跳到主要內容

臺灣博碩士論文加值系統

(18.97.14.84) 您好!臺灣時間:2024/12/09 19:06
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:吳志濠
研究生(外文):Chih-Hao Wu
論文名稱:行動交易服務協定之研究與設計
論文名稱(外文):A Study of the Transaction Service Protocols in Mobile Environment
指導教授:薛夙珍薛夙珍引用關係
指導教授(外文):Sue-Chen Hsueh
學位類別:碩士
校院名稱:朝陽科技大學
系所名稱:資訊管理系碩士班
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2006
畢業學年度:94
語文別:中文
論文頁數:108
中文關鍵詞:雙向身份識別匿名性行動商務小額付款資訊安全
外文關鍵詞:anonymousinformation securitymobile commercemicro-paymentmutual authentication
相關次數:
  • 被引用被引用:10
  • 點閱點閱:622
  • 評分評分:
  • 下載下載:112
  • 收藏至我的研究室書目清單書目收藏:5
摘 要
近年來,隨著行動網路與無線通訊技術的快速發展,全球行動上網用戶數與行動手持裝置使用率的逐年成長,以及連線費用也大幅降低下,愈來愈多的網路內容供應商將設計完善的應用服務移植至行動網路環境內,如圖鈴下載、線上遊戲、採購或即時資訊查詢等,提供給行動用戶在不受時間與空間的限制下即可持續地進行擷取。因此,行動交易服務即將在行動商務環境內成為最受矚目的應用之一。
當行動用戶將輕薄短小的手持裝置連結至行動網路時,還是會對其「安全」存在著信心不足的疑慮,如身份識別、傳輸機密性、資料完整性與交易之不可否認性等。再者,由於行動手持裝置受限於記憶體容量、電池續航力與微處理器運算能力等硬體設備不足的情況下,對於行動用戶在進行各種的交易行為時,則需避免繁雜的操作流程與大量的顯示資訊,以免造成用戶的負擔。設計時盡量將安全、便利、簡潔與低運算成本等作為參考原則,即可大幅提升行動交易的使用意願。
本論文將在考量行動手持裝置之限制條件下,發展出以小額付款代幣為核心主軸,並且提供雙向身份識別作為輔助的延伸應用。論文中設計出於電子商務環境內僅需以單一付款代幣串列作為憑據,也就是將代幣串列值與代幣驗證值之雙重串列做結合,再次重新鑄造出「付款代幣憑證值」,即可讓消費者於多商家間同時進行交易付款的多商家之小額分割串列協定。再者,針對行動網路交易環境內,透過公正第三方的建立-本區電信業者,核發給行動用戶與漫遊電信業者一把經由雜湊函數與互斥或運算所產生的通訊金鑰,接著在結合挑戰與回應和訊息驗證碼,即可讓行動用戶漫遊於任一網域時快速達成簡易的雙向身份識別,以及牽涉於資金移轉時,確保其個人真實身份不會被揭露的具匿名性之行動小額付費交易協定。
最後,期望藉由行動交易服務所提出的協定設計,進而提升大眾對行動付款的接受度,促使行動商務創造出更高的應用價值。
Abstract

The rapid development of the Internet, wireless, and mobile communication techniques are more mature in recent years so that the number of mobile users grows year by year. Moreover, the penetration rate of mobile devices rises significantly with the lowered connecting cost. More individuals and organizations start to move applications into the mobile environment. Typical applications are pictures downloading, bells ringing, on-line games, and real-time information inquiries. Users of mobile devices can receive information without being limited by time or space. Therefore, mobile transaction services will become one of the most attractive business models in mobile commerce.
When mobile users connect to a mobile network with handheld devices, the security connecting authentication, confidentiality, integrity, and non-repudiation is an essential consideration. Furthermore, the mobile devices are inherently limited in the small capacity, short battery endurance and restricted micro-processor operation ability. The transaction protocols for mobile commerce should be designed with safety, convenience, easy and lower computation cost. In this thesis, we extend the applications of micro-payments and propose a new micro-payment protocol, based on one way hash chain (token). The token, prepaid with postpaid protocol, is operated in a fair and off-line fashion and may support divisibility of digital tokens. Moreover, a consumer can use the new hash chain to transact with different merchants in electronic commerce. Besides, we present an anonymous micro-payment protocol in a mobile environment; such a protocol can be performed not only in the home domain but also in the visitor domain. We employ a trusted third party, the Home Location Register, to issue a session key between the mobile users and Visitor Location Register (VLR). The key is generated by using a hash function and exclusive-OR operations. The challenge-response and message authentication code together establish a simple mutual authentication. Furthermore, the anonymity of mobile users is also assured for funds transfer in many applications.
