基于对称密码体制的移动支付安全协议研究
|
摘要
随着移动网络基础设施和移动终端设备的快速发展,移动支付正呈现飞速发展的趋势,许多国家都已经开始大力推动移动支付的发展和部署。由于支付环境的复杂和支付终端设备的性能受限,移动支付安全协议的设计和实现就面对更多的困难和挑战。如何设计一个便于统一支付平台的、安全高效的移动支付安全协议具有十分重要意义。考虑到公钥密码体制计算量大、资源耗费高的缺点,加上移动终端设备在电池续航、处理能力等方面相对不足,传统的公钥密码体制并不适合移动支付安全协议的设计。本文的重点工作就是研究如何基于对称密码体制实现安全高效的、易于推广实施的移动支付安全协议。3G移动网络已经大范围部署并投入使用,并且具有较好的安全机制,本文利用3G网络基础设施的安全组件,并通过增加Hash链认证的方式实现了一个安全高效的、易于推广实施的移动支付安全协议。本文的主要工作如下:
1)对Hash链认证的出错问题进行了分析,并给出了一种出错控制的方案。由于Hash链认证时验证严格依赖Hash链中结点的前后顺序,当其中一次验证出错时,会导致错误的持续传递,从而导致整个Hash链失效。本文给出了一种能够避免这种错误传递的方案,从而使Hash链认证能够更好的在移动支付环境中应用。
2)利用SVO逻辑分析了W.D. Chen等人的移动支付方案存在的安全缺陷,并提出了相应的改进方案。改进的方案既保留了Chen等人方案的简单、高效且容易部署到现有的移动网络基础设施上的优点,同时在安全性上得到了较大的提高。
3)根据改进的移动支付安全协议,设计了一个移动支付系统。通过对该移动支付系统的仿真,分析了该系统实际使用时的性能。在仿真系统中,开发了该系统的基于Android手机操作系统的手机支付终端应用程序,经过实际的操作体验,证明系统确实具有较好的易用性和用户体验。
Mobile payment developed rapidly along with the development of mobile network infrastructure and terminal devices. Many countries had already begun to vigorously promote the development and deployment of mobile payment. Due to the complexity of mobile payment environment and limited performance of terminal equipment, mobile payment faced more difficulties and challenges in security protocol design and realization. It was very important to design a unified payment platform, and a safe and efficient security protocol. Considering the complex calculation of public-key cryptosystem and high resource consuming, coupled with the disadvantage of terminal devices in terms of battery life and processing capacity, traditional public key cryptography was not suitable for designing mobile payment security protocol. This paper focused on how to get a mobile payment security protocol, which was safe and efficient and easy to be implemented, based on symmetric cryptography.3G mobile networks, which are of good security mechanism, had been widely deployed. Using security component of3G network infrastructure and increasing hash chain authentication, a safe, efficient, and easy to be implemented mobile payment security protocols was accomplished. The main work of this paper is as follows:
1) This paper analyzed the error of Hash chain authentication and gave a control scheme. Validation of Hash chain authentication was strictly dependent on the Hash chain node sequence, when one of validation got wrong, would continue to transmit errors, resulting in the entire hash chain failure. This paper gave a way to avoid this error propagation, which can make hash chain more useful in the mobile payment environment.
2) The mobile payment program proposed by MR. Chen et al. had been analyzed, using SVO, about the security flaw. This paper also gives a corresponding improved scheme. The improved scheme not only retained the advantages of the Chen's scheme, such as simple, efficient and easy to deploy to the existing mobile network infrastructure, at the same time the security was improved.3) According to the improved mobile payment secure protocol, a mobile payment system is designed. Based on the simulation of the system, the performance of the actual system is analyzed. In the simulation system, a mobile phone terminal application program based on Android system is developed. Through the actual operation experience, it has proved that the system has good usability and user experience.
