金融信息安全:模型、方案与管理策略研究
|
摘要
金融信息安全不仅关系到金融机构的经济利益、关系到金融机构的竞争力和国家经济命脉安全;同时,又是一项复杂的系统工程,包括技术、管理、政策、法规等多个方面的建设。这些方面相辅相成,任何一方面的漏洞都可能对各环节产生破坏性影响;同时它们相互促进,任何一方面的进展也会有利于其他方面的建设,或暴露出相关的问题,从而得以针对性地解决。仅就技术层面而言,它不仅包括信息系统的实体安全,而且包括电子金融产品、电子金融协议的安全。本文就金融关键数据管理、电子金融协议、电子现金系统等方面进行研究,并讨论了金融信息安全系统风险评估与管理问题。
其中,关于金融关键数据管理的重要方法——秘密共享,本文给出了有限秘密下的指派秘密共享方案、权重随机性门限指派秘密共享方案、树状结构秘密共享方案、具有继承特性的秘密共享方案和异步公开可验证秘密共享方案等多个可用于不同情况下文件、数据管理的协同控制方案。这些方案与现有的方案相比,一方面更具体地考虑了方案实施的实际情况,另一方面又在实施效率(如有限秘密下的指派秘密共享方案、权重随机性门限指派秘密共享方案以及树状结构秘密共享方案)和适用性方面(如权重随机性门限指派秘密共享方案、具有继承特性的秘密共享方案以及异步公开可验证秘密共享方案)进行了必要的拓展。
关于电子金融协议,在以往提出的网上合同签署方案的基础上,通过引入“公证第三方”,进一步给出了基于公钥基础设施PKI的电子协议签署方案的优化算法,使得电子金融协议或电子金融合同的实施步骤大大简化;并在此基础上给出了具有授权功能的电子协议签署模型,从而进一步提高协议签署模型实施上的灵活性。
针对电子现金系统安全,在讨论其研究现状及安全性要求的基础上,利用盲签名技术给出了一个具有委托代理功能的电子现金系统设计方案。该方案不仅具有可分电子现金系统支付上的便利性,同时又因其委托代理功能的实现,使得在实际应用中具有更强的灵活性。
最后,针对我国金融信息系统安全现状,分析了信息安全风险评估中存在的问题,同时对国外信息安全风险评估方法进行归纳,指出了存在的差距,并给出相应的政策建议。
Financial information security is not only related to the economic benefit and competition of financial organizations, but also related to the security of native economy. At the same time, it is a complex system engineering, including technology, management, policy, law and so on, which supplements each other, for the leak of any aspect is harmful to other aspects, and the advance of any aspect is benefit to the advances of other aspects, or contributes to the exposure of corresponding problems so as to solve them. Only for the technical aspect, it not only includes the entity security, but also the security of electronic financial products, electronic financial agreements. In this paper, the management of financial key data, electronic financial agreements and electronic cash systems were researched; and at last, the problems for security risk assessment and management of the financial information systems were discussed.
For the method of the financial key data management——secret sharing, the secret sharing scheme with finite secrets, secret sharing scheme with random weights, secret sharing scheme with tree structure, secret sharing scheme with inherited characteristic, asynchronous and publicly verifiable secret sharing scheme were put forward. Compared with the existing secret sharing schemes, the more special cases were considered, and the implement efficiency (such as that of secret sharing scheme with finite secrets, secret sharing scheme with random weights, secret sharing scheme with tree structure) and applicability (such as that of secret sharing scheme with random weights, secret sharing scheme with inherited characteristic, asynchronous and publicly verifiable secret sharing scheme) were necessarily extended in these schemes.
For electronic financial agreement, the optimized method was proposed for the electronic agreement subscription model based on PKI by introducing“fair third party”, which makes the implement steps of electronic financial agreements or contracts be simplified greatly. And based on this, a model for electronic agreement with the function of authorization was put forward, which improved the flexibility of implementing these agreement-subscribed models further.
For the security of electronic cash system, the current degree of research and security requirement for it was discussed first, and then a divisible electronic cash system with the function of entrusting and proxy was put forward based on the blind signature technology. Not only the payment convenience of divisible electronic cash system, but also the flexibility of application is held in this scheme by realizing the function of entrusting and proxy.
At last, considering the security actuality of native financial information systems, the problems of risk assessment of information security were analyzed; and then the foreign methods of risk assessment of information security were summed up. At the same time, the differences between domestic and foreign cases were pointed and the corresponding suggestion was put forward.
其中,关于金融关键数据管理的重要方法——秘密共享,本文给出了有限秘密下的指派秘密共享方案、权重随机性门限指派秘密共享方案、树状结构秘密共享方案、具有继承特性的秘密共享方案和异步公开可验证秘密共享方案等多个可用于不同情况下文件、数据管理的协同控制方案。这些方案与现有的方案相比,一方面更具体地考虑了方案实施的实际情况,另一方面又在实施效率(如有限秘密下的指派秘密共享方案、权重随机性门限指派秘密共享方案以及树状结构秘密共享方案)和适用性方面(如权重随机性门限指派秘密共享方案、具有继承特性的秘密共享方案以及异步公开可验证秘密共享方案)进行了必要的拓展。
关于电子金融协议,在以往提出的网上合同签署方案的基础上,通过引入“公证第三方”,进一步给出了基于公钥基础设施PKI的电子协议签署方案的优化算法,使得电子金融协议或电子金融合同的实施步骤大大简化;并在此基础上给出了具有授权功能的电子协议签署模型,从而进一步提高协议签署模型实施上的灵活性。
针对电子现金系统安全,在讨论其研究现状及安全性要求的基础上,利用盲签名技术给出了一个具有委托代理功能的电子现金系统设计方案。该方案不仅具有可分电子现金系统支付上的便利性,同时又因其委托代理功能的实现,使得在实际应用中具有更强的灵活性。
最后,针对我国金融信息系统安全现状,分析了信息安全风险评估中存在的问题,同时对国外信息安全风险评估方法进行归纳,指出了存在的差距,并给出相应的政策建议。
Financial information security is not only related to the economic benefit and competition of financial organizations, but also related to the security of native economy. At the same time, it is a complex system engineering, including technology, management, policy, law and so on, which supplements each other, for the leak of any aspect is harmful to other aspects, and the advance of any aspect is benefit to the advances of other aspects, or contributes to the exposure of corresponding problems so as to solve them. Only for the technical aspect, it not only includes the entity security, but also the security of electronic financial products, electronic financial agreements. In this paper, the management of financial key data, electronic financial agreements and electronic cash systems were researched; and at last, the problems for security risk assessment and management of the financial information systems were discussed.
