基于WAP的移动商务安全问题研究
摘要
移动商务是通过移动通信网络,使用手机、掌上电脑、笔记本电脑等移动通信终端和设备所进行的各种商业信息交互和各类商务活动。由于移动商务依赖于安全性较差的无线通信网络,因此安全性是移动商务中需要重点考虑的因素。在移动终端运算能力和存储容量不足的情况下如何保证电子交易过程的安全,成为大家最关心的问题。根据安全性的需求和当前安全技术的发展趋势,本文围绕移动商务中的核心技术—WAP来进行安全方面的研究。为了实现基于WAP的移动商务的安全,本文首先介绍基于WAP的安全构架,讨论了WAP的框架结构、各分层协议以及WAP中存在的安全隐患,WAP安全结构的每个部分在实现无线网络应用的安全中起着不同的作用,其中WPKI是WAP安全的核心,WPKI系统是开展移动商务的基础设施,要开展基于WAP的移动商务,数字证书的支持是必不可少的,因此本文就基于WPKI的移动商务的安全工作模式进行了详细的研究。另外针对WAP应用中存在的漏洞,分析当前常见的WAP应用模型漏洞解决方案的不足,提出了一个新的高效率的安全解决方案。最后在考虑移动支付的安全性要求的情况下,设计出一种以移动支付平台为核心的移动商务安全支付方案。
Mobile E-commerce can be identified as the exchange of business information and commerce activity of all sorts depending on mobile communication network,using mobile terminal equipments such as cell phone,palm PC,notebook computer and so on.As the mobile e-business less dependent on the security of wireless communication networks, security is therefore the need for mobile e-commerce the key points of consideration. Computing power in mobile terminals and the shortage of storage capacity under the process of how to ensure the security of electronic transactions has become the utmost concern to us. According to the security needs and current trends in the development of security technologies,mobile commerce in this article focus on the core technology-WAP,to carry out safety studies.In order to achieve WAP-based mobile e-commerce security,this article introduces WAP-based security framework,WAP security architecture in the realization of each part of the application of wireless network security plays a different role,WPKI which is the core of WAP security,WPKI system is to carry out mobile commerce infrastructure,to be carried out WAP-based mobile commerce,digital certificate support is essential,so this article WPKI based on the safety of mobile business models work detailed study.Another common analysis of the current loopholes in the WAP application model solution is proposed a new efficient security solutions.After taking into account the security of mobile payment requirements,the design of a mobile payment platform as the core of mobile e-commerce secure payment programs.
Mobile E-commerce can be identified as the exchange of business information and commerce activity of all sorts depending on mobile communication network,using mobile terminal equipments such as cell phone,palm PC,notebook computer and so on.As the mobile e-business less dependent on the security of wireless communication networks, security is therefore the need for mobile e-commerce the key points of consideration. Computing power in mobile terminals and the shortage of storage capacity under the process of how to ensure the security of electronic transactions has become the utmost concern to us. According to the security needs and current trends in the development of security technologies,mobile commerce in this article focus on the core technology-WAP,to carry out safety studies.In order to achieve WAP-based mobile e-commerce security,this article introduces WAP-based security framework,WAP security architecture in the realization of each part of the application of wireless network security plays a different role,WPKI which is the core of WAP security,WPKI system is to carry out mobile commerce infrastructure,to be carried out WAP-based mobile commerce,digital certificate support is essential,so this article WPKI based on the safety of mobile business models work detailed study.Another common analysis of the current loopholes in the WAP application model solution is proposed a new efficient security solutions.After taking into account the security of mobile payment requirements,the design of a mobile payment platform as the core of mobile e-commerce secure payment programs.
引文
[1]王汝林.移动商务理论与实务[M].清华大学出版社,2007年第一版.
[2]代春艳.电子商务信息安全技术[M].武汉大学出版社,2007年第二版.
[3]王有为,胥正川.移动商务原理与应用[M].清华大学出版社,2007年第一版.
[4]吴世忠.应用密码学[M].机械工业出版社,2000第二版.
[5]唐晓东.电子商务中的信息安全[M].北方交通大学出版社,2006第二版.
[6]贾伟.网络与电子商务安全[M].国防工业出版社,2006第三版.
[7]郭春侠.移动商务研究[J].现代情报,2002,(3).
[8]刘杰,王春萌,范春晓.移动商务及WPKI技术[J].北京邮电大学学报,2002,(02).
[9]张禄林,雷春娟.移动互联网与WAP技术[M].人民邮电出版社,2001年7月.
[10]李智勇,蒋朝根.移动电子商务的WAP安全策略[J].计算机工程与设计,2007,9(3).
[11]赵晓枫.精通WAP/WML[M].科技出版社,2001年第二版.
[12]王维国.移动商务的安全解决方案[J].现代通信,2005,(10).
[13]姜志,聂志锋.移动商务及其关键技术[J].湖北邮电技术,2002(9).
[14]张征,许忠.电子商务网上支付模式及技术支持研究[J].电子商务,2006,114(11).
[15]尚昆.具有WIM功能的智能卡实现[J].计算机与现代化,2002(7):17-21.
[16]任立刚.WAP的新发展—WAP2.0[J].电信技术,2002(7):17-19.
[17]吴冬梅.WAP中的安全构架模型研究[J].电力系统通信,2004(6):50-52.
[18]王伟.WAP协议的安全策略及实现[J].计算机应用与软件,2004.5(5):95-98.
[19]何世华等.对WAP中端到端技术的安全研究[J].九江学院学报,2005(1):11-14.
[20]崔瑞林.移动支付业务综述[J].现代通信,2006(6):20-22.
