跳到主要內容

臺灣博碩士論文加值系統

(54.224.133.198) 您好!臺灣時間:2022/01/27 04:20
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:黃宣銘
研究生(外文):Shiuan-Ming Huang
論文名稱:使用XML簽章之行動商務系統設計與實現
論文名稱(外文):The Design and Implementation of Mobile Commerce With XML Signature
指導教授:頼溪松
指導教授(外文):Chi-Sung Laih
學位類別:碩士
校院名稱:國立成功大學
系所名稱:電機工程學系碩博士班
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2002
畢業學年度:90
語文別:英文
論文頁數:88
中文關鍵詞:XML行動商務電子商務密碼簽章安全
外文關鍵詞:cryptosignaturemobile commercem-commercesecurityXML
相關次數:
  • 被引用被引用:4
  • 點閱點閱:577
  • 評分評分:
  • 下載下載:153
  • 收藏至我的研究室書目清單書目收藏:8
  以往人們利用桌上型電腦藉由有線網路來進行電子商務,但由於行動手持設備如手機,PDA等的盛行,透過這些可攜帶的行動設備,人們可以用無線上網的方式直接在網路上購物,不必再受到時間地點的限制,行動商務的時代也開始來臨。
  在電子商務和行動商務交接的時代,安全性是決定性的關鍵。除了要求更嚴謹的安全性,公平性和可靠性亦是不可或缺的一環。行動商務如同電子商務一般,交易雙方透過網路交易,無法如實體商店可達到「一手交錢,一手交貨」的交易模式。如何在交易過程中,確保交易雙方的公平性是行動商務的一大問題。
  至於可靠性的問題,一般的電子商務系統僅採用SSL來保證交易的安全性。SSL 雖然可保障消費者在網路上流傳的付費資料不被第三者所得知,但是消費者下單付費之後,仍要擔心所購買的商品是否能順利到手,甚至買到的商品與網頁上瀏覽的不同,一切只能相信商家的信譽。且在行動通訊的環境中,消費者可能處於移動中的狀態亦不具有固定的網路位址,如何讓消費者在付款前即可確認商品比在電子商務環境中又更難達成。
  目前雖然已有許多協定被電子商務所採用,但是在行動商務上,似乎沒有完整而成功的案例可依循。本論文的主要目標,即在於解決上述在無線網路及目前商業行為中所可能遇到的問題,並找出一個高安全性,高可靠性且適用於行動設備的交易模型。
  People use desktop PC to perform electrical commerce by wired network. Since mobile equipments such as cell phone and PDA prevails over the world, people can shop on their mobile devices directly by wireless networks anytime and anywhere.
  In the times that M-commerce supersedes E-commerce, security is undoubtedly the decisive factor. Except the tighter security, the fairness and the reliability are also the important factors. Mobile commerce has the same drawback with e-commerce, and that is the customer and the merchant trade through the Internet, therefore the customer cannot get products at the same time that the merchant gets the payment. Thus, how to ensure the fairness between the customer and the merchant is a big problem in the implementation of mobile commerce.
  As to the reliability, web stores merely use SSL to ensure the security of transaction in general. Although SSL can protect the payment and personal information form been eavesdropped by the attacker, customer still has to worry about whether he can get the products in order, or even the products he received are different from the ones he browses on the web page after he pays for this transaction. All he can do is to believe the reputation of the merchant. Moreover, the customer with mobile device may keep moving and may not have a fixed IP address, therefore, how to avoid goods mismatching with the description is another problem that should be overcome.
  Although there are many E-Commerce systems available in the market, there seems no complete and successful case to follow. In this thesis, we try to overcome the problems that we have mentioned above and find out a commerce protocol that has highly security, high reliability and suit for mobile device.
Chapter 1 Introduction 1
 1.1 From e-commerce to m-commerce 1
   1.1.1 Introduction of e-commerce 1
   1.1.2 Introduction of m-commerce 2
   1.1.3 Advantages of m-commerce 3
 1.2 Research motives 5
 1.3 The contribution of this thesis 5
 1.4 Overview 8

Chapter 2 Review Previous Payment Protocols 9
 2.1 Payment types 9
 2.2 Review previous payment protocols 11
   2.2.1 SET 11
   2.2.2 i-mode 15
 2.3 Characteristic analysis 18

Chapter 3 Security Modules on The Proposed System 19
 3.1 Introduction of current wireless communication environment 19
 3.2 Security modules in the proposed m-commerce system 20
 3.2 Implementation of Security modules on Pocket PC 30
   3.3.1 Introduction of the develop environment 30
   3.3.2 The difficulties of implementation 31

Chapter 4 The Proposed Protocol Using XML Signature 36
 4.1 Introduce of XML and XML signature 36
 4.2 The proposed protocol 44
   4.2.1 Definition and notations 44
   4.2.2 The framework 46
 4.3 The Requirement in wireless communication environment 50
 4.4 Protocol description 52
   4.4.1 Merchant register to TTP 52
   4.4.2 Get catalog 55
   4.4.3 Make order 55
   4.4.4 Payment 57
   4.4.5 Dispute 59
 4.5 Security analysis 60

