「公平交換」與「顧客匿名」是電子商務協定的兩個重要特性。然而在既有的協定中,多數只強調公平交換,僅少數協定兼具此二特性。本研究採用可靠之密碼學技術並以依次收費為交易模式,再結合離線式仲裁者及銀行,提出新的電子商務協定,以支援數位內容線上交易。此協定除確保兩項重要特性外,更改善過去相關研究的缺點。 此新協定包含協商、提款、購買與仲裁等四個交易階段,經審慎之協定分析,確能滿足公平交換與顧客匿名兩特性,且能確保付款安全;在計算效率上,新協定也優於相關的電子商務協定。除協定分析外,本研究另以「協定雛型」及「模式檢驗」對新協定做深入驗證。協定雛型證明新協定確實可運作,再經實驗設計發現非對稱式金鑰長度為影響協定效能之主因。藉由模式檢驗,新協定能達到期望被滿足的公平交換特性;如允許系統及網路於交易過程中故障,透過模式檢驗則能獲得違反公平交換特性的反例,依據這些反例,本研究設計協定之擴充部份,賦予協定參與者具備自系統故障或網路中斷復原後,繼續進行未完成交易之能力。經由三種不同觀點的驗證方法,本研究證明提出的新協定為妥適的設計,並期望因提供顧客匿名特性,進而提高顧客從事數位內容線上交易之意願。 Fair exchange and customer anonymity are two important characteristics that e-commerce protocols are needed to address. However, the majority of the existing protocols only focus on fair exchange, and few of them discuss customer anonymity. This research adopts state-of-the-art cryptography techniques, uses the pay-per-use business model, combines the off-line arbitrator and the bank, and then proposes a new e-commerce protocol for digital contents transactions. This new protocol can ensure both characteristics and remedy the flaws of the related protocols. The proposed e-commerce protocol consists of negotiating, withdrawing, purchasing and arbitrating phases. By scrupulous protocol analysis, it can achieve fair exchange, customer anonymity and payment security. Compared with the most related protocol, the new protocol has better efficiency. Besides protocol analysis, this research uses “protocol prototype” and “model checking” to do thorough verifications. The protocol prototype proves that the new protocol is workable when it is implemented in the real world. By experimental designs, this research identifies the length of asymmetric keys as the main factor to affect protocol performance. The model-checking result shows that the new protocol does indeed have the desirable properties for fairness. This research also introduces failures into communication processes and participant processes and then obtains counterexamples by the FDR. This research extends the new protocol based on these counterexamples. Protocol extensions can provide protocol participants with the capability for failure resilience. Through three kinds of verification methods, this research proves that the new protocol is well-designed. This research also expects that the new protocol has significant potential for flourishing e-commence transactions because it can keep customer anonymity.