For the method of the financial key data management——secret sharing, the secret sharing scheme with finite secrets, secret sharing scheme with random weights, secret sharing scheme with tree structure, secret sharing scheme with inherited characteristic, asynchronous and publicly verifiable secret sharing scheme were put forward. Compared with the existing secret sharing schemes, the more special cases were considered, and the implement efficiency (such as that of secret sharing scheme with finite secrets, secret sharing scheme with random weights, secret sharing scheme with tree structure) and applicability (such as that of secret sharing scheme with random weights, secret sharing scheme with inherited characteristic, asynchronous and publicly verifiable secret sharing scheme) were necessarily extended in these schemes.
For electronic financial agreement, the optimized method was proposed for the electronic agreement subscription model based on PKI by introducing“fair third party”, which makes the implement steps of electronic financial agreements or contracts be simplified greatly. And based on this, a model for electronic agreement with the function of authorization was put forward, which improved the flexibility of implementing these agreement-subscribed models further.
For the security of electronic cash system, the current degree of research and security requirement for it was discussed first, and then a divisible electronic cash system with the function of entrusting and proxy was put forward based on the blind signature technology. Not only the payment convenience of divisible electronic cash system, but also the flexibility of application is held in this scheme by realizing the function of entrusting and proxy.
At last, considering the security actuality of native financial information systems, the problems of risk assessment of information security were analyzed; and then the foreign methods of risk assessment of information security were summed up. At the same time, the differences between domestic and foreign cases were pointed and the corresponding suggestion was put forward.
引文
[1] C.E.Shannon, Communication Theory of Secrecy Systems, Bell System Technical Journal, 1949, 28(4):656-715.
[2]C.H.Meyer and W.L.Tuchman, Pseudo-RandomCodes Can Be Cracked, Electronic Design, 1972, 23(11).
[3]C.H.Meyer and W.L.Tuchman, Design Considerations for Cryptography, Proceedings of the NCC, Nov 1979, 42:594-597.
[4]H.Feistel, Cryptography and Computer Privacy, Scientific American, 1973, 228, (5) :15-23.
[5]Diffie, W. and Hellman,M., New Directions in Cryptography, IEEE Transcation on Information Theory, 1976, 22(6) :644-654.
[6]Diffie, W. and Hellman, Privacy and Authentication: An Introduction to Cryptography. Proceedings of the IEEE, 1979, 67(3) :397-427.
[7]M.Rivest, A.Shamir and L.Adleman, A method for obtaining digital signatures and public-key cryptosystems, ACM Communications 21, 1978, 120-126.
[8]T.ElGamal, A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms, Advances in Cryptology: Proceedings of CRYPTO’84, Springer-Verlag, 1985, 10-18.
[9]T.ElGamal, On Computing Logarithms Over Finite Fields, Advances in Cryptology- CRYPTO’85 Proceedings, Springer-Verlag,1986,396-402.
[10]M.O.Rabin, Digital Signatures, Foundations of Secure Communication, New York: Academic Press, 1978,155-168.
[11]S.Goldwasser, S.Micali, and C.Rackoff, The knowledge Complexity of Interactive Proof Systems, Proceedings of the 17th ACM Symposium on Theory of Computing, 1985,291-304.
[12]M.Blum, A.De Santis, S.Micali, et al, Noninteractive Zero-know-ledge, SIAM Journal on Computing, Dec 1991, 20(6):1084-1118.
[13]M.Blum, P.Feldman, S.Micali, Noninteractive Zero-knowledge and Its Applications, Proceedings of the 20th ACM Symposium on Theory of Computing, 1988, 103-112.
[14]A.Shamir, How to Share a Secret, In Communications of the ACM,1979,22(11): 612-613.
[15]G.R.Blakley, Safeguaring Cryptographic Keys, Proc. AFIPS 1979 National Computer Conference, New York, NY,1979,7 : 313-317.
[16]Asmuth,C. and Bloom,J., A Modular Approach to Key Safegurarding, Texas AM University, Department of Mathematics, College Station, TX(1980).
[17]Harn, T.Hwang, C.Laih, et al, Dynamic threshold scheme based on the definition of cross-product in a N-dimensional linear space, Lecture Notes in Computer Science, Springer, Berlin, 1990, 435: 286-298.
[18]H.-U.Sun and S.-P.Shieh, On dynamic threshold schemes, Inform. Process. Lett.52,1994,52:201-206.
[19]Carlo Blundo, A note on dynamic threshold schemes, Inform. Process. Lett.55 1995,189-193.
[20]J.He, and E.Dawson, Multistage secret sharing based on one-way function, Electron.Lett, 1994,30(19):1591-1592.
[21]L.Harn, Comment: Multistage secret sharing based on one-way function, Electron. Lett, 1995,31(4):262.
[22]J.He, and E.Dawson, Multi-secret sharing scheme based on one-way function, Electron.Lett, 1995,31(2):93-94.
[23]L.Harn, Efficient sharing (broadcasting) of multiple secrets, IEEE Proc. Comput. Digit. Tech., 1995, 142(3):237-240.
[24]P.Morillo, C.Padró, G.Sáez, et al, Weighted threshold secret sharing schemes, Information Processing Letters 70,1999:211-216.
[25]J.Benaloh, J.Leichter, Generalized secret sharing and monotone functions: advances in cryptology-CRYPTO’88, Lecture Notes in Computer Science, Spring, Berlin, 1990:27-35.
[26]Karnin E D, Green J W, Hellman M E, On secret sharing systems, IEEE Trans.,1983, IT-29(1):35-41.
[27]K.J. Tan, H.W.Zhu, General secret sharing scheme, Computer Communications 1999, 22:755-757.
[28]M.Ito, A.Saito, T Nishizeki, Secret sharing scheme realizing general access structure, Proceedings IEEE Globcom’87, Tokyo, Japan, 1987,99-102.
[29]Chor,B., Goldwasser,S., Micali,S., et al, Verifiable Secret Sharing and Achieving Simultaneity in the Presence of Faults. Proc.26th IEEE Symp. On Foundations of Computer Science, Protland, OR,1985: 372-382.
[30]P.Feldman, A practical scheme for non-interactive verifiable secret sharing. In Proc.28th IEEE Symposium on Foundations of Computer Science(FOCS’87), IEEE Computer Society, 1987:427-437.
[31]T.P.Pedersen. Distributed Provers and Verifiable Secret Sharing Based on the Discrete Logarithm Problem, PhD thesis, Aarhus University, Computer Science Department, Aarhus, Denmark, March 1992.
[32]T.P.Pedersen, Non-interactive and information-theoretic secure verifiable secret sharing. In Advances in Cruptology-CRYPTO’91, Lecture Notes in Computer Science, Berlin, 1992, 576: 129-140.
[33] M.Stadler, Publicly verifiable secret sharing, In Advances in Cryptology-EURO- CRYPT’96, Lecture Notes in Computer Science, Berlin, Springer-Verlag, 1996,170:190-199.
[34]Fujisaki and T.Okamoto, A practical and provably secure scheme for publicly verifiable secret sharing and its applications, In Advanced in Cryptology-EUROCRYPT’98, Lecture Notes in Computer Science, Berlin, Spring-Verlag , 1998,1403: 32-46.