1)对Hash链认证的出错问题进行了分析,并给出了一种出错控制的方案。由于Hash链认证时验证严格依赖Hash链中结点的前后顺序,当其中一次验证出错时,会导致错误的持续传递,从而导致整个Hash链失效。本文给出了一种能够避免这种错误传递的方案,从而使Hash链认证能够更好的在移动支付环境中应用。
2)利用SVO逻辑分析了W.D. Chen等人的移动支付方案存在的安全缺陷,并提出了相应的改进方案。改进的方案既保留了Chen等人方案的简单、高效且容易部署到现有的移动网络基础设施上的优点,同时在安全性上得到了较大的提高。
3)根据改进的移动支付安全协议,设计了一个移动支付系统。通过对该移动支付系统的仿真,分析了该系统实际使用时的性能。在仿真系统中,开发了该系统的基于Android手机操作系统的手机支付终端应用程序,经过实际的操作体验,证明系统确实具有较好的易用性和用户体验。
Mobile payment developed rapidly along with the development of mobile network infrastructure and terminal devices. Many countries had already begun to vigorously promote the development and deployment of mobile payment. Due to the complexity of mobile payment environment and limited performance of terminal equipment, mobile payment faced more difficulties and challenges in security protocol design and realization. It was very important to design a unified payment platform, and a safe and efficient security protocol. Considering the complex calculation of public-key cryptosystem and high resource consuming, coupled with the disadvantage of terminal devices in terms of battery life and processing capacity, traditional public key cryptography was not suitable for designing mobile payment security protocol. This paper focused on how to get a mobile payment security protocol, which was safe and efficient and easy to be implemented, based on symmetric cryptography.3G mobile networks, which are of good security mechanism, had been widely deployed. Using security component of3G network infrastructure and increasing hash chain authentication, a safe, efficient, and easy to be implemented mobile payment security protocols was accomplished. The main work of this paper is as follows:
1) This paper analyzed the error of Hash chain authentication and gave a control scheme. Validation of Hash chain authentication was strictly dependent on the Hash chain node sequence, when one of validation got wrong, would continue to transmit errors, resulting in the entire hash chain failure. This paper gave a way to avoid this error propagation, which can make hash chain more useful in the mobile payment environment.
2) The mobile payment program proposed by MR. Chen et al. had been analyzed, using SVO, about the security flaw. This paper also gives a corresponding improved scheme. The improved scheme not only retained the advantages of the Chen's scheme, such as simple, efficient and easy to deploy to the existing mobile network infrastructure, at the same time the security was improved.3) According to the improved mobile payment secure protocol, a mobile payment system is designed. Based on the simulation of the system, the performance of the actual system is analyzed. In the simulation system, a mobile phone terminal application program based on Android system is developed. Through the actual operation experience, it has proved that the system has good usability and user experience.
引文
[1]Mobile Payment Forum. Mobile payment forum white paper [EB/OL].2002. http:/ www.mobilepaymentforum.org/pdfs/mpf_whitepaper.pdf.
[2]2010年全球手机移动支付额2410亿美元[J].移动通信,2011:80.
[3]G. Zhang, F. Cheng, C. Meinel. Towards Secure Mobile Payment Based on SIP[C]. In: 15th Annual IEEE International Conference and Workshop on the Engineering Based System. Belfast. April 2008. IEEE Computer Society,2008:96-104.
[4]Sabrina M. Shedid, Mohamed Kouta. Modified SET Protocol for Mobile Payment:An Empirical Analysis[C]. In:2010 2nd International Conference on Software Technology and Engineering(ICSTE). San Juan, PR. Octomber 2010. International Journal of Computer Science and Network Security, 2010,10(7):350-355.
[5]Tan Soo Fun, Leau Yu Beng, Jonathan Likoh, Rozaini Roslan. A Lightweight and Private Mobile Payment Protocol by Using Mobile Network Operator[C]. In: Proceedings of the International Conference on Computer and Communication Engineering 2008. Kuala Lumpur. Malaysia. May 2008.2008:162-166.
[6]张娟,许春香.基于对称密钥的移动支付协议[J].信息技术.2006,2:47-50.
[7]蔡满春,赵海洋,郭代飞.移动环境下的一种基于双向认证的哈希链签名方案.计算机应用研究[J],2008,25(5):1532-1533.
[8]曹华,金瓯,贺建飚.基于双哈希链的公平移动支付协议的设计和分析[J].计算机测量与控制.2007,15:117-119.
[9]冯俊,陈家琪,沈海峰.基于双Hash链的移动支付微证书验证优化策略[J].计算机工程与设计.2010,,31(3):480-482.
[10]Lam Portl. Password authentication with insecure communication[J]. Communications of the ACM,1981,24(11):770-720.
[11]W.D. Chen, G.P. Hancke, K.E. Mayes, Y. Lien. J-H. Chiu. NFC Mobile Transactions and Authentication based on GSM Network[C]. In:2010 Second International Workshop on Near Field Communication (NFC). Grimaldi Forum, Monaco. April 2010. IEEE Computer Society,2010:83-89.
