A Study of Security on Electronic Payment System 梁道一、顏嵩銘
E-mail: 8809489@mail.dyu.edu.tw
ABSTRACT
As business is moving from face-to-face trading, mail order and phone order to electronic commerce over open networks such as the Internet, crucial security issues are being raised. While Electronic Fund Transfer over financial networks is reasonably secure, securing payments over open networks connecting commercial servers and consumer workstations poses challenges of a new dimension. We believe that will be done which must sign his name on for the same experience. One, your trade under the control of someone. Two, you can''t use credit card to buy a beverage, dut to the two point. Maybe you don''t think so, but it have some problem in the viewpoint of privacy and conveniently. Therefore, we will to bring up electronic cash to accomplish anonymous system. It will be include merchant and bank. However, we also added some escrow function in here for the sake of convenient to control disputes or extorts. Otherwise, in this time, it has to use payment systems that only buy a beverage, it have the aid of micropayment. Consequently, we will to discuss and some problem about efficiency of micropayment.
Keywords : Micropayment ; Electronic cash ; Anonymous ; Escrow ; Coin Table of Contents
封面內頁 簽名頁 授權書 iii 簽署人須知 iv 中文摘要 v 英文摘要 vi 誌謝 vii 目錄 viii 圖目錄 xii 表目錄 xiii 第一章 緒論 1 1.1 前 言 1 1.2 研究動機 2 1.3 論文架構 3 第二章 加密技術簡介 5 2.1 RSA公開金匙密碼系統 5 2.2 數位簽章 7 2.3 DES私密金匙加 密系統 9 2.4 赫序函數 10 第三章 電子付費系統之回顧 12 3.1 電子商業 13 3.2 電子金錢的觀念、功能與特性 14 3.2.1 電子金 錢的主要功能 15 3.2.2 電子金錢的必備特性 15 3.3 電子付費系統的特性與功能 16 3.3.1 電子付費系統的必備特性 16 3.3.2 電 子付費系統的操作特性與功能 17 3.4 電子付費系統的模組與作業模式 18 3.4.1 現金式與支票式付費系統的基本流程 19 3.4.2 離線式與連線式 21 3.4.3 支付面額 21 3.4.4 可移轉性 22 3.4.5 防偽硬體 23 3.2.6 清算作業 23 3.5 具代表性的電子付費系統 24 第四章 具匿名功能之電子付費系統回顧 26 4.1 使用符號說明 26 4.2 以假名進行匿名 28 4.2.1作業流程 28 4.3 具可信賴第三 者的匿名 32 4.3.1 作業流程 32 4.4 假名與具有可信賴第三單位之匿名方式比較 35 第五章 具使用者身份匿名與託管之電子 現金系統 38 5.1 預設幾個先決條件 38 5.1.1 遺失之補救 38 5.1.2 使用限制 39 5.1.3 重複使用 40 5.1.4 匿名 40 5.2 系統的建構 與需求 41 5.3 託管機制 42 5.4 具體的協定內容 44 5.4.1 申請使用證書 44 5.4.2 使用者提領數位現金 47 5.4.3 支付 49 5.5 卡片 遺失或其他狀況時的處理原則與方式 51 5.5.1 遺失或被竊 52 5.5.2 求償申請 52 5.5.3 謊稱遺失或被竊 53 5.5.4 託管 54 5.6 安 全評估 55 5.6.1 因數分解n值攻擊法 55 5.6.2 密文攻擊法 55 5.6.3 重送攻擊法 56 第六章 改良式小額付費之研究 58 6.1 小額 付費的基本觀念與目的 58 6.2 Probabilistic Polling小額付費系統 59 6.3 Lotter Tickets小額付費系統 63 6.3.1 細部協定與兌獎 方式 64 6.3.2 一個中獎號碼串中的理想中獎號碼個數 68 第七章 結論 75 參考文獻 78 附錄 83
REFERENCES
[1] J. Abad Peiro, N. Asokan, M. Waidner, "Payment Manager-Overview," IBM Zurich Research Lab, 21 March 1996, SEMPER Activity Paper 212ZR054, http://www.zurich.ibm.com/ [2] P. Janson, M. Waidner, "Electronic Payment over Open Networks -A Technology Overview-," IBM Zurich Research Laboratory, CH-8803 Ruschlikon, Switzerland, Version 5/8/1995, http://www.ibm.com/crypto/ [3] N. Asokan, Pbillipe A.
Janson, Michael Waidner, "The State of the Art in Electronic Payment Systems," IBM Zurich Research Lab., September 1997,
http://www.zurich.ibm.com/ [4] N. Asokan, Phil Janson, Michael Waidner, "Electronic Payment Systems," IBM Research Division, Zurich Research Laboratory, CH-8803 Ruschlikon, Switzerland, ftp://ftp.cl.cam.ac.uk/users/rja14/ [5] Birgit Pfitzmann, Michael Waidner, "Properties of Payment Systems : General Definition Sketch and Classification," IBM Research Report RZ 2823(#90126), 05/06/1996,
http://www.zurich.ibm.com/Technology/Security/ [6] Gerard Lacoste, "A Security Framework for the Global Electronic Marketplace," IBM France, August 1997, http://www.semper.org.
