Lightweight security for mobile commerce transactions

This paper describes a lightweight security mechanism for protecting electronic transactions conducted over the mobile platform. In a typical mobile computing environment, one or more of the transacting parties are based on some wireless handheld devices. Electronic transactions conducted over the mobile platform are gaining popularity and it is widely accepted that mobile computing is a natural extension of the wired Internet computing world. However, security over the mobile platform is more critical due to the open nature of wireless networks. Furthermore, security is more difficult to implement on the mobile platform because of the resource limitation of mobile handheld devices. Therefore, security mechanisms for protecting traditional computer communications need to be revisited so as to ensure that electronic transactions involving mobile devices can be secured and implemented in an effective manner. This research is part of our effort in designing security infrastructure for electronic commerce systems, which extend from the wired to the wireless Internet. A lightweight mechanism was designed to meet the security needs in face of the resource constraints. The proposed mechanism is proven to be practical in real deployment environment.     

Past, present and future of mobile payments research: A literature review

The mobile payment services markets are currently under transition with a history of numerous tried and failed solutions, and a future of promising but yet uncertain possibilities with potential new technology innovations. At this point of the development, we take a look at the current state of the mobile payment services market from a literature review perspective. We review prior literature on mobile payments, analyze the various factors that impact mobile payment services markets, and suggest directions for future research in this still emerging field. To facilitate the analysis of literature, we propose a framework of four contingency and five competitive force factors, and organize the mobile payment research under the proposed framework. Consumer perspective of mobile payments as well as technical security and trust are best covered by contemporary research. The impacts of social and cultural factors on mobile payments, as well as comparisons between mobile and traditional payment services are entirely uninvestigated issues. Most of the factors outlined by the framework have been addressed by exploratory and early phase studies.     

一种通用移动电子票务系统GMeT的设计与实现

本文主要讨论了一种通用移动电子票务系统GMeT的设计与实现，该系统采用了基于J2EE组件的N层分布式体系架构以及WPKI技术为基础的移动电子商务安全框架：实现了以瘦客户电子钱包服务器为基础的移动实时支付、储值预支付和延迟支付三种支付手段。     

A modeling approach and reference models for the analysis of mobile payment use cases

Mobile payments can be categorized according to their usage in each of the five payment scenarios presented here. The paper proposes the mobile payment modeling approach (MPMA) especially suited for value-based analysis of mobile payment use cases. Based on this approach, the study also develops a set of seven reference models that can classify any given mobile payment use case or mobile payment procedure and analyze it with regard to the business model, the roles of the market participants, and their interrelation from a value-based perspective. An introspective analysis of the mobile payment service provider role and a market constellation analysis which shows the implications of different actors assuming one or more of the respective roles complete the study.     

Exploring consumer adoption of mobile payments – A qualitative study

This paper presents a qualitative study on consumer adoption of mobile payments. The findings suggest that the relative advantage of mobile payments is different from that specified in adoption theories and include independence of time and place, availability, possibilities for remote payments, and queue avoidance. Furthermore, the adoption of mobile payments was found to be dynamic, depending on certain situational factors such as a lack of other payment methods or urgency. Several other barriers to adoption were also identified, including premium pricing, complexity, a lack of critical mass, and perceived risks. The findings provide foundation for an enhanced theory on mobile payment adoption and for the practical development of mobile payment services.     

无人售货的无线通信关键技术研究与实现

随着科学技术的不断发展, 人力成本的不断提高, 传统的售货方式即将发生了改变,无人售货模式会成为未来提升销售竞争力的关键,基于移动支付方式的兴起,改变了人们的付款方式,未来这种支付方式将为无人售货模式的主流支付方式。因此有必要重新研究基于移动通信和移动支付的新型无人售货系统。采用何种无线通信技术成为其中的成为了研究的关键要素。通过实验对现行的几种无线通信方式进行了性能分析,最终确定可以采用GPRS通讯方式实现信息的可靠性传输。     

基于开放服务架构的移动支付平台

介绍了移动支付和开放服务架构相关概念，提出了一种结合开放服务架构的移动支付平台框架模型，然后讨论了基于此平台的移动支付交易流程和安全交易的实现模型。     

An energy-efficient mobile transaction processing method using random back-off in wireless broadcast environments

