( 您好!臺灣時間:2021/07/30 11:38
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::


研究生(外文):Deng-Jie Zhuang
論文名稱(外文):Secure Verification Scheme for Mobile Banking
指導教授(外文):Chang-Lung Tsai
口試委員(外文):Scott Yang-Lang ChangSun, Jenn-Dong
外文關鍵詞:Mobile bankingMobile phone tradingSMSPersonal of biological information
  • 被引用被引用:0
  • 點閱點閱:207
  • 評分評分:
  • 下載下載:5
  • 收藏至我的研究室書目清單書目收藏:0
近年來,隨著智慧型手機、平板電腦以及網際網路的蓬勃發展,因為手機交易具有便利與快速的特點,所以手機交易越來越盛行,但相對的,手機銀行交易密碼須經由網際網路傳送,具有較高的風險,故本研究對於手機銀行交易密碼基於網路銀行交易作修改,使之更具安全性與保密性並確保使用者的便利性。本論文使用簡訊傳送一次性通行密碼OTP(One-Time Password)與個人生物資訊之辨識作為手機交易的驗證,當使用者發送交易要求,銀行端產生一個OTP以簡訊傳送給使用者,使用者於獲得簡訊後,可藉由簡訊中的訊息確認網頁系統的真實性並讀取OTP,當使用者於銀行端伺服系統所規範之短暫有效登錄時間內輸入正確的OTP後,銀行系統端將主動擷取手機之系統資訊並要求使用者上傳個人生物資訊以利確認交易者確為使用者本人,以避免帳號、密碼與手機遭盜用,如此若當發生網路安全事件或產生糾紛時,可達銀行端與使用者端皆能維護各自權益之效。
Due to the emerging development and application of scientific technology, e-commerce business transaction via smart phones, Tablet and Internet has become more popular. The utilization of mobile phone does provide the convenience of easy and fast. However, the operation process is not secured enough. As utilizing smart phone to perform e-commerce banking or business transaction, the login ID and password must be provided and send to the server side for verification via Internet. This kind of confidential information is easily to attract the interest of intelligentsia or hackers to intercept and crack it. Although there are a lot of threats appeared while using smart phone for M-banking, it is an avoidance trend to perform M-banking in the future. Therefore, developing a convenient and secure verification mechanism for M-banking and simultaneously remedy the current shortcoming of M-banking is a must.
In this paper, using SMS to send a One-Time Password (OTP) and following the personal identification with biometric information for verification has been developed. As the client side presents his/her request for M-banking, the server side of the Bank will send an OTP SMS to the client side. After the client side received the OTP, he/she will check the validation of the OTP from the web page of server side.
After then, the client must enter the right OTP in specified time to perform M-banking. In the following, the server side of Bank will ask the client side to capture the personal biometric information in real time and upload to the server side immediately for verification. As the server side finishes the verification process and make sure that the client is exactly the right user himself/herself, the client then can perform any authorized M-banking via smart phone. No matter the threatening generated from hackers are severely, the proposed verification mechanism not only provided secure M-banking, but also can reduce the arguments between user and Bank side. It can be applied to protect the rights of both client side and Banks while there is Internet hacking occurred.

摘要 II
目錄 VI
圖目錄 VII
表目錄 IX
第一章 前言 1
1.1 研究背景與動機 3
1.2 研究目的 4
1.3 研究方法 5
1.4 研究限制 7
1.5 論文架構 7
第二章 文獻探討 9
2.1手機銀行交易的基本程序 11
2.2 OTP簡訊交易基本流程 13
2.3手機驗證OTP 15
第三章 手機銀行交易驗核作業 17
3.1通行密碼產生 17
3.1.1 使用設備 17
3.1.2 限制條件 21
3.2驗證值運算 22
3.2.1 RSA加密 22
3.2.2 MD5雜湊運算 23
3.3判斷系統真實性 25
3.4個人生物資訊辨識 25
3.5完整交易程序 26
第四章分析與討論 32
4.1 實驗結果 32
4.1.1嵌入式系統 32
4.1.2網站系統 35
4.2 研究分析比對 38
4.3 討論 41
第五章結論 42
參考文獻 44

