密码技术及其在电子支付中的应用
|
摘要
电子支付是电子商务的重要部分,没有电子支付的商务不是电子商务。电子商务的多样性决定了电子支付的多样性。电子支付系统主要分为大额支付系统、小额支付系统及微支付系统,大额支付系统对安全有较高的要求,微支付系统对效率有较高的要求。电子现金是实现小额支付系统和微支付系统的主要手段,密码技术是设计电子现金系统的主要工具。基于Brands假设,设计了两个适用于小额支付的离线电子现金系统:一个是具有完全匿名性的离线不可分电子现金系统,另一个是可撤消匿名性的离线不可分电子现金系统,这两个系统都较好地解决了银行服务器的瓶颈问题;针对即付即用(pay-per-use)类型电子商务和移动商务的支付需求,基于“虚借记”的概念,设计了一个微支付系统NPAY,较好地解决了消费者超额消费问题,系统的通讯开销也大大减少,并且消费者可以匿名消费。
Electronic payment is an essential part of electronic commerce. The variety of electronic commerce breeds the variety of electronic payment. The electronic payment system consists of macro-payment system, small-payment system and micro-payment system. Macro-payment system is in great need of security and the micro-payment system is in great need of efficiency. Electronic cash is the main method to implement small-payment system and micro-payment system, while the cryptotechnology is a main approach to designing electronic cash system. Based on the hypothesis of Brands, this thesis presents two off-line electronic cash system applied to small payment: one is an off-line nondivisible electronic cash system with complete anonymity, and the other is an off-line nondivisible electronic cash'system with repealed anonymity. The two systems can solve the bottleneck problem of bank server. Furthermore, based on the concept of virtual debit as well as the payment demand of pay-per-use electronic commerce and mobile co
mmerce, this paper designs a micro-system NPAY, which can solve the problem of extra-consuming, greatly reduce the system communication overhead, and the consumer can anonymously consume.
Electronic payment is an essential part of electronic commerce. The variety of electronic commerce breeds the variety of electronic payment. The electronic payment system consists of macro-payment system, small-payment system and micro-payment system. Macro-payment system is in great need of security and the micro-payment system is in great need of efficiency. Electronic cash is the main method to implement small-payment system and micro-payment system, while the cryptotechnology is a main approach to designing electronic cash system. Based on the hypothesis of Brands, this thesis presents two off-line electronic cash system applied to small payment: one is an off-line nondivisible electronic cash system with complete anonymity, and the other is an off-line nondivisible electronic cash'system with repealed anonymity. The two systems can solve the bottleneck problem of bank server. Furthermore, based on the concept of virtual debit as well as the payment demand of pay-per-use electronic commerce and mobile co
mmerce, this paper designs a micro-system NPAY, which can solve the problem of extra-consuming, greatly reduce the system communication overhead, and the consumer can anonymously consume.
引文
[1] 王育民,何大可.保密学—基础与应用.西安:西安电子科技出版社,1990
[2] William, S., Cryptography and Network Security, Principles and Practice,北京:电子工业出版社,2001
[3] 冯登国,吴文玲,分组密码的设计与分析.北京:清华大学出版社,2000
[4] 冯登国,裴定一.密码学导引.北京:科学出版社,1999.
