數位技術的蓬勃發展，促使電子文件之數量快速增加。電子文件不同於傳統的紙本文件，需透過額外的設備或儀器才能加以閱讀。因此，閱讀電子文件所需的設備或儀器若遭市場淘汰，則該電子文件便可能無法讀取，而無法讀取的電子文件是無法創造任何價值的。綜觀過去文獻大多研究如何在電子文件經過長期歸檔後，仍能正確地顯示電子文件並加以閱讀，缺乏證明電子文件在經過長期歸檔後，仍能滿足當初所宣稱之安全性的研究，如完整性、鑑別性及不可否認性等。因此，本論文將電子文件之生命週期概分為電子文件產生階段、電子文件歸檔階段、電子文件檢索階段、電子文件移轉階段及電子文件銷毀階段，以公開金鑰基礎建設(public key infrastructure, PKI)為核心基礎，從密碼學的角度，探討電子文件各生命週期階段中的安全需求，並利用密碼學相關技術來確保電子文件在經過長期歸檔之後，仍能滿足當初所宣稱的完整性(integrity)、鑑別性(authenticity)及不可否認性(non-repudiation)等安全特性。

With the rapid development of digital technology, the number of eDocuments is rapidly increasing. eDocuments are different from paper documents. In order to read eDocuments, we need special equipment. If the equipment becomes obsolete, reading eDocuments will be difficult. Unreadable eDocuments are meaningless. There is much research on digital preservation in order to display eDocuments. However, all the research only focuses on how to preserve and display eDocument correctly. No research exists on assuring the security of eDocuments after long-term preservation, eg. integrity, authenticity and non-repudiation. As a result, we divide the stage of eDocuments lifecycle into five stages: creating, archiving, retrieving, transferring and disposing. This paper is based on Public Key Infrastructure and proposes an eDocuments system for achieving the security needs of every eDocument stage and achieving the long-term security by using cryptography mechanism. We conclude that the system proposed satisfies the following properties: 1. We can prove the persistent security of eDocuments after long-term archiving. 2. The participant in creating stage of eDocuments does not have to re-sign the eDocuments after certificates are renewed.

[1] 行政院研考會：電子化政府推動方案，2001年。
[2] 吳宗成：系統分析與設計，三民書局，1995年。
[3] 謝清佳、吳琮璠：資訊管理 – 理論與實務，智勝文化事業公司，2003年。
[4] 經濟部商業司：2004台灣PKI年鑑。
[5] 賴溪松、韓亮、張真誠：近代密碼學及其應用，旗標出版公司，2002年。
[6] 經濟部商業司：電子簽章法，http://www.moea.gov.tw/~meco/doc/ndoc/s5_p05.htm，2002年
[7] Andreas U. Schmidt, Tobias Gondrom, Larry Masinter, “Requirements for Data Validation and Certification Services”, Internet-Draft, http://ltans.edelweb.fr/draft-ietf-ltans-notareqs-02.html, Jun 2005.
[8] Brandner R., Pordesch U., Gondrom T., “Evidence Record Syntax (ERS)”, Internet-Draft, http://ltans.edelweb.fr/draft-ietf-ltans-ers-05.txt, Feb 2006.
[9] CCITT, Recommendation X.509, “The directory – Authentication framework”, Consultation Committee, ITU Geneva, 1989.
[10] Diffie, W. and Hellman, M.E., “New directions in cryptography”, IEEE Transactions on Informaiton Theory, Vol.IT-22, 1976, pp.644-654.
[11] Garrett J. and Waters D., Preserving Digital Information, Report of the Task Force on Archiving of Digital Information, The Commission on Preservation and Access and The Research Libraries Group, Washington DC and Mountain View CA, May 1996, 64 pp.
[12] Internation Draft PKIX Working Group Adams, Sylvester, Zolotarev, Zuccherato: International X.509 Public Key Infrastructure Data Validation and Certificaion Server Protocols, 2000.
[13] ISO/IEC 13888-1, Information technology – Security Techniques – Non-repudiation – Part 1: General, 2004.
[14] ISO/IEC 13888-2, Information technology – Security Techniques – Non-repudiation – Part 2: Mechanisms using symmetric techniques, 1998.
[15] ISO/IEC 13888-3, Information technology – Security Techniques – Non-repudiation – Part 3: Mechanisms using asymmetric techniques, 1997.
[16] ISO/IEC 18014-1, Information technology – Security techniques – Time-stamping services – Part 1: Framework, 2002.
[17] ISO/IEC 18014-2, Information technology – Security techniques – Time-stamping services – Part 2: Mechanisms producing independent tokens, 2002.
[18] ISO/IEC 18014-3, Information technology – Security techniques – Time-stamping services – Part 3: Mechanisms producing linked tokens, 2002.
[19] Jerman-Blazic A., Sylvester P., Wallace C., “Long-Term Archive Protocol (LTAP)”,Internet-Draft, http://ltans.edelweb.fr/draft-ietf-ltans-ltap-01.html, , Feb 2006.
[20] Lee Kyong-Ho, Slattery O., Lu Richang, Tang Xiao, and McCrary V., 2002,“The State of the Art and Practice in Digital Preservation”, Journal of Research of the National of Standards and Technology，107(1) ：PP.93-106.
[21] Schneier, B., Applied Cryptography, John Wiley & Sons, 1996.
[22] Wallace C., Pordesch U. and Brandner R., “Long-Term Archive Service Requirements”,Internet-Draft, http://ltans.edelweb.fr/draft-ietf-ltans-reqs-05.html, Oct 2005.