小額電子支付系統之研究

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：18

、訪客IP：18.216.32.116

姓名

黃群凱(Chung-Kai Huang ) 查詢紙本館藏

畢業系所

資訊工程研究所

論文名稱

小額電子支付系統之研究
(The Research of Electronic Micropayment Systems)

相關論文

★ 多種數位代理簽章之設計	★ 實體密碼攻擊法之研究
★ 商業性金鑰恢復與金鑰託管機制之研究	★ AES資料加密標準之實體密碼分析研究
★ 電子競標系統之研究	★ 針對堆疊滿溢攻擊之動態程式區段保護機制
★ 通用型數域篩選因數分解法之參數探討	★ 於8051單晶片上實作可防禦DPA攻擊之AES加密器
★ 以非確定式軟體與遮罩分割對策防禦能量攻擊之研究	★ 遮罩保護機制防禦差分能量攻擊之研究
★ AES資料加密標準之能量密碼分析研究	★ 小額電子付費系統之設計與密碼分析
★ 公平電子現金系統之研究	★ RSA公開金鑰系統之實體密碼分析研究
★ 保護行動代理人所收集資料之研究	★ 選擇密文攻擊法之研究與實作

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

由於電子商務在網際網路上的蓬勃發展，電子支付系統在今日已然成為電子商務中相當重要的議題。其中，線上交易的安全性與便利性是消費者最關心的問題，電子支付系統中的小額電子付費更是邇來最熱門的研究主題之一。小額付費的概念普遍存在於目前的網際網路線上交易當中，例如線上算命、線上遊戲、線上資料庫查詢及購買單一網頁、文章或其他資料等等。
小額電子支付系統研究濫觴於1995年，之後陸續有多位學者提出相關研究論文。至目前為止，大部份的小額電子支付系統都是根基於單向雜湊函數鏈（one-way hash chain）來形成小額電子錢幣鏈，並且儘量減少多餘的資料以及公開金鑰密碼技術的使用以降低進行交易和儲存資訊時所需的花費。然而這些根基於單向雜湊函數鏈的系統都面臨了商店特有性的問題，簡言之，就是一串小額電子錢幣鏈只能消費在某一已指定的商店，這個特性限制了小額電子支付系統的便利性。本論文的第三章，針對此一缺點，提出一個兼具彈性與效率的新系統稱為“FlexPay”。在此系統中，單一串小額電子錢幣鏈可以被使用在多個商店。
為了提升單向雜湊函數鏈的效率，本論文的第四章提出一個新的機制稱為權重式單向雜湊函數鏈（weighted one-way hash chain）。此方法運用自我編碼（self-encoding）替每個小額電子錢幣加上權重以增加小額電子錢幣鏈的使用效能。
小額電子錢幣鏈除了商店特有性的限制外，尚有其他的問題，例如：必須預先設定小額電子錢幣鏈的長度。針對此問題，澳洲學者Yi Mu在1997年提出了一個系統稱為“UPayWord”。該系統據稱解決了使用者必須預先設定小額電子錢幣鏈長度的限制，然而，卻破壞了小額電子錢幣鏈的“鏈結”重要特性。如此一來，造成消費者有機會欺騙商店以及商店在後續與銀行的清算階段出現爭端。在第五章中，針對此問題提出討論。
最後，本論文提出未來可行的相關研究方向，包括將小額電子支付系統應用在行動電話上的付費以及將小額電子支付系統實作在個人數位助理（PDA）或智慧卡（smart card）上。

摘要(英)

Electronic payment systems have gradually become an important issue nowadays because of the popularity and importance of e-commerce on the Internet. Security and convenience topics are
most important issues that people concern.
The electronic micropayment is one of the most popular research topics on the Internet based payment. Recently, many efficient micropayment schemes, based on the usage of one-way hash chain, were developed. They enable more and more new applications for e-commerce. However, all existing micropayment schemes suffer a common drawback that a generated chain of electronic coins can only be spent at a specific merchant. This special feature limits the widespread application of existing micropayment schemes. In this thesis, some nonmerchant-specific systems are reviewed. Then, a novel usage of hash chain is proposed and this leads to a flexible and efficient micropayment scheme, named the FlexPay. In FlexPay, the coins in the chain can be spent over many merchants. Therefore, based on the FlexPay scheme, it is possible that a large scale micropayment employed for a variety of applications among many merchants.
In this thesis, we also design a novel construct of weighted
one-way hash chain to improve the performance of a micropayment. We also show that the proposed technique is especially useful in implementing micropayment on a resource restrained computing device such as a hand-held computer.
Finally, we give a comment on a PayWord based micropayment scheme, named the UPayWord. It is claimed that UPayWord can eliminate the constraint of the original PayWord in such a way that it does not require the users to set the length of the payword chains in advance. However, in this thesis, it will be shown that the UPayWord scheme violates the fundamental characteristics of one-way hash chain and will lead the merchants and the bank into dispute during the redemption
phase. In summary, the UPayWord scheme does not resolve any
disadvantage of the original PayWord scheme.

