- About
-
The Global ETD Search service is a free service for researchers
to find electronic theses and dissertations. This service is
provided by the
Networked Digital Library of Theses and Dissertations.
Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
Search results
Showing 1 to 6 of 6 (0.019 seconds)| 1 |
公開金鑰基礎建設(Public Key Infrastructure, PKI)企業建置與應用之個案研討林延勳, Lin, Yan-Xun Unknown Date (has links)
在網路的虛擬環境下,無法再依賴過去由面貌、聲音、筆跡等實體認證方式辨識通訊對方的身分,所以如何在網路上確認通訊對方的身分,防止網路上偽冒、欺騙行為,是相當重要的課題;除此之外,基於網路開放的特性,網路應用之安全疑慮,尚包括電腦病毒、駭客入侵、個人隱私資料外洩等問題,這些都亟需一套有效的網路安全技術方案來解決這些問題。
公開金鑰基礎建設(Public Key Infrastructure, PKI)是一套能夠提供機密性(Confidentiality)、完整性(Integrity)、鑑別性(Authentication)及不可否認性(Non-Repudiation)等資訊安全需求網路基礎架構,足以營造一值得信賴網路安全環境。因此,經濟部商業司為促進國內商業發展及建立安全且可信賴的的電子交易環境,特別推動相關的PKI安全計畫,如「PKI應用輔導推動計畫」及「我國PKI互通管理及推動計畫」等,參與建置PKI計畫之廠商,大多期待PKI所建立之安全的網路環境,會降低作業成本、提高服務品質,提高顧客消費之意願,惟在實際之應用上,是否真的有如此之成效,就不得而知了,本研究之目的,即是針對PKI之建置及商業應用上,究竟帶來了哪些效益,或是有哪些瓶頸,檢視之後提出檢討及建議,供日後有意以PKI為網路安全解決方案者做為參考。
|
| 2 |
主從式架構下基於晶格之通行碼認證金鑰交換協定之研究 / A study of password-based authenticated key exchange from lattices for client/server model鄭逸修 Unknown Date (has links)
基於通行碼之認證金鑰交換協定(Password-based Authenticated Key Exchange)為一項使要進行交換訊息之雙方做相互驗證並產生一把共享金鑰的技術。藉由通訊雙方共享一組通行碼做為身份驗證的依據,並且在驗證結束後產生一把僅有雙方才知道的祕密通訊金鑰,往後進行傳遞機密資訊時即可透過此金鑰建立安全的通訊管道。
本篇論文提出一個在主從式架構(Client/Server model)下基於晶格(lattice)之通行碼認證金鑰交換協定,用戶端只需記錄與伺服器共享之通行碼,而伺服器端除了通行碼外擁有屬於自己的公私鑰對,雙方間透過共享之通行碼進行相互驗證,並且在兩個步驟內完成認證及金鑰交換。在安全性上基於晶格密碼系統之難問題,若未來量子電腦問世能夠抵擋其強大運算能力之攻擊,達到安全且有效率之通行碼認證金鑰協議。 / The password-based authenticated key exchange is a technology that allows both parties to perform mutual authentication and generate a shared session key. They through the shared password as the basis for authentication and generate a session key that is only known by both parties. At last, they can use this key to establish a secure channel to transmit secret message.
We propose a password-based authenticated key exchange from lattices for Client-Server model. The client only need to remember the password rather than the private key, and the server except keep the password and its own public/private key pair. Both parties execute the mutual authentication via the shared password and accomplish the key exchange within two steps. The security of our protocol is based on LWE problem for lattices, so it is secure even an attacker uses a quantum computer.