Finally, we have proposed a series of protocols in this thesis to provide mobile users with more secured payment in mobile commerce.
目 錄

摘要 I
Abstract III
謝辭 V
目錄 VI
表目錄 X
圖目錄 XII
第一章、緒論 1
1.1. 研究背景 1
1.2. 研究動機 3
1.3. 研究目的 6
1.4. 研究範圍 7
1.5. 研究步驟 8
1.6. 論文架構 10
第二章、文獻探討 12
2.1. 行動商務 12
2.1.1. 行動商務之定義與概念 13
2.1.2. 行動商務之架構與價值鏈 14
2.1.3. 行動商務之特性、限制與挑戰 18
2.1.4. 行動商務之商用通訊標準 21
2.1.4.1. 第二代GSM系統 22
2.1.4.2. 第三代UMTS系統 28
2.2. 行動身份識別 32
2.2.1. 安全需求 32
2.2.2. 識別規範目標 33
2.3. 密碼學理論與技術 35
2.3.1. 單向雜湊函數與單向雜湊函數鏈 35
2.3.2. 對稱式與非對稱式金鑰加密法 37
2.3.3. Diffie-Hellman金鑰交換原理 39
2.3.4. 挑戰與回應 40
2.3.5. 訊息驗證碼 40
2.3.6. 互斥或運算 41
2.4. 電子商務具代表性之電子小額付款機制 42
2.4.1. 付款機制之分類 43
2.4.2. 基本模式與評估準則 43
2.4.3. 電子小額付款機制 47
2.4.3.1. 麻省理工學院的PayWord 47
2.4.3.2. 麻省理工學院的MicroMint 50
2.4.3.3. IBM公司的Micro-iKP(u-iKP) 51
2.4.3.4. 小額付款機制之分析與比較 52
2.5. 國內外具著名性之行動付款機制 53
2.5.1. 評估準則 54
2.5.2. 行動付款機制 55
2.5.2.1. 德國的Paybox 56
2.5.2.2. 芬蘭的Sonera Shopper 57
2.5.2.3. 美國的PayPal 58
2.5.2.4. 日本的i-Mode 60
2.5.2.5. 台灣的ezPay 61
2.5.2.6. 行動付款機制之分析與比較 62
2.5.3. 行動身份識別結合小額付款協定 65
第三章、多商家之小額分割串列協定 70
3.1. 協定之設計概念 70
3.2. 運作流程 74
3.3. 分析與討論 78
3.4. 小結 81
第四章、具匿名性之行動小額付費交易協定 82
4.1. 協定之設計概念 83
4.2. 運作流程 86
4.3. 分析與討論 93
4.4. 小結 97
第五章、結論 98
 5.1. 研究貢獻 98
5.2. 建議 99
參考文獻 101
簡歷 108

表 目 錄

表2.1. 行動商務之定義整理 13
表2.2. GSM系統之安全性分析 27
表2.3. UMTS系統與GSM系統差異點分析 32
表2.4. 識別規範目標之身份識別 34
表2.5. 識別規範目標之付款初始化 35
表2.6. 對稱式與非對稱式金鑰加密法之優缺點分析 39
表2.7. 互斥或運算真值表 42
表2.8. 單元性之彙總 46
表2.9. 小額付款機制之背景分析 52
表2.10. 小額付款機制之特徵與特色比較 53
表2.11. 行動付款之型態盒模式 55
表2.12. Paybox與Sonera行動付款機制之分析與比較 63
表2.13. PayPal、i-Mode與ezPay行動付款機制之分析與比較 64
表2.14. ASPeCT與HP協定之用戶端運算複雜度比較 69
表3.1. 多商家之小額分割串列交易協定符號表 75
表3.2. 本協定處理效率分析表 80
表4.1. 具匿名性之行動小額付費交易協定符號表 87
表4.2. 行動手持裝置SIM卡儲存容量(以5MB為例) 95
表4.3. 本協定處理效率分析表 97

圖 目 錄

圖1.1. 全球行動用戶成長率 1
圖1.2. 行動商務之有價應用與服務 2
圖1.3. 研究範圍 8
圖1.4. 研究步驟 10
圖2.1. 行動商務之市場區隔示意圖 14
圖2.2. 行動商務所涵蓋之基礎架構示意圖 15
圖2.3. 行動商務之價值鏈模式 16
圖2.4. 行動商務之價值鏈與所對應的角色扮演者 17
圖2.5. 行動商務所具備之特性 19
圖2.6. 行動商務通訊標準之發展歷程 21
圖2.7. GSM系統網路之架構圖 23
圖2.8. GSM系統行動用戶漫遊之示意圖 24
圖2.9. GSM系統之Triplet產生示意圖 25
圖2.10. GSM系統之更新程序圖 27
圖2.11. UMTS系統網路之架構圖 28
圖2.12. UMTS系統之Quintet產生示意圖 29
圖2.13. UMTS系統之更新程序圖 31
