国产航母为何选择在大连制造，而不是上海：三大因素决定！
导读：近日，有报道称，中国的航母计划中航母的数量增加，并且还有可能会有一艘具备两栖作用的新型母舰。这是中国数十年取得的辉煌成就。
从中国着手建造航母开始，就引起了人们对于中国航母建造的关注，尤其是那艘存于大连造船厂的半成品。而如今，那艘半成品正在准备着最后一阶段，已经接近成品。
正是这一引人注目的航母的即将竣工，重新引起了人们对于大连造船厂的好奇，以及对于大连造船厂和上海造船厂的比较。到底为何上海造船厂建造第一艘航母的荣誉拱手让于大连，大连又有什么优势夺得这一殊荣？
近日，有报道称，中国的航母计划中航母的数量增加，并且还有可能会有一艘具备两栖作用的新型母舰。这是中国数十年取得的辉煌成就。从中国着手建造航母开始，就引起了人们对于中国航母建造的关注，尤其是那艘存于大连造船厂的半成品。而如今，那艘半成品正在准备着最后一阶段，已经接近成品。正是这一引人注目的航母的即将竣工，重新引起了人们对于大连造船厂的好奇，以及对于大连造船厂和上海造船厂的比较。到底为何上海造船厂建造第一艘航母的荣誉拱手让于大连，大连又有什么优势夺得这一殊荣？从分工来看，上海造船厂主要是建造中国的直升机航母和所有的大型主战舰艇，而大连则是主要负责中国所有的固定翼航母。造成这一分工的原因主要有以下几点：一、首先从地理位置来看，大连处于中国的内部海域，这一地理位置对于保密和安全而言大大超过了上海，较为隐蔽和安全。二、从技术上来看，大连造船厂的技术得到了改造和升级，掌握了将整体总装分段建造的技术模式，这大大加快了建造航母的速度。三、从配套设施来看，大连有着较为完备的基础配套设施系统，在大连周围已经打造了配套的汽轮机、舰用设备、核反应堆等。这一点也是大连最主要的优势。然而，虽然上海有着国内一流的重工业基础和数一数二的技术能力，但是在地理位置等方面却不得不承认是输给了大连。当然，这并不是说上海造船厂没有实力，它的主攻方面是在主战水面舰艇方面，甚至可以说它承包了中国所有的主要水面舰艇。由此看来，无论是大连还是上海都有着非常优越的造船优势。
点击加载更多
更多精彩内容
24小时热文当前位置： >>
因子分析模型的解是标准化主成分
因子分析模型的解是标准化主成分林海明 （广东商学院统计系 广东 广州 510320）【摘 要】在社会经济、管理、医学、自然科学等众多领域的多指标体系综合评价中， 常应用因子分析法。但因子分析法的模型和理论在数学上存在 4 个问题，它们影响了因子 分析法模型和理论的发展。文献[6][7]建立了因子分析模型 L 及其解，文献[9]用此求出了 因子分析模型的解是
标准化主成分，解决了因子分析模型和理论存在的 4 个问题，得出了 因子分析模型 L 及其解是更好的理论，其是因子分析法经常使用的模型和解。并给出了因 子分析法应用的建议。 【关键词】因子分析模型 解 标准化 主成分 【中图分类号】O212 【文献标识码】AThe Solution of Factor Analysis Models is Standardized Principal ComponentLin Haiming (Guangdong University of Business Studies, Department of Statistics, Guangzhou Guangdong China, 510320)【Abstract】Factor analysis models and theory is not complete. This paper makes factor analysis models L’, gives the solutions of factor analysis models is standardized principal component. Factor analysis models and theory is to be completed. 【Keywords】Factor analysis models, Solutions, Standardized, Principal component1 引言因子分析法的模型是 1904 年由 Charles Spearman 提出的，在社会经济、管理、医学、 自然科学等众多领域的多指标体系综合评价中，常应用因子分析法。但因子分析法的模型 和理论是很不完善的[1]，据归纳，因子分析模型和理论在数学上存在 4 个问题(详见第二 部分)，这些问题影响了因子分析法模型和理论的发展,也使得因子分析模型的解长期以来 成为一个未解之谜。 2007 年 6 月，据对美国统计学会会刊(JASA)副主编蔡天文教授的咨询，国外暂时没解 决这些问题；据对中国人民大学于秀林、何晓群、杜子方等统计学教授的咨询，他们认为： 以上问题较为古老，多年来，人们较多的是注重现有估计解理论的推广应用，没有注意上 述问题的研究。 问题的提出：如何破解因子分析模型解之谜，解决因子分析模型和理论存在的问题 呢？1电子商务――市场?应用?技术文献[6][7]建立了因子分析模型 L 及其解， 文献[9]用此求出了因子分析模型的解是标 准化主成分，解决了因子分析法模型和理论存在的 4 个问题，得出了因子分析模型 L 及其 解是更好的理论， 其是因子分析法经常使用的模型和解。 并给出了因子分析法应用的建议。2 因子分析模型和理论存在的 4 个问题与进展特殊因子向量 ε = (ε 1 , Λ , ε p ) ′ ， 阵， 公因子载荷阵 Bs = (bij ) p×s 、 公因子 Z s = ( z1 , Λ , z s ) ′ ， 记 diag (c1 , Λ , c k ) 是以 c1 , Λ , c k 为对角元素的对角矩阵。 因子分析模型[1]设 X = ( x1 , Λ , x p ) ′ 为正向化、标准化随机向量 ( p ≥ 2), R 为变量 X 的相关系数矩X = Bs Z s + ε ， s ≤ p ， VarZ s = I s ， Eε = 0 ， ψ i ≥ 0, i = 1, Λ , p, cov(Z s , ε ) = 0,求 Bs 、 Z s 、 ε ，使：Varε = ψ =diag (ψ 1,…,ψp)，这里ψ i 称为特殊方差，ψ 称为特殊方差阵。2 v j = ∑ip=1 bij 称为因子 z j 对 X 的方差贡献，ψ i 亦称为特殊因子 ε i 对 X 的方差贡献。 设 R 的特征值为 λ1 、…、 λ r 、0(一般假定), λ1 ≥…≥ λ r ＞0( λi 达到降序排列最大 化), r = 秩 ( R ) ≤ p , A = (aij ) p× p = (α 1 ,Λ , α p ) 、 这 里 R α i = λ iα i , i = 1, Λ , m , Rα k = 0, k = r + 1, Λ , p, AA′ = I p ( p 阶单位阵)。 [1] 设主成分 F = ( f 1 , Λ , f p ) ′ ,则主成分分析（Hotelling，1933）的解 F = A′X ， (1) (2) VarF = diag (λ1 ,Λ , λ r ,0,Λ ,0) 。 取 m≤r ， 记 Am = (α 1 ,Λ , α m ), Fm = ( f 1 ,Λ , f m )′, A p ? m = (α m +1 ,Λ , α p ) , F p ? m = ( f m +1 ,Λ , f p )′ ， [1] 1/ 2 1/ 2 0 标 准 化 主 成 分 载 荷 ： Bm =( α 1λ1 , … , α m λm ) ( 初 始 因 子 载 荷 1/ 2 1/ 2 0 阵）, Bε =( α m +1λ m +1 , …, α r λr ) ,标准化主成分 ：0 ? ? 0 Z m ? ( f1λ1 1 / 2 ,…, f m λ?1 / 2 )′ ＝ diag (λ1 1 , λ?1 , Λ , λ?1 )( Bm )′ X [由式(1)]， m 2 m ε 0 ? ( f m +1λ?1+/12 ,…, f r λ?1 / 2 )′ ＝ diag (λ?1+1 , …, λ?1 )( Bε0 )′ X [由式(1)]， m r m r 0 ′ 且有 Var [( Z m ) ′, ε 0 ]′ = I r [由式(2)]。 0 C 为 Bm 的方差最大化正交旋转矩阵[1]。[1]据归纳，因子分析法模型和理论在数学上存在如下 4 个问题： 问题(1)：初始因子载荷阵 Bm 与公因子载荷阵 Bs 没有建立关系。0问题(2)：特殊因子 ε 与因子解估计中省略项 A p ? m F p ? m 的区别不明确，从而因子分析Z 法使用的模型及解不明确[ Bs 的主因子解、 极大似然估计、 s 的巴特莱特(Bartlett,1937)因子得分与 ε 直接有关]。 问题(3)：公因子 Z s 与主成分 F 的精确关系没有建立，不能明确因子分析与主成分分 析的异同（公因子个数、公因子与变量的精确关系与此直接有关） 。 问题(4)：现行降维因子个数 m 的确定方法有时会丢失一些被解释变量的信息。0 0? 了 X 、标准化主成分载荷阵 Bm 、标准化主成分 Z m 的关系：? 研究进展：在张尧庭和方开泰教授的文献[1](1982)中，设 X 为 X 的近似变量，建立0 0 0 0 0 0 ? X = Bm Z m = ( Bm C )(C ′Z m ),VarZ m = VarC ′Z m = I m 。在方积乾、何晓群、余锦华和杨维权教授的文献[2](2001)、[4](2004)、[5](2005) 中，用0 0 X = Am Fm + A p ? m F p ? m ≈ Bm Z m + ε（3）2得出了：公因子载荷阵估计解是标准化主成分载荷阵 Bm ，公因子估计解是标准化主成分0 Zm 。0在 R.A.Johnson 和 D.W.Wichern 教授的文献[3](2003)评注中,“由主成分方法估计的 因子载荷，用未加权(普通的)最小二乘过程生成因子得分解。 ”得出因子得分是:0 ? ′ Z m ＝ diag (λ1 1 / 2 , λ?1 / 2 ,Λ , λ?1 / 2 ) Am X 。 2 m以上解的结论全部为估计的，均没有求出因子分析模型的解。3 因子分析模型 L 及其解的建立利用式(3)的等式继续，利用方差是零的主成分为零，进行矩阵运算验证有：0 0 0 0 X = Am Fm + Ap ? r Fp ? r = ( BmC )(C ′Z m ) + Bε0ε 0 = Bm Z m + Bε0ε 0 ， 0 0 ′ ′ Var [(C ′Z m )′, ε 0 ]′ = Var [( Z m )′, ε 0 ]′ = I r , 0 0 m 0 0 tr[( Bm C )′ Bm C ] = Σ i =1λi , ( Bm , Bε0 )′( Bm , Bε0 ) = diag (λ1 ,Λ , λr ) 。由这三个表达式相应得出了最终解决问题的因子分析模型 L 及其解： 阵, r = 秩 ( R ) ≤ p ， 设 X = ( x1 , Λ , x p ) ′ 为 正 向 化 、 标 准 化 随 机 向 量 ( p ≥ 2), R 为 X 的 相 关 系 数 矩Bm = (bij ) p×m 、 Z m = ( z1 , Λ , z m )′、 ≤ r 、 Bε = (bi m + j ) p×( r ? m ) 、Zε = ( zm +1 ,Λ , zr )′ 。 m [6] ′ ′ 因子分析模型L 求 B = ( Bm , Bε )、Z = ( Z m , Z ε )′ ，使 X = BZ = Bm Z m + Bε Z ε , VarZ = I r , tr[( Bm )′ Bm ] = ∑ m=1 v j 达到最大。 j p 2 这里 v j = ∑ i =1 bij 称为因子 z j 对 X 的方差贡献。 [6] 0 0 定理 1 B = ( BmC , Bε0 )、Z = (C ′Z m , ε 0 ) 是因子分析模型L的解(旋转后解),且 ∑ m=1 v j = ∑ m=1 λ j , v j = λ j , j = m + 1,Λ , r 。 j j [7] 0 0 定理 2 B = ( Bm , Bε0 )、Z = ( Z m , ε 0 ) 是因子分析模型L的解(未旋转解), 且 v j = λ j , j = 1,Λ , r (因子按方差贡献由大到小排顺序达到最大化)。 因子分析模型 L 及其解具有：降维、旋转的功能； bij 是变量 xi 与因子 z j 的相关系数； 前 m 个因子 Z m 对 X 的方差贡献达到最大。即结论 1 因子分析模型 L 及其解具有因子分析法的对应特点和功能。 通过验证，现行软件 SAS、SPSS 计算的因子分析主成分解( n ＞ p )是因子分析模型 L 的解；小样本( n ≤ p )情形下的因子分析主成分解计算与应用见[8]。故人们经常使用的是 因子分析模型 L 的解，不是因子分析模型的解。0 0 规则 1(降维规则) 如果使用旋转后解 C ′Z m ，m 的选取以 Bm C 每行至少有一个元素绝对值≥0.6 的最小列数确定是更好的； 如果使用未旋转解 Z m ， 的选取以 Bm 每行至少有一个元素绝对值≥0.6 的最小列数 m 确定是更好的。 规则 2(旋转后解使用条件,因子分析法的优点之一)0 大),则旋转后解 C ′Z m 较未旋转解 Z m 更好； 0 0 如果 Bm C 每行元素的绝对值往 0 或 1 靠近得多( C ′Z m 较 Z m 命名清晰、与 X 相关性000 0 Bm C 与 Bm 比较，000 则未旋转解 Z m 较未旋转解 C ′Z m 更好。0 如果 Bm 每行元素的绝对值往 0 或 1 靠近得多( Z m 较 C ′Z m 命名清晰、 X 相关性大), 与000定理 1、定理 2 中的结论是解,不是估计的,下面用因子分析模型 L 的解求出因子分析 模型的解。4 因子分析模型的解3电子商务――市场?应用?技术ε t 的标准化,即 zs + t = ε t ψ t?1 / 2 (i = 1,Λ , k ) , et 为第 t 个元素为 1、 其余元素为 0 的 p 维单ki i i设特殊因子 ε 中非零特殊因子为 ε t1 、…、 ε t k (1 ≤ k ≤ p ) , zs + t1、 、zs + t k 为 ε t1 、…、 Λ位列向量,有特殊因子：′ ε = H k ( z s +t ,Λ , z s +t )′ ,这里 H k = (ψ t1 / 2 et , Λ ,ψ t1 / 2 et ) ,ψ = H k H k 。1k 1 1 k k由定理 2，得因子分析模型与因子分析模型 L 解的关系： 结论 2′ ( Bs , H k ) 、 ( Z s , z s +t1 ,Λ , z s +tk )′ 按因子方差贡献由大到小排顺序达到最大化的解分别是：0 0 ′ ( Bm , Bε0 ) 、 [( Z m ) ′, ε 0 ]′ ，且 s + k = r ≤ p 。 ′ 证明 设 ( Z s , z s +t1 , Λ , z s +t k ) ′ 按因子方差贡献由大到小排顺序达到最大化的因子向量为:′ Z q = ( z1 ,Λ , zq )′ ，其含有 ( Z s , z s +t1 ,Λ , z s +tk )′ ， q = s + k ； 相应因子载荷阵设为 Bq = (bij ) p × q , 其含有 ( Bs , H k ) , m 设 v j 为 Z q 中因子 z j 对 X 的方差贡献, Z q 前 m 个因子对 X 方差贡献和成为：∑ j =1 v j达到最大。m 因子分析模型成为：求 Bq、Z q、q 的解,使 X = Bq Z q ， VarZ q = I q , ∑ j =1 v j 达到最大。′ 由定理 2，取 Bq = ( Bm , Bε ), Z q = [( Z m )′, ε 0 ]′ , q = r , v j = λ j , j = 1,Λ , r ,是该模型的0 0 0解。