1. Ho, D., Identity theft is top consumer fraud complaint of 2001, Jan. 24, 2002. http://www.insidenaples.com/02/01/business/d741589a.htm.![new window](/gs32/images/newin.png)
2. 孫承武,北市警方偵破駭客入侵網路銀行盜領一百餘萬,2001年5月1日。 http://leadtime.com.tw/leadtime/news/security/北市警方偵破駭客入侵網路銀行盜領一百餘萬(Yahoo-2001.05.02).mht.
3. 張慧雯,「騙取語音密碼一連三起」,中國時報, 2001年4月19日。 http://ec.chinatimes.com.tw/scripts/chinatimes/iscstext.exe?DB=ChinaTimes&Function=ListDoc&From=5&Single=1.![new window](/gs32/images/newin.png)
4. Bennett, R. A., “I didn’t do it,” USBanker, Dec. 2001.
5. National Information Infrastructure Task Force, Privacy Working Group, Principles for providing and using personal information, Jun. 1995.
6. Behrens, L., Privacy and security: The hidden growth strategy, May 31, 2001. http://www.gartnerg2.com/site/searchresults.asp.
7. ITAA, ITAA poll finds almost three of four Americans concerned about cyber security, Dec. 11, 2001. http://www.itaa.org/isec/pubs/e200112-05.pdf.
8. 經濟部中小企業處,第六章政府支援電子商務策略之探討,中小企業白皮書。http://www.moeasmea.gov.tw/web/html/白皮書/電子商務/ch6.doc.
9. ISO/IEC 10181-2: Information technology -- Open Systems Interconnection -- Security frameworks for open systems: Authentication framework, 1996.
10. ISO/IEC 9798 part1-5: Information technology - Security techniques - Entity authentication.
11. 「假提款機盜錄密碼八銀行失金」,華視全球資訊網,2002年4月10日。 http://www.cts.com.tw/news/headlines/news20020410N3.htm.
12. ITU-T Rec. X.509 | ISO/IEC 9594-8, Information technology - Open Systems Interconnection - The Directory: Authentication framework, ISO/IEC, 1997.
[1]13. Paul, F., “Microsoft computer network hacked; FBI steps in,” CNET, Oct. 27, 2000. http://news.cnet.com/news/0-1003-200-3308084.html.![new window](/gs32/images/newin.png)
14. Lamport, L., “Password authentication with insecure communication,” Communications of the ACM, vol. 24, no. 11, pp. 770-772, Nov. 1981.
15. Ammenheuser, M., “The business case for biometrics,” Bank Systems & Technology, Feb. 2002.
16. Neuman, B. C. and Ts''o, T., “Kerberos: An Authentication Service for Computer Networks,” IEEE Communications, vol. 32, no. 9, pp. 33-38, Sep. 1994. http://www.isi.edu/gost/publications/kerberos-neuman-tso.html.
17. Kohl, J. and Neuman, C., The Kerberos Network Authentication Service (V5), RFC1510, Sep. 1993. http://www.ietf.org/rfc/rfc1510.txt.
18. Phoenix Technologies Ltd, Zero-Knowledge Password Proofs. http://www.integritysciences.com/password.html.
19. Bellare, M. and Rogaway, P., The AuthA protocol for password-based authenticated key exchange, Contribution To the IEEE P1363 study group for Future PKC Standards.
[4]20. Boyko, V., MacKenzie, P., and Patel, S., “Provably secure password authenticated key exchange using Diffie Hellman,” EUROCRYPT 2000, pp. 156-171, 2000.
[5]21. Bellovin, S. and Merritt, M., “Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise,” The 1st ACM Conference on Computer and Communications Security, pp. 244-250, Nov. 1993.
[6]22. Jablon, D., “Extended password key exchange protocols immune to dictionary attack,” WETICE Workshop on Enterprise Security, 1997.
[7]23. Kwon, T. and Song, J., “Secure agreement scheme for gxy via password authentication,” Electronics Letters, vol. 35, no. 11, pp. 892-893, May 27, 1999.
[8]24. MacKenzie, P. and Swaminathan, R., Secure network authentication with password information, Presented to IEEE P1363a, August 1999.
