The Web has the advantage of offering a course to students worldwide at a very low
cost and with minimum effort. At the time of enrollment in a course over the Web
there is a need to submit students’ personal information along with other data. Most
students would prefer to submit the data only when they are confident that their
submitted information is secured.
1. Web 的優勢：在學習上面只需要花費最小成本與最小的努力就可達成。
2. 學生只會在他認為資料是安全的狀態下才會提交個人資料。
To win students’ trust, the e-learning system must be fully aware of the Internet
security threats and should be competent enough to administer the appropriate
technology to combat security threats. Encryption can be a way of information
protection based on cryptographic algorithms, but this is not sufficient. A
significant portion of Web users do not feel comfortable sending their respective
personal information over the Internet due to the lack of security. An e-learning
system that has the appropriate security will foster trust for the student and promote
loyalty in the system. This offers an opportunity of expanding the educational activity
of such an institution over the globe.
The risk and the challenges of the trust that discourage different users to participate
in the e-learning system include:
電子學習系統可能遇到的風險有：
‧ Spoofing—The ease of copying and creating the existing pages of a Web site
makes it too easy to create duplicate sites that pretend to be the original. The Web
sites are published by different organizations for the purpose of conducting
fraudulent activities involving the illegal collection of private information.
Spoofing 欺騙(攻擊?)
攻擊者將某一個網站現有的頁面複製並且放置網路上，並且透過某種方式讓使用
者誤以為是真正的網站。再利用這個網頁來蒐集使用者的重要資訊。
‧ Interception of sensitive data— When sensitive data are transmitted through the
Internet, such as students’ details including ID, password, and creditcard number,
among others, hackers may intercept the transmission and obtain the sensitive
information.
擷取敏感資訊
攻擊者可能會利用網路來擷取在網際網路上傳遞的資訊(攔截傳輸)，像是學生的
詳細資料(例如：ID、密碼或信用卡號碼等等)。
‧ Data alteration—The content of a transmission may not only be intercepted, but
also may be altered en route, either maliciously or accidentally. Student names,
passwords, and accounts sent through the Web all are vulnerable to such alteration.
竄改資訊
在網際網路上傳輸的資料，不僅可能被截取，也可能在傳輸資訊當中被竄改資
料。學生的姓名、密碼，透過網際網路都可能會有這種的風險。
‧Denial of services—The Web site can be altered by the hackers so that it refuses
service to the students or may not function properly.
DoS 阻斷服務
駭客可以透過一些手法去更改服務，讓網站服務無法正常運作。
‧ No additional security—The security imposed for protecting the Web site is also
used for transmitting the scholarly materials. No additional securities are in place for
protecting such materials and other intellectual property (IP) sent over the Web to
the students.
沒有額外的安全防護
設置安全性保護可用於傳輸學術資料，讓教材或其他智慧財產權資料能夠安全的
傳送到學生手上。
Prior research
Sufficient security controls are required to reduce the associated risk in e-learning
systems. However, these controls should not be so restrictive that the overall
performance of the system is degraded. Some of such controls are:
電子學習系統需要足夠的安全性，以減少相關的風險。但是這些安全軟體不應該
讓系統整體的性能下降：
‧ Authentication. This is the most primitive method of using a username and
password combination for protecting contents of a Web site from being accessed.
Username and password combination are easy to detect, therefore it is not a good
approach for Web site protection.
認證：這是最原始的方法，利用使用名稱與密碼來驗證帳戶。但是這些資料容易
被竊取。所以這不是最好的防護機制。
‧ Access Control. This restricts different groups of authorized users to access subsets
of information and ensures that only the intended user can access data and services
offered by the system. Access control should only be a part of entire security system
and therefore is not a full-fledged security control mechanism.
存取控制：
限制不同群組給予不同的訪問權限，確保只有特定的用戶可以存取特定的資料與
使用特定的服務。但是存取控制只是整個安全系統的一部分，因此沒有全面的安
全控制機制。
‧ Encryption. During the initial stage of digital data protection, encryption is used
based on cryptographic algorithms. Cryptography is implemented by transforming
the digital information into encrypted digital information, which is thereafter
inaccessible. Two major categories of encryption systems are symmetric key
encryption and asymmetric key encryption.
加密：
加密的發是可以分為兩種主要的類別，對稱與非對稱加密。加密可以在傳輸的過
程中保護檔案，加密過的檔案不能防止被複製，但是它可以防止別人查看內容。
文件可以被擁有 key 的人加密讓檔案受到保護，但是 key 如果落入別人手中這樣
加密就沒有用了。
Encryption can be a way of protecting transmitted data over the Web based on
cryptographic algorithms, but this is not sufficient. It doesn’t prevent someone from
copying a file, but it prevents access to the content of a file. Encryption works only
when a person holding a key is the one who wants to protect the digital file. Giving
the key to anyone else negates the purpose of the encryption.
