(3.232.129.123) 您好!臺灣時間:2021/02/26 20:49
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:葉慕恩
研究生(外文):Mu-En Yeh
論文名稱:線上拍賣網站交易安全機制之評估
論文名稱(外文):The Evalution of Transaction Security Mechanisms for online Aucution Sites
指導教授:李鴻璋李鴻璋引用關係
指導教授(外文):Hung-Chang Lee
學位類別:碩士
校院名稱:淡江大學
系所名稱:資訊管理學系
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2001
畢業學年度:89
語文別:中文
論文頁數:74
中文關鍵詞:線上拍賣線上詐欺交易安全
外文關鍵詞:online auctioninternet fraudtransaction security
相關次數:
  • 被引用被引用:12
  • 點閱點閱:373
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:2
隨著網際網路(Internet)的快速發展,各種新的網路電子商務經營模式如雨後春筍般地出現,而從美國線上拍賣市場的大幅成長和拍賣網站Ebay經營模式的成功,就可以知道線上拍賣(online auction)是一個成功的電子商務交易模式;但是根據相關的線上拍賣研究報告和客戶申訴案例中卻顯示出線上拍賣交易安全的問題,例如線上詐欺(Internet fraud)、客戶的個人財務資料遭盜取、遇到不實的網路商家以及客戶否認交易等,這使得消費者擔心線上拍賣的交易安全問題而不敢在網路上做交易;因此,如果要能安心地在拍賣網站上做線上交易,則必須要有一個完善的交易安全機制才能使交易更有保障‧
基於線上拍賣所存在的交易安全問題,因此本研究將會對於目前拍賣網站上的線上詐欺(internet fraud)、線上傳輸、線上交易糾紛、線上付款、以及線上秘密競標等交易安全問題,提出信用評比、交易防弊、安全傳輸及身分鑑別、交易不可否認、線上付款、秘密競標等六個交易安全構面,本研究根據線上交易的機密性(Confidentiality)、完整性(Integrity)、鑑別性(Authentication)、交易不可否認性(Non-repudiation)以及穩私性(Privacy)等安全需求的可信賴程度,再參考可信賴系統評估準則,將每個安全構面再區分為由低至高的交易安全等級,最後在針對這些安全構面實際地對目前的線上拍賣(online auction)網站做交易安全性的評估,由這些拍賣網站個案評估表可以有效地評估各類型拍賣網站的交易安全機制,其評估結果更可以讓拍賣網站和線上拍賣者在電子商務開放的交易環境下,能有效地去評估拍賣網站所提供的安全機制是否有漏洞‧
With the rapid development of the Internet, many different e-commerce models have appeared. The rapid growth of online auctions in the USA and the success of the business model pioneered by e-Bay show that the online auction is an effective e-commerce transaction model. However, studies of online auctions and customer complaints demonstrate that online auctions are affected by security problems, such as Internet fraud, the theft of customers’ personal data, dishonest vendors, repudiation of transactions, etc. These security problems discourage consumers from engaging in on-line transactions. If people are to be able to conduct transactions on-line with peace of mind, a comprehensive transaction security mechanism will be needed.
Of the various transaction security problems that currently affect auction sites — Internet fraud, online communication, online transaction disputes, online payment, online sealed bids, etc. — in this study we consider six transaction security aspects: credit verification, fraud prevention, secure communcation and authentication, non-repudiation, online payment, and sealed bids. On the basis of the level of reliability of confidentiality, integrity, authentication, transaction non-repudiation and privacy with respect to security needs, and with reference to the Trusted Computer System Evaluation Criteria (TCSEC), each security aspect is graded according to the level of transaction security. Finally, an evaluation is undertaken of the level of transaction security of existing online auction sites with respect to the different security aspects. The evaluation tables produced for these auction sites can be used to effectively appraise the transaction security mechanisms of each type of auction site. The results of evaluation can then be used to enable online auction sites and persons using such sites to effectively evaluate whether, within the open transaction environment of e-commerce, the security mechanism provided by an auction site has any weaknesses.
第一章 緒論
1.1研究背景和動機1
1.2研究目的2
1.3論文架構3
第二章 相關文獻探討
2.1拍賣的意義和種類4
2.2現代基本密碼學技術7
2.3可信賴系統的評估準則21
第三章 線上拍賣之交易安全威脅和交易安全機制23
3.1線上拍賣網站的類型和趨勢23
3.2線上詐欺的交易安全評估24
3.3線上傳輸的交易安全評估30
3.4線上交易糾紛的交易安全評估41
3.5秘密競標的交易安全評估.44
3.6線上付款的交易安全評估47
第四章、線上拍賣網站交易安全個案分析61
4.1國外公開拍賣型網站的線上交易安全性分析.64
4.2國內公開拍賣型網站線上交易的安全性分析66
4.3國外秘密競標型網站線上交易的安全性分析68
4.4綜合分析和建議.69
第五章、結論及建議71
參考文獻72
[1]樊國楨,「電子商務高階安全防護」,資訊與電腦出版社,1997‧
[2]賴溪松、韓亮、張真誠,「近代密碼學及其應用」,松崗電腦圖書公司,1995‧
[3]電子化企業經理人報告,Internet Security & Privacy,ARC遠擎管理顧問公司企業智慧部,2000年5月‧
[4]張文旭,「SSL協定簡介」資訊安全通訊第六卷第三期,中華民國資訊安全學會,2000年6月‧
[5]陳歷鋒,「網際網路拍賣機制之初探研究」,國立台灣大學商學研究所碩士論文,1999‧
[6]洪芳芷,「線上拍賣網站市場分析與經營策略之研究」,國立台灣大學資訊管理研究所碩士論文,1999‧
[7]張真誠、林祝興、江季翰,「電子商務安全」,松崗電腦圖書公司,2000‧
[8]Simson Garfinkel with Gene Spafford, “Web security & Commerce”, O’reilly, June.1997.
