ImageVerifierCode 换一换
格式:DOC , 页数:13 ,大小:66.50KB ,
资源ID:77842      下载积分:10 文钱
快捷下载
登录下载
邮箱/手机:
温馨提示:
快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。 如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝    微信支付   
验证码:   换一换

加入VIP,省得不是一点点
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【https://www.wenke99.com/d-77842.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: QQ登录   微博登录 

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(电子票务:电子商务应用的风险【外文翻译】.doc)为本站会员(一***)主动上传,文客久久仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知文客久久(发送邮件至hr@wenke99.com或直接QQ联系客服),我们立即给予删除!

电子票务:电子商务应用的风险【外文翻译】.doc

1、 外文翻译 原文 Electronic ticketing: risks in e-commerce applications Material Source:http: Author: Dominik Haneberg Abstract. This article gives an overview of Electronic Ticketing. It includes a discussion on the advantages of Electronic Ticketing and mentions some projects currently in operation. It al

2、so contains an introduction to different devices usually used to implement Electronic Ticketing systems. Two particularly interesting Electronic Ticketing applications for railway tickets are presented and the security problems associated with such applications are raised and techniques to secure su

3、ch applications discussed. 1 Introduction to electronic ticketing Electronic Ticketing is a form of electronic commerce that offers a new distribution channel for different kind of tickets, e.g. for public transport, for long-distance travel by train or airplane or for cultural institutions like cin

4、emas or museums. The tickets are sold electronically and stored in an electronic device. Usually a PC or PDA connected to the Internet, or a cell-phone, is used to order the tickets. The issued tickets are stored in cell-phones or smart cards. Storing the tickets on a device that a customer always c

5、arries with him/her simplifies life for the service user. The user will generally not forget their tickets anymore, because e.g. their cell-phone is their ticket. 1.1 Advantages for the customer Tickets can be bought at any time, independent of service hours of the public transport companies or rail

6、way stations. The tickets can be sold by an electronic system, e.g. an online shop, and the tickets are immediately transmitted to the customers device. Therefore there is no queuing at the service counter. These service improvements help to raise customer satisfaction. 1.2 Advantages for the ticket

7、 issuer In addition to the service improvements for the customer, Electronic Ticketing is also a chance for the ticket issuer to cut costs. Both the electronic selling and the electronic validation of tickets can help reduce staffing costs. And electronic tickets can help to solve the problem of cou

8、nterfeit tickets. Current ticketing is normally carried out with paper tickets, which can be modified or duplicated with modern image processing and printing technology. Using electronic tickets makes it possible to prevent such fraudulent behavior. Also, the usually expensive special paper often us

9、ed to print tickets is not needed anymore. 1.3 Electronic ticketing devices Electronic Ticketing systems can have different devices as a container for the tickets. The tickets can be stored in a smart card or a cellular phone. When a cell-phone is used the tickets can also be bought using the cell-p

10、hone. For certain Electronic Ticketing scenarios it is also possible to use a Personal Digital Assistant (PDA).Each of these different devices have specific advantages and disadvantages which will be discussed in the following sections. In some cases it is a definite advantage for the development of

11、 Electronic Ticketing systems (and other mobile commerce applications) if the device used is programmable in a high-level language, especially Java. Fortunately, there are smart cards and cell-phones available that can be programmed in Java and, of course, Personal Digital Assistants can be programm

12、ed in Java as well. The different advantages and disadvantages must be carefully considered in the application design process. A smart card based system is less flexible because the user cannot order tickets without an Internet connection, a solution with a non-tamper-proof device requires a complet

13、ely different design because the data stored in the device cannot be trusted. 1.4 Smart cards The main disadvantage of smart cards is that they cannot offer a user interface. Smart cards need an external terminal that communicates with the smart card and provides the user application interface. Most

14、 smart cards are contact-based, only a few smart cards offer wireless communication. Even if a smart card can communicate contact-less the communication range is limited. The smart card must be within less than approximately 30 cm of the smart card terminal. The most important advantage of smart car

15、ds is that they are tamper-proof devices. Both unauthorized access to data stored on the card and unauthorized modification of stored data is very difficult. Modern smart cards also offer support for cryptographic operations using a cryptographic co-processor. Multi-applicative smart cards also offe