[证毕]。 由结论 2 和非零特殊因子与特殊主成分 的关系，得： 结论 3[1]( p ≥ k ≥ 0) ，则特殊因子解： ′ ε = H k ( xt ,Λ , xt )′ ,这里 H k ＝( et ,…, et )，ψ = H k H k 。[9]设 X 中互不相关的变量为 xt1 ,…, xtk1 k 1 k即非零特殊因子是特殊主成分： X 中互不相关的变量 xt1 ,…, xtk 。0 m 0 m( B , Bε0 ) 、 ′ [( Z ) ′, ε 0 ]′ 的表示式，有：ψ t1 / 2et = λ1j/ 2α j , z s + t = ε tψ t?1 / 2 = f j λ?1 / 2 , j 所以, α j = (0, Λ ,0, atj ,0,Λ ,0)′ , α j 为单位特征向量，有 a tj = 1 ，ψ t = λ j , 由式(1), f j = α ′j X = a tj x t = x t ，即 f j 为特殊主成分，因为 xt 是标准化的，所以： Varf j = 1 = λ j = ψ t , zs + t = ε t = f j = xt ,即 ε t 为特殊主成分 xt 。[证毕]。 0 0 由规则 1 有，初始因子载荷阵 Bm 含有非零特殊因子载荷 H k ,记 Bm 的前 m ? k 列为 0 Bm ? k ,后 m ? k 列为 H k ,则有 0 0 0 0 结论 4 规则 1 下， Bm = ( Bm ? k , H k ) ，相应有 Z m = [( Z m ? k )′, xt1 ,Λ , xt k ]′ 。 0 设 C = diag ( C 0 , I k ) ， C 0 为 Bm ? k 的方差最大化正交旋转矩阵。采用验证法和结论 3，有： 定理 3 解： s + k 旋[9]证明：设 ε t 为非零特殊因子，ψ t 按方差贡献由大到小排序是第 j 个位置,由结论 2 和= r,设 X 中互不相关的变量是 xt1 ,…, xtk ， m 用规则 1 确定，因子分析模型的0 0 ′ ′ 未旋转： B s = ( Bm ? k , Bε0 ), Z s = [( Z m ? k ) ′, ε 0 ]′, ε = H k ( xt1 , Λ , x t k ) ′ ,ψ = H k H k ；转0 m?k 0 0 m?k后：B s = ( B C 0 , Bε ), Z s = [( Z 这里 H k ＝( et1 ,…, et k )。该定理说明：′ ′ )′C 0 , ε 0 ]′, ε = H k ( xt1 , Λ , x t k ) ′ ,ψ = H k H k 。(1)因子分析模型中公因子、非零特殊因子的解是标准化主成分,其是无偏、无平均误 差的解。 (2)公因子个数 s4= r ? k ≤ r ≤ p , 非零特殊因子个数 k 是 X 中互不相关变量的个数。 (3)公因子载荷阵 B s 的主因子估计、极大似然估计，公因子 Z s 的巴特莱特因子得分， 理论和实际上都失去了作用或意义。 证明 由矩阵运算和结论 31 k0 0 0 0 ′ X = Bm Z m + Bε0ε 0 = ( Bm? k , Bε0 )[(Z m? k )′, ε 0 ]′ + H k ( xt , Λ , xt ) ′ ＝ Bs Z s + ε (未旋转)， 0 0 0 0 0 ′ X = ( BmC )(C ′Z m ) + Bε ε 0 ＝ = ( Bm?k C0 , Bε0 )[(Z m?k )′C0 , ε 0 ]′ + H k ( xt ,Λ , xt )′ Bs Z s + ε (旋转后)， 且直接验证有： Bs 、 Z s 、 ε 满足其它约束条件。1 k5 因子分析模型和理论 4 个问题的解答特殊因子 ε = 0 ( k = 0 , s = r )时, Bs = ( Bm , Bε ) ,此时初始因子载荷阵 Bm 是公因子载0 0 00 0 0 问题(1)解答：由结论 4 和定理 3 有， Bm = ( Bm ? k , H k ) ≠ B s = ( B m ? k , Bε0 ) ；只有当荷阵 B s 的前 m 列。问题(2)解答：由结论 3，特殊因子 ε = H k ( xt1 ,Λ , xt k ) ′ ，即 ε 不是省略项或误差项； 省 略 项 是 Ap?m Fp?mε 0 = ( f m +1λ?1+/12 ,…, f r λ?1 / 2 )′ 是公因子,由定理 1、定理 2，其对 X 的累计方差贡献率为 m r ∑ rj = m +1 λ j ,对 X 的解释信息最小。故因 子 分 析 法 解 决 实 际 问 题 的 常 规 做 法 是 ： 省 略 A p ? m F p ? m = B ε0 ε 0 , 用 0 0 0 0 Bm Z m或( Bm C )(C ′Z m ) 解释 X 。 由定理 1，定理 2，即 结论 5 解决实际问题中，因子分析法经常用的是因子分析模型 L 及其解。 因子分析模型 L 及其解的优点是：不会丢失非零特殊因子 xt1 ,Λ , xt k (见结论 4),去掉= B ε0 ε 0 ， 其 含 有 观 测 误 差 , 规 则 1 下 ，了省略项中的因子 ε 0 ,能降维。0 ′ [( Z m ? k ) ′C 0 , ε 0 ]′ ( r ? k 个因子),丢失了非零特殊因子 xt1 ,Λ , xt k 及其解释，含有省略项中 ?1 / 2 ?1 / 2 的因子 ε 0 = ( f m +1λm +1 ,…, f r λ r )′ ,不能降维，故因子分析法使用的不是因子分析模型0 ′ 而 由 定 理 3 ， 使 用 因 子 分 析 模 型 的 公 因 子 解 Z s = [( Z m ? k )′, ε 0 ]′ 或的解。这一比较有 结论 6 因子分析模型 L 及其解是更好的。 问题(3)解答：由定理 3 和结论 3，因子分析模型中公因子、非零特殊因子的解是标准 化主成分，仅有非零特殊因子与特殊主成分相等，故公因子与主成分解的定量值不能互相 混淆。 问题(4)解答：现行降维因子个数的确定方法, 多数用累积方差贡献率确定 m ，当 Bε 中存在第 t 行第 1 列元素 bt 即所得因子 Z 或 C ′Z0 m 0 m 解释m +1 有:0≥ 0.6 ， m 的选取会丢掉变量 xt 的信息解释。 0 0 X 的协方差关系不是更好的。如果用 Bm 或 Bm C 每行中至少 btm +1有一个元素绝对值≥0.6 的最小列数确定，不会丢掉 X 中每个变量的大量信息，因此规则 1 确定 m 是更好的。6 因子分析法应用的建议1.实际应用中，使用因子分析模型 L 及其解，现行软件 SAS、SPSS 计算的因子分析 主成分解( n ＞ p )是因子分析模型 L 的解，小样本( n ≤ p )情形下因子分析主成分解的计 算与应用见[8]。 2.因子与主成分解计量值不等,故因子分析与主成分分析的模型、 理论、 计量值不能混5电子商务――市场?应用?技术淆； 3.解决实际问题中，降维因子个数的选取以规则 1 确定更好； 4.旋转后因子解、未旋转因子解何时使用由规则 2 确定；7 因子分析法待研究的问题1.斜交因子分析法的一些问题解析与实证。 2.样本容量与变量个数是何关系时?因子分析法综合评价效果更好。 3.多重多元回归分析中的一些问题解析与实证等。参考文献[1]张尧庭,方开泰著.多元统计分析引论[M].北京:科学出版社.1982. [2]方积乾主编.医学统计学与电脑实验(第二版)[M]. 上海:上海科学技术出版社.2001. [3]Richard A.Johnson Dean W.Wichern. Applied Multivariate Statistical Analysis (5th Ed)[M].China Statistics Press. 2003. [4]何晓群编著.多元统计分析[M].北京:中国人民大学出版社.2004. [5]余锦华,杨维权编著.多元统计分析与应用[M].广州:中山大学出版社.2005. [6]林海明.因子分析的精确模型及其解[J],统计与决策(理论版),-5. [7]林海明.因子分析精确模型的基本思想与方法[J],统计信息与论坛,-25. [8]林海明.小样本因子分析的 SAS 软件计算与综合评价[J],统计与决策(理论版),-17. [9]林海明,王翊.因子分析模型 L 及其解是更好的[J],统计研究,-82.作者简介：林海明，男，1959 年 6 月生，湖南省宁乡县人，广东商学院统计学教授，1982 年 1 月获武汉大学理学（基础数学）学士学位，1988 年 7 月获湖南大学理学（应用数学）硕士 学位，研究方向为多元统计学模型、理论与应用等,联系地址：510320,广东省广州市广东商 。 学院经济贸易与统计学院, 邮箱：.cn,电话：020-（H）6广东省电子商务发展现状、存在问题及对策陈拥军 黄伟群 龙 文 （广东商学院广东省电子商务市场应用技术重点实验室 广东 广州 510320）【摘 要】本文着重分析了“十五”期间广东省电子商务发展现状及存在问题，探讨 了加快广东省电子商务建设的重要性与紧迫性，分析了“十一五”期间广东省电子商务发 展的若干战略思考和对策。 【关键词】电子商务 发展现状 存在问题 对策1 引 言电子商务是网络化的新型经济活动，正以前所未有的速度迅猛发展，已经成为主要发 达国家增强经济竞争实力，赢得全球资源配置优势的有效手段[1]。 “九五”和“十五”期间，我国政府把信息化作为国家社会经济发展的重要组成部分， 从而推动我国信息技术和信息化应用，以及电子商务的较快发展。中国社会科学院发布的 《2005 年中国电子商务市场调查报告》显示，自 2000 年以来，我国电子商务交易额每年 以 60%的速度增长，2005 年，市场规模达到 6800 亿元人民币，涌现出一批实力较强的电子 商务企业和行业电子商务应用平台。目前，我国已经形成环渤海地区、长江三角洲和珠江 三角洲三大电子商务发展核心。随着发展环境的不断完善，“十一五”期间，全国各省区 的电子商务应用将继续保持快速发展态势，同时区域合作和竞争也将日趋明显。 在经济全球化、区域经济一体化和全面建设广东省富裕型小康社会的进程中，广东省 省委、省政府把加快和促进信息化和电子商务应用，作为广东省更好地参与国际竞争，转 变经济增长方式的重要支撑，把现代信息服务业发展和电子商务应用作为国民经济发展制 高点来规划。“十一五”时期，广东省社会经济发展要完成优化经济结构，转变增长方式， 加强自主创新，深化体制改革，扩大对外开放的重要任务，必须大力发展电子商务。2 广东省电子商务发展的现状发展电子商务是以信息化带动工业化，转变经济增长方式，提高国民经济运行质量和 效率，走新型工业化道路的重大举措。 “十五” 期间，广东省国民经济和社会事业发展较快，开展电子商务必需的经济基础 和技术条件初步形成。广东省委、省政府高度重视国民经济和社会信息化建设，积极推动 全省电子商务发展，取得了很好的成效，为“十一五”的发展打下了坚实的基础[2]。1 信息网络基础设施日益完善“十五”期间，广东省信息网络基础设施和通信服务业规模处于国内领先水平。截至 2006 年 1 月，全省电信光缆总长度约 29 万公里。全省移动电话用户达到 6406.6 万户，固 定电话用户 3442.5 万户。广播电视光纤网络达到 15.3 万公里，有线电视用户 1116 万户， 广播和电视人口覆盖率分别达到 96.1％和 96.36％。 全省上网用户总数约为 1486 万人， 占 全国的 13.4%，占广东省人口总数的 17.9%。广东省的网站数（包括.CN、.COM、.NET、.ORG7电子商务――市场?应用?技术下的网站）为 115 111 个，占全国网站总数的 16.6%，居全国第二。广东省的域名总数（不 含 ）为 434 832 个，CN 域名数为 170 843 个，占全国总数的 16.8%和 15.6%，分别 位居全国第一、第二位[3，4]。2 电子商务支付体系不断完善广东省的信用卡在全国发行最早、种类最多、数量也最大，截至 2005 年底，广东银行 卡发卡机构 30 家，发卡量 8500 万张，银行卡总交易金额 1580 亿元，可以受理银行卡的特 约商户 4.34 万家，布放 POS 机具 7.3 万台、ATM 机 8500 台。持卡消费风气初步形成，剔 除批发性的大宗交易和房地产交易，2005 年广东省持卡消费额为 1931.3 亿元，占全省社 会消费品零售总额的比重接近 24.5%。同时，广东银联跨银行 ATM/POS 网络的建成为广东 省电子商务的广泛应用打下了很好的基础，银联金融服务网已形成以广州为中心，覆盖全 国多个城市，联接香港、澳门银行卡网络中心和 VISA、MASTER 国际卡组织的大型网络平台 〔2〕 。3 电子商务应用水平显著提高一是大型企业信息化建设和电子商务应用效应明显。广东省部分大型龙头企业已经实 现计算机集成制造，尝试开展电子商务应用，将网上商贸与企业内部企业资源计划（ERP） 相结合，实现商务运营的电子化和管理决策的智能化。二是以专业镇和专业市场为依托， 形成行业信息化服务联盟，建设面向行业的电子商务平台的发展模式成效非常显著。三是 依托产业园区建设电子商务服务平台，提升产业整体竞争力的电子商务建设模式得到很大 发展。四是随着企业信息化和电子政务的深入开展，广东省企业与政府间的电子商务应用 效果明显。4 重视现代物流业发展广东省重视现代物流业的发展，2002 年广东省委、省政府发布《关于大力发展现代流 通业的意见》 （粤发〔2002〕1 号） ，2005 年广东省政府出台《关于加快我省服务业发展和 改革的意见》 （粤府〔2005〕1 号） ，提出了积极扶持现代物流业发展的政策措施。目前， 广东省已建立起海、陆、空立体的交通运输网络体系，运输车辆和从业人员数量为全国之 最。物流企业和物流平台建设快速发展，第三方物流应用水平不断提高。5 政策法规环境、安全认证和信用体系不断优化2003 年 2 月 1 日，广东省在全国率先实施第一部地方电子商务法律――《广东省电子 交易条例》 ，有效保障了广东省电子商务的健康发展。2004 年 11 月，广东省出台《关于进 一步推进我省企业信息化建设的指导意见》 ，加强了企业信息化和电子商务应用的政策支 持。2005 年 9 月，广东省电子商务认证有限公司和广东数字证书认证中心有限公司获得国 家信息产业部颁发的《电子认证服务许可证》 ，截至 2005 年底，两认证机构共发放数字证 书约 30 万张。2004 年 11 月，由广东省信息产业厅会同广东省工商管理局、国家税务局、 地方税务局、质量技术监督局、人民银行广州分行、海关总署广东分署等 7 个部门共建的 广东省企业信用信息网正式开通，有效整合广东省 190 万个企业的信用信息资源，实现广 东省内跨地区、跨部门的企业信息公开和共享。2005 年 4 月 1 日后，广东省大力落实《中 华人民共和国数字签名法》 这些举措结合落实其他相关法律规则， 。 使广东省电子商务法律 环境进一步完善。 经过多年努力，广东省作为经济比较发达的省份，拥有良好的网络运行环境、有力的 政策支持和电子商务实践所取得的宝贵经验，发展电子商务已具备很好的基础条件和政策 环境。这些都为广东省在“十一五”期间全面推进电子商务打下了坚实的基础。3 广东省电子商务发展存在的主要问题虽然“十五”期间广东省电子商务建设和应用取得了很大的成绩，但是由于各种主观8和客观因素的影响，广东省电子商务发展还存在一些问题[5]：1 以电子政务发展推动电子商务发展有待进一步加强地区发展不平衡，省内部分地市的基础环境依然不够完善，企业信息化整体水平还不 高，政府和行业主管部门对信息化和电子商务发展的引导工作需要进一步加大力度，企业 与政府之间在推动电子商务应用上良性互动需要加以时日。 目前，广东省电子政务没有形成统一的基础设施建设和网络平台体系，统一规划和管 理需要进一步完善， 需要加大力度克服地区之间、 各部门之间依然存在 “重复建设” 与“孤 岛难通”并存的问题，加大信息资源共享。