[35]B.Schoenmakers, A simple publicly verifiable secret sharing scheme and its applications to electronic voting, In M.Weiner, editor, CRYPTO’99, Springer-Verlag, 1999, 32-46.
[36]A.Herzberg, S.Jarecki, H.Krawczyk, et al, Proactive secret sharing or: How to cope with perpetual leakage, Proc.CRYPTO1995, Spring Verlag LNCS963:339-352.
[37]Naor M., Shamir A., Visual cryptography, Advances in Cryptology, EUROCRYTP’94, Springer-Verlag, 1995:1~12.
[38]Crepeau C., Cryptography in the quantum world, Information Theory and Networking Workshop,1999:27~40.
[39]Richard Cleve, Daniel Gottesman, Hoi-Kwong Lo, How to share a quantum secret, Phys.Rev.Lett,1999, 83~648.
[40]Tyc T, Sanders B C.,How to share a continuous-variable quantum secret by optical interferometry, Physical Review A,2002, 65.
[41]王育民、张方国、张福泰,一个安全、高效的广义可验证秘密分享协议,软件学报,2002,13(7):1187~1192.
[42]许春香,陈恺,肖国镇,安全的矢量空间秘密共享方案,电子学报,2002,30(5):715~718.
[43]许春香、傅小彤等,防欺诈的矢量空间秘密共享方案,西安电子科技大学学报,2002,29(4):527-529,555.
[44]费如纯、王丽娜,基于RSA和单向函数防欺诈的秘密共享体制,软件学报,2003,14(1):146-150.
[45]张劼、刘振华、温巧燕,欺骗免疫秘密共享,北京邮电大学学报,2005,28(4):83-86.
[46]王彩芬、刘军龙、贾爱库等,具有前向安全性质的秘密共享方案,电子与信息学报,2006,28(9):1714-1716.
[47]Ye Zhenjun,,Meng Fanzhen, Special secret sharing scheme with the function of assignment, Journal of Systems Engineering and Electronics, 2005, 16(3): 651~653.
[48]叶振军、孙淑珍、李国东,有限秘密下指派秘密共享方案的构造,微电子学与计算机,2007,24(3):111~112,116.
[49]Ye Zhenjun,,Meng Fanzhen, Secret sharing scheme with inherited characteristic, Journal of Systems Engineering and Electronics, 2006, 17(4): 1671-1793.
[50]M. Ben-Or, R.Canetti, and O. Goldreich , Asynchronous secure computation ,in Proc.25th Annual ACM Symposium on Theory of Computing (STOC) ,1993 ,52~61.
[51]M. Ben - Or , B. Kelmer , and T. Rabin, Asynchronous secure computation with optimal resilience, in Proc. 13th ACM Symposium on Principles of Distributed Computing (PODC) ,1994,183~192.
[52]C. Cachin , K. Kursawe , A. ysyanskaya , et.al , Asynchronous verifiable secret sharing and proactive cryptosys tems, in Proc. 9th ACM Conference on Computer and Com municationsSecurity (CCS) , 2002 ,88~97.
[53]C. Cachin , K. Kursawe , F. Petzold , and V. Shoup, Secure and efficient asynchronous broadcast protocols (extended abstract), in Proc. CRYPTO 2001 , Springer , 2001,524~541.
[54]叶振军,异步可验证秘密共享方案的构造方法,计算机与数字工程,2006,34(6):33~35.
[55]Gennaro R, Rabin M,Simplified VSS and fast-track multiparty computations with applications to threshold cryptography. Proceedings of the 1998 ACM Symposium on Principles of Distributed Computing.Puerto Vallarta, Mexico,1998:101~111
[56]黎银环,电子商务中公平交换协议及其应用研究,[硕士学位论文],重庆;重庆大学,2005.
[57]Bruce Schneier. Applied Cryptography-Protocols, algorithms, and source code in C (Second Edition). John Wiley & Sons Inc. 1996. (美)Bruce Schneier著《应用密码学—协议、算法与C源程序》吴世忠等译。北京:机械工业出版社,1999.
[58]Rivest, R.L., Shamir, A.How to expose an eavesdropper. Communications of the Association for Computing Machinery 27.1984,4: 393-395.
[59]S.Even, Y. Yacobi, Relations among pubic key signature schemes. Technical Report 175.Computer Science Dept,1980.
[60]M.Blum. Three Application of the Oblivious Transfer, Version 2.University of California at Berkeley, Ca. 94720,1981.
[61]N.Asokan, V.shoup, M.Waidner. Optimistic fair exchange of digital signatures. IEEE selected Areas in Communications. 2000.18(4): 593-610.
[62]Alexander Keller, Gautam Kar, et al., Managing Dynamic Services: A Contract Based Approach to a Conceptual Architecture, Proceedings of 8th IEEE/IFIP Network OPERATIONS and Management Symposium (NOMS 2002), Florence,Italy,April 2002.
[63]Susanne Guth, Gustaf Neumann, Mark Strembeck, Toward a Conceptual Framework for Digital Contract Composition and Fulfillment, International Workshop for Technology, Economy, Social and Legal Aspects of Virtual Goods, 2003, Illmenau, Germany. http://virtualgoods.tu-ilmenau.de/2003/toward_contract_frmwrk.pdf.
[64]Reiko Heckel, Marc Lohmann,Towards Contract-based Testing of Web Services Electronic Notes in Theoretical Computer Science 82 No. 6 (2004) URL: http://www.elsevier.nl/locate/entcs/volume82.html.
[65]Fantinato, M., Toledo, M.B.F., Gimenes, I.M.S.: A Feature-based Approach to Electronic Contracts. In: IEEE 8th CEC and 3rd EEE, IEEE Press, San Francisco 2006, 34-41.
[66]叶振军、孟繁桢、谢菲,一种网上合同签署方案的PKI模型,系统工程与电子技术,2003,25(6):730-733.
[67]D. Chaum. Blind signatures systems. Advances in Cryptology-CRYPTO’83. Plenum. 1983, 153.
[68]M. Abe and E. Fujisaki, How to Date Blind Signatures, Advances in Cryptology- ASIACRYPT '96, 1996,244-251.
[69]杜颜,基于椭圆曲线密码体制的离线可分电子支付技术研究,[硕士学位论文],合肥,合肥工业大学,2007.
[70]苏云学,电子现金支付系统的研究,[博士学位论文],郑州,解放军信息工程大学,2005.
[71]D.Chaum. Blind signatures for untraceable payments. In: Advances in Cryptology -CRYPTO’82. Santa Barbara,1982,New York, Plenum Press,1983:199-203.
[72]I.Damgaard. Payment systems and credential mechanisms with provable security against abuse by individuals. In: Advances in Cryptology-CRYPTO’88. New York,1988, Santa Barbara: Springer-Verlag, Lecture Notes in Computer Science,1990,437:328-335.