16、r mechanisms to separate different applications installed on the same smart card and regulate the possible data exchanges between the applications on the same card. Because the smart card can guarantee that the different applications are protected against each other, it is possible to install differ

17、ent applications on the same card, even if the issuers of the different applications do not trust each other. 1.5 Cellular phones The disadvantages of cellular phones are the fact that cell-phones are only partially tamper-proof and their small display. The limitations of the display often lead to u

18、nwieldy user interfaces. The Subscriber Identity Module, a smart card used by the network operators to identify their customers, is tamper-proof but the storage system of the cell-phone itself is not tamper-proof. The great advantage of cell phones is that they offer different short- and long-range

19、wireless communication techniques, e.g. infrared, Bluetooth and, of course, GSM or UMTS. 1.6 Personal digital assistants PDAs offer the largest display of the different devices mentioned and, because of the touch-screen display, the applications can offer a user interface that is easy to use. PDAs o

20、ffer different short-range radio connections and can be combined with a cell-phone for long-range communication. The disadvantage of PDAs is that they are not tamper-proof at all. Further disadvantages of PDAs are their weight and the low numbers currently in use. 2 Electronic ticketing in practice

21、There are already numerous Electronic Ticketing systems in operation, mainly for public transport.Most of these systems are based on smart cards,either contact-based or contact-less. Electronic Ticketing for long-distance travel (e.g. railway or airline tickets) are not yet very common. E-Ticketing

22、for cultural or sportive events is also not yet established. In Germany, there are currently more than 25 E-Ticketing systems for public transport in operation, or in a test phase. By far the most of them are based on smart cards. Among the smart card based systems most of them are based on contact-

23、less smart cards and use a Check-In/Check-Out policy which means that the customer must register when entering and leaving e.g. the bus by holding the smart card in the proximity of the smart card terminal.This is somewhat inconvenient but allows dynamic pricing, i.e. the minimal rate for each trip

24、can be calculated. Improvements to the Check-In/Check-Out mechanism are offered by Walk-In/Walk-Out or Be-In/Be-Out which use a passive detection of the E-Ticketing customers. The customer does not have to register actively. The paper by Eugenia et al., 2002 provides an overview of smart card based

25、Electronic Ticketing systems. On the international level, there are Electronic Ticketing systems in more than 20 European countries and on every continent. Although public transport is the most common E-Ticketing application there are also some other examples. E.g. Siemens and an airline developed a

26、n application which allows the airline passenger to check-in and select his seat in the plane using his cellular phone. The ticket is sent to the cell-phone as a picture message which contains a matrix-code used as a boarding-pass at the gate. 2.1 Electronic ticketing for railway tickets In the foll

27、owing two sections, two entirely different innovative E-Ticketing solutions for railway tickets are presented. The first one is based on smart cards, the second one uses a PDA as a device for the customer. Each of these applications has distinct advantages but also specific risks which must be addre

28、ssed. 2.2 Electronic tickets with smart cards In the article by Haneberg,2002 an Electronic-Ticketing system for railway tickets based on smart cards is described. The application is based on a smart card application (“cardlet”) that must be installed on a smart card owned by the customer. Using mul

29、ti-applicative smart cards with support for field-loadable code would be optimal for such applications, because the customer just needs one smart card and all other applications they want to use are added on-demand to the set of cardlets on the smart card. This is convenient for the customer and red

30、uces costs, because sophisticated smart cards with e.g. cryptographic co-processors are expensive and therefore it would be a great advantage if it were not necessary to issue another smart card for each new application. In the presented Electronic Railway Tickets system, the tickets are sold electr

31、onically, e.g. via a Web-shop run by the railway company. The ticket issuing system (“server”) communicates with the cardlet on the customers smart card. Therefore it is necessary for the customers PC to have not only an Internet connection to contact the server but also a smart card terminal to com

32、municate with the cardlet. Tickets are ordered electronically and stored on the smart card. This means that the smart card contains the E-Ticketing application, the tickets bought by the customer and cryptographic keys necessary to secure the communication. A great advantage of this solution is that

33、 the tickets can be validated offline by the conductor. This means that the conductor does not need access to the data of the server issuing the tickets. This is possible because the authenticity of the smart card program can be checked using cryptographic methods (e.g. challenge and response method

