簡易檢索 / 詳目顯示

研究生: 吳政道
Chengtao - Wu
論文名稱: 網路ATM付款機制安全性之研究
Study on the Security of Web-ATM Payment Mechanisms
指導教授: 吳宗成
Tzong-Chen Wu
口試委員: 楊維寧
none
陳正綱
none
學位類別: 碩士
Master
系所名稱: 管理學院 - 資訊管理系
Department of Information Management
論文出版年: 2006
畢業學年度: 94
語文別: 中文
論文頁數: 98
中文關鍵詞: 晶片金融卡網路ATMWeb ATM電子付款付款機制
外文關鍵詞: Payment Mechanisms
相關次數: 點閱:153下載:7
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報
  • 由於磁條金融卡保密安全機制不足,發生側錄、偽造事件,為徹底解決類似問題,自95年3月1日起正式停止磁條金融卡交易,屆時近4000萬張的晶片金融將在市面上流通。晶片金融卡具備持卡人身分識別、卡片合法性、交易資料鑑別機置及達到交易不可否認性,具備安全且不易被側錄偽造等優點。晶片金融卡可使用的環境與範圍相當廣泛,除了提供實體ATM之提款及付費功能外,也可做為B2C電子商務線上付款機制。
    為配合政府推動e-Taiwan之建設,銀行公會積極推廣晶片金融卡之「網路ATM」(又稱Web ATM)應用系統,提供大眾方便、安全、省時的網際網路付款服務工具,以利電子商務的發展,對台灣整體的經濟效益、成本效益具有正面效果。然而網路ATM的使用環境為一開放性的網際網路,其安全機制涉及加密技術、線上入侵、駭客木馬程式等各種潛在風險,且交易的安全性對銀行產業形象及客戶信心影響深遠,值得關切與深入研究。
    本研究係針對網路ATM線上轉帳交易之安全性問題進行研究,就系統設計、交易流程、安全架構、威脅分析加以研究、整理,說明網路ATM現行設計方法在開放式網際網路環境下潛在的安全威脅,並經由系統實證分析網路ATM交易過程中,可能存在之弱點風險,提出系統設計的加強方法,以便對入侵攻擊做出適當的回應與防範,來降低或避免線上交易的風險。同時本研究也以網路ATM之設計架構,提出以晶片金融卡做為網路銀行系統登入(Login)作業之身分鑑別方法,有效解決網路銀行使用者的身分辨識,以利網路銀行業務推展。


    Due to the secret mechanisms of the magnetic stripe card is insufficiently, it’s easy to be recorded and to counterfeit fraudulent ATM card. in order to solve the similar problem completely , The Bank Society announce will stop the magnetic stripe card trade since March 1 , 2006, nearly 40 million IC card will be circulated on the market when the time comes. The IC card of ATM possesses the functions:card holder Authentication and discerns, card legitimacy, Transaction Authentication code, TAC, and reach the trade undeniably, it is safe and difficult to be recorded the advantage of forging etc. the chip card can be used at many payment environment, except to offer the entity withdraw deposit and transfer account , it’s also can do the payment mechanism for B2C e-commerce .
    In order to cooperate with the government to promote the construction of e-Taiwan, the bank society popularize the application system of ' network ATM ' (also name Web ATM ) of the chip card actively, it offer a convenient, safe and saving time payment service through the internet network. The safe payment mechanism will help the development of e-commence , Using Web ATM as on will also results to the whole economic benefits , cost-effective in Taiwan.
    The Web ATM application is used in the open environment of internet, its safe mechanism involves various kinds of potential risks, on-line invading , hacker's Trojan procedure ,etc., The security of payment in the network will effect the consumer’s confidence and it’s also affect the bank industry image, Therefore , the security of Web ATM is worth to study and concern 。.
    This research carry on the study of the Payment security of Web ATM which transfer account on-line, to analyze the risk of Web ATM’s design architecture , trade procedure and security structure , and to state the potential threat of Web ATM payment system under the open environment . in the meantime,through the detail systematic analysis of Web ATM trade course and demonstrate that the risk of Man-in-the-Middle is existence in the Web ATM payment system .therefore ,this research propose some improve method to avoid or reduce the potential risk from the hacker’s attack by WEB ATM Transaction .
    At the same time this research utilize Web ATM architecture to design remote authentication method with IC card, effectively to solve the Login problem of network banking which is attacked by Spyware or Keylogger .

