電子商務付款系統之研究

Abstract

Payment systems play an important role in electronic commerce. In this thesis, the author focuses on two subjects: (1) on-line payment by credit card, and (2) micro-payment. The author describes her research results in three parts. The two major subjects take up two of the three; the remaining one contains a comprehensive survey of the state of the art.The thesis begins from the survey. The author classifies the major systems by their payment instruments into three categories: (1) on-line payment by credit card, (2) digital cash, and (3) account-based payment. Features and abstract models have been extracted; the strength of privacy protection in each system has also been assessed. In particular, the author has paid much attention to the survey of the state of the art of micro-payment systems, considering their potential for facilitating the trading of inFocusing on the first subject-on-line payment by credit card, the author proposes a revised version of the well-known SET (Secure Electronic Transaction) protocol. The author calls it Revised SET. Constrained by being an extension to the existing card payment networks, SET does not completely fulfill the strong demand for privacy protection in the world of electronic commerce. In particular, it does not address the privacy infringement caused by data aggregation. The revision allows cardholders to take partin account reporting, and offers them a credit card surrogate, instead of cardholder certificate, to conceal their credit card identification in the electronic marketplace. Guided by the principle of information segregation and hiding, the revision is a successful counter to privacy infringement in both the small scope of a transaction and the much broader scope of data aggregation.Focusing on the second subject-micro-payment, the author presents a new protocol. Payment confirmation slips are the instruments in this protocol. Before purchases, a payer obtains a batch of these digital slips from a bank. Each slip contains a bank authentication code (BAC), which allows a payee (a merchant) to verify the authenticity of the slip. While paying for information goods, a payer fills in the amount of the payment; then, this payer's system computes an amount confirmation code (ACC) andcomputes a slip integrity code (SIC). The computation of an ACC demands the input of the payer's password, which is secretly shared between him and his bank. While the ACC prevents the amount from being altered by merchants, the SIC helps to preserve integrity of the slip and to safeguard against replay of any valid slip. In this design, the bank is an intermediary and provides service very similar to that of offering credit cards to cardholders. The bank will send customers monthly statements and ask for reimbursements. Hash functions are the only type of functions used in the design; public-key cryptography or other sophisticated techniques used in other systems are unnecessary. Consequently, the design is cost effective.In conclusion, the author has contributed innovative ideas to the evolving field of on-line payment. In the future, the author will look into opportunities for implementation of the two designs and also continue research efforts on the more general domain of electronic commerce.