ImageVerifierCode 换一换
格式:PDF , 页数:30 ,大小:459.61KB ,
资源ID:806459      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-806459.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ITU-T Y 2741-2011 Architecture of secure mobile financial transactions in next generation networks《下一代网络中安全移动金融交易的结构 13号研究组》.pdf)为本站会员(towelfact221)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ITU-T Y 2741-2011 Architecture of secure mobile financial transactions in next generation networks《下一代网络中安全移动金融交易的结构 13号研究组》.pdf

1、 International Telecommunication Union ITU-T Y.2741TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (01/2011) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security Architecture of secure mobile financial transactions in n

2、ext generation networks Recommendation ITU-T Y.2741 ITU-T Y-SERIES RECOMMENDATIONS GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS GLOBAL INFORMATION INFRASTRUCTURE General Y.100Y.199 Services, applications and middleware Y.200Y.299 Network aspects Y.300Y.39

3、9 Interfaces and protocols Y.400Y.499 Numbering, addressing and naming Y.500Y.599 Operation, administration and maintenance Y.600Y.699 Security Y.700Y.799 Performances Y.800Y.899 INTERNET PROTOCOL ASPECTS General Y.1000Y.1099 Services and applications Y.1100Y.1199 Architecture, access, network capab

4、ilities and resource management Y.1200Y.1299 Transport Y.1300Y.1399 Interworking Y.1400Y.1499 Quality of service and network performance Y.1500Y.1599 Signalling Y.1600Y.1699 Operation, administration and maintenance Y.1700Y.1799 Charging Y.1800Y.1899 IPTV over NGN Y.1900Y.1999 NEXT GENERATION NETWOR

5、KS Frameworks and functional architecture models Y.2000Y.2099 Quality of Service and performance Y.2100Y.2199 Service aspects: Service capabilities and service architecture Y.2200Y.2249 Service aspects: Interoperability of services and networks in NGN Y.2250Y.2299 Numbering, naming and addressing Y.

6、2300Y.2399 Network management Y.2400Y.2499 Network control architectures and protocols Y.2500Y.2599 Smart ubiquitous networks Y.2600Y.2699 Security Y.2700Y.2799Generalized mobility Y.2800Y.2899 Carrier grade open environment Y.2900Y.2999 Future networks Y.3000Y.3099 For further details, please refer

7、 to the list of ITU-T Recommendations. Rec. ITU-T Y.2741 (01/2011) i Recommendation ITU-T Y.2741 Architecture of secure mobile financial transactions in next generation networks Summary Recommendation ITU-T Y.2741 specifies the general architecture of a security solution for mobile commerce and mobi

8、le banking in the context of NGN. It describes the key participants, their roles, and the operational scenarios of the mobile commerce and mobile banking systems. It also provides examples of the implementation models of mobile commerce and mobile banking systems. History Edition Recommendation Appr

9、oval Study Group 1.0 ITU-T Y.2741 2011-01-28 13 Keywords Mobile banking, mobile commerce, mobile payments, remote payments, safety and security. ii Rec. ITU-T Y.2741 (01/2011) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommun

10、ications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunic

11、ations on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedur

12、e laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecomm

13、unication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these

14、 mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU d

15、raws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members

16、 or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not repre

17、sent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2011 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T Y.2741 (01/20

18、11) iii Table of Contents Page 1 Scope 1 2 References. 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this Recommendation . 1 4 Abbreviations and acronyms 2 5 Conventions 2 6 Roles, risks, participants, and scenarios of mobile payments in NGN . 2 6.1 Roles within the mobile com

19、merce and mobile banking systems 2 6.2 Risks in the MPS and MPS security levels 3 6.3 Participants and the system architecture of mobile commerce and mobile banking . 3 6.4 The mobile payment system usage scenarios . 5 7 Transition from the token payment systems . 16 Appendix I Enrol a payment instr

20、ument in the system . 17 Appendix II Mobile banking and mobile commerce systems implementation models 19 II.1 The implementation of the system without the use of the client application 20 II.2 The implementation of the system with the use of the client application 20 Bibliography. 22 Rec. ITU-T Y.27

21、41 (01/2011) 1 Recommendation ITU-T Y.2741 Architecture of secure mobile financial transactions in next generation networks 1 Scope This Recommendation defines the security architecture pertaining to remote mobile financial transactions for NGN. The scope excludes all other financial transactions, a

22、s well as transactions that use monetary or non-monetary tokens for transfer of value. By organizing a wide range of services with a flexible management and personalization functions, NGN can provide convenient access to mobile payment system (MPS) services. 2 References The following ITU-T Recommen

23、dations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are there

24、fore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand

25、-alone document, the status of a Recommendation. ITU-T Y.2740 Recommendation ITU-T Y.2740 (2011), Security requirements for mobile remote financial transactions in next generation networks. 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the following term defined elsewhere: 3.1.1

26、 next generation network (NGN) b-ITU-T Y.2001: A packet-based network able to provide telecommunication services to users and able to make use of multiple broadband, QoS-enabled transport technologies and in which service-related functions are independent from underlying transport-related technologi

27、es. It enables unfettered access for users to networks and to competing service providers and/or services of their choice. It supports generalized mobility which will allow consistent and ubiquitous provision of services to users. 3.2 Terms defined in this Recommendation This Recommendation defines

