基于信息商品的安全微支付系统研究与设计
|
摘要
近年来,随着互联网的快速发展和普及,各种应用也相继在互联网上发展起来。互联网已经成为目前最热门的新媒介。由于互联网的开放性与便利性,再加上增长惊人的上网人数,使得互联网络成为相当庞大的市场,也因此带动了电子商务的蓬勃发展。而随着电子商务的盛行,经由互联网进行付款的需要也与日俱增。
就现行发展的电子付款系统来看,依支付金额的大小,可分为宏支付系统和微支付系统两种。宏支付系统处理的交易金额较为庞大,需要较强的密码安全机制作为交易资料的保护及身份认证,因此需要付出较大的交易处理成本。但是在网络上,除了有形的实体商品之外,无形的信息商品也占据了电子交易中相当大的一部分,由于这些商品是利用网络传送,几乎不需要包装、运送的成本,付款的金额都相当低,无法负担大额付款系统的交易处理成本,因此需要微支付系统来处理。
本文是针对微支付机制的特点,利用Hash函数及数字签名等安全技术设计出一个功能较完善的微支付系统。本论文以Millicent小额付款系统为基础,提出一个具有交易公平性和交易单元性等标准的微支付系统。系统提出了通用电子票据的概念,而且还提供了在互联网上安全传输信息商品的服务,并针对交易流程的设计等问题及解决方案做了深入探讨。最后本文依据微支付系统评判标准对现行的微支付系统与本系统在性能上进行了分析比较,证明本系统较其他微支付系统功能更加完善。
As the Internet spread widely and rapidly in recent years, there have been a variety of applications created over this globally interconnected network. The huge population and the convenience of its open architecture make the Internet a promising marketplace, which in turn causes the fabulous development of electronic commerce. To successfully accomplish transaction through the Internet, mechanisms for on-line payment are certainly one of the indispensable components.
There are two major categories of currently adopted electronic payment systems. According to the amount of money dealt with, existing systems can be divided into macropayment and micropayment systems. In macropayment systems, more overheads are introduced by complicated security mechanisms such as data encryption and authentication procedures to protect the higher valued transaction data. For substantial merchandises that need to be delivered , these additional costs may be included and hidden in the relatively expensive packaging and shipping fees. Nevertheless, this is not the case for low-priced products such as information services,
which can be distributed at almost zero cost.
In the paper, we aimed at the character of micropayment mechanism and strike out a functional complete micropayment system used the secure technology of hash function and digital Signature etc. We propose an fair and atomicity micropayment system on the well-known Millicent system, which is capable of performing off-line authentication and has the advantage of high execution speed. We not only advanced the conception of universal scrip, but also offer transmission digital products safely on the network, and explore the solution for the whole transaction. At last, according to the scale of penalty for micropayment, we analyze and compare between the current micropayment systems and our micropayment system.
就现行发展的电子付款系统来看,依支付金额的大小,可分为宏支付系统和微支付系统两种。宏支付系统处理的交易金额较为庞大,需要较强的密码安全机制作为交易资料的保护及身份认证,因此需要付出较大的交易处理成本。但是在网络上,除了有形的实体商品之外,无形的信息商品也占据了电子交易中相当大的一部分,由于这些商品是利用网络传送,几乎不需要包装、运送的成本,付款的金额都相当低,无法负担大额付款系统的交易处理成本,因此需要微支付系统来处理。
本文是针对微支付机制的特点,利用Hash函数及数字签名等安全技术设计出一个功能较完善的微支付系统。本论文以Millicent小额付款系统为基础,提出一个具有交易公平性和交易单元性等标准的微支付系统。系统提出了通用电子票据的概念,而且还提供了在互联网上安全传输信息商品的服务,并针对交易流程的设计等问题及解决方案做了深入探讨。最后本文依据微支付系统评判标准对现行的微支付系统与本系统在性能上进行了分析比较,证明本系统较其他微支付系统功能更加完善。
As the Internet spread widely and rapidly in recent years, there have been a variety of applications created over this globally interconnected network. The huge population and the convenience of its open architecture make the Internet a promising marketplace, which in turn causes the fabulous development of electronic commerce. To successfully accomplish transaction through the Internet, mechanisms for on-line payment are certainly one of the indispensable components.
