(3.238.7.202) 您好!臺灣時間:2021/02/25 10:47
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:唐啟智
研究生(外文):Chi-Chih Tang
論文名稱:高效率之安全輕型電子錢包設計與實作
論文名稱(外文):Design and Implementation of a Lightweight Electronic Purse System with Enhanced Efficiency and Security
指導教授:雷欽隆雷欽隆引用關係
指導教授(外文):Chin-Laung Lei
學位類別:碩士
校院名稱:國立臺灣大學
系所名稱:電機工程學研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2002
畢業學年度:90
語文別:英文
論文頁數:65
中文關鍵詞:Electronic PurseElectronic CommerceSmart CardJava Card
外文關鍵詞:電子錢包電子商務智慧卡爪哇卡
相關次數:
  • 被引用被引用:0
  • 點閱點閱:218
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:2
隨著電子商務的盛行,以智慧卡作為電子錢包已成為趨勢。 由於智慧卡的輕便,簡單,易於攜帶,以及擁有計算能力, 許多電子錢包系統業已廣泛地採用。 電子錢包極可能改變消費者不論在日常用品採購或是小金額的交易,即一般所謂小額付款的行為。
此外, 相較於傳統的付款方式諸如信用卡或是支票,智慧卡提供更佳的安全防護。由此可知, 對於目前需要以電子付款之交易, 智慧卡是最合適的載具。
本論文針對電子錢包系統提出一種改良式的相互認證及金鑰交換協定。 以往的電子錢包基於安全理由而採用公開金鑰加密演算法如RSA, 卻也飽受大量的模乘運算之苦。 對電子錢包而言,系統安全及成本考量,這兩項因素缺一不可。 使得設計上的取捨變成一項重要的議題。 市面上有些配有輔助處理器之智慧卡,
雖然有高效能,高安全等特性。 但價格也相對高昂,無法做為電子錢包之用。
本論文因此為解決上述問題,基於提出的協定,設計了一個電子錢包系統, 減少模乘運算, 提高系統的效率, 同時也不至於外洩資訊, 並進而改善系統的安全性及私密性。
此系統建構在類似於銷售點的環境上,以Java語言為開發工具,模組化的特性,使系統極易擴充,足以因應未來之需求。

The growing popularity of electronic commerce is driving a trend towards using smart cards as electronic purses. Because of their lightweight, simplicity,portability, and computing capability, smart cards have been widely adopted for numerous
electronic purse systems. Electronic purses may significantly change consumer behavior in making daily commodity purchases or small size transactions, termed micropayments.
Moreover, smart cards are more secure than traditional payment methods such as credit cards or checks. Consequently, smart cards are the suitable medium for carrying digital money for secure transactions.
This thesis presents an improved mutual authentication and key exchange protocol for electronic purse systems. The major problem with previous electronic purse systems using public key algorithms, such as RSA, was that they suffered from heavy modular multiplications. The security and cost of electronic purse systems are both important factors that should be considered simultaneously. Therefore, the trade-off between system security and cost is the main issue for system designers. A smart card equipped with a co-processor generally has excellent performance and high security, but the high cost makes the use of such card for a purse system impractical.
The electronic purse system presented herein, SlimCash, attempts to resolve problems such as those above. The adoption of a modified Guillou-Quisquater scheme reduces the modular multiplications to a reasonable number, and also improves
system efficiency. Furthermore, the security and privacy of the electronic purse system is significantly enhanced since no secret information is revealed during the transaction.
SlimCash was implemented on a Point-of-Sale(POS) like environment, while the card applications are written using Java language. The use of Java technology allows the novel system to easily be ported into other platforms. The modular design of the system means that SlimCash could be extended for additional applications in the future.