这种状况在一定程度上影响了广东省以电子政 务推动电子商务发展的成效。2 企业信息化向企业电子商务过渡需进一步加快广东省中小企业开展电子商务意识不强，积极性不高，部分中小企业领导缺乏网络知 识，也不愿意尝试新的经营模式。广东省中小企业数超过 50 万，占企业总数的 95%以上， 相当部分的中小企业属于劳动密集型产业，并且正处于粗放型增长阶段。这些特点决定他 们与信息技术联系不够紧密，缺乏认识。这些企业把目光集中于在传统渠道开发市场，拓 宽销路。另外，此类企业的行业电子商务应用环境压力不强，所以导致广东省中小企业的 电子商务应用内外压力不足，应用意识急需提高。 广东省企业电子商务应用层次依然有待提高，企业电子商务应用有待普及。广东省企 业电子商务应用整体处于初级阶段，以信息发布为主，有待向网上交易和协同生产方向提 升，企业信息化向企业电子商务过渡需进一步加快。3 电子商务示范工程建设示范效应不明显广东省重点建设了一批电子商务示范工程，但部分企业信息化和电子商务示范企业和 基地缺乏后续投入和管理动力，致使这部分企业的电子商务示范作用没有得到很好发挥， 示范效应不明显，缺乏电子商务龙头企业。针对中小企业信息化和电子商务应用滞后的情 况，广东省将加大中小企业信息化示范企业建设，把推动中小企业信息化和示范工程的效 应提高结合起来，落实“十一五”期间广东省《关于 2006 年至 2010 年广东省信息化发展 纲要的实施意见》 （粤府办〔2006〕10 号）精神。 广东省拥有腾迅、搜房网等电子商务企业以及广州本田、宝洁、苏宁、国美等电子商 务应用企业。但是，广东省缺乏类似阿里巴巴这样的电子商务龙头企业。同时，企业电子 商务活动也主要集中在行业内部或区域内，缺乏具有跨行业、跨区域交易和撮合功能的大 型综合性电子商务企业或交易平台， 这在一定程度上影响到广东省电子商务市场的影响力。4 其他问题电子商务研发重点基地建设有待进一步加强：广东省电子商务的发展离不开电子商务 的理论、技术和市场应用研究，广东省电子商务市场技术应用重点实验室的建设将极大地 推动电子商务理论研究和市场应用推广工作。 支撑保障体系还不健全：推动电子商务发展的电子交易和企业信用管理，以及电子商 务投融资机制、财税政策、在线支付体系、现代物流体系等还不健全，制约了广东省电子 商务的发展。 电子商务专业人才仍然缺乏：广东省主要缺乏三方面的电子商务专业人才：一是电子 商务模式设计、战略规划的管理人员；二是电子商务的市场运作和营销管理人员；三是电 子商务信息系统建设规划、咨询和实施的项目管理人才。 缺乏跨区域、跨境电子商务合作：广东省企业电子商务应用主要集中在企业内部，电 子交易过程主要通过企业与其合作伙伴之间来完成，存在着较为严重的闭循环现象。在泛 珠江三角洲经济发展合作中，在粤港经济发展合作中，在广东与东盟和亚太地区经济发展 合作中，缺乏电子商务合作的实质性内容，缺乏有关电子商务合作的宣传。9电子商务――市场?应用?技术4 “十一五”期间广东省电子商务的发展战略思考及对策随着中国加入世贸组织，广东改革开放的先发优势逐渐弱化，如何在全球新一轮竞争 和区域竞争中抢得先机并率先实现现代化和富裕型小康社会的建设是广东未来发展的重大 课题。而随着“内地与香港关于建立更紧密经贸关系的安排”的及时实施，加快了区域经 济一体化的步伐。广东省的地缘优势再度凸现，电子商务应用同时面临着巨大的机遇和挑 战。1 加强基础支撑体系建设进一步加强基础支撑体系建设，建设公共信息服务平台，丰富信息资源；培育龙头骨 干企业，推动行业交易平台建设；加强政府引导，规范物流体系建设；规范企业运作制度， 加快信用体系建设；完善基础信息网络，推动农村电子商务。2 加强宣传和交流，提高应用水平和层次对广东省电子商务发展的整体动态和应用水平进行定期评估，编制广东省电子商务宣 传和交流计划并落实执行，设立专项预算，联合广播宣传、新闻出版等机构，在广东省范 围内强化电子商务的宣传教育。定期或不定期举办电子商务经验交流大会或会议，及时总 结广东省电子商务发展的具体成效，按年度定期发布广东省电子商务报告，主动引导全省 电子商务应用水平和层次的提高。3 强化合作，吸引外资促进发展推动跨国公司和龙头型外资企业以企业信息化为手段，整合国内企业资源，形成行业 性的上下游信息资源整合和协同电子商务。推动在粤电讯运营商等企业为跨国公司和外资 企业提供跨平台、跨区域移动商务服务，以及物流信息化服务。有效降低跨国公司和外资 企业在广东的信息采集和分析成本，以及物流管理成本，以此推动跨国公司和外资企业在 广东省的投资。4 发挥行业协会作用，培育大型龙头骨干企业发挥广东省电子商务协会等行业协会的作用， 促进跨行业的电子商务交易联盟的发展， 在广州和深圳建立若干个大型的跨行业的电子交易联盟。借助大型龙头骨干企业和电子商 务示范企业的作用，提高信息化和电子商务应用水平和交易效率。推动中小企业借助综合 电子商务交易平台开展电子商务，推动中小企业建立具有行业特色或地方特色的电子商务 交易联盟或平台，促进中小企业电子商务的发展。5 推动第三方服务，发展中小企业电子商务建议成立广东省中小企业电子商务联合工作组，制定《广东省中小企业电子商务发展 指导意见》 ，以及《广东省中小企业电子商务发展工作指南》 。同时，推动大型通信企业、 行业龙头骨干企业为中小企业电子商务发展提供第三方服务，使这些企业更好地为广东省 中小企业提供电子商务服务平台， 以此缓解广东省中小企业缺乏技术、 资金和人才的瓶颈。6 技术攻关，培育电子商务软件企业集中政府和企业资源，成立不同级别的电子商务技术开发与应用中心及培训中心，选 择若干关键的电子商务应用技术和平台技术进行攻关，促进广东省电子商务软件企业的发 展。在全国范围内整合电子商务技术供应商资源，尤其是跨国公司和国内优秀软件企业， 成立广东省电子商务应用软件提供商联盟，为广东省企业尤其是中小企业提供电子商务的 技术支持的环境和条件。7 抓好电子商务重点建设工程（1）电子政府和公共信息服务平台工程； （2）在线支付和认证体系工程；10（3）重点行业电子商务示范工程，包括制造业协同电子商务示范工程，电子商务改造 传统产业示范工程，移动电子商务示范工程，批发零售电子商务示范工程，旅游电子商务 示范工程，物流电子商务示范工程，外贸电子商务示范工程，会展电子商务示范工程； （4）农村电子商务工程。8 加强区域与国际合作，特别是粤港澳合作加强粤港合作与国际合作，以招商引资、国际贸易为契机，密切与香港、美国、欧洲、 日本、韩国和东南亚地区电子商务的信息和技术交流。吸取这些国家和地区成熟的电子商 务模式，总结电子商务赢利方式，借助国际经验，引导广东省企业开展电子商务的国际合 作和经验交流。9 加大广东省电子商务重点研究基地的建设力度加大广东省电子商务重点研究基地－广东省电子商务市场技术应用重点实验室的建设 力度，通过政策扶持，辅以相应的资金支持，开展广东省电子商务宣传活动，开展案例研 究、动态评估、协助发布广东省电子商务年度报告，协助省信息产业主管部门制定广东省 电子商务统计标准体系和动态评估标准， 成立和推动我省高校电子商务联盟的建设和发展， 为我省各级政府和中小企业开展电子商务提供相关咨询、培训、技术支持等服务。5 结束语综上所述， “十一五”期间促进广东省电子商务稳步、快速发展，是加快以信息化带动 工业化和推动广东省先进产业溶入世界制造体系和市场体系，全面提升广东省经济竞争力 不可缺少的重大战略。通过大力推动电子商务的建设，逐步实现全省城乡制造流通领域现 代化，必将为加快广东省的经济建设做出更大的贡献。参考文献[1]《电子商务发展“十一五”规划》 [2]《广东省电子商务“十一五”发展规划》 [3]《中国互联网络发展状况统计报告》 [4]《广东互联网发展报告》 [5]《广东省电子商务发展情况研究报告》11电子商务――市场?应用?技术Research on Optimistic Electronic Payment SystemCHEN Yong-jun, LIU Yi-chun (Guangdong Province Key Lab of EC Marketing Application Technology， Guangzhou, 510320, China)【Abstract】In this paper, transferable cash scheme is proposed for electronic commerce payment system, which can float from a participant to another in an electronic transaction. When this kind of cash is used, the fraud such as double spending can be found out but the bank needs not be involved online in the payment. This new cash system is anonymous in normal transactions. But if fraud happens, the trusted party can withdraw the anonymity to find out the cheater. The optimistic payment protocol for both the basic payment and the cascading payment are presented. The disputes which might occur are analyzed and handling solution is proposed. The trusted party need not be involved unless disputes have occurs. 【Keyword】electronic cash, optimistic exchange protocol, transferability, fairness1 IntroductionElectronic cash is a self-authenticating, pre-paid digital payment instrument. Payers withdraw electronic cash from their bank accounts prior to making a purchase and payment. To make a payment the payer simply passes the required amount of electronic cash to the payee. Like electronic payment schemes in general, electronic cash schemes should satisfy the following security requirements: no double- off- transferability. Transferability of electronic cash means that the payee in one payment transaction can spend the received money in a later payment to the third person without contacting the bank or another central authority between two transactions. Since David Chaum presented the blind signature method and his electronic cash system [1], the anonymity becomes the focus of electronic cash research, and almost all of electronic cash systems provide anonymity, no counterfeiting, no overspending, and off-line property. Although all of the money is transferable in our daily life, the property has hardly received attention in electronic commerce research. As yet, the transferability of electronic money has only been described in few papers [2,3,4]. But these methods are not ideal because excessive extra bits are appended to the transferred cash and the cash is traceable in the proposed schemes. David Chaum argued that the size of transferable cash must increase with the growth of times that it is transferred [5]. It is necessary that a transferable, anonymous and efficient cash scheme should be given so that a practical cash system can be used widely. Intuitively, a protocol is fair if no protocol participant can gain an advantage over other participants by misbehaving. For example, a protocol in which two parties exchange one item for another is fair if it ensures that at the end of the exchange, either each party receives the item it expects, or neither receives any information about the other’s item [6]. Fair exchange protocols are used for applications such as online payment systems, in which a payment is exchanged for an item of value, contract signing, in which parties exchange commitments to a contractual text, certified electronic mail, and other purposes.12There are several categories of fair exchange protocols. Gradual exchange protocols [7, 8] work by having the parties release their items in small installments, thus ensuring that at any given moment the amount of knowledge on both sides is approximately the same. The drawback of this approach is that a large number of communication steps