[73]胡泽军,可撤销匿名性的公平可分电子现金系统,[硕士学位论文],重庆,重庆大学,2004.
[74]彭冰,杨宗凯,离线电子现金的协议研究,[博士学位论文],武汉,华中科技大学,2004.
[75]陈庆,多银行的可撤销匿名性的可分电子现金系统,[硕士学位论文],广东,广东工业大学,2003.
[76]D.Chaum, A.Fiat, M.Naor. Untraceable electronic cash. In: Advances in Cryptology -CRYPTO’88 Proceedings, Santa Barbara: Springer-Verlag, Lecture Notes in Computer Science, 1988,403:319-327.
[77]T.Okamoto and K.Ohta. Diasposable zero-knowledge authentications and their applications to untraceable electronic cash. In: Advances in Cryptology-CRYPTO’89, Santa Barbara: Springer-Verlag, Lecture Notes in Computer Science, 1990,435:481-496.
[78]B.Pfitzmann and M.Waidner. How to break and repair a provably secure untraceable payment system. In: Advances in Cryptology-CRYPTO’91, Springer-Verlag, Lecture Notes in Computer Science, 1992,576:338-350.
[79]Matthew, K.Franklin, Moti Yung. Secure and efficient off-line digital money. In: Automata, Languages and Programming, Sweden: Spring-Verlag, Lecture Notes inComputer Science, 1993, 700:265-276.
[80]K.Franklin, Moti Yung. Towards provable secure efficient electronic cash. Report CUCS-018-92,Columbia University, Department of Computer Science,1992(4):220-230.
[81]D.Chaum and T.P.Pederson. Wallet databases with observers. In: Advances in Cryptology -CRYPTO’92, Berlin:Springer-Verlag, Lecture Notes in Computer Science, 1993,740:89-105.
[82]R.J.F.Cramer and T.P.Pederson. Improved privacy in wallets with observers. In: Advances in Cryptology-EURCRYPTO’93, Berlin:Springer-Verlag, Lecture Notes in Computer Science, 1994,765:329-343.
[83]N.Ferguson. Single term off-line coins. In: F. Brickell ed. Advances in Cryptology-EURCRYPTO’93. Berlin:Springer-Verlag, Lecture Notes in Computer Science, 1994,765:318-328.
[84]S.Brands. An efficient off-line electronic cash system based on the representation problem. Technical Report CS-R9323, Centrum voor Wiskunde en Informatica, 1993,4: 24-67.
[85]S. Brands. Off-line electronic cash based on secret-key certificates. In: T. Helleseth ed. Prodeedings of the Second International Symposium of Latin American Theoretical Informatics-LATIN’95. Valparaiso, Chile: Prentise Press, 1995,121-126.
[86]S. Brands. Untraceable off-line electronic cash in wallet with observers. In: J. Feigenbaum ed. Advances in Cryptology-CRYPTO’93. New York: Springer-Verlag, Lecture Notes in Computer Science, 1994,805:302-318.
[87]T. Okamoto and K. Ohta. Universal electronic cash. In: Joan Feigenbaum ed. Adances in Crytology-CRYPTO’91. Berlin, Germany: Springer. Lecture Notes in Computer Science, 1992, 576: 324-337.
[88]T. Okamoto. An efficient divisible electronic cash scheme: in: Don Coppersmith ed. Advances in Cryptology-CRYPTO’95. Santa Barbara, California: Springer-Verlag, Lecture Notes in Computer Science,1995,963:438-451.
[89]Agens Chan, Yair Frankel and Yiannis Tsiounis. Easy Come-Easy Go Divisible Cash: In: Kaisa Nyberg ed Advances on Cryptology-eurocrypt’98. Helsinki, Finland: Springer-Verlag, Lecture Notes in Computer Science, 1998,1403:561-575.
[90]S. Jarecki and A. Odlyxko. An Efficient Micropayment System Based on Probabilistic Polling Financial Cryptography’97, Springer-Verlag, 1997,173-191.
[91]E. Gabber and A. Siberschatz. Afora: A minimal distributed protocol for electronic commerce. In second USENIX Workshop on Electronic Commence, Oakland, California, 1996,11:223-232.
[92]Y. Yacobi. Efficient electronic money. In Advances in Cryptology, Proc. Of Asiacrypt’94, Springer-Verlag, Wollongong, Ajustralia, 1997,153-163.
[93]Stefan Brands. Electronic Cash in the Internet. In: Yair Frankel ed. Proc. Of the internet Society 1995 Symposium on Network and Distributed System Security. San Diego, Califormia: Springer-verlag, Lecture Notes in Computer Science, 1995, 812:63-71.
[94]A. Lysyanskaya and Z. Ramzan. Group blind digital signature: A scalable solution to electronic cash. In: Stefan ed. Proc. Of the 2nd Financial Cryptography Conference. Anguilla: Spring-verlag, Lecture Notes in Computer Science, 1998, 1582:184-197.
[95]Zulfikar Amin Ramzan. Group blind digital signature: Theory and Application. Master Theis. Massachusetts. USA: Massachusetts institute of Technology, 1999,5.
[96]E. Brickell, P. Gemmel and D. Kravitz. Trustee-based tracing extensions to anonymous cash and the making of anonymous change. In: von Solms ed. Proc. Of the 6th Annual Symposium on Discrete Algorithms. Berlin: Association for Computing Machinery, 1995,1:457-466.
[97]M. Stadle, J.M.Piveteau and J. Camenisch. Fair blind sibnatures. In L.C. Guillou and J.Quisquater eds. Advances in Cryptology-Eurocrypt’95. Paris: Spinger-Verlag, Lecture Notes in Computer Science, 1995, 921:209-219.
[98]J. Camenish, J.M.Piveteau, M. Stadler. An efficient fair payment system, ACM-CCS, March 1996,42(9):68-73.
[99]J.Camenish. U. Maurer, and M. Stadle. Digital payment systems with passive anonymity-revoking trustees. In: E. Bertino, H.Kurht, G. Martella eds. Computer Security ESORICS’96. Berlin: Springer verlag, Lecture Notes in Computer Science, 1996, 1146:33-43.
[100]Y. Frankel, Y. Tsiounis and M. Yung. Indirect discourse proofs: archieving efficient fair off-line E-cash. In: Ncccache ed. Advances in Cryptology-ASIACRYPT’96. Kyongju, South Korea: Springer-verlag, Lecture Notes in Computer Science, 1996, 1163(11):286-300.
[101]陈恺、张玉清,基于概率验证的可分电子现金系统,计算机研究与发展,2000,37(6):752-757.
[102]陈恺、胡予濮、肖国镇,可撤销匿名性的可分电子现金系统,西安电子科技大学学报, 2001, 28 (1):57-62.
[103]王常吉、蒋文保等,一个改进的基于限制性盲签名的电子现金系统,电子学报,2002,30(7):1083-1085.
[104]陈庆、叶妙、张益新,多银行的公正的可分电子现金系统,计算机应用, 2003,9:101-104.
