Technology product, no matter software or hardware,

has now become the major competitive weapon for an

enterprise to make strategies and create superiorities.

Transaction time and cost can be greatly saved through

the use of information and telecommunication technol-

ogy and it is an unavoidable trend in such low proﬁt

time. However, under such trend, electronic transactions

also brings new challenge and risk to this new era,

for example, many illegal electronic transaction cases

in recent years [1], [2] and the stock theft cases of Lee

and Li Attorneys-at-Law [3]. Before the use of electronic

transaction system, multiple steps have to be completed

before a consumer can withdraw the money he/she needs.

Moreover, the bank clerk has to conﬁrm the identity and

check to ensure that the identity of the consumer matches

the check before the transaction can be completed;

therefore, the entire process is very tedious and the cost

is increased. Through the use of electronic medium,

consumer only has to use ATM card and password to

complete identity conﬁrmation, money withdrawal and

data registration within very short time and its accuracy

and reliability is even higher than human processing [4].

However, when you enjoy the convenience, new risk

must emerge. There is one special feature of transaction

by using information and telecommunication technology,

that is, electronic transaction can takes place at any

places and such feature exposes electronic transaction

under high risk. Only some digits need to be changed

in the system and stranger out there thousands of kilo-

meters away can vanish someone’s savings which was

accumulated by his/her entire life in very short time.

What derived from the things we mentioned above is

the internal control issues when dealing with electronic

transaction procedures; the risk of electronic transaction

not only comes from external environment, bad internal

control is also an important factor. Enron scandal of USA

occurred in the winter of 2001, however, on August one

year before the occurrence of this scandal, vice president

Sherron Watkin who was employed by Enron at Houston

headquarter and was in charge of corporate development

already discovered the illegal secret and reported and

warned to upper management level and outer auditing

company, Anderson, but not too much attention was

paid to [5]. Therefore, it is very important how to,

under known conditions, let internal control personnel

to examine ﬁnancial status of the company objectively

and let the investors to get warnings from the ﬁnancial

report. The employee of Lee and Li Attorneys-at-Law,

Mr. Wei-Chieh Liu (also call Eddie Liu), sells privately

and illegally customer’s custodial stocks for about three

billions NT dollars brought an unprecedented risk to the

company. This event reveals the internal control leak

within an organization. A company must establish a good

internal control system in order to let the company run

stably and continuously. According to work place fraud

Study of Enterprise Internal Control Based on Virtual Team and

Cryptology Technique

1CHENGLIAN LIU, 2SONIA C-I CHEN

1School of Computing, Neusoft Institute of Guangdong, Foshan 528225, CHINA

2School of Economics, Qingdao University, Qingdao 266061, CHINA

Abstract: The development in information technology, the widespread use of Internet and the fast movement of

e-commerce has promoted the earlier realization of digital economy. Lots of enterprises use information

technology inside the enterprise to reduce cost, shorten business deal time and achieve the largest production

capability. Although digital technology brings convenience to people, crimes of information theft come after it

too and the derived public security and financial issues are usually beyond our imagination. In this article, group

signature technology is used to improve the operation of virtual team and to inspect the operation status within

the enterprise; internet anonymous impeach function is provided through electronic internal control team

mechanism so as to reinforce the mutual interaction rate between supervisor and employees, to enhance internal

control efficiency within the organization and to enhance entire competitiveness.

Keywords: Group digital signature, Internal control, Virtual team, Electronic internal control team, Anonymous

impeach.

Received: May 16, 2021. Revised: June 29, 2022. Accepted: July 25, 2022. Published: September 14, 2022.

1. Introduction

WSEAS TRANSACTIONS on ELECTRONICS

DOI: 10.37394/232017.2022.13.10

Chenglian Liu, Sonia C-I Chen

E-ISSN: 2415-1513

Volume 13, 2022

and infraction report made by Association of Certiﬁed

Fraud Examiners in 2002, the result shows that the fraud

in the work place could possibly happen no matter what

the size is of an enterprise. In 2002, there is a loss of

about 6% out of the corporate revenue, that is, about

60 millions US dollars, due to bad internal control. Of

course, organization should have trust on its employee,

but if the system does not have very effective operation

of internal control, it could possibly lead to the motion

and misconduct of fraud [6]. In this study, it proposes

that a system such as electronic internal control team

system can be installed in a company so that legal

employees in the company can have a report and impeach

mechanism to convey fast and fairly an impeach message

to the top management level. In this study, digital signa-

ture mathematical model deduced previously is used to

extend an electronic internal control system to provide

a method of impeaching and auditing for the members

of the organization; under this condition, the members

of the organization do not have to worry anything, they

will impeach any fraud occurred around them and do

not have to worry about the exposure of their identity.

In the second part of the literature survey, it includes

the deﬁnition of internal control department, electronic

internal control team and group digital signature in a

company. In the third part, the electronic internal control

team model is proposed and the application situation of

each stage is set up. In the fourth part, discussion and

analysis is made after the application and a complete

model diagram is proposed. Conclusion and future study

direction will be emphasized in the last part.