are required. Gradual exchange is also problematic if the items to be exchanged have “threshold” value (either the item is valuable, or it is not). Another category of fair exchange protocols is based on the notion of a trusted third party [9, 10, 11]. The trusted third party supervises communication between the protocol participants and ensures that no participant receives the item it wants before releasing its own item. Variations of this approach include fair exchange protocols with a semi-trusted third party [12]. The main drawback of the third party solution is that the third party may become the communication bottleneck if it has to be involved in all instances of the protocol in order to guarantee fairness. The protocol may also need to impose demands on the communication channels, e.g., by requiring that all messages are eventually delivered to their intended recipients. Recently, several protocols have been proposed for optimistic fair exchange [6, 13]. While these protocols still require a trusted third party, the third party is only needed when messages are delayed or one of the parties misbehaves. An optimistic payment protocol does not need the trusted third party involved in transaction unless dishonest parties do not follow the protocol. This may ease the communication bottleneck, making fair exchange protocols more practical for realistic applications. G. Arora, M. Hanneghan and M. Merabti propose the structure of the P2P content exchange application and the requirements for the cascading payment framework [14]. The chained transaction model is provided in [15], where provide a complex transaction model that describes the complex transaction as a transaction tree. The paper proposed some important requirement for chained transaction model, but the payment protocol has not been presented. In our scheme, the optimistic protocol is used for implementing light weight payment, and the arbitrator (Trusted Third Party) is avoided becoming the bottleneck of transaction. This paper proposes a new transferred cash system and relative payment protocols. describes some cryptography technologies. A new cash system is presented and the secure analysis of the cash system is given in the following section. An optimistic protocol for basic payment is described in section 3. An optimistic protocol for chained payment is proposed in section 4. Conclusions are drawn in section 5.2 Transferable Cash Scheme2.1 Cash WithdrawalLet us assume that each client has bank account in the bank. When a client wants to obtain cash for payment, he first sends digital notes and his bank account to the bank. The bank applies a partial signature on the digital note form a bank stamp and sends it back to the client. At the same time, the bank draws equal amounts of money out of the client’s account. The client is the cash owner now. DigitalNote={SerialNo , BankID, IssueDate, Expiration} BankStamp=Sig B a n k (DigitalNote) Holderpath 0 ={DigitalNote} Cash ={DigitalNote, BankStamp, holderpath } The digital note DigitalNote consists of the serial number SerialNo, the bank identifier BankID, the date IssueDate issuing the cash and the expiration date Expiration for13电子商务――市场?应用?技术the cash circulation. The bank stamp on the digital note is BankStamp, which is the signature on the digital note by the bank’s private key responding to specified par value. The item holderpath is an encapsulation of all identifiers of parties that has successively held the cash. The DigitalNote should be ensured unique globally.2.2 Cash TransferLet’s assume that A 0 is the owner of a cash, A 1 , A 2 , A 3 ,…,A n are successively holders of the cash. The cash is transferred from agent Ai to Ai+1 as follows: 1) Ai sends the cash messages excluding bank stamp to Ai+1 A i → A i + 1 : A i , A i - 1 , DigitalNote, holderpath i , holderpath i - 1 where holderpath i is the information of holders before Ai 2) A i + 1 verifies the validity of the item DigitalNote. If no then the item holderpath i is not valid and protocol is aborted. 3) Ai+1 replies his signature as the proof of receiver non-repudiation: A i + 1 → A i : Sig Ai+1{A i , DigitalNote } 4) A i verifies the signature, and resends the bank stamps of payment and his proof of origin non-repudiation: A i → A i + 1 : BankStamp, Sig Ai (DigitalNote, A i , A i + 1 ) 5) A i + 1 encapsulate the item holderpath i : Ai+1 : holderpathi + 1 =S A i + 1 (holderpath i ,Ai)The item holderpathi is the list of the cash’s holders, which is of the form {S A i (S A i-1 (… (S A 2 (S A 1 (DigitalNote, A 0 ), A 1 ), A 2 )…), A i-1 ), A i } similarly to the form of onion route, where S is an encryption by the holder’s private key. SX(?) is the partial signature.2.3 Cash DepositWhen An wants to deposit the cash, he sends his bank account information and the cash to the bank: A n → Bank: A n ,DigitalNote, BankStamp, holderpath n The bank will verify the validity of the cash. The valid cash will be marked as spent. The bank will transfer the equal amounts of funds to the account of depositor, and record item holderpath n of the cash. Invalid cashes will be rejected.2.4 System Analysis2.4.1 SecurityIn any payment system, electronic currency fraud is an important issue. Although a payment scheme can be designed to make fraud impossible (e.g., payments through an online bank), such a scheme would be very inefficient. A practical scheme should ensure that any fraud can be detected and traced back to the malicious agent, and fraud is unprofitable. First, the cash in our scheme includes two parts: a digital note and a bank stamp. The stamp is signed with Schnorr signature technology, whose security bases on the difficulty of calculating discrete logarithm in a finite field. The secure signature method is applied and the cash is non-forgeable. Secondly, the holder of cashes may commit fraud by double spending. For example, the original holder of a cash A0 transfer it to A1, A1 transfer it to A2, …. When a malicious agent Ai has received the cash, he transfers it to B1, then B1 transfer it to B2, ….until B1’s descendant holder B otherwise, Ai transfers the same cash to C1, then C1 transfer it to C2, ….until C1’s descendant holder Cn cash it also. If Bm first submits the cash to deposit it in the bank, he14can successfully deposit the cash, and the cash will be marked spent. Then Cn submits the cash to cash it also, the bank will find the cash is double spent and the fraud agent can be found out. The bank submits two holder lists to the trusted party. The trusted party compares two holder list, {SBm(…SB1(SAi(… (SA1(DigitalNote, A0), A1 ),…), Ai),B1…), Bm} and {S Cn (…S C 1 (S A i (…(S A 1 (DigitalNote, A 0 ), A 1 ),…), A i ), C 1 ,…), C n }, shucks them off by decryption algorithm to obtain the holder path for the cash to have