[12]W.D. Chen, G.P. Hancke, K.E. Mayes, Y. Lien, J-H. Chiu. Using 3G Network Components to Enable NFC Mobile Transactions and Authentication[C]. In:2010 IEEE International Conference on Progress in Informatics and Computing (PIC2010). Shanghai, China. December 2010.2010:441-448.
[13]李曦,胡汉平.一种安全的移动支付方法[J].计算机应用研究.2008,25(5):1546-1549.
[14]蔡祥.3G网络下的移动支付模式与技术研究[D].复旦大学硕士论文.2008.
[15]李锋.移动支付安全研究[D].山东大学博士论文.2008.
[16]Jun Liu, Jianxin Liao, Xiaomin Zhu. A system model and protocol for mobile payment[C]. In:Proceeding of the 2005 IEEE International Conference on e-Business Engineering (ICEBE'05). Beijing, China. December 2005. IEEE Computer Society, 2005:384-389.
[17]Stamatis Karnouskos, Fraunhofer Fokus. Mobile payment: A journey through existing procedures and standardization initiatives[C]. In:IEEE Communication Surveys & Tutorials. Washington DC, USA. December 2003. IEEE Communications Surveys, 2003:44-66.
[18]Muller-Versee. Mobile commerce report[R]. Durlacher Research Ltd, London, 2003.
[19]卫红春,马丁.基于改进的3-D Secure协议的移动支付安全解决方案[J].计算机应用与软件.2011,28(4):180-192.
[20]郭盛兴.移动支付系统消启、通信机制的改进[D].北京邮电大学硕士论文.2009.
[21]刘文琦.移动支付系统安全的若干关键问题研究[D].大连理工大学博士论文.2008.
[22]梁敏.移动支付发展现状及其方向研究[D].北京邮电大学硕士论文.2011.
[23]邓方民.移动支付系统安全机制研究[D].西安电子科技大学硕士论文.2006.
[24]姜文婕.移动支付系统体系结构及安全分析[D].上海交通大学硕士论文.2007.
[25]汪杨琴.移动支付协议安全性研究[D].上海交通大学硕士论文.2007.
[26]陈香梓.面向3G的移动支付安全问题的研究[D].合肥工业大学硕士论文.2010.
[27]何大可,彭代渊,唐小虎,何明星,梅其祥.现代密码学[M].人民邮电出版社.2009年9月.
[28]李曦.基于身份的密码体制研究及其在移动支付业务中的应用[D].华中科技大学博士论文.2009.
[29]Mahmoud Reza Hasemi, Elahe Soroush. A Secure m-Payment Protocol for Mobile Device[C]. In:Canadian Conference on Electrical and Computer Engineering, 2006 (CCECE'06). Ottawa. Ont. January 2006. IEEE Computer Society,2006:294-297.
[30]Mastercard and Visa. SET Protocol Specifications [EB/OL].1997. http://www.setco. org/setspecifications.html.
[31]M. Bellare, J. A. Garay, R. Hauser. A. Herzberg, H. Krawczyk, M. Steiner, G. Tsudik, E.Van Herreweghen, M. Waider. Design, Implementation, and Deployment of iKP Secure Electronic Payment System[J]. In:IEEE Journal on Selected Areas in Communications,2000,18(4):611-627.
[32]N. Borisov, I. Goldberg, D. Wagner. Intercepting mobile communications:The insecurity of 802.11[C]. In:Proc. ACM Int. Conf. Mobile Computing and Networking. New York, NY, USA. July 2001. IEEE Communications Society, 2001:180-189.
[33]N. Kreyer, K. Pousttchi, Klaus Turowski. Standardized Payment Procedures as Key Enabling Factor for Mobile Commerce[C]. In:Lecture Notes in Computer Science.2002, 2455:383-390.
[34]Supakorn Kungpisdan, Bala Srinivasan, Phu Dung Le. Lightweight Mobile Credit-Card Payment Protocol[C]. In:Lecture Notes in Computer Science, 2003,2904:189-211.
[35]A. Romao, M. Silva. An Agent-based Secure Internet Payment System for Moblie Computing[C]. In:Lecture Notes in Computer Science. 1998,1402:80-93.
[36]Supakorn Kungpisdan, Bala Srinivasan, Phu Dung Le. A Practical Framework for Mobile SET Payment[C]. In:Proceedings of International E-Society Conference 2003. Lisbon, Portugal, June 2003.2003:321-328.