|
| 3 |
網路交易之風險分析與建議-以旅遊業為例 / Risk analysis & suggestion of Internet transaction呂雅麗, Lu, Ya Li Unknown Date (has links)
在網路環境日益成熟的今日,網路交易的安全性已被列為首要的課題,而「公開金鑰基礎建設(public key infrastructure, PKI)」被公認是在資訊安全應用領域中,少數能同時滿足「保護資料安全」、「身分驗證」、「訊息完整性」以及「交易不可否認性」的加密應用技術。
電子商務被運用於各行各業,其中旅遊產業是全球最大與成長最快的產業之ㄧ。許多網路旅行社已經在企業內部建置了企業資源規劃(enterprise resource planning, ERP)系統,使得幾乎全部的交易與旅遊的安排都可以在線上完成。為了確保資料交換的安全性,便可以使用PKI技術,使企業的ERP 成為受完整加密保護的服務網路。
網路旅遊業者是以網站營運的方式來進行與消費者的互動,除了基本的防護措施,如:防火牆、入侵偵測、弱點掃瞄等網路安全外,企業的資安政策的制定與執行都可減少企業所面臨的風險。
近年來資料外洩事件頻傳,客戶資料及公司智慧財產外洩可能導致罰鍰、訴訟、公司品牌形象的毀損等。政府積極推動個人資料保護法,為了提高約束力,立法、司法與行政部門決定聯手祭出「天文數字的重罰」加以遏止;加上惡意使用者偽卡盜刷、冒名使用,使得電子商務業者不得不審慎地去評估如何加強資訊安全,以維繫企業本身的利益及提高企業的競爭力。
PKI的技術是目前公認最可靠、最可被信任的方式,但建置的複雜性及高成本,使得PKI的推廣層面不夠普及;如何讓PKI由「技術」移轉成為成功的「應用」,故筆者在本論文中建議一個運作模式,讓網路旅行社可以在透過網際網路行銷擴大業務之餘,也能因應時勢所趨,提供給其客戶一個安全的網路交易環境。 / The safety of Internet transaction has been referred to as the most important task in this fully-developed world of Internet. And public key infrastructure, which can provide confidentiality, authentication, integrity and non-repudiation, is one of the most effective ways of encryption in the application of information security.
The travel agency has been one of the largest industries in e-commerce. There are many enterprise resource planning systems built in online travel agencies, so that almost every transaction and tours can be arranged through the Internet. To provide a well-protected environment, enterprises can use PKI technology to ensure the safety of online data exchanging.
Online travel agencies interact with consumers through the web-site. Not only the basic protection like firewall, intrusion detection, and vulnerability scanning but also the development and the executive of security policies can reduce the risk that enterprises may encounter.
Fines, litigations and the company's brand image damages may come after data leakages such as information of clients or intellectual property of companies. Government has actively promoted personal data protection law and huge amount of fines to improve the bindings. Coupled with many fraud credit cards used by the malicious users, companies have to assess how to reinforce information security to maintain its profit and upgrade its competitiveness.
PKI technology is recognized as the most reliable and trusted solution, but the complexities and high cost of implementation made it difficult to apply. So, the author here tries to provide a mode of operation for online travel agencies to not only extend its services by the Internet but also provide a safe Internet transaction environment for its clients.
|
| 4 |
數位權利管理(DRM)系統可行性研究-從技術、法律和管理三面向剖析 / A Study on the Feasibility of Digital Rights Management (DRM) Systems-From Technological, Legal and Management Aspects郭祝熒, Kuo,Melody C.Y. Unknown Date (has links)
在數位內容下載市場蓬勃發展的同時,非法傳輸的流量亦不惶多讓,是以DRM機制成為了著作權利人進入網路世界的絕佳後盾,以DRM提高複製的門檻,並據以實施其商業模式,故於各數位內容核心產業皆可見DRM應用之蹤跡,卻同時引發了究竟DRM是Digital “Rights” Management 亦或Digital “Restriction” Management的爭議。是天使?或是惡魔?便形成了人們對於DRM的不同觀感。
本研究係從技術、法律以及管理三個面向分別切入,由技術面看DRM保護著作物之極限何在,由法律面看相關科技保護措施之立法造成何種影響,合理使用的空間是否因DRM之實施而造成限縮,接著由管理面向看DRM在數位內容產業價值鏈中所扮演之角色及其與價值鏈上各端權力角力衝突之關係,最後由標準面看目前DRM相關標準的運作以及互通性標準的發展趨勢。並從個案研究觀察DRM在不同產業情境中的應用。
本研究認為,DRM技術本身是中性的,其關鍵在於商業設計運用。而在盜版問題無法完全根絕之情況下,以DRM作為因應之道將使得受限內容之經濟價值不若自由流通之內容,因為內容產業的發展關鍵在於「人氣」,而盜版永遠無法取代創意與使用者對於內容之需求。因此,既然無法防堵非法傳輸之現象,則不妨與之直接面對面進行作戰,權利人既掌握了關鍵的內容,則可以針對盜版的弱點提供更優質的服務。就我國目前數位內容產業發展之情境來看,現階段或許有採取DRM進行保護的必要性,以便在推動合法消費市場之際,平衡兼顧保護著作權人以及著作利用人之權益。然而,在虛擬世界中欲全面防堵非法散佈有其技術上之侷限性,消費者亦多半養成了免費取得之使用模式與心態,因此長期而言,或許應設法從創新的商業模式來扭轉此態勢。 / Though the use of digital rights management (DRM) has been controversial, it is still widely used in the digital world. Advocates think of DRM as an indispensable way to prevent unauthorized duplication and dissemination of copyrighted works while opponents often suggest that the term “rights” should be replaced by “restriction” to best describe how DRM works.