關鍵字(中)

★ 商店特有性
★ 單向雜湊函數鏈
★ 小額電子支付系統
★ 權重式單向雜湊函數鏈
★ 電子商務
★ 電子支付系統

關鍵字(英)

★ Electronic commerce
★ Electronic micropayment systems
★ Electronic payment systems
★ merchant-specific
★ one-way hash chain
★ weighted one-way hash chain

論文目次

1 Introduction
1.1 The Importance of E-Commerce
1.2 Motivation of the Research
1.3 Overview of the Thesis
2 Review of Previous Works
2.1 Overview of Electronic Payment Systems
2.1.1 Desirable characteristics of electronic payment
systems
2.1.2 The classification of famous electronic payment
systems
2.1.3 Review of micropayment systems
2.2 Review of PayTree
2.2.1 System description
2.2.2 Discussions
3 FlexPay -- An Improved Flexible Micropayment Scheme
3.1 Introduction
3.2 Review of PayFair
3.3 FlexPay
3.3.1 Phase A : Registration phase
3.3.2 Phase B : Transaction phase
3.3.3 Phase C : Deposit phase
3.4 Analisys of FlexPay
3.4.1 Security analysis
3.4.2 Storage analysis
3.4.3 Performance analysis
4 Performance Improvement of One-Way Hash Chain
4.1 Introduction
4.2 The Proposed Solution
4.2.1 The weighted one-way hash chain
4.2.2 Micropayment with varying denomination
4.2.3 Some useful special weighting assignment algorithms
4.3 Performance Analysis
4.4 Summary and Future Works
5 Cryptanalysis on UPayWord Scheme
5.1 Introduction
5.2 Review of UPayWord Scheme
5.3 Crytpanalysis
6 Conclusions
6.1 Brief Review of Main Contributions
6.2 Further Research Topics and Directions

