| 摘要: | 隨著行動電子支付的技術發展越來越成熟應用也廣泛應用在食、衣、住、行等日常生活中,防護資安威脅及保護隱私的難度與日俱增,近日層出不窮的資料、隱私外洩、詐欺、勒索病毒與身分冒用等的案例,如何提升使用者的資安及隱私保護能力會是目前很重要的議題。本研究以帳戶式的票務系統,以下稱ABT(Account Based Ticketing)為討論主體,進行探討擴充防止詐欺及保護隱私功能,研究如何能協助ABT在原有的交易機制下擴充增加相關模組進而提升資安及隱私之保護能力。本研究以新加坡及杜拜在大眾交通運輸票務系統升級導入ABT的實際案例,討論其導入後所發現的問題及介紹目前ABT在符合EMV規範下的各種架構,經過比較本研究認為標準型ABT EMV非接觸式的平台架構C較適合未來導入ABT,成為交通運輸主要票務管理系統。另外提出FP(Fraud Privacy)-ABT架構,透過加入機器學習詐欺偵測與K-AnonymityPlus
Attribute-based Credentials模組,以提升安全性的強度及隱私的保護,讓使用者對使用ABT接受度提升。本研究的貢獻在於提出FP-ABT新架構,並說明內部關鍵模組的設計。
;With the development of mobile electronic payment technology becoming more and more mature, the application is also widely used in daily life such as food, clothing, housing, transportation, etc., the protection of information security threats and protection of proprietary protection are increasing day by day. Recently, an endless stream of information, a large number of leaks, and fraud For cases of bullying, ransomware and fraudulent use of identity, how to improve the user’s information security and privacy protection capabilities will be very important alternatives at present. This study uses an account-based ticketing system, hereinafter referred to as account-based ticketing, to expand the discussion. Prevent fraud and protect proprietary functions, and study how to help ABT expand and increase related modules under the reorganized transaction mechanism, and improve information security and proprietary protection capabilities. In this study, the actual case of introducing ABT in the upgrade of public transportation ticketing systems in Singapore and Dubai, discussing the problems found after its introduction, and introducing the various architectures of the current ABT in compliance with EMC regulations, through comparison, this study believes that the standard ABT EMV also proposed the FP (Fraud Privacy)-ABT architecture, adding machine learning fraud detection and the attribute-based credential set of K-AnonymityPlus through extension to study security. The contribution is to propose a new FP-ABT architecture and explain the design of internal key modules. |