passed. Respectively tracing back two holder paths, {A 0 , A 1 …,A i , B 1 , B 2 , …,B m } and {A 0 , A 1 ,…,A i , C 1 , C 2 , …,C n }, the arbitrator can find out that Ai or his descendant holder might have made double spending. If both B1 have the proof Sig A i (DigitalNote, A i , B 1 ) and C 1 have the similar proof Sig A i (DigitalNote, A i , C 1 ), then A i is the fraud, else the holder between B 1 and C 1 who is not able to show the proof will be regarded as the malicious. If the cash has been double spent and both holder lists have no intersection, one of two holder lists must have been forged. By unwrapping the holder lists of two cash and analyzing the reception proof of each holder, the malicious agent would not be able to give the reception proof, so the fraud is found out. The holder list recorded by the bank may be used for the proof that one agent has made fraud. The malicious can’t disavow the fact because his private key has partially signed the holder list. The fraud agent will be punished severely and the extra payment for the double spending will be compensated. The holder path of cash constructs a single chain if no double spending happens, where each holder has only a successor. When the fraud about cash occurs, the holder path of the cash becomes a tree. By analyzing the holder path of cash double spent, the fraud will be found out.2.4.2 AnonymityThe cash is signed blindly in the withdrawal protocol, so the cash is anonymous for the bank, and the bank might not trace the cash. Although the item holderpath includes the history information of cash holders, the item holderpath has been generated by partial signature technology, so no one can obtain the cash holder identities from the item but the trusted party. No one can trace the cash. In case the double spending occurs, the trusted party will reveal the identities of the cash holders. So the cash system is anonymous and the anonymity is revocable.2.4.3 TransferabilityIn our scheme, cash can be transferred by in multiple transaction, and be held by different people. The bank is not involved in the transfer of the cash and transferability is achieved, but the length of cash does not grow linearly. The transferability is the most important feature of our scheme.2.4.4 Off-line PaymentIn our scheme, the bank and trusted party need not be involved the payment and transfer of the cash. The bank only participates in the issue and deposit of a cash. The burden of the bank is weakened and the bank might not become the bottleneck of transaction. The trusted party is not involved the transfer but the fraud can be distinguished.2.4.5 Performance AnalysisIn ordinary electronic cash system, the bank is involved in each cash exchange to check the validity of the cash and prevent double spending. The computation load is O(n) according to the number of signing signature, and the workload for cash cashing and customer bank account is also O(n), where n is the number of cash transfer. In our cash system, the bank is only involved in cash issuing and cashing, instead of each transfer. If a cash has been transferred n sites before it is deposited, both the computation load for15电子商务――市场?应用?技术cash issue and the workload for cash deposit are O(1) when no fraud occur. If the probability which the fraud occurs is λ, the average number for unpacking signature to obtain a cash holder list is: λ*O(n). When a strict trust management and punishment system is implemented, the probability value λ&&1, and the computation load is far less than O(n). The transferability of the cash decreases the load of bank. The cash could circulate among agents, and the bank need not be involved the exchange. Our cash system has higher performance than traditional electronic cash systems. In our scheme, cash is transferable, anonymous, and the bank needn’t be involved on-line. The cash scheme is secure and efficient, so it is practical.3 Optimistic Protocol for Basic Payment3.1 PreliminariesA typical payment system shown as Fig 1 contains three parties: A buyer who receives the goods, denoted by C; A vendor who serves the goods, denoted by M; An arbitrator, denoted by A, is introduced to arbitrate the disputes and guaranteed the fairness of payment protocol. An arbitrator is a trusted third party (TTP), whose arbitrations are always respected and abided by all agents, brokers and law officers.Fig1. Basic payment system In the scheme, the symmetric encryption uses secure encryption algorithm, such as 3DES, IDEA or AES. A hash function h should be collision resistant, i.e. it is infeasible to find two values x and y such that h(x) = h (y). This function could be realized by using SHA-1. We assume that there are secure and authenticated channels between any two parties. These could be achieved using public key cryptography such as SSL.3.2 Protocol DescriptionThe transaction protocol is described as follows: 1. 2. 3. 4. 5. 6. 7. C→ M: M→ C: C→ M: M→ C: C→ M: M→ C: C, Goods Order Information, bid, TID M, TID, PID, desc, price, SigM(TID, PID, desc, price) C, TID, Tokens except BrokerStamp M, TID, [Es(goods)]M, SigM(Tokens except BrokerStamp), timestamp C, TID, Broker Stamps, h(Es(goods)), the proof of tokens transfer [s]M SigC(h(s)) Request for resending the encryption key or the goodsif decryption succeeds C→ M: else C → M:8.M:Repackage the item holderpath of each token with own identifierEs(goods) is the cipher of digital goods encrypted with symmetric key s. SigX(Message) is the signature on message Message with X’s private key. [Message]M is an endorsed message which consists of two parts, the messages and its signature by M’s private key.16In step 1, the buyer C sends his identifier C, the goods order information, bid bid for the goods, and the transaction identifier TID to vendor M. TID is unique serial number used identifying the transaction. In step 2, M replies with the transaction identifier TID, goods identifier PID, goods description desc, quote price price, and his signature on TID, PID, desc and price. The item desc is usually the hash value of the digital goods. Steps 1 and step 2 may be repeated repetitiously as needed until the buyer and vendor can agree on a price. Once the buyer and vendor have negotiated the goods price, the payment protocol will be started. In step 3, C firstly send his identifier C, the transaction identifier TID, and the specified amounts of token except the broker stamp to vendor M. In step 4, after vendor M has received the C’s tokens, he randomly chooses a symmetric key s and encrypts the goods by the key s, then he sends his identifier M, transaction identifier TID, the ciphertext of goods endorsed by himself, the signature on the received tokens as well as a timestamp timestamp to C. The combination of M, TID and timestamp is globally unique to