在現今網際網路發達的社會,許多事情可以藉由網路的協助完成,甚至可以在線上完成商品交易。網路購物的便利性徹底改變了現代人的消費模式。電子商務日趨發達,除了帶給我們便利之外,我們更應該注重電子商務線上交易的安全議題。 本研究主要討論的電子商務營運模式是以B2C(Business to Consumer)企業透過網路銷售產品或服務給個人消費者為主。本研究從兩個方向解決電子商務交易可能產生的程式功能或流程邏輯錯誤: 1. 正確的系統設計與開發流程:以Petri Net 建立系統功能流程。 2.利用Petri Net產生正確的安全威脅模型:分析出系統的潛在威脅,依據其潛在威脅建立出一個安全的系統。 本研究利用Petri Net的概念,將電子商務交易的流程重新繪製成Petri Net圖形,藉此評估此系統之可達性(Reachability)及限制性(Boundedness),驗證此系統運行時是否有不當的行動會造成企業及消費者無法預期的損失。 The Internet has been well developed nowadays. Many things can be done through the Internet, even we can go shopping on-line. The convenience of on-line shopping makes a radical change of the consumption pattern of modern people. E-Commerce becomes more and more developed, despite of its convenience, we should be more concerned about the security of on-line shopping. In this study, we will discuss the E-Commerce of B2C(Business to Consumer)and solve function or logic error which result from a poor-designed program through two ways: 1. Proper system design and development process : construct systematic process by using Petri Net. 2. Using Petri Net to build a correct security-threatening model : Find out latent threats of the system and construct a more secure system without these threats. We adopted the concept of Petri Net and redrew E-Commerce transaction process into Petri Net map to evaluate the reachability and boundedness of the system, and we can verify whether the system has improper behavior which may cause the enterprises and the consumers unpredicted losses.
