移动支付系统安全性关键技术研究
|
摘要
移动支付的安全性直接影响着移动商务的健康发展,本论文从移动支付系统的系统架构、身份认证、公平支付协议和安全性风险评估四个方面对移动支付系统的安全性进行了深入的研究。首先在分析现有移动支付体系结构的基础上,引入了容忍机制,基于移动支付代理服务器模式构建了具有容忍机制的移动支付体系架构。其次,在分析挑战/应答身份认证的过程中,利用椭圆曲线密码机制建立了基于手机STK卡的移动支付动态身份认证方案。随后,为了避免现有移动支付公平协议中的信息滥用和无追究性的缺陷,基于并发签名机制设计了一个防滥用可追究的公平支付协议。最后,基于系统的组成成分分析了系统的评价指标,并采用可拓学理论对移动支付系统的安全性进行风险评估,力求综合评估结果能够科学、客观地反映实际情况。
The security of mobile payment system directly affects the healthy development of the mobile business. This paper studies four aspects of security of mobile payment system in depth, which includes system architecture, identity authentication, fair payment protocol, risk assessment of system security. Firstly, after analyzing the existing architecture of mobile payment system we construct the architecture of mobile payment system with tolerate mechanism, based on mobile payment proxy server model. Secondly, applying the elliptic curve cryptography mechanism, the dynamic authentication scheme is established, based on STK card. Thirdly, in order to avoid the defects of abuse information and no accountability in fair payment protocol of electronic payment, a fair payment protocol is designed, according to the concurrent signature mechanism. Finally, after determine the evaluation indexes of mobile payment system by components, we apply Etenics theory to comprehensively evaluate the security of mobile payment system, which can scientifically and objectively reflect the real situation.
The security of mobile payment system directly affects the healthy development of the mobile business. This paper studies four aspects of security of mobile payment system in depth, which includes system architecture, identity authentication, fair payment protocol, risk assessment of system security. Firstly, after analyzing the existing architecture of mobile payment system we construct the architecture of mobile payment system with tolerate mechanism, based on mobile payment proxy server model. Secondly, applying the elliptic curve cryptography mechanism, the dynamic authentication scheme is established, based on STK card. Thirdly, in order to avoid the defects of abuse information and no accountability in fair payment protocol of electronic payment, a fair payment protocol is designed, according to the concurrent signature mechanism. Finally, after determine the evaluation indexes of mobile payment system by components, we apply Etenics theory to comprehensively evaluate the security of mobile payment system, which can scientifically and objectively reflect the real situation.
引文
1. Veerse F.M.. Mobile Commerce Report. Durlacher Research Ltd., London, http://www.whu.edu/ebusiness/lehre/fs2004/emerging/mcomreport.pdf.
2.辛云勇.移动支付的几点难题.互联网周刊,2006,4.
3.邹宗森.我国移动支付产业分析与发展策略.金融经济,2006,6.
4. Mobile payment forum, Ltd.mobile payment forum white paper, http://www.mobilepay-mentforum.org.
5. Cellular Telecommunications Industry Assoc., CTIA's Semi-Annual Wireless Industry Sur-vey. Wow-com, http://www.wow-com.com/statsurv/survey,1999,12.
6. Schuldt, H., Popovici, A., Schek, H.-J.. Execution Guarantees in Electronic Commerce Payments. Proceedings of TDD'99, Dagstuhl,1999,9,27.
7. Seema Nambiar,Lu,C.-T.,Liang, L.R. Analysis of payment transaction security in mobile commerce, Information Reuser and Integration. IRI2004 Proceedings of the 2004 IEEE international Conference,2004,475-480.
8.冯仲涛.韩李枚.探析我国移动支付现状及问题.通信市场,2008,5(6):29-30.
9.吴丽.中国移动支付发展及相关问题.管理科学文摘,2004,(3):12-13.
10.叶惠.全球移动支付分析和展望.通讯世界,2004,5:30.
11. Kumar, S.B.R. A Framework for Mobile Payment Consortia System (MPCS). Computer Science and Software Engineering,2008 International Conference,2008,2:43-47.
12. Barnes, S.J. the Mobile Commerce Value Chain:Analysis and Future Developments. International Journal of Information Management,22(2):91-108.
13. Wrona K., Schuba M., Zavagli G. Mobile payments.
14. -state of the art and open problems. WELCOM2001, Heidelberg, Germany.2001:88-100.
15. Vilmos A., Karnouskos S. SEMOPS:design of a new payment service. DEXA'03, Prague, Czech.2003:865-869.
16. Ramfos A., Karnouskos S., Vilmos A., et al. SEMOPS:paying with mobile personal devices. I3E, Toulouse, France.2004:22-27.
17. Liu J., Liao J.X., Zhu X.M. A System Model and Protocol for Mobile Payment. ICEBE'05, Beijing.2005:638-641.
18.刘军,廖建新.一种通用移动支付模型及其协议的研究.高技术通讯,2006,16(6):560-565.
19. Antovski L.. Gusev M. M-Payments. ITI2003, Croatia,2003:95-100.
20. Dai Y., Zhang L. A security payment scheme of mobile e-commerce. ICCT2003, Beijing, China,2003:949-952.
21. Romao A., Silva M. An Agent-Based Secure Internet Payment System for Mobile Computing. TREC'98, Hanburg, Germany,1998:80-93.
