因為電子商務快速的發展近幾年,電子付款方法的研究已進行數年,但是在電子旅行者支票的研究是很少見到的。最近,劉等提出一個基於單向雜湊函數的電子旅行支票安全系統,他們宣稱這個方案是安全的。然而,在這篇文章,我們發現他們的方法容易遭受金鑰洩漏模仿攻擊和平行攻擊。我們使用公鑰去避免即使私鑰被攻擊者知道也不能假冒銀行與消費者通訊,更進一步的,讓我們提出的改善方法更堅固進而被應用在電子網際網路。 Because of the rapid development of electronic commerce, electronic payment schemes have been intensively studied for several years. But there still lack large number of researchers devoted in electronic traveler's check system. Recently, Liaw et al. proposed a hash-based electronic traveler’s check system. They claimed that their scheme was secure. However, in this study we will indicate that their scheme is vulnerable to the key compromise impersonation and parallel session attacks. Further, we will improve their scheme to prevent such attacks. Our improvement uses the customer’s public key to avoid the deficiency such that even if an attacker knows the private key of a customer, he/she cannot masquerade as the bank to communicate with the customer. This makes our improvement a more robust electronic traveler’s check scheme for adoption as a reliable method on the Internet.