[105]彭冰杨宗凯谭运猛,一个具有有限流通期的离线电子现金系统,通信学报,2004,25(6):33-39.
[106]周红生、王斌、铁玲,基于代理签名的多银行电子现金系统,上海交通大学学报,2004,38(1):79-82.
[107]郎为民、杨宗凯、吴世忠等,一种具有可恢复性的离线电子支付方案,小型微型计算机系统,2004,12: 238-240.
[108]马春光、杨义先、胡正名,一种加入有效期的离线电子现金方案,计算机工程与设计,2004,25(4):484-485,500.
[109]李梦东、杨义先,无可信第三方的离线电子现金匿名性控制,电子学报, 2005,3:74-76.
[110]马春光,杨义先,可转移离线电子现金,计算机学报,2005,3:13-20
[111]李进、王燕鸣,一个可审计的离线电子现金方案,中山大学学报(自然科学版),2005,44(5):6-9,13.
[112]彭冰、洪帆、崔国华,基于零知识证明签名和强RSA问题的可分电子现金,通信学报,2006,27(7):12-19,26.
[113]叶振军、王春峰、张庆翠,具有委托、代理功能的可分割电子现金系统,计算机工程,2007,33(5):140-142.
[114]范红、冯登国、吴亚非,信息安全风险评估方法与应用,北京:清华大学出版社,2006.52-62.
[115]R. S. Poore. Valuing information assets for security risk management. Information Systems Security, pages 13–23, September/October 2000.
[116]K. J. S. Hoo. How much is enough? A risk management approach to computer security. PhD thesis, Stanford University, 2000.
[117]L. A. Gordon and M. Loeb. Return on information security investments: Mythis vs. realities. Journal of Strategic Finance, 2002,84:26–32.
[118]L. A. Gordon and M. P. Loeb. The economics of information security investment. ACM Trans. Inf. Syst. Secur, 2002,5(4):438–457.
[119]L. A. Gordon and M. P. Loeb. Budgeting process for information security expenditures.Communications of the ACM, 2006, 49(1):121–125.
[120]L. A. Gordon, M. P. Loeb, and W. Lucyshyn. Information security expenditures and real options: A wait-and-see approach. Computer Security Journal, 2003,19(2).
[121]L. A. Gordon, M. P. Loeb, W. Lucyshyn, and R. Rochardson. 2005 CSI/FBI computer crime and security survey. Technical report, Computer Security Institute,2005.
[122]T. A. Longstaff, C. Chittister, R. Pethia, and Y. Y. Haimes. Are we forgettingthe risks of information technology? IEEE Computer, 2000,33(12):43–51.
[123]L. D. Bodin, L. A. Gordon, and M. P. Loeb. Evaluating information security investments using the analytic hierarchy process. Commun. ACM, 2005,48(2):78–83.
[124]S. A. Butler. Security attribute evaluation method: a cost-benefit approach. In ICSE’02: Proceedings of the 24th International Conference on Software Engineering, New York, NY, USA, ACM Press. 2002, 232–240.
[125]N. Xie and N. R. Mead. SQUARE project: Cost/benefit analysis framework forinformation security improvement projects in small companies. Technical report, CMU/SEI-2004-TN-045, 2004.
[126]H. Cavusoglu, B. Mishra, and S. Raghunathan. A model for evaluating it security investments. Commun. ACM, 2004, 47(7):87–92.
[127]H. Cavusoglu, B. K. Mishra, and S. Raghunathan. The effect of internet security breach ammouncements on market value of breached firms and internet security developers. Internal Journal of E-Commerce, 2004.
[128]M. Cremonini and P. Martini. Evaluating information security investments fromattackers perspective: the return-on-attack (ROA). In Proceedings of the Fourth Workshop on the Economics of Information Security (WEIS05), June 2005.
[129]M. Daneva. Applying real options thinking to information security. Technical report, CTIT Technical Report TR-CTIT-06-11, Centre for Telematics and Information Technology, University of Twente, Enschede, The Netherlands, 2006.
[130]Xiaomeng, Su. An Overview of Economic Approaches to Information Security Management. http://eprints.eemcs.utwente.nl/5693/01/00000177.pdf
[2]C.H.Meyer and W.L.Tuchman, Pseudo-RandomCodes Can Be Cracked, Electronic Design, 1972, 23(11).
[3]C.H.Meyer and W.L.Tuchman, Design Considerations for Cryptography, Proceedings of the NCC, Nov 1979, 42:594-597.
[4]H.Feistel, Cryptography and Computer Privacy, Scientific American, 1973, 228, (5) :15-23.
[5]Diffie, W. and Hellman,M., New Directions in Cryptography, IEEE Transcation on Information Theory, 1976, 22(6) :644-654.
[6]Diffie, W. and Hellman, Privacy and Authentication: An Introduction to Cryptography. Proceedings of the IEEE, 1979, 67(3) :397-427.
[7]M.Rivest, A.Shamir and L.Adleman, A method for obtaining digital signatures and public-key cryptosystems, ACM Communications 21, 1978, 120-126.
[8]T.ElGamal, A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms, Advances in Cryptology: Proceedings of CRYPTO’84, Springer-Verlag, 1985, 10-18.
[9]T.ElGamal, On Computing Logarithms Over Finite Fields, Advances in Cryptology- CRYPTO’85 Proceedings, Springer-Verlag,1986,396-402.
[10]M.O.Rabin, Digital Signatures, Foundations of Secure Communication, New York: Academic Press, 1978,155-168.
[11]S.Goldwasser, S.Micali, and C.Rackoff, The knowledge Complexity of Interactive Proof Systems, Proceedings of the 17th ACM Symposium on Theory of Computing, 1985,291-304.
[12]M.Blum, A.De Santis, S.Micali, et al, Noninteractive Zero-know-ledge, SIAM Journal on Computing, Dec 1991, 20(6):1084-1118.
[13]M.Blum, P.Feldman, S.Micali, Noninteractive Zero-knowledge and Its Applications, Proceedings of the 20th ACM Symposium on Theory of Computing, 1988, 103-112.
[14]A.Shamir, How to Share a Secret, In Communications of the ACM,1979,22(11): 612-613.
[15]G.R.Blakley, Safeguaring Cryptographic Keys, Proc. AFIPS 1979 National Computer Conference, New York, NY,1979,7 : 313-317.
[16]Asmuth,C. and Bloom,J., A Modular Approach to Key Safegurarding, Texas AM University, Department of Mathematics, College Station, TX(1980).
[17]Harn, T.Hwang, C.Laih, et al, Dynamic threshold scheme based on the definition of cross-product in a N-dimensional linear space, Lecture Notes in Computer Science, Springer, Berlin, 1990, 435: 286-298.
[18]H.-U.Sun and S.-P.Shieh, On dynamic threshold schemes, Inform. Process. Lett.52,1994,52:201-206.
[19]Carlo Blundo, A note on dynamic threshold schemes, Inform. Process. Lett.55 1995,189-193.