prevent replay attack, in which unscrupulous vendors reuse buyers’ old signed payment instructions. The timestamp, marking the time at the end of goods transmission, is used to expire stale transactions. In step 5, after having verified M’s signatures, C send the broker stamp of the token and the proof of token transfer to M. The holder list of tokens is a kind of onion path in section 2.1. The transfer proof of each token is of the form SigC (DigitalNote, C, M), as described in section 2.1. In step 6, after having verified the broker stamps, holder list and transfer proof of the tokens, M sends the symmetric key s decrypting goods to C, and then waits C’s acknowledge for a specified period. If M thinks the token or its holder list received from C is invalid, he will notice C to resend the token and its holder list. If received token is still invalid after the tokens have been resent time after time, he will cancel the protocol. In step 7, the buyer C affirms whether the encrypted goods can be decrypted successfully with the key s. If the decryption succeeds, he transfers the acknowledge SigC(h(s)) to the vendor, or else the buyer sends the vendor the request for resending the encryption key or the goods. If the buyer has still not obtained valid symmetric key s to decrypt the encrypted goods after the transfer of the symmetric key s has repeated some times, he will call dispute solution shown as section 3.3. In step 8, when the vendor receives the request of resending information, he should resend the encryption key or the goods. After the vendor has finally received the acknowledge information, he encapsulates the holder list of received token and records the transaction information.3.3 Dispute SolutionIn this scheme, we introduce an arbitrator (trusted third party) to solve the disputes arising among the buyer and vendor. After step 5 in the payment protocol shown as section 3.2, the vendor has received complete payment token and he can verify its validity before he transfer the symmetric key s to the buyer. It has shown in section 2.2 that the token fraud can be found out. The buyer pays tokens before he can receive the key s in the protocol, so there is no possibility that the vendor has transferred the goods and its decryption key to the buyer but he has not got the payment. There are three kinds of possible disputes discussed as follows: Dispute Ι: Buyer C claims that he hasn’t received any decryption key s of goods after he has paid for the goods.17电子商务――市场?应用?技术Resolve protocol for dispute Ι is as follows: 1. C → A : M, TID, PID, desc, [Es(goods)]M, SigM(TID,PID,price,desc), SigM(DigitalNotes) 2. A → M : request for key s 3. M → A : [s]M 4. A → C : [s]M In such a case, buyer C sends all the information received from vendor M to the arbitrator A. The arbitrator A verifies M's signature, and ask the vendor M for resending the key s. A decrypts the goods and verifies its validity. If the key s is valid, the arbitrator A sends it to the buyer C, or else the vendor M is judged a fraud. Dispute ΙΙ: C claims that he can not obtain the valid goods from the item Es(goods) and key s. Resolve protocol for dispute ΙΙ is as follows: 1. C → A: M, TID, PID, desc, [Es(goods)]M, SigM(TID,PID,price,desc),SigM(DigitalNotes), [s]M 2. A : arbitrate as follows: if A can retrieve valid goods from Es(goods) and key s then C ‘s appeals is overruled else the vendor is judged a fraud agent, who should be punished. C sends the key s and all the information from M to the arbitrator A. A decrypts the goods and verifies its validity. If the key s is valid, C ‘s appeals is overruled, or else the vendor is judged a fraud. Dispute ΙΙΙ: C claims he hasn’t received the key s and the vendor claims he hasn’t received the broker stamp of the payment tokens: Resolve protocol for dispute ΙΙΙ is as follows: 1. C → A : SigM(DigitalNotes) 2. A → M : 3. M → A : 4. A → C : 5. C → A : 6. A → M : 7. A → C : 8. M: M, TID, PID, desc, [Es(goods)]M, SigM(TID,PID, price, desc),request for key s [s]M, request for broker stamp of the token request for tokens tokens, the proof of tokens transfer token, the proof of tokens transfer [s]M repackage the item holderpath of each token with own identifierIn such a case, C sends to the arbitrator A all the information received from M. The arbitrator A verifies M's signature, and asks M for resending the key s. M transfers the key s signed by him and states that he has not received the broker stamp of payment token. The arbitrator A asks C to resend the token. A decrypts the goods and verifies its validity. If both the key s and the tokens are valid, they will be respectively sent to the buyer C and vendor M, or else the fraud is judged. In this scheme, three classes of possible disputes are analyzed and handled appropriately and finally no parties might be swindled. If the buyer has no received goods or the vendor has not received payment token, they can gain their requirement by asking the arbitrator to handle dispute. The transaction fairness can be guaranteed.4 Optimistic Payment Scheme for Chained Transaction4.1 PreliminariesIn a chained model, theoretically unlimited agents can participate in the whole transaction. Among these agents, there should be a customer who is an end buyer and a royalty owner who is18an end seller. The other agents are intermediary, who buys the digital content and then resells it to another agent. Payment system should ensure the accurate distribution of payments to the appropriate agents, where the owner of the digital content receives a fixed amount of payment value (i.e. royalty) every time his digital content are propagated and each intermediary agent receives a middleman's fee (i.e. commission).Fig. 2. Chained payment model A chained transaction system contains multiple agents: An end buyer who receives the digital content as a client, denoted by C; A digital content owner, denoted by O; multiple middlemen who buy the digital content and then resell it, denoted by A1, A2, A3, …Am-1, Am. A trustee, denoted by T, is introduced to arbitrate the disputes and guaranteed the fairness of payment protocol.4.2 Cash SystemLet us assume that each agent has bank account in the broker. The broker’s public’s key and all public keys of agents are published. When one wants to obtain tokens for payment, he first sends a digital notes and his bank account to the broker. The broker will add a stamp on the digital note to form a stamped digital note and then send it back to the agent. The broker stamp is utilized to authenticate the validity of a token. Simultaneously, the broker draws equal amounts of money out of the agent’s account. The agent is the token owner now. DigitalNote={SerialNo, BrokerID, value, IssueDate, Expiration} BrokerStamp=Sig Broker (DigitalNote) Token={DigitalNote, BrokerStamp} The