(44.192.66.171) 您好!臺灣時間:2021/05/18 23:17
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:王重堯
研究生(外文):Chung-yao Wang
論文名稱:公平且匿名之帳號基礎行動付費協定
論文名稱(外文):Fairness and Anonymous Account-based Mobile Payment Protocol
指導教授:吳宗成吳宗成引用關係
指導教授(外文):Tzong-chen Wu
學位類別:碩士
校院名稱:國立臺灣科技大學
系所名稱:資訊管理系
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2008
畢業學年度:96
語文別:中文
論文頁數:88
中文關鍵詞:樂觀式公平性匿名性不可否認性帳號基礎行動付費橢圓曲線密碼系統自我驗證可信任第三方(TTP)
外文關鍵詞:OptimisticFairnessAnonymitynon-repudiationAccount-basedMobile PaymentECCSelf-certifiedTTP
相關次數:
  • 被引用被引用:0
  • 點閱點閱:164
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
隨著資訊科技的發展,行動裝置(如手機、PDA)的可攜性、效能性及頻寬限制皆有所提升,而且行動商務提供多元化之加值服務,有鑑於行動裝置的普及,勢必使得行動付費成為人們消費付款的主要方式之一。然而,綜觀現今行動付費系統中,極少探討交易公平性問題,而且若有發生交易糾紛,需經由實體仲裁中心解決交易糾紛,不能立即處理交易。另外,在交易期間為了避免洩漏買方消費行為或習慣,故需將買方之身分隱藏。此外,在行動裝置運算能力與無線網路頻寬限制下,如何設計輕量化付費系統,並達到相同的安全等級為重要之議題。有鑑於此,本論文利用橢圓曲線密碼系統與自我驗證公開金鑰系統設計行動付費協定,以降低計算複雜度與通訊成本,並且藉由一個離線的可信賴第三方維持交易公平性。本論文提出的方法具有以下特點:(1)是樂觀式;(2)達到強公平性;(3)達到線上自動解決糾紛;(4)達到買方匿名性;(5)達到不可假冒性;(6)達到不可否認性;(7)達到前推安全;(8)TTP無金鑰管理問題(9)防止授權之付費被重覆使用。
Along with the development of Information Technology, the portability and efficiency of mobile devices and the bandwidth of mobile networks have been improved. Also, the mobile services have been diversely provided. Due to the convenience, mobile payment will become the main payment method for on-line transaction. Current researches rarely focus on the issue of the fair mobile payment systems. When the electronic transaction disputes, participants must manually resolve disputes through the trust party (i.e. the court), and cannot automatically resolve disputes immediately. Besides, in order to avoid revealing the buyer’s shopping behavior and habits during the transaction, the buyer’s identity must be hided. Hence, because of the above situations and the limitation of mobile device's computing power and wireless network bandwidth, how to design a lightweight fair mobile payment system to accomplish the same security level is becoming more and more important. In our proposed scheme, we propose a fair mobile payment protocol based on the ellipse curve cryptosystem and the self-certified public key system to reduce computing complexity and communication cost and maintain transaction fairness by off-line trusted third party. Our proposed scheme can achieve (1) Optimistic protocol;(2) Strong fairness;(3) On-line automated dispute resolution;(4) Anonymity of the buyer;(5) Non-impersonation;(6) Non-repudiation;(7) Forward security;(8) Elimination of key management issues for TTP;(9) Preventing the reuse of the authorized payment.
目 錄
中文摘要 I
ABSTRACT II
誌 謝 III
目 錄 IV
圖目錄 V
表目錄 VI
第一章 緒論 1
1.1 研究背景與動機 2
1.2 研究目的 11
1.3 論文架構 14
第二章 相關研究文獻回顧 15
2.1 ONIZ等人所提出的公平交換協定之數位產品憑證機制 16
2.2 橢圓曲線密碼系統 25
2.3 PETERSEN等人所提出具自我驗證之金鑰發行機制 30
2.4 HASSINEN等人提出的基於PKI之行動付費系統 34
第三章 我們所提出的方法 40
3.1 符號定義、角色說明與系統模型 41
3.2 系統設置與金鑰申請階段 46
3.3 產品憑證申請階段 49
3.4 公平行動付費協定 51
第四章 安全性分析與效率評估 65
4.1 安全性分析 66
4.2 效率分析 71
第五章 結論與未來研究方向 79
5.1 結論 79
5.2 未來研究方向 80
參考文獻 81
附錄A 重要名詞之英、中文對照表 85
圖目錄
圖1.1 逐漸交換協定 4
圖1.2 線上式TTP公平交換協定 4
圖1.3 離線式TTP公平交換協定(樂觀式協定) 6
圖2.1 數位產品之加解密金鑰產生(Chain Keys) 18
圖2.2 Oniz等人的方法之正常交易步驟 20
圖2.3 Oniz等人的方法之糾紛解決步驟 22
圖2.4 橢圓曲線圖形 26
圖2.5 橢圓曲線加法示意圖 26
圖2.6 橢圓曲線雙倍點示意圖 27

圖2.7 Hassiene等人的方法之虛擬銷售點系統付費模型 36
圖3.1 系統架構示意圖 45
圖3.2 銀行BC註冊階段 46
圖3.3 產品憑證申請階段 49
圖3.4 系統流程圖-正常交易 51
圖3.5 系統流程圖-解決糾紛 51
圖3.6 買方C付費服務申請階段 52
圖3.7 交易階段 54
