移动互联网络安全认证及安全应用中若干关键技术研究
|
摘要
移动互联网络作为未来互联网络发展的核心和趋势之一,随着相关移动应用的增加和互联程度以及开放程度的加大,给安全研究提出了新的更大的挑战。本文围绕着移动互联网络中安全认证和相关安全应用中若干关键安全问题,以安全认证、文档保护、安全签名服务和扩展移动互联网络安全四个部分的研究为主线,充分考虑移动互联网络中的安全需求和安全威胁,给出了切实可行的技术解决方案。论文的主要研究成果如下:
1.针对当前国内外通用的移动互联网络架构和典型应用场景,从不同角度分析了移动互联网络安全需求、威胁、风险和防护体系,提出了移动互联网络未来的安全趋势和研究热点。
2.针对目前移动互联网络中文档保护需求,提出了两种文档安全解决方案。一种是基于移动存储介质的移动文档保护新方案。该方案通过对移动存储介质进行功能域的划分,并使用方案中设计的安全验证协议与文档服务器进行加密传输,从而确保移动文档在未安装安全系统的目标计算机上、在移动存储介质被盗以及用户访问文档时密钥被盗等多种情况下传递的安全性。另一种是基于hash链授权协议的信息保护系统。为使企业内外部通信更便利,同时确保机密信息经过授权才可传送,本方案提出一种基于信息保护代理的系统和方案来授权机密信息。信息保护代理既能阻止企业用户在未通过批准前将涉及机密的信息发送到外部,还能审计全部信息授权过程。这里的授权过程基于端到端模式,并且代理的开销非常小,同样可应用于移动互联网环境。
3.针对目前移动互联网络中数字签名认证需求,提出了以智能手机整体替代计算机、智能卡、USB-Key等介质存储密钥并提供移动签名服务的技术方案。该技术方案从逻辑结构、功能结构、网络结构分析了移动签名服务功能的体系架构,详细说明了签名服务模块、身份与注册服务模块、消息服务模块、移动签名网关/SDK模块、终端模块的功能,以及遵循的相关标准和其他模块的交互等方面信息,最后给出了移动签名服务方案在数字签名服务、数字解密服务和身份认证服务三方面的业务应用举例。
4.针对目前移动互联网络安全认证需求,提出了两种身份认证的安全方案。一种是实现虚拟身份联盟的机制,此机制在一个非联盟域和一个联盟域或者两个非联盟域之间实施一个虚拟身份联盟。它对已有旧的认证系统的修改非常少,采用令牌适配器提供了一个完整的令牌管理,所以用户端和本地应用不需要任何修改。因为信任代理以嗅探模式工作并自动得到发送的令牌,所以本地认证中心也不需要任何更新。并且对用户来说,由于使用SSO模式,是否访问了本地应用或者是否跨域的边界访问了远程应用都是透明。另一种解决方式是不带时钟同步的单点登录协议,在没有时钟同步情况下仍能阻止重放攻击。单点登录服务器比较请求中的时戳和本地系统的时间,如果差值不超过预定义的门限值,则单点登录请求被视为有效;否则,单点登录请求视为超时。在此方法中,相关服务器和设备之间的时钟同步不是必须的,更容易实现部署。
5.针对移动互联网在一些扩展环境(如工业网络、物联网络、云环境等)中应用的安全问题,提出了一种全新的在工业互联网络中的认证机制,并提出了在未来移动工业网络环境下新的安全需求,并对云环境下的移动互联网络安全研究提出了新的方向。
As key part and future trend of internet, mobile internet has faced more challenges of security with more applications and open connections among different systems. This paper will focus on secure authentication, doc protection, secure mobile signature, and security in extended mobile internet of industry, and provide feasible technical solutions based on security needs and requirements from end customers. The main research results of our paper are as follows:
1. In view of the current domestic and foreign mobile internet architecture and typical application scenarios, we analyze and put forward the security requirements, threat, risk and protection architecture of mobile internet from different point of view.
2. This article presents a new solution of mobile and portable electronically published content protection which using function area and algorithm to ensure the mobile storage media security and secure authentication protocols to protect communication between data in storage media and document server, on condition that no security system installed on the target computer, the theft of mobile storage media, and key stolen when user access to the documents etc. To facilitate the communication between inside and outside of enterprise, while at the same time guarantee the authorization of confidential message, an information protection proxy-based system and method to authorize the confidential message is provided. User sends its message for outside receiver to his/her approver, and approver check the message and send the message to proxy if he/she agrees. The information protection system is based on a hash chain-based authorization protocol. The information protection proxy can prevent enterprise users from sending confidential involved messages to outside without approval, and at the same time audit the whole information authorization process. The authorization procedure is based on peer to peer mode and the proxy overhead is very low, and can also be used in mobile internet applications.
3. The solution in this article provide mobile signature service platform based on smart mobile phone which can replace computer, smart key and USB KEY with cryptographic features in total, and analyze mobile signature service system architecture from logical, functional, and network structure with different components of signature service, identification registration, message service, mobile signature gateway/SKD, terminal service and interconnection modules. At the same time, this solution has also provided some typical implementation scenarios, such as signature service, digital decryption and identification authentication service, and etc.
4. The mechanism implements a virtual identity federation between a non-federated domain and a federated domain or even between two non-federated domains. The modification to the existing old authentication system is very little. The user client and the local application do not need any modification since the Token Adapter provides a complete token management. The Local Authentication Center also does not need any update since the Trust Agent can work in snuffer mode and get the sending token automatically. A trust chain establishing method is used for verifying the old token. The signature and the token are transmitted using a different communication channel. The old authentication protocol is not modified. The trust chain protocol is highly efficient since it adopts a hash chain-based signature method and can meet the requirements of high performance. A random seed update mechanism improves the security of the protocol. It is transparent for the user whether he/she accesses the local application or accesses the remote application across domain borders by this SSO method. Another proposed SSO method can prevent the replay attack. The SSO server would compare the timestamp in the request with the local system time, if the difference is not more than a predefined threshold value, the SSO request is regarded as valid; otherwise, the SSO request is regarded as time out. The clock synchronization between the related servers and machines is not necessary in the proposed method, and so the proposed SSO method is easy to be deployed.
5. For the security problems of mobile internet in extended environments, such as industry network, internet of things and cloud computing, this paper presents a new solution for implementing access control for industry devices by separating complex identification, authentication and authorization decision function from simple authorization enforcement function. It utilizes dedicated access control server with sufficient computing and communication resources which can efficiently adopt strong cryptographic mechanism and flexible authorization technology, to provide strong security for access control in environments. At the same time, it consider the characteristics of industry devices, which have to fulfill real-time tasks with limited computing and communication resources, and only deploy the simple authorization enforcement function in industry devices for minimizing the overhead. At the same time, this paper also provides the new security requirements and research topics for future mobile industry internet and mobile secure applications in cloud computing environments.
1.针对当前国内外通用的移动互联网络架构和典型应用场景,从不同角度分析了移动互联网络安全需求、威胁、风险和防护体系,提出了移动互联网络未来的安全趋势和研究热点。
2.针对目前移动互联网络中文档保护需求,提出了两种文档安全解决方案。一种是基于移动存储介质的移动文档保护新方案。该方案通过对移动存储介质进行功能域的划分,并使用方案中设计的安全验证协议与文档服务器进行加密传输,从而确保移动文档在未安装安全系统的目标计算机上、在移动存储介质被盗以及用户访问文档时密钥被盗等多种情况下传递的安全性。另一种是基于hash链授权协议的信息保护系统。为使企业内外部通信更便利,同时确保机密信息经过授权才可传送,本方案提出一种基于信息保护代理的系统和方案来授权机密信息。信息保护代理既能阻止企业用户在未通过批准前将涉及机密的信息发送到外部,还能审计全部信息授权过程。这里的授权过程基于端到端模式,并且代理的开销非常小,同样可应用于移动互联网环境。
3.针对目前移动互联网络中数字签名认证需求,提出了以智能手机整体替代计算机、智能卡、USB-Key等介质存储密钥并提供移动签名服务的技术方案。该技术方案从逻辑结构、功能结构、网络结构分析了移动签名服务功能的体系架构,详细说明了签名服务模块、身份与注册服务模块、消息服务模块、移动签名网关/SDK模块、终端模块的功能,以及遵循的相关标准和其他模块的交互等方面信息,最后给出了移动签名服务方案在数字签名服务、数字解密服务和身份认证服务三方面的业务应用举例。
4.针对目前移动互联网络安全认证需求,提出了两种身份认证的安全方案。一种是实现虚拟身份联盟的机制,此机制在一个非联盟域和一个联盟域或者两个非联盟域之间实施一个虚拟身份联盟。它对已有旧的认证系统的修改非常少,采用令牌适配器提供了一个完整的令牌管理,所以用户端和本地应用不需要任何修改。因为信任代理以嗅探模式工作并自动得到发送的令牌,所以本地认证中心也不需要任何更新。并且对用户来说,由于使用SSO模式,是否访问了本地应用或者是否跨域的边界访问了远程应用都是透明。另一种解决方式是不带时钟同步的单点登录协议,在没有时钟同步情况下仍能阻止重放攻击。单点登录服务器比较请求中的时戳和本地系统的时间,如果差值不超过预定义的门限值,则单点登录请求被视为有效;否则,单点登录请求视为超时。在此方法中,相关服务器和设备之间的时钟同步不是必须的,更容易实现部署。
5.针对移动互联网在一些扩展环境(如工业网络、物联网络、云环境等)中应用的安全问题,提出了一种全新的在工业互联网络中的认证机制,并提出了在未来移动工业网络环境下新的安全需求,并对云环境下的移动互联网络安全研究提出了新的方向。
As key part and future trend of internet, mobile internet has faced more challenges of security with more applications and open connections among different systems. This paper will focus on secure authentication, doc protection, secure mobile signature, and security in extended mobile internet of industry, and provide feasible technical solutions based on security needs and requirements from end customers. The main research results of our paper are as follows:
1. In view of the current domestic and foreign mobile internet architecture and typical application scenarios, we analyze and put forward the security requirements, threat, risk and protection architecture of mobile internet from different point of view.
2. This article presents a new solution of mobile and portable electronically published content protection which using function area and algorithm to ensure the mobile storage media security and secure authentication protocols to protect communication between data in storage media and document server, on condition that no security system installed on the target computer, the theft of mobile storage media, and key stolen when user access to the documents etc. To facilitate the communication between inside and outside of enterprise, while at the same time guarantee the authorization of confidential message, an information protection proxy-based system and method to authorize the confidential message is provided. User sends its message for outside receiver to his/her approver, and approver check the message and send the message to proxy if he/she agrees. The information protection system is based on a hash chain-based authorization protocol. The information protection proxy can prevent enterprise users from sending confidential involved messages to outside without approval, and at the same time audit the whole information authorization process. The authorization procedure is based on peer to peer mode and the proxy overhead is very low, and can also be used in mobile internet applications.
3. The solution in this article provide mobile signature service platform based on smart mobile phone which can replace computer, smart key and USB KEY with cryptographic features in total, and analyze mobile signature service system architecture from logical, functional, and network structure with different components of signature service, identification registration, message service, mobile signature gateway/SKD, terminal service and interconnection modules. At the same time, this solution has also provided some typical implementation scenarios, such as signature service, digital decryption and identification authentication service, and etc.