Internal control system originated in 1949 from a

research report of American Institute of Certiﬁed Public

Accountants (AICPA) named “Internal control- It inte-

grates the key elements of control and is very important

to management level and independent accountant.” [5];

later on, many related reports and discussions gave

recognition of different levels on the deﬁnition, purpose

and structure of internal control. The current deﬁnition

originates from a report of ”internal control-integration

architecture”, generally called COSO Report, presented

by a Committee of Sponsoring Organization of the

Treadway Commission in 1992 (abbreviated as COSO)

with members include AICPA (American Institute of

Certiﬁed Public Accountants), American Accounting

Association, The Institute of Internal Auditors, Insti-

tute of Management Accountants, Financial Management

Personnel Association. COSO Report has now become

the newest guidance of internal control system. COSO

Report thinks that internal control is a process and this

process is designed for three major purposes such as:

to achieve the reliability of ﬁnancial report reasonably,

to follow laws and regulations, to operate the business

effectively and efﬁciently; moreover, this process is

affected by is affected by the Board of Directors, man-

agement personnel and other personnel of the company.

For the deﬁnition of internal control, there is an explana-

tion in the article 7 (1998) of No. 33 of Audit Standard

Annals announced by the Audit Standard Commission

of Accounting Research and Development Foundation:

“Internal control is a management process and is de-

signed by management level personnel and approved by

the Board of Directors (or equivalent decision-making

unit) so as to ensure the achievement of the following

goals reasonably”, [7]:

•Reliable ﬁnancial report.

•Efﬁcient and effective operation.

•The follow-up of related regulations and laws.

Internal control can usually be divided into internal

accounting control and internal management control. The

former is a control directly related to the accuracy and re-

liability of accounting record and ﬁnancial report which

emphasizes on the achievement of two goals of accurate

accounting information and guarantee of property safety;

the latter is a control to maintain operation efﬁciency

and to check if the organization follow the regulations

as speciﬁed, therefore, its main purpose it to enhance

operation efﬁciency and to realize speciﬁed management

policies.

Internal control can be divided into two parts, that is,

structural internal control and operation internal control.

The former is of planning and designing characteristic

which includes the construction of organization system,

responsibility division, management authorization, lay-

ered responsibility, setting of work standards, making

of all kinds of management method and operation pro-

cedures; the latter is real work implementation such

as: the use, incubation and management of the work

personnel, the safety maintenance of property, the treat-

ment of accounting affairs, the management and control

of budget and the implementation, auditing, preparing

and reporting of all kinds of business activities and

operations. All the things mentioned above should be

carefully watched in the work personnel’s usual daily

work operation so as to achieve the ﬁnal goal of internal

control [8], [9], [10], [11], [12], [13].

2. Literature Survey

2.1. Study on the corporate

internal control department

WSEAS TRANSACTIONS on ELECTRONICS

DOI: 10.37394/232017.2022.13.10

Chenglian Liu, Sonia C-I Chen

E-ISSN: 2415-1513

Volume 13, 2022

The current trend is to use the computer equipment

of enterprise resource planning project to assist the

operation in every part of the enterprise. Among them,

the planning and implementing right and responsibil-

ity and an objective auditing mechanism of internal

control department is designed by information system.

Furthermore, there is a derived need of electronic internal

control team of low cost, low risk and of conﬁdential-

keeping capability. This design not only can achieve the

corporate planning effect but also can keep the privacy

of organization members.

Through the use of the architecture basis of virtual

team in association with group digital signature, we

can deduce management functions of electronic internal

control team. The general deﬁnition of virtual team is a

team formed because of common ideal, common goals

or common interest [14]. Electronic internal control

team is an independent operation team with members

coming from employee of the company and the topmost

manager can know the identity of the employee but other

members of the organization cannot know the identity

of members in the virtual team. Virtual team is built

in the organization because of its conﬁdential and fast

report characteristic [14]. In this article, the auditing and

examining function, conﬁdential function due to network

communication as well as fraud impeaching function of

electronic internal control team system are investigated

and used to design a special organization for internal

control. The goals that an enterprise hopes to achieve

during the application of such system are as in the

followings:

Step 1. The internal personnel of the department im-

peaches in anonymous way so that the electronic

internal control team cannot calculate its real

identity. Additionally, if the member of the orga-

nization impeaches in anonymous and repeated

way, the electronic internal control team can not

judge how many documents are from the same

impeacher through the content of the impeached

document.

Step 2. After the reception of anonymous impeaching

case by the electronic internal control team and

if the inspection result is found to be mismatch-

ing the fact, the identity of the anonymous im-

peacher can be calculated through the approval

of the topmost decision-maker and appropriate

penalty can be given; however, the impeaching

reception center still can not guess if the previ-

ous or subsequent documents of the anonymous

document are coming from the same person who

makes the false accusation.