圖3.8 糾紛解決階段 61
表目錄
表2.1 Oniz等人方法之正常交易階段各角色運算次數 23
表2.2 Oniz等人方法之解決糾紛階段各角色運算次數 23
表2.3 Oniz與Ray在正常交易步驟運算次數比較表 24
表2.4 Oniz與Ray在糾紛解決步驟運算次數比較表 24
表2.5 相同安全性時,RSA與ECC公鑰長度比較表 28
表2.6 相同安全強度時,RSA數位簽章演算法與ECDSA效率比較表 28
表2.7 RSA數位簽章演算法與ECDSA的比較表 29
表2.8 Hassiene等人虛擬銷售點付費協定各角色運算次數 38
表4.1 我們的方法之交易階段計算複雜度 76
表4.2 我們的方法之糾紛解決階段計算複雜度 76
表4.3 與其他方法之交易階段計算複雜度比較表 77
表4.4 與其他方法之糾紛解決階段計算複雜度比較表 77
表4.5買方各階段通訊傳輸量 78
表4.6全體各階段通訊傳輸量 78
[1]X. Zheng, D. Chen, “Study of Mobile Payment Systems”, IEEE International Conference on E-Commerce (CEC 2003), 2003.
[2]I.C. LIN, C.C. CHANG, “A Practical Electronic Payment System for Message Delivery Service in the Mobile Environment”, Wireless Personal Communications, vol. 42, 2007, pp. 247–261.
[3]J. Doggest, “Electronic check project”, Financial Services Technology Consortium, see http://macke.wiwi.hu-berlin/IMI/micropayments.html, 1995.
[4]M. Sirbu and J.D. Tygar, “Netbill: An internet commerce system optimized for network delivered services”, IEEE Personal Communications, Vol. 2, No. 4, 1995 (Aug.), pp.34–39.
[5]M. Hassinen, K. Hypponen, E. Trchina, “Utilizing national public-key infrastructure in mobile payment systems”, Electronic Commerce Research and Applications, In Press, Corrected Proof, Available online 20 April 2007.
[6]Mobile Electronic Transactions Ltd., MeT Core Specification Version 1.2, Helsinki, Finland. <http://www.mobiletransaction.org/>, 2002.
[7]Finextra.com, Nordea Leads Dual-chip Mobile Payment Trials. <http://www.finextra.com/fullstory.asp?id=3220>, 24 September 2001.
[8]N. Asokan, M. Schunter, M. Waidner, “Optimistic protocols for fair exchange”, Proceedings of the 4th ACM Conference on Computer and Communications Security, Zurich, Switzerland, Association for Computing Machinery, New York, 1997 (April), pp.7–17.
[9]N. Asokan, V. Shoup, M. Waidner, “Asynchronous Protocols for Optimistic Fair Exchange”, Proceedings of the 1998 IEEE Symposium on Security and Privacy, Oakland, CA, USA, 1998 (May), pp.86–99.
[10]S. Even, O. Goldreich, A. Lempel, “A randomized protocol for signing contracts”, Communications of the ACM 28, 1985 (June), pp. 637–647.
[11]T.W. Sandholm, V.R. Lesser, “Advantages of a leveled commitment contracting protocol”, Proceedings of the 13th National Conference on Artificial Intelligence, 1996, pp.126–133.
[12]M. Ben-Or, O. Goldrich, S. Micali, R. Rivest, “A fair protocol for signing contracts”, IEEE Transactions on Information Theory , Vol. 36, No. 1, 1990, pp.40–46.
[13]T. Okamoto, K. Ohta, “How to Simultaneously Exchange Secrets by General Assumptions”, Proceedings of the 2nd ACM Conference on Computer and Communications Security, 1994, pp.184–192.
[14]B. Cox, J. D. Tygar, M. Sirbu, “NetBill security and transaction protocol”, in Proceedings of the 1st USENIX Workshop in Electronic Commerce, New York, NY, USENIX Association, California, 1995 (July), pp.77–88.
[15]S. Ketchpel, “Transaction protection for information buyers and sellers”, Proceedings of the Dartmouth Institute for Advanced Graduate Studies: Electronic Publishing and the Information Superhighway, Dartmouth College, New Hampshire, 1995.
[16]M. K. Franklin, M. K. Reiter, “Fair exchange with a semi-trusted third party”, Proceedings of the 4th ACM Conference on Computer and Communications Security, Zurich, Switzerland, Association for Computing Machinery, New York, 1997 (April), pp.1–6.