‧ Firewall. Firewalls are software or hardware security measures that filters
information passing between an internal and external network. A firewall controls
access to the Internet by internal users and also prevents outsiders from access to
the systems and the information stored on the internal network. A firewall typically
could be one of the two forms: software firewall and network firewall.
Firewalls are part of an overall security mechanism of an organization, therefore it
should not be considered as the sole security system.
防火牆：
防火牆友分軟體與硬體的防護措施，內部與外部網路之間傳遞過濾訊息的功能。
防火牆控制內部網路連接到網際網路，也可以防止外部不相關的人進入系統儲存
訊息。防火牆是組織整體安全機制的一部分，所以不應該只使用防火牆來做為唯
一的防護機制。
• Intrusion detection. The software related to intrusion detection continuously
monitors the system and the network activity to spot any attempt being made to
gain access to the system. An alarm is generated when the detection system suspects
an attack.
An intrusion detection system only generates an alarm during suspicious attacks, but
it can not normalize the system activity.
• Protecting from viruses and spywares. Antivirus software is used to protect against
viruses. This software can detect viruses, prevent access to infected files, and
quarantine any infected files. The spyware can also be removed or quarantined.
Antivirus and antispyware software require regular updates to combat the latest
virus and spyware definitions available online.
防毒軟體與防間諜程式：
使用防毒軟體，可以防止病毒破壞系統。防毒軟體可以用來檢測病毒，阻止已被
感染的文件，並做隔離措施。防間諜程式也可以做刪除或隔離的動作。這兩種防
護程式都必須要定期做更新，以防止最新病毒或間諜軟體的入侵。
• Digital signature. In an e-learning system, digital signatures are used to sign
licenses between participating users for transmitting digital content over the Web.
The licenses are thereafter used as a proof of usage rights. At the client side, such
licenses are verified for the verification of the usage rights.
Digital signature has the limitation of distribution, i.e., once a customer purchases
the usage rights, he can distribute the rights over the Internet, which causes a
violation of the copyright.
數位簽章：
在電子學習系統，數位簽章用來驗證用戶。
• Digital certificates. Digital certificates are used to ensure the genuineness of the
digital content and the valid authorization of the distributor. Digital certificates are an
essential mechanism to authenticate various parties involved in digital data
transmission. There is no prevention mechanism for distribution of digital certificates
and its usage.
數位憑證：
用來驗證資料。
Looking to the latest tech
目前科技展望
The present study seeks to design a model that would fill the functional deficiency of
the present e-learning system using the latest technology. In this scenario, the digital
rights management (DRM) can be used that offers institutions more control over
their digital identities. In the present e-learning system, the student and the
contributor discloses his/her personal information along with other personal
identification to the institution in order for the institutions to use such information.
Only DRM ensures that the distributed right is not violated. Our proposed DRM based
e-learning system works to improve the level of trust in the mind of the students and
the contributors.
本研究主要是設計一個模型，採用最新技術，以彌補 e-learning 系統功能的缺陷。
在目前的電子學習系統，學生和貢獻者透露他的個人訊息以及為了讓機構能夠利
用這些資料，數位版權管理(digital rights management, DRM)可以用來提供機構控
制他們的數位身分。只有 DRM 確保資料在散佈的時，權利不受侵犯。我們建議
的 DRM 基於 e-learning 系統的工程，以提高在學生和貢獻者的心目中的信任的
等級
維基百科－數位著作權管理：
http://zh.wikipedia.org/wiki/%E6%95%B0%E5%AD%97%E7%89%88%E6%9D%83%E7
%AE%A1%E7%90%86
Unified modeling language (UML) is an object-oriented system analysis and design
paradigm that offers a generic prototype design technology developed by Grady
Booch, James Rumbaugh, and Ivar Jacobson in the Rational Software Corporation.
This facilitates graphically visualizing, specifying, constructing, and documenting a
system’s blueprints. UML is used very efficiently to design the model of e-commerce
system, therefore it can be used to design the blueprint of the e-learning system.
UML consists of a number of graphical elements that may be combined to form a
diagram. The purpose of the diagram is to present multiple views of a system, or
model. The UML model describes what a system is supposed to do; it does not
explain how to implement the system.
UML includes nine diagrams: class diagram, object diagram, use case diagram,
sequence diagram, collaboration diagram, statechart diagram, activity diagram,
component diagram, and deployment diagram, which help to design a system.
To model our proposed system, we only consider the use case diagram, sequence
diagram, and the collaboration diagram. Use cases are used to document the
proposed system requirements and provide a useful technique which helps us to
clarify exactly what the system is supposed to do.