Chapter 5 System Implementation and Operation Procedures 62
 5.1 System installations 62
 5.2 Register to TTP 63
 5.3 Get catalog 69
 5.4 Order 70
 5.5 The delivering and verifying of the goods 72
 5.6 Payment 78
 5.7 Dispute 83

Chapter 6 Conclusion and Future Work 85
Bibliography 87

Table 2.1 Comparisons of payment systems 18
Table 3.1 The initial values of the five recorders 21
Table 3.2 The constants used by SHA-1. 22
Table 3.3 The calendar of AES 25
Table 3.4 The relationships between key lengths and block size 26
Table 3.5 The example of key size 26
Table 3.6 The example of block size 26
Table 3.7 The offsets of ShiftRow transformation 27
Table 4.1 The nodes needed by the E-Check 58

Figure 2.1 SET structures. 12
Figure 2.2 Construction of dual signature 13
Figure 2.3 SET purchase protocol flow 14
Figure 2.4 i-mode network structures 16
Figure 2.5 The i-mode menu 17
Figure 2.6 Transmit account menu 18
Figure 3.1 The padding format of SHA-1 21
Figure 3.2 The main algorithm of SHA-1. 21
Figure 3.3 SHA-1 processing of a single 512-bit block (HSHA) 23
Figure 3.4 ByteSub acts on the individual bytes of the State. 27
Figure 3.5 ShiftRow operates on the rows of the State. 28
Figure 3.6 MixColumn operates on the columns of the State. 28
Figure 3.7 In the key addition the Round Key is bitwise EXORed to the State 29
Figure 3.8 Expanted round key 30
Figure 3.9 Choose msxml.dll 33
Figure 3.10 Error message of embedded visual basic 33
Figure 3.11 Setting the reference of Embedded Visual Basic 34
Figure 3.12 Error message of using XML in Pocket PC 35
Figure 4.1 Transaction steps when no party misbehaves 52
Figure 4.2 The structure of the catalog 53
Figure 4.3 The structure of the merchant node. 54
Figure 4.4 Parts of the catalog 54
Figure 4.5 Example of an invoice. 56
Figure 4.6 The detail contents in the invoice. 56
Figure 4.7 Example of an E-Check 57
Figure 5.1 Set up the goods database of merchant 62
Figure 5.2 Main form of the merchant 63
Figure 5.3 To generate a registration form. 64
Figure 5.4 The form to generate a new registration template 65
Figure 5.5 A cue to TTP 66
Figure 5.6 Registration message 66
Figure 5.7 The file name to be decrypted for registration. 67
Figure 5.8 The main form of TTP in registration phase 67
Figure 5.9 Generation of catalog 68
Figure 5-10(a) Catalog downloading functions 69
Figure 5-10(b) Downloading success message 70
Figure 5.11 Main form of the customer (the left one) 70
Figure 5.12 Main form of verification (the right one) 70
Figure 5.13 Steps to generate an order (the left one) 71
Figure 5.14 Preview and send the order (the right one) 71
Figure 5.15(a) The components on the form of merchant 72
Figure 5.15(b) The components of the order 72
Figure 5.16 The components of X.509 certification 73
Figure 5.17 The order database of the merchant 74
Figure 5.18 Upload the encrypted goods 74
Figure 5.19 Merchant creates an invoice 75
Figure 5.20 Sending a notice letter. 76
Figure 5.21(a) Downing the product
Figure 5.21(b) FTP settings 76
Figure 5.22 Verify the invoice 77
Figure 5.23 Generate an E-Check (1) (the left one) 78
Figure 5.24 Generate an E-Check (2) (the right one) 78
Figure 5.25 Verifying the payment 79
Figure 5.26(a) Verification message (a)
Figure 5.26(b) Verification message (b) 79
Figure 5.27 Verifications of the payment 80
Figure 5.28 The main form of the virtual bank 81
Figure 5.29 Bank verify the payment 81
Figure 5.30 Bank transmits accounts 82
Figure 5.31 Main form of customer to enter the dispute of finish transaction phase (the left one) 83
Figure 5.32 Main form of customer in finish transaction phase (the right one) 83
Figure 5.33 Main form of TTP in disputing phase 84
Figure 5.34 Finish the dispute process 84
[1] AES homepage. (http://csrc.nist.gov/encryption/aes/)

[2] M.M. Anderson, “The Electronic Check Architecture Version 1.0.2”, September 29, 1998.

[3] S.Y. Chen, “A Research and Implementation on Off-Line Fair Payment Prototype System”, 2000 June.

[4] J. Daemen and V. Rijmen, “AES Proposal: Rijndael version 2”, March 9th 1999.

[5] W. Diffie and M.E. Hellman, “New Directions in Cryptography”, IEEE Transactions on Information Theory, Vol.IT-22, No.6, pp.644-654, Nov.1976.

[6] D. Eastlake, J. Reagle and D. Solo, “XML-Signature Syntax and Processing”, W3C Recommendation 12 February 2002.

[7] Federal Information Processing Standards Publication 180-1, April 17, 1995.