[20]J.He, and E.Dawson, Multistage secret sharing based on one-way function, Electron.Lett, 1994,30(19):1591-1592.
[21]L.Harn, Comment: Multistage secret sharing based on one-way function, Electron. Lett, 1995,31(4):262.
[22]J.He, and E.Dawson, Multi-secret sharing scheme based on one-way function, Electron.Lett, 1995,31(2):93-94.
[23]L.Harn, Efficient sharing (broadcasting) of multiple secrets, IEEE Proc. Comput. Digit. Tech., 1995, 142(3):237-240.
[24]P.Morillo, C.Padró, G.Sáez, et al, Weighted threshold secret sharing schemes, Information Processing Letters 70,1999:211-216.
[25]J.Benaloh, J.Leichter, Generalized secret sharing and monotone functions: advances in cryptology-CRYPTO’88, Lecture Notes in Computer Science, Spring, Berlin, 1990:27-35.
[26]Karnin E D, Green J W, Hellman M E, On secret sharing systems, IEEE Trans.,1983, IT-29(1):35-41.
[27]K.J. Tan, H.W.Zhu, General secret sharing scheme, Computer Communications 1999, 22:755-757.
[28]M.Ito, A.Saito, T Nishizeki, Secret sharing scheme realizing general access structure, Proceedings IEEE Globcom’87, Tokyo, Japan, 1987,99-102.
[29]Chor,B., Goldwasser,S., Micali,S., et al, Verifiable Secret Sharing and Achieving Simultaneity in the Presence of Faults. Proc.26th IEEE Symp. On Foundations of Computer Science, Protland, OR,1985: 372-382.
[30]P.Feldman, A practical scheme for non-interactive verifiable secret sharing. In Proc.28th IEEE Symposium on Foundations of Computer Science(FOCS’87), IEEE Computer Society, 1987:427-437.
[31]T.P.Pedersen. Distributed Provers and Verifiable Secret Sharing Based on the Discrete Logarithm Problem, PhD thesis, Aarhus University, Computer Science Department, Aarhus, Denmark, March 1992.
[32]T.P.Pedersen, Non-interactive and information-theoretic secure verifiable secret sharing. In Advances in Cruptology-CRYPTO’91, Lecture Notes in Computer Science, Berlin, 1992, 576: 129-140.
[33] M.Stadler, Publicly verifiable secret sharing, In Advances in Cryptology-EURO- CRYPT’96, Lecture Notes in Computer Science, Berlin, Springer-Verlag, 1996,170:190-199.
[34]Fujisaki and T.Okamoto, A practical and provably secure scheme for publicly verifiable secret sharing and its applications, In Advanced in Cryptology-EUROCRYPT’98, Lecture Notes in Computer Science, Berlin, Spring-Verlag , 1998,1403: 32-46.
[35]B.Schoenmakers, A simple publicly verifiable secret sharing scheme and its applications to electronic voting, In M.Weiner, editor, CRYPTO’99, Springer-Verlag, 1999, 32-46.
[36]A.Herzberg, S.Jarecki, H.Krawczyk, et al, Proactive secret sharing or: How to cope with perpetual leakage, Proc.CRYPTO1995, Spring Verlag LNCS963:339-352.
[37]Naor M., Shamir A., Visual cryptography, Advances in Cryptology, EUROCRYTP’94, Springer-Verlag, 1995:1~12.
[38]Crepeau C., Cryptography in the quantum world, Information Theory and Networking Workshop,1999:27~40.
[39]Richard Cleve, Daniel Gottesman, Hoi-Kwong Lo, How to share a quantum secret, Phys.Rev.Lett,1999, 83~648.
[40]Tyc T, Sanders B C.,How to share a continuous-variable quantum secret by optical interferometry, Physical Review A,2002, 65.
[41]王育民、张方国、张福泰,一个安全、高效的广义可验证秘密分享协议,软件学报,2002,13(7):1187~1192.
[42]许春香,陈恺,肖国镇,安全的矢量空间秘密共享方案,电子学报,2002,30(5):715~718.
[43]许春香、傅小彤等,防欺诈的矢量空间秘密共享方案,西安电子科技大学学报,2002,29(4):527-529,555.
[44]费如纯、王丽娜,基于RSA和单向函数防欺诈的秘密共享体制,软件学报,2003,14(1):146-150.
[45]张劼、刘振华、温巧燕,欺骗免疫秘密共享,北京邮电大学学报,2005,28(4):83-86.
[46]王彩芬、刘军龙、贾爱库等,具有前向安全性质的秘密共享方案,电子与信息学报,2006,28(9):1714-1716.
[47]Ye Zhenjun,,Meng Fanzhen, Special secret sharing scheme with the function of assignment, Journal of Systems Engineering and Electronics, 2005, 16(3): 651~653.
[48]叶振军、孙淑珍、李国东,有限秘密下指派秘密共享方案的构造,微电子学与计算机,2007,24(3):111~112,116.
[49]Ye Zhenjun,,Meng Fanzhen, Secret sharing scheme with inherited characteristic, Journal of Systems Engineering and Electronics, 2006, 17(4): 1671-1793.
[50]M. Ben-Or, R.Canetti, and O. Goldreich , Asynchronous secure computation ,in Proc.25th Annual ACM Symposium on Theory of Computing (STOC) ,1993 ,52~61.
[51]M. Ben - Or , B. Kelmer , and T. Rabin, Asynchronous secure computation with optimal resilience, in Proc. 13th ACM Symposium on Principles of Distributed Computing (PODC) ,1994,183~192.
[52]C. Cachin , K. Kursawe , A. ysyanskaya , et.al , Asynchronous verifiable secret sharing and proactive cryptosys tems, in Proc. 9th ACM Conference on Computer and Com municationsSecurity (CCS) , 2002 ,88~97.
[53]C. Cachin , K. Kursawe , F. Petzold , and V. Shoup, Secure and efficient asynchronous broadcast protocols (extended abstract), in Proc. CRYPTO 2001 , Springer , 2001,524~541.
[54]叶振军,异步可验证秘密共享方案的构造方法,计算机与数字工程,2006,34(6):33~35.
[55]Gennaro R, Rabin M,Simplified VSS and fast-track multiparty computations with applications to threshold cryptography. Proceedings of the 1998 ACM Symposium on Principles of Distributed Computing.Puerto Vallarta, Mexico,1998:101~111
[56]黎银环,电子商务中公平交换协议及其应用研究,[硕士学位论文],重庆;重庆大学,2005.
[57]Bruce Schneier. Applied Cryptography-Protocols, algorithms, and source code in C (Second Edition). John Wiley & Sons Inc. 1996. (美)Bruce Schneier著《应用密码学—协议、算法与C源程序》吴世忠等译。北京:机械工业出版社,1999.
[58]Rivest, R.L., Shamir, A.How to expose an eavesdropper. Communications of the Association for Computing Machinery 27.1984,4: 393-395.
