台灣保險業導入要/被保人數位簽章之探討 / A study on the insured digital signature of the Taiwan insurance industries

劉明豐

Unknown Date

我國保險業自2004年導入要保人數位簽章以來，不僅在推動上面臨困難，網路業務也未能順利拓展，然政府業務及金融交易已成功導入電子憑證的各項應用，未來，如何兼顧保險電子商務及數位簽章的應用發展，將是保險業的重大挑戰。本研究的主要目的在於探討保險業對要保人數位簽章的態度與傾向，以創新採用速率的主要影響因素作為理論分析基礎，探討風險資安因素對數位簽章的採用影響，以及金融保險憑證與政府相關憑證的採用傾向。本研究採郵寄問卷調查方式蒐集保險業對數位簽章的看法，總計回收有效問卷為46份。研究結果如次： 一、 產險業與壽險業皆不會因為風險資安因素而採用數位簽章。 二、 產險業配合政府政策而採用憑證的意願偏低，壽險業配合政府政策而採用憑證的意願較高。 三、 產險業傾向不採用網路保險憑證，但傾向採用網路銀行憑證、網路下單憑證及政府相關憑證。 四、 不論是網路保險憑證、網路銀行憑證、網路下單憑證及政府相關憑證，壽險業皆傾向採用。 我國保險業如擬繼續推展要保人數位簽章，本研究建議： 一、 訂定未取得要保書正本簽名或未採用數位簽章所應遵循的規範，包括傳真簽名及其他身分確認機制，以創造有利於網路業務發展的環境。 二、 擴大要保人數位簽章的應用範圍，包括開放保險業銷售中風險的保險商品，以及授權保險業存取政府資料庫管控核保風險等，以利保險業提供差異化的網路投保服務。 三、 原則上，以政府相關憑證為主，金融憑證為輔的方式推動保險業採用數位簽章，如有推動上的困難，則改以保險憑證為主，金融憑證為輔的方式替代，並開放保險憑證及金融憑證可經由異業結盟互為使用。 四、 基於維持保險電子商務市場秩序考量，保險經代人經營電子商務宜納入保險業管理規範，以建立公平的市場競爭環境，俾利保險業經營網路投保業務，消費者享有更多保費折扣優惠。 關鍵字：數位簽章、創新感知屬性、網路投保、保險電子商務 / Since the insurers employed insured digital signatures in 2004, they have not only faced difficulties in promotion but also expanded online businesses hardly. However, the government businesses and the financial transactions have fulfilled various applications of digital certificates successfully. In the future, how to well develop the applications of e-insurance and digital signatures at the same time will become a significant challenge for the insurance industries. The major goal of this study is to delve into the insurers’ postures and bents toward the implementation of insured digital signatures. The analysis theory is based on primary factors of affecting the rate of adoption of an innovation. It supports to explore the influence of operational risks and information securities upon the use of digital signatures, and the tendencies of the use of financial digital certificates and government-related digital certificates. To collect the required data provided by insurers, this study used mail questionnaire method, totaling the valid questionnaire of the recovery as 46s. The findings are listed as follows: 1. Both the P&C insurers and the life insurers do not adopt insured digital signatures due to operational risks and information securities. 2. Regarding the compliance of the government policies, the P&C insurers incline not to adopt digital certificates. However, the life insurers incline to adopt digital certificates. 3. The P&C insurers incline not to adopt insurance digital certificates, but incline to adopt banking digital certificates, stock-dealing digital certificates and government-related digital certificates. 4. No matter what kind of digital certificates are, including insurance digital certificates, banking digital certificates, stock-dealing digital certificates and government-related digital certificates, the life insurers incline to adopt any of them. If the insurance industries would like to continue to advance the development of insured digital signatures, the propositions are listed as follows: 1. In order to create a beneficial environment for the development of online businesses, this study suggests developing directions for the signatures by fax and the other signer authentication mechanism. 2. In order to let the insurers offer differential online insurance services, this study proposes permitting the insurers to sell middle-risk insurance products and access government databases for underwriting risk management. 3. In principle, it is preferable that the insurers employ government-related digital certificates and financial digital certificates. If hardly, the insurers employ insurance digital certificates and financial digital certificates instead. Moreover, both digital certificates have reciprocal usage for each other by means of strategic alliance from different financial businesses. 4. Based on the consideration of keeping e-insurance market order, this study propounds that the e-insurance of brokers and agents are incorporated into directions for the e-insurance of insurers in order to establish a fair market competition environment. It is helpful to insurers’ online businesses and consumers’ preferential premiums. Keywords: Digital Signatures, Rate of Adoption of an Innovation, Online Insurance, e-Insurance

數位簽章

創新感知屬性

網路投保

保險電子商務

Digital Signatures

Rate of Adoption of an Innovation

Online Insurance

e-Insurance

可訊息回復之免憑證簽章機制之研究 / Certificateless signatures with message recovery

詹省三, Chan, Sheng San

Unknown Date

在傳統的簽章機制中，我們需要一個具有公信力的第三方 (Trusted Third Party, TTP) 來核發數位憑證，以驗證公開金鑰確實屬於簽章者所擁有，為了減少TTP的負擔，於是就有學者提出了免憑證簽章 (Certificateless Signature) 機制。另一方面，具有訊息回復 (Message Recovery) 功能的數位簽章是指原始訊息不需要與簽章一起傳送給接收者以簡化訊息及簽章在傳送時的長度。 本論文中我們提出了一個具有訊息回復功能的免憑證簽章機制，和一般簽章方式相比，我們的方法不僅具有免憑證簽章的優點，訊息回復功能也減少了訊息和簽章的總長度，提昇了訊息的傳送效率 (Communication Cost)，在效能方面也有不錯的表現，因此非常適用於以頻寬為主要考量的公司組織以及對短訊息作簽章的應用，最後我們也有對我們的簽章方法做完整的安全性證明。 / In traditional digital signature systems, a trusted third party (TTP) is required in order to issue a digital certificate. The certificate is to assure that the public key actually belongs to the person of the signature. In order to reduce the burden of TTP, some scholars proposed the Certificateless Signatures. On the other hand, a digital signature with message recovery is a signature that the message itself is not required to be transmitted together with the signature. It has the advantage of small data size of communication. In this paper, a certificateless signature with message recovery is proposed. It inherits both the advantages of certificateless signatures and signatures providing message recovery. The performance of our scheme is compared with other schemes which shows that our scheme is quite efficient and the security of the scheme is finally proved in the random oracle model.

密碼學

數位簽章

訊息回復

免憑證簽章

雙線性配對

Cryptography

Digital signature

Message recovery

Certificateless signature

Bilinear pairing