[21]王健等.移动安全支付[J].计算机安全,2004(11):22-26.
[22]章照止.现代密码学基础[M].北京邮电大学出版社,2004,240-241.
[23]刘洋,于力.WAP协议中安全问题的分析[J].山东通信技术,2006(01).
[24]徐茂智,游林.信息安全与密码学[M].清华大学出版社,2007(183-185).
[25]刘岩.WPKI护航移动商务[J].中国计算机用户,2004(41).
[26]王晓松,王瑛.浅谈公钥基础设施PKI[J].科技信息(学术版),2006,(9):264-265.
[27]路纲,佘堃.WPKI与PKI关键技术对比[j].计算机应用,2005,25(11).
[28]陈雪军,薛质,周朝猛.WPKI模型和实施方法探讨[J].电讯技术,2004(6):175-179.
[29]李又自,唐黎.WAP环境下的信息安全技术浅析[IJ].高性能计算技术,2004(2).
[30]葛晓敏,刘敏,王少华.电子商务网上支付安全策略的研究[J].电子商务,2006,120(11).
[31]吴惠敏.无线支付安全护航[J].计算机世界,2004(13).
[32]赵泽茂.数字签名理论[M].科学出版社,2007(4-5).
[33]WAP-217-WPKI.Wireless Application Protocol Public Key Infrastructure Definition[S].
[34]WAP-261-WTLS.Wireless Application Protocol Wireless Transport Layer Security[S].
[35]A Wireless Application Protocol Forum,Ltd.Wireless Transport Layer Security Specification[EO/OL].http://www.openmobilealliance.org,April 6,2001.
[36]E.W.T.Ngai,A.Gunasekaran.A review for mobile commerce research and Applica-tions[J],Decision Support Systems,2005:P1-9.
[37]CCITT.Recommendation X.509:The Directory.Authentication Framework[S].1998.
[2]代春艳.电子商务信息安全技术[M].武汉大学出版社,2007年第二版.
[3]王有为,胥正川.移动商务原理与应用[M].清华大学出版社,2007年第一版.
[4]吴世忠.应用密码学[M].机械工业出版社,2000第二版.
[5]唐晓东.电子商务中的信息安全[M].北方交通大学出版社,2006第二版.
[6]贾伟.网络与电子商务安全[M].国防工业出版社,2006第三版.
[7]郭春侠.移动商务研究[J].现代情报,2002,(3).
[8]刘杰,王春萌,范春晓.移动商务及WPKI技术[J].北京邮电大学学报,2002,(02).
[9]张禄林,雷春娟.移动互联网与WAP技术[M].人民邮电出版社,2001年7月.
[10]李智勇,蒋朝根.移动电子商务的WAP安全策略[J].计算机工程与设计,2007,9(3).
[11]赵晓枫.精通WAP/WML[M].科技出版社,2001年第二版.
[12]王维国.移动商务的安全解决方案[J].现代通信,2005,(10).
[13]姜志,聂志锋.移动商务及其关键技术[J].湖北邮电技术,2002(9).
[14]张征,许忠.电子商务网上支付模式及技术支持研究[J].电子商务,2006,114(11).
[15]尚昆.具有WIM功能的智能卡实现[J].计算机与现代化,2002(7):17-21.
[16]任立刚.WAP的新发展—WAP2.0[J].电信技术,2002(7):17-19.
[17]吴冬梅.WAP中的安全构架模型研究[J].电力系统通信,2004(6):50-52.
[18]王伟.WAP协议的安全策略及实现[J].计算机应用与软件,2004.5(5):95-98.
[19]何世华等.对WAP中端到端技术的安全研究[J].九江学院学报,2005(1):11-14.
[20]崔瑞林.移动支付业务综述[J].现代通信,2006(6):20-22.
[21]王健等.移动安全支付[J].计算机安全,2004(11):22-26.
[22]章照止.现代密码学基础[M].北京邮电大学出版社,2004,240-241.
[23]刘洋,于力.WAP协议中安全问题的分析[J].山东通信技术,2006(01).
[24]徐茂智,游林.信息安全与密码学[M].清华大学出版社,2007(183-185).
[25]刘岩.WPKI护航移动商务[J].中国计算机用户,2004(41).
[26]王晓松,王瑛.浅谈公钥基础设施PKI[J].科技信息(学术版),2006,(9):264-265.
[27]路纲,佘堃.WPKI与PKI关键技术对比[j].计算机应用,2005,25(11).
[28]陈雪军,薛质,周朝猛.WPKI模型和实施方法探讨[J].电讯技术,2004(6):175-179.
[29]李又自,唐黎.WAP环境下的信息安全技术浅析[IJ].高性能计算技术,2004(2).
[30]葛晓敏,刘敏,王少华.电子商务网上支付安全策略的研究[J].电子商务,2006,120(11).
[31]吴惠敏.无线支付安全护航[J].计算机世界,2004(13).
[32]赵泽茂.数字签名理论[M].科学出版社,2007(4-5).
[33]WAP-217-WPKI.Wireless Application Protocol Public Key Infrastructure Definition[S].
[34]WAP-261-WTLS.Wireless Application Protocol Wireless Transport Layer Security[S].
[35]A Wireless Application Protocol Forum,Ltd.Wireless Transport Layer Security Specification[EO/OL].http://www.openmobilealliance.org,April 6,2001.
[36]E.W.T.Ngai,A.Gunasekaran.A review for mobile commerce research and Applica-tions[J],Decision Support Systems,2005:P1-9.
[37]CCITT.Recommendation X.509:The Directory.Authentication Framework[S].1998.