具交易匿名性之電子商務協定設計──以第三方支付為例

An Electronic Commerce Scheme for Anonymity Transactions--A Case of Third Party Payment

本研究之目的為提出一個新的電子商務協定，讓消費者於線上交易數位商品，透過第三方支付模式，除能保障買賣雙方交易的公平性，也能保有顧客匿名性。此新協定以橢圓曲線密碼學為基礎，並導入自我認證及盲簽章機制來強化交易的安全性，避免製發憑證的過程中會有偽冒用戶身分的安全弱點，同時也可以降低公鑰儲存、計算與管理的成本與風險。本研究的具體貢獻為：（1）能以較短金鑰長度達到相同之安全強度；（2）採自我認證機制，簡化認證流程；（3）達機密性、完整性、鑑別性、不可否認性、匿名性及公平性等電子商務安全要求。 This study proposes a new e-commerce protocol, and the new protocol is designed for trading digital goods through a third-party payment model. It not only ensures fair exchange, but also retains customer anonymity. This study adopts the elliptic curve cryptography (ECC) to strengthen the security of the online transaction process. In particular, self-authentication and blind signature schemes are incorporated into the proposed scheme to avoid the counterfeiting of user identity during the certificate issuing process, and also to reduce the cost and risk of public key storage, computation and management. Through the rigorous analysis, the proposed solution has three main advantages: (1) achieving the same security strength by using a shorter key; (2) simplifying the certification process by a self-authentication scheme; (3) fulfilling the basic information security requirements including confidentiality, integrity, authenticity, non-repudiation, customer anonymity and fairness.