[8] Financial Services Technology Consortium (FSTC). (http://www.fstc.org/)

[9] IEEE Communications Society: Wireless Communications. (http://www.comsoc.org/livepubs/pci/public/2002/apr/index.html)

[10]India Infoline, “M-Commerce: Introduction”. (http://www.indiainfoline.com/cyva/repo/mcom/ch01.html)

[11]NTT DoCoMo homepage (http://www.nttdocomo.com/home.html)

[12]Peter’s Web Page, “mobile commerce”. (http://www.peterindia.com/M-CommerceOverview.html)

[13]Jim Poe, “Getting started with XML in eVB”, DEVBUZZ.COM, Inc., NJ. USA. (http://www.devbuzz.com/content/zinc_evb_xml_pg1.asp)

[14]I. Ray and I. Ray. “An Anonymous Fair Exchange E-commerce Protocol”, IEEE Conference, Parallel and Distributed Processing Symposium, Proceedings 15th International, 2001. Page(s): 1790 -1797

[15]R. Revest, A. Shamir and L. Adleman, “A method for Obtaining Digital Signatures and Public-Key Cryptosystems,” Communications. Of the ACM, Vol.21, No.2, pp.120-126, Feb. 1978.

[16]W. Stallings, “Network Security Essentials: Applications and Standards”, Prentice Hall, April 15, 2000.

[17]United Nations Development Programmer (UNDP), “Electronic Commerce (e-commerce) and its Implications for Development”. (http://www.undp.org/info21/e-com/e1.html)

[18]VISA and MasterCard Inc., “Secure Electronic Transaction (SET) Specification: BOOK Ⅰ: Business Description”, Version 1.0, May 31,1997.

[19]VISA and MasterCard Inc., “Secure Electronic Transaction (SET) Specification: BOOK Ⅱ: Programmer’s Guide”, Version 1.0, May 31,1997.

[20] VISA and MasterCard Inc., “Secure Electronic Transaction (SET) Specification: BOOK Ⅲ: Formal Protocol Definition”, Version 1.0, May 31,1997.

[21]E. Weippl. “The Transition From E-Commerce To M-Commerce: Why Security Should Be the Enabling Technology”, Journal of Information Technology and Application.

[22]W3C Technical Reports and Publications. (http://www.w3.org/TR/)

[23] 人民日報社, “日本手機銀行漸成氣候”, 2001, 12, 31。(http://japan.people.com.cn/2001/12/31/riben20011231_15333.html)

[24] 東名 編著, “行動通訊發展”, 文魁資訊股份有限公司。

[25] 梁中平,徐子淵,謝鎮澤,“XML與電子商務標準”,經濟部財團法人資訊工業策進會,2000年11月。

[26] 楊先民,“實戰Pocket PC程式設計”,學貫行銷股份有限公司,2001年3月。

[27] 勞虎,“無廢話XML”,兩隻老虎工作室。(http://www.2tigers.net)

[28] 經濟部工業局八十九年度『無線行動通訊技術人才培訓班』。(http://photocomm.et.ntust.edu.tw/regulation/regulation.htm)

[29] 廣磁資訊, 通訊雜誌第85期2001. 2月號, “行動電子商務-消費者的惰性與慣性”。 (http://www.grandsoft.com/cm/085/afo859.htm)

[30] 頼溪松,葉育斌,“資訊安全入門”,全華科技圖書股份有限公司,2001年6月。

[31] 頼溪松,韓亮,張真誠,“近代密碼學及其應用”,松崗電腦圖書資料股份有限公司,1995。
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
1. 江明修、梅高文(1999)。非營利組織與公共政策。社區發展季刊,85,6-12。
2. 王順民(1999)。非營利組織及其相關議題的討論-兼論台灣地區非營利組織構造的意義。社區發展季刊,58,36-61。
3. 何淑華(1993)。佛教慈濟綜合醫院組織文化析解。東吳社會學報。
4. 李弘暉(1997)。團隊領導第一章:認識團隊的本質。能力雜誌,497,42-45。
5. 周信宏(1999)。知識管理從頭開始,用心做起。管理雜誌,312,91-95。
6. 孫本初(1996)。學習型組織的內涵與運用。空大行政學報,3,4-5。
7. 徐恩普(2000)。新經濟時代,細說知識管理。管理雜誌,318,92-93。
8. 張菀珍(1998)。民間非營利組織辦理人教育活動現況與省思。成人教育,46,24-32。
9. 張良鏗(1998)。民間組織推展終身學習之營運問題與對策。成人教育,46,19-23。
10. 郭祥益(1998)。民間團體終身學習的推展。成人教育,46,33-39。
11. 彭若青(2000)。思科對每個員工的承諾:每個人都是知識工作者。管理雜誌,315,94-97。
12. 陸宛蘋(1999)。非營利組織之定義與角色。社區發展季刊,85,30-34。
13. 黃月麗(1998)。文教基金會在在終身學習社會中的角色與任務。成人教育,46,15-21。
14. 楊國德(2001)。知識社會與組織學習。中華民國成人教育學會主編,知識社會與成人教育。台北:師苑。
15. 闕廷諭(2000)。知識管理----新世紀醫院管理的利器。醫院,33,11-16。