| As a brand-new type of service combining cyber cash and mobile communication, the mobile banking service not only permits people to handle their financial business anywhere and anytime, but also extends the range of banking service greatly. Thanks to the mobile banking service, nowadays banks are able to offer their clients traditional and creative services conveniently as well as efficiently. Due to the complexity and particularity of mobile banking service, the key problem to be solved during the development of mobile banking service turns out to be its security. What makes the situation worse, is that mobile phones get internet access through mobile network, the process of which is threatened by security problems both of mobile network and IP network.Communication links and mobile phone virus can lead to the eavesdropping and theft of date, which can be protected by a dynamic authentication. During the dynamic authentication, users will authenticate before each operation. During the process of operation, to make sure that users authenticate several times without several logons, a ticket that is solid only for the current connection will be issued to be used as the credential of previous operation, while banks will only authenticate the ticket after the user has successfully logged. Bank services can be divided into several applications, among which account transactions and queries belong to one, yet stocks, funds, and currencies belong to another. Likewise, while using these applications, users will not have to log again thanks to the single sign-on technology.This thesis brings forward a security solution of mobile banking service based on OTP authentication and Single Sign-on Technology. Through OTP passwords generated by SIM card, users will get access to their ticket while asking for service connections. At the same time, the bank will firstly verify the ticket after receiving the request from users. Due to the once-off of OTP password, the ticket can be valid only for once, which makes the OTP password impossible to be embezzled without generation of SIM card, even the date has been deciphered or eavesdropped. The password of client software of mobile banking service is static, thus the software can't be enabled, and none of operations can be carried out if the mobile phone has been stolen or lost. Finally, the main functions of the solution, including Authentication servers authenticating OTP password and ticket, and basic functions of client software, will be applied based on OMS operating system. |
PDF Full Text Request