Step 3. Although the topmost decision-maker in the or-

ganization can has the right to examine the iden-

tity of the anonymous impeacher, the decision-

maker can not forge an identity of any mem-

ber of the organization and perform anonymous

impeaching and make false accusation on that

personnel [15].

Step 4. When electronic internal control team is per-

forming its job for monitoring and if the respon-

sibility of correct transfer of cases is violated,

the topmost decision-maker can track its real

identity and give penalty to personnel who make

false accusation.

For corporate organization, the members of the Board

of Directors are the strategic core organization, since

directors have many things to do; they thus apply the

authorization mechanism in the personnel management

and help them in monitoring the implementation status

of the policies. The system mentioned in this article, in

addition to helping the processing of daily things, can

also avoid a decision made by medium level manager

by exceeding his/her authorization scope so as to do

illegal things. Moreover, if necessary, this system can

help the topmost manager ﬁnding out bad guys who use

this system to make false accusation which might lead

to a management dilemma.

What group digital signature means is, any member

within the organization, can issue paper to outside bear-

ing the name of the organization and the receiver only

knows that the document is a formal document of that

organization but does not know which member of that

organization make the paper. Based on the cryptography,

we develop a group digital signature system which can

be used in the internal management of the company to

enhance the safety of E-Commerce dealing [16], [17],

[18]. Earlier, Chaum and van Heyet proposed in 1992

[19] simple research methods and Chen and Pedersen

im-proved them in 1995 [20]; in another aspect,

Camenisch and Stadler [21] create fast signature

mechanism target-ing at large organization; Lee and

Chang proposed a strategy based on Discrete

Logarithm; Chen and Liu [22] combine the method of

Lucas [23] and the assumption of factorization to

prepare a signature mechanism faster than Camenisch

and Stadler. In the concern of informa-tion system

security, the major part of the application of group

signature emphasizes on the generation process of

password and how to control the password and

how to protect the password and enhance management

2.2. Study on the electronic

internal control team system

2.3. The development of group

digital signature system

WSEAS TRANSACTIONS on ELECTRONICS

DOI: 10.37394/232017.2022.13.10

Chenglian Liu, Sonia C-I Chen

E-ISSN: 2415-1513

Volume 13, 2022

efﬁciency during the operation of business. However, in

real analysis and application, whether the system has

been thought in every detail and be tested in every aspect

seems far more important than the complexity of the

writing of programs [24]. In the system construction

aspect, a good password system should possess secrecy,

identiﬁcation, completeness, un-deniability [25] as well

as un-predictability [26], [27]. Targeting on the defects

of group digital signature [19], some scholars propose to

use the simple calculation formula existed in IC smart

card accompanied with the use of simple password easy

for the user to memorize in order to generate identity

conﬁrmation which is difﬁcult to be solved by others.

In the corporate internal management, the use of digital

signature system can help the evaluation of performance

objectively and be used as an internal communication

tool.

This paper extends the concept of information security

technology and management, speciﬁcally introducing

cryptography and information security mechanisms into

the COVID-19 monitoring system, combining the two

cryptographic algorithms of ElGamal [28] and RSA [29]

to meet the requirements of the digitalization process

of electronic medical records. In the process of patients

using the medical insurance card, the information center

can set the identity of the person who knows or does not

know (double blind mechanism). Based on this design

concept, the medical staff passively know or does not

know the patient’s identity. In this paper, we propose a

conditional anonymity scheme. In the process of submis-

sion, patients and the system center have registered and

issued account numbers, and patients, hospitals, doctors

and the health insurance bureau are anonymous. In the

process of the system, the patient has no direct contact

with the health insurance bureau, so the health insurance

bureau can not know the real identity of the patient at

the initial stage; the role of the health insurance bureau

has the right to supervise and inspect the doctor’s visit

content and inquire about the hospital information; the

hospital has the responsibility to report the business to

the health insurance bureau; the doctor has to report the

visit situation to the hospital. This scheme of the algo-

rithm consists of eight phases: registering phase, account

issuing phase, medical treatment phase, diagnosis phase,

data veriﬁcation phase, data update phase, data response

and ﬁnal result return phase.

Step 1. Employee opens an account and register to com-

pany’s system center.

Step 2. The system center issues an accounts to em-

ployee who applied an ID previously.

Step 3. Employee uses his anonymous ID to complaint

or report to virtual team.

Step 4. The virtual team forward and check the record

by system center.

Step 5. The system center received the record from

virtual team before returned the veriﬁcation.

Step 6. The virtual team forward the record to board.

Step 7. The board decodes the record when he received

the parameters from virtual team.

The detailed information ﬂow is shown in Figure 1.

