基于贝叶斯网络的电力企业安全生产风险管控系统

分析了建立电力企业安全生产风险管控系统的必要性和设计框架,并提出了基于贝叶斯网络的动态风险评估模型.通过对风险因素的识别和评估,构建了贝叶斯网络结构和参数,在此基础上对安全生产风险进行了风险评估、风险诊断.最后,依据分析得到的结果进行风险控制.该系统可以满足电力企业安全生产风险管控的需求.     

基于贝叶斯网络的可信平台控制模块风险评估模型

对可信平台控制模块(TPCM)的风险进行了分析,针对其特点和风险定量评估要求,提出了基于贝叶斯网络的TPCM风险评估模型。在对影响TPCM可信性的风险识别的基础上,根据风险之间的相关性,建立了贝叶斯风险评估网络模型;基于专家评价数据,进一步运用贝叶斯网络推理工具定量评估风险的发生概率及其影响,评估风险强度并对其进行排序,以确定整个TPCM中各风险的控制优先级。最后通过实例分析验证了该模型的有效性。     

基于K-means聚类的计算机网络信息安全风险评估方法

为提升计算机网络信息安全风险评估效果,本文提出一种基于K-means聚类的计算机网络信息安全风险评估方法。对计算机网络信息风险值展开分析,得到信息风险评估三要素,以此构建安全风险评估模型;评估模型主要由模糊预处理和互信息计算两部分构成,以此实现对事件与评价等级之间关系的分析。最后进行仿真实验,结果验证了所提方法可以取得理想的安全风险评估结果。     

基于WPKI技术的安全移动支付系统研究

为了有效解决移动支付信息安全问题,在分析和研究无线应用协议（WAP）、公开密钥基础设施（WPKI）和移动网络安全威胁的基础上,提出了一种基于WAP和WPKI技术的移动支付安全解决方案。该方案通过对WAP和WPKI体系结构和优化性的分析,确定了基于WAP和WPKI的移动支付体系结构模型,并对安全支付系统功能模块进行了详细的设计。通过分析表明,该解决方案可为移动支付提供加密、认证等安全服务,为移动网络中的安全支付提供了较好的安全保障。     

基于风险评估的事件响应过程模型研究

为了提高计算机犯罪取证的准确性和效率,提出了基于风险评估的事件响应过程模型.首先对事件响应过程模型进行分析,指出该模型主要是针对被怀疑的网络系统进行取证的,并且该模型在取证准备阶段具有不完整性且分析过于笼统等不足.为此引入了风险评估方法来对网络系统进行综合的评价,通过利用信息熵来求得各风险因素的熵权,进而判断网络的风险等级,从而可以有效地确定可疑网络并且针对可疑网络进行数字取证.最后阐述了该模型在取证过程中涉及的相关技术.     

定量的信息安全风险评估计算模型的研究

讨论了信息安全风险评估计算模型相关问题.在原来定性风险评估计算模型的基础上,提出了一种定量的信息安全风险评估计算模型并将其运用在信息安全风险评估过程中,使信息安全风险评估分析过程中进行风险值的计算更加科学和准确,解决了以往定性的计算模型的数据计算粗略、不准确和多个风险值集中于一个相同的风险等级中,区分不出风险的重要性等问题.     

基于模拟攻击的高校网络安全风险评估研究

针对高校网络目前存在的安全风险,提出一种新型的基于模拟攻击的高校网络安全风险评估模型。该模型综合考虑了单机脆弱性和网络攻击威胁,首先结合原有基于单机脆弱性测出的风险值,模拟攻击者利用网络弱点的入侵过程,产生攻击状态图;然后基于生成的攻击状态图和原有风险值,识别攻击者入侵网络所利用的攻击行为、可能路线及导致的安全状态变化,评估潜在威胁的位置;并对新方法的风险值给出了定量分析,从而为针对性地实施风险控制决策提供更准确的依据。实验结果表明,该模型是正确的,并且平均要比目前存在的风险评估模型多发现大约50%的安全风险。由此可以看出,本模型方法的评估结论较传统方法更为准确。     