    目 錄 摘 要iv Abstractvi 謝 誌viii 圖目次ix 表目次x 第一章 緒 論1 1.1研究背景1 1.2研究動機3 1.3研究目的6 1.4研究方法與論文架構7 1.5研究限制與範圍7 第二章 文獻探討9 2.1晶片金融卡9 2.1.1晶片金融卡傳輸訊息格式12 2.1.2晶片金融卡指令功能說明13 2.1.3晶片金融卡轉帳交易流程15 2.2電子付款安全服務19 2.3安全機制22 2.3.1使用者鑑別22 2.3.2密碼演算法25 2.4網路安全攻擊 (Internet Security Attack)34 2.4.1被動式攻擊34 2.4.2主動式攻擊35 2.4.3駭客軟體36 第三章 網路ATM設計方法39 3.1系統架構說明45 3.2轉帳交易安全設計51 3.3效能分析60 第四章 網路ATM潛在的風險62 4.1風險管理62 4.2威脅剖析63 4.3改善方案68 4.4遠端身份鑑別 -- 網路銀行晶片卡Sign On機制74 第五章 結論與未來研究方向81 參考文獻85

    ﹝1﹞周伯錕,”利用智慧卡之遠端身分認證之研究”,2003,中興大學資訊科學研究所碩士論文
    ﹝2﹞莊振宏,”針對網路銀行之異常偵測模組研究”,2003,長庚大學資訊管理研究所碩士論文
    ﹝3﹞廖啟泰,”國內銀行IC智慧卡導入策略之研究”,2003 ,台北大學企管系碩士論文
    ﹝4﹞徐彥宏,”智慧卡離線交易認證機制之研究”,2004 ,義守大學資訊工程研究所碩士論文
    ﹝5﹞財金公司,”晶片金融卡規格書”及”晶片金融卡端末設備介面規格書”,3.0 版
    ﹝6﹞賴榮樞譯,”網路安全精要:應用與標準”,William Stallings著,PEARSON出版, 2005
    ﹝7﹞徐廣寅,”資訊安全管理導論”, 金禾資訊, P11-2 ~ P11-5
    ﹝8﹞張博竣,”資訊安全管理實務”,松崗出版. P10-6 ~P10-11
    ﹝9﹞夏雲浩譯,”防火牆與網路安全”,William R. Cheswick著, PEARSON出版,2003
    ﹝10﹞尤培麟譯,”駭客現形”,第八版,McGraw-Hill出版
    ﹝11﹞張真誠•黃國峰•陳同孝編著,”電子影像技術”,旗標出版,12章
    ﹝12﹞吳宗成著,”系統分析與設計”,三民書局 , 1995
    ﹝13﹞http://www.microsoft.com/mind/0598/browhelp.asp
    http://msdn.microsoft.com/workshop/browser/ext/extensions.asp
    ﹝14﹞http://msdn.microsoft.com/library/?url=/library/en-us/dnwebgen/html/bho.asp
    ﹝15﹞http://www.spywareinfo.com/articles/bho/
    ﹝16﹞http://www.developerfusion.co.uk/

    英文部份
    ﹝20﹞M.Naor and A.Shamir,”Visual Cryptography”in Eurocrypt’94,Lecture Notes in Computer Science,Springer-Verlag,1994
    ﹝21﹞M.Naor and B.Pinkas,”Visual Authentication an Identification,”Advance in Cryptpgraphy:Crypto’97,Lecture Notes in Computer Science, Springer-Verlag New York,1997
    ﹝22﹞C.C.Cheng,and R.J.Hwang,”Hiding a Picture in two Picture,”to appear in Optical Engineering,2000
    ﹝23﹞C.C.Cheng,and R.J.Hwang,”A Simple Picture Hiding Scheme,”Computer Processing of Oriental Languages,Vol.12,No 2,1998
    ﹝24﹞Leslie Lamport, ”Password authentication with insecure communication”, Communication of the ACM, Nov. 1981.
    ﹝25﹞N.Haller. ,”The S/Key one-time password system”, In Proceedings of the Internet Society Symposium on Network and Distributed System Security, San Diego, CA, Feb, 3, 1994
    ﹝26﹞洪肇蔚,”The optimal investment strategy of information security architecture”,2004
    ﹝27﹞http://williamstallings.com/NetSec2e.html
    ﹝28﹞http://www.codeproject.com/index.asp
    ﹝29﹞http://www.codeguru.com/forum/archive/index.php/

    QR CODE