圖2.14. 單向雜湊函數鏈之示意圖 37
圖2.15. 對稱式金鑰加密法之示意圖 37
圖2.16. 非對稱式金鑰加密法之示意圖 38
圖2.17. 訊息驗證碼提供基本確認性之示意圖 41
圖2.18. 離線型的電子付款機制之示意圖 44
圖2.19. 衡量電子付款機制的四種特徵面 45
圖2.20. PayWord機制之整體交易流程圖 49
圖2.21. Paybox行動付款架構之示意圖 56
圖2.22. Sonera Shopper行動付款架構之示意圖 58
圖2.23. PayPal行動付款架構之示意圖 59
圖2.24. i-Mode行動付款架構之示意圖 60
圖2.25. ezPay行動付款架構之示意圖 62
圖2.26. 主要的付款基礎模式之示意圖 65
圖2.27. ASPeCT協定之雙向識別程序流程圖 67
圖2.28. HP協定之身份識別與付款初始化階段之流程圖 68
圖3.1. 小額付款交易之基本模型 71
圖3.2. 多商家之小額分割串列交易協定流程之示意圖 72
圖3.3. 付款代幣憑證值鑄造過程 73
圖3.4. 付款串列使用情況之示意圖 80
圖4.1. 具匿名性之行動小額付款協定流程之示意圖 84
圖4.2. 付款代幣憑證值鑄造過程 84
圖4.3. 雙向身份識別協定過程 86
參考文獻
[1] 資策會-Focus on Interment News & Data,莊順斌 (2004),寄望小額付款行動商務市場將可大幅成長
http://www.find.org.tw/0105/news/0105_news_disp.asp?news_id=3413
[2] 中華業餘無線研究會,梁偉雄 (2004),淺談SIM卡
http://www.vr2rc.org/cm.html
[3] 經濟部-我國PKI互通管理及推動計畫,工業技術研究院 (2003),台灣電信產業應用PKI之調查報告
http://61.62.31.208/2004/main7a.htm
[4] 經濟部-網路商業應用資源中心,吳曉菁 (2003),B2C付款之交易履約保障機制藍新科技ezPay個人帳房
http://www.ec.org.tw/
[5] 楊舜仁 PKM 資訊網,楊舜仁 (2003),行動商務的發展趨勢與個人應用(上)
http:// www.asia-learning.com/sooner/article/259089753
[6] CNT台灣國際電子商務中心,EC研究報告 (2002),解析PayPal的成功模式
http://www.nii.org.tw/cnt/info/Report/20020102.htm
[7] CNT台灣國際電子商務中心,EC研究報告 (2002),2002年芬蘭行動通訊研討會暨商展 出國報告書
http:// www.nii.org.tw/cnt/info/Report/20020602_3.4.htm
[8] 台灣科技資訊網, Larry Loh (2001), 行動商務時代來臨
http://taiwan.cnet.com/enterprise/technology/0,20062852,20014683,00.htm
[9] 工研院資經中心,葉恆芬 (2001),i-Mode有助DoCoMo ARPU抗跌
http://www.itri.org.tw/chi/index.jsp
[10] ezPay個人帳房-交易履約保障
https://www.ezpay.com.tw/ezPay_C2C/welcome/escrow/about.jsp
[11] In-Stat-Reasearch Information, David Chamberlain, Mobile Advertising, Brands and Affinity Marketing
http://www.in-stat.com/Abstract.asp?ID=231&SKU=IN0502096MCM
[12] GSM World-GSM Technology, GSM-The Wireless Evolution, Today’s GSM Platform.
http://www.gsmworld.com/technology/gsm.shtml
[13] Pyramid Research, Global Mobile Subscribers to top out over 2.6bn by YE2006
http://www.pyramidresearch.com/mbl_may17_mobsub.htm?SC=PD05b
[14] EPSO Final Conference Presentations, Creating a Mobile Payment Standard based on a Co-Operation between Financial Institutions and Telcos, A. Sanz, pp. 1-20.