Methodology
方法
Identification of objects
識別物件
The objects that are required in designing the proposed e-learning system include:
在電子學習系統所包含的對象為下：
• Learner. In this context, learner is a generic term that refers to the student. In the
primary level, a learner is considered an information seeker. Whenever an
information seeker is registered in the e-learning system, he/she would be treated as
a learner. Again, a learner becomes an examinee when he/she has appeared for
examination.
學習者是一種通用術語，這裡指的是學生。
• Counselor. This is a generic term which refers to a tutor. At the time of providing
information to the information seeker, he/she acts as a counselor.
During the academic session, the counselor becomes a tutor. During evaluation of
the student’s answer script, he/she becomes an evaluator.
•Controller. The entire supervision is done by the controller. The controller always
maintains a keen relationship with the sponsor and he/she is the highest authority in
our proposed system.
• Sponsor. Refers to the organization that sponsors the degree of the students. It
must be a registered organization under the government authority (i.e., Ministry of
Education) for offering a degree or diploma to the students.
• Developer. The system developer who develops the whole system and designs the
interfaces of various subsystems such as collecting information, creating DRM
packages, and transmitting those over the Web.
Use cases
使用案例
Given the above information, we propose a newly developed model, subdivided into
a number of use cases. Here, each use case denotes a subsystem.
這裡提出一個新開發模式，細分成多個使用案例。這裡每個使用案例都代表一個
子系統。
Use case 1: Learner
使用案例 1：學習者
As in Fig. 1, there are four different use cases related to the learner activity in the
system, these are:
圖一，有四種不同使用案例，分別為學習者在系統中的學習活動
• Seek information. The prospective student or existing student may seek
information about the activity of the organization.
搜尋資訊：
未來的學生或現有的學生可能會搜尋有關學校的活動訊息。
• Register in a course. Different courses are offered to the students online along with
their respective eligibility.
Prospective students may register themselves in a given course.
註冊一門課程：
不同的課程
• Attend academic sessions. Every registered/enrolled student attends academic
sessions.
參與課程討論：
每個註冊的學生可參加課程討論。
•Attending examination. Examination is a process for evaluating a student. Attending
examination is a mandatory criterion for successfully completing a course.
Three arrows connected with the learner denote the concept of generalization of the
super class learner and subclasses of information seeker, student, or examinee (as
shown in Fig. 1).
參加考試：
考試是評價學生的學習中的過程，透過考試能成功完成課程的強制性標準。(透
過考試能夠知道學生是否有達到每個課程所制定的標準。)
Use case 2: Counselor counsels the learners
使用案例 2：輔導員輔導學習者
In Fig. 2 there are four different use cases related to the counselor activity in the
system. These are:
圖二：有四種不同使用者案例
• Counsel students. At the earlier stage, the counselor is responsible for providing
the appropriate information to the information seeker.
輔導學生：
輔導者負責提供適合的訊息給資料蒐集者。
• Take classes. During the academic session he/she acts as a tutor and is responsible
for teaching.
上課：
在課堂上，老師負責教學。
• Participate in academic decision making. A tutor is not only responsible for
teaching, but also participating in academic decision making.
參與教學決策的制定：
教學者不只負責教書，還餐與教學決策的制定。
• Evaluate answer scripts. On completion of teaching, the tutor plays a role as an
evaluator of the answer scripts.
評估學習：
教學後，教學者扮演評估的角色。
The super class tutor is specialized into three subclasses: counselor, faculty and
examiner/evaluator.
Use case 3: Controller controls the system
管理者管理系統
In Fig. 3 there are two different use cases related to the activity performed by the
controller in the system. These include:
圖三有兩種不同的使用案例，由系統管理者進行的活動有關案例，包括：
• Overall supervision. The controller is responsible for supervising the overall system.
In our proposed system, he/she is considered the authority.
全面監督：
負責監督系統的運作。
• Give instruction to the developer. At the time of development of the system, the
developer is working under the supervision of the controller.
指示開發：
在系統開發時，開發商在管理者的監督下工作。
Use case 4: Sponsor sponsoring degrees
主辦者發行學士學位
In Fig. 4 there are three different use cases. These are:
• Get registration under the Government Education Authority. The sponsor
registered itself under the Government. Education Authority before sponsoring
affiliation to any organization.
向教育部門登記。
• Get affiliation. The sponsor is the key authority for sponsoring affiliation to the
controller. The controller will communicate with the sponsor about the affiliation.
• Sponsor degree. The sponsor is the authority for providing the degrees/diplomas
to the learner of an e-learning system only when the system is affiliated under the
sponsor.
The organization is a specialization under the super class sponsor.
Use case 5: Developer develops the system
開發者開發系統
Fig. 5 describes the activities of the Developer in the system, along with its six use
cases. These activities include:
圖 5 描述系統開發的活動，有包含六個使用案例，如下：
• Get instruction from the controller. The developer grows the system under the
direction of the controller. The developer is instructed by the controller.