Broadcast is widely accepted as an efficient technique for disseminating data to a large number of mobile clients over a single or multiple channels. Due to the limited uplink bandwidth from mobile clients to server, conventional concurrency control methods cannot be directly applied. There has been many researches on concurrency control methods for wireless broadcast environments. However, they are mostly for read-only transactions or do not consider exploiting cache. They also suffer from the repetitive aborts and restarts of mobile transactions when the access patterns of mobile transactions are skewed. In this paper, we propose a new optimistic concurrency control method suitable for mobile broadcast environments. To prevent the repetitive aborts and restarts of mobile transactions, we propose a random back-off technique. To exploit the cache on mobile clients, our method keeps the read data set of mobile transactions and prefetches those data items when the mobile transactions are restarted. As other existing optimistic concurrency control methods for mobile broadcast environments does, it works for both read-only and update transactions. Read-only transactions are validated and locally committed without using any uplink bandwidth. Update transactions are validated with forward and backward validation, and committed after final validation consuming a small amount of uplink bandwidth. Our performance analysis shows that it significantly decreases uplink and downlink bandwidth usage compared to other existing methods.     

利用基于身份的密码算法+短信验证码的移动安全支付方案

针对移动支付过程中短信验证码被盗导致资金失窃,以及在基于证书的密码体制下建立移动支付系统时移动设备和移动网络面临巨大压力的问题,文中提出了利用基于身份的密码算法+短信验证码的移动安全支付方案。该方案中,用户和银行服务器加入一个基于身份的密码系统,它们不再需要基于数字证书的身份认证,这将大大减小移动设备以及移动网络的存储和计算开销。用户首先到银行柜台注册开通手机银行业务,设置用户名、密码,预留安全问题,在银行工作人员的帮助下完成手机银行APP的首次安装和初始化。登录时,银行服务器对用户进行身份认证,保证用户合法。支付时,手机银行APP利用用户的私钥生成对短信验证码的数字签名,并用银行服务器的公钥对数字签名和短信验证码的组合加密后发送给银行服务器以进行验证,只有银行服务器验证通过后才允许用户支付。在本方案中,短信验证码和数字签名将共同为用户提供安全保证,即使验证码泄露,攻击者也不可能根据验证码生成数字签名,从而保证了移动支付的安全。理论分析和实验结果表明,本方案不但能够大大提高移动支付的安全性,而且随着移动终端的增加,系统的平均响应时间也不会急剧增长,因此所提方案具有较好的健壮性和可行性。     

电子支付中的密码技术应用（上）

电子支付的本质是网上电子资金流信息,必须严加安全风险防范。没有密码学就没有信息系统的安全。本文着重论述了金融界电子支付中使用的各种密码技术,其中包括了传统对称密码技术、非对称密码技术、密码杂凑函数以及数字证书、OTP等采用的密码技术。电子支付中应用了这些密码技术,确保了电子交易的安全,保障了交易支付数据的完整性、保密性、可靠性、不可否认性和可审计性。     

基于AHP法的移动支付安全风险评估

大数据时代影响移动支付发展的重要因素就是安全。总结了移动支付相对于互联网支付而存在的个性和疑难安全问题,通过德尔菲法构建了安全评估指标结构。运用层次分析法计算各指标的权重,在设计的指标体系中找出风险节点,最终得到整个系统的安全值。该方法将层次分析法引入移动支付指标系统信息安全度计算。实验表明,该评估指标结构以及安全度计算能为移动支付提供有效的安全量化评估。     

一种支持高并发的多人链下支付方案

随着区块链技术研究与应用的快速发展,可扩展性瓶颈对于其在大规模应用场景下的主要制约作用逐渐凸显.作为解决区块链可扩展性问题的关键技术之一,支付通道技术将交易清算从链上的全网矿工认证转移到链下通道内的支付双方认证,从而实现了支付近乎即时确认;结合路由算法构成的支付通道网络,实现了任意两点间的链下支付,极大地提升了区块链的...     

基于J2ME的移动支付安全方案研究

安全方案对移动支付系统的安全性起着决定性作用,其中无线环境中的安全和对用户即手持设备的认证,更是系统成败的关键.借鉴国外已有的移动支付系统,结合宏支付的特点及安全要求,并考虑到J2ME平台本身提供的安全性,提出了一个基于JZME的移动支付安全方案,重点解决无线环境下的用户的认证问题,来保证针对宏支付的移动支付系统的安全.分析测试验证了该安全方案的安全性及可行性.     