http://epso.jrc.es/conference/presentations.html/sanz.ppt
[15] EPSO Final Conference Presentations, M-Payments-Taking a Vision to Cross Border Reality, P. Seipp, CMO, Paybox.net AG., pp. 1-16. http://epso.jrc.es/conference/presentations.html/seipp.ppt
[16] ETSI-Telecom Standards, http://www.etsi.org
[17] PayPal, http://www.paypal.com
[18] 賴溪松、韓亮、張真誠 (2003),近代密碼學及其應用,旗標出版股份有限公司。
[19] 陳星百 (2003),「行動票券交易之研究」,碩士論文,朝陽科技大學資訊管理系研究所,台中。
[20] 薛夙珍、吳志濠 (2005),「多商家之小額分割串列交易協定」,第十六屆國際資訊管理學術研討會,台北,台灣。
[21] N. Asokan, P. A. Janson, M. Steiner, and M. Waidner (1997), “The State of the Art in Electronic Payment Systems,” IEEE Computer, pp. 28-35.
[22] C. C. Chang, J. S. Lee and Y. F. Chang (2005), “Efficient Authentication Protocol of GSM,” Computer Communications, Vol. 28, Isu. 8, pp. 921-928.
[23] Y. J. Chen, C. C. Chang and W. P. Yang (1995), “Parallel Computation of the Modular Cascade Exponentiation,” Journal of Parallel Algorithms and Applications, Vol. 7, pp. 29-42.
[24] L. Camp, M. Sirbu and J. D. Tygar (1995), “Token and Notational Money in Electronic Commerce,” Proceedings of the 1th Usenix Workshop on Electronic Commerce, pp. 1-12.
[25] D. Chaum, A. Fiat and M. Naor (1990), “Untraceable Electronic Cash,” Proceedings on Advances in Cryptology, Lecture Notes in Computer Science, Santa Barbara, California, USA, Vol. 403, pp. 319-327.
[26] W. Diffie and M. E. Hellman (1976), ”New Directions in Cryptography,” IEEE Transactions on Information Theory, Vol. IT-22, No. 6, pp. 644-654.
[27] N. E. Fishway, M. Nofal and A. Trdros (2002), “An Effective Approach for Authentication of Mobile Users,” Proceedings of the 55th Vehicular Technology Conference, Vol. 2, pp. 598-601.
[28] L. Ferreirra and R. Dabad (1998), “A Scheme for Analyzing Electronic Payment Systems,” Proceedings of the 14th Annual Computer Security Applications Conference, pp. 137-146.
[29] L. Harn and W. J. Hsin (2003), “On the Security of Wireless Network Access with Enhancements,” Proceedings of the ACM Workshop on Wireless Security, San Diego, California, USA, pp. 89-95.
[30] G. Horn and K. M. Martin and C. J. Mitchell (2002), “Authentication Protcols for Moile Network Environment Value-Added Services,” IEEE Transactions on Vehicular Technology, Vol. 51, Isu. 2, pp. 383-392.
[31] G. Horn and B. Prneel (2000), “Authentication and Payment in Future Mobile Systems,” Journal of Computert Security, Vol. 8, Isu. 2/3, pp. 183-207.
[32] M. S. Hwang, Y. L. Tang and C. C. Lee (2000), “An Efficient Authentication Protocol for GSM Networks,” Proceedings of AFCEA/IEEE EuroComm, Munich, Germany, pp. 326-329.
[33] R. Hauser, M. Steiner and M. Waidner (1996), Micro-Payments based on iKP, IBM Research Report 2791 (# 89269).
[34] N. Kyeyer, K. Pousttchi and K. Turowski (2002), “Characteristics of Mobile Payment Procedures,” Proceedings of the 3th International Symposium on Methodologies for Intelligent Systems, Lyon, France, pp. 10-22.
[35] S. Kim and W. Lee (2003), “A PayWord-based Micropayment Protocol Supporting Multiple Pyaments,” Proceedings of the 12th International Conference on Computer Communications and Networks, pp. 609-612.
[36] E. Kountz (2002), Mobile Commence:Financial Institutions and Mobile Carriers Define Their Roles in the New M-World, TowerGroup.
[37] S. Kim and H. Oh (2001), “An Atomic Micropayment System for a Mobile Computing Enivronment,” IEICE Transactions on Information and Systems, Vol. E82-D, No. 6, pp. 709-716.
[38] C. C. Lee, M. S. Hwang and W. P. Yang (2003), “Extension of Authentication Protocol for GSM,” Proceedings of the IEEE Communications, Vol. 150, No. 2, pp. 91-95.