[9]25. Wu, T., “Secure remote password protocol,” Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, San Diego, CA, pp. 97-111, Mar. 1998.
26. T. Kwon, “Authentication and key agreement via memorable passwords,” NDSS 2001 Symposium Conference Proceedings, Feb. 2001.
27. Lennon, R.E., Matyas, S.M., and Meyer, C.H., "Cryptographic authentication of time-invariant quantities," IEEE Transactions on Communications COM-29, no. 6, pp. 773-777, Jun. 1981.
[10]28. Gong, L., Lomas, M., Needham, R., and Saltzer, J., “Protecting poorly chosen secrets from guessing attacks,” IEEE Journal on Selected Areas in Communications, vol. 11, no. 5, pp. 648-656, Jun. 1993.
[11]29. Halevi, S. and Krawczyk, H., “Public-key cryptography and password protocols,” Proceedings of The 5th ACM Conference on Computer and Communications Security, pp.122-131, 1998.
[12]30. Kwon, T. and Song, J., “Efficient and secure password-based authentication protocols against guessing attacks”, Computer Communications, pp. 853-861, Jul. 1998.
31. Chang, C. C. and Wu, L. H., “A new password authentication scheme,” Journal of Information Science and Engineering, vol. 6, pp. 139-147, 1990.
32. Harn, L., Huang, D., and Laih, C.S., “Password authentication based on public-key distribution cryptosystem,” Fifth International Conference on Data Engineering, pp. 332-338, Los Angeles, USA, 1989.
33. Hwang , T.Y., “Passwords authentication using public-key encryption,” Proceedings of the 1983 IEEE International Carnahan Conference on Security Technology, Zurich, Switzerland, pp. 35-38, Oct.1983.
34. Lin, C.H., Chang, C. C., Wu, T.C., and Lee, R.C.T., “Password authentication using newton''s interpolation polynomials,” Information Systems, vol. 16, no. 1, pp. 97-102, 1991.![new window](/gs32/images/newin.png)
35. Chang, C.C. and Hwang, S.J., "Using smart cards to authenticate remote passwords," Computers and Mathematics with Applications, vol. 26, no. 7, pp. 19-27, 1993.
36. Chang, C.C. and Wu, T.C., “A smart card oriented password authentication scheme based on Rabin’s public key cryptosystem,” International Journal of Information and Management Sciences, vol. 8, no. 3, 1997, pp. 63-73.
37. Chang, C.C. and Wu, T.C., “Remote password authentication with smart cards,” IEE Proceedings Computers and Digital Techniques, vol. 138, no. 3, pp. 165-168, 1991.
38. Chang, C.C. and Wu, T.C., “Remote password authentication with smart cards,” IEE Proceedings - part E, vol. 138, no. 3, pp. 165-168, May 1991.
39. Chang, C.C., Wu, T.C., and Laih, C.S., “Cryptanalysis of a password authentication scheme using quadratic residues,” Computer Communications, vol. 18, no. 1, pp. 45-47 Jan. 1995.![new window](/gs32/images/newin.png)
40. Fumy, W. and Pfau, A., “On the complexity of asymmetric smart card authentication,” Proceedings of the Second International Smart Card 2000 Conferenece, Amsterdam Netherlands, pp. 181-190, 1989.
41. Shamir, A., "Identity-based cryptosystems and signature schemes," Advances in Cryptology: CRYPTO ''84, Lecture Notes in Computer Science vol. 196, pp. 47-53, 1985.
42. Wu, T.C. and Chang, C.C., “A password authentication scheme based on discrete logarithms,” International Journal of Computer Mathematics, vol. 41, no. 3+4, pp. 31-38, 1991.
43. Wu, T.C. and Wu, T.S., “ID-based remote login authentication scheme based on cross product operations,” International Journal of Information Management & Engineering, vol. 1, no. 2, pp. 7-13, 1994.![new window](/gs32/images/newin.png)
44. RSA Laboratories, PKCS #5 v2.0: Password-based cryptography standard, 1999. ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-5v2/pkcs5v2-0.doc.
45. Kaliski, B., PKCS #5: Password-based cryptography specification version 2.0, RFC2898, Sep. 2000. http://www.faqs.org/rfcs/rfc2898.html.
