系統識別號 U0026-2907201410370200
論文名稱(中文) 以NFC設計P2P行動商務交易認證平台
論文名稱(英文) Design of a P2P Mobile-Commerce Transaction Authentication Platform by Near Field Communication
校院名稱 成功大學
系所名稱(中) 電信管理研究所
系所名稱(英) Institute of Telecommunications and Management
學年度 102
學期 2
出版年 103
研究生(中文) 謝東龍
研究生(英文) Tung-Lung Hsieh
學號 R96014034
學位類別 碩士
語文別 中文
論文頁數 66頁
口試委員 口試委員-陳文字
中文關鍵字 NFC  Semi-Offline P2P交易認證模式  行動交易認證協定 
英文關鍵字 NFC  Semi-Offline P2P transaction authentication  Mobile-Commerce  Two-way transaction authentication 
中文摘要 由於網路的快速發展,網路購物交易變成人們生活不可或缺的一部分。雖然網路購物帶來方便性,但是它不像實體購物,透過面對面來執行交易認證,當下完成銀貨兩訖,並且有發票當作交易憑證,因此容易衍生問題。
在本研究中,設計一個行動交易認證協定的機制,將傳統Online交易認證模式改良成Semi-Offline的P2P交易認證模式並且搭配NFC非接觸的特性,由買賣雙方P2P Online的方式做交易內容的交易認證,使得雙方當下可以得到交易認證檔並且解開比。另一方面雙方與第三方交易認證中心做Offline的交易糾紛處理,解決雙方的問題。Semi-Offline的P2P交易認證模式主要目的為解決單向交易作弊的風險,降低買方被欺騙的可能性,並且減輕第三方交易認證中心在傳統第三方交易平台所負擔的Overload。本研究機制除了達到網路購物交易的安全需求規範之外,也達到本研究所制定的雙向交易認證、雙向身分認證安全需求等功能。
英文摘要 In recent years, online shopping transaction has gradually evolved from e-commerce to m-commerce because handled mobile device grew rapidly. Furthermore, m-commerce provides a variety of services and applications and no limit of space and time for people.
Because of this, network security problem became the most important issue and most attention problem for online shopping transaction. The online shopping unlike traditional physical shopping, execute transaction authentication through by type of face to face, then finish transaction of the goods are delivered and the bill is cleared. Although many scholars proposed security mechanism to solve online shopping security problems and proposed related research to discuss them, those mechanism still cannot completely solve all online shopping security problems.
In this work, we improved traditional online transaction authentication mode to Semi-Offline P2P transaction authentication mode and match character of near field communication (NFC). The main purpose of the research is solved risk of one-way transaction cheating to achieve two-way transaction authentication and reduce TTAC overload. According to computing time of transaction authentication performance, demonstrating our proposed MTAP is more efficiency than traditional SET with digital envelope, traditional SET without digital envelope and other protocol in the current market. Therefore, we proposed protocol not only apply to e-commerce but also apply to m-commerce.
論文目次 表目錄 VIII
圖目錄 IX
第一章 緒論 1
1.1研究背景與動機 1
1.2研究目的 6
1.3研究架構 7
第二章 文獻回顧 8
2.1第三方交易平台驗證機制 8
2.2 SET(Secure Electronic Transaction)與SET相關研究 12
2.3近場通訊(Near Field Communication, NFC) 15
2.4網路購物的安全需求規範 16
2.5相關演算法技術 18
2.5.1非對稱式金鑰加密演算法(asymmetric cryptosystem) 18
2.5.2 MAC訊息認證碼(Message Authentication Code) 19
2.5.3憑證(Certificates) 20
2.5.4雙向身分認證(Two-way authentication) 21
第三章 P2P 行動商務交易認證平台 23
3.1系統構想 25
3.2安全參數及名詞符號表 26
3.3行動商務交易認證平台(Mobile-Commerce Transaction Authentication Platform, MCTAP) 27
3.4交易認證訊息設計 31
3.5行動交易認證協定(Mobile Transaction Authentication Protocol, MTAP) 33
3.6第三方交易認證中心(Trusted Transaction Authentication Center, TTAC) 38
3.6.1註冊與發卡 38
3.6.2卡片安全機制 39
3.6.3交易糾紛處理 40
3.7買方交易與賣方交易(Buyer Transaction, BT& Seller Transaction, ST) 44
3.7.1 NFC免帳號密碼登入 44
第四章 系統需求驗證分析與效能分析 46
4.1系統需求驗證分析 46
4.2效能分析 49
第五章 系統平台設計 52
5.1系統平台角色 52
5.2使用者案例圖 53
5.3系統需求 54
5.4系統流程 55
5.5系統平台架構與功能 56
5.6系統開發環境 57
5.7 Smart card設計 58
5.7.1 APDU介紹 58
5.7.2系統APDU 60
第六章 結論與未來研究方向 62
6.1結論 62
6.2商業模式討論 63
6.3未來研究方向 64
參考文獻 65
參考文獻 1.A. Menezes, P. V. Oorschot, and S. Vanstone. (1997). Handbook of Applied Cryptography. CRC Press.
