標題: 預付卡式付費系統—流程、實作與安全分析
Prepaid Card Payment System — Protocol, Implementation and Security Analysis
作者: 葉文熙
Wen-Hsi Yeh
Dr. Wen-Guey Tzeng
關鍵字: 付費系統;預付式;電子商務;Java密碼學;Java安全;payment system;prepaid;EC;Java cryptography;Java security
公開日期: 1999
摘要:   本論文的目的是要設計並製作一個預付卡式(Prepaid card)電子商務(E-commerce: Electronic Commerce or EC)付費系統,來為目前的電子商務付費系統提供另一個方法,這個方法是針對台灣這個便利商店發達的環境所設計,並取用預付卡的概念。整體的架構流程為:消費者在上網購物付款前,先到市面上的零售門市等處,在各家發卡公司所發行之預付卡中選擇中意的,之後於上網購物付款時在網頁上Java applet的提示處填入預付卡卡號,透過購物網站與發卡公司的連線,即時地扣除該張預付卡於發卡公司資料庫中的金額,然後再將商家及發卡公司所回傳的收據連同購物串列利用E-Mail、列印或存檔的方式保存下來。此預付卡付費系統的最大特色與優點是消費者端的主機不需要事先下載及安裝軟體,只要有能瀏覽網頁並支援 Java 的瀏覽器就可以進行網路購物,消費者也不需要事先申請電子憑證,省去一道麻煩的手續;此外,在消費者端與購物網站間及購物網站與發卡公司間的通訊都以SSL (Secure Sockets Layer) 將訊息加密,而購物網站的商家及發卡公司則利用電子憑證對發出的訊息加以簽章,且兩者間互傳的訊息也是透過安全的通道。因此這系統可以讓整個購物付款行為的安全性、隱密性及便利性得以達成,再配合發卡公司的付款單查詢網頁,更可以讓消費者方便的得知每一次的購物行為與付款資料。
The purpose of this research was to design and implement a prepaid card e-commerce payment system to provide the customers an additional choice of payment methods. This design suits Taiwan’s environment, which has plenty of the convenience stores. The whole architecture is as follows. Before shopping on the web, a customer goes to a convenience store to buy some prepaid cards, which are issued by different companies. Then the customer can pay on the web by filling the prepaid card number in the Java applet. This information will be sent to the merchant’s web site, and then be forwarded to the card issuer’s server. After deducting the amount of money from the card number in the database, the card issuer then sends the receipt back to the merchant. The merchant sends its receipt as well as the card issuer’s back to the customer. Finally, the customer can save the receipts. The main advantage is that the customers need not preinstall any software or have a certificate. All they need is just a web browser. In this system, SSL will protect the communications between participant parties from any adversary. So, it can achieve confidentiality, integrity, and convenience.