This thesis aims to analyze the issues of DRM from three perspectives. First starting with the technical point of view to see how DRM works and found out that DRM technology does have its limitation for copyright protection. That’s the reason why treaties and legislations such as the WCT, WPPT, and DMCA are needed to build the last ditch in the war with piracy. However, the attempt backfired as companies other than rights holders used it as a way to prevent market competition. As the rights holders can effectively control the access of their work with DRM, there comes another dispute about the “Paracopyright” effect. Most important of all, the use of DRM divests the users of the rights they had in the analog world, such as simply lending a book to a friend. From the perspective of management, a cost benefit analysis indicates that the benefit of using DRM to prevent unauthorized duplication obviously overwhelms by its cost and risk. In the context where the content providers, service providers, and device manufacturers all attempt to dominate the whole value chain, DRM also became one of the most powerful instruments for that purpose. Closed ecosystems are built one after another especially in the online music industry in order to bundle the consumers with specific players and music services and thus caused the antitrust issue.
The online music industry and the e-book industry were chosen as case studies in the fourth chapter of the thesis. Based on different industry context, DRM strategy and its impact would differ and therefore results in a variety of business models. For example, the consumers in the US are relatively more aware of the use of DRM and are more willing to pay for authorized content. In contrast, the awareness of DRM of consumers in Taiwan is much lower and the price they are willing to pay is also far lower than what the music labels can accept. As a result, the streaming model prevails over pay-per-download model in the online music market of Taiwan. And the feasibility and necessity of DRM also varies in different industries. Before the digitalization of books, authors already had libraries providing free copies as piracy do today, and the prevalence of scanning machines and copy machines makes it even harder to prevent illegal file sharing. Accordingly, there is far less reason to use DRM in the e-book industry than in the online music industry.
DRM technology is neutral in itself, and the key point is how it is designed based on different business models. The defect of DRM is neither a technical nor a legal issue, but rather a business issue. As piracy can never be eradicated, coping it with DRM would only make the value of restricted contents much less than freely distributed contents. Popularity is what really matters in the content industry. DRM has its technical limit and causes so many legal issues accompanied with the cost and risk of maintaining such fragile systems. What rights holders have in hand are the creativity and the market’s need for new content, which could never be replaced by piracy. So why not fight it face to face?
Digital content industry is considered one of the most promising industries in Taiwan. However, local consumers have entrenched mindset of “free” contents. In present context, DRM is somehow needed while promoting the growth of legal market, in order to provide sufficient incentive to enrich the society with more and more creativity, and fairly protect both the rights of content providers and content users. But in the long run, a more creative or even subversive business model should be the solution to meet the trend of digital convergence.