2. Abdel-Hamid, A. A., Badawy, O., & Bahaa, S. (2012). PA-SET: Privacy-aware SET protocol. Paper presented at the Computer Theory and Applications (ICCTA), 2012 22nd International Conference on.
3. Chin-Chen, Chang, Jen-Ho, Yang, & Kai-Jie, Chang. (2012). An Efficient and Flexible Mobile Payment Protocol. Paper presented at the Genetic and Evolutionary Computing (ICGEC), 2012 Sixth International Conference on.
4. Clemer, L. (2010). Information Security Concepts: Confidentiality, Integrity,Availability, and Authenticity.
5. Jara, Antonio J., Zamora, Miguel A., & Skarmeta, Antonio F. G. (2009). Secure use of NFC in medical environments. Paper presented at the RFID Systems and Technologies (RFID SysTech), 2009 5th European Workshop on.
6. Lee, Jung-San, & Lin, Kun-Shian. (2012). A robust e-commerce service: Light-weight secure mail-order mechanism. Electronic Commerce Research and Applications, 11(4), 388-396. doi: http://dx.doi.org/10.1016/j.elerap.2012.04.001
7. Lu, S., & Smolka, S. A. (1999). Model checking the secure electronic transaction (SET) protocol. Paper presented at the Modeling, Analysis and Simulation of Computer and Telecommunication Systems, 1999. Proceedings. 7th International Symposium on.
8. Maheshwari, Anita. (2012). Two Way Authentication Protocol For Mobile Payment System. International Journal of Engineering Research and Applications.
9. Massoth, M., & Bingel, T. (2009). Performance of Different Mobile Payment Service Concepts Compared with a NFC-Based Solution. Paper presented at the Internet and Web Applications and Services, 2009. ICIW '09. Fourth International Conference on.
10. MasterCard, Visa. (1996). Secure Electronic Transactions (SET) Specification.
11. Matbouli, H., & Gao, Q. (2012). An overview on web security threats and impact to e-commerce success. Paper presented at the Information Technology and e-Services (ICITeS), 2012 International Conference on.
12. Ondrus, J., & Pigneur, Y. (2007). An Assessment of NFC for Future Mobile Payment Systems. Paper presented at the Management of Mobile Business, 2007. ICMB 2007. International Conference on the.
13. Paille, x, s, J. C., Gaber, Chrystel, Alimi, V., & Pasquet, Marc. (2010). Payment and privacy: A key for the development of NFC mobile. Paper presented at the Collaborative Technologies and Systems (CTS), 2010 International Symposium on.
14. Pasquet, Marc, Reynaud, J., & Rosenberger, C. (2008). Secure payment with NFC mobile phone in the SmartTouch project. Paper presented at the Collaborative Technologies and Systems, 2008. CTS 2008. International Symposium on.
15. Rehman, S. U., & Coughlan, J. (2012). Building trust for online shopping and their adoption of e-commerce. Paper presented at the Information Society (i-Society), 2012 International Conference on.
16. Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM, 21(2), 120-126. doi: 10.1145/359340.359342
17. Sabrina M. Shedid, Magdy El-Hennawy and Mohamed, & Kouta. (2010). Modified SET Protocol for Mobile Payment: An Empirical Analysis. International Journal of Computer 21 Science and Network Security, 289-295.
18. Schneier, B. (1996). Applied Cryptography: Protocols, Algorithms, and Source code in C. 2nd edition, John Wiley & Sons, New York.
19. Tan Soo Fun, Leau Yu Beng, Rozaini Roslan, and Habeeb Saleh Habeeb (2008). Privacy in New Mobile Payment Protocol. International Journal of Computer and Information Science and Engineering, 198-202.
20. van der Merwe, A., Seker, R., & Gerber, A. (2005). Phishing in the system of systems settings: mobile technology. Paper presented at the Systems, Man and Cybernetics, 2005 IEEE International Conference on.
21. Xu, Yong, & Liu, Jindi. (2010). Electronic Payment System Design Based on SET and TTP. Paper presented at the E-Business and E-Government (ICEE), 2010 International Conference on.
22. 王旭正、楊中皇、李榮三. (2012). 電腦、網路與行動服務安全實務: 博碩文化.
23. 張真誠、林祝興. (2006). 資訊安全技術與應用: 全華科技圖書股份有限公司.
  • 同意授權校內瀏覽/列印電子全文服務,於2019-08-05起公開。

  • 如您有疑問,請聯絡圖書館