一种兼容移动用于网络事务的安全体系结构

Agent技术的进步，推动了网上交易业务的发展。但是，随着业务复杂程度的提高，不仅是agent智能逻辑，包括整个体系的结构都要变化。移动网络的介入，又在此基础上提出了新的问题。本文主要想在以前的基础上展示一种兼容移动网络的处理网络事务的体系构架。以安全性为出发点，主要用以解决用户移动性所带来的资源流动以及屏蔽掉由网络连接质量不好而引起的相应活动的中断问题。同时，我们试图通过一种图形理论来增强agent的内部逻辑，提高网络交易的成功率和安全性能，加速快速开发的过程。     

The formation of a virtual global bank

Banks are undergoing dramatic changes to their organization structures, operations and information systems. The banking market is also developing because information technology (IT) is enabling the banks' business customers to create new forms of organization and trade, and there is a clear trend towards the globalisation of markets and competition. Banks are responding in a variety of ways, each of which is designed to increase their ability to act internationally and more quickly. In this paper the international payments and foreign exchange markets are analysed and a case study of an international bank is presented. The traditional methods of foreign exchange dealing and subsequent payment transfer using the Society for World-wide International Funds Transfer (SWIFT) are coming under close scrutiny, and new and better ways of operating are being devised. This paper describes one approach to redesigning the international payments process. It describes the partnership strategy which is being implemented by a large international bank in cooperation with a number of regional banks, resulting in the creation of a virtual global bank. An outline is given of the evolution of the strategy, showing how a vision of the way transactions should be carried out has enabled the bank to combine its various internal strengths and develop its market network. The virtual bank system and its implementation are presented, and issues of organizational and market network change are considered. Finally the results are compared with network theory and the inter-relationships between strategy, network structure and IT are analysed.     

Near field communication: an assessment for future payment systems

In this paper, we present an assessment of near field communication (NFC) in the context of a payment market. During these past years, we have been witnessing a number of mobile payment trials based on NFC. Early experiences are already quite encouraging and many expect NFC to become a highly efficient and effective technology for mobile payments. The objective of our research is to evaluate in a systematic manner the potential of NFC as an upcoming technology for mobile payments. In order to ensure the rigor of our research, we used a formal and structured approach based on multi-actor multi-criteria methods. Our research provides one of the first assessment of NFC and a realistic picture of the current Swiss situation as we involved numerous mobile payment experts. Our findings show that Swiss industry experts are quite enthusiastic about the future of NFC. A previous version of this paper was presented at the 6th international conference on mobile business, 2007. “Jan Ondrus, Yves Pigneur, An assessment of NFC for Future Payment Systems, Proceedings, Sixth International Conference on Mobile Business, 8–11 July 2007, IEEE Computer Society, ISBN 0-7695-2803-1.”     

一种基于J2ME的移动支付系统的设计与实现

移动支付是移动电子商务中的最重要的部分之一.安全性、私密性、易用性是移动支付的最重要的几个问题.目前有许多不同种类的技术能够实现移动支付,其中J2ME凭借其多种显著的优势成为了佼佼者.移动支付系统也有多种体系架构,其中以第三方支付平台为中心的架构比较灵活、具有很强的可扩展性.本文讨论一个基于J2ME的以第三方支付平台为中心的移动支付系统的特点和优越性,并给出这个系统详细的设计与实现过程.     

基于贝叶斯网络的移动支付风险评估模型

随着信息技术和网络的迅猛发展,支付业务、技术及工具不断创新,移动支付的发展在逐渐加快。移动支付给人们生活带来方便和快捷的同时,也存在着较高的潜在风险,容易遭受非法入侵和恶意攻击。就移动支付风险的分析及风险值的计算理论方面开展工作,在贝叶斯网络的基础上,针对移动支付的主要组成主体,提出移动支付风险评估模型,通过使用该模型进行移动支付风险评估不仅可以对目前移动支付的风险进行评估,还可以根据风险评估结果引导风险控制,对比风险控制前后的风险值判断风险控制的效果,通过案例分析,提出的移动支付风险评估模型可以很好地完成移动支付的风险评估要求。     

基于移动数据库的事务处理模型的研究

对移动数据库的关键技术之一事务处理进行了分析与探讨。在分析现有移动事务处理模型的基础上,结合研究开发的嵌入式移动数据库系统SwiftDB,提出增加接入代理层的事务处理系统结构,并根据移动计算环境的特点和具体应用需求,分析了移动节点上事务状态,改进两级复制模型的移动事务解决方案。     

手机支付数字签名的设计与实现

在基于离散对数和因子分解安全机制的前提下,采用混合加密体制和可证实数字签名的理论,针对手机支付自身的特点,设计了一种安全的手机支付系统,并进行了安全性和有效性分析。