[37]M. Hassinen. K. Hypponenv, K. Haataja. An Open, PKI-Based Mobile Payment System[C]. In:Lecture Notes in Computer Science. 2006, 3995:86-100.
[38]J. Tellez, J. Sierra. Anonymous Payment in a Client Centric Model for Digital Ecosystem[C]. In:Digital Ecosystems and Technologies Conference, 2007 (DEST'07). Cairns. June 2007.2007:422-427.
[39]Supakorn Kungpisdan, Bala Srinivasan, Phu Dung Le. A Secure Account-Based Mobile Payment Protocol[C]. In:International Conference on Information Technology:Coding and Computing, 2004(ITCC 2004). Las Vegas, USA. April 2004. IEEE Computer Society, 2004:35-39.
[40]Changjie Wang, Ho-fung Leung. A Private and Efficient Mobile Payment Protocol[C]. In:Lecture Notes in Computer Science.2005,3802:1030-1035.
[41]P. Argyroudis, R. Verma, H. Tewari, D. O'Mahony. Performance analysis of cryptographic protocols on handheld devices[C]. In:3rd IEEE International Sysposium Network Computing and Applications,2004 (NCA 2004). Cambridge, MA. September 2004. IEEE Computer Society, 2004:169-174.
[42]Ali Akbar Tabandehjooy, Navid Nazhand. A Lightweight and Secure Protocol for Mobile Payments via Wireless Internet in M-Commerce[C]. In: 2010 International Conference on e-Education, e-Business, e-Management and e-Learning. Sanya, China, June 2010.2010:495-498.
[43]Devendra Mani Tripathi. A Note on Modified SET Protocol for Mobile Payment[C]. In: 2011 International Conference for Internet Technology and Secured Transactions (ICITST 2011). Abu Dhabi, United Arab Emirates, December 2011.2011:639-641.
[44]P. F. Syverson, P. C. Oorschot. On Unifying Some Cryptographic Protocol Logics[C]. In:Proceedings of the 1994 IEEE Computer Society Symposium on Research in Security and Privacy. Oakland, CA, May 1994. Los Alamitos:IEEE Computer Society Press,1994:14-28.
[45]M. Burrows, M. Abadi, R. Needham. A Logic of Authentication[R]. Research Report 39, Digital Systems Research Center. February 1989. In:Proceedings of the Royal Society. 1989,426(1871):233-271.
[46]桑永宣,曾吉文.一种新的双方不可否认密码协议及其形式化分析[J].厦门大学学报(自然科学版).2008,47(5):635-640.
[47]卿斯汉.安全协议[M].清华大学出版社.2005年3月.
[48]Xu Yong, Yan Tingting. Detailed Design and Analysis on Error Handing and Controlling Protocol in Mobile Payment[C]. In:Communications in Computer and Information Science.2011,134:755-760.
[49]G. Myagmar.3G Security Overview[EB]. http://srg.cs.uiuc.edu/MobileSec/posteddocs/ 3GSecurityOverview.ppt.
[50]M. Walker. Security for 3G Systems[EB]. http://www.isrc.rhul.ac.uk/usecal/ OtherPublications/certicompers2.ppt.
[51]李世鸿,李方伟.3G移动通信中的安全改进[J].重庆邮电学院学报2002,,14(4):24-27.
[52]牛静媛.移动通信系统安全性分析[D].北京邮电大学硕士论文.2008.
[53]邹杰.基于Android的移动支付客户端的设计与实现[D].北京邮电大学硕士论文.2011.
[2]2010年全球手机移动支付额2410亿美元[J].移动通信,2011:80.
[3]G. Zhang, F. Cheng, C. Meinel. Towards Secure Mobile Payment Based on SIP[C]. In: 15th Annual IEEE International Conference and Workshop on the Engineering Based System. Belfast. April 2008. IEEE Computer Society,2008:96-104.
[4]Sabrina M. Shedid, Mohamed Kouta. Modified SET Protocol for Mobile Payment:An Empirical Analysis[C]. In:2010 2nd International Conference on Software Technology and Engineering(ICSTE). San Juan, PR. Octomber 2010. International Journal of Computer Science and Network Security, 2010,10(7):350-355.
[5]Tan Soo Fun, Leau Yu Beng, Jonathan Likoh, Rozaini Roslan. A Lightweight and Private Mobile Payment Protocol by Using Mobile Network Operator[C]. In: Proceedings of the International Conference on Computer and Communication Engineering 2008. Kuala Lumpur. Malaysia. May 2008.2008:162-166.
