近年來，各國不斷運用其網路資源，陸續入侵我政府與民間部分網站竊取各項情資，攻擊對象甚廣。有鑑於此，國家為提升資安防護能量，讓國家的資通安全維護機制更加完備；行政院於民國105 年將資通安全辦公室改制為資通安全處，成為臺灣資安工作的戰略中心，在確保資訊安全的前提下享受資訊的便利，才是面對資訊世紀來臨的正確態度。然而國軍通資系統現行作業機制也面臨種種考驗，藉此，本研究將於密碼系統中建立身分認證機制，並藉由透過金鑰交換協定，可安全的讓雙方協商出交談金鑰，確保通訊訊息的私密性，過程中運用隨機背包密碼系統機制強化通訊雙方間傳遞機敏資訊的安全性，最後與公開金鑰基礎建設結合，利用橢圓曲線密碼的加密金鑰較其他非對稱金鑰短的特性，設計符合現行系統的金鑰交換機制暨身分認證安全需求，提出的方法包含系統初始、註冊、驗證及通信金鑰交換等四個階段，提高對人員身分驗證的效益，確保通訊雙方傳遞資訊的機密性、完整性及不可否認性或遭致第三方竊取情資等防護能力。

In recent years, various countries continue to use their online resources to invade all government and non-governmental websites to steal all kinds of intelligence funds and attack a wide range of targets. In view of this, the government has upgraded the security protection mechanism so that the security maintenance mechanism will be more complete. In 2016, the Executive Yuan restructured the information and communications security office into the Department of Cyber Security and became the strategic center of information security workforce. To enjoy the convenience of information under the premise of ensuring information security is the correct attitude in the face of the advent of information age. However, the current operating mechanism of military-owned information security system is also facing various of challenges. The study will establish an identity authentication mechanism in the cryptosystem to ensure the confidentiality of the communication message by allowing the parties to negotiate a session key safely via the exchange of key agreement. In the process, a random knapsacks mechanism is used to enhance the security of passing sensitive information between two communication parties. Finally, in combination with the public key infrastructure, the encryption key of the elliptic curve password is used to be shorter than other asymmetric keys, the design is in line with the current system of key exchange mechanism and identity authentication security requirements, the proposed method includes the four stages of system initialization, registration, verification and communication key exchange to improve the effectiveness of personnel identification to ensure that both parties communication confidentiality, integrity and non-repudiation of information, or the protection of third parties to steal the intelligence.