政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/152414

English | 正體中文 | 简体中文 | Post-Print筆數 : 27 | Items with full text/Total items : 113160/144130 (79%)
Visitors : 50741729 Online Users : 467

RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.

Scope

please add "double quotation mark" for query phrases to get precise results

please goto advance search for comprehansive author search

Adv. Search

Home ‧ Login ‧ Upload ‧ Help ‧ About ‧ Administer

Goto mobile version

政大機構典藏 > 商學院 > 資訊管理學系 > 學位論文 > Item 140.119/152414

Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/152414

Title:	應用 FIDO 於支付服務商間交易的嚴格顧客驗證 Applying FIDO for Strong Customer Authentication in Transactions Between Payment Service Providers
Authors:	蔡典翰 Tsai, Tien-Han
Contributors:	陳恭 Chen, Kung 蔡典翰 Tsai, Tien-Han
Keywords:	金融 FIDO FIDO2 Webauthn 支付服務商嚴格顧客驗證 F-FIDO FIDO2 Webauthn Payment Service Provider Strong Customer Authentication
Date:	2024
Issue Date:	2024-08-05 12:07:33 (UTC+8)
Abstract:	隨著數位化和網路科技的快速發展，支付服務商在推動電子商務和數位經濟的過程中扮演著至關重要的角色。這不僅提升了支付的便利性，同時也帶來了一系列資訊安全上的新挑戰，特別是在支付服務商間進行交易時，如何提升使用者身份驗證的便利性、確保交易的安全性，成為了當前需面臨的問題。目前台灣在處理此類問題的作法，主要依賴傳統的密碼系統與簡訊動態密碼驗證，這些方法雖然普及，但可能存在使用者體驗的不便利性與交易安全性漏洞等潛在問題。台灣金融監督管理委員會近年來積極推動金融領域採用 F-FIDO 標準，旨在透過更現代化的驗證方式，提升使用者體驗與金融交易的安全性。因此，本論文提出一個結合 FIDO 標準與嚴格顧客驗證的方案，應用公私鑰加密技術優化使用者身份驗證流程，並強化支付服務商之間的交易安全性，為支付服務商提供一個新的解決思路。在系統實作方面，本研究模擬支付服務商間的轉帳服務，根據 FIDO2 的 Webauthn 標準，建立一個中心化依賴方，提供於中心化依賴方建立第二組公私鑰，作為二次身份驗證的基礎。此外，當使用者欲進行支付服務商間的轉帳服務時，需先通過嚴格顧客驗證，使用者於中心化依賴方的安全執行環境中，運用其在中心化依賴方所註冊的私鑰進行身份驗證，並確認交易細節後，便可執行支付服務商間的轉帳服務。 The rapid development of digital and internet technologies has made payment service providers essential to e-commerce and the digital economy. While enhancing payment convenience, it also brings new security challenges, especially in user authentication and transaction security. In Taiwan, traditional password systems and SMS OTPs are common but have potential security vulnerabilities. The Financial Supervisory Commission promotes the F-FIDO standard to enhance security and user experience. This paper proposes a solution combining FIDO2 Webauthn and strong customer authentication, using asymmetric encryption to secure inter-provider transactions with a centralized relying party for secondary authentication. This study simulates inter-provider transfer services based on the FIDO2 Webauthn standard. It establishes a centralized relying party for secondary authentication with a second set of public-private keys. Users must pass strict customer authentication, using their private key registered with the centralized relying party in a secure environment to authenticate their identity and confirm transaction details before executing transfers.
Reference:	Apple Inc. (2023). Accessing keychain items with face id or touch id: Overview. https://developer.apple.com/documentation/localauthentication/accessing_keychain_ items_with_face_id_or_touch_id Apple Inc. (2024). Accessing keychain items with face id or touch id. https://docs-assets. developer.apple.com/published/3c99bf9268/rendered2x-1654018513.png Caccavello, G., & Okay Inc. (2022). Open banking: Back to basics: What is strong customer authentication? https://www.openbankingexcellence.org/blog/back -to - basics-what-is-strong-customer-authentication FIDO Alliance. (2020a). Fido security reference: Introduction. https://fidoalliance.org/ specs/common-specs/fido-security-ref-v2.1-ps-20220523.html FIDO Alliance. (2020b). Fido uaf architectural overview: Authenticator registration. https: //fidoalliance.org/specs/fido-uaf-v1.2-ps-20201020/fido-uaf-overview-v1.2-ps20201020.html#authenticator-registration FIDO Alliance. (2020c). Fido uaf architectural overview: Authentication. https://fidoalliance. org/specs/fido- uaf- v1.2- ps- 20201020/fido- uaf- overview- v1.2- ps- 20201020. html#authentication FIDO Alliance. (2020d). Fido uaf architecture. https://fidoalliance.org/specs/fido-uafv1.2-ps-20201020/img/fido-uaf-architecture.png FIDO Alliance. (2020e). Fido uaf protocol specification: Registration operation. https: //fidoalliance.org/specs/fido-uaf-v1.2-ps-20201020/fido-uaf-protocol-v1.2-ps20201020.html#registration-operation FIDO Alliance. (2020f). Fido uaf protocol specification: Authentication operation. https: //fidoalliance.org/specs/fido-uaf-v1.2-ps-20201020/fido-uaf-protocol-v1.2-ps20201020.html#authentication-operation FIDO Alliance. (2020g). 