[5] 冯登国,频谱理论及其在密码学中的应用.北京:科学出版社,2000
[6] 梁晋等.电子商务核心技术.西安:西安电子科技大学出版社,2000
[7] Schneier, B.,Applied Cryptography, Protocols, Algorithms and Source Code in C, Second Edition. New York:John Wiley & Sons Inc.,1996
[8] 胡予濮等。对称密码学.北京:机械工业出版社,2002
[9] Shannon,C.E.,Communication Theory of Secrecy System. Bell Syst. Tech. J:Vol.28:pp.656-715,1949
[10] 万哲先.代数和编码.北京:科学出版社,1985
[11] 张禾瑞.近世代数基础.北京:高等教育出版社,1978
[12] 潘承洞,潘承彪.简明数论.北京:北京大学出版社,1998
[13] Diffie,W.,Hellman,M.,New Directions in Cryptography. IEEE Transaction on Information Theory, Vol. IT-22(6),pp.644-654,Nov. 1976
[14] Rivest,R.L.,Shamir, A.,and Adleman,L.A Method for Obtaining Digital Signature and Public-key Cryptosystem,Comm. ACM Vol.21(2),pp. 120-126,Feb. 1978
[15] Delaurentis,J.M.,A further Weakness in the Common Modulus Protocols for RSA Cryptosystem,Cryptologia,8(1984),pp. 253-259
[16] Hastad,J.,On Using RSA with Low Exponent in a Public-key Network, Advance in Cryptology-Crypto'85,Berlin:Sringer-Verlag,pp403-408,1986
[17] Weiner,M.J.,Cryptanalysis of Short RSA Short Exponents,IEEE
Transactions on Information Theory,Vol.36,No.3,pp.553-558,May. 1990
[18] RSA Laboratories. PKCS #1:RSA Cryptography Standard, Version 1.5, November 1993
[19] Lai X.J.,Massey J. L., A Proposal for a New Block Encryption Standard, Advances in Cryptology-Europcrypt 90,Berlin:Spring-er-Verlag,pp.389-404,1991
[20] Lai X. J.,On the Design and Security of Block Ciphers ETH Series in Information Processing,Vol.1,Konstanz:Hartung-Gorre Verlag, 1992
[21] Hawkes p.,Connor, L.O.,On Applying Linear Cryptanalysis to IDEA, Advance in Cryptology-Asiacrypt' 96,Springer-Verlag,pp.105-115,1996
[22] Pieprzyk,J.,Sadeghiyan,B.,Design of Hashing Algorithms,Springer-Verlag, 1993
[23] Rivest,R.,The MD5 Message Digest Algorithm,RFC 1321,Apr. 1992
[24] Secure Hash Standard, National Bureau of Standards FIPS Publication 180,1993
[25] Damgard,I.B.,A Design Principle for Hash Functions Advances in Cryptology-Crypto' 89,Springer-Verlag, 1990,pp.416-427
[26] Girault,M.,Cohen,R.,and Campana,M.,A Generalized Birthday Attack, Advances in Cryptology-Crypto'88,Springer-Verlag, 1989, pp.129-156
[27] Elgamal,L.,A Public Key Cryptosystem and a Signature Base on Discrete Logarithm, IEEE Transactions on Information Theory, 31(1985),pp.469-472
[28] FIPS PUB XX,1993 February 1,Digital Signature Standard
[29] Schnorr, C.P., Efficient Signature Generation for Smart Cards, Journal of Cryptology Vol.4,No3,1991,pp. 161-174
[30] Chaum,D., Blind Signature for Untraceable Payments, Advances,in Cryptology-Crypto'82, Plenum Press,1983,pp. 199-203
[31] Chaum,D.,Blind Signature System, Advances in Cryptology-Cryp to'83,Plenum Press, 1954,p.153
[32] Stadler, M.,Piveteau,J.M. and Camenisch,J., Fair Blind Signatures, Advances in Cryptology-EUROCrypt'95,Sringer-Verlag,pp.209-219
[33] 关振胜.公钥基础设施PKI与认证机构CA.北京:电子工业出版社,2002
[34] Chaum, D., Fiat, A. and Naor, M., Untraceable Electronic Cash, Advances in Cryptology-Crypto'88,Springer-Verlag,1990, pp.319-327
[35] Franklin, M.K.,Yung, M., Secure and Efficient On-line Digital Money, ICALP'93 LNCS 700, Springer-Verlag. 1993.