4. The mechanism implements a virtual identity federation between a non-federated domain and a federated domain or even between two non-federated domains. The modification to the existing old authentication system is very little. The user client and the local application do not need any modification since the Token Adapter provides a complete token management. The Local Authentication Center also does not need any update since the Trust Agent can work in snuffer mode and get the sending token automatically. A trust chain establishing method is used for verifying the old token. The signature and the token are transmitted using a different communication channel. The old authentication protocol is not modified. The trust chain protocol is highly efficient since it adopts a hash chain-based signature method and can meet the requirements of high performance. A random seed update mechanism improves the security of the protocol. It is transparent for the user whether he/she accesses the local application or accesses the remote application across domain borders by this SSO method. Another proposed SSO method can prevent the replay attack. The SSO server would compare the timestamp in the request with the local system time, if the difference is not more than a predefined threshold value, the SSO request is regarded as valid; otherwise, the SSO request is regarded as time out. The clock synchronization between the related servers and machines is not necessary in the proposed method, and so the proposed SSO method is easy to be deployed.
5. For the security problems of mobile internet in extended environments, such as industry network, internet of things and cloud computing, this paper presents a new solution for implementing access control for industry devices by separating complex identification, authentication and authorization decision function from simple authorization enforcement function. It utilizes dedicated access control server with sufficient computing and communication resources which can efficiently adopt strong cryptographic mechanism and flexible authorization technology, to provide strong security for access control in environments. At the same time, it consider the characteristics of industry devices, which have to fulfill real-time tasks with limited computing and communication resources, and only deploy the simple authorization enforcement function in industry devices for minimizing the overhead. At the same time, this paper also provides the new security requirements and research topics for future mobile industry internet and mobile secure applications in cloud computing environments.
引文
[1]A Armando, D Basin, Y Boichut, The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications[J], Lecture Notes in Computer Science,2005, Volume 3576/2005, PP 135-165.
[2]William R Cheswick, Steven M. Bellovin, Aviel D. Rubin, Firewalls and Internet Security:Repelling the Wily Hacker[B], Addison-Wesley Longman Publishing Co., Inc. Boston, MA, USA (?)2003.
[3]Mun Choon Chan, Ramjee R, Improving TCP/IP Performance over Third-Generation Wireless Networks[J], Mobile Computing, IEEE Transactions on, Volume 7, Issue 4, PP 430-443.
[4]陈建勋,可信终端接入认证技术研究[D],国防科学技术大学,2010年。
[5]周功业,易佳,陈进才,基于角色访问控制的对象存储安全认证机制[J],计算机工程与设计,2007年第24期,PP 5847-5849。
[6]王长广,无线环境下恶意程序的传播机制研究[D],西安电子科技大学,2009年。
[7]Leavitt N, Internet Security under Attack:The Undermining of Digital Certificates [J], computer, 2011, Volume 44, Issue 12, PP 17-20.
[8]Sameer Hasan Al-Bakri, M L Mat Kiah, A A Zaidan, Securing peer-to-peer mobile communications using public key cryptography:New security strategy[J], International Journal of the Physical Sciences,18 February,2011, Vol.6(4), PP 930-938.
[9]Frisanco T, Tafertshofer P, Lurin P, Infrastructure sharing and shared operations for mobile network operators From a deployment and operations view[C], Network Operations and Management Symposium, NOMS 2008. IEEE,2008, PP 129-136.
[10]Djamal-Eddine Meddour, Tinku Rasheed, Yvon Gourhant, On the role of infrastructure sharing for mobile network operators in emerging markets[J], Computer Networks,16 May 2011, Volume 55, Issue 7, PP 1576-1591.
[11]S Leung, R J Croft, R J McKenzie, Effects of 2G and 3G mobile phones on performance and electrophysiology in adolescents, young adults and older adults[J], Clinical Neurophysiology, November 2011, Volume 122, Issue 11, PP 2203-2216.
[12]El-Ghazali Talbi, Herve Meunier, Hierarchical parallel approach for GSM mobilenetwork design[J], Journal of Parallel and Distributed Computing, February 2006, Volume 66, Issue 2, PP 274-290.
[13]Javad Akbari Torkestani, Mohammad Reza Meybodi, An efficient cluster-based CDMA/TDMA scheme for wireless mobile ad-hoc networks:A learning automata approach[J], Journal of Network and Computer Applications, July 2010, Volume 33, Issue 4, PP 477-490.
[14]Ghebretensae Zere, Harmatos Janos, Gustafsson Kare, Mobile broadband backhaul network migration from TDM to carrier Ethernet[J], IEEE Communications Magazine [IEEE Commun. Mag.], Oct 2010, Vol 48, no 10, PP 102-109.
[15]Jing Zhang, Xiong-Jian Liang, Business ecosystem strategies of mobilenetwork operators in the 3G era:The case of China Mobile[J], Telecommunications Policy, March 2011, Volume 35, Issue 2, PP 156-171.
[16]Etoh M, Ohya T, Nakayama Y, Energy Consumption Issues on Mobile Netwbrk Systems[C], Applications and the Internet,2008. SAINT 2008. International Symposium on, July 28 2008-Aug.1 2008, PP 365-368.
[17]Younchan Jung, Peradilla M, Tunnel gateway satisfying mobility and security requirements of mobile and IP-based networks[J], IEEE Journal of Communications and Networks,2011, Volume 13, Issue 6, PP 583-590.
[18]Schilling D L, Garodnick J, Grieco D, Impact on capacity to AMPS jamming CDMA/CDMA jamming AMPS in adjacent cells[C], Vehicular Technology Conference,1993 IEEE 43rd, PP 547-549.
[19]Michel Mouly, Marie-Bernadette Pautet, The GSM System for Mobile Communications [B], Telecom Publishing (?)1992.
[20]Meyer M, TCP performance over GPRS[C], Wireless Communications and Networking Conference, 1999. WCNC.1999 IEEE, vol 3, PP 1248-1252.
[21]Ekstrom H, Furuskar A, Karlsson J, Technical solutions for the 3G long-term evolution[J], Communications Magazine, IEEE, March 2006, Volume 44, Issue 3, PP 38-45.
[22]G Camarillo, MA Garcia-Martin, The 3G IP multimedia subsystem (IMS):merging the Internet and the cellular worlds [B],2001.
[23]Qin-long Qiu, Jian Chen, Ling-di Ping, LTE/SAE Model and its Implementation in NS 2[C],14-16 Dec.2009, PP 299-303.
[24]Hee-Woong Kim, Hock Chuan Chan, Sumeet Gupta, Value-based Adoption of MobileInternet:An empirical investigation[J], Decision Support Systems, Volume 43, Issue 1, February 2007, PP 111-126.
[25]Gupta V, Gupta S, Experiments in wireless Internet security[C], Wireless Communications and Networking Conference,2002. WCNC2002. IEEE, Mar 2002, Volume 2, PP 860-864.
[26]Gou-feng Zhao, Qing Shan, Shasha Xiao, Chuan Xu, Modeling Web Browsing on Mobile Internet[J], Communications Letters IEEE,2011, Volume 15, Issue 10, PP 1081-1083.
[27]《中国移动互联网白皮书(2011)》,中国电信研究院,2011。
[28]李钧,移动互联网的安全之思[J],网络与信息,2010年第10期,PP 61-62
[29]蒋诚,信息安全漏洞等级定义标准及应用[J],信息安全与通信保密,2007年第6期,PP 13-15。
[30]文伟平,恶意代码机理与防范技术研究[D],中国科学院研究生院(软件所),2005年。
[31]黄智勇,沈芳阳,刘怀亮,DDoS攻击原理及对策研究[J],计算机与现代化,2004年第3期,PP 73-75。
[32]陈达,网络钓鱼的现状、方式及防范初探[J],网络安全技术与应用,2006年第7期,PP35-37。
[33]吴颜,互联网垃圾信息的来源及解决方法[B],2005。
[34]卢凌,颜南霞,计算机的信息泄漏与反信息窃取[J],武汉交通科技大学学报,2000年第5期,PP 476-480。
[35]王永斌,移动互联网安全探析[J],现代电信科技,2008年第8期,PP 34-36。
[36]姜楠,移动网络安全技术与应用[B],电子工业出版社,2004。
[37]顾勇,齐开悦,陈剑波,Web2.0增值业务安全运营支撑系统的研究[J], 2007年第11期,PP17-19。
[38]王文强,崔媛媛,移动增值业务安全框架研究[J],电信网技术2010年第2期,PP 28-34。
[39]郝瑞晶,杨济安,GPRS数据业务的研究[J],移动通信,2005年第6期,PP 35-39。
[40]祁止华,任勋益,多媒体信息业务[J],中兴通讯技术,2004年第2期,PP28-30。
[41]刘夏,中国WAP业务发展的商业模式研究[D],北京邮电大学学报,2007年。
[42]代建军,基于SGIP协议的SMS增值业务开发与研究[D],成都理工大学,2005年
[43]SeJoon Honga, James Y L Thongb, Kar Yan Tam, Understanding continued information technology usage behavior:A comparison of three models in the context of mobileinternet[J], Decision Support Systems, December 2006, Volume 42, Issue 3, PP 1819-1834.
[44]马军,马慧,移动互联网安全问题分析及建议[J],:《现代电信科技》,2009年,第7期,PP46-49.
[45]卢煜,孔令山,移动互联网安全挑战与应对策略[J],通信世界,2012,第17期。
[46]《2010-2011中国互联网安全研究报告》,2011,金山网络。
[47]《智能手机用户对手机安全威胁的感知与应对行为》调研报告,2010,中国科学院心理研究所。
[48]段伟希,周智,张晨,移动互联网安全威胁分析与防护策略[J],电信工程技术与标准化,2010年第2期,PP 7-9。
[49]肖志辉,移动互联网研究综述[J],电信科学,2009,第10期,PP 22-41.
[50]王晓峰,吴建平,崔勇,互联网IPv6过渡技术综述[J],小型微型计算机系统,2006,第3期,PP 385-395。
[51]张东红,胡立强,中国移动互联网发展方向的研究[J],移动通信,2008年第13期,PP21-26。
[52]《中国移动互联网技术体制》,2004年2月,中国移动通信集团公司。
[53]RFC 1771, A Border Gateway Protocol 4 (BGP-4), https://ebook.tools.ietf.org/html/rfc1771,1995。
[54]《中国移动通信集团省级BOSS系统业务技术规范》,2001年2月,中国移动通信集团公司。
[55]《移动接入网IP承载的发展趋势》,2007年11月,通信世界周刊,http://www.cww.net.cn/tech/html/2007/11/5/20071151549258855 2.htm。
[56]邱岭,李挺,谢国亮,中国移动IP城域网建设与发展策略探讨[J],电信技术,2007年第10期,PP 38-41。
[57]WANG Yuanyuan, JIN Lianfu, Application and Realization of VLAN in Broadband Access[J], Computer Engineering,2003 09, PP 24-29.
[58]Timothy G. Griffin, Gordon Wilfong, On the correctness of IBGP configuration[C], SIGCOMM '02 Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications, October 2002, Volume 32 Issue 4, PP 17-29.
[59]Fortz B, Thorup M, Internet traffic engineering by optimizing OSPF weights[C], INFOCOM 2000. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE,2000, volume 2, PP 519-528.