Contents
Abstract iv
1 Introduction 1
2 Smart Card Basics 6
2.1 Smart Card Architecture .............................. 7
2.2 Smart Card Standard and Specification ............... 11
2.2.1 ISO 7816 .......................................... 11
2.2.2 EMV ............................................... 13
2.2.3 EN 1546 ........................................... 15
2.2.4 PC/SC ............................................. 17
2.2.5 OpenCard Framework ................................ 18
2.2.6 CEPS .............................................. 19
3 The State of the Art Purse Systems 20
3.1 CHIPPER ............................................. 20
3.2 GELDKARTE ........................................... 21
3.3 MONDEX .............................................. 22
3.4 PROTON .............................................. 24
3.5 Design Issues ....................................... 25
4 The Proposed Scheme 27
4.1 Generic Scheme ...................................... 28
4.1.1 Transaction Model ................................. 28
4.1.2 Assumptions ....................................... 28
4.1.3 Definition ........................................ 29
4.1.4 Key Description ................................... 30
4.1.5 Key Diversification ............................... 31
4.1.6 The Set of Slave Keys ............................. 32
4.1.7 Security Aspects .................................. 33
4.1.8 Purchase Processing ............................... 33
4.2 Enhanced Scheme ..................................... 39
4.2.1 Identification .................................... 39
4.2.2 Challenge-Response Identification ................. 39
4.2.3 Zero-Knowledge Identification Protocols ........... 40
4.2.4 General Structure of Zero-Knowledge Protocols ..... 41
4.2.5 The G-Q Identification Protocol ................... 42
4.2.6 The Modified G-Q Scheme for Key Exchange .......... 43
4.2.7 The Security of the Modified G-Q Scheme ........... 46
5 System Implementation 47
5.1 Cyberflex Access Card and Development Environment ... 48
5.2 Applet Architecture ................................. 48
5.2.1 PurseMain Class ................................... 50
5.2.2 PurseProc Class ................................... 52
5.2.3 Generate Application Cryptogram Command Processing 53
5.3 Terminal Application ................................ 55
6 Conclusions 60