[36] Jakobsson, M.,Yung, M., Revokable and Versatile Electronic Money. Proc. of the 3rd CCCS, pages 76-87. ACM press, 1996
[37] Brands,S., An Efficient off-line Electronic Cash System Based on the Representation Problem, http://ntrg.cs.tcd.ie/mepeirce/Project/Mlists/brands.html
[38] Brands,S., Untraceable Off-line Cash in Wallets with Observers, Advances in Cryptology-Crypto'93,Springer-Verlag, 1994,pp.302-318
[39] Okamoto,T.,Ohta,K.,Disposable Zero-knowledge Authentication and Their Applications to Untraceable Electronic Cash,In Advanced in Cryptology, Proc. Crypto'89,Springer-Verlag,Santa Barbara California, 1990
[40] Chaum,D.,Pedersen,T.P., Wallet Database with Observers, In Advances Cryptology, Proc. Of Crypto'92,Springer-Verlag, 1993
[41] Gramer, R., Pedersen,T.P., Improved Privacy in wallets with observers, In Advances Cryptology, Proc. Of Eurocrypto'93, Springer-Verlag, 1993
[42] Okamoto,T.,Ohta,K.Universal Electronic Cash, In Advanced in Cryptology-Crypto'91,Santa Barbara,California, 1992,pp.324-337
[43] Kai CHEN, Shimin WEI and Guozhen XIAO,A New Approach to
the Divisible E-cash System,IFIP, WCC2000-SEC2000,2000.8, Beijing,pp.271-274
[44] Brickell,E.F.,Gemmell,P. and Kravitz,D.,Trystee-based tracing Extensions to Anonymous Cash and Making of Anonymous Change,In Symposium on Distributed Algorithms (SODA),Albu-querque,N M, 1995
[45] Camenisch,J.,Maurer,U., and Stadler,M.,Digital Payment System with Passive Anonymity-revoking Trustees,In Esorics'96,Italy, Springer-Verlag, 1996,pp.33-43
[46] Camenisch,J.,Piveteau,M., and Stadler,M.,An Efficient fair Payment System .ACM-CCS,March 1996
[47] Frankel,Y.,Tsiounis,Y.,and Yung,M.,Indirct discourse Proofs: Achieving fair off-line e-cash. In Advances in Cryptology, Proc. of Asiacrypt'96,springer-Verlag, 1996
[48] Lysyanskaya, A., Ramzan,Z., Group Blind Digital Signatures:A scalable Solution to Electronic Cash In Proceedings of Finacial Cryptography'98, 1998,pp. 184-197
[49] 陈恺.电子现金系统与公钥基础设施研究.西安电子科技大学博士研究生论文.2001
[50] Rivest, R., Shamir, A., PayWord and MicroMint: Two simple micropayment protocol, Proc.Security Protocol 1996,Spinger LNCS 1189,pages 69-88. http://theory.lcs.mit.edu/~rivest/RivestShamir-mpay.ps.
[51] Compaq, Millicent microcommerce network, 1997-2000.http://www.millicent.com/home.html.
[52] Rivest, R., Electronic Lottery Tickets as Micro-Cash. In Financial Cryptography'97, LNCS 1318. Springer-Verlag, 1997.
[53] Internet Keyed Payment Protocols (iKP). http://www.Zurich.ibm. com:80/Technology/Security/extern/ecommerce/iKP_overview.htm
[54] Jarecki, S., Odlyzko, A.,An Efficient Micropayment Scheme based on probabilistic Polling, Financial Cryptography'97, LNCS 1318.
Springer-Verlag, 1997.
[55] G. Medvinsky and C. Neuman. Netcash: A Design for Practical Electronic Currency on the Internet. In Second ACM Conference on Computer and Communication Security, 1994.
[56] Pedersen,T., Electronic Payments of Small Amounts. Proc.Security Protocol 1996,Spinger LNCS 1189,pages 56-68
[57] Mondex International Ltd. Mondex electronic cash, 1996. http://www.mondex.com/.
[58] Wang H., Zhang Y. A Protocol for Untraceable Electronic cash, Proceedings of the First International Conference on Web-Age Information Management, volume 1846 of Lectures Notes in Computer Science, pages 189-197. Springer-Verlag, 2000.
