


An Information Products Mechanism Based on Digital Rights




廖鴻圖(Horng-Twu Liaw);王采瑜(Tsai-Yu Wang)


數位權利 ; 以角色為基礎的存取控制 ; 電子付款 ; 資訊安全 ; 電子商務 ; Digital Right ; Role Based Access Control (RBAC) ; Electronic Payment ; Information Security ; Electronic Commerce




10卷1期(2005 / 03 / 01)


169 - 194




由於網際網路快速傳播的特性以及新興營運模式的發展,數位權利管理系統(Digital Right Management, DRM)遂因應而起,數位權利實為電子商務之核心議題之一。本文提出一應用於B2B2E架構之資訊商品數位權利機制,其除了符合數位權利定義的安全性、交易之公平性、驗證之可分割性及低成本等特性外,也改進了先前學者提出之數位權利機制所沒有的安全性及功能性,如交易過程之不可分割性、不可否認性、不可偽造性、容易註銷、可稽核性、單次註冊、計費方式具彈性及符合多種付款方式等特性;計費方式具彈性包括需一次付清定額而期限內無限制使用次數、依使用資訊商品之資訊量(Bytes)及依資訊商品之使用次數付費等;此外,並符合多種付款方式包括預付制、部份預付制及後付制之套用彈性等。在企業內部則以角色為基礎進行存取控制(Role Based Access Control, RBAC),除可防止未經授權者任意存取資訊商品外,並達有效控管之效。如此一來,更加強機制之完整性及安全性。此外,本文亦加強電子付款交易過程之不可分割性、可稽核性及完整性等要求,也進一步提昇機制中的運作效率,以確實達成數位權利所要求的效率性。因此,本機制適合於實際之資訊商品交易系統建置使用。


Because of the spreading speedy of the Internet and the developing of the new operation models, the Digital Right Management (DRM) has been generated, and it is one of the kernel issues for Electronic Commerce (EC). This thesis would propose a Digital Right scheme for information product based on the Business to Business to Employee (B2B2E) architecture. The scheme not only fits in with the definition of the Digital Right that the properties are the Security, Fairness of the trade, the Divisibility of the Verification and the Low Cost, but improves the previous scholar's scheme like the Divisibility of the traction process, the Non-repudiation, the Unforgable, the Easy Cancel, the Auditability, One Time Registration, the Multi-Consuming Types and the Multi-Payment Types. The consuming types include the lump-sum payment and one can use the product limitless time, by the Bytes of the information product or by the time one uses the information product. The Multi-Payment Types includes the pay in advance, partial pay in advance and payments in arrears. Inside the enterprise, the Role Based Access Control (RBAC) would prevent the one who does not be authorized that want to access the information product, so it could control and manage the information products for the Security and Integrity of the scheme. Besides, the thesis also enhances the properties of the electronic trade like the Non-Divisibility of the payment process, the Auditability and Integrity. The thesis also improves the operating efficiency of the electronic trading scheme and reaches the efficiency that is what the Digital Right concerns. Therefore, the scheme in the thesis is a digital right scheme to fit the practical transaction system of the information product.

主题分类 社會科學 > 管理學