CAJ | 학술논문

针对典型电子商务安全协议存在的安全目标单一,不能满足日益增加的安全需求等问题,提出了一种能够满足多种安全属性的复合型电子商务安全协议,该协议包含认证子协议和支付子协议两部分.认证子协议基于令牌概念实现了高效认证及协商会话密钥.改进匿名电子现金支付协议,提出了支付子协议,引入电子证书证明交易主体的身份,确保协议非否认性的实现;借助可信方传递付款收据,避免交易主体不诚实所导致的公平性缺失;引入m传输方式传送电子货币和付款收据,确保实现可追究性与公平性,进一步增强协议的鲁棒性.
침대전형전자상무안전협의존재적안전목표단일,불능만족일익증가적안전수구등문제,제출료일충능구만족다충안전속성적복합형전자상무안전협의,해협의포함인증자협의화지부자협의량부분.인증자협의기우령패개념실현료고효인증급협상회화밀약.개진닉명전자현금지부협의,제출료지부자협의,인입전자증서증명교역주체적신빈,학보협의비부인성적실현;차조가신방전체부관수거,피면교역주체불성실소도치적공평성결실;인입m전수방식전송전자화폐화부관수거,학보실현가추구성여공평성,진일보증강협의적로봉성.
In response on the existing problems of the electronic commerce protocols,e.g.security goal is single,increasing security requires are not been satisfied.The paper proposes a compound security protocol,which has general security properties required by e-commerce protocols.The new protocol includes authentication sub-protocol and payment sub-protocol.The authentication sub-protocol can authenticate identities of important entity in the foremost time,as well as session keys used for transaction are negotiated efficiently.The payment sub-protocol is designed by improving the anonymous e-cash payment protocol.To realize its non-repudiation, certificates are used to prove the identities of the transaction entities.To avoid unfairness arisen by the dishonest transaction entities, the transmission of payment receipt is achieved by the trusted party .The proposed protocol uses FTP to transmit electronic cashes and payment receipts,which ensures achievement of accountability and fairness,and enhances the robustness of the protocol.