Notation and Signiﬁcant:

pi: denote a large prime of RSA.

qi: denote a large prime of RSA.

ni: denote a modulo number of RSA.

ei: denote the public key of RSA.

di: denote the secret key of RSA.

p1: denote an other prime number of ElGamal, it

different with pi.

g: is the primitive root of prime number p1.

xi: is a private key in ElGamal-like algorithm.

yi: is a public key in ElGamal-like algorithm.

mi: digitized message.

Employee: The usually refers to the grass-roots level

staffs or users in the organization or company.

System Center: We usually means the organization’s

information system center. Here, we use abbreviation

‘ISC’ or ‘system’.

Virtual Team: We denote the staff who works in middle

level such as manager or equivalent position.

Board: A person who is director, supervisor, chairman

or president in high level of organization or company.

Employee

System

Virtual

1. Register

2. Pass

3. Appeal

Check

5. Conﬁrm

6. Forward

Centre

Team Board

(Manager)

Figure 1. The concept of this system.

3.1 In the system initialization phase, all users such

as employee, system center, manager and board set their

own account numbers and passwords, and share primitive

parameters gand a large prime numbers p1through the

system.

The employee randomly selects a number xa, as its

3. Our Research Methodology

3.1. Initializing System Phase

WSEAS TRANSACTIONS on ELECTRONICS

DOI: 10.37394/232017.2022.13.10

Chenglian Liu, Sonia C-I Chen

E-ISSN: 2415-1513

Volume 13, 2022

private key and satisﬁes gcd(xa, p −1), then calculates

his public key

ya≡gxa(mod p)(1)

The system center randomly selects its own private

key xbto calculates its own public key yb, and then

announces

yb≡gxb(mod p)(2)

The virtual team (or manager) randomly selects its own

private key xcto calculates its own public key yc, and

publishes it

yc≡gxc(mod p)(3)

The board will randomly select its own private key xd

to calculate his public key yd, and then publishes

yd≡gxd(mod p).(4)

Please see Figure 2. Every employees randomly select

Employee System Center Virtual Team Board

Compute:

ya≡gxamod pyb≡gxbmod pyd≡gxdmod p

yc≡gxcmod p

Figure 2. The System Initializing Phase.

two primes piand qito ﬁnd:

ni=pi·qi,(5)

since

φ(ni) = (pi−1) ·(qi−1).(6)

Compute the public key eiwhere it satisﬁed

gcd(ei, ni) = 1 (7)

and

ei·di≡1 (mod ni).(8)

The public key pairs are (ei, ni), although the secret key

is di; we have destroyed some parameters such as (pi, qi

and φ(ni)) based on security issue. From Equation (5)

to (8), it is well-known RSA algorithm [29].

3.2 The employee uses his ElGamal public key yaand

the RSA secret key dato calculate a temporary account

by Equation (9).

Sa≡yda

a(mod na),(9)

and register this account to system center, see Figure 3.

3.3 When the system center receives Safrom em-

ployee, the system center approved and returned Vasince

Va≡Sea·xb

a(mod na),(10)

Employee System Center

1. {Sa}

Sa≡yda

a(modna)

Figure 3. The Registration Phase.

see Figure 4.

Employee System Center

2. {Va}Va≡Seb·xb

a(mod na)

Figure 4. The Getting Account Phase.

3.4 The employee obtains a valid account and he then

uses Waand Cabefore he complaint to virtual team.

This operation has an anonymous feature:

Wa≡(Va)da(mod na),(11)

and

Ca≡yxa

d·ma(mod p),(12)

see Figure 5.

Employee Virtual Team

3. {Wa,Ca}

Wa≡(Va)da(mod na)

Ca≡yxa

d·ma(mod p)

Figure 5. The Complaining Phase.

3.5 When the doctor receives the patient’s require-

ment, he will diagnose patient and sent the diagnostic

record to system center for processing. The process is

shown in Equation (13) and Figure 6.

Fa≡yWa

c·Wxc

a·Ca(mod p).(13)

System Center

Virtual Team

4. {Wa,Ca,Fa}

Fa≡yWa

c·Wxc

a·Ca(mod p)

Figure 6. The Checking Record Phase.

3.6 The hospital received the diagnostics record by a

doctor, he would check this identiﬁer Waﬁrstly; if it is

5HJLVWHULQJ3KDVH

3.3. Getting Account Phase

3.4. Complaining Phase

3.5. Checking Record Phase

3.6. Confirming Phase

WSEAS TRANSACTIONS on ELECTRONICS

DOI: 10.37394/232017.2022.13.10

Chenglian Liu, Sonia C-I Chen

E-ISSN: 2415-1513

Volume 13, 2022

hold, and then veriﬁed this message before returned to

doctor. See Equation (14)-(15) and Figure 7.

Wea

≡Va(mod na).(14)

If holds, to calculate the Equation (15).

Ta≡(Fa)xb·(Wxc

a)−xb·C−xb+1

a(mod p).(15)

System Center Virtual Team

Ta≡Fxb

a·(Wxc

a)−xb·C−xb+1

a(mod p)

5. {Ta}

Figure 7. The Conﬁrming Phase.