28、the following terms: 3.2.1 application: A special mobile banking or mobile commerce application uploaded to the clients (users) mobile device. 3.2.2 bank account: An electronic funds account held by a private individual or a corporate entity in a bank or other financial institution authorized by the

29、 countrys national monetary authority (e.g., central bank) that can be used for payment for goods and services. 3.2.3 client: A private individual or a corporate entity that has signed a contractual agreement on the use of telecommunication services and the system of mobile commerce. 3.2.4 financial

30、 transaction: An event or a condition covered under the terms of the contract between a buyer and a seller to exchange an asset for payment. 2 Rec. ITU-T Y.2741 (01/2011) 3.2.5 intersystem environment: A set of rules or a system that enables the establishment of the interaction of various mobile ban

31、k and mobile commerce systems. 3.2.6 mobile device: An electronic device used for telecommunications over wireless NGN network. 3.2.7 mobile financial transaction: A financial transaction initiated and/or authorized using a mobile device. 3.2.8 mobile payment system (MPS): Mobile banking and/or mobi

32、le commerce systems. 3.2.9 monetary token: Electronic or physical artifact used for payment that is represented and measured in the countrys national currency units, that however is not stored in, or directly linked to a bank account. An example of an electronic monetary token is electronic cash sto

33、red in a stand-alone electronic wallet that is not mirrored by a bank account. Examples of physical monetary tokens include coins, banknotes, travellers checks, etc. 3.2.10 non-monetary token: Electronic or physical artifact used for payment but not represented in national currency units. Examples o

34、f electronic non-monetary tokens are unused minutes or SMS messages held in NGN subscriber accounts that the NGN operators allow to be transferred from one subscriber account to another. 3.2.11 payment ID: A required request parameter that explicitly identifies the payment recipient. Merchant ID and

35、 mobile payment system (MPS) ID (a unique identifier of a mobile payment system) must be present in the implementation of the intersystem environment. 4 Abbreviations and acronyms This Recommendation uses the following abbreviations and acronyms: DB DataBase ID Identification IS Information System M

36、PS Mobile Payment System NGN Next Generation Network 5 Conventions None. 6 Roles, risks, participants, and scenarios of mobile payments in NGN 6.1 Roles within the mobile commerce and mobile banking systems The basic roles of the MPS participants and their responsibilities are: The client is a mobil

37、e subscriber who possesses a payment instrument for the payment operations. The client application is the special software uploaded to the clients mobile device (phone, SIM card, communicator, etc.) and designed for conducting secure mobile payment operations. The payment instrument is a financial i

38、nstrument used to perform payment for goods and services. Rec. ITU-T Y.2741 (01/2011) 3 The NGN operator provides the mobile communication network for remote interaction of the client with the MPS, data routing and transfer. The client application distributor is a participant that makes applications

39、 available to the clients. The security provider is a participant that provides security of the data transfer over communications channels. The MPS operator (service provider, payment gateway) is a participant that ensures interaction within the MPS and provides payment services to the end user. The

40、 issuer is a financial institution that issues payment instruments. The client authentication provider validates the client operation. The acquirer is a financial institution that maintains merchant relationships and receives all financial transactions from the merchant. The payment system is an org

41、anization that ensures interbank payment transactions. 6.2 Risks in the MPS and MPS security levels This clause describes the basic information security risks that may arise when conducting (i.e., performing) remote mobile payments. These risks include, but are not limited to: The risk of compromise

42、d confidentiality unauthorized third party access to confidential information. The risk of compromised integrity information distortion during the process of its transfer or processing. The risk of forging of electronic documents a document is generated by an unauthorized party. The risk of repudiat

43、ion the denial of authorship of an electronic document. The risk of information destruction, either intentional or by negligence. Transactional risk the failure to finish a transaction (e.g., due to unstable mobile communication). Depending on the implemented risk-based security mechanisms, there ar

44、e systems with four security levels ITU-T Y.2740. 6.3 Participants and the system architecture of mobile commerce and mobile banking The MPS architecture should be compliant with the already existing system of interrelations between financial, legal and commercial organizations and enable system par

45、ticipants to make mobile payment transactions with the necessary degree of security based on the estimated risk level. The proposed architecture should support schemes and specifications already used by the system participants for performing payment transactions. 4 Rec. ITU-T Y.2741 (01/2011) ITU-T

46、Y.2741(11)_F01ClientNGN operatorMerchantIssuer AcquirerMPS operator- Security provider;- Clientauthenticationprovider; - Service providerFigure 1 Participants and the system architecture of the mobile commerce and the mobile banking Table 1 Mobile payments system participants Participant Description

47、, concern (goal, objective, interest) Role Client Private individual or corporate entity that has signed a contractual agreement on the use of telecommunication services and the system of mobile commerce. Possesses a mobile device and a payment instrument. Principal concern: increase the number of s

48、ervices, get the possibility to perform secure remote financial transactions, expand the scope of payment instruments. Client NGN operator An institution that provides the client with digital communication services. Principal concern: increase the number of clients, extend the range of the available

49、 services, increase traffic. NGN operator MPS operator An institution that ensures secure remote interaction of the financial structures, the client and the NGN operator within the mobile payment system. Principal concern: create an extensive network of mobile commerce, increase the number of participants as well as the number of remote transactions, ensure maximum operations security. Security provider, service provider, client authentication provider Issuer Financial and legal

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1