以虛擬私有網路的安全機制支援電子商務之研究

Abstract

網際網路(Internet)的蓬勃發展，改變人類原來的生活方式，而電子商務更是網際網路發展很實際的應用。要達到安全的電子商務，有幾項需求必須滿足，即私密性(Confidentiality)、身份驗證(Authentication)、資料真確性(Data Integrity)、不可抵賴性(Non-repudiation)以及存取控管(Access Control)。 虛擬私有網路(Virtual Private Network, VPN)為企業組織普遍採用以建置企業內部網路的架構。其以Internet為傳輸的媒介而不失開放性，同時以諸多安全機制做為資料通訊的防護，所著眼的安全課題正符合電子商務的安全需求。因此從企業內部延伸到B2C及B2B電子商務，可以透過既有的VPN而無安全之虞，同時也可為企業減省成本。 本論文針對Business to Customer (B2C)與Business to Business (B2B)電子商務，以VPN最常採用的通道建置機制－IPSec(IP Security)做為電子交易的安全協定，提出一個以VPN的安全機制支援電子商務的架構。實驗結果證明此架構是可行且有效率的。

The Internet has drastically changed human life, and at the meantime, electronic commerce (E-Commerce, EC) has been the most inevitable trend. Five security requirements must be met for ensuring the security of electronic commerce. They are confidentiality, authentication, data integrity, non-repudiation, and access control. The Virtual private network (VPN) is commonly used by corporations to build their intranets. With the Internet as the transport network, corporations are open to the world while security mechanisms supported by the VPN can prevent corporations from malicious attacks. With the VPN, both the Business to Customer (B2C) and the Business to Business (B2B) electronic commerces are secure and cost-effective. The thesis proposes a VPN-based architecture for both the B2C and the B2B E-Commerces. The IP Security (IPSec) is used. Experiments indicate that this architecture is both feasible and effective.