隨著科技的發展,現今社會智慧卡的使用非常的普及,智慧卡又稱為晶片卡、IC卡等等,舉凡健保卡、金融卡都是智慧卡的應用。簡單來說智慧卡就是一張卡片上嵌入一小片的晶片所組成,實體結構為塑膠卡片、印刷電路以及積體電路晶片這三個部份。智慧卡擁有一般卡片的儲存記憶功能之外,還可以讀取或是改寫儲存在卡片裡的資料。
資訊安全中不可否認性是非常重要的,目前許多智慧卡相關文獻中幾乎要達到不可否認性,都要使用成本較高的數位簽章,而本研究中所探討的機制都沒有使用數位簽章,而且也都不具備不可否認性,所以本研究希望能不使用數位簽章來做到不可否認性。
因此本研究設計一低成本的智慧卡遠端認證安全機制,提供智慧卡在遠端登入該有的雙向認證以及透過公正可信賴的註冊中心在機制中參與登入與認證過程來協助使用者與伺服器檢查對方所提供的證據,當證據通過檢查就可留下證據,使對方事後不能否認。
With the development of technology, today, the society use of smart cards is very popular. Smart card is also called chip card, IC card, etc. Insurance cards and fi-nancial cards are examples of smart card applications. Generally speaking, the smart card is a small chip embedded on a plastic card with data storage function that can read and rewrite the data stored in the card.
The property of non-repudiation is very important in information security. In this study, all the reviewed literatures are without digital signature algorithms and without non-repudiation property. On the other hand, to achieve non-repudiation, today, most mechanisms using smart cards in related literatures apply high cost digital signature algorithms.
Therefore, to save cost, this study design a low-cost secure remote authentication scheme using smart card to achieve mutual authentication and non-repudiation property through a trusted registration center. The registration center is involved in the login and authentication process in the scheme to help communicating parities, the user and the server, in checking the non-repudiation evidence provided by each other. With stored effective evidence for non-repudiation, both communicating parities will not be able to repudiate in the future, given the registration center as the trusted third party to perform a fair judgment.
