研究生: |
方俊斌 Chun-pin Fang |
---|---|
論文名稱: |
基於一次性動態密碼及行動裝置進行身分驗證 A New Identity Authentication System Based On OTP Using Mobile Device |
指導教授: |
洪西進
Shi-Jinn Horng |
口試委員: |
古鴻炎
Hung-yan Gu 蔡鴻旭 Hung-Hsu Tsai 江季翰 Ji-Han Jiang |
學位類別: |
碩士 Master |
系所名稱: |
電資學院 - 資訊工程系 Department of Computer Science and Information Engineering |
論文出版年: | 2012 |
畢業學年度: | 100 |
語文別: | 中文 |
論文頁數: | 57 |
中文關鍵詞: | 一次性動態密碼 、身分驗證 、Challenge/Response 、RSA演算法 |
外文關鍵詞: | One Time Password, Identity Authentication, Challenge/Response, RSA Algorithm |
相關次數: | 點閱:202 下載:18 |
分享至: |
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
隨著電子商務[1]快速成長,電子商務(如線上銀行、購物、交易)最常要求使用者輸入帳號(Username)與密碼(Password)來登入系統,進行身分驗證。由於每位使用者可能同時使用多個電子商務系統,所以,要記憶多組帳號與密碼極有可能造成他們的困擾。另外,在這開放的網路世界,合法使用者的帳號與密碼遭有心人士盜取使用的新聞時有所聞。再則,近年來電子商務系統常使用透過簡訊來傳送一次性動態密碼[2] OTP (One Time Password),來保護使用者的身分驗證。使用者收到簡訊後,再次輸入其OTP,才能登入系統。
基於許多電子商務使用者習慣攜帶其行動裝置,本論文主要討論使用者登入電子商務時,在其行動裝置安裝OTP產生器的方便與優點,並從OTP產生器取得OTP,且這組OTP只能使用一次。通過使用OTP登錄到不同的電子商務系統,使用者可免於混淆他們的使用者帳號和密碼,來確保他們登錄系統的安全性。
With the fast growth of e-commerce [1] systems, more and more people rely on them to finish their tasks, such as using an online banking, shopping, or trading. The users of the systems are usually required to type in their username and password to log into the system to verify their identity. However, these users may find it difficult to memorize all of the usernames and passwords for different systems if a number of systems are used. In addition, it is often heard that a user’s username and password for a system are phished in cyberspace. Therefore, in order to protect users’ authentication, e-commerce systems now more frequently send a one time password (OTP) through a text to their users. The users can use their OTP they receive to log onto the e-commerce system.
Many e-commerce users are used to carrying a mobile device with them. The thesis will mainly discuss the convenience and advantages of using a mobile device to log into a system with an OTP. Users use an OTP generator in their mobile device to gain an OTP. This OTP can be used just once. By using the OTP to log onto an e-commerce system, users may not confuse their usernames and passwords for different websites as well as ensure their safety when logging into systems.
[1] 電子商務-Wikipedia.,
http://zh.wikipedia.org/zh-tw/%E7%94%B5%E5%AD%90%E5%95%86%E5%8A%A1.
[2] 一次性密碼(One Time Password) – Wikipedia., http://zh.wikipedia.org/zh-hk/%E4%B8%80%E6%AC%A1%E6%80%A7%E5%AF%86%E7%A2%BC.
[3] 什麼是鍵盤側錄程式?,
http://www.digitimes.com.tw/tw/dt/n/shwnws.asp?CnlID=10&Cat=&Cat1=&id=66706.
[4] Backdoor-Wikipedia.,
http://en.wikipedia.org/wiki/Backdoor_(computing).
[5] 波仕特線上市調網, http://www.pollster.com.tw.
[6] Li Yinxiang; Sun Xinxin; Li Xiaoping; Qiong Xu, “The application of one-time password technology in the security of electronic accounting system”, Publication Year: 2010, Page(s): 169 – 171.
[7] 密碼卡, http://ez.lager.com.tw/card/card.shtml.
[8] Yahoo奇摩登入帳號畫面, https://login.yahoo.com/config/login?.intl=tw&.src=fpctx&.done=http://tw.yahoo.com.
[9] Yahoo奇摩安全憑證, http://www.wretch.cc/blog/ycorpblog/11812826.
[10] 亂數-Wikipedia., http://zh.wikipedia.org/zh-tw/%E9%9A%8F%E6%9C%BA%E6%95%B0.
[11] 動態密碼鎖, http://otp.hinet.net/html/AP/OTP/intro_otp.html.
[12] VISA新卡-密碼保障, http://forums.perak.org/cn/read-htm-tid-113412-page-e.html.
[13] Facebook – Wikipedia., http://zh.wikipedia.org/zh-tw/Facebook.
[14] Facebook推一次性密碼服務 安全重心轉移至手機,
http://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=5925.
[15] 台北富邦轉帳登入系統畫面, https://ebank.taipeifubon.com.tw/ibank/servlet/HttpDispatcher/ATMLogin/prompt?newTxRequest=true.
[16] Do van Thanh; Jorstad, I.; Jonvik, T.; Do van Thuan, “Strong authentication with mobile phone as security token”, IEEE 6th International Conference on 2009 , Page(s): 777 – 782.
[17] IMEI-Wikipedia., http://zh.wikipedia.org/wiki/IMEI.
[18] IMSI-Wikipedia., http://zh.wikipedia.org/wiki/IMSI.
[19] Abdulaziz S. Almazyad and Yasir Ahmad, “A New Approach in T-FA Authentication with OTP Using Mobile Phone”, SecTech 2009, Page(s): 9-17.
[20] Zitmo現身 簡訊驗證機制小心破功,
http://www.isecutech.com.tw/article/article_detail.aspx?c1id=4&c3id=40&tv=21&aid=5912.
[21] Qian Tang; Junwei Zou; Chunxiao Fan; Xiaoying Zhang, “A Mobile Identity Authentication Scheme of E-Commerce Based on Java-SIM Card”, Publication Year: 2010 , Page(s): V2-114 - V2-118.
[22] Yin Xue; Zou Junwei; Fan ChunXiao; Zhou Peng, “An Improved Dynamic Identity Authentication Scheme Based on PKI-SIM Card”, Publication Year: 2009 , Page(s): 1 – 4.
[23] Fan Yu Tao; Su Gui Ping, “Design of Two-Way One-Time-Password Authentication Scheme Based On True Random Numbers”, Publication Year: 2009 , Page(s): 11 – 14.
[24] Li TongLiang; Jin ZhiGang, “A New Low Cost One Time ID and Password Authentication Protocol Using Popular Removable Storage Devices”, Publication Year: 2009 , Page(s): 213 – 216.
[25] Wang Liang; Zhang Runtong, “An Security-enhanced Authentication System Based on OTP System in E-Commerce”, Publication Year: 2010, Page(s): 1 – 4.
[26] Li Yinxiang; Sun Xinxin; Li Xiaoping; Qiong Xu, “The application of one-time password technology in the security of electronic accounting system”, Publication Year: 2010, Page(s): 169 – 171.
[27] Wen-Chung Kuo; Yung-Cheng Lee, “ Attack and Improvement on the One-Time Password Authentication Protocol Against Theft Attacks“, Publication Year: 2007 , Page(s): 1918 – 1922.
[28] Li Yinxiang; Xiaoping Li; Lizhi Zhong; Yuhuan Jing, “Research on the S_KEY One-Time Password Authentication System and its Application in Banking And Financial Systems”, Publication Year: 2010 , Page(s): 172 – 175.