[60]Muhammad Usman, Surraya Khanum, Wajahat Noshairwan, Performance Evaluation of Authentication Certificate Based Seamless Vertical Handoff in GPRS-WLAN[J], High Performance Computing and Applications,2010, Volume 5938/2010, PP 384-389.
[61]张宇,杨彬,张远,GPRS移动通信网管系统研究[J],北京联合大学学报,2005年第2期,PP 82-85。
[62]Chan H A, Requirements of interworking wirelessLAN and PLMN wireless data network systems[C], AFRICON,2004.7th AFRICON Conference in Africa, Vol.1, PP 251-255.
[63]王欣,朱旭明,GPRS业务实时计费网络规划[J],邮电设计技术,2009年第五期,PP49-54。
[64]Regis J Bates, GPRS:General Packet Radio Service[B], McGraw-Hill Professional (?)2001.
[65]张琮光,GPRS核心网的设计与实施[D],哈尔滨工程大学,2008年。
[66]Nepa P, Manara G, Serra A A, Multiband PIFA for WLAN mobile terminals[J], Antennas and Wireless Propagation Letters, IEEE,2005, Volume 4, PP 349-350.
[67]Heusse M, Rousseau F, Berger-Sabbatel G, A. Performance anomaly of 802.11b[C], INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications. IEEE Societies,30 March-3 April 2003, Volume:2, PP 836-843.
[68]Ott J, Kutscher D, Drive-thru Internet:IEEE 802.11b for "automobile" users [C], INFOCOM 2004. Twenty-third Annual Joint Conference of the IEEE Computer and Communications Societies,7-11 March 2004, Volume 1, PP 17-23.
[69]刘一,何丹,胥云,WLAN在四川电子政务中的应用[J],信息化建设,2003年第9期,PP 29-31。
[70]Grandi Claudio, Renzi Alessandro, Object Based System for Batch Job Submission and Monitoring (BOSS)[J], Detectors and Experimental Techniques,12 Mar 2003, PP 33-38.
[71]Siegfried Schreiber, Specification and generation of user interfaces with the BOSS-System[J], Human-Computer Interaction,1994, Volume 876/1994, PP 107-120.
[72]刘明爽,吉林移动WLAN(?)网络安全风险与防护措施研究[D],吉林大学,2011年。
[73]陈尚义,移动互联网安全技术研究[J],信息安全与通信保密,2010年第8期,PP 34-37。
[74]杨剑锋,移动互联网安全威胁探析[J],电信网技术,2009年第3期,PP 8-13.
[75]刘欣然,网络攻击分类技术综述[J],通信学报,2004年7月,第25卷第7期,PP 30-36。
[76]牛旭明,李智勇,桂坚勇,信息安全风险评估中的关键技术[J],信息安全与通信保密,2007年第4期,PP 17-20。
[77]《赛门铁克第十六期互联网安全威胁报告》,赛门铁克,2011年4月。
[78]云晓春,方滨兴,网络病毒主动预警模型[J],通信学报,2002年5月,vol 23,no 5,PP 103-107。
[79]张新宇,卿斯汉,马恒太,特洛伊木马隐藏技术研究[J],通信学报,2004年,第7期,PP 153-159。
[80]王平,方滨兴,云晓春,基于用习惯的蠕虫的早期发现[J],通信学报,2006年,第2期,PP 56-65。
[81]Stephen Fried, Mobile Device Security:A Comprehensive Guide to Securing Your Information in a Moving World [B], Auerbach Publications Boston, MA, USA (?)2010.
[82]李佳静,梁知音,韦韬,一种隐式流敏感的木马间谍程序检测方法[J],2010,vol 21(6),PP1426-4137。
[83]《2010-2011年中国互联网基础服务市场发展报告》,2011年9月,艾瑞咨询。
[84]孙知信,姜举举,焦琳,DDOS攻击检测和防御模型[J],软件学报,2007年9月Vol 18,No9,PP 2245-2258.
[85]贺红,徐宝文,袁胜忠,对应用软件进行安全测试的对手模式及其应用[J],计算机科学,2006年第9期,PP266-269。
[86]陈荻玲,怀进鹏,一种Web服务安全通信机制的研究与实现[J],计算机研究与发展,2004年第4期,PP 679-688。
[87]干鹃,李俊娥,刘珺,一种基于Proxy的Web应用安全漏洞检测方法及实现[J],武汉大学学报:工学版,2005年第5期,PP135-140。
[88]晓慧,趋势科技正式发布网络安全专家服务(TMES),网络安全技术与应用,2007年第6期,PP 13-14。
[89]魏亮,IP化过程中电信网络安全形势与分析[J],通信世界,2009年第37期,PP 10026-10026。
[90]Shi Yana, Cheng Jiayinb, Chen Shanzhi, A Mobile IPv6 based Distributed Mobility Management Mechanism of Mobile Internet[J], Physics Procedia,2012, Volume 25, PP 2249-2256.
[91]Zhang X J, Wagle R, Giles J, VLAN-Based Routing Infrastructure for an All-Optical Circuit Switched LAN[C], Global Telecommunications Conference,2009. GLOBECOM 2009. IEEE, Nov. 30 2009-Dec.4 2009, PP 1-6.
[92]Yan Luo, Eric Murray, Timothy L. Ficarra, Accelerated virtual switching with programmable NICs for scalable data center networking [C], VISA'10 Proceedings of the second ACM SIGCOMM workshop on Virtualized infrastructure systems and architectures,2010, PP 62-72.
[93]段伟希,周智,张晨,移动互联网安全威胁分析与防护策略[J],《电信工程技术与标准化》2010年第2期,PP 7-9.
[94]Pablo Rodriguez, Rajiv Chakravorty, Julian Chesterfield, MAR:a commuter router infrastructure for the mobile Internet[C], MobiSys '04 Proceedings of the 2nd international conference on Mobile systems, applications, and services, PP 217-230.
[95]Jochen Burkhardt, Thomas Schaeck, Horst Henn, Pervasive Computing:Technology and Architecture of Mobile Internet Applications[B], Addison-Wesley Longman Publishing Co., Inc. Boston, MA, USA (?)2001.
[96]Per E. Pedersen, Adoption of Mobile Internet Services:An Exploratory Study of Mobile Commerce Early Adopters[J], Journal of Organizational Computing and Electronic Commerce, Volume 15, Issue 3,2005, PP 203-222.
[97]Giovanni Camponovo, Yves Pigneur, BUSINESS MODEL ANALYSIS APPLIED TO MOBILE BUSINESS[J], the 5th International Conference on New trends in information Science and Service Science,2003.
[98]Matthew Hennessya, James Rielyb, Resource AccessControl in Systems of Mobile Agents [J], Electronic Notes in Theoretical Computer Science, Volume 16, Issue 3,1998, PP 174-188.
[99]Hasan, Jurgen Jahnert, Sebastian Zander, Authentication, Authorization, Accounting, and Charging for the Mobile Internet[J], Mobile Summit, September 2001, PP 135-138.
[100]Hasan, B S, Non-repudiation of consumption of mobile Internet services with privacy support[C], Wireless And Mobile Computing, Networking And Communications,2005. (WiMob'2005), IEEE International Conference on,22-24 Aug.2005, Vol 2, PP 1-8.
[101]Keng Siau, Zixing Shen, Mobile communications and mobile services [J], International Journal of Mobile Communications, PP 3-14.
[102]Slijepcevic S, On communication security in wireless ad-hoc sensor networks[C], Enabling Technologies:Infrastructure for Collaborative Enterprises,2002. WET ICE 2002. Proceedings. Eleventh IEEE International Workshops on, PP 139-144.
[103]Wenyu Jiang, Henning Schulzrinne, Assessment of VoIP Service Availability in the Current Internet[C], Proceedings of the 4th International Workshop on Foundations of Service-Oriented Architecture,2007, PP 93-101.
[104]Mikael Nilsson, Helena Lindskog, Simone Fischer-Hubner, Privacy Enhancements in the Mobile Internet[C], in IFIP WG 9.6/11.7 Working Conf. on Security and Control of IT in Society,2001, PP 15-16.
[105]Boppana R V, Xu Su, On the Effectiveness of Monitoring for Intrusion Detection in Mobile Ad Hoc Networks[J], Mobile Computing IEEE Transactions on,2011, Volume 10, Issue 8, PP 1162-1174.
[106]ITU-T RecommendationX.805 and its application to NGN, ITU/IETF Workshop on NGN, 2010.
[107]Tao Li, Dong Hong Bin, Yi Wen Liang, WeiWei Liu, Electronic Document Security Sharing System Based on Lineage Mechanism[C], Convergence and Hybrid Information Technology, 2008. ICCIT'08. Third International Conference on,2008, VOL 2, PP 602-606.
[108]Papadimitriou, P; Garcia-Molina, H.. Data Leakage Detection. [J] IEEE Transactions on Knowledge and Data Engineering.2010, PP 1-6.
[109]Wikipedia. Data Loss Prevention. http://en.wikipedia.org/wiki/data loss prevention.2009.
[110]Sachiko Yoshihama, Takuya Mishina, Tsutomu Matsumoto. Web-based Data Leakage Prevention.
[111]Kevin Borders, Atul Prakash. Quantifying information leaks in outbound web trace. IEEE Symposium on Security & Privacy.2009.
[112]Microsoft Technet. Protecting Data by Using EFS to Encrypt Hard Drive. [EB/0L]. http://www.microsoft.com/technet/security/smallbusiness/topics/cryptographyetc/protext data_efs.mspx.
[113]Chung-Ming Huang, Tz-Heng Hsu, and Ming-Fa Hsu. Network-aware P2P File Sharing over the Wireless Mobile Networks. [A] IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL.25, NO.1, JANUARY 2007 PP 204-210.
[114]Claudio E, Palazzi Armir Bujari, Emanuele Cervi. P2P File Sharing on Mobile Phones:Design and Implentation of a Prototype. [A] IEEE2009 PP 136-140.
[115]Sami Noponen, Kaarina Karppinen. Information Security of Remote File Transfers with Mobile Devices. [C]Annual IEEE International Computer Software and Applications Conference 2008, PP 973-978.
[116]Xinli Hu, Lianjie Ma, A Study on the Hybrid Encryption Technology in the Security Transmission of Electronic Documents[C], Information Science and Management Engineering (ISME),2010 International Conference of,2010, Volume 1, PP 60-63.
[117]M. E. Whitman, H, J, Mattord. Information Security Principles [M]. Tsinghua University Press. 2006.
[118]Japan Network Security Association. Information Security Incident Survey Report ver.1.0 http://www.jnsa.org/result/index.html.
[119]Krishnan S. Anand, Manu Goyal, Strategic Information Management Under Leakage in a Supply Chain [J], Management Science, Volume 55 Issue 3, March 2009.
[120]Charles Cresson Wood, Dave Lineman, Information Security Policies Made Easy Version 11 [B], ISBN:1881585166 9781881585169.
[121]Piya Shedden, Wally Smith and Atif Ahmad, Information Security Risk Assessment:Towards a Business Practice Perspective [C] Proceedings of the 8th Australian Information Security Mangement Conference,30th November 2010.
[122]Hangbae Chang, Jonggu Kang, Hyukjun Kwon and ChangHoon Lee, A Research Design on Technology Development for Securing Industrial Assets [C] Information Technology Convergence and Services (ITCS),2010 2nd International Conference on,11-13 Aug.2010, PP 1-4.