[59] S. Glassman, M. Manasse, et. al. The Millicent Protocol for inexpensive Electronic Commerce. http://www.research.digital.com/SRC/millicent/papers/millicentw-3c4/millicent.html.
[60] Eui-Suk Chung, Daniel Dardailler. White Paper: Joint Electronic Payment Initiative,http://www.w3.org/Ecommerce/white-paper#sec5.2.
[61] Tang,B.,A Set of Protocol for Micropayment in Distributed Server, Proceedings of the first USENIX Workshop of Electronic Commerce New York,USA, 1995,pp.107-116
[62] Peirce,M.,O'Mahony, D.,Flexible Real-Time Payment Methods for Mobile Communications[J],IEEE Personal Communications,1999,6(6),pp.44-55
[63] RFC 2510,PKI Certificate Management Protocols,March 1999
[64] Secure Electronic Transactions,http://www.mastercard.com/set[EB/OL][65] SET,Secure electronic Transaction Book 1,2,1997,http://www.setco.org
[65] SSL3.0 Specification, http://www.netscape.com/eng/ssl3/
[66] AES home page:http://aes.nist.gov/aes/
[67] eCheck Initiative, http://www.echeck.org
[68] NetBill, http://www.netbill.com
[69] FSTC(Financial Services Technology Consortium), http://www.fstc.org
[70] US Paytent US05677955,US06021202,06209095
[71] MeT Initiative, Mobile Electronic Transactions Initiative, http://www.mobiletransaction.org
[2] William, S., Cryptography and Network Security, Principles and Practice,北京:电子工业出版社,2001
[3] 冯登国,吴文玲,分组密码的设计与分析.北京:清华大学出版社,2000
[4] 冯登国,裴定一.密码学导引.北京:科学出版社,1999.
[5] 冯登国,频谱理论及其在密码学中的应用.北京:科学出版社,2000
[6] 梁晋等.电子商务核心技术.西安:西安电子科技大学出版社,2000
[7] Schneier, B.,Applied Cryptography, Protocols, Algorithms and Source Code in C, Second Edition. New York:John Wiley & Sons Inc.,1996
[8] 胡予濮等。对称密码学.北京:机械工业出版社,2002
[9] Shannon,C.E.,Communication Theory of Secrecy System. Bell Syst. Tech. J:Vol.28:pp.656-715,1949
[10] 万哲先.代数和编码.北京:科学出版社,1985
[11] 张禾瑞.近世代数基础.北京:高等教育出版社,1978
[12] 潘承洞,潘承彪.简明数论.北京:北京大学出版社,1998
[13] Diffie,W.,Hellman,M.,New Directions in Cryptography. IEEE Transaction on Information Theory, Vol. IT-22(6),pp.644-654,Nov. 1976
[14] Rivest,R.L.,Shamir, A.,and Adleman,L.A Method for Obtaining Digital Signature and Public-key Cryptosystem,Comm. ACM Vol.21(2),pp. 120-126,Feb. 1978
[15] Delaurentis,J.M.,A further Weakness in the Common Modulus Protocols for RSA Cryptosystem,Cryptologia,8(1984),pp. 253-259
[16] Hastad,J.,On Using RSA with Low Exponent in a Public-key Network, Advance in Cryptology-Crypto'85,Berlin:Sringer-Verlag,pp403-408,1986
[17] Weiner,M.J.,Cryptanalysis of Short RSA Short Exponents,IEEE
Transactions on Information Theory,Vol.36,No.3,pp.553-558,May. 1990
[18] RSA Laboratories. PKCS #1:RSA Cryptography Standard, Version 1.5, November 1993
[19] Lai X.J.,Massey J. L., A Proposal for a New Block Encryption Standard, Advances in Cryptology-Europcrypt 90,Berlin:Spring-er-Verlag,pp.389-404,1991
[20] Lai X. J.,On the Design and Security of Block Ciphers ETH Series in Information Processing,Vol.1,Konstanz:Hartung-Gorre Verlag, 1992
[21] Hawkes p.,Connor, L.O.,On Applying Linear Cryptanalysis to IDEA, Advance in Cryptology-Asiacrypt' 96,Springer-Verlag,pp.105-115,1996