[9]R. McAFee, J. McMillan, “Auction and Bidding”, J. Economic Literature, Vol.25, June.
[10]NBS FIPs PUB 46, ”Data Encryption Standard”,National Bureau of Standards,U.S. Department of Commerce, Jan . 1977.
[11]X. Lai, “On the Design and Security of Block Ciphers”, ETH Series in Information Processing, v. 1, Knostanz: Hartung-Gorre Verlag, 1992.
[12]W. Diffie & M. E. Hellman.”New directions in cryptography”,IEEE Transcation on Information Theory,Vol. IT-22,No.6,1976,pp.644-654.
[13]T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete logarithm”, IEEE Transcation on Information Theory,Vol.IT-31,No.4,1985,pp.469-472.
[14]R. Rivest,A. Shamir and L.Adleman,”A Method for Obtaining Digital Signatures and Public-Key Cryptosystems”,Commications of the ACM,Vol.21,No.2,pp120-126,Feb.1978.
[15]S.M. Yen and C.S. Laih, “Improved Digital Signature Algorithm”, IEEE Transaction on computers, Vol.44, No.5, pp.729-730, May, 1995.
[16]Don Janson & Alfred Menezes, ”The Elliptic Curve Digital Signature Algorithm”,August 23,1999.
[17]National Consumers LEAGUE and Dell inc., ”E-Consumer Confidence Study”,August 2000.
[18]William Stallings,”Cryptography and Network Security:Principles and Pratice”, second Edition ,Prentice Hall, 1999.
[19]Bruce Schneier,”Applied Cryptography:Protocols,Algorithms,and Source Code in C ” Second Edition, New York, NY: John Wiley & Sons, 1996.
[20]Warwick Ford and Michael S. Baum,”Secure Electronic Commerce”, second Edition ,Prentice Hall, 2001.
[21]D. Chaum, “Blind Signature for Untraceable Payments,” in Advances in Cryptology-CRYPTO’82,Plenum Press,1983,pp. 199-203.
[22]D Chaum, “Designted Confirmer Signatrures,” LNCS 950, Proc Eurocrypt 94, Springer Verlag 1995, pp 86-91.
[23]CCITT, Recommedation X.509, The Directory-Authentication Framework, Blue-Book-Melbourne(1988), Fascicle VIII.8: Data Communcation Networks: Directory, International Telecommuncations Union, Geneva,Switzerland ,pp 127-141,1989.
[24]S.Boeyen, T. Howes, and P. Richard, Internet X.509 Public Key Infrastructure Operational Protocols-LDAPv2,RFC 2559(Internet Activities Board, 1999)
[25]A. Freier, P. Karlton, and P. Kocher.”The SSL Protocol Version 3.0,Internet Draft”,March 1996.
[26]ISO/IEC, Information Technology, SC 27. second ISO/IEC CD 13888-1 Information Technology-Security Techniques-Non-repudiation-Part1:General Model.ISO/IEC JTC 1/SC 27 N 1105, May 1995.
[27]ISO/IEC, Information Technology, SC 27. second ISO/IEC CD 13888-2 Information Technology-Security Techniques-Non-repudiation-Part2: Using symmetric encipherment algorithms. ISO/IEC JTC 1/SC 27 N 1105, May 1995.
[28]ISO/IEC, Information Technology, SC 27. second ISO/IEC CD 13888-1 Information Technology-Security Techniques-Non-repudiation-Part1: Using asymmetric techniques. ISO/IEC JTC 1/SC 27 N 1105, May 1995.
網路部分:
[29] http://www.fraud.org/internet/lt00totstats.htm.
[30] http://www.squaretrade.com.
[31] http://www.forrester.com.
[32] http://digitalid.versign.com.
[33] http://www.hitrust.com.tw.
[34] http://www.ebay.com.
[35] http://auction.amazon.com.
[36] http://www.egghead.com/aa/auctions.htm.
[37] http://www.ubid.com.
[38] http://www.bid.com.tw.
[39] http://www.coolbid.com.tw.
[40] http://www.iaai-bid.com.
[41] http://www.yachtauctions.com.
[42] http://www.uscents.com.
[43] http://www.nitc.com.tw/security/security.htm.
[44] http://www.find.org.tw.
[45] http://www.emarketer.com.
[46] http://auctions.yahoo.com.
[47]http://www.rdec.gov.tw/ipcs/tcsec.htm.
[48] http://www.ftc.gov.
[49] http://www.I-escrow.com.
[50] http://www.tradesafe.com
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
系統版面圖檔 系統版面圖檔