[123]SangYeob Na, SeungDae Lee, Design of Security Mechanism for Electronic Document Repository System[C], Convergence and Hybrid Information Technology,2008. ICHIT '08. International Conference on,2008, PP 708-715.
[124]Erwin Alday Alampay and Ma Regina M Hechanova, Monitoring Employee Use of the Internet in Philippine Organizations [J] The Electronic Journal of Information Systems in Developing Countries, Vol 40 (2010).
[125]Zhen Chen, Fa-Chao Deng, An-An Luo, Xin Jiang, Guo-Dong Li, Run-hua Zhang and Chuang Lin, Application level network access control system based on TNC architecture for enterprise network [C] Wireless Communications, Networking and Information Security (WCNIS),2010 IEEE International Conference on, PP 667-671.
[126]Zeng Min, Liu Qiong-mei and Wang Cheng, Practices of agile manufacturing enterprise data security and software protection [C] Industrial Mechatronics and Automation (ICIMA),2010 2nd International Conference on, PP 318-321.
[127]Sue-Chen Hsueh and Chien-Chih Kuo, SECURING MOBILE ACCESS OF CONFIDENTIAL DOCUMENTS BY INTEGRATING TRUSTED COMPUTING PLATFORMS WITH DIGITAL RIGHTS MANAGEMENTS [C] The 9th International Conference on Electronic Business, Macau, November 30-December 4,2009, PP 716-719.
[128]Becker M.Y, "Information Flow in Credential Systems, [C] Computer Security Foundations Symposium (CSF),2010 23rd IEEE, PP 171-185.
[129]Tschantz M.C and Wing J.M, xtracting Conditional Confidentiality Policies"[C] Software Engineering and Formal Methods,2008. SEFM '08. Sixth IEEE International Conference on, PP 107-116.
[130]Yixin Jiang, Chuang Lin, Hao Yin and Zhangxi Tan, Security analysis of mandatory access control model [C] Systems, Man and Cybernetics,2004 IEEE International Conference on, PP 5013-5018 vol.6.
[131]Lee, Yong; Lee, Jeail; Song, JooSeok, Design and implementation of wireless PKI technology suitable for mobile phone in mobile-commerce, Computer Communications (2007) vol.30 issue 4 (Nature-Ispired Distributed Computing) PP 893-903.
[132]Kiyomoto, S.; Tanaka, T. On optimized design of PKI for mobile services, Transactions of the Information Processing Society of Japan (2006) vol.47, no.8, PP 2712-2723.
[133]Ray, S.; Biswas, G.P."Design of Mobile-PKI for using mobile phones in various applications", 2011 International Conference on Recent Trends in Information Systems (2011), PP 297-302.
[134]Marko Hassinen, Konstantin Hypponen and Keijo Haataja, An Open, PKI-Based Mobile Payment System[J], Lecture Notes in Computer Science,2006, Volume 3995/2006, PP 86-100, DOI:10.1007/11766155 7.
[135]Antonio Ruiz-Martinez, Daniel Sanchez-Martinez, Maria Martinez-Montesinos, A survey of electronic signature solutions in mobile devices[J], Journal of Theoretical and Applied Electronic Commerce Research, December 2007, Volume 2 Issue 3, PP 94-109.
[136]Hee-Un Park and Im-Yeong Lee, A Digital Nominative Proxy Signature Scheme for Mobile Communication [J], Information and Communications Security,2001, Volume 2229/2001, PP 451-455.
[137]Samadani M H, Shajari M, Ahaniha M M, Self-Proxy Mobile Signature:A New Client-Based Mobile Signature Model[C], Advanced Information Networking and Applications Workshops (WAINA),2010 IEEE 24th International Conference on,2010, PP 437-442.
[138]Antonio Ruiz-Martinez, Juan Sanchez-Montesinos, Daniel Sanchez-Martinez, A mobile network operator-independent mobile signature service[J], Journal of Network and Computer Applications, January 2011, Volume 34, Issue 1, PP 294-311.
[139]ETSI TS 102 204, Mobile Commerce, Mobile Signature Services, Web Service Interface. http://docbox.etsi.org/EC Files/EC Files/ts 102204v010104p.pdf
[140]Ying Wenhao, Gao Ji, Ye Ronghua, Research on web service based on agent [J], Jisuanji Gongcheng/Computer Engineering (2005) vol.31 issue 14 PP 135-137.
[141]Fensel Dieter, Bussler Christoph,The Web Service Modeling Framework WSMF, Electronic Commerce Research and Applications(2002)vol.1 issue 2 PP 113-137.
[142]M Tian, T Voigt, T Naumowicz, Performance considerations for mobilewebservices[J], Computer Communications,1 July 2004, Volume 27, Issue 11, PP 1097-1105.
[143]ETSI TS 102 207. Mobile Commerce (M-COMM n) & Mobile Signature Service & Specifications for Roaming in Mobile Signature Services. V1.1.3. France, European Telecommunications Standards Institute,2003.
[144]Zhang, Li Zhang, Wei-Xi, Application of improved JDBC framework in date persistent[C], Computer Engineering and Design [Comp. Eng. Design].28 Apr 2010, Vol.31, no.8, PP 1746-1749.
[145]Fangwei Zheng, Huang J, Yuwei Zhang, RFID Information Acquisition:An Analysis and Comparison between ONS and LDAP [J], Information Science and Engineering (ICISE),2009 1st International Conference on,26-28 Dec.2009, PP 5091-5095.
[146]X.509. Information technology-Open Systems Interconnection-The directory:authentication framework. ITU-T,1993.
[147]Fujishiro T Sato A, Kumagai Y, Development of Hi-Speed X.509 Certification Path Validation System[C], Advanced Information Networking and Applications Workshops (WAINA),2010 IEEE 24th International Conference on,20-23 April 2010, PP 269-274.
[148]Munoz J L, Forne J, Castro J C, Evaluation of certificate revocation policies:OCSP vs. Overissued-CRL[C], Database and Expert Systems Applications,2002. Proceedings.13th International Workshop on,2-6 Sept.2002, PP 511-515.
[149]Xin Jin, Tal Soo Ha, and Dean P Smith, SNMP is a signaling component required for pheromone sensitivity in Drosophila[C], Proceedings of the National Academy of Sciences of the Unitede States of America, July 24 2008, vol 105 no 31, PP 10996-11001.
[150]HTTPS. Hypertext Transfer Protocol over Secure Socket Layer. Netscape,2000.
[151]C. Adams, S. Farrell, T. Kause. RFC 4210-2005. Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP). Network Working Group,2005.
[152]J. Schaad. RFC 4211-2005. Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF). Network Working Group,2005.
[153]M. Wahll, T. Howes, S. Kille. RFC 2251-1997. LDAP v3:Lightweight Directory Access Protocol (v3).1997.
[154]M. Rose, K. McCloghrie. RFC 1065-1988. Structure and Identification of Management Information for TCP/IP-based internets. Network Working Group,1988.
[155]K. McCloghrie, M. Rose. RFC 1066-1988. Management Information Base for network management of TCP/IP-based internets. Network Working Group,1988.
[156]J. Case, M. Fedor, M. Schoffstall. RFC 1067-1988. A Simple Network Management Protocol. Network Working Group,1988.
[157]CMPP Protocol. China Mobile Peer to Peer Protocol. Version 1.1, CMCC,2000.
[158]ETSI TS 102.225. Smart cards & Secured packet structure for UICC based applications. V 6.4.0. France, European Telecommunications Standards Institute,2007.
[159]Guangming Dai, Maocai Wang, Hanping Hu, Wu Yun, An Effective Signature Scheme Based on Tate Pairing for Mobile Business [C],2008, PP 1-4.
[160]刘立军,王静,统一身份管理技术框架及应用前景[J],电信技术,2009年第6期,PP 86-88。
[161]Dapeng Zhu, Jiajie Guo, Chunhee Cho, Yang Wang, Kok-Meng Lee, Wireless Mobile Sensor Network for the System Identification of a Space Frame Bridge[J],2012, Mechatronics IEEE/ASME Transactions on, Volume 17, Issue 3, PP 499-507.
[162]陈剑勇,吴桂华,身份管理技术及其发展趋势[J],电信科学,2009年第2期,PP 35-42。
[163]GZhao、D. Zhang and K. Chen, Design ofSingle Sign On, IEEE International Conference on E-Commcrca Technology for Dynamic E-Business,2004.
[164]S. Snbenthiran,Dr. k. Sandmsegaran and ILShalak, Requirements for Identity Management in Next Generation Networks. The 6th International Conference on Advanced Communication Technology,2004.1.
[165]Madsen P, Itoh H, Challenges to Supporting Federated Assurance[J], Computer,2009, Volume 42, Issue 5, PP 42-49.
[166]V. Samar,Single Sign On Using Cookies for WebApplications,1'oc. IEEE 8th International Workshops 011 Enabling Technologies:InfrEtruoure for Collaborative Enterprises, PP 16-18, June 1999.
[167]Microsoft. net Passport Rovicwr Guide. January 2004.
[168]" Assertions and Protocols for the OASIS Security Assertion Markup Language", v2.0, OASIS Standard,15 March 2005, available at:http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
[169]J. Shin. L. J. G-uibas, and F. Zhao. A distributed algorithm for managing multi-target Identities in wireless ad. hoc sensor networks. In F. Zhan and L Guibas. editors. Information Processing jn Sensor Networks,Lecture Nores in Computer Science 265t Palo Alto. CA.April 2003:PP 223-238.
[170]C. Rigney, S. Willens, A. Rubens, and W. Simpson, Remote Authentication Dial In User Service (RADIUS), IETF RFC2865, June 2000.
[171]Kohl J, Neuman. The Kerberos Network Authentication Services. RFC 1510,1993.
[172]Newman, B.C. and Ts'o, T., Kerberos:An Authentication Service for Computer Networks, IEEE Communications,32(9):33--38, Sept.1994.
[173]Tagg, Gary. Implementing a Kerberos Based Single Sign-on Infrastructure. Information Security Bulletin. November 2000.
[174]Windows Live ID. Website:http://www.passport.net.
[175]The Liberty Alliance, Website:http://www.projectliberty.org/.
[176]ENTRUST GetAccess, Website:http://www.entrust.com/internet-access-control/.
[177]SAP Enterprise Portal SSO, Website:http://www.sapsecurityonline.com/single sign on/sso r3 ep.htm
[178]IBM WebSphere, Website:http://www.ibm.com/websphere.
[179]Elberawi A S, Abdel-Hamid A, El-Sonni M T, Privacy-preserving identity federation middleware for web services (PIFM-WS)[C], Computer Engineering and Systems (ICCES), 2010 International Conference on,2010, PP 213-220.
[180]GRASER Thomas, JOSTMEYER Bernd, LENZ Norbert, Improved single sign on, IBM, International Patent Publication Number:WO 2007/060034 Al.
[181]D. E. Denning and G. M. Sacco. Timestamps in key distribution systems. Communications of the ACM,24(8):533{536,1981.
[182]N. Haller. The s/key one-time password system. RFC 1760,1995.
[183]N. Haller and C. Metz. A one-time password system. RFC 1938,1996.
[184]N. M. Haller. The S/KEY one-time password system. In Proceedings of the Symposium on Network and Distributed System Security, pages 151{157,1994.
[185]D. P. Kormann and A. D. Rubin. Risks of the passport single sign on protocol. Computer Networks,33:51{58,2000.
