以複合式文件強化線上電子現金之安全性

在電子商務環境裡，以電子現金支援行動付款將是一種新的付款方式。然而電子現金的安全性弱點是複製以及重複使用等。本研究針對線上電子現金交易的安全性、正確性和可分割性等設計了一套交易協定與系統，此系統具有兩大特點：一、電子現金每進行一次交易時會自動產生新的信息驗證碼（Message Authentication Code），此方法具有統整性（Integrity）和不可否認性（Non-Repudiation）。二、利用複合式文件檢視電子現金的狀況，以及防止重複消費等問題。因此，本研究貢獻具有防止電子現金竄改和複製等問題，再以複合式文件強化電子現金之安全性，若核對不符合時，還可以反推找出問題點。本研究所建議之協議可以實現無實體之安全電子現金系統，具實用價值。

關鍵字

複合式文件；電子現金；信息驗證碼

並列摘要

Paying by e-cash is a common practice in e-commerce environment. However, e-cash has major weaknesses of forge and replicated use. The aim of this study is to design a transaction protocol from the aspects of security, accuracy and divisibility of e-cash which can be used conveniently on the Internet. There are two characteristics in this system, (1) A new message authentication code will be automatically generated when the e-cash is used representing its newest state. This supports integrity and non-repudiation in the transaction. (2) It uses compound documents to update the e-cash status to avoid the problem of replicated consumption. Therefore, the proposed protocol can not only solve the problem of duplication of E-cash or illegal modification, but enhance E-cash security using compound documents in which discrepant problems can be traced. Thus, the proposed protocol is of practical value.