[22] Pieprzyk,J.,Sadeghiyan,B.,Design of Hashing Algorithms,Springer-Verlag, 1993
[23] Rivest,R.,The MD5 Message Digest Algorithm,RFC 1321,Apr. 1992
[24] Secure Hash Standard, National Bureau of Standards FIPS Publication 180,1993
[25] Damgard,I.B.,A Design Principle for Hash Functions Advances in Cryptology-Crypto' 89,Springer-Verlag, 1990,pp.416-427
[26] Girault,M.,Cohen,R.,and Campana,M.,A Generalized Birthday Attack, Advances in Cryptology-Crypto'88,Springer-Verlag, 1989, pp.129-156
[27] Elgamal,L.,A Public Key Cryptosystem and a Signature Base on Discrete Logarithm, IEEE Transactions on Information Theory, 31(1985),pp.469-472
[28] FIPS PUB XX,1993 February 1,Digital Signature Standard
[29] Schnorr, C.P., Efficient Signature Generation for Smart Cards, Journal of Cryptology Vol.4,No3,1991,pp. 161-174
[30] Chaum,D., Blind Signature for Untraceable Payments, Advances,in Cryptology-Crypto'82, Plenum Press,1983,pp. 199-203
[31] Chaum,D.,Blind Signature System, Advances in Cryptology-Cryp to'83,Plenum Press, 1954,p.153
[32] Stadler, M.,Piveteau,J.M. and Camenisch,J., Fair Blind Signatures, Advances in Cryptology-EUROCrypt'95,Sringer-Verlag,pp.209-219
[33] 关振胜.公钥基础设施PKI与认证机构CA.北京:电子工业出版社,2002
[34] Chaum, D., Fiat, A. and Naor, M., Untraceable Electronic Cash, Advances in Cryptology-Crypto'88,Springer-Verlag,1990, pp.319-327
[35] Franklin, M.K.,Yung, M., Secure and Efficient On-line Digital Money, ICALP'93 LNCS 700, Springer-Verlag. 1993.
[36] Jakobsson, M.,Yung, M., Revokable and Versatile Electronic Money. Proc. of the 3rd CCCS, pages 76-87. ACM press, 1996
[37] Brands,S., An Efficient off-line Electronic Cash System Based on the Representation Problem, http://ntrg.cs.tcd.ie/mepeirce/Project/Mlists/brands.html
[38] Brands,S., Untraceable Off-line Cash in Wallets with Observers, Advances in Cryptology-Crypto'93,Springer-Verlag, 1994,pp.302-318
[39] Okamoto,T.,Ohta,K.,Disposable Zero-knowledge Authentication and Their Applications to Untraceable Electronic Cash,In Advanced in Cryptology, Proc. Crypto'89,Springer-Verlag,Santa Barbara California, 1990
[40] Chaum,D.,Pedersen,T.P., Wallet Database with Observers, In Advances Cryptology, Proc. Of Crypto'92,Springer-Verlag, 1993
[41] Gramer, R., Pedersen,T.P., Improved Privacy in wallets with observers, In Advances Cryptology, Proc. Of Eurocrypto'93, Springer-Verlag, 1993
[42] Okamoto,T.,Ohta,K.Universal Electronic Cash, In Advanced in Cryptology-Crypto'91,Santa Barbara,California, 1992,pp.324-337
[43] Kai CHEN, Shimin WEI and Guozhen XIAO,A New Approach to
the Divisible E-cash System,IFIP, WCC2000-SEC2000,2000.8, Beijing,pp.271-274
[44] Brickell,E.F.,Gemmell,P. and Kravitz,D.,Trystee-based tracing Extensions to Anonymous Cash and Making of Anonymous Change,In Symposium on Distributed Algorithms (SODA),Albu-querque,N M, 1995
[45] Camenisch,J.,Maurer,U., and Stadler,M.,Digital Payment System with Passive Anonymity-revoking Trustees,In Esorics'96,Italy, Springer-Verlag, 1996,pp.33-43