There are two major categories of currently adopted electronic payment systems. According to the amount of money dealt with, existing systems can be divided into macropayment and micropayment systems. In macropayment systems, more overheads are introduced by complicated security mechanisms such as data encryption and authentication procedures to protect the higher valued transaction data. For substantial merchandises that need to be delivered , these additional costs may be included and hidden in the relatively expensive packaging and shipping fees. Nevertheless, this is not the case for low-priced products such as information services,
which can be distributed at almost zero cost.
In the paper, we aimed at the character of micropayment mechanism and strike out a functional complete micropayment system used the secure technology of hash function and digital Signature etc. We propose an fair and atomicity micropayment system on the well-known Millicent system, which is capable of performing off-line authentication and has the advantage of high execution speed. We not only advanced the conception of universal scrip, but also offer transmission digital products safely on the network, and explore the solution for the whole transaction. At last, according to the scale of penalty for micropayment, we analyze and compare between the current micropayment systems and our micropayment system.
引文
[1]William Stallings (美),密码编码学与网络安全:原理与实践(第二版),电子工业出版社,2001.
[2]M.Bellare, J.A.Garay, etal. "iKP-A Family of Secure Electronic Payment Protocols, "Julyl2, 1995.
[3]韩宝明,杜鹏,刘华.电子商务安全与支付,人民邮电出版社,北京,2001.3
[4]CyberCash, CyberCash Web Server, Reston, Virginia,1996..
[5]W.Stallings,Cryptography and Network Security,2nd Edition,Prentice-Hall, 1999.
[6]Kalakota.R,Whinston.AB著,陈雪美译.电子商务管理指南,人民邮电出版社,北京,2000.
[7]I.Anshel, M.Anshel and D.Goldfeld:" An Algebraic Method for Public-key Cryptography." Mathematical Research Letters 6,1-5,1999.
[8]Netscape Communication Corp Kipp E.B.Hickman: The SSL Protocol. Feb, 9th, 1995.
[9]H.Vogt,H.Pagnia and F.C.Gartner, "Modular Fair Exchange Protocols for Electronic Commerc, "Computer Security ApplicationsConference, Dec. 1999.
[10]王继成,武港山。Web应用开发原理与技术,机械工业出版社,北京,2003.
[11]R.L.Rivest,A.Shamir,and L.M.Adleman,"A Method for Obtaining Digital Signatures and Public-key Cryptosystems," Communications of the ACM,Feb 1978.
[12]陈兵,王立松,钱红燕。网络安全与电子商务,北京大学出版社,2002.
[13]Jean Camp,L.,Sirbu,M.,and Tygar,J.D.," Token and Notational Money in Electronic Commerce, "Proceedings of the First USENIX Workshop on Electronic Commerce, New York, U.S.A., 1995.
[14]Mackie-Mason,J.K.,and White,K.,"Evaluating and Selecting Digital Payment Mechanisms,"the 1996 Telecommunications Policy Research Conference, Mahwah, U.S.A., 1996.
[15]刘卫宁,宋伟.电子商务中在线支付的安全保障.计算机应用,1999.
[16]M.S.Manasse,"The Millicent Protocols for Electronic Commerce," Proceeding of
the 1st USENIX Workshop on Electronic Commerce,July 1995.
[17] 袁津生 吴砚农。计算机网络安全基础,人民邮电出版社,2002.
[18] Shapiro,C. and Varian,H.R., Information Rules, Harvard Business School Press 1998.
[19] Eric Maiwald (美),网络安全实用指南,清华大学出版社,2003.
[20] R.L. Rivest,A.Shamir,"PayWord and MicroMint:Two Simple Micropayment Schemes,"MIT Laboratory for Computer Science,May7,1996.
[21] Rich Helton, Johennie Helton, Java Security Solutions, Wiley Publishing, 2003
[22] B.C.Neuman, G.Medvinsky, "NetCheque, NetCash, and the Characteristics of Internet Payment Services," MIT Workshop on Internet Economics. Mar ,1995.
