题名

適用於電子商務之自我認證公開金鑰架構之設計與實作

并列篇名

Design and Implement of Self-Certified PKI Mechanism for E-commerce

作者

蘇品長(Pin-Chang Su);張鈞富(Chun-Fu Chang);黃棠建(Ryan Huang)

关键词

電子商務 ; 公開金鑰基礎設施 ; 橢圓曲線密碼系統 ; 自我認證 ; electronic commerce ; public key infrastructure ; elliptic curve cryptosystem ; self-certified

期刊名称

Electronic Commerce Studies

卷期/出版年月

12卷1期(2014 / 03 / 31)

页次

73 - 92

内容语文

繁體中文
中文摘要

鑑於通訊網路及電腦計算技術進步,電子商務應用日益蓬勃發展,電子商務系統的安全性成為研究的關鍵問題。公開金鑰基礎設施(public key infrastructure, PKI)為實現電子商務安全的關鍵基礎技術,解決網路上身分認證、資訊完整性和不可否認性等安全問題,確保電子交易有效、安全地進行;PKI同時也存在對憑證中心(certificate authority, CA)的信任問題。本研究基於橢圓曲線密碼系統,設計及實作具自我驗證能力之PKI架構。註冊階段,可確保憑證中心不能偽造用戶的公鑰;使用階段,成員能在沒有CA參與的過程中,獨立相互驗證,降低系統依存性。本設計之架構,因為減低了對於CA的依存性,可以更有效地減低對CA安全管理方面的衝擊,以及在金鑰管理上的負擔。
英文摘要

Electronic commerce application grows vigorously, owing to advanced information network and operating technology of computer. The security of E-commerce systems becomes a key issue for research. Public key infrastructure (PKI) technology is emerging as the foundation for e-commerce security. PKI security helps to establish and maintain a trustworthy networking environment such as authentication, integrity, non-repudiation in place. However, there are certain trust issues exist between CA and members in a PKI context. This study introduces a self-certified public key cryptosystem with elliptic curve cryptosystem (ECC). With the authentication design of self-certified function, communicating peers not only can use secret parameters to ensure their compliance securely while running their identity checks, but also apply the context to rapidly perform identity authentication without other trusted servers during the key agreement phase. Therefore, the proposed measure is able to reduce the dependence on CA certification, and help decrease the administrative burden of CA key management.
主题分类 基礎與應用科學 > 資訊科學
社會科學 > 經濟學
参考文献
  1. Bao, F.(2000).Introducing Decryption Authority into PKI.Computer Security Applications, ACSAC '00
  2. Barker, E.,Barker, W.,Burr, W.,Polk, W.,Smid, M.(2012).Recommendation for Key Management-Part 1: General (Revision 3).NIST special publication,800,57.
  3. Chang, Y. F.,Chang, C. C.,Huang, H. F.(2005).Digital Signature with Message Recovery Using Self-Certified Public Keys without Trustworthy System Authority.Applied Mathematics and Computation,161(1),211-227.
  4. Geng, L.X.,Zeng, Z. X.,Zhang, X. M.(2007).Research on PKI-Based E-Commerce Security Mechanism.WiCom'07
  5. Girault, M.(1991).Self-Certified Public Keys.Advances in Cryptology-EuroCrypt'91
  6. Koblitz, N.(1987).Elliptic Curve Cryptosystems.Mathematics of Computation American Mathematical Society,48,203-209.
  7. Miller, V. S.(1985).Use of Elliptic Curve in Cryptography.Advance in Cryptography-Cryto'85
  8. Shamir, A.(1985).Identity-Based Cryptosystems and Signature Schemes.Advances in Cryptology
  9. Shao, Z.(2007).Self-Certified Signature Scheme from Pairings.Journal of Systems and Software,80(3),388-395.
  10. Shao, Z.(2009).Security of Self-Certified Signatures.Information Processing Letters,109(20),1147-1150.
  11. Shao, Z.(2001).Cryptographic Systems Using a Self-Certified Public Key Based on Discrete Logarithms.IEE Proceedings-Computers and Digital Techniques,148(6),233-237.
  12. Shi, W.,Zhou, Y.(2008).An Improvement of Sui et al's Second ID-Based Key Issuing Protocol.ICICIC'08
  13. Su, P.C.(2011).Enhanced Short Signature Scheme with Hybrid Problems.Computers & Electrical Engineering,37(2),174-179.
  14. Su, P.C.,Tsai, C.H.(2010).Self-Certified Key Exchange Scheme Based on Hybrid Mode Problems.Journal of Chung Cheng Institute of Technology,39(1),123-135.
  15. Tsaur, W. J.(2005).Several Security Schemes Constructed Using ECC-Based Self-Certified Public Key Cryptosystems.Applied Mathematics and Computation,168(1),447-464.
  16. Tseng, Y. M.,Jan, J. K.,Chien, H. Y.(2003).Digital Signature with Message Recovery Using Self-Certified Public Keys and Its Variants.Applied Mathematics and Computation,136(2-3),203-214.
  17. Wu, L.,Zhang, Y.,Wang, F.(2009).A New Provably Secure Authentication and Key Agreement Protocol for SIP Using ECC.Computer Standard & Interfaces,31(2),286-291.
  18. Wu, T. S.,Hsu, C. L.(2003).Threshold Signature Scheme Using Self-Certified Public Keys.Journal of System and Software,67(2),89-97.
  19. 胡國新(2000)。碩士論文(碩士論文)。大葉大學資管研究所。
  20. 張惟淙、楊中皇(2006)。PSEC-KEM 與 ECDSA 的橢圓曲線密碼軟體設計與實現。第 17 屆國際資訊管理學術研討會,高雄:
  21. 郭文雄(2011)。碩士論文(碩士論文)。國防大學管理學院資管所。
  22. 蘇品長(2007)。博士論文(博士論文)。長庚大學電機工程研究所。
被引用次数
  1. 蘇品長,楊顓豪,余庭儀(2023)。植基於智慧合約的數位內容交易電子支付方法。電子商務學報,25(3),339-363。
print cancel