46. 政府憑證管理中心,採用標準與格式。http://www.pki.gov.tw/cps/5.htm.
47. Merkle, R., “Protocols for public key cryptosystems,” Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, Apr.1980.
48. Haller, N.M., The S/KEY one-time password system, RFC 1760, Feb. 1995. http://www.faqs.org/rfcs/rfc1760.html.
49. Rivest, R. and Shamir, A., “PayWord and MicroMint: Two simple micropayment schemes,” International Workshop on Security Protocols, 1996.
50. U.S. Naval Research Labs, OPIE software distribution. ftp://ftp.nrl.navy.mil/pub/security/opie/.
51. RSA SecurID. http://www.rsasecurity.com/products/securid/.
52. Microsoft .NET passport. http://www.microsoft.com/netservices/passport/.
53. ISO/IEC 7816 part1-10: Information technology - Identification cards - Integrated circuit(s) cards with contacts, ISO, New York.
54. EMV 4.0 specifications, 2000. http://www.emvco.com/.
55. European Telecommunications Standard Institute, GSM 11.11 version 6.2.0, 1997, http://www.ttfn.net/techno/smartcards/standards.html.
56. Love, M., “2002-a smart bet on smart cards,” Credit Card Management, Feb. 2002.
57. Simpson, B., “Chip cards break out of their shell,” Credit Card Management, Feb. 2002.
58. “Veridicom team to offer unrivaled smartcard security for e-business using fingerprint authentication,” Cylink. http://www.cylink.com/news/press/pressrels/112000.htm.
59. “Bank of America Offers Fingerprint Access to Online Banking,” Internetnews.com, Jan. 6, 1999. http://www.internetnews.com/ec-news/article.php/33221.
60. “Veridicom and Giesecke & Devrient form smart card partnership,” TWW, Apr. 25, 2000. http://www.m2.com/m2%5Cm2web.nsf/SampleStories/Telecomworldwire/?OpenDocument.
61. Adams, J., “Biometrics and smart card,” Biometric Technology Today, vol. 8, Iss. 7, pp. 8-11, Aug. 1, 2000.
62. Kleffner, R., “Parkison’s disease smart card project ready to roll out,” Biometric Technology Today, vol. 8, iss. 7, pp. 3, Aug. 1, 2000.![new window](/gs32/images/newin.png)
63. 黃景彰、薛夙珍、廖耕億、葉慈章等,國軍資訊可信賴的作業體制之研究計劃結案報告,中科院,2001。
64. AfB and ICSA, 1999 Glossary of Biometric Terms. http://www.afb.org.uk/downloads/glossuk2.pdf.
65. Bowman, E., Everything You Need to Know About Biometrics, IBIA. http://www.ibia.org/EverythingAboutBiometrics.PDF.
66. Woodward, J.D., Jr., Webb, K.W., Newton, E.M., Bradley, M., and Rubenson, D., Army Biometric Applications:Identifying and Addressing Sociocultural Concerns. http://www.rand.org/publications/MR/MR1237/MR1237.ch2.pdf.
67. Clarke, R., “Human identification in information systems: Management challenges and public policy issues,” Information Technology & People, vol. 7, no. 4, pp. 6-37, Dec. 1994.
68. “Innovation at InnoVentry using facial recognition,” Biometric Technology Today, pp. 7-8, Feb. 2001.
69. Rhodes, K.A., “national prepareness technologies to secure federal buildings”. http://www.gao.gov/new.items/d02687t.pdf.
70. Nash, A., Duane, W., Joseph, C., and Brink, D., PKI: Implementing and Managing e-Security, California: McGraw Hill, 2001.
71. Davida, G. I., Frankel, Y., and Matt, B. J., “On enabling secure applications through off-line biometric identification,” Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, pp. 148-157, 1998.
72. Podio, F. L., “Personal authentication through biometric technologies,” Proceedings of the IEEE 4th International Workshop on Networked Appliances, pp. 57—66, 2002.
73. OECD, “Background paper on electronic authentication technologies and issues,” Joint OECD-private sector workshop on electronic authentication, Jun. 1999. http://www1.oecd.org/dsti/sti/it/secur/act/wksp-auth.htm.