|
| 5 |
可搜尋式加密和密文相等性驗證 / Searchable encryption and equality test over ciphertext黃凱彬, Huang, Kaibin Unknown Date (has links)
本文深入探討許多基於公開金鑰密碼和通行碼的密文運算方案。首先第一個主題是「公開金鑰密碼」,從其基本架構和安全定義開始,透過文獻探討逐步地討論公開金鑰密碼學的各項特性、以及討論公開金鑰密碼中兩個常見的密文運算:同態加密系統和可交換性加密系統。同態運算是針對同一把公鑰加密的不同密文間的運算:兩個以同一把公鑰加密的密文可以在不解密的前提下進行運算,進而成為另一個合法密文。這個密文運算的結果等同於兩個明文做運算後再以該公鑰加密。可交換性加密系統是一個容許重複的加密系統:已用甲方公鑰加密的密文可以再度用乙方公鑰再加密,進而之成一個多收件者的密文。第一個主題圍繞著這兩個密文運算的技巧討論相關的加密方案。接下來第二個研究的的主題是「基於公開金鑰密碼之密文相等性驗證」,「密文相等性驗證」是密文運算中一個基礎但重要的功能,經授權的測試者可以在不解密密文的前提下,驗證兩個加密後的訊息是否相等。此外,除了相等或不相等之外,測試者無法得知密文中的其他訊息。「基於公開金鑰密碼之密文相等性驗證」相當於在「公開金鑰密碼」的基礎上,再加上「授權」和「密文相等性驗證」的功能。其中「授權」的範圍和「授權」的設計,直接影響到該方案的實用性及安全性,本文提出三個關於「授權」的主題:「單一密文授權」、「相容性授權」和「語意安全授權」。第三個研究主題是「 可搜尋式加密系統」, 常被應用於以下情境:使用者一個檔案及數個「關鍵字」進行加密,然後儲存在雲端伺服器上。當使用者想要對加密檔案進行關鍵字搜尋時,他可以自訂幾個想搜尋的「關鍵字」並對雲端伺服器發出搜尋要求。在收到搜尋要求後,雖然關鍵字都是加密儲存,仍可利用「可搜尋式加密」技巧將符合關鍵字搜尋的檔案傳回給收件者。整個過程中檔案和關鍵字都被加密保護,伺服器無法得知其儲存及搜尋內容。本文提出兩個「 可搜尋式加密系統」,分別是「子集合式多關鍵字可搜尋式加密系統」和「基於通行碼的可搜尋式加密系統」 。 / This dissertation addresses the research about ciphertext computation skills over public key encryption and password-authenticated cryptosystems. The first topic is related to the public key encryption, the framework and security notions for public key encryption are revised; and two common ciphertext-computable public key encryptions including homomorphic encryption and commutative encryption are following discussed. The homomorphic encryption denotes computations over ciphertexts encrypted using the same public key. The homomorphic operation over ciphertexts may be equal to the encryption of a new message computed between two original messages. In terms of commutative encryption, it stands for a repeated encryption system that Alice’s ciphertext can be duplicated encrypted using Bob’s public key. A dual-receiver ciphertext will appear after the commutative encryption. Following, based on the public key encryption, the second topic focuses on the public key encryption with equality test schemes, the basic and fundamental ciphertext computation. Briefly, the user-authorized testers are able to verify the equivalence between messages hidden in ciphertexts after they acquire trapdoors from ciphertext receivers; and the ciphertexts were never decrypted in the whole equality testing process. The scope and architecture of the authorization directly influence the application and security for equality test schemes. Three authorizations including “cipher-bound authorization”, “compatible authorization” and “semantic secure authorization” will be proposed. The third topic is keyword search. It works in the following scenario: a user outsources encrypted files and encrypted keywords on a cloud file storage system; then, when needed, the user is able to request a search query to the file server, which is corresponding to some encrypted keywords. Although files and keywords are encrypted, the server is still able to verify the match-up and return related files to the user. Two researches about keyword search are proposed: the subset multi-keyword search based on public key encryption, and the password-authenticated keyword search.
|
| 6 |
政府採購入口網站功能架構與關鍵成功因素之研究 / A Study of the functional architecture and Key Success Factors for the Government Electronic Procurement Portal Website陳冠竹 Unknown Date (has links)
政府入口網站含蓋了眾多提供公共服務的網站,讓民眾或企業進行相關業務的辦理、資訊的查詢以及進行交易等行為。全國或是全球需要使用到政府服務,例如政府採購等之使用者皆是政府入口網站之服務對象。因此政府網站在資料流量含量方面較之於一般商業網站更為可觀,亦包含了電子商務性質。在此狀況下,政府角色亦已逐漸從管制調適為服務。就政府體策略或執行計畫而言,實施知識管理除可使行政單位的工作效率提昇,行政流程時間縮短,更可避免重覆錯誤及誤判訊息之可能。
本研究主要以行政院公共工程委員會目前所推行之『政府採購電子化』計畫為研究對象,冀於對未來五年能達到政府採購作業全面電子化提出建議。本研究之目標係分析研擬「政府電子採購入口網站」之關鍵成功因素,從而由「政府採購電子化」計畫現行系統歸納出具綜效之整合型「政府電子採購入口網站」功能架構,其工作內容如下:
1. 歸納、分析現行各系統及政府採購法推動之問題。
2. 瞭解國內政府入口網站之推動情形,分析企業資訊入口網站解決方案現況。
3. 利用分析層級程序法(Analytic Hierarchy Process,簡稱AHP)歸納出三分類專家,包括工程會內部專家、公部門專家、產業界及學界專家所認為的「政府電子採購入口網站」之關鍵成功因素,同時也分析資訊職務與非資訊職務專家觀點之相異點。
4. 根據歸納出來之關鍵成功因素與內部需求,提出具建設性之「政府電子採購入口網站」功能架構雛形,建議工程會推動「政府採購入口網站」提供之功能依據。
本研究AHP法研究結果如下:
1. 本研究中之各類專家一般認為內在因素比外在環境因素之權重大。
2. 第三層關鍵成功因素包括知識管理機制之健全化、政策及法制配合度、使用者服務機制、資訊系統與營運。整體而言,工程會內部專家與產業界及學界專家兩類專家較重視政策及法制配合度構面因素,而公部門專家比較重視資訊系統與營運構面因素。資訊職務專家較重視政策及法制配合度構面因素,非資訊職務專家比較重視資訊系統與營運構面因素。