3.7 The system center has veriﬁed the effective iden-

tity of the informant. After the manager received the

veriﬁcation results, he signed or endorsed the veriﬁcation

results, and then submitted the results to the board of

directors for processing. Please see Equation (16) and

Figure 8.

Za≡(Ta)x−1

c·C−x−1

c+1

amod p. (16)

Virtual Team Board

6. {Za,Wa}

Za≡Tx−1

a·C−x−1

c+1

a(mod p)

Figure 8. The Reporting Business Phase.

3.8 The board of directors received the reporting

{Za, Wa}by manager. Since the content has been signed

it digitally, if board of directors want to fetch the contents

Ca. However, the content of the report is encrypted with

the public key yaof the board of directors and the private

key xaof the reporter (namely employee). Therefore,

there are only two persons (employee and board) who

can recovery (decode) the Cainto maafter obtaining the

ciphertext Ca, please see Equation (17).

Ca≡Za·y−Wa

b(mod p).(17)

Proof. As know from Equation (12), the Cagenerated

by employee, we can rewrite as

ma≡yx

a·Ca(mod p).(18)

According to Fermat Little Theorem, we let

x=p−1−xd,(19)

namely

m′

a≡yp−1−xd

a·yxa

d·ma(mod p)(20)

From Equation (18) to (20), we ﬁnished the proof. The

protocol of this scheme is presented in Figure 9.

Employee

System

Virtual

1. Sa

2. Va

3. {Wa, Ca}

{Wa, Ca, Fa}

5. Ta

6. {Za, Wa}

Centre

Team Board

(Manager)

Figure 9. The protocol of this scheme.

We assume p= 101, g = 18 and the private keys as

xa= 11, xb= 49, xc= 37, xd= 71 where public keys

ya= 59.

yb= 28.

yc= 86.

yd= 3.(21)

Suppose the RSA’s parameters pa= 11, qa= 13, and

ea= 19, we ﬁnd

n= 143.

φ(n) = 120.

da= 19.(22)

The result are

Sa≡58 ≡5919 (mod 143).

Va≡124 ≡5819·49 (mod 143).

Wa≡136 ≡12419 (mod 143).(23)

Let ma= 50, responding to

Ca≡54 ≡311 ·50 mod 101.

Fa≡61 ≡86136 ·13637 ·54 mod 101.

124 ?

≡13619 mod 143.

Ta≡87 ≡6149 ·(13637 )−49 ·54−49+1 mod 101.

Za≡16 ≡(87)37−1·54−37−1+1 mod 101.(24)

According from Equation (18) and (19), we get

x= 29 = 101 −1−71.

m′

a≡50 ≡5929 ·53 (mod 101).(25)

The authors gave an example of experiment ﬂow from

3.7. Reporting Business Phase

3.8. Board Processing Phase

3.9. The Experiment Example

WSEAS TRANSACTIONS on ELECTRONICS

DOI: 10.37394/232017.2022.13.10

Chenglian Liu, Sonia C-I Chen

E-ISSN: 2415-1513

Volume 13, 2022

Employee

System

Virtual

1. {58}

2. {124}

3. {136,54}

{136,54,61}

5. {87}

6. {16,136}

Centre

Team Board

(Manager)

Figure 10. The Example of Experiment Flow.

Equation (21) to (25), and the diagram show in Fig-

ure 10.

1312321

Deﬁnition 1. Discrete Logarithm Problem (DLP)

As known parameters {p, g, yi}where the formula

yi≡gxi(mod p), it is very hard to ﬁnd the pri-

vate key xiwhile prime approaching inﬁnite. Based

on this assumption of computation and condition, it is

called solving the discrete logarithm problem (Solving

Discrete Logarithm Problem) [30]. The current public

key cryptosystem based on discrete logarithm has value

parameters that are greater than 1024 bit length or 2048

bit length.

Deﬁnition 2. Computation Difﬁe-Hellman Problem

(CDHP)

The Computation Difﬁe-Hellman Problem [31]is derived

on the Difﬁe-Hellman key exchange principle (Difﬁe

Hellman Key Exchange) [32]. The main ideas are de-

scribed as follows: Given {g, gx, gy}to ﬁnd gxy.

Here, gis known parameter, the xand yare unknown

parameters.

Deﬁnition 3. Decisional Difﬁe-Hellman Problem

(DDHP)

The Decisional Difﬁe-Hellman Problem [33] is a

variant of the Difﬁe-Hellman computation problem.

Given {g, gx, gy, gz}, to ﬁnd the Zpis satisﬁed

z=xy. Given {g, gx, gy}, to ﬁnd gxy. Here the

parameter gis known, and the parameters {x, y, z}

are all unknown.

Theoretical Security Level Analysis Analysis security

of theoretical level

Lemma 1. If user is honest, the Equation (14) would be

correct, that is, the system center veriﬁed the employee.