[46] Camenisch,J.,Piveteau,M., and Stadler,M.,An Efficient fair Payment System .ACM-CCS,March 1996
[47] Frankel,Y.,Tsiounis,Y.,and Yung,M.,Indirct discourse Proofs: Achieving fair off-line e-cash. In Advances in Cryptology, Proc. of Asiacrypt'96,springer-Verlag, 1996
[48] Lysyanskaya, A., Ramzan,Z., Group Blind Digital Signatures:A scalable Solution to Electronic Cash In Proceedings of Finacial Cryptography'98, 1998,pp. 184-197
[49] 陈恺.电子现金系统与公钥基础设施研究.西安电子科技大学博士研究生论文.2001
[50] Rivest, R., Shamir, A., PayWord and MicroMint: Two simple micropayment protocol, Proc.Security Protocol 1996,Spinger LNCS 1189,pages 69-88. http://theory.lcs.mit.edu/~rivest/RivestShamir-mpay.ps.
[51] Compaq, Millicent microcommerce network, 1997-2000.http://www.millicent.com/home.html.
[52] Rivest, R., Electronic Lottery Tickets as Micro-Cash. In Financial Cryptography'97, LNCS 1318. Springer-Verlag, 1997.
[53] Internet Keyed Payment Protocols (iKP). http://www.Zurich.ibm. com:80/Technology/Security/extern/ecommerce/iKP_overview.htm
[54] Jarecki, S., Odlyzko, A.,An Efficient Micropayment Scheme based on probabilistic Polling, Financial Cryptography'97, LNCS 1318.
Springer-Verlag, 1997.
[55] G. Medvinsky and C. Neuman. Netcash: A Design for Practical Electronic Currency on the Internet. In Second ACM Conference on Computer and Communication Security, 1994.
[56] Pedersen,T., Electronic Payments of Small Amounts. Proc.Security Protocol 1996,Spinger LNCS 1189,pages 56-68
[57] Mondex International Ltd. Mondex electronic cash, 1996. http://www.mondex.com/.
[58] Wang H., Zhang Y. A Protocol for Untraceable Electronic cash, Proceedings of the First International Conference on Web-Age Information Management, volume 1846 of Lectures Notes in Computer Science, pages 189-197. Springer-Verlag, 2000.
[59] S. Glassman, M. Manasse, et. al. The Millicent Protocol for inexpensive Electronic Commerce. http://www.research.digital.com/SRC/millicent/papers/millicentw-3c4/millicent.html.
[60] Eui-Suk Chung, Daniel Dardailler. White Paper: Joint Electronic Payment Initiative,http://www.w3.org/Ecommerce/white-paper#sec5.2.
[61] Tang,B.,A Set of Protocol for Micropayment in Distributed Server, Proceedings of the first USENIX Workshop of Electronic Commerce New York,USA, 1995,pp.107-116
[62] Peirce,M.,O'Mahony, D.,Flexible Real-Time Payment Methods for Mobile Communications[J],IEEE Personal Communications,1999,6(6),pp.44-55
[63] RFC 2510,PKI Certificate Management Protocols,March 1999
[64] Secure Electronic Transactions,http://www.mastercard.com/set[EB/OL][65] SET,Secure electronic Transaction Book 1,2,1997,http://www.setco.org
[65] SSL3.0 Specification, http://www.netscape.com/eng/ssl3/
[66] AES home page:http://aes.nist.gov/aes/
[67] eCheck Initiative, http://www.echeck.org
[68] NetBill, http://www.netbill.com
[69] FSTC(Financial Services Technology Consortium), http://www.fstc.org
[70] US Paytent US05677955,US06021202,06209095
[71] MeT Initiative, Mobile Electronic Transactions Initiative, http://www.mobiletransaction.org