22. Wang X.F., Lam K.Y., Yi X. Secure agent-mediated mobile payment. PRIMA'98, Singapore, 1998:162-173.
23. Pang X.L., Tan K.L., Wang Y., et al. A Secure Agent-Mediated Payment Protocol. ICICS2002, Singapore,2002:422-433.
24. Kungpisdan S.,Srinivasan B., Le P.D. A practical famework for mobile SET payment. IADIS'2003, Lisbon Portugal,2003:321-328.
25. Ou CM., Ou C.R. Non-repudiation Mechanism of Agent Based Mobile Payment System: Perspectives on Wireless PK1. KES-AMSTA 2007, Poland,2007:298-307.
26. Kungpisdan S., Srinivasan B., Le P.D. An integrated framework for payment transactions in wireless environments. ICICT'2004, Las Vegas, USA,2004:158-168.
27. Paybox.net. Paybox Security Whitepaper: Business and Technical Information Regarding the Security at Paybox, http://www.paybox.net.
28. Fourati A., Ayed H., Benzekri A. A SET based approach to secure the payment in mobile commerce. LCN2002, Florida, USA,2002:136-137.
29. Zhao Yong, Han Zhen, Liu Jiqiang, et al. An Efficient and Divisible Payment Scheme for M-Commerce. KES 2005 Australia,2005:488-496.
30. Haddad E., King B. A Simple Secure M-Commerce Protocol SSMCP. International Journal of Computer Science and Network Security.2007,7(3):220-229.
31. Sames D, Matt B, Niebuhr B, etal. Developing a heterogeneous intrusion tolerant COBRA system. Proceedings of the International Conference on Dependable Systems and Networks, IEEE Press,2002:387-396.
32. Huang Z, Liu X, Wang H. A diversified dynamic redundancy method exploiting the intrusion tolerance. IWS 2000 Proceedings, Boston,2000:217-221.
33. Chien H Y, Jan J K, Tseng Y M. A Practical(t.n) multi secret sharing sdheme. IEEE Transactions on Fundamentals,2000:2762-2765.
34. Wang F, Uppalli R. SITAR:A scalable intrusion-tolerant architecture for distributed services. Proceedings of the DARPA Information Survivability Conference and Exposition,2003: 153-155.
35.郭渊博,马建峰,王亚弟.一种自适应安全的网络通信系统模型.2005年中国控制与决策学术年会,2005,6.
36. HWANG R J, CHANG C C. An on-line secret sharing scheme for multi-secrets. Computer Communications,1998,21 (13):1170-1176.
37. SHAMIR A. How to share a secret. Communications of the ACM,1972,22(11):612-613.
38. OCTAVE-Operationally Critical Threat, Asset, and Vulnerability Evaluation, Retrieved. http://www.cert.org/octave/approachintro.pdf.
39. Systems Security Engineering Capability Maturity Model SSE-CMM Model Description Document Version3.0.2003,6,15.
40. Gary S., Alice G., Alexis F. Risk Management Guide for Information Technology Systems. Nist Special Publication 800-30,2002,7.
41. Swanson M. Security Self-Assessment Guide for Information Technology Systems. Nist Special Publication 800-26,2001,11.
42. ISO/IEC International Standard 17799:2000 Code of Practice for Information Security Management,2000.
43. ISO/IEC International Standard 27001:Information Security Management Specification with Guidance for Use,2005.
44. Dimitris R, Theo D, Bjorn A.G. Ketil S. The CORAS Approach for Model-based Risk Management applied to e-Commerce Domain,2003.
45. Maglogiannis I, Zafiropoulos. Modeling Risk in Distributed Healthcare Information Systems. Engineering in Medicine and Biology Society. EMBS'06,28th Annual International Conference of the IEEE,2006:5447-5450.
46.微软安全评估工具http://www.microsoft.com/china/security/MSAT.mspx.
47.国务院信息办.信息安全风险管理指南(征求意见稿).北京:2006.
48.国务院信息办.信息安全风险评估指南(送审稿).北京:2006.
49. YAN Dan, LIU Jie. Analysis of Grid Resources Based on Fuzzy Mathematics. Computer Engineering,2005,5.
50. LIU Bao-Li, XIAO Xiao-Chun, ZHANG Gen-Du. Vulnerability Assessment Method of Information System Based on Analytic Hierarchy Process. Computer science,2006,12.
51. PANG Qing-hua. Comprehensive Evaluation Model of Human Computer Interface of Software System Based on Grey Theory. Computer Engineering,2007,18.
52. LOU Wen-gao, JIANG Li, MENG Xiang-hui. Comprehensive evaluation model for computer network security applying artificial neural network. Computer Engineering and Applications, 2007,32.
53.杜鹏.网络安全风险评估的基本方法分析.1994-2009China Academic Journal Electronic Publishing House, http://www.cnki.net.
54.蔡文.物元分析.广东省高等教育出版,1987.
55.蔡文,杨春燕,林伟初.可拓工程方法.科学出版社,1997.
56.蔡文,杨春燕,何斌.可拓逻辑初步.科学出版社,2003.
57.李立希,杨春燕,李铧汶.可拓策略生成系统.科学出版社,2006.
58.蔡文,石勇.可拓学的科学意义与未来发展.哈尔滨工业大学学报,2006,38(7):1079-1086.
59.杨春燕.多评价特征基元可拓集研究.数学的实践与认识,2005,35(9):203-208.
