| Summary: | 碩士 === 國立臺灣科技大學 === 資訊管理系 === 89 === Along with the rapid development of the Internet, anyone can easily explore, access, and share the remote information over the Internet with an explorer. That changes the life, the commercial activity, and the mass media immediately and creates a vision of electronic commerce. Since more and more web users would acquire information from the Internet, incorrect content of the information provided by a website will make web users suffer from inscrutable disservice. Web users’ doubts are raised by bargain dispute, private data reveal and Internet fraud. In order to remedy the worsening situation, kinds of website authentication organizations are established to make up rules for authenticating websites and giving a legal website a mark. By verifying the authenticity of the mark, any web user can ensure the identification of the website.
Taking a comprehensive view of the website authentication organizations, we find that their main job is to provide authentication of the website for web users by an authorized mark but integrity of the content on the web pages. When the web page provider denies his mistake appeared on the web page, identification authentication of websites is insufficient to protect rights of web users. Moreover, the adopted methods of authentication are interactive; hence, verification of the authorized mark is costly and transmission between the web users and the website authentication organization may result in the bottleneck. For insuring identification authentication of websites, providing integrity of the content on the web page, and overcoming the drawbacks of the interactive method, we propose a new mark system with self-certified public key system (called a self-certified mark system). The main advantage of the proposed system is that a web page user can verify whether the identification of the website and content of web pages are fabricated or modified. It does not require the assistance of the website authentication organization; hence, the data transmission time and the overload of the website authentication organization can be lowered. In addition, our system also provides a method to classify content of web pages to give appropriate rights to web users.
We propose two schemes for realizing our system. If the identification of the website and the content of the web pages can be verified simultaneously, we call this scheme as “centralized”. Otherwise, the scheme is called as “separable”. In the separable system, any web user registers his personal data to a web page provider after authenticating the website. It can prevent user’s personal data from being misused by an illegal provider. In the centralized system, any web user first registers with the web page provider and then authenticates the identification of the website and the content of web pages. It can be seen that the centralized scheme is more efficient than the separable one.
To sum up, our proposed schemes in this thesis are characterized as follows:
1. Since the proposed schemes are non-interactive, they are more efficient than the previously proposed methods for authenticating identification of the website and content of the web pages.
2. It is unnecessary for the web users to transmit the public keys (including their certificates) and verify their authenticity before authenticating the identification of the websites and the content of the web pages. Hence, it is more efficient than the previsouly methods in terms of the communication costs and the computational efforts.
3. The web page provider can efficiently classify and maintain the content of his website.
|
|---|