Proof. Wea

≡Va(mod na).

As known from Equation (11), we get Wa≡(Va)da

(mod na)since Equation (14), according to RSA theo-

rem; it becomes

Wea

≡(Vda

a)ea(mod na),

≡Va(mod na).(26)

From above calculation, we connect the relationship

between the Equation (11) and (14). The Equation (9)

Sa≡yda

a(mod na)by employee, the Equation (10)

Va≡Sea·xb

a(mod na)by system center. If employee is

honest, the system center check Equation (27) holds.

≡yxb

a(mod na)

≡(Sa)ea·xb(mod na)

≡(yda

a)ea·xb(mod na)

≡yxb

a(mod na).(27)

Otherwise, it is a contradiction.

Lemma 2. If system center is honest, the Equation (10)

holds, that is to say, the employee veriﬁed the system

center.

Proof. As known from Equation (10), the system center

produced the Vaafter employee transmitted his account

Sa. We can rewrite the Equation (28) into

≡yxa

b(mod p)

≡(gxb)xa(mod p)

≡(gxa)xb(mod p)

≡yxb

a(mod p).(28)

Actually, from Step 1 to Step 2 (see Figure 1), the

system center and employee both veriﬁed each other.

It is stopped while one side failed. Otherwise, there

is a contradiction. The Lemma 1 and 2 provide the

evidences.

Lemma 3. If system center and manager are both

interaction honestly, the Equation (13) and (15) holds,

the system center and manager can verify each other.

Proof. As known the Equation (14) and (21), the anony-

mous parameter Waproduced by employee and then

via manager to system center. If manager is honest, the

system center received the correct Wa; otherwise, he

would got a wrong content. By Lemma (1) and (2), we

prove employee and system center are honest. Hence,

the system center can easily check the right or wrong of

Wabased on the Step 1 to Step 3 without to check the

Fa. This is to say, the manager honest to system center.

On the other hand, the system center used his private

key xbto produce Taafter he received Faby manager. If

manager dishonest to system center who cannot produces

4. Security Analysis

4.1. Theoretical Security Level Analysis

WSEAS TRANSACTIONS on ELECTRONICS

DOI: 10.37394/232017.2022.13.10

Chenglian Liu, Sonia C-I Chen

E-ISSN: 2415-1513

Volume 13, 2022

right Tabefore received the Fafrom manager. Although,

the Tawas produce by system center, the manager can

verify Tasuch as Equation (29)

≡ywa·xb

c·Ca(mod p)

≡ywa·xc

b·Ca(mod p).(29)

As known Ta≡(Fa)xb·(Wxc

a)−xb·C−xb+1

a(mod p)

by Equation (15).

Ta≡(Fa)xb·(Wxc

a)−xb·C−xb+1

≡(yWa

c·Wxc

a·Ca)xb·(Wxc

a)−xb·C−xb+1

≡yWaxb

c·Wxcxb

/////// ·Cxb

a·W−xcxb

///////// ·C−xb+1

≡yWaxb

c·Cxb

//// ·C−xb

//////·Ca

≡ywa·xb

c·Ca

≡ywa·xc

b·Ca(mod p).(30)

According from Equation (30), the (29) equal to (30),

we ﬁnished the proof.

Analysis security of practical levels

Doubts about cracking RSA and ElGamal cryptosys-

tems: If the attacker intends to disguise the identity of

the patient, the attacker must have the patient’s key da to

be able to calculate the corresponding pairing public key

ea. In addition to being unable to disguise the patient,

the attacker cannot disguise the system center, unless

the attacker can crack the RSA cryptosystem. Obviously

cracking the RSA cryptosystem is not realistic at the

moment [34].

Key Compromise Impersonation attacks: The patient,

system center, doctor and Health Bureau keep their

own keys. Although their public keys are published, the

hackers can not calculate the corresponding key through

known public parameters. The discrete logarithm prob-

lem of the Deﬁnition 1 is deﬁned and fully described.

This study does not consider this assumption unless any

party who owns the key divulges the key.

Under the fast development of E-commerce and the

trend of technology leads the economic development,

the past human resource internal audit is thus no longer

an operation of black box. The network impeaching

will become more transparent through the use of group

signature system; therefore, the topmost decision-maker

of the company can no longer affect the normal operation

of the company intentionally due to private interest.

Additionally, this can prevent the selective acceptance

adopted by the audit or anti-corruption department be-

cause of their involvement in the case too. Moreover, this

can also prevent the unnecessary conﬂict caused within

the organization due to rank suppression.