digital note DigitalNote consists of the serial number SerialNo, the broker identifier BrokerID, par value value of the token, the date IssueDate issuing the token and the expiration date Expiration for the token circulation. The broker stamp on the digital note is BrokerStamp. The item SerialNo is chosen randomly with constant length and it is unique in the P2P group. The digital note DigitalNote should be ensured unique globally.4.3 Onion PaymentA new payment idea, i.e. onion payment, is presented to ensure that only the owner can obtain the royalty and each middleman can obtain the commission due to him. Now we consider the situation: the buyer C pays the agents A0, A1, …,Am with the payments payment0, payment1, …, paymentm , and these payments are transferred and distributed by the route Am→Am-1→…→ A1→ A0. The onion payment package is defined as follows: Onion_Payment0= PKA0 (payment0) Onion_Paymenti = PK Ai (paymenti, Ai-1 , Onion_Paymenti-1) for i=1,2, …mThe buyer C generates the onion payment package Onion_Paymentm, and sends it to Am . Am shucks off its surface layer, i.e. decrypting the onion payment package by his private key, to obtain the payment paymentm and the identifier Am-1 of next middleman, then Am sends the onion19电子商务――市场?应用?技术payment package Onion_Paymentm-1 to Am-1. Each Ai does so until A1 sends the onion payment package to A0. All of agents A0, A1, A2, …Am-1, Am can obtain the payment due to them, and none of them can illegally intercept or snatch the payment due to other agent. The privacy of tokens for payment can be kept by using onion payment technology. Each middleman can only know the information of those tokens due to him, and he may not obtain the information of tokens due to other middlemen. The onion payment scheme can help to chained payment problem in complex transaction. In our scheme, the token for payment consists of two parts, the item DigitalNote and item BrokerStamp, described as section 2.2. The item DigitalNotesi is the digital notes of tokens for paying Ai and the item BrokerStampsi is the broker stamps of those tokens. The goods producer A0 will be paid digital notes DigitalNotes0 and broker stamps BrokerStamps0. The relevant onion payment package consists of two parts, onion digital notes package and onion broker stamp package. Onion_DigitalNotes0= PK A0 (DigitalNotes0, Ts, SigC(DigitalNotes0, Ts), C, Pid) Onion_DigitalNotesi= PKAi(DigitalNotesi, Ts, SigC(DigitalNotesi, Ts), Ai-1,Onion_DigitalNotesi-1), i=1~m i=1~m Onion_BrokerStamps0 = PKA0 (BrokerStamps0, C) Onion_ BrokerStampsi= PKAi (BrokerStamps i, Ai-1, Onion_ BrokerStampsi-1), The time stamp item Ts is applied to protect the protocol from replay attack.4.4 Protocol DescriptionWe assume that the buyer C decides to buy the digital content item. C searches the vendor of the digital content. When a buyer requests the purchase of digital content, he is informed about the payment details which include the digital content owner’s details along with the charge for owner royalty and the identifier of the intermediary along with the charge for middleman commission. Detailed transaction protocol is as follows: 1. 2. 3. 4. 5. C →M: C, T, B, Pid, bid M →C: [Pid, desc]O, price-list M →C: [Pid, Es (item)]O C →M: C, Tid, Onion_DigitalNotesm for i=m~1: Ai→Ai-1: Tid,C, Pid, Onion_DigitalNotesi-1 6. for i=1~ m: Ai-1 → Ai : Tid, SigO (Tid, C, O, Pid, Ts), [Pid, PKC(s)]O 7. M → C: Tid, [SigO (Tid, C, O, Pid, Ts)]M 8. C → M: Tid, Onion_BrokerStampsm 9. M : if valid(BrokerStampsm) then M → C: [Pid, PKC (s)]O else abort 10a. C: if [timeout] or unfit( (Pid, PKC (s)), SigO (Pid, PKC (s)))then resolve_C_2 elseif unfit(Es(item), s) then resolve_C_1 10b. for i=m~1 do Ai → Ai-1: Tid,C, Onion_BrokerStampsi-1 Ai-1 : if invalid(BrokerStampsi-1) then resolve_A(i-1)20The agents A1,A2, … Am, are the intermediary between the buyer C and the digital content owner O. They deliver the digital content and payment one by one. A0 denotes the digital content owner, and Am denotes the vendor M. B denotes the broker identifier, and the identifier T denotes the trustee. [message]X includes the item message and X’s signature on it. PKX(message) is the ciphertext of item message encrypted by X’s public key. The session key s denotes the symmetric key for encrypting the digital content. The item price_list= PKC(Am, [commissionm]Am, PKC (Am-1, [commissionm-1]Am-1,…PKC(O, [royalty]O )…), which incudes both the commissions prices for all middlemen and the royalty prices. Because the item commissioni have been endorsed by Ai and the item royalty has been endorsed by the content owner O, any intermediary agent might not counterfeit the value of royalty or commission due to other agents. In step 1, the buyer C sends his identifier C, the content request information, and bid bid for the digital content to a multicast subgroup, whose members may resell content services. In step 2, the member of multicast group reply with identifier Pi, digital content identifier Pid, digital content description desc and quoted price list price-list. The buyer C compares the price and services that are provided by vendors and then chooses a suitable vendor M. In step 3, C downloads the content ciphertext Es(item) endorsed by the good owner. In step 4, the buyer sends M with the onion digital notes package Onion_DigitalNotesm . Only the content owner O can decrypt the payment for royalty. The payment for commission can only be decrypted by the corresponding middleman. Any agents might not illegally snatch the payments due to other agents. In step 5, the vendor M shucks the onion payment after having received it and obtained the commission DigitalNotesm endorsed by the buyer, and then transfers the onion payment package Onion_DigitalNotesm-1 to the middleman Am-1. Each middleman Ai(i=m-1~1) shucks the onion payments and obtains the commission DigitalNotesi endorsed by the buyer C, and then transfers the onion payment package Onion_DigitalNotesi-1 to the middleman Ai-1, until the digital content owner has received the payment for the content royalty. In step 6, the digital content owner forms the payment receipt SigO(Tid, C, O, Pid, Ts) , then sends A1 with the receipt and the session key s encrypted by the buyer C ‘s public key. For i=1~m-1, each Ai verifies the validity of the endorsement SigO(Pid, PKC(s)). If it is valid, Ai transfers the item [Pid, PKC(s)]O and the receipt SigO(Tid,C,O,Pid,Ts) to Ai+1; or else the protocol will be aborted. In step 7, the vendor M sends the buyer C with the payment receipt [SigO (Tid, C, O, Pid, Ts)]M endorsed by himself to confirm that the digital content owner and all middleman have received the payment digital notes. In step 8, the buyer sends M with the onion broker stamps package Onion_Brokerstampsm . The onion