[186]D. L. McDonald, R. J. Atkinson, and C. Metz. One time passwords in everything (opie): Experience with building and using stronger authentication. In Proceedings of the 5 th USENIX UNIX Security Symposium,1995.
[187]Microsoft Passport, http://www.passport.net/. Date of access:November 18,2004.
[188]A. D. Rubin. Independent one-time passwords. Proceedings of the 5th USENIX Security Symposium:167{175,1995.
[189]T. Wu. The secure remote password protocol. In Proceedings of the Internet Society Symposium on Network and Distributed System Security, pages 97~111, March 1998.
[190]Kohl J, Neuman. The Kerberos Network Authentication Services. RFC 1510,1993.
[191]Newman B C and Ts'o T, Kerberos:An Authentication Service for Computer Networks, IEEE Communications,32(9):PP 33-38, Sept.1994.
[192]Tagg, Gary. Implementing a Kerberos Based Single Sign-on Infrastructure. Information Security Bulletin. November 2000.
[193]Chalandar M E, Darvish P, Rahmani A M, A centralized cookie-based single sign-on in distributed systems[C], Information and Communications Technology,2007. ICICT 2007. ITI 5th International Conference on,2007, PP163-165.
[194]Xiuli Yao and Huaying Shu, Study on Value-Added Service in Mobile Telecom Based on Association Rules[J], Software Engineering, Artificial Intelligences, Networking and Parallel/Distributed Computing,2009. SNPD '09.10th ACIS International Conference on, PP 116-119.
[195]Zhijun Gao, Wenlong Ding and Guanghui Wang, Application of the BP neural network classification model in the value-added services of telecom customers [C], Advanced Computer Control (ICACC),2011 3rd International Conference on, PP 620-623.
[196]Xiaoxia Zheng, Chao Liu, Chengzhe Huang, Yu Zou and Hongwei Yu, Comparison between Typical Discriminative Learning Model and Generative Model in Chinese Short Messages Service Spam Filtering [C], Asian Language Processing (IALP),2010 International Conference on, PP 182-184.
[197]Peizhou He, Yong Sun, Wei Zheng and Xiangming Wen, Filtering Short Message Spam of Group Sending Using CAPTCHA, [C], Knowledge Discovery and Data Mining,2008. WKDD 2008. First International Workshop on, PP 558-561.
[198]Chang Hsuan-Wei, Liang Yuan-Cheng, Huang Chih-Yen, Huang Shu-Mei and Lin Kuan-Ping, Integrated monitoring mechanism to enhance the management of value-added services in mobile communication network [C], Network Operations and Management Symposium (APNOMS),2011 13th Asia-Pacific, PP 1-4.
[199]ZHANG Ke1, LI Yang1, LIU Yang and CUI Zheng-guang, Design and realization of telecom value-added service platform SP management subsystem [J], Computer Engineering and Design 2010 vol 13.
[200]Ying-Feng Kuoa, Chi-Ming Wub and Wei-Jaw Deng, The relationships among service quality, perceived value, customer satisfaction, and post-purchase intention in mobile value-added services [J] Computers in Human Behavior 2009, vol 25, PP 887-896.
[201]Houssos Nikos, Paschou Christina-Eleni, Stathopoulou loanna-Ourania, Stamatis Konstantinos and Hardouveli Despina, Implementing citation management and report generation value-added services over OAI-PMH compliant repositories [C], The 5 th International Conference on Open Repositories (OR2010), Madrid, Spain,6-9 July 2010.
[202]Ying-Feng Kuoa, Shieh-Neng Yen, Towards an understanding of the behavioral intention to use 3G mobile value-added services [J], Computers in Human Behavior 2009, vol 25, PP 103-110.
[203]Sunitha N R, Amberker B B, Forward-Secure proxy Signature scheme for Cellphone service providers[C], Wireless and Optical Communications Networks,2008. WOCN '08.5th IFIP International Conference on,2008, PP 1-5.
[204]Peng-Ting Chena, Joe Z Cheng, "Unlocking the promise of mobile value-added services by applying new collaborative business models [J], Technological Forecasting and Social Change 2010, vol 77, PP 678-693.
[205]Neil Gershenfeld, Raffi Krikorian, Danny Cohenk, The Internet of things [J], Computer and Information Scienc,2004, Volume 291, Issue 4, PP 76-81.
[206]Rolf H Weber, Internet of Things - New security and privacy challenges[J], Computer Law & Security Review, January 2010, Volume 26, Issue 1, PP 23-30.
[207]刘玮,王红梅,肖青,物联网概念辨析[J],电信技术,2010年第1期,PP 5-8。
[208]H Kopetz. Internet of Things [J]. Real-Time Systems,2011,10.1007/978-1-4419-8237-7_ 13 PP 307-323.
[209]A. Jules, RFID security and privacy:a research survey[J], IEEE Journal on Selected Areas in Communications,2006, PP 24:381-394.
[210]E. Ngai, K. Moon, F. Riggins and C. Yi, RFID research:An academic literature review (1995-2005) and future research directions [J], International Journal of Production Economics,, 2008, PP 112:510-520.
[211]Rieback, MR.R., B.Crispo and A.S.Tanenbaum, The evolution of RFID security[J]. IEEE Pervasive Compute,2006b, PP 5:62-69.
[212]Metke A R, Ekl R L, Security Technology for Smart Grid Networks [J]. Smart Grid, IEEE Transactions on,2010, Issue 1:PP 99-107.
[213]David F. Ferraiolo, D. Richard Kuhn, and Ramaswamy Chandramouli. Role-Based Access Control,2003.
[214]Waldrop J, Colorwave:a MAC for RFID reader networks [C], Wireless Communications and Networking,2003, vol 3, PP 1701-1704.
[215]Ravi Sandhu. Future Directions in Role-Based Access Control Models. MMM-ACNS,2001.
[216]Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. Role-Based Access Control Models[J]. Computer, February 1996, Volume 29(2),PP 38-47.
[217]H. Krawczyk, M. Bellare and R.Canetti, HMAC:Keyed-Hashing for Message Authentication, IETF RFC 2104, February 1997.
[218]R. Perlman. An Overview of PKI Trust Models [J], IEEE Network,1999, PP 13(6):38-43.
[219]A. N. S. Institute. PKI Practices and Policy Framework. ANSI X9.79,2000.
[220]J Brodkin, Gartner:Seven cloud-computing security risks [J], Network World,2008, Volume: July, PP 2-3.
[221]Michael Armbrust, Armando Fox, Rean Griffith, A view of cloud computing [J], Communications of the ACM CACM, April 2010, Volume 53 Issue 4, PP 50-58.
[2]William R Cheswick, Steven M. Bellovin, Aviel D. Rubin, Firewalls and Internet Security:Repelling the Wily Hacker[B], Addison-Wesley Longman Publishing Co., Inc. Boston, MA, USA (?)2003.
[3]Mun Choon Chan, Ramjee R, Improving TCP/IP Performance over Third-Generation Wireless Networks[J], Mobile Computing, IEEE Transactions on, Volume 7, Issue 4, PP 430-443.
[4]陈建勋,可信终端接入认证技术研究[D],国防科学技术大学,2010年。
[5]周功业,易佳,陈进才,基于角色访问控制的对象存储安全认证机制[J],计算机工程与设计,2007年第24期,PP 5847-5849。
[6]王长广,无线环境下恶意程序的传播机制研究[D],西安电子科技大学,2009年。
[7]Leavitt N, Internet Security under Attack:The Undermining of Digital Certificates [J], computer, 2011, Volume 44, Issue 12, PP 17-20.
[8]Sameer Hasan Al-Bakri, M L Mat Kiah, A A Zaidan, Securing peer-to-peer mobile communications using public key cryptography:New security strategy[J], International Journal of the Physical Sciences,18 February,2011, Vol.6(4), PP 930-938.
[9]Frisanco T, Tafertshofer P, Lurin P, Infrastructure sharing and shared operations for mobile network operators From a deployment and operations view[C], Network Operations and Management Symposium, NOMS 2008. IEEE,2008, PP 129-136.
[10]Djamal-Eddine Meddour, Tinku Rasheed, Yvon Gourhant, On the role of infrastructure sharing for mobile network operators in emerging markets[J], Computer Networks,16 May 2011, Volume 55, Issue 7, PP 1576-1591.
[11]S Leung, R J Croft, R J McKenzie, Effects of 2G and 3G mobile phones on performance and electrophysiology in adolescents, young adults and older adults[J], Clinical Neurophysiology, November 2011, Volume 122, Issue 11, PP 2203-2216.
[12]El-Ghazali Talbi, Herve Meunier, Hierarchical parallel approach for GSM mobilenetwork design[J], Journal of Parallel and Distributed Computing, February 2006, Volume 66, Issue 2, PP 274-290.
[13]Javad Akbari Torkestani, Mohammad Reza Meybodi, An efficient cluster-based CDMA/TDMA scheme for wireless mobile ad-hoc networks:A learning automata approach[J], Journal of Network and Computer Applications, July 2010, Volume 33, Issue 4, PP 477-490.
[14]Ghebretensae Zere, Harmatos Janos, Gustafsson Kare, Mobile broadband backhaul network migration from TDM to carrier Ethernet[J], IEEE Communications Magazine [IEEE Commun. Mag.], Oct 2010, Vol 48, no 10, PP 102-109.
[15]Jing Zhang, Xiong-Jian Liang, Business ecosystem strategies of mobilenetwork operators in the 3G era:The case of China Mobile[J], Telecommunications Policy, March 2011, Volume 35, Issue 2, PP 156-171.
[16]Etoh M, Ohya T, Nakayama Y, Energy Consumption Issues on Mobile Netwbrk Systems[C], Applications and the Internet,2008. SAINT 2008. International Symposium on, July 28 2008-Aug.1 2008, PP 365-368.
[17]Younchan Jung, Peradilla M, Tunnel gateway satisfying mobility and security requirements of mobile and IP-based networks[J], IEEE Journal of Communications and Networks,2011, Volume 13, Issue 6, PP 583-590.
[18]Schilling D L, Garodnick J, Grieco D, Impact on capacity to AMPS jamming CDMA/CDMA jamming AMPS in adjacent cells[C], Vehicular Technology Conference,1993 IEEE 43rd, PP 547-549.
[19]Michel Mouly, Marie-Bernadette Pautet, The GSM System for Mobile Communications [B], Telecom Publishing (?)1992.
[20]Meyer M, TCP performance over GPRS[C], Wireless Communications and Networking Conference, 1999. WCNC.1999 IEEE, vol 3, PP 1248-1252.
[21]Ekstrom H, Furuskar A, Karlsson J, Technical solutions for the 3G long-term evolution[J], Communications Magazine, IEEE, March 2006, Volume 44, Issue 3, PP 38-45.
[22]G Camarillo, MA Garcia-Martin, The 3G IP multimedia subsystem (IMS):merging the Internet and the cellular worlds [B],2001.
[23]Qin-long Qiu, Jian Chen, Ling-di Ping, LTE/SAE Model and its Implementation in NS 2[C],14-16 Dec.2009, PP 299-303.
[24]Hee-Woong Kim, Hock Chuan Chan, Sumeet Gupta, Value-based Adoption of MobileInternet:An empirical investigation[J], Decision Support Systems, Volume 43, Issue 1, February 2007, PP 111-126.