60.周玉,钱旭,江涛等.井采煤矿安全性态可拓评价模型的研究.中国矿业大学学报,2009,7,38(4):515-522.
61.张润彤.电子商务概论.北京:电子工业出版社,2003.
62.胡志远.口令破解与加密技术.北京:机械工业出版社,2003.
63. Noureddine Boudriga. Security of Mobile Communications. American:CRC,2009.
64. Feilder. Mobility Technology Growth Could Cause New Security Risks. Electronic Commerce News,2004,12(9):1-2.
65.赵文,戴宗坤WPKI应用体系架构研究.四川大学学报(自然科学版),2005,4(24):725-730.
66. Yang Mu, Zhang Runtong. New authentication scheme for M-commerce based on tow dimension bar code. Proceedings of 2008 IEEE International Conference on Service Operations and Logistics and Informatics,2008.
67. Lamport L. Password Authentication with Insecure Communication. Communication of ACM, 1981,24(11):770-772.
68. Chen T H, Lee W B, Horng G. Secure SAS-Like Password Authentication Schemes. Computer Standards and Interfaces,2004,27(1):25-31.
69. ManjulaSandiringama, Akihiro Shimizu, Matu-tarow Noda. Somple and Secure Password Authentication Protocol. IEICE Trans, Comm 2000.2000,83(6):1363-1365.
70.顾韵华,刘素英.动态口令身份认证机制及其安全性研究.微计算机信息,2007,23(11):51-53.
71.刘知贵,减爱军,陆荣杰,郑晓红.基于事件同步及异步的OTP身份认证技术研究.计算机应用研究,2006,23(6):133-134.
72. ElGamal T. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarighms. IEEE Transactions on Information Theory,1985,7,31(4):465-472.
73.周宇,王晓东,曹小华.椭圆曲线加密体制在移动电子商务安全中的应用.宁波大学学报(理工版),2008,21(2):145-149.
74. Shudong Jin, Azer Bestavros. GiSMo:Generator of Streaming Media Objects and Workloads. Performance Evaluation Revies,2001,29(3):12-19.
75. Dahlstrm Erik. The Jalda Payment Method. ePSO-Newsletter,2001,2,5(4):82-95.
76.李明柱,李志江,杨义先等.基于PayWord的WWW小额支付模型.北京邮电大学学报,2002,25 (2):23-27.
77. F. Bao, R.H. Deng and H.Zhu. Variations of Diffie-Hellman Problem. Proc. ICS'03, IEEE Press,2003,301-312.
78. Smart N.P. A Comparsion of Different Finite Fields for Elliptic Curve Cryptosystems. Computer and Mathematics with Application,2001,42:91-100.
79.王育民,刘建伟.通信网的安全一理论与技术.西安:西安电子科技大学出版社,1999.
80. Wang Xiaoyun, Yu Hong bo. How to break MD5 and other hash functions. Advances in Cryptology-EUROCRYPT 2005:24th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Proceedings LNCS 3494.2005:19-35.
81. L. Chen, C. Kudla and K. G.Paterson. Concurrent Signatures. Eurocrypt'04. LNCS,2004, 3027:287-305.
82. W. Susilo, Y. Mu and F. Zhang. Perfect Concurrent Signatuse Schemes. Information and Communications Security.2004,3269:14-26.
83. W. Susilo and Y. Mu. Tripartite Concurrent Signatures.IFIP/SEC'05,2005,5:425-441.
84. Dongyvu Tonien, Willy Susilo and Reihaneh Safavi-Naini. Multi-party Concurrent Signatures. ISC'06,2006,4176:131-145.
85. Wang Gui-lin, Bao Feng, Zhou Jian-ying. The fairness of perfect concurrent signatures. ICICS'06 LNCS 4307:435-451.
86. Micali S.. Simple and fast optimistic protocols for fair electronic exchange.22th annual ACM Symp on Principles of Distributed Computing. ACM Press,2003:12-19.
87. Park J. M., Chong E., Eiegel H.J. and et al. Constructing fair exchange protocols for e-commerce via distributed computation of RSA signatures.22th Annual ACM Symp on Principles of Distributed Computing,2003,172-181.
88. Dodis Y. and Reyzin L.. Breaking and repairing optimistic fair exchange. ACM Workshop on Digital Rights Management,2003:47-54.
89. Boyd C. and Foo E.. Off-Line fair Payment Protocols Using Convertible Signatures. In Proceedings of Advances in Cry ptology-ASIACRYPT'98:LNCS 1514, Springer-Verlag, 1998:271-285.
90. Garay J. A., Jakobsson M. and Mackenzie P.. Abuse-free Optimistic Contract Signing. In Proceedings of Advances in Cryptology-CRYPTO'99, LNCS 1666, Springer-Verlag, Berlin, Germany,1999:449-466.
91.李向东,王清贤,孙莉.无滥用的乐观多方合同签署协议.计算机应用研究,2009,26(5):1904-1907.
92.李云峰,何大可,路献辉.无须可信第三方的防滥用公平交易协议.计算应用研究,2009,26(8):3053-3055.
93. M. Schunter, Optimistic Fair Exchange, [doctoral dissertation]. Saarbrucken, Germany: Universiata des saarlandes,2000,259.
94. Lee Byung kwan, Lee Tai-Chi, Yang Seung Hae. A MEP (Mobile Electronic Payment) and IntCA Protocol Design. HPCC 2005, Italy,2005:331-339.