[1] ARTTIC. White paper — the euro in the electronic purse. the European Commission’s Framework Programme IV Esprit Project—SmartEuro, Apr. 2000.
[2] B. Bakker. Mutual authentication with smart cards. In USENIXWorkshop on Smartcard Technology, 1999.
[3] CEPSco. Common Electronic Purse Specifications, Technical Specification, version 2.3. CEPSCo, LLC, 2001.
[4] Z. Chen. Java Card Technology for Smart Cards. Sun Microsystem, Inc., 2000.
[5] Y. G. Desmedt and K. Kurosawa. Practical and proven zero-knowledge constant round variants of gq and schnorr. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 82, 1999.
[6] J. F. Dhem, D. Veithen, and J. J. Quisquater. Scalps: Smart card for limited payment systems. IEEE Micro, pages 42—51, June 1996.
[7] H. Dreifus and J. T. Monk. Smart Card, A Guide to Building and Managing Smart Card Application. John Wiley & Sons, Inc., 1998.
[8] T. Ebringer and P. Thorne. Engineering an ecash system. In Information Security, Second International Workshop, pages 32 — 36, 1999.
[9] EMVco. EMV2000 Integrated Circuit Card Specification for Payment Systems Book 1 — Application Independent ICC to Terminal Interface Requirements Version 4.0. EMVCo, LLC, 2000.
[10] EMVco. EMV2000 Integrated Circuit Card Specification for Payment Systems Book 2 — Security and Key Management Version 4.0. EMVCo, LLC, 2000.
[11] EMVco. EMV2000 Integrated Circuit Card Specification for Payment Systems Book 3 — Application Specification Version 4.0. EMVCo, LLC, 2000.
[12] EMVco. EMV2000 Integrated Circuit Card Specification for Payment Systems Book 4 — Cardholder, Attendant, and Acquirer Interface Requirements Version 4.0. EMVCo, LLC, 2000.
[13] S. Garrett and P. Skevington. Introduction to electronic commerce. BT Technol, 17(3):11—16, July 1999.
[14] H. Godschalk and M. Krueger. Why e-money still fails. In Third Berlin Internet Economics Workshop, 2000.
[15] E. M. Hamann, T. S. H. Henn, and F. Seliger. Securing e-business applications using smart cards. IBM Systems Journal, 40(3):635—647, 2001. [16] V. Hassler, M. Manninger, M. Gordeev, and C. Muller. Java Card for E-Payment Application. Artech House, Inc., 2001.
[17] P. J. M. Havinga, G. J. M. Smit, and A. Helme. Survey of electronic payment methods and systems. In Euromedia, pages 180 — 187, 1996.
[18] J. H. Hoepman. Secret key authentication with software-only verification. In Financial Cryptography, pages 313 — 326, 2000.
[19] M. S. Hwang and L. H. Li. A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 45(1):28—30, Feb. 2000.
[20] IBM. OpenCard Framework General Information Web Document. Second edition, 1998.
[21] IBM. Opencard enabled application environment programmers guide. 1999.
[22] IBM. OpenCard Framework Programmer’s Guide. Fourth edition, 1999.
[23] ISO/IEC. 7816-4, Identification cards - Integrated circuit(s) cards with contacts - Part 4: Inter-industry commands for interchange. 1995.
[24] ISO/IEC. 7816-5, Identification cards - Integrated circuit(s) cards with contacts - Part 5: Numbering system and registration procedure for application identifiers. 1995.
[25] ISO/IEC. 7816-3, Identification cards - Integrated circuit(s) cards with contacts- Part 3: Electronic signals and transmission protocols. 1997.
[26] C. Lai, L. Gong, L. Koved, A. Nadalin, and R. Schemers. User authentication and authorization in the Java platform. In 15th Annual Computer Security Applications Conference, pages 285—290. IEEE Computer Society Press, 1999.
[27] A. Menezes, P. van Oorschot, and S. Vanstone. Handbook of Applied Cryptography.CRC Press, fifth edition, 2001.
[28] D. Nyang and J. Song. Symmetric identity-proving protocol for smart card. Electronics Letters, 35(23):2022—2024, Nov. 1999.
[29] D. Nyang and J. Song. Knowledge-proof based versatile smart card verification protocol. ACM Computer Communication Review, 30(3), July 2000.
[30] D. O’Mahony, M. Peirce, and H. Tewari. Electronic Pyament System. Artech House, Inc., 1997.
[31] D. O’Mahony, M. Peirce, and H. Tewari. Electronic Pyament System for ECommerce. Artech House, Inc., second edition, 2001.
[32] PCSC. Interoperability Specification for ICCs and Personal Computer Systems Part 1. Introduction and Architecture Overview. 1997.
[33] P. Putland, C. Ward, A. Jackson, and C. Trollope. Electronic payment systems. BT Technol, 17(3):67—71, July 1999.
[34] W. Rankl and W. Effing. Smart Card Handbook. John Wiley & Sons, Inc., New York, second edition, 2001.
[35] Schlumbeger. CyberFlex Access Software Development Kit Release 4.2. Schlumbeger Inc., 2000.
[36] C. Schnorr. Efficient identification and signatures for smart card. In Advances in Cryptology: CRYPTO89, pages 239—251, 1989.
[37] B. Schoenmakers. Basic security of the ecash payment system. In State of the Art in Applied Cryptography, Course on Computer Security and Industrial Cryptography, 1997.
[38] B. Schoenmakers. Payment by e-purse over the internet. In Second Sub-group meeting of the PSTDG and PSULG, 2000.
[39] M. H. Sherif. Protocols for Secure Electronic Commerce. CRC Press LLC, 2000.
[40] J. F. Sloan. A survey of electronic cash, electronic banking and internet gaming. Financial Crimes Enforcement Network, U.S. Dept. of the Treasury, 2000. Available
at http://www.ustreas.gov/fincen/e-cash.pdf.
[41] F. Stalder. Failures and successes: Notes on the development of electronic cash. The Information Society, 18(3), June 2002.
[42] G. Stuber. The electronic purse, an overview of recent developments and policy issues. Bank of Canada, Technical Report No. 74, 1996.
[43] H. M. Sun. An efficient remote use authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(4):958—961, Nov. 2000.
[44] E. Turban and D. McElroy. Using smart cards in electronic commerce. In the 31st Hawaii International Conference on System Sciences, pages 180 — 187, 1998.
[45] J. Wenninger and D. Laster. The electronic purse. In Current Issues in Economics and Finance, Federal Reserve Bank of New York, 1995.
[46] C. Wilson. Get Smart, The Emergence of Smart Cards in the United States and Their Pivotal Role in Internet Commerce. Mullaney Publishing Group, 2001.

QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關論文
 
系統版面圖檔 系統版面圖檔