取得管理者指示：
• Design/Implement system. After getting proper and sufficient information and
instruction, the developer designs the system. In the next step, the designed system
is implemented.
設計/實作系統：
獲得適當與足夠的訊息與指示後，開始開發設計系統。最後就是設計系統的實作。
•Create interface. The developer is also responsible for providing userfriendly
interfaces to the system that can be handled by nontechnical persons.
建立介面：
開發商負責提供用使用者介面。
• Collect information. During registration or any other purpose, the student’s
personal information, or information about scholarly materials, is required to be
collected by the system.
收集訊息：
可以用來蒐集學生的個人資料或其他學習的資料，可以利用這些資料來做其他事
情。(像是分析….)
• Create the DRM package. The collected information, along with the rights to open
such information, is wrapped as a DRM package.
建立 DRM 容器：
利用剛剛蒐集到的資訊為資料做 DRM 打包，必須讓擁有足夠權限的人才能開啟
這個資料。
• Send the DRM package. The packaged DRM is transmitted over the Web to the
user who asked for it. Using this, it is ensured that only the intended user opens such
a DRM package using a special key.
傳送 DRM 包裹：
將 DRM 訊息打包是為了在透過網際網路傳送的時候，只有擁有開啟權限的使用
者使用特殊的 Key 才能開啟他，。
The developer may be an organization or an individual. Two arrows are connected
with the developer to conceptualize this idea.
開發者可能是組織或個人。
Data modeling using ER-Diagram
資料建模(使用 ER 圖)
An entity relationship diagram (ERD) of the proposed system is depicted in Fig. 6.
Different entities are shown along with their relationship.
ERD 圖利用不同的實體顯示他們之間的關係。
The sequence diagram for the proposed system
建議的系統的序列圖
The sequence diagram explains the time dependent communication through
message passing among the different objects in the system. Fig. 7 describes how the
government authority, sponsor, and controller are communicating with each other.
序列圖解釋系統中的不同對象之間透過消息傳遞時間。圖七介紹政府的權力、贊
助商與管理者之間如何溝通。
In the Fig. 7, the sponsor requests registration from the government authority. In
response to the request, the government authority collects all the necessary
information about the sponsor, checks the validation of the sponsor, and thereafter
confirms the sponsor regarding the registration. In the same way, the controller
requests the affiliation to the sponsor, and after validating the controller, the sponsor
confirms the affiliation.
圖七，主辦人向政府機關要求登記(註冊)。政府驗證主辦人，會蒐集主辦人的相
關資訊，並且開始進行驗證，驗證後傳送確認訊息給主辦人。
管理者會以同樣的方式，向主辦人要求從屬關係，驗證管理者後，主辦人提供資
訊給政府單位，最後向管理者確認從屬關係。
The sequence diagram presented in Fig. 8 describes how the controller, developer,
contributor, and administrator interact with each other. The developer is responsible
for developing the system under the direct supervision of the controller. The
contributor creates study materials and the developer collects the necessary
information about the study material and creates a DRM package along with the
rights associated with it. After the completion of development of the system, it is
notified to the controller, thereafter the controller delivers the control of the system
to the administrator.
Fig. 9 describes how the student, developer, and controller interact with each other.
At a very early stage, an information seeker collects information about the courses
offered by the institute. The information seeker requests registration from the
developer as a prospective student. The developer collects students’ information and
creates a DRM package consisting of information along with the rights associated
with it, such as copy, edit, and view. The confirmation about the registration is then
intimated to the students and the DRM package is sent to the Controller for future
use.
Fig. 10 describes how the information seeker (student/examinee), counselor
(tutor/examiner), administrator, and controller interact with each other. Different
kinds of specialization and generalization of the objects used in the system, along
with their association with other objects over time, is described in Fig. 10. The
generalized subsystem appears before the objects mentioned above. From the
student registration to offer ing a degree, each step is considered in Fig. 10.
Conclusion
Much effort has been made to ensure trust in the participated users in the e-learning
system. Several considerations have been made in order to provide security to the
participants of such a system. However, no such functional solution to fill the
observed deficiency of the e-learning system has so far been developed.
In this article, an attempt is made to provide a generic functional model to fill such
deficiencies of the e-learning system.
In order to do this, we first considered the internal or external objects that are
related to our system, followed by identifying the association among those. Finally,
we have tried to find the behavior and interactions of such objects. To design the
model, we have used UML. The use case diagram explains the functionality of the
system using actors and use cases. The sequence diagram is used to describe
interactions among objects in terms of an exchange of messages over time.
Collaboration diagrams are used to make interactions between objects as a series of
sequenced messages. Collaboration diagrams describe both the static structure and
the dynamic behavior of the proposed e-learning system. The proposed UML model
has flexibility and can be used with little or no change in the existing e-learning
system.