[1] Lyytinen, K. & Y. Youngjin, “The Next Wave of Nomadic Computing: Information Systems Research”, pp. 377-388, 2002. 13
[2] Kim, G., B.S. Shin, & H.G. Lee,“Understanding dynamics between initial trust and usage intentions of mobile banking”,Information Systems Journal, pp. 283-311,2009. 19
[3] “Bank in every pocket? Mobile banking”, The Economist, 2007.
[4] Mallat, N., Rossi, & Tuunainen,“Mobile banking”, Communications of ACM, pp. 42-46, 2004
[5] Barnes, S.J. & B. Corbitt, “Mobile banking: concept and potential”,International Journal of Mobile Communications,pp. 273-288,2003
[6] http://www.gsmworld.com ,Accessed on May 11 2012,
[7] Constantiou, I.D., J. Damsgaard, & L. Knutsen,“The four incremental steps toward advanced mobile service adoption”, Communications of the ACM, pp. 51-55, 2007
[8] Matthew Meuter,Amy L.Ostrom,Robert I.Roundtree,&Mary Jo Bitner,“Self-Service Technologies: Understanding Customer Satisfaction with Technology-Based Service Encounters”,Journal of Marketing, pp. 50-64, 2000
[9] Morrison, Pamela D & Roberts, John H,“Matching Electronic Distribution Channels to Product Characteristics: The Role of Congruence in Consideration Set Formation”, Journal of Business Research, pp. 223-229, 1998
[10] Robert C. Nickerson“ Whither Wireless? Future Directions in Mobility”,Communications of AIS, 2008..
[11] Venkatesh, V.,“ Where To Go From Here? Thoughts on Future Directions for Research on Individual-Level Technology Adoption”,Decision Sciences, pp. 497-518, 2006
[12] Curran, J.M. & M.L. Meuter,“Encouraging Existing Customers to Switch to Self-Service Technologies: Put a Little Fun in their Lives”, The Journal of Marketing Theory and Practice, pp. 283-298, 2007
[13] Saifullah M Dewan,“Issues in M-Banking: Challenges and Opportunities”,IEEE, Computer and Information Technology (ICCIT), Page(s): 364 – 369, 2010
[14]http://en.wikipedia.org/wiki/Mobile_banking, Accessed on Nov 30, 2011.
[15]Hanáçek, P., Malinka, K., Schäfer, J., “e-Banking Security-A Comparative Study”, IEEE Aerospace and Electronic Systems Magazine, 25(1), Pages 29-34, 2010.
[16]HaiBo Zhu & Ying Zou,“Analysis of E-Bank Innovation in China Using a Hypercube Model”,IEEE Computer and Information Science , Page(s): 678 - 683, 2008
[17]Key Pousttchi and Martin Schurig “Assessment of Today’s Mobile Banking Applications from the View of Customer Requirements”
[18]http://www.techcn.com.cn/index.php?doc-view-152309.html, Accessed on Nov 30, 2011.
[19]Mohammad Shirali-Shahreza1 and M. Hassan Shirali-Shahreza, “Mobile Banking Services in the Bank Area”, SICE Annual Conference 2007, Kagawa University, Japan Sept. 17-20, 2007
[20]http://www.matrixmultimedia.com, Accessed on Nov 30, 2011.
[21]An Introduction to Microcontroller Programming, Accessed on Nov 30, 2011, http://matrixmultimedia.com/datasheets/ELFCS-60-3.pdf .
[22]Bruce Schneier, “Applied Cryptography” , John Wilet & Sons.
[23]Atul Kahate, “Cryptography and Network Security” , McGraw-Hill.
[24]http://isrc.nchu.edu.tw/ins/, Accessed on Nov 30, 2011.
[25]RSA Laboratories (2009), PKCS #11 V2.3:Cryptographic Token Interface Standard, RSA Security Inc.
[26]Housley, R., Ford, W., Polk, W., and Solo, D., “Internet X.509 Public Key Infrastructure Certificate and CRL Profile”, RFC 2459, 1999
[27] 黃明祥、林詠章著,“資訊與網路安全概論” , Jan 2009.

第一頁 上一頁 下一頁 最後一頁 top