This study proposes architecture for the setup of elec-

tronic team in the internal control department of a

company so that the identities of employees, who are

worrying about getting revenged when they impeach

something and gets their identities exposed, will be

protected. This architecture will encourage the members

of the organization to impeach illegal things bravely

and protect their identities. In the system of the current

study, if necessary and under the agreement of the

decision-maker of the organization, the identity of the

original electronic impeacher can be tracked and this has

threatening effect and can prevent any conﬂicts caused

by persons who make false accusation. Moreover, the

system can also perform monitoring and management

on medium level managers and employees of the basic

level, which is thought to be the greatest contribution of

this study. However, the insufﬁcient part of this study

is the lack of consideration on humanity, which will be

future direction of study.

[1] BBC News, “Taiwan ATMs ’robbed of $2.5m by European

hackers’,” http://www.bbc.com/news/worldasia36824507, July

18 2016.

[2] Ivana Kottasova, “Hackers steal millions from ATMs with-

out using a card,” http://money.cnn.com/2016/07/14/news/

bankatmheisttaiwan, July 14 2016, CNN News.

[3] Y.-Y. Chiang and W. G. Rowe, “Lee and Li, Attorneys-at-

law and the Embezzlement of NT$3 Billion by Eddie Liu

(A),” College of Commerce, National Chengchi University and

Ivey Management Services, Tech. Rep., January 16 2009, Case:

9B08M079.

[4] J. C. Tsui and J. J.-R. Chen, “A study of group signa-

ture implanted to network with impeachment system,” in

2003 Proceedings of Electronic Commerce and Digital Life

Conference, April 11-13 2003, pp. 1500–1510.

[5] K.-F. WU, “The study of the business for build internal control

system and internal audit system cases representative in the

far eastern group,” Master Thesis, Department of Business

Administration, College of Management, National Dong Hwa

University, Taiwan, 2005.

[6] Taipei District Prosecutors Ofﬁce, Taiwan, “Record of

serious ﬁnancial cases,” https://www.tpc.moj.gov.tw/media/

187386/%E5%8C%97%E6%AA%A2%E9%87%91%E8%9E%

8D%E9%87%8D%E6%A1%88%E5%AF%A6%E9%8C%

84-010-a-law-ﬁrms-3-billion-dollar-lesson.pdf, June 22 2021,

a law ﬁrm’s 3-billion-dollar lesson.

[7] Yiyun Wang, Principles and methods of internal control, 1st ed.

Wu-Nan Culture Enterprise, Taipei, Taiwan, October 2009,

Chinese edition.

[8] S.-I. Chang, L.-M. Chang, and J.-C. Liao, “Risk factors

of enterprise internal control under the internet of things

governance: A qualitative research approach,” Information

and Management, vol. 57, no. 6, p. 103335, 2020.

4.2. Analysis of practical safety levels

5. Conclusion

5HIHUHQFHV

WSEAS TRANSACTIONS on ELECTRONICS

DOI: 10.37394/232017.2022.13.10

Chenglian Liu, Sonia C-I Chen

E-ISSN: 2415-1513

Volume 13, 2022

[Online]. Available: https://www.sciencedirect.com/science/

article/pii/S037872062030272X

[9] X. Chen and H. Nie, “Research on the internal control of small

and medium manufacturing enterprises under comprehensive

risk management,” in Proceedings of the 8th International

Conference on Innovation and Management, 2012, pp. 680–

684.

[10] J. Feng, “Research on enterprise internal control based on

accounting computerization,” in Proceedings of the 2016

International Conference on Education, Sports, Arts and

Management Engineering. Atlantis Press, 03 2016, pp. 356–

360. [Online]. Available: https://doi.org/10.2991/icesame-16.

2016.75

[11] F. GAO, “A study of the internal controls of accounting informa-

tion systems in the network environment,” International Journal

of Simulation Systems, Science and Technology, vol. 17, no. 18,

pp. 91–95, 2016.

[12] C. Qin, “Literature review and prospect of enterprise inter-

nal control,” American Journal of Industrial and Business

Management, vol. 8, pp. 2120–2132, 2018.

[13] E. M. Akhmetshin, V. L. Vasilev, D. S. Mironov, E. I. Zatsarin-

naya, M. V. Romanova, and A. V. Yumashev, “Internal control

system in enterprise management: Analysis and interaction

matrices,” European Research Studies Journal, vol. 21, no. 2,

pp. 728–740, 2018.

[14] S. Stough, S. Eom, and J. Buckenmyer, “Virtual teaming: a

strategy for moving your organization into the new millennium,”

Industrial Management and Data Systems, vol. 100, no. 8, pp.

370–378, 2000.

[15] N. Bari´c and B. Pﬁtzmann, “Collision-free accumulators and

fail-stop signature schemes without trees,” in Advances in

Cryptology–EUROCRYPT ’97, W. Fumy, Ed. Berlin, Hei-

delberg: Springer Berlin Heidelberg, 1997, pp. 480–494.

[16] W. Difﬁe and M. Hellman, “New directions in cryptography,”

IEEE Transactions on Information Theory, vol. 22, no. 6, pp.

644–654, 1976.