無密碼體驗 (uaf 標準). https://fidoalliance.org/wp-content/ uploads/FIDO_UAF_Experience.png FIDO Alliance. (2021a). Fido security reference architecture. https:// fidoalliance. org/ specs/common-specs/img/fido-security-ref-architecture.png FIDO Alliance. (2021b). Fido2 graphic v2. https://fidoalliance.org/wp-content/uploads/ FIDO2-Graphic-v2.png Matthew Miller. (2024). Simplewebauthn. https://simplewebauthn.dev/ MDN Web Docs. (2023). Origin. https://developer.mozilla.org/en-US/docs/Glossary/Origin Oracle Corporation. (2024). Mysql 8.4 reference manual: Xa transactions. https://dev. mysql.com/doc/refman/8.4/en/xa.html The European Parliament and the Council of the European Union. (2015). Directive of eu: Article 97. authentication. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/ ?uri=CELEX:32015L2366 W3C. (2023a). Web authentication: An api for accessing public key credentials level 3: Relying party identifier. https://www.w3.org/TR/webauthn- 3/#relying- partyidentifier W3C. (2023b). Web authentication: An api for accessing public key credentials level 3: Authenticator attachment modality. https://www.w3.org/TR/webauthn-3/#sctnauthenticator-attachment-modality W3C. (2023c). Web authentication: An api for accessing public key credentials level 3: User verification requirement enumeration. https://www.w3.org/TR/webauthn3/#enum-userVerificationRequirement 一卡通 MONEY. (2023). 電支也能手機門號跨行轉帳囉！ipass money 開通服務綁定: Ipass money 綁定手機門號轉帳操作方式. https://www.i-pass.com.tw/cht/ News/Detail/103300 一卡通 MONEY. (2024). 金融驗證的操作步驟及常見問題. https://help2.line.me/ linepay_tw/android/categoryId/50003418/3/pc?lang=zh-Hant&country=TW& contentId=50010723 兆豐銀行. (2024a). 「金融行動身分識別」（金融 FIDO）. https://www.megabank. com.tw/digital-finance/fido/fido 兆豐銀行. (2024b). 兆豐實體 ATM 註冊流程. https://www.megabank.com.tw/digitalfinance/cloud-page/image-with-title-item/atm-process 兆豐銀行. (2024c). 兆豐網路 ATM 註冊流程. https://www.megabank.com.tw/digitalfinance/cloud-page/image-with-title-item/process 兆豐銀行. (2024d). 兆豐身份認證 APP 裝置綁定流程及使用教學. https://www. megabank.com.tw/digital-finance/cloud-page/image-with-title-item/instructions 金融監督管理委員會. (2021). 「金融行動身分識別聯盟」正式成立，加速提升數位金融服務的安全與便利. https://www.fsc.gov.tw/ch/home.jsp?id=96& parentpath=0&mcustomize=news_view.jsp&dataserno=202106150002&dtable= News 金融監督管理委員會. (2022). 金管會-數位身分認證及授權: 主題式監理沙盒及業務試辦之辦理近況. https://www.fsc.gov.tw/ch/home.jsp?id=96&parentpath=0,2& mcustomize=news_view.jsp&dataserno=202207220001&dtable=News 金融監督管理委員會. (2023a). 金融科技發展路徑圖 2.0. https://www.fsc.gov.tw/ websitedowndoc?file=chfsc/202308161025340.pdf&filedisplay=%E9%87%91% E8%9E%8D%E7%A7%91%E6%8A%80%E7%99%BC%E5%B1%95%E8% B7%AF%E5%BE%91%E5%9C%96%282.0%29.pdf 金融監督管理委員會. (2023b). 金融科技發展路徑圖 2.0-具體推動事項列表. https://www.fsc.gov.tw/websitedowndoc?file=chfsc/202308161026170.pdf&filedisplay=2.0%E5%85%B7%E9%AB%94%E6%8E%A8%E5%8B%95%E4% BA%8B%E9%A0%85%E5%88%97%E8%A1%A8%282.0%29.pdf
Description:	碩士國立政治大學資訊管理學系 111356038
Source URI:	http://thesis.lib.nccu.edu.tw/record/#G0111356038
Data Type:	thesis
Appears in Collections:	[資訊管理學系] 學位論文

Files in This Item:

File	Description	Size	Format
603801.pdf		8728Kb	Adobe PDF	0	View/Open

All items in 政大典藏 are protected by copyright, with all rights reserved.

社群 sharing

著作權政策宣告 Copyright Announcement

1.本網站之數位內容為國立政治大學所收錄之機構典藏，無償提供學術研究與公眾教育等公益性使用，惟仍請適度，合理使用本網站之內容，以尊重著作權人之權益。商業上之利用，則請先取得著作權人之授權。
The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

2.本網站之製作，已盡力防止侵害著作權人之權益，如仍發現本網站之數位內容有侵害著作權人權益情事者，請權利人通知本網站維護人員(nccur@nccu.edu.tw)，維護人員將立即採取移除該數位著作等補救措施。
NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.

DSpace Software Copyright © 2002-2004 MIT & Hewlett-Packard / Enhanced by NTU Library IR team Copyright © - Feedback