3. 整體最底層關鍵成功因素排名前七項分別為高階長官的參與和支持並訂定明確的目標、即時配合實際狀況,修正、鬆綁法規、充裕的資源配合、提昇法令約束力之效力、提供快速回應問題之機制、介面具親和力、操作流程循序簡單、提供高度的可靠性與穩定性。
本研究最後逐一對專家深入訪談、工程會需求訪談、企業資訊入口網站解決方案及關鍵成功因素AHP之分析等結果提出結論與建議。 / An e-Government Portal should integrates numerous websites that offer public service, and provides individuals or enterprises with a platform for trafficking, searching information, and conducting transactions. Thus, all the users, that need to access government service and government procurement information, are potential customers of the e-Government Portal website. Hence, the e-Government Portal website, with e-Commerce quality, has more enormous data flow and database contents in comparison with simple e-Commerce sites. Last but not least, the role of e-Government Portal website is turned gradually into a service provider from its simple transition role of inspection.
From government's strategic aspect, actions regarding knowledge management can not only improve the efficiency and streamline the administrative procedures, but also avoid the crisis of repeating failures and misleadings of messages.
The object of this research is the Electronic Procurement Plan, which was established and promoted by the Public Construction Commission (PCC) of The Executive Yuan, R.O.C. The goal of the Electronic Procurement Plan is to accomplish the electronic commerce of the government procurement entirely in five years. This study aims to find out the critical success factors (CSF) for the Government Electronic Procurement Portal Website, and to carry out a functional architecture for the synergic Government Electronic Procurement Portal Website via the following working packages :
1. to analyze and formulate the problems of promoting the electronic government procurement system and the government procurement law.
2. to discuss the ongoing domestic promotion programs of the e-Government Portal websites and analyze the status quo cases of the Enterprise Information Portal (EIP) solution.
3. to analyze and compare the critical success factors of the Government Electronic Procurement Portal Website of various expert viewpoints through Analytic Hierarchy Process (AHP) method. The experts come from the PCC internal public servants, public servants from other government agencies as well as industrialists and scholars. On the other hand, the different viewpoints between the IT background experts and non-IT background experts are also compared.
4. to summarize constitutive functional architecture for the Government Electronic Procurement Portal Website according to the resulted CSF and the PCC internal requirements.
The results of AHP analysis can be stated as following:
1. The internal factors outweigh external factors.
2. The third-level of factors of AHP architecture includes the solidity of knowledge management, the compatibility of policies and laws, the user service mechanism and the information systems and operations. Generally, the PCC internal public servants, industrialists and scholars pay more attention to the compatibility of policies and laws than the other public servants that put a lot of emphasis on the information systems and operations. The IT background experts value the compatibility of policies and laws, whereas the non-IT background experts emphasize the information systems and operations.
3. The top seven priority factors of the rock-bottom level factors include the involvements and endorsements of the top executives and establish the clear goals, the instantaneous emendation and relaxation of the laws, the compatibility of abundant resource, the effectiveness of promoting the law's constraint force, friendly interface and easily sequential operation flow and high reliability and stability.
At last, this research leads to the conclusions and suggestions in regard to in-depth experts interviews,PCC internal requirement investigations, EIP solutions and the AHP CSF analysis.
|
Page generated in 0.0484 seconds