74. Matyas, S.M. and Stapleton, J., “A biometric standard for information management and security,” Computers & Security, vol. 19, no. 5, pp. 428-441, 2001.
75. Kim, H.J., “Biometrics, Is it a viable proposition for identity authentication and access control?,” Computers & Security, vol. 14, no. 3, pp. 205-214, 1995.
76. Schneier, B., Biometrics: Truths and Fictions, 1998. http://www.counterpane.com/cryptogram-9808.html-biometrics.
77. 經濟部商業司,電子簽章法。 http://www.moea.gov.tw/~meco/doc/ndoc/s5_p05.htm.
78. Mitchell, C.J. and Chen, L., “Comments on the S/KEY user authentication scheme,” ACM Operating Systems Review, vol. 30, no. 4 , pp. 12-16, Oct. 1996.
79. Kawase, T., Watanabe, A., and Sasase, I., “Proposal of secure remote access using encryption,” Proceedings of the IEEE Global Telecommunications Conference, vol. 2, pp. 868-873, 1998.
80. Yeh, T.C., Shen, H.Y., and Hwang, J.J., “A secure one-time password authentication scheme using smart card, ” IEICE Transactions on Communications, vol. E85-B, no. 11, pp. 2515-2518, 2002.
81. Peytavian, M. and Zunic, N., “Methods for protecting password transmission,” Computers & Security, vol.19, no.5, pp.466-469, 2000.
82. Hwang, J.J. and Yeh, T.C., “Improvement on Peyravian-Zunic’s password authentication schemes, ” IEICE Transactions on Communications, vol. E85-B, no. 4, pp. 823-825, 2002.
83. 黃景彰、葉慈章、徐鵬雲、余俊賢、劉義漢,三合一鑑別機制,工業技術研究院電腦通訊研究所委託學術機構研究計畫結案報告書,2001年。
84. Caldwell, K., “The public policy report,” CommerceNet Newsletter, vol. 3, no. 5, 2001. http://www.nii.org.tw/cnt/info/Report/20010504.htm.
85. Gpayments, Authentication, 2001. http://www.gpayments.com/pdfs/GPayments_Authentication_Whitepaper.pdf.
86. Visa, What is Verified by Visa. http://www.visaeu.com/press_media/factsheets/whatis_vbv.html.
87. Punch, L., “Authentication’s tentative gains,” Credit Card Management, May 2002.
88. Visa, The future takes Visa. http://www.visaeu.com/press_media/factsheets/future_takes_visa.html.
[7]89. Hwang, J.J. and Hsueh, S.C., “Greater protection for credit card holders: A revised SET protocol,” Computer Standards & Interfaces, vol. 19, pp. 1-8, 1998.
90. Bellare, M., Garay, J.A., Hauser, R., Herzberg, A., Krawczyk, H., Steiner, M., Tsudik, G., Herreweghen, E.V., and Waidner, M., “Design, implementation, and deployment of the iKP secure electronic payment system,” IEEE Journal on Selected Areas in Communications, vol. 18, no. 4, pp. 611 —627, Apr. 2000.
91. Australian Transaction Report and Analysis Centre, RGEC Report - Research and Technical Advice, vol. 3, Dec. 1999. http:// www.austrac.gov.au/text/publications/ rgec/3/pdf/ch1.pdf.
92. Network Working Group, AAA Authorization Application Examples, RFC 2905. http://www.faqs.org/rfcs/rfc2905.html.
93. Freier, A.O., Karlton, P., and Kocher, P.C., The SSL Protocol Version 3.0, Mar. 4, 1996. ftp://ftp.netscape.com/pub/review/, ssl-spec.tar.Z.
94. MasterCard and VISA, Secure Electronic Transaction (SET) Specification, Book 1: Business Description, version 1.0, 1997.
95. MasterCard and VISA, Secure Electronic Transaction (SET) Specification, Book 2: Programmer’s guide, version 1.0, 1997.