基于FAHP的网络招投标风险研究

本文通过风险识别,风险评估和风险应对这三种方法,对网络招投标中可能存在的风险进行了分析。针对网络招投标双方,分别建立适用于它们自身的风险评估指标体系。利用模糊层次分析法,对网络招投标双方的风险评估模型进行构建,结合德尔菲法,通过Yaahp软件,确定各个指标的权重,进而找出对网络招投标双方产生较大影响的风险因素,最后利用风险应对的方法,提出了降低招投标双方风险的对策。     

基于改进AHP算法的电力监控网络安全风险评估方法

现有的电力监控网络安全风险评估方法,在度量风险值时指标权重分配不均,导致所得风险评估效率较差,为提高风险评估的实时性,基于改进AHP算法设计电力监控网络安全风险评估方法。建立电力监控网络安全层次结构模型,将其分为目标层、准则层以及方案层,计算电力监控网络安全风险因素指标权重,重新分配安全风险因素权重系数,基于改进AHP算法度量电力监控网络整体风险值,建立层次分明的电力监控网络安全评估构架,设计风险评估算法,实现电力监控网络安全风险的评估。分别使用三种不同的攻击模式对模型中的四个主机进行攻击,通过风险值的测试结果可知,该电力监控网络安全风险评估方法可以迅速有效地检测各节点在恶意攻击下的风险值。     

基于改进AHP算法的移动安全支付风险评估模型

随着移动互联网和物联网的发展,移动支付正越来越深入地融入人们的日常生活。移动支付是不可或缺的便民服务,但从安全角度来看,具有一定风险性。从移动支付的独特性出发,通过改进层次分析法(AHP)建立层次评价目标体系,并确定影响移动支付安全风险因素的权重,在AHP算法判断矩阵的构建中,采用三尺度法代替传统的九尺度法,与传统的九尺度法进行比较。研究结果表明,改进的方法克服了专家在传统的层次分析法中难以掌握判断尺度的问题。评估指标结构和改进的层次分析法的采用,可为移动支付提供有效的安全支付风险评估,提高移动支付安全风险评估的效率和准确性,具有较强的实用性。     

A modeling approach and reference models for the analysis of mobile payment use cases

Mobile payments can be categorized according to their usage in each of the five payment scenarios presented here. The paper proposes the mobile payment modeling approach (MPMA) especially suited for value-based analysis of mobile payment use cases. Based on this approach, the study also develops a set of seven reference models that can classify any given mobile payment use case or mobile payment procedure and analyze it with regard to the business model, the roles of the market participants, and their interrelation from a value-based perspective. An introspective analysis of the mobile payment service provider role and a market constellation analysis which shows the implications of different actors assuming one or more of the respective roles complete the study.     

Utilizing national public-key infrastructure in mobile payment systems

Payments are the locomotive behind any business domain. It has been predicted that mobile payments will become one of the most successful mobile services, and the security of payments is an important requirement. However, it is difficult to strongly authenticate mobile users remotely and provide an adequate level of non-repudiation of transactions. In this article, we argue that a nationwide public-key infrastructure supported by governmental bodies can be used in a mobile payment system. Not only does it provide strong security, but it also makes the system open to any mobile user, merchant, or financial service provider. Two payment protocols are described: one for virtual point-of-sale payments, and one for vending machine payments. We argue that such a system can be implemented using open development platforms, and its performance is adequate for enabling swift transactions. A prototype of a system which accepts virtual point-of-sale payments is implemented, and its performance and usability are evaluated.     

Anonymous proximity mobile payment (APMP)

The growth of wireless networks and the increasing popularity of mobile devices present an significant opportunity to empower them as a payment device. Unfortunately, several problems hinder the widespread acceptance of mobile payments, for example, privacy protection and user anonymity. Measures to ensure anonymity in payment systems must be considered as an important factor in privacy and system acceptance. We propose a new measure to enhance the level of anonymity in mobile payments where users can customize their anonymity, according to their personal preferences. We rely on IPAS (Implicit Password Authentication System) (Almuairfi et al. 2011) for dispute resolution to support our proposed idea.     