95. Zhang L., Yin J.P., Zhand Y.B. An Anonymous Digital Cash and Fair Payment Protocol Utilizing Smart Card in Mobile Environments. GCCW'06, Hunam, China,2006:335-340.
96. Karnouskos S., Hondroudaki A., Csik V.A.B. Security, trust and privacy in the secure mobile payment service.ICMB, New York, USA,2004:638-641.
97.刘军,廖建新.一种通用移动支付模型及其协议的研究.高技术通讯,2006,16(6):560-565.
98. Liu J., Liao J.X., Zhu X.M. A System Model and Protocol for Mobile Payment. ICEBE'05, Beijing,2005:638-641.
99. Mahmoud Reza Hashemi, Elahe Soroush. A Secure m-Payment Protocol for Mobile Devices. CCECE'06, Saskation, Canada.2006:294-297.
100. Di Pietro R., Me G., Strangio M.A. A two-factor mobile authentication scheme for secure financial transactions. ICMB, Sydney, Australia,2005:28-34.
101. Ramfos A., Karnouskos S., Vilmos A., et al. SEMOPS:paying with mobile personal devices. 13E, Toulouse, France,2004:22-27.
102. Garner P., Edwards R., Coulton P. Card -based macropayment for mobile phones. ICMB2006, Copenhagen,2006:4.
103. Me G., Strangio M.A. EC-PAY:an efficient and secure ECC-based wireless local payment scheme.ICITA'05, Sydney, Australia,2005:442-447.
104. Yong Lee, Jeail Lee, JooSeok Song. Design and implementation of wireless PKI technology suitable for mobile phone in mobile-commerce. Computer Communications,2007, (30): 893-903.
105.Marko Hassinen, Konstantin Hypponen, Kei jo Haataja. An Open, PIK-Based Mobile Payment System. ETRICA 2006. Freiburg, Germany,2006:86-1000.
106. Supakorn Kungpisdan. Modelling, Design and Analysis of Secure Mobile Payment System: (PHD Thesis). Australia:Monash University,2005.
107. SU SILOW, MU Yi, ZHANG Fangguo. Perfect concurrent signature schemes. The 6th information and communications security conference, Berlin, Spriger-verlag,2004:14-26.
108. Wang Guilin Bao Feng, Zhou Jianying. The fairness of perfect concurrent signatures. The 8th information and communications security conference, Berlin, Spriger-verlag,2006:435-451.
109. Li Yunfen, He Dake, Lu Xianhui. Accountability of perfect concurrent signature. http://eprint iacrorg/2008/301.
110.陈广辉,卿斯汉,齐志峰等.新颖的基于并发签名的公平交易协议.通信学报,2008,29(7):39-43.
111.肖海燕,张敏情,杨晓元,周宣武.一种基于同时生效签名的公平交易协议.计算机工程与应用,2009,45(33):206-207.
112.李云峰,何大可,路献辉.完美并发签名的可追究性研究.计算机工程,2009,35(17):157-159.
113.刘军.基于同时生效签名的Pay Word协议公平性改进.计算机应用,2010,30(6):1493-1494.
114.易小琳,周巍,鲁鹏程.一种基于超椭圆网线的肓签名方案.北京工业大学学报,2010,36(2):261-266.
115.明洋,姜正涛,王育民.一种改进的强代理签名方案.西安电子科技大学学报,2006, 33(5):778-781.
116.高伟,张国印,王欣萍.一种改进的椭圆曲线数字签名算法.黑龙江大大学自然科学学报,2009,26(6):775-780.
117.张军.椭圆曲线数字签名及其在电子公文传输中的应用.成都:成都理工大学,2007:18-20.
118.李佟鸿,麦永浩.椭园曲线密码体制安全性分析.网络安全技术与应用,2007(7):92-94.
119.胡兰兰,郑康锋,李剑,胡正名,杨义先.一种改进的椭圆曲线安全代理签名方案.计算机应用研究,2010,27(2):685-688.
120. CHANG M H, CHEN I T, CHEN M T. Design of proxy signature in ECDSA. The 8th International Conference on Intelligent Systems Design and Applications Kaohsung City, Taiwan,2008:17-22.
121.李复才,张永平,孙宁.椭圆曲线数字签名方案的研究与改进.计算机工程与设计,2007,28(21):5241-5242.
122.王衍波,薛通.应用密码学.北京:机械工业出版社,2003,165-185.
123. University of Rochester Department of Computer Science. Rochester Software Transactional Memory [EB/OL]. http://www.cs.rochester.edu/research/synchronization/rstm/.
124.丛清日,胡金初.基于椭圆曲线盲数字签名的电子选举.计算机工程,2010,36(13):156-158.
125.龚晓萍,刘志朋,黄继红.基于椭圆曲线盲签名的安全数字时间戳方案.计算机工程,2008,34(13):147-149.
126.许德武,陈伟.基于椭圆曲线的数字签名和加密算法.计算机工程,2011,37(4):168-169.
127. Hankerson D, Menezes A, Vanstone S椭圆曲线密码学导论.张焕国,译.北京电子工业出版社,2005:239-247.
128.杨义先,孙伟,钮心忻.现代密码新理.北京:科学出版社,2002.
129. Arzai B. Communication-computation Trade-off in Executing ECDSA in a Contactless Smartcard. Designs Codes and Cryptography,2006,38(1):399-415.