[59]S.Even, Y. Yacobi, Relations among pubic key signature schemes. Technical Report 175.Computer Science Dept,1980.
[60]M.Blum. Three Application of the Oblivious Transfer, Version 2.University of California at Berkeley, Ca. 94720,1981.
[61]N.Asokan, V.shoup, M.Waidner. Optimistic fair exchange of digital signatures. IEEE selected Areas in Communications. 2000.18(4): 593-610.
[62]Alexander Keller, Gautam Kar, et al., Managing Dynamic Services: A Contract Based Approach to a Conceptual Architecture, Proceedings of 8th IEEE/IFIP Network OPERATIONS and Management Symposium (NOMS 2002), Florence,Italy,April 2002.
[63]Susanne Guth, Gustaf Neumann, Mark Strembeck, Toward a Conceptual Framework for Digital Contract Composition and Fulfillment, International Workshop for Technology, Economy, Social and Legal Aspects of Virtual Goods, 2003, Illmenau, Germany. http://virtualgoods.tu-ilmenau.de/2003/toward_contract_frmwrk.pdf.
[64]Reiko Heckel, Marc Lohmann,Towards Contract-based Testing of Web Services Electronic Notes in Theoretical Computer Science 82 No. 6 (2004) URL: http://www.elsevier.nl/locate/entcs/volume82.html.
[65]Fantinato, M., Toledo, M.B.F., Gimenes, I.M.S.: A Feature-based Approach to Electronic Contracts. In: IEEE 8th CEC and 3rd EEE, IEEE Press, San Francisco 2006, 34-41.
[66]叶振军、孟繁桢、谢菲,一种网上合同签署方案的PKI模型,系统工程与电子技术,2003,25(6):730-733.
[67]D. Chaum. Blind signatures systems. Advances in Cryptology-CRYPTO’83. Plenum. 1983, 153.
[68]M. Abe and E. Fujisaki, How to Date Blind Signatures, Advances in Cryptology- ASIACRYPT '96, 1996,244-251.
[69]杜颜,基于椭圆曲线密码体制的离线可分电子支付技术研究,[硕士学位论文],合肥,合肥工业大学,2007.
[70]苏云学,电子现金支付系统的研究,[博士学位论文],郑州,解放军信息工程大学,2005.
[71]D.Chaum. Blind signatures for untraceable payments. In: Advances in Cryptology -CRYPTO’82. Santa Barbara,1982,New York, Plenum Press,1983:199-203.
[72]I.Damgaard. Payment systems and credential mechanisms with provable security against abuse by individuals. In: Advances in Cryptology-CRYPTO’88. New York,1988, Santa Barbara: Springer-Verlag, Lecture Notes in Computer Science,1990,437:328-335.
[73]胡泽军,可撤销匿名性的公平可分电子现金系统,[硕士学位论文],重庆,重庆大学,2004.
[74]彭冰,杨宗凯,离线电子现金的协议研究,[博士学位论文],武汉,华中科技大学,2004.
[75]陈庆,多银行的可撤销匿名性的可分电子现金系统,[硕士学位论文],广东,广东工业大学,2003.
[76]D.Chaum, A.Fiat, M.Naor. Untraceable electronic cash. In: Advances in Cryptology -CRYPTO’88 Proceedings, Santa Barbara: Springer-Verlag, Lecture Notes in Computer Science, 1988,403:319-327.
[77]T.Okamoto and K.Ohta. Diasposable zero-knowledge authentications and their applications to untraceable electronic cash. In: Advances in Cryptology-CRYPTO’89, Santa Barbara: Springer-Verlag, Lecture Notes in Computer Science, 1990,435:481-496.
[78]B.Pfitzmann and M.Waidner. How to break and repair a provably secure untraceable payment system. In: Advances in Cryptology-CRYPTO’91, Springer-Verlag, Lecture Notes in Computer Science, 1992,576:338-350.
[79]Matthew, K.Franklin, Moti Yung. Secure and efficient off-line digital money. In: Automata, Languages and Programming, Sweden: Spring-Verlag, Lecture Notes inComputer Science, 1993, 700:265-276.
[80]K.Franklin, Moti Yung. Towards provable secure efficient electronic cash. Report CUCS-018-92,Columbia University, Department of Computer Science,1992(4):220-230.
[81]D.Chaum and T.P.Pederson. Wallet databases with observers. In: Advances in Cryptology -CRYPTO’92, Berlin:Springer-Verlag, Lecture Notes in Computer Science, 1993,740:89-105.
[82]R.J.F.Cramer and T.P.Pederson. Improved privacy in wallets with observers. In: Advances in Cryptology-EURCRYPTO’93, Berlin:Springer-Verlag, Lecture Notes in Computer Science, 1994,765:329-343.
[83]N.Ferguson. Single term off-line coins. In: F. Brickell ed. Advances in Cryptology-EURCRYPTO’93. Berlin:Springer-Verlag, Lecture Notes in Computer Science, 1994,765:318-328.
[84]S.Brands. An efficient off-line electronic cash system based on the representation problem. Technical Report CS-R9323, Centrum voor Wiskunde en Informatica, 1993,4: 24-67.
[85]S. Brands. Off-line electronic cash based on secret-key certificates. In: T. Helleseth ed. Prodeedings of the Second International Symposium of Latin American Theoretical Informatics-LATIN’95. Valparaiso, Chile: Prentise Press, 1995,121-126.
[86]S. Brands. Untraceable off-line electronic cash in wallet with observers. In: J. Feigenbaum ed. Advances in Cryptology-CRYPTO’93. New York: Springer-Verlag, Lecture Notes in Computer Science, 1994,805:302-318.
[87]T. Okamoto and K. Ohta. Universal electronic cash. In: Joan Feigenbaum ed. Adances in Crytology-CRYPTO’91. Berlin, Germany: Springer. Lecture Notes in Computer Science, 1992, 576: 324-337.
[88]T. Okamoto. An efficient divisible electronic cash scheme: in: Don Coppersmith ed. Advances in Cryptology-CRYPTO’95. Santa Barbara, California: Springer-Verlag, Lecture Notes in Computer Science,1995,963:438-451.
[89]Agens Chan, Yair Frankel and Yiannis Tsiounis. Easy Come-Easy Go Divisible Cash: In: Kaisa Nyberg ed Advances on Cryptology-eurocrypt’98. Helsinki, Finland: Springer-Verlag, Lecture Notes in Computer Science, 1998,1403:561-575.
[90]S. Jarecki and A. Odlyxko. An Efficient Micropayment System Based on Probabilistic Polling Financial Cryptography’97, Springer-Verlag, 1997,173-191.
[91]E. Gabber and A. Siberschatz. Afora: A minimal distributed protocol for electronic commerce. In second USENIX Workshop on Electronic Commence, Oakland, California, 1996,11:223-232.