參考文獻

[1] R. Anderson, H. Manifavas, and C. Sutherland, 'NetCard - a
practical electronic cash system,' 1996, http://www.cl.cam.ac.uk/~cm213/Project/
[2] N. Asokan, P. Janson, M. Steiner, and M. Waidner, 'State of the art in electronic payment systems,' IEEE Computer, 30(9): pp. 28-35, September 1997.
[3] M.M. Anderson, The electronic check architecture, Technical
Report Version 1.0.2, Financial Services Technology Consortium,
September 1998.
[4] J. Boly, et al., 'The ESPRIT Project CAFE - High Security
Digital Payment Systems,' {em Proc. of the Third European
Symposium on Research in Computer Security (ESORICS)}, Vol. 875
in Lecture Notes in Computer Science, Brighton, UK, November 1994.
[5] M. Bellare, et al., 'iKP -- A Family of Secure Electronic
Payment Protocols,' {em Proc. of the 1st USENIX Workshop on
Electronic Commerce}, New York, July 1995.
[6] M. Bellare, et al., 'Design, implementation and deployment of the iKP secure electronic payment system,' {em IEEE Journal on Selected Areas in Communications}, 18(4):611-627, April 2000, appeared earlier with a slightly different focus as Research Report RZ 3137, IBM Research Division, June 1999.
[7] D. Chaum, 'Blind Signatures for Unraceable Payments,' {em
Advances in Cryptology - CRYPTO'82}, Plenum, NY, 1983, pp.
199-203.
[8] L.J. Camp, M. Sirbu, and J.D. Tygar, 'Token and Notational Money in Electronic Commerce,' {em Proc. of the First USENIX Workshop on Electronic Commerce}, pages 1--12, July 1995.
[9] L.J. Camp and M. Sirbu, 'Critical issues in internet commerce,' {em IEEE Communications Magazine}, pages 58--62, May 1997.
[10] N. Daswani and D. Boneh, 'Experimenting with electronic commerce on the PalmPilot,' {em Proc. of 3rd Financial Cryptography Conference, FC '99}, Lecture Notes in Computer Science, Vol.1648, Springer Verlag, pp.1--16, February 1999.
[11] S. Even, O. Goldreich, and S. Micali, 'On-line/off-line digital signatures,' {em Advances in Cryptology -- CRYPTO '89}, Lecture Notes in Computer Science, Vol.435, Springer Verlag, pp.263--275, 1990.
[12] FIPS 180-1, 'Secure Hash Standard,' NIST, US Department of Commerce, Washington D.C., April 1995.
[13] L. Ferreira and R. Dahab, 'A Scheme for Analyzing Electronic Payment Systems,' {em In 14th ACSAC - Annual Computer Security Applications Conference (ACSAC'98)}, Scottsdale, Arizona, December 1998.
[14] S. Glassmann, M. Manasse, M. Abadi, P. Gauthier, and P.
Sobalvarro, 'The Millicent protocol for inexpensive electronic
commerce,' {em Proc. of 4th International World Wide Web
Conference}, Boston, MA, pp.603--618, Dec. 1995.
[15] N.M. Haller, 'The S/KEY one-time password system,' {em Proc. of the ISOC Symposium on Network and Distributed System Security}, San Diego, CA, Feb. 1994.
[16] K. Hickman, {em The SSL Protocol}, Netscape Communications
Corp., Feb. 1995.
[17] R. Hauser, M.Steiner, and M.Waidner, 'Micro-payments based on iKP,' {em Proc. of SECURICOM '96, 14th Worldwide Congress on Computer and Communications Security and Protection}, pp.67--82, 1996.
[18] G. Horn and B. Preneel, 'Authentication and payment in future mobile systems,' {em Proc. of ESORICS '98}, Lecture Notes in Computer Science, Vol.1485, Springer Verlag, pp.277--293, 1998.
[19] C.S. Jutla and M. Yung, 'PayTree: Amortized-signature for
flexible micropayments,' {em Proc. of Second USENIX Association Workshop on Electronic Commerce}, pp.213--221, November 1996.
[20] S.Jarecki, and A. Odlyzko, 'An efficient micropayment system based on probabilistic polling,' {em Proc. Financial
Cryptography Workshop}, 1997, 16 pages.
[21] P. Kocker, A. Freier, and P. Karlton, {em The SSL Protocol
Version 3.0}, Netscape Communications Corp., March 1996.
[22] J. Kravitz (ed.), {em FSML - Financial service markup language}, Technical Report Version 1.17.1, Financial Services Technology Consortium, October 1998.
[23] L. Lamport, 'Constructing digital signatures from a one-way function,' Technical Report SRI Intl. CSL 98, 1979.
[24] L. Lamport, 'Password authentication with insecure
communication,' {em Commun. of ACM}, Vol.24, No.11,
pp.770--772, 1981.
[25] R.J. Lipton, R. Ostrovsky, 'Micro-Payments via Efficient
Coin-Flipping,' {em Proc. of the 2nd Int. Conf. on Financial
Cryptography}, Springer-Verlag, LNCS 1465, pp. 1-15, Feb. 1998.
[26] R.C. Merkle, 'A digital signature based on a conventional
encryption function,' {em Advances in Cryptology -- CRYPTO '87}, Lecture Notes in Computer Science, Vol.293, Springer Verlag, pp.369--377, 1988.
[27] R.C. Merkle, 'A certified digital signature,' {em Advances in Cryptology -- CRYPTO '89}, Lecture Notes in Computer Science 435, Springer Verlag, pp.218--238, 1990.
[28] G. Medvinsky and B.C. Neuman, 'NetCash: A design for practical electronic currency on the internet,' {em Proc. of first ACM Conference on Computer and Communications Security}, pp. 102-106, Fairfax, Virginia, November 1993.
[29] M.S. Manasse, 'The Millicent Protocols for Electronic
Commerce,' {em Proc. of 1st USENIX workshop on Electronic
