of OTA aerial download technology to mobile phone wallet, OTA uses wireless communication network to transmit data, on the one hand, it provides convenience, on the other hand, it also brings various security problems. If a mobile phone with a mobile wallet falls into other people's hands and security measures are unreliable, it may be stolen and swiped into the wallet account. The most important security concerns in the OTA download process are identity legality and transmission confidentiality. The purpose of this paper is to analyze the security threats faced by the mobile wallet business based on OTA technology, point out the shortcomings of the current identity authentication and encryption methods, and propose an improved scheme for the login authentication of the mobile phone wallet. Card downloads and air recharges provide the necessary security. The work of this thesis includes the following aspects: aiming at the security risk of the static password which is easy to be stolen, the double insurance identity authentication based on the PIN code authentication static password is put forward, even if the mobile phone is lost, it will not be impersonated; The payment authentication mode of payment password dynamic verification code is proposed. Even if the static payment password is stolen, it can still prevent the illegal user from operating. In view of the shortage of short and weak 3DES key, the encryption scheme suitable for mobile phone wallet is improved. The data integrity is guaranteed by using MAC check, and the session key Kc; is generated by using a more secure AES algorithm. The requirement of mobile wallet client is analyzed and the core function of mobile wallet client is realized by using AndroidSDK development platform and Java language, and the security of the client is analyzed. The results show that the security scheme of mobile phone wallet based on OTA technology proposed in this paper can effectively guarantee the security of card downloading and air recharging and greatly reduce the security risk of data leakage and wallet embezzlement. The mobile wallet client designed and developed in this paper is open and modularized. It is universal and practical and provides a reliable security solution for the large-scale development of near-field payment services.
【學(xué)位授予單位】:成都理工大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2014
【分類號】:TP393.08
本文編號:2370716
[Abstract]:In the 21st century, with the rapid development of mobile Internet and the increasing popularity of smart phones, a variety of new payment methods are emerging, NFC near field payment is one of them. At present, the NFC layout of telecom operators, mobile phone manufacturers and financial institutions is accelerating. Mobile phone users can replace special SIM cards, install mobile wallet clients, and simulate mobile phones into various electronic cards. The popularity of NFC near-field payment will lead to a revolution in the use of electronic equipment. When you go out with your mobile phone, you can use it on buses, subways, supermarkets, gas stations. Companies and other places unimpeded. NFC near field payment transactions as a percentage of the total mobile payment is still very small, but the potential market space is huge, industry people are very optimistic about the future of NFC mobile phone payment. Among the factors that determine the rise and fall of the near field payment industry, the security problem is still a very important issue. Therefore, it is of great significance to select the security problem in the field of NFC near field payment as the research object. There are two essential steps before using a mobile wallet for near-field payments: one is to download the card app, the other is to recharge the wallet, both of which can be done in the business hall, but for users, every new application is added. Or every recharge must be handled in the business hall, very inconvenient. Therefore, the operator proposes that the application of OTA aerial download technology to mobile phone wallet, OTA uses wireless communication network to transmit data, on the one hand, it provides convenience, on the other hand, it also brings various security problems. If a mobile phone with a mobile wallet falls into other people's hands and security measures are unreliable, it may be stolen and swiped into the wallet account. The most important security concerns in the OTA download process are identity legality and transmission confidentiality. The purpose of this paper is to analyze the security threats faced by the mobile wallet business based on OTA technology, point out the shortcomings of the current identity authentication and encryption methods, and propose an improved scheme for the login authentication of the mobile phone wallet. Card downloads and air recharges provide the necessary security. The work of this thesis includes the following aspects: aiming at the security risk of the static password which is easy to be stolen, the double insurance identity authentication based on the PIN code authentication static password is put forward, even if the mobile phone is lost, it will not be impersonated; The payment authentication mode of payment password dynamic verification code is proposed. Even if the static payment password is stolen, it can still prevent the illegal user from operating. In view of the shortage of short and weak 3DES key, the encryption scheme suitable for mobile phone wallet is improved. The data integrity is guaranteed by using MAC check, and the session key Kc; is generated by using a more secure AES algorithm. The requirement of mobile wallet client is analyzed and the core function of mobile wallet client is realized by using AndroidSDK development platform and Java language, and the security of the client is analyzed. The results show that the security scheme of mobile phone wallet based on OTA technology proposed in this paper can effectively guarantee the security of card downloading and air recharging and greatly reduce the security risk of data leakage and wallet embezzlement. The mobile wallet client designed and developed in this paper is open and modularized. It is universal and practical and provides a reliable security solution for the large-scale development of near-field payment services.
【學(xué)位授予單位】:成都理工大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2014
【分類號】:TP393.08
【參考文獻】
相關(guān)期刊論文 前10條
1 王瑩;何大軍;;AES加密算法的改進與實現(xiàn)[J];電腦編程技巧與維護;2010年17期
2 李宏;成戰(zhàn)剛;胡志維;賈輝;;基于OTA技術(shù)的A-Key算法及其數(shù)據(jù)生成[J];大慶石油學(xué)院學(xué)報;2007年02期
3 崔樂;;全球手機支付業(yè)務(wù)發(fā)展及跨行業(yè)清算前景分析[J];電信技術(shù);2009年12期
4 李菁;;手機支付在我國移動電子商務(wù)中的應(yīng)用[J];電腦與電信;2010年05期
5 周慧峰;;3G時代的移動支付產(chǎn)業(yè)鏈模式探討[J];信息通信;2010年01期
6 陳劍;冀京秋;陳寶國;;我國射頻識別(RFID)技術(shù)發(fā)展戰(zhàn)略研究[J];科學(xué)決策;2010年01期
7 李沌風(fēng);;手機支付的兩種方式——NFC與RFID[J];射頻世界;2010年02期
8 張潔;朱麗娟;;DES加密算法分析與實現(xiàn)[J];軟件導(dǎo)刊;2007年03期
9 陳曉峰,王育民;公鑰密碼體制研究與進展[J];通信學(xué)報;2004年08期
10 肖珊;郎為民;胡東華;;射頻識別(RFID)安全解決方案研究[J];微計算機信息;2008年14期
相關(guān)博士學(xué)位論文 前1條
1 李曦;基于身份的密碼體制研究及其在移動支付業(yè)務(wù)中的應(yīng)用[D];華中科技大學(xué);2009年
本文編號:2370716
本文鏈接:http://www.sikaile.net/guanlilunwen/ydhl/2370716.html
最近更新
教材專著