96. MasterCard and VISA, Secure Electronic Transaction (SET) Specification, Book 3: Formal Protocol Definition, version 1.0, 1997.![new window](/gs32/images/newin.png)
97. ISO/IEC 10181-4:Information Technology - Open Systems Interconnection - Security Frameworks in Open Systems: Non-Repudiation Framework, 1997.
98. VISA EU, 3D SET. http://www.visa.be/pd/eu_shop/merchants/3d_set/main.html.
99. VISA, 3-D Secure System Overview, Version 1.0.3, Dec. 3, 2001. http://international.visa.com/fb/paytech/secure/pdfs/3DS_70015-01_System_Overview_external_v1.0.2.pdf.
100. VISA, 3-D Secure Protocol specification, Version 1.0.1, Nov. 1, 2001. http://international.visa.com/fb/paytech/secure/main.jsp.![new window](/gs32/images/newin.png)
101. Gpayments, Visa 3-D Secure vs. MasterCard SPA, 2002, http://www.gpayments.com/industry.htm#2.
102. MasterCard International, Secure Payment Application (SPA). http://www.mastercardintl.com/newtechnology/ecommercesecurity/spa/.
103. Mu, Y., and Varadharajan, V., “A new scheme of credit based payment for electronic commerce,” Proceedings of the 23rd Conference on Local Computer Networks, Boston, Massachusetts, USA, pp. 278-284, 1998.
104. Chaum, D. and Pedersen, T.P., "Wallet databases with observers", Proceedings of Advances in Cryptology-CRYPTO''92, Springer-Verlag, pp. 89-105, 1992.
105. Verheul, E.R. and Tilborg, H.C.A. van, "Binding elgamal: A fraud-detectable alternative to key-escrow proposals", Proceedings of the Advances in Cryptology - EUROCRYPTO'' 97, Springer-Verlag, pp. 119-133, 1997.
106. Schneider, M.A. and Felten, E.W., “Efficient commerce protocols based on one-time pads,” Proceedings of ACSAC’00, pp. 317-326, 2000.
107. 聯合信用卡處理中心,SET 以外之另項選擇 —“O-card”,2000年9月15日。 http://www.nccc.com.tw/plan/news/newsg3.htm#g3bg.
108. Yeh, T.C., Li, J.B., and Hwang, J.J., “Greater privacy protection for on-line credit card payment,” Proceedings of The First International Conference on Electronic Business, Hong Kong, pp. 136-138, 2001.
109. Hwang, J.J., Yeh, T.C., and Li, J.B., “Securing on-line credit card payments without disclosing privacy information,” Computer Standards & Interfaces, vol. 25, issue 2, pp. 119-129, 2003.
110. Behrens, L., Privacy and security: The hidden growth strategy, May 31, 2001. http://www4.gartner.com/5_about/press_releases/2001/pr20010807d.html.
111. Riem, A., “Cybercrimes of the 21st century: Crimes against the individual — part 1,” Computer Fraud & Security, vol.6, pp.13-17, Jun. 2001.![new window](/gs32/images/newin.png)
112. 吳江泉、林憲祥,「勾結內賊盜取百萬筆資料獲利35億」,中國時報,2002年9月18日。
113. 盧成德,網路銀行使用率一年增加近1倍安全問題深受重視。 http://news.sina.com.tw/sinaNews/ettoday/finance/2002/0731/10577144.html.
114. Rivest, R. and Shamir, A., “Payword and microMint:Two simple micropayment schemes,” Cryptobytes, vol. 2, no. 1, pp. 7-11, 1996.
115. Hallam, P.M., Micro payment transfer protocol (MPTP) version 0.1, W3C Working Draft, Nov. 22, 1995. http://www.w3.org/TR/WD-mptp-951122.![new window](/gs32/images/newin.png)
116. Hauser, R., Steiner, M., and Waidner, M., Micro-payments based on iKP, IBM Research Report, Feb. 12, 1996.
117. Hauser, R. and Tsudik, G., “On shopping incognito,” Proceedings of the 2nd USENIX Workshop on Electronic Commerce, Nov. 1996.
118. Account authority digital signature model, http://www.garlic.com/~lynn/aadsover.htm.
119. Wheeler, L., ”Account authority digital signature and X9.59 payment standard”, 3rd CACR information security workshop, 1999.