[25]Gupta V, Gupta S, Experiments in wireless Internet security[C], Wireless Communications and Networking Conference,2002. WCNC2002. IEEE, Mar 2002, Volume 2, PP 860-864.
[26]Gou-feng Zhao, Qing Shan, Shasha Xiao, Chuan Xu, Modeling Web Browsing on Mobile Internet[J], Communications Letters IEEE,2011, Volume 15, Issue 10, PP 1081-1083.
[27]《中国移动互联网白皮书(2011)》,中国电信研究院,2011。
[28]李钧,移动互联网的安全之思[J],网络与信息,2010年第10期,PP 61-62
[29]蒋诚,信息安全漏洞等级定义标准及应用[J],信息安全与通信保密,2007年第6期,PP 13-15。
[30]文伟平,恶意代码机理与防范技术研究[D],中国科学院研究生院(软件所),2005年。
[31]黄智勇,沈芳阳,刘怀亮,DDoS攻击原理及对策研究[J],计算机与现代化,2004年第3期,PP 73-75。
[32]陈达,网络钓鱼的现状、方式及防范初探[J],网络安全技术与应用,2006年第7期,PP35-37。
[33]吴颜,互联网垃圾信息的来源及解决方法[B],2005。
[34]卢凌,颜南霞,计算机的信息泄漏与反信息窃取[J],武汉交通科技大学学报,2000年第5期,PP 476-480。
[35]王永斌,移动互联网安全探析[J],现代电信科技,2008年第8期,PP 34-36。
[36]姜楠,移动网络安全技术与应用[B],电子工业出版社,2004。
[37]顾勇,齐开悦,陈剑波,Web2.0增值业务安全运营支撑系统的研究[J], 2007年第11期,PP17-19。
[38]王文强,崔媛媛,移动增值业务安全框架研究[J],电信网技术2010年第2期,PP 28-34。
[39]郝瑞晶,杨济安,GPRS数据业务的研究[J],移动通信,2005年第6期,PP 35-39。
[40]祁止华,任勋益,多媒体信息业务[J],中兴通讯技术,2004年第2期,PP28-30。
[41]刘夏,中国WAP业务发展的商业模式研究[D],北京邮电大学学报,2007年。
[42]代建军,基于SGIP协议的SMS增值业务开发与研究[D],成都理工大学,2005年
[43]SeJoon Honga, James Y L Thongb, Kar Yan Tam, Understanding continued information technology usage behavior:A comparison of three models in the context of mobileinternet[J], Decision Support Systems, December 2006, Volume 42, Issue 3, PP 1819-1834.
[44]马军,马慧,移动互联网安全问题分析及建议[J],:《现代电信科技》,2009年,第7期,PP46-49.
[45]卢煜,孔令山,移动互联网安全挑战与应对策略[J],通信世界,2012,第17期。
[46]《2010-2011中国互联网安全研究报告》,2011,金山网络。
[47]《智能手机用户对手机安全威胁的感知与应对行为》调研报告,2010,中国科学院心理研究所。
[48]段伟希,周智,张晨,移动互联网安全威胁分析与防护策略[J],电信工程技术与标准化,2010年第2期,PP 7-9。
[49]肖志辉,移动互联网研究综述[J],电信科学,2009,第10期,PP 22-41.
[50]王晓峰,吴建平,崔勇,互联网IPv6过渡技术综述[J],小型微型计算机系统,2006,第3期,PP 385-395。
[51]张东红,胡立强,中国移动互联网发展方向的研究[J],移动通信,2008年第13期,PP21-26。
[52]《中国移动互联网技术体制》,2004年2月,中国移动通信集团公司。
[53]RFC 1771, A Border Gateway Protocol 4 (BGP-4), https://ebook.tools.ietf.org/html/rfc1771,1995。
[54]《中国移动通信集团省级BOSS系统业务技术规范》,2001年2月,中国移动通信集团公司。
[55]《移动接入网IP承载的发展趋势》,2007年11月,通信世界周刊,http://www.cww.net.cn/tech/html/2007/11/5/20071151549258855 2.htm。
[56]邱岭,李挺,谢国亮,中国移动IP城域网建设与发展策略探讨[J],电信技术,2007年第10期,PP 38-41。
[57]WANG Yuanyuan, JIN Lianfu, Application and Realization of VLAN in Broadband Access[J], Computer Engineering,2003 09, PP 24-29.
[58]Timothy G. Griffin, Gordon Wilfong, On the correctness of IBGP configuration[C], SIGCOMM '02 Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications, October 2002, Volume 32 Issue 4, PP 17-29.
[59]Fortz B, Thorup M, Internet traffic engineering by optimizing OSPF weights[C], INFOCOM 2000. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE,2000, volume 2, PP 519-528.
[60]Muhammad Usman, Surraya Khanum, Wajahat Noshairwan, Performance Evaluation of Authentication Certificate Based Seamless Vertical Handoff in GPRS-WLAN[J], High Performance Computing and Applications,2010, Volume 5938/2010, PP 384-389.
[61]张宇,杨彬,张远,GPRS移动通信网管系统研究[J],北京联合大学学报,2005年第2期,PP 82-85。
[62]Chan H A, Requirements of interworking wirelessLAN and PLMN wireless data network systems[C], AFRICON,2004.7th AFRICON Conference in Africa, Vol.1, PP 251-255.
[63]王欣,朱旭明,GPRS业务实时计费网络规划[J],邮电设计技术,2009年第五期,PP49-54。
[64]Regis J Bates, GPRS:General Packet Radio Service[B], McGraw-Hill Professional (?)2001.
[65]张琮光,GPRS核心网的设计与实施[D],哈尔滨工程大学,2008年。
[66]Nepa P, Manara G, Serra A A, Multiband PIFA for WLAN mobile terminals[J], Antennas and Wireless Propagation Letters, IEEE,2005, Volume 4, PP 349-350.
[67]Heusse M, Rousseau F, Berger-Sabbatel G, A. Performance anomaly of 802.11b[C], INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications. IEEE Societies,30 March-3 April 2003, Volume:2, PP 836-843.
[68]Ott J, Kutscher D, Drive-thru Internet:IEEE 802.11b for "automobile" users [C], INFOCOM 2004. Twenty-third Annual Joint Conference of the IEEE Computer and Communications Societies,7-11 March 2004, Volume 1, PP 17-23.
[69]刘一,何丹,胥云,WLAN在四川电子政务中的应用[J],信息化建设,2003年第9期,PP 29-31。
[70]Grandi Claudio, Renzi Alessandro, Object Based System for Batch Job Submission and Monitoring (BOSS)[J], Detectors and Experimental Techniques,12 Mar 2003, PP 33-38.
[71]Siegfried Schreiber, Specification and generation of user interfaces with the BOSS-System[J], Human-Computer Interaction,1994, Volume 876/1994, PP 107-120.
[72]刘明爽,吉林移动WLAN(?)网络安全风险与防护措施研究[D],吉林大学,2011年。
[73]陈尚义,移动互联网安全技术研究[J],信息安全与通信保密,2010年第8期,PP 34-37。
[74]杨剑锋,移动互联网安全威胁探析[J],电信网技术,2009年第3期,PP 8-13.
[75]刘欣然,网络攻击分类技术综述[J],通信学报,2004年7月,第25卷第7期,PP 30-36。
[76]牛旭明,李智勇,桂坚勇,信息安全风险评估中的关键技术[J],信息安全与通信保密,2007年第4期,PP 17-20。
[77]《赛门铁克第十六期互联网安全威胁报告》,赛门铁克,2011年4月。
[78]云晓春,方滨兴,网络病毒主动预警模型[J],通信学报,2002年5月,vol 23,no 5,PP 103-107。
[79]张新宇,卿斯汉,马恒太,特洛伊木马隐藏技术研究[J],通信学报,2004年,第7期,PP 153-159。
[80]王平,方滨兴,云晓春,基于用习惯的蠕虫的早期发现[J],通信学报,2006年,第2期,PP 56-65。
[81]Stephen Fried, Mobile Device Security:A Comprehensive Guide to Securing Your Information in a Moving World [B], Auerbach Publications Boston, MA, USA (?)2010.
[82]李佳静,梁知音,韦韬,一种隐式流敏感的木马间谍程序检测方法[J],2010,vol 21(6),PP1426-4137。
[83]《2010-2011年中国互联网基础服务市场发展报告》,2011年9月,艾瑞咨询。
[84]孙知信,姜举举,焦琳,DDOS攻击检测和防御模型[J],软件学报,2007年9月Vol 18,No9,PP 2245-2258.
[85]贺红,徐宝文,袁胜忠,对应用软件进行安全测试的对手模式及其应用[J],计算机科学,2006年第9期,PP266-269。
[86]陈荻玲,怀进鹏,一种Web服务安全通信机制的研究与实现[J],计算机研究与发展,2004年第4期,PP 679-688。
[87]干鹃,李俊娥,刘珺,一种基于Proxy的Web应用安全漏洞检测方法及实现[J],武汉大学学报:工学版,2005年第5期,PP135-140。
[88]晓慧,趋势科技正式发布网络安全专家服务(TMES),网络安全技术与应用,2007年第6期,PP 13-14。
[89]魏亮,IP化过程中电信网络安全形势与分析[J],通信世界,2009年第37期,PP 10026-10026。
[90]Shi Yana, Cheng Jiayinb, Chen Shanzhi, A Mobile IPv6 based Distributed Mobility Management Mechanism of Mobile Internet[J], Physics Procedia,2012, Volume 25, PP 2249-2256.
[91]Zhang X J, Wagle R, Giles J, VLAN-Based Routing Infrastructure for an All-Optical Circuit Switched LAN[C], Global Telecommunications Conference,2009. GLOBECOM 2009. IEEE, Nov. 30 2009-Dec.4 2009, PP 1-6.
[92]Yan Luo, Eric Murray, Timothy L. Ficarra, Accelerated virtual switching with programmable NICs for scalable data center networking [C], VISA'10 Proceedings of the second ACM SIGCOMM workshop on Virtualized infrastructure systems and architectures,2010, PP 62-72.
[93]段伟希,周智,张晨,移动互联网安全威胁分析与防护策略[J],《电信工程技术与标准化》2010年第2期,PP 7-9.
[94]Pablo Rodriguez, Rajiv Chakravorty, Julian Chesterfield, MAR:a commuter router infrastructure for the mobile Internet[C], MobiSys '04 Proceedings of the 2nd international conference on Mobile systems, applications, and services, PP 217-230.
[95]Jochen Burkhardt, Thomas Schaeck, Horst Henn, Pervasive Computing:Technology and Architecture of Mobile Internet Applications[B], Addison-Wesley Longman Publishing Co., Inc. Boston, MA, USA (?)2001.
[96]Per E. Pedersen, Adoption of Mobile Internet Services:An Exploratory Study of Mobile Commerce Early Adopters[J], Journal of Organizational Computing and Electronic Commerce, Volume 15, Issue 3,2005, PP 203-222.
[97]Giovanni Camponovo, Yves Pigneur, BUSINESS MODEL ANALYSIS APPLIED TO MOBILE BUSINESS[J], the 5th International Conference on New trends in information Science and Service Science,2003.
[98]Matthew Hennessya, James Rielyb, Resource AccessControl in Systems of Mobile Agents [J], Electronic Notes in Theoretical Computer Science, Volume 16, Issue 3,1998, PP 174-188.