[17]I. Ray, I. Ray, N. Narasimhamurthi. “A Fair-exchange E-commerce Protocol with Automated Dispute Resolution”, Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions , 2000, pp.27–38.
[18]I. Ray, I. Ray, “An optimistic fair exchange e-commerce protocol with automated dispute resolution”, Proceedings of the First International Conference on Electronic Commerce and Web Technologies, Greenwich, UK, Lecture Notes in Computer Science, vol. 1875, Springer-Verlag, Berlin, 2000 (September), pp.84–93.
[19]I. Ray and I. Ray, “An Anonymous Fair-exchange E-commerce Protocol”, Proceedings 15th International in Parallel and Distributed Processing Symposium, 2001(April), pp.1790–1797.
[20]I. Ray, I. Ray, N. Natarajan, “An anonymous and failure resilient fair-exchange e-commerce protocol”, Decision Support Systems , 2005, pp.267–292.
[21]Q. Zhang, K. Markantonakis, K. Mayes, “A Mutual Authentication Enable Fair-Exchange and Anonymous E-Payment Protocol”, Proceeding of the 8th IEEE International Conference on E-Commerce Technology and the 3rd IEEE international Conference on Enterprise Computing, E-Commerce, and E-Services (CEC/EEE’06), pp.20–27.
[22]A. Nenadic, N. Zhang, B. Cheetham, C. Goble, “RSA-based Certified Delivery of E-Goods Using Verifiable and Recoverable Signature Encryption”, Journal of Universal Computer Secience, vol. 11, no. 1, 2005, pp.175–192.
[23]C.C. Oniz, E. Savas, A. Levi, “An Optimistic Fair E-Commerce Protocol for Large E-goods”, Proceedings of the Seventh IEEE International Symposium on Computer Networks (ISCN’06), pp. 214–219.
[24]A. Alaraj, M. Munro, “An e-commerce Fair Exchange Protocol for Exchange Digital Products and Payments”, Proceedings of the 2nd International Conference on Digital Information Management (ICDIM’07), pp.248–253.
[25]M. Girault, “Self-certified public keys”, Advances in Cryptology EUROCRYPT’91, Springer-Verlag, 1991, pp.491–497.
[26]A. Shamir, “Identity-based cryptosystems and signature schemes”, Advance in Cryptology-CRYPTO’84, Springer-Verlag, 1985, pp.47–53.
[27]H. Petersen, P. Horster, “Self-certified keys concepts and applications”, Proceeding of Communications and Multimedia Security’97, pp.102–116.
[28]IEEE 1363 Working Group, “IEEE P1363 standard specifications for public key cryptography”.
[29]S. Miyaguchi, K. Ohta, M. Iwata, “128-bit hash function (n-hash)”, Proceedings of SECURICOM’90, 1990.
[30]National Institute of Standards and Technology, NIST FIPS PUB 180, “Secure hash standard”, U. S. Department of Commerence, 1993.
[31]A. Perrig, R. Szewczyk, V. Wen, D. Culler, J. Tygar, “SPINS:Security protocols for sensor networks”, in Proceedings of Mobile Networking and Computing, 2001.
[32]W. Stallings, “Cryptography and Network Security Principles and Practices”, Third Edition, Prentice Hall, 2003
[33]B. Schneier, “Applied Cryptography”, 1996.
[34]N. Koblitz, “Elliptic curve cryptosystems”, Mathematics of Computation, Vol. 48, No. 17, 1985, pp.203–209.
[35]V.S. Miller, “Use of elliptic curves in cryptography”, Advances in Cryptology- CRYPTO’85, Springer- Verlag, 1985, pp.417–426.
[36]ANSI X9.62(1998), Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm(ECDSA).
[37]W.J. Tsaur, “Several security schemes constructed using ECC-based self-certified public key cryptosystems”, Applied Mathematics and Computation 168 , 2005, pp.447–464.
[38]NIST(2001), FIPS 186-2, Digital Signature Standard (DSS), http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf.
[39]NIST(2003), DRAFT Special Publication 800-57, Recommendation on Key Management, http://csrc.nist.gov/CryptoToolkit/kms/guideline-1-
Jan03.pdf.
[40]W. Diffie, M. Hellman, “New directions in cryptography”, IEEE Transactions on Information Theory, Vol. IT-22, No.6, 1976, pp.644– 654.
[41]R.L. Rivest, A. Shamir, and L.M. Adleman, “A method for obtaining digital signatures and public-key cryptosystem”, Communications of the ACM, Vol. 21, No. 2, 1978, pp. 120–126.
[42]Certicom Corporation, “ECC whitepaper: current public-key cryptographic syatems”,http://www.certicom.com/ecc/index.htm.
[43]A. Jurisic, A. Menezes, “Elliptic Curves and Cryptography”, 1997.
[44]J.B. Lacy, D.P. Mitchel, W.M. Schell, “CryptoLib:Cryptography in Software”, UNIX Security Symposium IV Proceedings, USENIX Association, 1993, pp.1–17.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