34、s) and because the tamper-proofness of the smart cards mean that data stored on the smart card cannot be manipulated without authorisation.Therefore, the conductor terminal can trust the data it receives from an authenticated smart card application. The fact that the authenticity of the E-Ticketing

35、smart card program can be verified permits the passing-on of tickets from one smart card to another because the receiving smart card can verify the authenticity of the cardlet that sent the ticket and therefore can be sure that the ticket it received is authentic as well. Another advantage of this s

36、ystem is that it is possible to combine the Electronic Ticketing with other applications e.g. loyalty-programs or electronic payment solutions. 2.3 Electronic onboard ticketing The system described in the previous section is the usual way of buying railway tickets. The trip is planned in advance and

37、 suitable tickets are ordered before the trip starts. Sometimes this is not convenient, or is even impossible. The E-Ticketing system described in this section offers a solution for this case and is therefore very different from the system described above. Electronic Onboard Ticketing was presented

38、in detail by Haneberg et al., 2004. The system is designed as a location-based service that sells railway tickets where the customer needs them: on the train. The scenario for Electronic Onboard Ticketing is a traveller who knows his/her possible connections but who cannot or does not want to buy ti

39、ckets in advance. An example is a person who attends a business meeting finishing at an unspecified time. After the meeting, the traveller simply wants to go to the railway station and board a train in a specific direction without having to wait in a queue to buy a ticket. With Electronic Onboard Ti

40、cketing this is possible. The traveller can buy the ticket on the train using a PDA. The PDA must have Bluetooth capability to locate the ticket issuing service and communicate with the train. Buying tickets is very simple. When the traveller has boarded the train he activates the PDA on which the c

41、lient application is installed. After the programme has been started it contacts the train server via Bluetooth and requests the upcoming stations. The train transmits the list of remaining stops to the PDA and the customer selects his/her destination. The destination is transmitted to the server an

42、d the class in which the customer is travelling is determined, based on the Bluetooth-receiver the customers PDA is connected to. Then an appropriate ticket is generated. After the payment data is transmitted,the purchase is completed. The main advantages of this E-Ticketing solution are ease of use

43、, a cost-free communication technique and the fact that the customer can buy tickets in a locationbased way. 3 Security problems in e-commerce applications In the sections above, it was shown that Electronic Ticketing has clear advantages, but there are also some risks. Communication is an integral

44、part of E-Commerce applications in general and E-Ticketing systems in particular. If the application is not designed carefully, the security of the application is in danger and fraud or disclosure of confidential data is possible. The data that is exchanged between the different systems of the appli

45、cation must be protected using cryptographic methods. Two different sources of security problems must be considered. The first problem is an application design that is inappropriate for the devices used. For example, ticket validation in Electronic Onboard Ticketing is completely different from vali

46、dation of the smart card based E-Ticketing. Because PDAs are not tamper-proof the railway company cannot trust the data stored on the PDA. Besides manipulation of the data on the PDA it is also possible to copy the data. Therefore, in this scenario, it is not possible to implement an offline validat

47、ion of tickets. In this application the tickets are stored on the train server instead of the PDA. The PDA only receives a ticket identifier. The validation of a ticket is also done on the train server which enables the conductors to find out whether the same ticket is presented more than once. The

48、second threat to E-Commerce applications are erroneous cryptographic protocols. Cryptographic protocols are necessary to ensure the secrecy and integrity of transmitted data as well as the authenticity of communication partners and transmitted data. The problem is that cryptographic protocols are di

49、fficult to develop (Anderson et al.1995; Burrows et al.1990). They often contain subtle errors that may be exploited by malicious users of the service. In the remaining part of this section an example of a protocol error for the smart card based E-Ticketing system is described. The protocol is denoted as a sequence of message transfers. Messages are either basic information(e.g. cryptographic keys) or compound messages such as encrypted data. In the protocol description Ri denotes a random number(“nonce”), SA is the

Copyright © 2018-2021 Wenke99.com All rights reserved

工信部备案号浙ICP备20026746号-2  

公安局备案号:浙公网安备33038302330469号

本站为C2C交文档易平台,即用户上传的文档直接卖给下载用户,本站只是网络服务中间平台,所有原创文档下载所得归上传人所有,若您发现上传作品侵犯了您的权利,请立刻联系网站客服并提供证据,平台将在3个工作日内予以改正。