Commerce}, New York, NY, July 11-12, 1995,
http://www.research.digital.com/SRC/millicent/
[30] Y. Mu, V. Varadharajan, and Y.X. Lin, 'New micropayment schemes based on PayWords,' In {em Proc. of 2nd Australasian Conference on Information Security and Privacy, ACISP '97}, Lecture Notes in Computer Science, vol.~1270, Springer Verlag, pp.~283--293, 1997.
[31] A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone, {em Handbook of applied cryptography}, CRC Press, 1997.
[32] K.M. Martin, B. Preneel, C.J. Mitchell, H.J. Hitz, G. Horn, A. Poliakova, and P. Howard, 'Secure billing for mobile information services in UMTS,' {em Proc. of 5th International Conference in Services and Networks, IS&N '98}, Lecture Notes in Computer Science, Vol.1430, Springer Verlag, pp.535--548, 1998.
[33] B.C. Neuman, 'Proxy-Based Authorization and Accounting for
Distributed Systems,' {em Proc. of the 13th International
Conference on Distributed Computing Systems}, 283-291,
Pittsburgh, 1993.
[34] B.C. Neuman, and G. Medvinsky, 'Requirements for Network
Payment: The NetCheque Perspective,' {em Proc. of IEEE Compcon
'95}, San Francisco, March, 1995.
[35] K.Q. Nguyen, Yi Mu, and Vijay Varadharajan, 'Micro-Digital
Money for Electronic Commerce,' {em Proc. of the IEEE 13th
Annual Computer Security Applications Conference}, 1997.
[36] D. O'Mahony, M. Peirce, and H. Tewari, {em Electronic Payment Systems}, Artech House, INC., 1997.
[37] D. O'Mahony, L. Doyle, H. Tewari, and M. Peirce, 'NOMAD -- An application to provide UMTS telephony services on fixed terminals in COBUCO,' {em Proc. of 3rd ACTS Mobile Communications Summit}, Vol.1, pp.72--76, Rhodes, Greece, June 1998.
[38] T. Pedersen, 'Electronic payments of small amounts,' {em Proc. of Security Protocols Workshop}, Lecture Notes in Computer Science, Vol.1189, Springer Verlag, pp.59--68, 1997.
[39] M. Peirce and D. O'Mahony, 'Flexible real-time payment methods for mobile communications,' {em IEEE Personal Communications}, Volume: 6 Issue: 6 , Dec. 1999 Page(s): 44 -55.
[40] M. Peirce and D. O'Mahony, 'Micropayments for mobile networks,' Technical Report of the Dept. of Computer Science, Trinity College Dublin, Ireland, 1999.
[41] J.W. Palmer and L.B.Eriksen, 'Digital newspapers explore
marketing on the Internet,' {em Commun. of ACM}, Vol.42, No.9,
pp.33--40, 1999.
[42] M.O. Rabin, 'Digital signatures,' {em Foundations of Secure Computation}, Academic Press, pp.155--168, 1978.
[43] R.L. Rivest, A. Shamir, and L. Adleman, 'A method for obtaining digital signatures and public-key cryptosystem,' {em Commun. of ACM}, Vol.21, No.2, pp.120--126, 1978.
[44] R.L. Rivest, 'The MD5 message digest algorithm,' {em RFC
1321}, Apr. 1992.
[45] R.L. Rivest and A. Shamir, 'PayWord and MicroMint: Two simple micropayment schemes,' {em Proc. of Security Protocols Workshop}, Lecture Notes in Computer Science, Vol.1189, Springer Verlag, pp.69--87, 1997. Also in {em CryptoBytes}, Pressed by RSA Laboratories, Vol.2, No.1, pp.7--11, 1996.
[46] R.L. Rivest, 'Electronic lottery tickets as micropayments,' {em Proc. of Financial Cryptography Conference, FC '97}, Lecture Notes in Computer Science 1318, Springer Verlag, pp.307--314, 1998.
[47] M. Sirbu and J.D. Tygar, 'NetBill: An Electronic Commerce System Optimized for Network Delivered Information and Services,' {em Proc. of IEEE Compcon'95}, San Francisco, CA, Mar. 1995, http://www.ini.cmu.edu/netbill/
[48] C.T. Wang, C.C. Chang, and C.H. Lin, 'A New Micro-Payment System Using General Payword Chain,' {em Proc. of the Tenth National Conference on Information Security}, 2000, pp. 207-213.
[49] S.M. Yen, J.M. Lee, and J.G. Lee, 'PayFair: A prepaid Internet micropayment scheme promising customer fairness,' {em Proc. of International Workshop on Cryptographic Techniques and E-Commerce, CrypTEC '99}, Hong Kong, pp.213--221, 5-8 July 1999.
[50] S.M. Yen, L.T. Ho and C.Y. Huang, 'Internet micropayment based on unbalanced one-way binary tree,' {em Proc. of International Workshop on Cryptographic Techniques and E-Commerce, CrypTEC '99}, Hong Kong, pp.155--162, 5-8 July 1999.
[51] Y. Zheng and J. Pieprzyk and J. Seberry, '{HAVAL} - a one-way hashing algorithm with variable length of output,' {em Advances in Cryptology -- AUSCRYPT'92}, Lecture Notes in Computer Science, Vol.718, Springer-Verlag, pp.83--104, 1993.
[52] CEPSCo, LLC, http://www.cepsco.com/
[53] CyberCash, 1996, http://www.cybercash.com/
[54] DigiCash, http://www.digicash.com/
[55] The E-Commerce Book, http://www.isc.org/
[56] EMVCo, LLC, http://www.emvco.com/
[57] Forrester Research, http://www.forrester.com/
[58] The Internet Software Consortium, http://www.isc.org/
[59] IDC Research, http://www.idc.com/
[60] MasterCard and VISA Corporations, {em Secure Electronic Transaction(SET)}, 1996
[61] Mondex International, http://www.mondex.com/,
http://www.mastercard.com/ourcards/smartcard/idemo1.html
[62] Visa International, http://www.visa.com/pd/cash/main.html,
http://www.europay.com/common/Index.html

指導教授

顏嵩銘(Sung-Ming Yen)

審核日期

2001-7-6

推文