[99]Hasan, Jurgen Jahnert, Sebastian Zander, Authentication, Authorization, Accounting, and Charging for the Mobile Internet[J], Mobile Summit, September 2001, PP 135-138.
[100]Hasan, B S, Non-repudiation of consumption of mobile Internet services with privacy support[C], Wireless And Mobile Computing, Networking And Communications,2005. (WiMob'2005), IEEE International Conference on,22-24 Aug.2005, Vol 2, PP 1-8.
[101]Keng Siau, Zixing Shen, Mobile communications and mobile services [J], International Journal of Mobile Communications, PP 3-14.
[102]Slijepcevic S, On communication security in wireless ad-hoc sensor networks[C], Enabling Technologies:Infrastructure for Collaborative Enterprises,2002. WET ICE 2002. Proceedings. Eleventh IEEE International Workshops on, PP 139-144.
[103]Wenyu Jiang, Henning Schulzrinne, Assessment of VoIP Service Availability in the Current Internet[C], Proceedings of the 4th International Workshop on Foundations of Service-Oriented Architecture,2007, PP 93-101.
[104]Mikael Nilsson, Helena Lindskog, Simone Fischer-Hubner, Privacy Enhancements in the Mobile Internet[C], in IFIP WG 9.6/11.7 Working Conf. on Security and Control of IT in Society,2001, PP 15-16.
[105]Boppana R V, Xu Su, On the Effectiveness of Monitoring for Intrusion Detection in Mobile Ad Hoc Networks[J], Mobile Computing IEEE Transactions on,2011, Volume 10, Issue 8, PP 1162-1174.
[106]ITU-T RecommendationX.805 and its application to NGN, ITU/IETF Workshop on NGN, 2010.
[107]Tao Li, Dong Hong Bin, Yi Wen Liang, WeiWei Liu, Electronic Document Security Sharing System Based on Lineage Mechanism[C], Convergence and Hybrid Information Technology, 2008. ICCIT'08. Third International Conference on,2008, VOL 2, PP 602-606.
[108]Papadimitriou, P; Garcia-Molina, H.. Data Leakage Detection. [J] IEEE Transactions on Knowledge and Data Engineering.2010, PP 1-6.
[109]Wikipedia. Data Loss Prevention. http://en.wikipedia.org/wiki/data loss prevention.2009.
[110]Sachiko Yoshihama, Takuya Mishina, Tsutomu Matsumoto. Web-based Data Leakage Prevention.
[111]Kevin Borders, Atul Prakash. Quantifying information leaks in outbound web trace. IEEE Symposium on Security & Privacy.2009.
[112]Microsoft Technet. Protecting Data by Using EFS to Encrypt Hard Drive. [EB/0L]. http://www.microsoft.com/technet/security/smallbusiness/topics/cryptographyetc/protext data_efs.mspx.
[113]Chung-Ming Huang, Tz-Heng Hsu, and Ming-Fa Hsu. Network-aware P2P File Sharing over the Wireless Mobile Networks. [A] IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL.25, NO.1, JANUARY 2007 PP 204-210.
[114]Claudio E, Palazzi Armir Bujari, Emanuele Cervi. P2P File Sharing on Mobile Phones:Design and Implentation of a Prototype. [A] IEEE2009 PP 136-140.
[115]Sami Noponen, Kaarina Karppinen. Information Security of Remote File Transfers with Mobile Devices. [C]Annual IEEE International Computer Software and Applications Conference 2008, PP 973-978.
[116]Xinli Hu, Lianjie Ma, A Study on the Hybrid Encryption Technology in the Security Transmission of Electronic Documents[C], Information Science and Management Engineering (ISME),2010 International Conference of,2010, Volume 1, PP 60-63.
[117]M. E. Whitman, H, J, Mattord. Information Security Principles [M]. Tsinghua University Press. 2006.
[118]Japan Network Security Association. Information Security Incident Survey Report ver.1.0 http://www.jnsa.org/result/index.html.
[119]Krishnan S. Anand, Manu Goyal, Strategic Information Management Under Leakage in a Supply Chain [J], Management Science, Volume 55 Issue 3, March 2009.
[120]Charles Cresson Wood, Dave Lineman, Information Security Policies Made Easy Version 11 [B], ISBN:1881585166 9781881585169.
[121]Piya Shedden, Wally Smith and Atif Ahmad, Information Security Risk Assessment:Towards a Business Practice Perspective [C] Proceedings of the 8th Australian Information Security Mangement Conference,30th November 2010.
[122]Hangbae Chang, Jonggu Kang, Hyukjun Kwon and ChangHoon Lee, A Research Design on Technology Development for Securing Industrial Assets [C] Information Technology Convergence and Services (ITCS),2010 2nd International Conference on,11-13 Aug.2010, PP 1-4.
[123]SangYeob Na, SeungDae Lee, Design of Security Mechanism for Electronic Document Repository System[C], Convergence and Hybrid Information Technology,2008. ICHIT '08. International Conference on,2008, PP 708-715.
[124]Erwin Alday Alampay and Ma Regina M Hechanova, Monitoring Employee Use of the Internet in Philippine Organizations [J] The Electronic Journal of Information Systems in Developing Countries, Vol 40 (2010).
[125]Zhen Chen, Fa-Chao Deng, An-An Luo, Xin Jiang, Guo-Dong Li, Run-hua Zhang and Chuang Lin, Application level network access control system based on TNC architecture for enterprise network [C] Wireless Communications, Networking and Information Security (WCNIS),2010 IEEE International Conference on, PP 667-671.
[126]Zeng Min, Liu Qiong-mei and Wang Cheng, Practices of agile manufacturing enterprise data security and software protection [C] Industrial Mechatronics and Automation (ICIMA),2010 2nd International Conference on, PP 318-321.
[127]Sue-Chen Hsueh and Chien-Chih Kuo, SECURING MOBILE ACCESS OF CONFIDENTIAL DOCUMENTS BY INTEGRATING TRUSTED COMPUTING PLATFORMS WITH DIGITAL RIGHTS MANAGEMENTS [C] The 9th International Conference on Electronic Business, Macau, November 30-December 4,2009, PP 716-719.
[128]Becker M.Y, "Information Flow in Credential Systems, [C] Computer Security Foundations Symposium (CSF),2010 23rd IEEE, PP 171-185.
[129]Tschantz M.C and Wing J.M, xtracting Conditional Confidentiality Policies"[C] Software Engineering and Formal Methods,2008. SEFM '08. Sixth IEEE International Conference on, PP 107-116.
[130]Yixin Jiang, Chuang Lin, Hao Yin and Zhangxi Tan, Security analysis of mandatory access control model [C] Systems, Man and Cybernetics,2004 IEEE International Conference on, PP 5013-5018 vol.6.
[131]Lee, Yong; Lee, Jeail; Song, JooSeok, Design and implementation of wireless PKI technology suitable for mobile phone in mobile-commerce, Computer Communications (2007) vol.30 issue 4 (Nature-Ispired Distributed Computing) PP 893-903.
[132]Kiyomoto, S.; Tanaka, T. On optimized design of PKI for mobile services, Transactions of the Information Processing Society of Japan (2006) vol.47, no.8, PP 2712-2723.
[133]Ray, S.; Biswas, G.P."Design of Mobile-PKI for using mobile phones in various applications", 2011 International Conference on Recent Trends in Information Systems (2011), PP 297-302.
[134]Marko Hassinen, Konstantin Hypponen and Keijo Haataja, An Open, PKI-Based Mobile Payment System[J], Lecture Notes in Computer Science,2006, Volume 3995/2006, PP 86-100, DOI:10.1007/11766155 7.
[135]Antonio Ruiz-Martinez, Daniel Sanchez-Martinez, Maria Martinez-Montesinos, A survey of electronic signature solutions in mobile devices[J], Journal of Theoretical and Applied Electronic Commerce Research, December 2007, Volume 2 Issue 3, PP 94-109.
[136]Hee-Un Park and Im-Yeong Lee, A Digital Nominative Proxy Signature Scheme for Mobile Communication [J], Information and Communications Security,2001, Volume 2229/2001, PP 451-455.
[137]Samadani M H, Shajari M, Ahaniha M M, Self-Proxy Mobile Signature:A New Client-Based Mobile Signature Model[C], Advanced Information Networking and Applications Workshops (WAINA),2010 IEEE 24th International Conference on,2010, PP 437-442.
[138]Antonio Ruiz-Martinez, Juan Sanchez-Montesinos, Daniel Sanchez-Martinez, A mobile network operator-independent mobile signature service[J], Journal of Network and Computer Applications, January 2011, Volume 34, Issue 1, PP 294-311.
[139]ETSI TS 102 204, Mobile Commerce, Mobile Signature Services, Web Service Interface. http://docbox.etsi.org/EC Files/EC Files/ts 102204v010104p.pdf
[140]Ying Wenhao, Gao Ji, Ye Ronghua, Research on web service based on agent [J], Jisuanji Gongcheng/Computer Engineering (2005) vol.31 issue 14 PP 135-137.
[141]Fensel Dieter, Bussler Christoph,The Web Service Modeling Framework WSMF, Electronic Commerce Research and Applications(2002)vol.1 issue 2 PP 113-137.
[142]M Tian, T Voigt, T Naumowicz, Performance considerations for mobilewebservices[J], Computer Communications,1 July 2004, Volume 27, Issue 11, PP 1097-1105.
[143]ETSI TS 102 207. Mobile Commerce (M-COMM n) & Mobile Signature Service & Specifications for Roaming in Mobile Signature Services. V1.1.3. France, European Telecommunications Standards Institute,2003.
[144]Zhang, Li Zhang, Wei-Xi, Application of improved JDBC framework in date persistent[C], Computer Engineering and Design [Comp. Eng. Design].28 Apr 2010, Vol.31, no.8, PP 1746-1749.
[145]Fangwei Zheng, Huang J, Yuwei Zhang, RFID Information Acquisition:An Analysis and Comparison between ONS and LDAP [J], Information Science and Engineering (ICISE),2009 1st International Conference on,26-28 Dec.2009, PP 5091-5095.
[146]X.509. Information technology-Open Systems Interconnection-The directory:authentication framework. ITU-T,1993.
[147]Fujishiro T Sato A, Kumagai Y, Development of Hi-Speed X.509 Certification Path Validation System[C], Advanced Information Networking and Applications Workshops (WAINA),2010 IEEE 24th International Conference on,20-23 April 2010, PP 269-274.
[148]Munoz J L, Forne J, Castro J C, Evaluation of certificate revocation policies:OCSP vs. Overissued-CRL[C], Database and Expert Systems Applications,2002. Proceedings.13th International Workshop on,2-6 Sept.2002, PP 511-515.
[149]Xin Jin, Tal Soo Ha, and Dean P Smith, SNMP is a signaling component required for pheromone sensitivity in Drosophila[C], Proceedings of the National Academy of Sciences of the Unitede States of America, July 24 2008, vol 105 no 31, PP 10996-11001.
[150]HTTPS. Hypertext Transfer Protocol over Secure Socket Layer. Netscape,2000.
[151]C. Adams, S. Farrell, T. Kause. RFC 4210-2005. Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP). Network Working Group,2005.
[152]J. Schaad. RFC 4211-2005. Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF). Network Working Group,2005.