130.李方伟,万丽,闫少军.基于椭圆曲线的自代理盲签名方案.计算机工程,2012,38(3):139-144.
131.张建中,马伟芳.椭圆曲线上的盲代理肓签名方案.计算机工程,2010,36(11):126-127,130.
132. CAI Yongquan, LI Yunlong. An efficient partially blind signature with provable security. Journal of University of Electronic Science and Technobgy of China,2007,36(6):1167-1171.
133. Hwang Renjunn, Lai Chih Hua, Su Fengfu. An efficient Signcryption Scheme with Forward Secrecy based on Elliptic Curve. Applied Mathematics and Computation,2005,167(1): 870-881.
134.崔媛媛.移动支付业务现状与发展分析.移动通信,2007,31(6):30-33.
135.刘军,廖建新一种通用移动支付模型及其协议的研究.高技术通讯.2006,16(6):560-565.
136.卿斯汉.安全协议.北京:清华大学出版社,2005.
137.薛锐,冯登国.安全协议的形式化分析技术和方法.计算机学报.2006,29(1):1-20.
138.卿斯汉.一种电子商务协议形式化分析方法.软件学报,2005,16(10):1757-1765.
139.林松.基于Petri网的电子支付安全模型研究.计算机工程与设计,2005,26(8):2080-2082.
2.辛云勇.移动支付的几点难题.互联网周刊,2006,4.
3.邹宗森.我国移动支付产业分析与发展策略.金融经济,2006,6.
4. Mobile payment forum, Ltd.mobile payment forum white paper, http://www.mobilepay-mentforum.org.
5. Cellular Telecommunications Industry Assoc., CTIA's Semi-Annual Wireless Industry Sur-vey. Wow-com, http://www.wow-com.com/statsurv/survey,1999,12.
6. Schuldt, H., Popovici, A., Schek, H.-J.. Execution Guarantees in Electronic Commerce Payments. Proceedings of TDD'99, Dagstuhl,1999,9,27.
7. Seema Nambiar,Lu,C.-T.,Liang, L.R. Analysis of payment transaction security in mobile commerce, Information Reuser and Integration. IRI2004 Proceedings of the 2004 IEEE international Conference,2004,475-480.
8.冯仲涛.韩李枚.探析我国移动支付现状及问题.通信市场,2008,5(6):29-30.
9.吴丽.中国移动支付发展及相关问题.管理科学文摘,2004,(3):12-13.
10.叶惠.全球移动支付分析和展望.通讯世界,2004,5:30.
11. Kumar, S.B.R. A Framework for Mobile Payment Consortia System (MPCS). Computer Science and Software Engineering,2008 International Conference,2008,2:43-47.
12. Barnes, S.J. the Mobile Commerce Value Chain:Analysis and Future Developments. International Journal of Information Management,22(2):91-108.
13. Wrona K., Schuba M., Zavagli G. Mobile payments.
14. -state of the art and open problems. WELCOM2001, Heidelberg, Germany.2001:88-100.
15. Vilmos A., Karnouskos S. SEMOPS:design of a new payment service. DEXA'03, Prague, Czech.2003:865-869.
16. Ramfos A., Karnouskos S., Vilmos A., et al. SEMOPS:paying with mobile personal devices. I3E, Toulouse, France.2004:22-27.
17. Liu J., Liao J.X., Zhu X.M. A System Model and Protocol for Mobile Payment. ICEBE'05, Beijing.2005:638-641.
18.刘军,廖建新.一种通用移动支付模型及其协议的研究.高技术通讯,2006,16(6):560-565.
19. Antovski L.. Gusev M. M-Payments. ITI2003, Croatia,2003:95-100.
20. Dai Y., Zhang L. A security payment scheme of mobile e-commerce. ICCT2003, Beijing, China,2003:949-952.
21. Romao A., Silva M. An Agent-Based Secure Internet Payment System for Mobile Computing. TREC'98, Hanburg, Germany,1998:80-93.
22. Wang X.F., Lam K.Y., Yi X. Secure agent-mediated mobile payment. PRIMA'98, Singapore, 1998:162-173.
23. Pang X.L., Tan K.L., Wang Y., et al. A Secure Agent-Mediated Payment Protocol. ICICS2002, Singapore,2002:422-433.
24. Kungpisdan S.,Srinivasan B., Le P.D. A practical famework for mobile SET payment. IADIS'2003, Lisbon Portugal,2003:321-328.
25. Ou CM., Ou C.R. Non-repudiation Mechanism of Agent Based Mobile Payment System: Perspectives on Wireless PK1. KES-AMSTA 2007, Poland,2007:298-307.
26. Kungpisdan S., Srinivasan B., Le P.D. An integrated framework for payment transactions in wireless environments. ICICT'2004, Las Vegas, USA,2004:158-168.
27. Paybox.net. Paybox Security Whitepaper: Business and Technical Information Regarding the Security at Paybox, http://www.paybox.net.
28. Fourati A., Ayed H., Benzekri A. A SET based approach to secure the payment in mobile commerce. LCN2002, Florida, USA,2002:136-137.
29. Zhao Yong, Han Zhen, Liu Jiqiang, et al. An Efficient and Divisible Payment Scheme for M-Commerce. KES 2005 Australia,2005:488-496.