[17] L. Lamport, “Constructing digital signatures from a

one way function,” Tech. Rep. CSL-98, October

1979, this paper was published by IEEE in

the Proceedings of HICSS-43 in January, 2010.

[Online]. Available: https://www.microsoft.com/en-us/research/

publication/constructing-digital-signatures-one-way-function/

[18] K. Tu, “Comment: Public-key cryptosystem design based on

factoring and discrete logarithms,” vol. 143, no. 1, p. 96, January

1996.

[19] D. Chaum and E. van Heyst, “Group signatures,” in Advances

in Cryptology–EUROCRYPT ’91, D. W. Davies, Ed. Berlin,

Heidelberg: Springer Berlin Heidelberg, 1991, pp. 257–265.

[20] L. Chen and T. P. Pedersen, “New group signature schemes,” in

Advances in Cryptology–EUROCRYPT’94, A. De Santis, Ed.

Berlin, Heidelberg: Springer Berlin Heidelberg, 1995, pp. 171–

181.

[21] J. Camenisch and M. Stadler, “Efﬁcient group signature

schemes for large groups,” in Advances in Cryptology-CRYPTO

’97, B. S. Kaliski, Ed., 1997, pp. 410–424.

[22] Jonathan Jen-Rong Chen and Y. Liu, “A traceable group

signature scheme,” Mathematical and Computer Modelling,

vol. 31, no. 2, pp. 147–160, 2000. [Online]. Available: https://

www.sciencedirect.com/science/article/pii/S0895717799002290

[23] D. Bleichenbacher, W. Bosma, and A. K. Lenstra, “Some

remarks on lucas-based cryptosystems,” in Advances in

Cryptology–CRYPT0’ 95, D. Coppersmith, Ed. Berlin, Hei-

delberg: Springer Berlin Heidelberg, 1995, pp. 386–396.

[24] U. Feige, A. Fiat, and A. Shamir, “Zero-knowledge proofs of

identity,” Journal of Cryptology, vol. 1, no. 2, pp. 77–94, Jun

1988. [Online]. Available: https://doi.org/10.1007/BF02351717

[25] D. Chaum, E. van Heijst, and B. Pﬁtzmann, “Cryptographically

strong undeniable signatures, unconditionally secure for the

signer,” in Advances in Cryptology–CRYPTO ’91, J. Feigen-

baum, Ed., 1992, pp. 470–484.

[26] D. Chaum, J.-H. Evertse, and J. van de Graaf, “An

improved protocol for demonstrating possession of dis-

crete logarithms and some generalizations,” in Advances in

Cryptology–EUROCRYPT’ 87, D. Chaum and W. L. Price, Eds.

Berlin, Heidelberg: Springer Berlin Heidelberg, 1988, pp. 127–

141.

[27] S. Goldwasser, S. Micali, and R. L. Rivest, “A digital signature

scheme secure against adaptive chosen message attack,” D. S.

Johnson, T. Nishizeki, A. Nozaki, and H. S. Wilf, Eds.

[28] T. ElGAMAL, “A public key cryptosystem and a signature

scheme based on discrete logarithms,” IEEE Transactions on

Information Theory, vol. 31, no. 4, pp. 469–472, 1985.

[29] R. L. Rivest, A. Shamir, and L. Adleman, “A method for

obtaining digital signatures and public-key cryptosystems,”

Communications of the ACM, vol. 21, no. 2, pp. 120–126, Feb.

1978.

[30] Wikipedia, “Discrete logarithm,” https://en.wikipedia.org/wiki/

Discrete logarithm.

[31] ——, “Computational Difﬁe-Hellman assumption,”

https://en.wikipedia.org/wiki/Computational Difﬁe-Hellman

assumption.

[32] ——, “Difﬁe-Hellman key exchange,” https://en.wikipedia.org/

wiki/Difﬁe Hellman key exchange.

[33] ——, “Decisional Difﬁe-Hellman assumption,” https://en.

wikipedia.org/wiki/Decisional Difﬁe-Hellman assumption.

[34] ——, “RSA factoring challenge,” https://en.wikipedia.org/wiki/

RSA Factoring Challenge.

WSEAS TRANSACTIONS on ELECTRONICS

DOI: 10.37394/232017.2022.13.10

Chenglian Liu, Sonia C-I Chen

E-ISSN: 2415-1513

Volume 13, 2022

Conflicts of Interest

The author(s) declare no potential conflicts of

interest concerning the research, authorship, or

publication of this article.

Contribution of individual authors to

the creation of a scientific article

(ghostwriting policy)

The author(s) contributed in the present

research, at all stages from the formulation

of the problem to the final findings

and solution.

Sources of funding for research

presented in a scientific article or

scientific article itself

No funding was received for conducting this

study.

Creative Commons

Attribution License

4.0 (Attribution 4.0 Int

ernational, CC

BY 4.0))

This article is published under the terms of the

Creative Commons Attribution License 4.0

https://creativecommons.org/licenses/by/4.0/deed.en_US