網路的普及將帶動電子商務的發展,但安全一直是消費者、商店、甚至是付款銀 行最擔心的事。如何提供一個大家都放心的網路消費環境,是電子商務發展的關鍵。本篇文 章中介紹一電子交易付款新設計;利用單向雜湊密碼(One-way Hashed Password)原理,達 到身份確認、訊息完整性、訂單不被複製、高容錯力等目的;且沒有經濟上額外的負擔,技 術也沒有進出口限制,並可擴大至世界上無數的金融單位;比現在電子商務使用的安全系統 更容易接受,尤其是物流中心納入考慮,是一完整的購物流程設計。
The security of electronic transactions is the most concern factor by conventional parties who are consumers, merchants and financial institutions. A cryptographic communication over the Internet forms a new dimersion for financial transactions. In this paper, a novel Internet transactions payment method is proposed. The method uses one-way hashed values of passwords, because it can achieve three essential requirements: "security", "economy" and "international compatibility". The security function includes entity authentication of all involved parties, message integrity protection, payment order non-repudiation and high degree of fault tolerance. In economy, this method doesn't be based on penalties of requiring the employment of extra security services. The international compatibility property means that no non-exportable/non-importable cryptographic technologies will be applied, and this method is expected to be acceptable by the governments of various nations. However, the method has a potential to be scaled up to operate in numberous financial institutions all over the world. Above all, in addition to the conventional parties, the freight is taken into consideration in the proposed design. So, this method can be more acceptable by users than most previous proposals for Internet electronic commerce.
附:ISO 8583,金融交易卡原始訊息--交換訊息規格說明書,頁616-624