30. Haddad E., King B. A Simple Secure M-Commerce Protocol SSMCP. International Journal of Computer Science and Network Security.2007,7(3):220-229.
31. Sames D, Matt B, Niebuhr B, etal. Developing a heterogeneous intrusion tolerant COBRA system. Proceedings of the International Conference on Dependable Systems and Networks, IEEE Press,2002:387-396.
32. Huang Z, Liu X, Wang H. A diversified dynamic redundancy method exploiting the intrusion tolerance. IWS 2000 Proceedings, Boston,2000:217-221.
33. Chien H Y, Jan J K, Tseng Y M. A Practical(t.n) multi secret sharing sdheme. IEEE Transactions on Fundamentals,2000:2762-2765.
34. Wang F, Uppalli R. SITAR:A scalable intrusion-tolerant architecture for distributed services. Proceedings of the DARPA Information Survivability Conference and Exposition,2003: 153-155.
35.郭渊博,马建峰,王亚弟.一种自适应安全的网络通信系统模型.2005年中国控制与决策学术年会,2005,6.
36. HWANG R J, CHANG C C. An on-line secret sharing scheme for multi-secrets. Computer Communications,1998,21 (13):1170-1176.
37. SHAMIR A. How to share a secret. Communications of the ACM,1972,22(11):612-613.
38. OCTAVE-Operationally Critical Threat, Asset, and Vulnerability Evaluation, Retrieved. http://www.cert.org/octave/approachintro.pdf.
39. Systems Security Engineering Capability Maturity Model SSE-CMM Model Description Document Version3.0.2003,6,15.
40. Gary S., Alice G., Alexis F. Risk Management Guide for Information Technology Systems. Nist Special Publication 800-30,2002,7.
41. Swanson M. Security Self-Assessment Guide for Information Technology Systems. Nist Special Publication 800-26,2001,11.
42. ISO/IEC International Standard 17799:2000 Code of Practice for Information Security Management,2000.
43. ISO/IEC International Standard 27001:Information Security Management Specification with Guidance for Use,2005.
44. Dimitris R, Theo D, Bjorn A.G. Ketil S. The CORAS Approach for Model-based Risk Management applied to e-Commerce Domain,2003.
45. Maglogiannis I, Zafiropoulos. Modeling Risk in Distributed Healthcare Information Systems. Engineering in Medicine and Biology Society. EMBS'06,28th Annual International Conference of the IEEE,2006:5447-5450.
46.微软安全评估工具http://www.microsoft.com/china/security/MSAT.mspx.
47.国务院信息办.信息安全风险管理指南(征求意见稿).北京:2006.
48.国务院信息办.信息安全风险评估指南(送审稿).北京:2006.
49. YAN Dan, LIU Jie. Analysis of Grid Resources Based on Fuzzy Mathematics. Computer Engineering,2005,5.
50. LIU Bao-Li, XIAO Xiao-Chun, ZHANG Gen-Du. Vulnerability Assessment Method of Information System Based on Analytic Hierarchy Process. Computer science,2006,12.
51. PANG Qing-hua. Comprehensive Evaluation Model of Human Computer Interface of Software System Based on Grey Theory. Computer Engineering,2007,18.
52. LOU Wen-gao, JIANG Li, MENG Xiang-hui. Comprehensive evaluation model for computer network security applying artificial neural network. Computer Engineering and Applications, 2007,32.
53.杜鹏.网络安全风险评估的基本方法分析.1994-2009China Academic Journal Electronic Publishing House, http://www.cnki.net.
54.蔡文.物元分析.广东省高等教育出版,1987.
55.蔡文,杨春燕,林伟初.可拓工程方法.科学出版社,1997.
56.蔡文,杨春燕,何斌.可拓逻辑初步.科学出版社,2003.
57.李立希,杨春燕,李铧汶.可拓策略生成系统.科学出版社,2006.
58.蔡文,石勇.可拓学的科学意义与未来发展.哈尔滨工业大学学报,2006,38(7):1079-1086.
59.杨春燕.多评价特征基元可拓集研究.数学的实践与认识,2005,35(9):203-208.
60.周玉,钱旭,江涛等.井采煤矿安全性态可拓评价模型的研究.中国矿业大学学报,2009,7,38(4):515-522.
61.张润彤.电子商务概论.北京:电子工业出版社,2003.
62.胡志远.口令破解与加密技术.北京:机械工业出版社,2003.
63. Noureddine Boudriga. Security of Mobile Communications. American:CRC,2009.
64. Feilder. Mobility Technology Growth Could Cause New Security Risks. Electronic Commerce News,2004,12(9):1-2.
65.赵文,戴宗坤WPKI应用体系架构研究.四川大学学报(自然科学版),2005,4(24):725-730.
66. Yang Mu, Zhang Runtong. New authentication scheme for M-commerce based on tow dimension bar code. Proceedings of 2008 IEEE International Conference on Service Operations and Logistics and Informatics,2008.
67. Lamport L. Password Authentication with Insecure Communication. Communication of ACM, 1981,24(11):770-772.
68. Chen T H, Lee W B, Horng G. Secure SAS-Like Password Authentication Schemes. Computer Standards and Interfaces,2004,27(1):25-31.
69. ManjulaSandiringama, Akihiro Shimizu, Matu-tarow Noda. Somple and Secure Password Authentication Protocol. IEICE Trans, Comm 2000.2000,83(6):1363-1365.