Exploring consumer adoption of mobile payments – A qualitative study

This paper presents a qualitative study on consumer adoption of mobile payments. The findings suggest that the relative advantage of mobile payments is different from that specified in adoption theories and include independence of time and place, availability, possibilities for remote payments, and queue avoidance. Furthermore, the adoption of mobile payments was found to be dynamic, depending on certain situational factors such as a lack of other payment methods or urgency. Several other barriers to adoption were also identified, including premium pricing, complexity, a lack of critical mass, and perceived risks. The findings provide foundation for an enhanced theory on mobile payment adoption and for the practical development of mobile payment services.     

Near field communication: an assessment for future payment systems

In this paper, we present an assessment of near field communication (NFC) in the context of a payment market. During these past years, we have been witnessing a number of mobile payment trials based on NFC. Early experiences are already quite encouraging and many expect NFC to become a highly efficient and effective technology for mobile payments. The objective of our research is to evaluate in a systematic manner the potential of NFC as an upcoming technology for mobile payments. In order to ensure the rigor of our research, we used a formal and structured approach based on multi-actor multi-criteria methods. Our research provides one of the first assessment of NFC and a realistic picture of the current Swiss situation as we involved numerous mobile payment experts. Our findings show that Swiss industry experts are quite enthusiastic about the future of NFC. A previous version of this paper was presented at the 6th international conference on mobile business, 2007. “Jan Ondrus, Yves Pigneur, An assessment of NFC for Future Payment Systems, Proceedings, Sixth International Conference on Mobile Business, 8–11 July 2007, IEEE Computer Society, ISBN 0-7695-2803-1.”     

无人售货的无线通信关键技术研究与实现

随着科学技术的不断发展, 人力成本的不断提高, 传统的售货方式即将发生了改变,无人售货模式会成为未来提升销售竞争力的关键,基于移动支付方式的兴起,改变了人们的付款方式,未来这种支付方式将为无人售货模式的主流支付方式。因此有必要重新研究基于移动通信和移动支付的新型无人售货系统。采用何种无线通信技术成为其中的成为了研究的关键要素。通过实验对现行的几种无线通信方式进行了性能分析,最终确定可以采用GPRS通讯方式实现信息的可靠性传输。     

Past, present and future of mobile payments research: A literature review

The mobile payment services markets are currently under transition with a history of numerous tried and failed solutions, and a future of promising but yet uncertain possibilities with potential new technology innovations. At this point of the development, we take a look at the current state of the mobile payment services market from a literature review perspective. We review prior literature on mobile payments, analyze the various factors that impact mobile payment services markets, and suggest directions for future research in this still emerging field. To facilitate the analysis of literature, we propose a framework of four contingency and five competitive force factors, and organize the mobile payment research under the proposed framework. Consumer perspective of mobile payments as well as technical security and trust are best covered by contemporary research. The impacts of social and cultural factors on mobile payments, as well as comparisons between mobile and traditional payment services are entirely uninvestigated issues. Most of the factors outlined by the framework have been addressed by exploratory and early phase studies.     

Complacency,capabilities, and institutional pressure: understanding financial institutions’ participation in the nascent mobile payments ecosystem

As mobile payments become increasingly popular, their ecosystem is also evolving. The participation of financial institutions in this ecosystem, although is rapidly improving, remains relatively low. This paper studies why some financial institutions choose to, or not to, participate in this nascent mobile payments ecosystem. We developed hypotheses for the influence of three factors as aspiration gaps, customer-facing IT capabilities, and institutional pressures based on three theoretical foundations including the threat rigidity thesis, capability-based view, and institutional theory. We then empirically tested our hypotheses by analyzing the diffusion of mobile payments among 3549 U.S. credit unions from 2013 to 2016. Results from our event history analyses provide support to the hypotheses that credit unions experiencing performance gaps, having superior customer-facing IT capabilities, and facing strong institutional pressures are more likely to start providing mobile payment services.     

移动支付服务的平衡问题研究

关于移动支付,业界没有统一的定义。本文借鉴德勤的定义,认为移动支付是指用户使用移动终端接入通信网络,或使用近距离通信技术完成信息交互,实现资金从支付方向受付方转移,从而实现支付目的的一种支付方式。从通信方式来看,移动支付可分为远程支付与近场支付。本文重点研究通过移动通信网络,以APP应用程序的形式,提供远程支付服务的移动支付APP。