| 摘要: | 根據 2011 中華民國電子商務年鑑,將近四分之三的台灣網友都有網路刷信用卡付款的 經驗。持卡人通常只要在付款網頁輸入「卡號」、「到期日」、「卡片驗證碼」即可刷卡成 功。而這些資料容易遭受盜取,例如被特洛伊木馬側錄,或由網路商店洩漏。由於只要 簡單的資料就能詐騙刷卡成功, 使得「網路盜刷」在整體「信用卡詐欺」的金額已從 2009 年的 40%增加到 2011 年第 3季的 60%。試想,如果付款訊息不需任何個資(卡號, 帳號,身份證號等),則可免除因帳卡號被盜的網路盜刷行為。本研究計畫提出一個「不 可追蹤性的電子現金」–-由一連串未指涉到任何帳號或個人身分的數據,和銀行的數 位簽章所組成––正好可抵抗上述的網路盜刷(Network Payment Fraud)或身份竊取 (identity theft)。另外,考慮到系統建置成本,以身份資訊為公開金鑰的 ID-based 密碼 系統,可免除憑證管理和公開金鑰基礎建設等成本。故本研究的目標是:考量台灣目前 的金融網路架構、安全交易機制,網友網路付款習慣,付款和入帳時效性,及配合目前 ID-based 密碼系統已制定或正在制定的標準,實作一個 ID-based 不可追蹤性的電子現 金。
According to the E-commerce Yearbook of the Republic of China in 2011, there are nearly three-quarters of users in Taiwan experienced malicious brush of credit card payment on the Internet. The card holder usually can succeed in swiping the card as long as he enters the payment page and correctly inputs the "card number", "maturity", "card verification code”. However, the data they entered is vulnerable to stealth; for example, from Trojan horses skimming or e-shops leakage. Due to that simple information may succeed in impersonating legal credit cards, makes the "Internet Pirates brush" in the overall amount of credit card fraud from 40% in 2009 to 60% in the third quarter of 2011. If the payment message does not contain any owned card number, account number, or ID number, etc., the Internet fraudulent behavior due to the account or card number stolen can be reduced. From this point of view, this project attempts to propose an untraceable electronic cash which does not comprise any account or personal identity data, but encompasses the bank's digital signature, to resist against the "Internet Pirates brush" (Network Payment Fraud) and identity theft. On the other hand, observing that the advantage in setting up an ID-based bilinear pairing cryptosystem does not require the public key infrastructure and certificate management, the goal of this study is hence based on it to propose and implement such an untraceable and dividable electronic cash under the consideration of current financial network architecture and security trading mechanism in Taiwan, users’ payment habits on Internet, payment and recorded in timeliness, and with the current ID-based bilinear pairing cryptosystem standards which have been developed or are being developed. |
