Basic Search / Detailed Display

Author: 王威智
Wei-zhi Wang
Thesis Title: 基於橢圓曲線之自我驗證公開金鑰系統的匿名行動付費協定
Anonymous Mobile Payment Protocol Using ECC-based Self-certified Public Key System
Advisor: 吳宗成
Tzong-chen Wu
Committee: 楊維寧
Wei-ning Yang
查士朝
Shi-cho Cha
Degree: 碩士
Master
Department: 管理學院 - 資訊管理系
Department of Information Management
Thesis Publication Year: 2007
Graduation Academic Year: 95
Language: 中文
Pages: 67
Keywords (in Chinese): 行動付費橢圓曲線自我驗證匿名性不可否認性
Keywords (in other languages): Mobile Payment, ECC, Self-certified, Anonymity, Non-repudiation
Reference times: Clicks: 259Downloads: 10
Share:
School Collection Retrieve National Library Collection Retrieve Error Report

學號:M9409211
論文名稱:基於橢圓曲線之自我驗證公開金鑰系統的匿名行動付費協定 頁數:67頁
院所組別:國立臺灣科技大學 資訊管理系
畢業時間及提要別:九十五學年度第二學期碩士學位論文提要
研究生:王威智 指導教授:吳宗成 博士
論文提要內容:

隨著資訊數位化的變革、無線通訊技術的進步以及行動裝置的普及,全球行動上網人口亦逐年增加,帶動行動商務的無限商機。在行動商務中,最重要的一環即為提供安全的行動付費系統。然而,綜觀現今的行動付費系統中,主要為強調買方行動付費功能,賣方的角色功能仍侷限於一般的伺服器網站,無法達到全面性的行動付費功能。而為了避免洩露買方之交易行為或習慣,在設計行動付費協定時,須考慮將買方之身分隱藏,以保障個人隱私。此外,在行動裝置計算能力有限的情況下,如何降低計算複雜度,並達到相同的安全強度,同樣為需克服的重要課題。有鑑於此,我們的方法利用橢圓曲線密碼系統與自我驗證公開金鑰系統建置行動付費協定,使買賣雙方皆可即時地運用行動裝置完成買(付費)、賣(收費)之目的,並達到買方匿名性,同時降低運算複雜度與通訊成本。本論文所提出的方法具有以下特點;(1) 達到買賣雙方皆可利用行動裝置完成行動付費之目的;(2) 執行身分鑑別機制時,以SIM卡與通行密碼為基礎,不僅提高運算效率,並達到雙向鑑別(Mutual Authentication)之目的;(3) 達到買方匿名性;(4) 達到不可否認性,即買賣雙方無法否認已進行過的交易; (5) 達到不可假冒性,即攻擊者無法利用公開資訊計算出買方、賣方與銀行的私鑰,進而假冒買方、賣方或銀行;(6) 可抵抗通行密碼猜測攻擊。

關鍵詞:行動付費、橢圓曲線、自我驗證、匿名性、不可否認性


ABSTRACT
Due to the evolution of data digitization, improvement of wireless communication technique, and popularization of mobile devices, the utilization of mobile device on the internet is incrementally increasing. Thus, it results in a great benefit to mobile commerce. The most important thing in mobile commerce is secure mobile payment system. However, most up-to-date mobile payment systems focus on consumer’s mobile payment and the payment transaction processed on the web server by the venders. So it is far from overall mobile payment system. In order to prevent buyers from the leak of their transaction behaviors and habits, we attempt to protect personal privacy by hiding buyers’ identities on the design of mobile payment system. Moreover, we also intend to reduce complexity of computation and to achieve the same security level under limited computing power of mobile device. In our proposed scheme, we design the mobile payment protocol based on ellipse curve cryptosystem and self-certified public key system. Our proposed scheme can (1) achieve mobile payment by mobile device on both of consumers and venders; (2) efficiently achieve mutual authentication by SIM card and password on both of consumers and venders; (3) achieve anonymity of consumer; (4) achieve non-repudiation; (5) achieve non-impersonation; (6) resist password guessing attack.

Keywords: Mobile Payment, ECC, Self-certified, Anonymity, Non-repudiation

目 錄 中文摘要 i 英文摘要 iii 誌謝 iv 目錄 v 圖索引 vii 表索引 vii 第一章 緒論 1 1.1 研究背景與動機 2 1.2 研究目的 8 1.3 論文架構 10 第二章 相關研究文獻探討 11 2.1 橢圓曲線密碼系統 11 2.2 Hwang等人提出的適用於漫遊之行動付費系統 14 2.3 Hassinen等人提出的基於PKI之行動付費系統 23 2.4 Petersen等人提出的自我驗證之金鑰發行機制 28 第三章 我們所提出的方法 32 3.1 符號定義與系統模型 33 3.2 行動付費協定 36 第四章 安全性與效率評估 48 4.1 安全性分析 48 4.2 效率分析 53 第五章 結論與未來研究方向 61 參考文獻 63 附錄A 重要名詞之英、中文對照表 66 圖 索 引 圖1.1 行動付費流程 4 圖1.2 SEMOPS行動付費解決方案 6 圖2.1 橢圓曲線之圖形 12 圖2.2 點加法示意圖 12 圖2.3 點雙倍示意圖 13 圖2.4 虛擬銷售點系統之付費模型 24 圖3.1 系統架構示意圖 35 圖3.2 系統流程圖(1) 37 圖3.3 系統流程圖(2) 37 圖3.4 註冊階段 38 圖3.5 交易初始階段 39 圖3.6 金鑰協議階段 43 圖3.7 交易階段 45 表 索 引 表4.1 本論文方法各角色計算複雜度分析 56 表4.2 Hassinen的方法各角色計算複雜度分析 57 表4.3 與其他方法之計算複雜度比較表 57 表4.4 各階段的通訊傳輸量 58