[23] Torben P.Pedersen, Electronic Payment of Small Amounts, Lecture Notes in Computer Science, 1997.
[24] Paul-Andre Pays and Fabrice de Comarmond, "An Intermediation and Payment System Technology," The fifth international World Wide Web Conference, May 1996.
[25] Ralf Hauser, Michael Steiner and Michael Waidner, Micro-Payments Based on iKP,IBM,Jan i996.
[26] Carsten Schmidt and Rudolf Muller, A Framework For MicroPayment Evaluation, June 1997.
[2]M.Bellare, J.A.Garay, etal. "iKP-A Family of Secure Electronic Payment Protocols, "Julyl2, 1995.
[3]韩宝明,杜鹏,刘华.电子商务安全与支付,人民邮电出版社,北京,2001.3
[4]CyberCash, CyberCash Web Server, Reston, Virginia,1996..
[5]W.Stallings,Cryptography and Network Security,2nd Edition,Prentice-Hall, 1999.
[6]Kalakota.R,Whinston.AB著,陈雪美译.电子商务管理指南,人民邮电出版社,北京,2000.
[7]I.Anshel, M.Anshel and D.Goldfeld:" An Algebraic Method for Public-key Cryptography." Mathematical Research Letters 6,1-5,1999.
[8]Netscape Communication Corp Kipp E.B.Hickman: The SSL Protocol. Feb, 9th, 1995.
[9]H.Vogt,H.Pagnia and F.C.Gartner, "Modular Fair Exchange Protocols for Electronic Commerc, "Computer Security ApplicationsConference, Dec. 1999.
[10]王继成,武港山。Web应用开发原理与技术,机械工业出版社,北京,2003.
[11]R.L.Rivest,A.Shamir,and L.M.Adleman,"A Method for Obtaining Digital Signatures and Public-key Cryptosystems," Communications of the ACM,Feb 1978.
[12]陈兵,王立松,钱红燕。网络安全与电子商务,北京大学出版社,2002.
[13]Jean Camp,L.,Sirbu,M.,and Tygar,J.D.," Token and Notational Money in Electronic Commerce, "Proceedings of the First USENIX Workshop on Electronic Commerce, New York, U.S.A., 1995.
[14]Mackie-Mason,J.K.,and White,K.,"Evaluating and Selecting Digital Payment Mechanisms,"the 1996 Telecommunications Policy Research Conference, Mahwah, U.S.A., 1996.
[15]刘卫宁,宋伟.电子商务中在线支付的安全保障.计算机应用,1999.
[16]M.S.Manasse,"The Millicent Protocols for Electronic Commerce," Proceeding of
the 1st USENIX Workshop on Electronic Commerce,July 1995.
[17] 袁津生 吴砚农。计算机网络安全基础,人民邮电出版社,2002.
[18] Shapiro,C. and Varian,H.R., Information Rules, Harvard Business School Press 1998.
[19] Eric Maiwald (美),网络安全实用指南,清华大学出版社,2003.
[20] R.L. Rivest,A.Shamir,"PayWord and MicroMint:Two Simple Micropayment Schemes,"MIT Laboratory for Computer Science,May7,1996.
[21] Rich Helton, Johennie Helton, Java Security Solutions, Wiley Publishing, 2003
[22] B.C.Neuman, G.Medvinsky, "NetCheque, NetCash, and the Characteristics of Internet Payment Services," MIT Workshop on Internet Economics. Mar ,1995.
[23] Torben P.Pedersen, Electronic Payment of Small Amounts, Lecture Notes in Computer Science, 1997.
[24] Paul-Andre Pays and Fabrice de Comarmond, "An Intermediation and Payment System Technology," The fifth international World Wide Web Conference, May 1996.
[25] Ralf Hauser, Michael Steiner and Michael Waidner, Micro-Payments Based on iKP,IBM,Jan i996.
[26] Carsten Schmidt and Rudolf Muller, A Framework For MicroPayment Evaluation, June 1997.