[153]M. Wahll, T. Howes, S. Kille. RFC 2251-1997. LDAP v3:Lightweight Directory Access Protocol (v3).1997.
[154]M. Rose, K. McCloghrie. RFC 1065-1988. Structure and Identification of Management Information for TCP/IP-based internets. Network Working Group,1988.
[155]K. McCloghrie, M. Rose. RFC 1066-1988. Management Information Base for network management of TCP/IP-based internets. Network Working Group,1988.
[156]J. Case, M. Fedor, M. Schoffstall. RFC 1067-1988. A Simple Network Management Protocol. Network Working Group,1988.
[157]CMPP Protocol. China Mobile Peer to Peer Protocol. Version 1.1, CMCC,2000.
[158]ETSI TS 102.225. Smart cards & Secured packet structure for UICC based applications. V 6.4.0. France, European Telecommunications Standards Institute,2007.
[159]Guangming Dai, Maocai Wang, Hanping Hu, Wu Yun, An Effective Signature Scheme Based on Tate Pairing for Mobile Business [C],2008, PP 1-4.
[160]刘立军,王静,统一身份管理技术框架及应用前景[J],电信技术,2009年第6期,PP 86-88。
[161]Dapeng Zhu, Jiajie Guo, Chunhee Cho, Yang Wang, Kok-Meng Lee, Wireless Mobile Sensor Network for the System Identification of a Space Frame Bridge[J],2012, Mechatronics IEEE/ASME Transactions on, Volume 17, Issue 3, PP 499-507.
[162]陈剑勇,吴桂华,身份管理技术及其发展趋势[J],电信科学,2009年第2期,PP 35-42。
[163]GZhao、D. Zhang and K. Chen, Design ofSingle Sign On, IEEE International Conference on E-Commcrca Technology for Dynamic E-Business,2004.
[164]S. Snbenthiran,Dr. k. Sandmsegaran and ILShalak, Requirements for Identity Management in Next Generation Networks. The 6th International Conference on Advanced Communication Technology,2004.1.
[165]Madsen P, Itoh H, Challenges to Supporting Federated Assurance[J], Computer,2009, Volume 42, Issue 5, PP 42-49.
[166]V. Samar,Single Sign On Using Cookies for WebApplications,1'oc. IEEE 8th International Workshops 011 Enabling Technologies:InfrEtruoure for Collaborative Enterprises, PP 16-18, June 1999.
[167]Microsoft. net Passport Rovicwr Guide. January 2004.
[168]" Assertions and Protocols for the OASIS Security Assertion Markup Language", v2.0, OASIS Standard,15 March 2005, available at:http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
[169]J. Shin. L. J. G-uibas, and F. Zhao. A distributed algorithm for managing multi-target Identities in wireless ad. hoc sensor networks. In F. Zhan and L Guibas. editors. Information Processing jn Sensor Networks,Lecture Nores in Computer Science 265t Palo Alto. CA.April 2003:PP 223-238.
[170]C. Rigney, S. Willens, A. Rubens, and W. Simpson, Remote Authentication Dial In User Service (RADIUS), IETF RFC2865, June 2000.
[171]Kohl J, Neuman. The Kerberos Network Authentication Services. RFC 1510,1993.
[172]Newman, B.C. and Ts'o, T., Kerberos:An Authentication Service for Computer Networks, IEEE Communications,32(9):33--38, Sept.1994.
[173]Tagg, Gary. Implementing a Kerberos Based Single Sign-on Infrastructure. Information Security Bulletin. November 2000.
[174]Windows Live ID. Website:http://www.passport.net.
[175]The Liberty Alliance, Website:http://www.projectliberty.org/.
[176]ENTRUST GetAccess, Website:http://www.entrust.com/internet-access-control/.
[177]SAP Enterprise Portal SSO, Website:http://www.sapsecurityonline.com/single sign on/sso r3 ep.htm
[178]IBM WebSphere, Website:http://www.ibm.com/websphere.
[179]Elberawi A S, Abdel-Hamid A, El-Sonni M T, Privacy-preserving identity federation middleware for web services (PIFM-WS)[C], Computer Engineering and Systems (ICCES), 2010 International Conference on,2010, PP 213-220.
[180]GRASER Thomas, JOSTMEYER Bernd, LENZ Norbert, Improved single sign on, IBM, International Patent Publication Number:WO 2007/060034 Al.
[181]D. E. Denning and G. M. Sacco. Timestamps in key distribution systems. Communications of the ACM,24(8):533{536,1981.
[182]N. Haller. The s/key one-time password system. RFC 1760,1995.
[183]N. Haller and C. Metz. A one-time password system. RFC 1938,1996.
[184]N. M. Haller. The S/KEY one-time password system. In Proceedings of the Symposium on Network and Distributed System Security, pages 151{157,1994.
[185]D. P. Kormann and A. D. Rubin. Risks of the passport single sign on protocol. Computer Networks,33:51{58,2000.
[186]D. L. McDonald, R. J. Atkinson, and C. Metz. One time passwords in everything (opie): Experience with building and using stronger authentication. In Proceedings of the 5 th USENIX UNIX Security Symposium,1995.
[187]Microsoft Passport, http://www.passport.net/. Date of access:November 18,2004.
[188]A. D. Rubin. Independent one-time passwords. Proceedings of the 5th USENIX Security Symposium:167{175,1995.
[189]T. Wu. The secure remote password protocol. In Proceedings of the Internet Society Symposium on Network and Distributed System Security, pages 97~111, March 1998.
[190]Kohl J, Neuman. The Kerberos Network Authentication Services. RFC 1510,1993.
[191]Newman B C and Ts'o T, Kerberos:An Authentication Service for Computer Networks, IEEE Communications,32(9):PP 33-38, Sept.1994.
[192]Tagg, Gary. Implementing a Kerberos Based Single Sign-on Infrastructure. Information Security Bulletin. November 2000.
[193]Chalandar M E, Darvish P, Rahmani A M, A centralized cookie-based single sign-on in distributed systems[C], Information and Communications Technology,2007. ICICT 2007. ITI 5th International Conference on,2007, PP163-165.
[194]Xiuli Yao and Huaying Shu, Study on Value-Added Service in Mobile Telecom Based on Association Rules[J], Software Engineering, Artificial Intelligences, Networking and Parallel/Distributed Computing,2009. SNPD '09.10th ACIS International Conference on, PP 116-119.
[195]Zhijun Gao, Wenlong Ding and Guanghui Wang, Application of the BP neural network classification model in the value-added services of telecom customers [C], Advanced Computer Control (ICACC),2011 3rd International Conference on, PP 620-623.
[196]Xiaoxia Zheng, Chao Liu, Chengzhe Huang, Yu Zou and Hongwei Yu, Comparison between Typical Discriminative Learning Model and Generative Model in Chinese Short Messages Service Spam Filtering [C], Asian Language Processing (IALP),2010 International Conference on, PP 182-184.
[197]Peizhou He, Yong Sun, Wei Zheng and Xiangming Wen, Filtering Short Message Spam of Group Sending Using CAPTCHA, [C], Knowledge Discovery and Data Mining,2008. WKDD 2008. First International Workshop on, PP 558-561.
[198]Chang Hsuan-Wei, Liang Yuan-Cheng, Huang Chih-Yen, Huang Shu-Mei and Lin Kuan-Ping, Integrated monitoring mechanism to enhance the management of value-added services in mobile communication network [C], Network Operations and Management Symposium (APNOMS),2011 13th Asia-Pacific, PP 1-4.
[199]ZHANG Ke1, LI Yang1, LIU Yang and CUI Zheng-guang, Design and realization of telecom value-added service platform SP management subsystem [J], Computer Engineering and Design 2010 vol 13.
[200]Ying-Feng Kuoa, Chi-Ming Wub and Wei-Jaw Deng, The relationships among service quality, perceived value, customer satisfaction, and post-purchase intention in mobile value-added services [J] Computers in Human Behavior 2009, vol 25, PP 887-896.
[201]Houssos Nikos, Paschou Christina-Eleni, Stathopoulou loanna-Ourania, Stamatis Konstantinos and Hardouveli Despina, Implementing citation management and report generation value-added services over OAI-PMH compliant repositories [C], The 5 th International Conference on Open Repositories (OR2010), Madrid, Spain,6-9 July 2010.
[202]Ying-Feng Kuoa, Shieh-Neng Yen, Towards an understanding of the behavioral intention to use 3G mobile value-added services [J], Computers in Human Behavior 2009, vol 25, PP 103-110.
[203]Sunitha N R, Amberker B B, Forward-Secure proxy Signature scheme for Cellphone service providers[C], Wireless and Optical Communications Networks,2008. WOCN '08.5th IFIP International Conference on,2008, PP 1-5.
[204]Peng-Ting Chena, Joe Z Cheng, "Unlocking the promise of mobile value-added services by applying new collaborative business models [J], Technological Forecasting and Social Change 2010, vol 77, PP 678-693.
[205]Neil Gershenfeld, Raffi Krikorian, Danny Cohenk, The Internet of things [J], Computer and Information Scienc,2004, Volume 291, Issue 4, PP 76-81.
[206]Rolf H Weber, Internet of Things - New security and privacy challenges[J], Computer Law & Security Review, January 2010, Volume 26, Issue 1, PP 23-30.
[207]刘玮,王红梅,肖青,物联网概念辨析[J],电信技术,2010年第1期,PP 5-8。
[208]H Kopetz. Internet of Things [J]. Real-Time Systems,2011,10.1007/978-1-4419-8237-7_ 13 PP 307-323.
[209]A. Jules, RFID security and privacy:a research survey[J], IEEE Journal on Selected Areas in Communications,2006, PP 24:381-394.
[210]E. Ngai, K. Moon, F. Riggins and C. Yi, RFID research:An academic literature review (1995-2005) and future research directions [J], International Journal of Production Economics,, 2008, PP 112:510-520.
[211]Rieback, MR.R., B.Crispo and A.S.Tanenbaum, The evolution of RFID security[J]. IEEE Pervasive Compute,2006b, PP 5:62-69.
[212]Metke A R, Ekl R L, Security Technology for Smart Grid Networks [J]. Smart Grid, IEEE Transactions on,2010, Issue 1:PP 99-107.
[213]David F. Ferraiolo, D. Richard Kuhn, and Ramaswamy Chandramouli. Role-Based Access Control,2003.
[214]Waldrop J, Colorwave:a MAC for RFID reader networks [C], Wireless Communications and Networking,2003, vol 3, PP 1701-1704.
[215]Ravi Sandhu. Future Directions in Role-Based Access Control Models. MMM-ACNS,2001.
[216]Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. Role-Based Access Control Models[J]. Computer, February 1996, Volume 29(2),PP 38-47.
[217]H. Krawczyk, M. Bellare and R.Canetti, HMAC:Keyed-Hashing for Message Authentication, IETF RFC 2104, February 1997.
[218]R. Perlman. An Overview of PKI Trust Models [J], IEEE Network,1999, PP 13(6):38-43.
[219]A. N. S. Institute. PKI Practices and Policy Framework. ANSI X9.79,2000.
[220]J Brodkin, Gartner:Seven cloud-computing security risks [J], Network World,2008, Volume: July, PP 2-3.
[221]Michael Armbrust, Armando Fox, Rean Griffith, A view of cloud computing [J], Communications of the ACM CACM, April 2010, Volume 53 Issue 4, PP 50-58.