[7] Matthias Schunter, Michael Waidner, "Architecture and Design of a Secure Electronic Markerplace," 1996,
ftp://ftp.cl.cam.ac.uk/users/rja14/ [8] Micheal Waidner, "Development of a Secure Electronic Marketplace for Europe," IBM Zurich Research Laboratory, September 1996, ftp://ftp.cl.cam.ac.uk/users/rja14/ [9] Dorothy E. Denning and Miles Smid, "Key Escrow Today," IEEE Communications Magazine, pp.58~68, September 1994.
[10] Thomas, Hans-Joachim Knobloch, Marcus Otten, Gustavus J. Simmons, Peer Wichmann, "Towards Acceptable Key Escrow Systems,"
Karlsruhe University Europen Institute fo System Security Am Fasanengarten 5 76128 Karlsruhe Germany.
[11] Ross Anderson, "Ueps - A Second Generation Electronic Wallet," Proceedings of ESORICS 92, Springer LNCS v 648 pp 411~418.
[12] D Chaum, "Security without Identification: Card Computers to make Big Brother Obsolete,"in Commun. ACM;28(10) October 1985, 1030-1004. http://digicash.support.nl/news/archive/ [13] Ronald L. Rivest and Adi Shamir, "PayWord and MicroMint: Two simple micropayment schemes," MIT Laboratory for Computer Science 545 Technology Square, May 7 1996.
[14] Ross Anderson, Charalampos Manifavas and Chris Sutherland, "NetCard - A Practical Electronic Cash System," Computer Lab. 1996.
[15] Anonymous, "Electronic Cash System," 1996.
[16] Mihir Bellare, Juan A. Garay, Ralf Hauser, Amir Herzberg, Hugo Krawczyk, Michael Steiner, Gene Tsudik, Michael Waidner, "iKP-A Family of Secure Electronic Payment Protocols," Working Draft, May 8 1995,
http://www.zurich.ibm.com/Technology/Security/publications/1995/ [17] Mihir Bellare, Juan A. Garay, Ralf Hauser, Amir Herzberg, Hugo Krawczyk, Michael Steiner, Gene Tsudik, Michael Waidner, "iKP-A Family of Secure Electronic Payment Protocols," Extended Abstract, July 12 1995, http://www.zurich.ibm.com/Technology/Security/publications/1995/ [18] Ralf Hauser, Michael Steiner, Michael Waidner,
"Micro-payment based on iKP," IBM Zurich Research Laboratory, CH-8803 Ruschlikon Switzerland, August 21 1996 http://www.zurich.ibm.com/Technology/Security/publications/1995/.
[19] J. P. Boly, A. Bosselaers, A. Cramer, R. Michelsen, S. Mjolsnes, F. Muller, T. Pedersen, B. Pfitzmann, P. de Roij, B. Schoenmarkers, M.
Schunter, L. Vallee, and M. Waidner, "The ESPRIT Project CAFE-High Security Digital Payment Systems," ESORICS '94, LNCS 875, Springer-Verlag, Berlin, 1994, pp. 217~230.
[20] H. Burk and A. Pfitzmann, "Digital Payment Systems Enabling Security and Unobservability," Computer & Security, Vol.9, No.5, 1989, pp.399~416. http://www.semper.org/sirene/publ/BuePf_89.ps.gz [21] David M. Kristol, Steven H. Low, Nicholas F. Maxemchuk, "Anonymous Internet Mercantile Protocol," AT&T Bell Lab., Murray Hill, NJ07974, March 17 1994.
[22] Steven H. Low, Nicholas F. Maxemchuk and Sanjoy Paul, "Anonymous Credit Cards," ACM Conference on Computer and Communication Security, November 2-4, 1994.
[23] Ronald L. Rivest, "Electronic Lottery Tickets as Micropayments," MIT Lab. for Computer Science. Available from rivest@theory.lcs.mit.edu.
[24] Sung-Ming Yen, P.Y. Kuo, "Improved Micro-Payment System," Proc. Of the 8th National Conference on Information Security, May 1998.
[25] Stanislaw Jarecki and Andrew Odlyzko, "An efficient micropayment system based on probabilistic polling," Proceedings 1997 Financial Cryptography Conference(Springer, 1997).
[26] R. L. Rivest, A. Shamir, and L. Adleman. "Amethod for obtaining digital signatures and public-key cryptosystems." Communications of ACM, 21, February 1978.
[27] Peter Wayner, "Digital Cash-Communication on The Net", Harcourt Brace & Company Asia Pte Ltd, 1998.
[28] Gennady Medvinsky, B. difford Nenuman, "NetCash : Adesign for practical electronic currency on the Internet" , ACM Conference on Computer and Communications Security, November 1993.