參考文獻
賴溪松、韓亮、張真誠,「近代密碼學及其應用」,旗標出版公司,2002年。
[陳01] 陳宗保,「行動電子商務環境下安全協定之研究」,大葉大學 資訊管理研究所碩士論文,2001年。
[DH76] W. Diffie, M.E. Hellman, “New direction in cryptography”, IEEE Transactions on Information Theory, Vol. IT-22, No. 6, 1976, pp. 644-654.
[Dur99] Durlacher, “Mobile Commerce Report”, technical report of Durlacher Research Ltd, 1999.
[ElG85] T. ElGamal, “A public key cryptosystem and signature scheme based on discrete logarithms”, IEEE Transactions on Information Theory, Vol. IT-31, No. 4, 1985, pp. 469-472.
[Gir91] M. Girault, “Self-certified Public Key”, Lecture Notes in Computer Science, Proceedings of EuroCrypt’91, Lecture Notes in Computer Science, Vol. 547, Springer-Verlag, 1991, pp. 491-497.
[HSJ07] R.J. Hwang, S.H Shiau, and D.F. Jan, “A new mobile payment scheme for roaming services”, Electronic Commerce Research and Applications, Vol. 6, Issue 2, Summer 2007, pp. 184-191.
[HHT07] M. Hassinen, K. Hypponen, E. Trchina, “Utilizing national public-key infrastructure in mobile payment systems”, Electronic Commerce Research and Applications, In Press, Corrected Proof, Available online 20 April 2007.
[IEEE 1363] IEEE 1363 Working Group, “IEEE P1363 standard specifications for public key cryptography”.
[Kob85] N. Koblitz, “Elliptic curve cryptosystems”, Mathematics of Computation, Vol. 48, No. 17, 1985, pp. 203-209.
[LMS93] J.B. Lacy, D.P. Mitchel, and W.M. Schell, “CryptoLib: Cryptography in Software”, UNIX Security Symposium IV Proceedings, USENIX Association, 1993, pp. 1-17.
[Mil85] V.S. Miller, “Use of elliptic curves in cryptography”, Advances in Cryptology- CRYPTO’85, Springer-Verlag, 1985, pp. 417-426.
[MOI90] S. Miyaguchi, K. Ohta, and M. Iwata, “128-bit hash function (n-hash)”, Proceedings of SECURICOM'90, 1990, pp. 127-137.
[MAM06] M. Misbahuddin, M.A. Ahmed, and M.H. Shastri, “A simple and efficient solution to remote user authentication using smart cards” Innovations in Information Technonlogy, 2006, pp. 1-5.
[NIST93] National Institute of Standards and Technology, NIST FIPS PUB 180, “Secure hash standard”, U. S. Department of Commerce, 1993.
[PH97] H. Petersen and P. Horster, “Self-certified keys concepts and applications”, Proceeding of Communications and Multimedia Security’97, 1997, pp. 102-116.
[RSA78] R. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems”, Communications of the ACM, Vol.21, No. 2, 1978, pp. 120-126.
[RKVCHV04] A. Ramfos, S. Karnouskos, A. Vilmos, B. Csik, P. Hoepner, and N. Venetakis, “SEMOPS : Paying with Mobile Personal Devices”, Fourth IFIP Conference on e-Commerce, e-Business, and e-Government(13E), Toulouse, France, 2004, pp. 22-27.
[Sha84] A. Shamir, “Identity-Based Cryptosystems and Signature Schemes”, Advances in Cryptology – CRYPTO ’84, Springer-Verlag, 1984, pp. 47-53.
[Sae97] S. Saeednia, “Identity-based and self-certified key exchange protocols”, Information Security and Privacy : ACISP’97, 1997, pp. 303-313.
[VK99] R. J. Vetter and R. Kalakota, “Mobile Commerce : A new frontier”, IEEE Transaction on Knowledge and Data Engineering, 1999, pp. 509-525.
[WCL98] T.C. Wu, Y.S. Chang, and T.Y. Lin, “Improvement of Saeednia’s self-certified key exchange protocols”, IEE Electronic Letters, Vol. 34, No. 11, May 1998, pp. 1094-1095.
[ZC03] X. Zheng and D. Chen, “Study of Mobile Payments System”, IEEE International Conference on E-Commerce (CEC 2003), 2003.

QR CODE