【作者】 樊凯；

【导师】 寇卫东；

【作者基本信息】 西安电子科技大学 ， 通信与信息系统， 2007， 博士

【摘要】 电子支付是电子商务的关键环节。而电子支付中的安全性问题更是制约电子商务发展的重要因素。电子支付安全性问题的研究具有重要的意义和广泛的应用前景。本篇论文主要从电子支付的协议安全、数据安全、商品安全三个方面研究了电子支付的安全性问题。协议安全方面,我们首先从第三方电子支付协议入手,将通常协议中依赖的可信第三方的信任程度大大降低成为一个不可信第三方,接着进一步实现了交易过程中无需第三方介入的电子支付协议并保证协议的公平性。作为公平性的补充,我们借助离线可信第三方给出了电子支付协议抗滥用性问题的解决方案。数据安全方面,我们针对移动商务中电子支付的特点,提出了有别于传统数据加密方法的保证数据安全的数据传输方案。该方案是首次将隐写技术成功应用于移动商务的电子支付中。商品安全方面,我们给出的商品品质保证方案使得电子支付中的商品安全得到保证成为可能。本文得到如下主要结果:1.提出了一种新的公平电子支付方案。通过将阈下信道技术引入到电子支付协议中,极大地降低了电子支付协议对第三方的依赖程度,方案只需要一个不可信第三方即可保证协议的公平性,防止欺诈的发生,减少了交易过程中的通信量。2.给出了无需第三方介入的电子支付系统。利用同时生效签名生效的同时性,分别针对数字产品和实物产品设计出了一套公平的电子支付系统。方案无需借助一般意义上的第三方。这不仅是指在交易过程中无须第三方来传递或保存任何信息,而且即使协议非正常中止,一方的利益受损,也不需要第三方来帮助提供证据。3.给出了具有抗滥用性的公平电子支付协议。协议不仅对Park等人所提协议进行基于RSA签名方案的实质性改进,而且利用离线可信第三方给出了电子支付协议抗滥用性问题的解决方案。4.提出了一种新的数据安全传输方案的基本模型。通过引入具有秘密共享体制的隐写方案,实现了有别于传统数据加密方法的保证数据安全的数据传输方案。方案极大地减少了运算和对设备的要求,并且秘密共享体制的特性给所提方案带来了额外的安全保障。该方案是首次将隐写技术成功应用于移动商务的电子支付中。5.给出了具有商品品质保证的电子支付协议。该协议借助基于DSA的可验证可恢复加密签名算法具体给出了C2C实物交易中商品品质的保证方案,提高了交易的成功率。更多还原

【Abstract】 Electronic payment is a key for electronic commerce, and electronic payment security has become an essential concern for electronic commerce widely accepted in the marketplace. Therefore, it is of vital importance to do the research on electronic payment security to find solutions to remove the related concern.This dissertation investigates the electronic payment security from following three aspects: protocol security, data security, and goods security (quality assurance of goods that have been purchased and paid). In protocol security, the electronic payment protocols involving the third party are discussed first, in which an un-trusted third party is introduced instead of the trusted third party that is most depend on in traditional protocols. Then, the electronic payment protocol without the third party’s involvement is proposed, and the protocol guarantees the fairness. In addition, as a supplement of fairness, the abuse-freeness is discussed with the aid of off-line trusted third party. In the data security aspect, a data transmission scheme is proposed according to the characteristics of electronic payment in mobile commerce. This scheme is different from the traditional data encryption to ensure data transmission security. The proposed scheme is the first time to use steganography in electronic payment for mobile commerce successfully. Finally, in the goods security aspect, the goods quality assurance scheme is proposed, which makes it possible to assure quality of goods that has been purchased and paid through electronic payment.The main contributions of this dissertation are summarized as follows:1. A new fair electronic payment scheme is proposed. This scheme can prevent the treachery and guarantee the fairness only with the aid of an un-trusted third party because subliminal channel technology is introduced to reduce dependency on the third party in electronic payment. In addition, the communication of the business process is simplified.2. Two fair electronic payment systems without the third party’s involvement are presented, one for digital products and the other for physical products. With the aid of the simultaneity of the concurrent signature, this scheme does not require a third party. This means that there is no the third party not only in the transaction process to transfer or retention of any information, and but also in the termination protocol. There is no need for the third party to provide any evidence.3. An abuse-freeness fair electronic payment protocol is proposed. The protocol not only gives a RSA based signature scheme with a substantive improvement on Park’s protocol, but also it makes use of an off-line trusted third party to give a solution of abuse-freeness in electronic payment.4. The basic model of a new secure data transmission scheme is presented. This scheme is different from the traditional data encryption to ensure data transmission security by using secret sharing steganography scheme. The scheme reduces operations and the demand of devices significantly and possesses some added secure safeguards for the characteristic of secret sharing. Especially, the proposed scheme is the first time to use steganography in electronic payment for mobile commerce successfully.5. A goods quality assurance electronic payment protocol is proposed. By introducing the DSA based Verifiable and Recoverable Encryption of Signatures (DSA-VRES) the goods quality assurance scheme in consumer to consumer (C2C) physical goods business is presented. This will improve the transaction success rate.更多还原