[92]Y. Yacobi. Efficient electronic money. In Advances in Cryptology, Proc. Of Asiacrypt’94, Springer-Verlag, Wollongong, Ajustralia, 1997,153-163.
[93]Stefan Brands. Electronic Cash in the Internet. In: Yair Frankel ed. Proc. Of the internet Society 1995 Symposium on Network and Distributed System Security. San Diego, Califormia: Springer-verlag, Lecture Notes in Computer Science, 1995, 812:63-71.
[94]A. Lysyanskaya and Z. Ramzan. Group blind digital signature: A scalable solution to electronic cash. In: Stefan ed. Proc. Of the 2nd Financial Cryptography Conference. Anguilla: Spring-verlag, Lecture Notes in Computer Science, 1998, 1582:184-197.
[95]Zulfikar Amin Ramzan. Group blind digital signature: Theory and Application. Master Theis. Massachusetts. USA: Massachusetts institute of Technology, 1999,5.
[96]E. Brickell, P. Gemmel and D. Kravitz. Trustee-based tracing extensions to anonymous cash and the making of anonymous change. In: von Solms ed. Proc. Of the 6th Annual Symposium on Discrete Algorithms. Berlin: Association for Computing Machinery, 1995,1:457-466.
[97]M. Stadle, J.M.Piveteau and J. Camenisch. Fair blind sibnatures. In L.C. Guillou and J.Quisquater eds. Advances in Cryptology-Eurocrypt’95. Paris: Spinger-Verlag, Lecture Notes in Computer Science, 1995, 921:209-219.
[98]J. Camenish, J.M.Piveteau, M. Stadler. An efficient fair payment system, ACM-CCS, March 1996,42(9):68-73.
[99]J.Camenish. U. Maurer, and M. Stadle. Digital payment systems with passive anonymity-revoking trustees. In: E. Bertino, H.Kurht, G. Martella eds. Computer Security ESORICS’96. Berlin: Springer verlag, Lecture Notes in Computer Science, 1996, 1146:33-43.
[100]Y. Frankel, Y. Tsiounis and M. Yung. Indirect discourse proofs: archieving efficient fair off-line E-cash. In: Ncccache ed. Advances in Cryptology-ASIACRYPT’96. Kyongju, South Korea: Springer-verlag, Lecture Notes in Computer Science, 1996, 1163(11):286-300.
[101]陈恺、张玉清,基于概率验证的可分电子现金系统,计算机研究与发展,2000,37(6):752-757.
[102]陈恺、胡予濮、肖国镇,可撤销匿名性的可分电子现金系统,西安电子科技大学学报, 2001, 28 (1):57-62.
[103]王常吉、蒋文保等,一个改进的基于限制性盲签名的电子现金系统,电子学报,2002,30(7):1083-1085.
[104]陈庆、叶妙、张益新,多银行的公正的可分电子现金系统,计算机应用, 2003,9:101-104.
[105]彭冰杨宗凯谭运猛,一个具有有限流通期的离线电子现金系统,通信学报,2004,25(6):33-39.
[106]周红生、王斌、铁玲,基于代理签名的多银行电子现金系统,上海交通大学学报,2004,38(1):79-82.
[107]郎为民、杨宗凯、吴世忠等,一种具有可恢复性的离线电子支付方案,小型微型计算机系统,2004,12: 238-240.
[108]马春光、杨义先、胡正名,一种加入有效期的离线电子现金方案,计算机工程与设计,2004,25(4):484-485,500.
[109]李梦东、杨义先,无可信第三方的离线电子现金匿名性控制,电子学报, 2005,3:74-76.
[110]马春光,杨义先,可转移离线电子现金,计算机学报,2005,3:13-20
[111]李进、王燕鸣,一个可审计的离线电子现金方案,中山大学学报(自然科学版),2005,44(5):6-9,13.
[112]彭冰、洪帆、崔国华,基于零知识证明签名和强RSA问题的可分电子现金,通信学报,2006,27(7):12-19,26.
[113]叶振军、王春峰、张庆翠,具有委托、代理功能的可分割电子现金系统,计算机工程,2007,33(5):140-142.
[114]范红、冯登国、吴亚非,信息安全风险评估方法与应用,北京:清华大学出版社,2006.52-62.
[115]R. S. Poore. Valuing information assets for security risk management. Information Systems Security, pages 13–23, September/October 2000.
[116]K. J. S. Hoo. How much is enough? A risk management approach to computer security. PhD thesis, Stanford University, 2000.
[117]L. A. Gordon and M. Loeb. Return on information security investments: Mythis vs. realities. Journal of Strategic Finance, 2002,84:26–32.
[118]L. A. Gordon and M. P. Loeb. The economics of information security investment. ACM Trans. Inf. Syst. Secur, 2002,5(4):438–457.
[119]L. A. Gordon and M. P. Loeb. Budgeting process for information security expenditures.Communications of the ACM, 2006, 49(1):121–125.
[120]L. A. Gordon, M. P. Loeb, and W. Lucyshyn. Information security expenditures and real options: A wait-and-see approach. Computer Security Journal, 2003,19(2).
[121]L. A. Gordon, M. P. Loeb, W. Lucyshyn, and R. Rochardson. 2005 CSI/FBI computer crime and security survey. Technical report, Computer Security Institute,2005.
[122]T. A. Longstaff, C. Chittister, R. Pethia, and Y. Y. Haimes. Are we forgettingthe risks of information technology? IEEE Computer, 2000,33(12):43–51.
[123]L. D. Bodin, L. A. Gordon, and M. P. Loeb. Evaluating information security investments using the analytic hierarchy process. Commun. ACM, 2005,48(2):78–83.
[124]S. A. Butler. Security attribute evaluation method: a cost-benefit approach. In ICSE’02: Proceedings of the 24th International Conference on Software Engineering, New York, NY, USA, ACM Press. 2002, 232–240.
[125]N. Xie and N. R. Mead. SQUARE project: Cost/benefit analysis framework forinformation security improvement projects in small companies. Technical report, CMU/SEI-2004-TN-045, 2004.
[126]H. Cavusoglu, B. Mishra, and S. Raghunathan. A model for evaluating it security investments. Commun. ACM, 2004, 47(7):87–92.
[127]H. Cavusoglu, B. K. Mishra, and S. Raghunathan. The effect of internet security breach ammouncements on market value of breached firms and internet security developers. Internal Journal of E-Commerce, 2004.
[128]M. Cremonini and P. Martini. Evaluating information security investments fromattackers perspective: the return-on-attack (ROA). In Proceedings of the Fourth Workshop on the Economics of Information Security (WEIS05), June 2005.
[129]M. Daneva. Applying real options thinking to information security. Technical report, CTIT Technical Report TR-CTIT-06-11, Centre for Telematics and Information Technology, University of Twente, Enschede, The Netherlands, 2006.
[130]Xiaomeng, Su. An Overview of Economic Approaches to Information Security Management. http://eprints.eemcs.utwente.nl/5693/01/00000177.pdf