70.顾韵华,刘素英.动态口令身份认证机制及其安全性研究.微计算机信息,2007,23(11):51-53.
71.刘知贵,减爱军,陆荣杰,郑晓红.基于事件同步及异步的OTP身份认证技术研究.计算机应用研究,2006,23(6):133-134.
72. ElGamal T. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarighms. IEEE Transactions on Information Theory,1985,7,31(4):465-472.
73.周宇,王晓东,曹小华.椭圆曲线加密体制在移动电子商务安全中的应用.宁波大学学报(理工版),2008,21(2):145-149.
74. Shudong Jin, Azer Bestavros. GiSMo:Generator of Streaming Media Objects and Workloads. Performance Evaluation Revies,2001,29(3):12-19.
75. Dahlstrm Erik. The Jalda Payment Method. ePSO-Newsletter,2001,2,5(4):82-95.
76.李明柱,李志江,杨义先等.基于PayWord的WWW小额支付模型.北京邮电大学学报,2002,25 (2):23-27.
77. F. Bao, R.H. Deng and H.Zhu. Variations of Diffie-Hellman Problem. Proc. ICS'03, IEEE Press,2003,301-312.
78. Smart N.P. A Comparsion of Different Finite Fields for Elliptic Curve Cryptosystems. Computer and Mathematics with Application,2001,42:91-100.
79.王育民,刘建伟.通信网的安全一理论与技术.西安:西安电子科技大学出版社,1999.
80. Wang Xiaoyun, Yu Hong bo. How to break MD5 and other hash functions. Advances in Cryptology-EUROCRYPT 2005:24th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Proceedings LNCS 3494.2005:19-35.
81. L. Chen, C. Kudla and K. G.Paterson. Concurrent Signatures. Eurocrypt'04. LNCS,2004, 3027:287-305.
82. W. Susilo, Y. Mu and F. Zhang. Perfect Concurrent Signatuse Schemes. Information and Communications Security.2004,3269:14-26.
83. W. Susilo and Y. Mu. Tripartite Concurrent Signatures.IFIP/SEC'05,2005,5:425-441.
84. Dongyvu Tonien, Willy Susilo and Reihaneh Safavi-Naini. Multi-party Concurrent Signatures. ISC'06,2006,4176:131-145.
85. Wang Gui-lin, Bao Feng, Zhou Jian-ying. The fairness of perfect concurrent signatures. ICICS'06 LNCS 4307:435-451.
86. Micali S.. Simple and fast optimistic protocols for fair electronic exchange.22th annual ACM Symp on Principles of Distributed Computing. ACM Press,2003:12-19.
87. Park J. M., Chong E., Eiegel H.J. and et al. Constructing fair exchange protocols for e-commerce via distributed computation of RSA signatures.22th Annual ACM Symp on Principles of Distributed Computing,2003,172-181.
88. Dodis Y. and Reyzin L.. Breaking and repairing optimistic fair exchange. ACM Workshop on Digital Rights Management,2003:47-54.
89. Boyd C. and Foo E.. Off-Line fair Payment Protocols Using Convertible Signatures. In Proceedings of Advances in Cry ptology-ASIACRYPT'98:LNCS 1514, Springer-Verlag, 1998:271-285.
90. Garay J. A., Jakobsson M. and Mackenzie P.. Abuse-free Optimistic Contract Signing. In Proceedings of Advances in Cryptology-CRYPTO'99, LNCS 1666, Springer-Verlag, Berlin, Germany,1999:449-466.
91.李向东,王清贤,孙莉.无滥用的乐观多方合同签署协议.计算机应用研究,2009,26(5):1904-1907.
92.李云峰,何大可,路献辉.无须可信第三方的防滥用公平交易协议.计算应用研究,2009,26(8):3053-3055.
93. M. Schunter, Optimistic Fair Exchange, [doctoral dissertation]. Saarbrucken, Germany: Universiata des saarlandes,2000,259.
94. Lee Byung kwan, Lee Tai-Chi, Yang Seung Hae. A MEP (Mobile Electronic Payment) and IntCA Protocol Design. HPCC 2005, Italy,2005:331-339.
95. Zhang L., Yin J.P., Zhand Y.B. An Anonymous Digital Cash and Fair Payment Protocol Utilizing Smart Card in Mobile Environments. GCCW'06, Hunam, China,2006:335-340.
96. Karnouskos S., Hondroudaki A., Csik V.A.B. Security, trust and privacy in the secure mobile payment service.ICMB, New York, USA,2004:638-641.
97.刘军,廖建新.一种通用移动支付模型及其协议的研究.高技术通讯,2006,16(6):560-565.
98. Liu J., Liao J.X., Zhu X.M. A System Model and Protocol for Mobile Payment. ICEBE'05, Beijing,2005:638-641.
99. Mahmoud Reza Hashemi, Elahe Soroush. A Secure m-Payment Protocol for Mobile Devices. CCECE'06, Saskation, Canada.2006:294-297.
100. Di Pietro R., Me G., Strangio M.A. A two-factor mobile authentication scheme for secure financial transactions. ICMB, Sydney, Australia,2005:28-34.
101. Ramfos A., Karnouskos S., Vilmos A., et al. SEMOPS:paying with mobile personal devices. 13E, Toulouse, France,2004:22-27.