[6]张娟,许春香.基于对称密钥的移动支付协议[J].信息技术.2006,2:47-50.
[7]蔡满春,赵海洋,郭代飞.移动环境下的一种基于双向认证的哈希链签名方案.计算机应用研究[J],2008,25(5):1532-1533.
[8]曹华,金瓯,贺建飚.基于双哈希链的公平移动支付协议的设计和分析[J].计算机测量与控制.2007,15:117-119.
[9]冯俊,陈家琪,沈海峰.基于双Hash链的移动支付微证书验证优化策略[J].计算机工程与设计.2010,,31(3):480-482.
[10]Lam Portl. Password authentication with insecure communication[J]. Communications of the ACM,1981,24(11):770-720.
[11]W.D. Chen, G.P. Hancke, K.E. Mayes, Y. Lien. J-H. Chiu. NFC Mobile Transactions and Authentication based on GSM Network[C]. In:2010 Second International Workshop on Near Field Communication (NFC). Grimaldi Forum, Monaco. April 2010. IEEE Computer Society,2010:83-89.
[12]W.D. Chen, G.P. Hancke, K.E. Mayes, Y. Lien, J-H. Chiu. Using 3G Network Components to Enable NFC Mobile Transactions and Authentication[C]. In:2010 IEEE International Conference on Progress in Informatics and Computing (PIC2010). Shanghai, China. December 2010.2010:441-448.
[13]李曦,胡汉平.一种安全的移动支付方法[J].计算机应用研究.2008,25(5):1546-1549.
[14]蔡祥.3G网络下的移动支付模式与技术研究[D].复旦大学硕士论文.2008.
[15]李锋.移动支付安全研究[D].山东大学博士论文.2008.
[16]Jun Liu, Jianxin Liao, Xiaomin Zhu. A system model and protocol for mobile payment[C]. In:Proceeding of the 2005 IEEE International Conference on e-Business Engineering (ICEBE'05). Beijing, China. December 2005. IEEE Computer Society, 2005:384-389.
[17]Stamatis Karnouskos, Fraunhofer Fokus. Mobile payment: A journey through existing procedures and standardization initiatives[C]. In:IEEE Communication Surveys & Tutorials. Washington DC, USA. December 2003. IEEE Communications Surveys, 2003:44-66.
[18]Muller-Versee. Mobile commerce report[R]. Durlacher Research Ltd, London, 2003.
[19]卫红春,马丁.基于改进的3-D Secure协议的移动支付安全解决方案[J].计算机应用与软件.2011,28(4):180-192.
[20]郭盛兴.移动支付系统消启、通信机制的改进[D].北京邮电大学硕士论文.2009.
[21]刘文琦.移动支付系统安全的若干关键问题研究[D].大连理工大学博士论文.2008.
[22]梁敏.移动支付发展现状及其方向研究[D].北京邮电大学硕士论文.2011.
[23]邓方民.移动支付系统安全机制研究[D].西安电子科技大学硕士论文.2006.
[24]姜文婕.移动支付系统体系结构及安全分析[D].上海交通大学硕士论文.2007.
[25]汪杨琴.移动支付协议安全性研究[D].上海交通大学硕士论文.2007.
[26]陈香梓.面向3G的移动支付安全问题的研究[D].合肥工业大学硕士论文.2010.
[27]何大可,彭代渊,唐小虎,何明星,梅其祥.现代密码学[M].人民邮电出版社.2009年9月.
[28]李曦.基于身份的密码体制研究及其在移动支付业务中的应用[D].华中科技大学博士论文.2009.
[29]Mahmoud Reza Hasemi, Elahe Soroush. A Secure m-Payment Protocol for Mobile Device[C]. In:Canadian Conference on Electrical and Computer Engineering, 2006 (CCECE'06). Ottawa. Ont. January 2006. IEEE Computer Society,2006:294-297.
[30]Mastercard and Visa. SET Protocol Specifications [EB/OL].1997. http://www.setco. org/setspecifications.html.
[31]M. Bellare, J. A. Garay, R. Hauser. A. Herzberg, H. Krawczyk, M. Steiner, G. Tsudik, E.Van Herreweghen, M. Waider. Design, Implementation, and Deployment of iKP Secure Electronic Payment System[J]. In:IEEE Journal on Selected Areas in Communications,2000,18(4):611-627.
[32]N. Borisov, I. Goldberg, D. Wagner. Intercepting mobile communications:The insecurity of 802.11[C]. In:Proc. ACM Int. Conf. Mobile Computing and Networking. New York, NY, USA. July 2001. IEEE Communications Society, 2001:180-189.