package of broker stamps will make it possible that the digital content owner and all intermediaries can successively shuck the onion package by their private key and obtain the broker stamps of tokens due to them, but they might not snatch the tokens due the others. In step 9, M obtains the commission BrokerStampsm due to him by peeling off the onion package Onion_Brokerstampsm. If the broker stamps fit the digital notes, the vendor M sends the session key s to the buyer C, or else the protocol will be aborted. In step 10a, the buyer tries to decrypt the encrypted digital content by the key s. If the buyer fails, he will call dispute the resolve protocol resolve_C_1. If the buyer has no received the key s or the key has not been endorsed validly by the content owner O, the buyer can call the resolve protocol resolve_C_2. In step 10b, for each i=1~m, Ai obtains the items Brokerstampsi by shucking the surface layer of the onion payment with decryption algorithm, and then hands on the onion digital notes package to Ai-1.21电子商务――市场?应用?技术If Ai cannot obtain the valid items Brokerstampsi due to him by shucking off a layer of the onion payment package, he will resort to the dispute solution shown as section 4.5. The step 10a and step 10b can be processed independently. When incentive mechanism is emphasized and adopted, the more digital content one has sale, the more prize he will gain from the owner of the digital content. So if the intermediary agent has received the token encrypted by the owner’s public key and he is unable to redeem it, he is willing to transfer them to the content owner.4.5 Dispute ResolveIn the chained payment scheme, the three classes of dispute may occur and a trusted third party is introduced to resolve the disputes. Dispute I. Buyer C claims that he has received decryption key s endorsed validly by the owner O, but the content cipher text can not be decrypted successfully by the key. Resolve protocol resolve_C_1 for this dispute is as follows: 1. C→T: M, O, [Tid, Pid, desc]O, [Tid, C, O, Pid, Ts]O, [Pid, PKC(s)]O 2. T→O: C, Tid, Pid 3. O→T: item 4. if fit(item, desc) then T→C: item else T→C: affidavit(C, O, Tid, Pid) C sends the key s and other transaction information endorsed by owner O to the trustee T. T asks the owner O to transfer the digital content. If the digital content fits the description desc, it will be sent to the buyer C, or else the affidavit affidavit(C, O, Tid, Pid) will be sent to prove that the digital content owner has received the royalty but no digital content is transferred. Dispute II. C claims that he has paid for the content, but he has never received decryption key, or decryption key s has not been endorsed validly by the owner O. Resolve protocol resolve_C_2 for dispute II is as follows: 1. C→T: M, O, Ts, [SigO(Tid, C, O, Pid, Ts)]M, Brokerstampsm, Onion_Brokerstampsm-1 2. T→M: C, Tid, Pid 3. M→T: [Pid, PKC(s)]O, [DigitalNotesm, Ts]C if unfit([Pid, PKC(s)]O) && unfit([DigitalNotesm, Ts]C) then T→C: affidavit(C, M, Tid, Pid) elseif fit (DigitalNotesm, Brokerstampsm) then T→C: [Pid, PKC(s)]O T→M: Brokerstampsm, Onion_Brokerstampsm-1 In this sub-protocol, the buyer C sends the trustee T with the broker stamps due to the vendor M, the onion broker stamps package Onion_Brokerstampsm-1, and the payment receipt SigO(Tid, C, O, Pid, Ts) endorsed by the vendor M. The trustee T asks the vendor M resends the session key and the digital notes for commission due to M. If the signature on item [Pid, PKC(s)]O or item [DigitalNotesm, Ts]C is not valid, the affidavit is sent to the buyer C so as to prove that the vendor should pay if the payment from the buyer is valid, the session key is transferred to the buyer C and the payment is transferred to the vendor M. Dispute III. The digital content owner O or middleman Ai complain that he cannot obtain the valid items BrokerStamps by shucking off a layer of the onion payment package. Resolve protocol resolve_A(i) for dispute III sponsored by Ai is as follows: 1. Ai → T: Tid, C, [DigitalNotesi ,Ts ]C, SigO (Tid, C, O, Pid, Ts), [Pid, PKC(s)]O222. T → C: Tid, Ai 3. C → T: Tid, Ai , Brokerstampsi, Onion_Brokerstampsi-1 4. if fit(DigitalNotesi , Brokerstampsi) then T →Ai: T →C: else T →Ai : affidavit(Ai, C, Tid, Pid) Tid, Brokerstampsi, Onion_Brokerstampsi-1 Tid, [Pid, PKC (s)]O, SigO (Tid, C, O, Pid, Ts)In the sub-protocol resolve_A(i) sponsored by Ai, the middleman Ai sends trustee T with the digital notes DigitalNotesi for commission due to Ai endorsed by the buyer C, the payment receipt SigO (Tid, C, O, Pid, Ts) and the item [Pid, PKC(s)]O . T verifies the signature on the digital notes DigitalNotesi, the payment receipt and the endorsement on the key. If verification passes, the buyer is asked to resend the broker stamps due to Ai and the onion package Onion_Brokerstampsi-1. If item Brokerstampsi fits the item DigitalNotesi, the broker stamps Brokerstampsi and the onion package Onion_Brokerstampsi-1 are sent to the Ai , and the session key is sent to the buyer C; or else the affidavit is sent to the Ai to give witness that the Ai should obtain the payment. In the case i=0, the party Ai denotes the digital content owner O. By far, the possible disputes on this scheme are discussed and feasible games for these disputes are proposed. The trusted third party can be off line and need only be called when disputes have occurred.4.6 Security AnalysisNow we informally analyze the security properties of our payment scheme: Confidentiality: The session key is encrypted by the buyer’s public key and can only be disclosed by the buyer C. The payment due to each party Ai is encrypted by Ai’s public key and can only be cashed by Ai . Any party cannot obtain the payment due to other parties. Fairness: In the exchange sub-protocol, fairness will not be lost until step 6 since the buyer has not gotten the key and any other agents have not obtained the broker stamps of payment. After step 7, if some party misbehaves, the honest can obtain what he expects by starting the dispute resolve sub-protocol. No one have advantage over other parties. Non-repudiation: The onion digital notes package includes the buyer’s signatures on digital notes for royalty and commissions, so it is impossible for a buyer to deny having sending a digital notes payment. The cipher text of the digital content and session key are endorsed by the digital content owner, and the owner can not deny having sent digital content after a successful digital content transfer. The payment receipt is used to confirming that the content owner and all middlemen have received the payment. Otherwise, middlemen and digital content owners cannot deny the quote price signed by them, and digital content owner can deny for having sent a digital content description endorsed by him. Of}