102. Garner P., Edwards R., Coulton P. Card -based macropayment for mobile phones. ICMB2006, Copenhagen,2006:4.
103. Me G., Strangio M.A. EC-PAY:an efficient and secure ECC-based wireless local payment scheme.ICITA'05, Sydney, Australia,2005:442-447.
104. Yong Lee, Jeail Lee, JooSeok Song. Design and implementation of wireless PKI technology suitable for mobile phone in mobile-commerce. Computer Communications,2007, (30): 893-903.
105.Marko Hassinen, Konstantin Hypponen, Kei jo Haataja. An Open, PIK-Based Mobile Payment System. ETRICA 2006. Freiburg, Germany,2006:86-1000.
106. Supakorn Kungpisdan. Modelling, Design and Analysis of Secure Mobile Payment System: (PHD Thesis). Australia:Monash University,2005.
107. SU SILOW, MU Yi, ZHANG Fangguo. Perfect concurrent signature schemes. The 6th information and communications security conference, Berlin, Spriger-verlag,2004:14-26.
108. Wang Guilin Bao Feng, Zhou Jianying. The fairness of perfect concurrent signatures. The 8th information and communications security conference, Berlin, Spriger-verlag,2006:435-451.
109. Li Yunfen, He Dake, Lu Xianhui. Accountability of perfect concurrent signature. http://eprint iacrorg/2008/301.
110.陈广辉,卿斯汉,齐志峰等.新颖的基于并发签名的公平交易协议.通信学报,2008,29(7):39-43.
111.肖海燕,张敏情,杨晓元,周宣武.一种基于同时生效签名的公平交易协议.计算机工程与应用,2009,45(33):206-207.
112.李云峰,何大可,路献辉.完美并发签名的可追究性研究.计算机工程,2009,35(17):157-159.
113.刘军.基于同时生效签名的Pay Word协议公平性改进.计算机应用,2010,30(6):1493-1494.
114.易小琳,周巍,鲁鹏程.一种基于超椭圆网线的肓签名方案.北京工业大学学报,2010,36(2):261-266.
115.明洋,姜正涛,王育民.一种改进的强代理签名方案.西安电子科技大学学报,2006, 33(5):778-781.
116.高伟,张国印,王欣萍.一种改进的椭圆曲线数字签名算法.黑龙江大大学自然科学学报,2009,26(6):775-780.
117.张军.椭圆曲线数字签名及其在电子公文传输中的应用.成都:成都理工大学,2007:18-20.
118.李佟鸿,麦永浩.椭园曲线密码体制安全性分析.网络安全技术与应用,2007(7):92-94.
119.胡兰兰,郑康锋,李剑,胡正名,杨义先.一种改进的椭圆曲线安全代理签名方案.计算机应用研究,2010,27(2):685-688.
120. CHANG M H, CHEN I T, CHEN M T. Design of proxy signature in ECDSA. The 8th International Conference on Intelligent Systems Design and Applications Kaohsung City, Taiwan,2008:17-22.
121.李复才,张永平,孙宁.椭圆曲线数字签名方案的研究与改进.计算机工程与设计,2007,28(21):5241-5242.
122.王衍波,薛通.应用密码学.北京:机械工业出版社,2003,165-185.
123. University of Rochester Department of Computer Science. Rochester Software Transactional Memory [EB/OL]. http://www.cs.rochester.edu/research/synchronization/rstm/.
124.丛清日,胡金初.基于椭圆曲线盲数字签名的电子选举.计算机工程,2010,36(13):156-158.
125.龚晓萍,刘志朋,黄继红.基于椭圆曲线盲签名的安全数字时间戳方案.计算机工程,2008,34(13):147-149.
126.许德武,陈伟.基于椭圆曲线的数字签名和加密算法.计算机工程,2011,37(4):168-169.
127. Hankerson D, Menezes A, Vanstone S椭圆曲线密码学导论.张焕国,译.北京电子工业出版社,2005:239-247.
128.杨义先,孙伟,钮心忻.现代密码新理.北京:科学出版社,2002.
129. Arzai B. Communication-computation Trade-off in Executing ECDSA in a Contactless Smartcard. Designs Codes and Cryptography,2006,38(1):399-415.
130.李方伟,万丽,闫少军.基于椭圆曲线的自代理盲签名方案.计算机工程,2012,38(3):139-144.
131.张建中,马伟芳.椭圆曲线上的盲代理肓签名方案.计算机工程,2010,36(11):126-127,130.
132. CAI Yongquan, LI Yunlong. An efficient partially blind signature with provable security. Journal of University of Electronic Science and Technobgy of China,2007,36(6):1167-1171.
133. Hwang Renjunn, Lai Chih Hua, Su Fengfu. An efficient Signcryption Scheme with Forward Secrecy based on Elliptic Curve. Applied Mathematics and Computation,2005,167(1): 870-881.
134.崔媛媛.移动支付业务现状与发展分析.移动通信,2007,31(6):30-33.
135.刘军,廖建新一种通用移动支付模型及其协议的研究.高技术通讯.2006,16(6):560-565.
136.卿斯汉.安全协议.北京:清华大学出版社,2005.
137.薛锐,冯登国.安全协议的形式化分析技术和方法.计算机学报.2006,29(1):1-20.
138.卿斯汉.一种电子商务协议形式化分析方法.软件学报,2005,16(10):1757-1765.
139.林松.基于Petri网的电子支付安全模型研究.计算机工程与设计,2005,26(8):2080-2082.