[39] E. P. Lim, K. Siau (2003), Advances in Mobile Commerce Technologies, Hershey, USA, PA: Idea Group Publishing, ISBN: 159140052X.
[40] M. Lee and K. Kim (2002), “A Micro-Payment System for Multiple-Shopping,” Proceedings of the Symposium on Cryptography and Information Security, Shirahama, Japan, Vol. 1/2, pp. 229-234.
[41] R. Marc, R. Sandro and M. Laurent (2001), From SET to PSET-The Pseudonymous Secure Electronic Transaction Protocol, Technical Report Tik-Nr. 117.
[42] J. K. Mackie-Masnon and K. White (1996), “Evaluating and Selecting Digital Payment Mechanisms,” Proceedings of the Telecommunications Policy Research Conference, Solomon''s Island, Maryland, USA.
[43] A. J. Menezes, P. C. Van Oorschot and S. A. Vanstone (1997), Handbook of Applied Cryptography, Boca Raton, FL: CRC Press.
[44] D. O’ Mohony, M. Peirce and H. Tewari (1997), Electronic Payment Systems, Artech House.
[45] B. C. Neuman (1995), “Security, Payment, and Privacy for Network Commerce,” IEEE Journal on Selected Areas in Communications, Vol. 13, No. 8, pp. 1523-1531.
[46] K. Q. Nguyen, Y. Mu and V. Varadharajan (1997), “Micro-Digital Money for Electronic Commerce,” Proceedings of the 13th Annual Computer Security Applications Conference, pp.2-8.
[47] A. Peinado (2004), “Privacy and Authentication Protocol Providing Anonymous Channels in GSM,” Computer Communications, Vol. 27, Isu. 17, pp. 1709-1715.
[48] K. Pousttchi (2003), “Conditions for Acceptance and Usage of Mobile Payment Procedures,” Proceedings of the 2th International Conference on Mobile Business, Vienna, pp. 201-210.
[49] R. L. Rivest and A. Shamir (1996), PayWord and MicroMint: Two Simple Micropayment Schemes, MIT Laboratory for Computer Science.
[50] H. Schauer and R. Riedl (2001), M-Commerce, Institute Fur Informatik, Universitat Zurich.
[51] G. S. Schwiderski and K. Heiko (2002), “Secure Mobile Commerce,” Electronic & Communication Engineering Journal, Vol. 14, No. 5, pp. 228-238.
[52] B. Skiba, M. Johnson, M. Dillon and C. Harrison (2000), Moving in Mobile Media Mode, Lehman Brothers, Editor.
[53] W. Stallings (1999), Cryptography and Network Security: Principles and Practice, Prentice Hall International, INC., Second Edition, USA.
[54] J. D. Tygar (1996), “Atomicity in Electronic Commerce,” Proceedings of the 15th ACM Symposium on Priciple of Distributed Computing, Philadelphia, pp. 8-26.
[55] R. Vaidynathan (2002), “Wireless and Mobility Enterprise Application Deployments,” eAI Journal, pp. 26-28.
[56] U. Varshney and R. Vetter (2002), “Mobile Commerce:Framework, Applications and Networking Support,” ACM/Kluwer Journal on Mobile Networks and Applications, Vol. 7, No. 3, pp. 185-198.
[57] F. M. Veerse (1999), Mobile Commerce Report, Durlacher Research Ltd., London, pp. 1-79.
[58] M. S. Wang, I C. Lin and L. H. Li (2001), “A Simple Micro-Payment Scheme,” Journal of Systems and Software, Vol. 55, No. 3, pp. 221-229.
[59] C. Xenakis and L. Merakos (2004), “Secure in Third Generation Mobile Networks,” Computer Commenication, Vol. 27, Isu. 7, pp. 638-650.
[60] S. M. Yen (2004), “PayFair:a Prepaid Internet Micropayment Scheme Ensuring Customer Fairness,” Proceedings of the IEEE Computers and Digital Technologys, Vol. 148, Isu. 6, pp. 207-213.
[61] Z. K. Yang, W. M. Lang and Y. M. Tang (2004), “A New Fair Micropayment System based on Hash Chain,” IEEE International Conference on e-Technology, e-Commerce and e-Service, pp. 139-145.
[62] J. Zhu and J. Ma (2004), “A New Authentication Scheme with Anonymity for Wireless Environments,” IEEE Transactions on Consumer Electronics, Vol. 50, Isu. 1, pp. 231-235.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top