[33]N. Kreyer, K. Pousttchi, Klaus Turowski. Standardized Payment Procedures as Key Enabling Factor for Mobile Commerce[C]. In:Lecture Notes in Computer Science.2002, 2455:383-390.
[34]Supakorn Kungpisdan, Bala Srinivasan, Phu Dung Le. Lightweight Mobile Credit-Card Payment Protocol[C]. In:Lecture Notes in Computer Science, 2003,2904:189-211.
[35]A. Romao, M. Silva. An Agent-based Secure Internet Payment System for Moblie Computing[C]. In:Lecture Notes in Computer Science. 1998,1402:80-93.
[36]Supakorn Kungpisdan, Bala Srinivasan, Phu Dung Le. A Practical Framework for Mobile SET Payment[C]. In:Proceedings of International E-Society Conference 2003. Lisbon, Portugal, June 2003.2003:321-328.
[37]M. Hassinen. K. Hypponenv, K. Haataja. An Open, PKI-Based Mobile Payment System[C]. In:Lecture Notes in Computer Science. 2006, 3995:86-100.
[38]J. Tellez, J. Sierra. Anonymous Payment in a Client Centric Model for Digital Ecosystem[C]. In:Digital Ecosystems and Technologies Conference, 2007 (DEST'07). Cairns. June 2007.2007:422-427.
[39]Supakorn Kungpisdan, Bala Srinivasan, Phu Dung Le. A Secure Account-Based Mobile Payment Protocol[C]. In:International Conference on Information Technology:Coding and Computing, 2004(ITCC 2004). Las Vegas, USA. April 2004. IEEE Computer Society, 2004:35-39.
[40]Changjie Wang, Ho-fung Leung. A Private and Efficient Mobile Payment Protocol[C]. In:Lecture Notes in Computer Science.2005,3802:1030-1035.
[41]P. Argyroudis, R. Verma, H. Tewari, D. O'Mahony. Performance analysis of cryptographic protocols on handheld devices[C]. In:3rd IEEE International Sysposium Network Computing and Applications,2004 (NCA 2004). Cambridge, MA. September 2004. IEEE Computer Society, 2004:169-174.
[42]Ali Akbar Tabandehjooy, Navid Nazhand. A Lightweight and Secure Protocol for Mobile Payments via Wireless Internet in M-Commerce[C]. In: 2010 International Conference on e-Education, e-Business, e-Management and e-Learning. Sanya, China, June 2010.2010:495-498.
[43]Devendra Mani Tripathi. A Note on Modified SET Protocol for Mobile Payment[C]. In: 2011 International Conference for Internet Technology and Secured Transactions (ICITST 2011). Abu Dhabi, United Arab Emirates, December 2011.2011:639-641.
[44]P. F. Syverson, P. C. Oorschot. On Unifying Some Cryptographic Protocol Logics[C]. In:Proceedings of the 1994 IEEE Computer Society Symposium on Research in Security and Privacy. Oakland, CA, May 1994. Los Alamitos:IEEE Computer Society Press,1994:14-28.
[45]M. Burrows, M. Abadi, R. Needham. A Logic of Authentication[R]. Research Report 39, Digital Systems Research Center. February 1989. In:Proceedings of the Royal Society. 1989,426(1871):233-271.
[46]桑永宣,曾吉文.一种新的双方不可否认密码协议及其形式化分析[J].厦门大学学报(自然科学版).2008,47(5):635-640.
[47]卿斯汉.安全协议[M].清华大学出版社.2005年3月.
[48]Xu Yong, Yan Tingting. Detailed Design and Analysis on Error Handing and Controlling Protocol in Mobile Payment[C]. In:Communications in Computer and Information Science.2011,134:755-760.
[49]G. Myagmar.3G Security Overview[EB]. http://srg.cs.uiuc.edu/MobileSec/posteddocs/ 3GSecurityOverview.ppt.
[50]M. Walker. Security for 3G Systems[EB]. http://www.isrc.rhul.ac.uk/usecal/ OtherPublications/certicompers2.ppt.
[51]李世鸿,李方伟.3G移动通信中的安全改进[J].重庆邮电学院学报2002,,14(4):24-27.
[52]牛静媛.移动通信系统安全性分析[D].北京邮电大学硕士论文.2008.
[53]邹杰.基于Android的移动支付客户端的设计与实现[D].北京邮电大学硕士论文.2011.