臺灣人文及社會科學引文索引資料庫系統

:::

詳目顯示

回上一頁
第 1 筆 / 總合 1 筆   第一頁 上一頁 下一頁 最後一頁
/1
題名:數位證書在電子商務安全之應用
作者:吳國禎
作者(外文):Kou-Chen Wu
校院名稱:國立交通大學
系所名稱:資訊管理所
指導教授:黃景彰
學位類別:博士
出版日期:1999
主題關鍵詞:數位證書公開金鑰證書屬性證書X.509標準職務為基礎的執行權管制電子資料交換digital credentialspublic-key certificatesattribute certificatesX.509 standardrole-based access control (RBAC)electronic data interchange (EDI)
原始連結:連回原系統網址new window
相關次數:
  • 被引用次數被引用次數:期刊(0) 博士論文(0) 專書(0) 專書論文(0)
  • 排除自我引用排除自我引用:0
  • 共同引用共同引用:0
  • 點閱點閱:25
日常生活中我們都擁有一些證件,它們可以用來作為個人身分、經歷、參與活動,或是個人能力、資格的證明。在電腦網路的環境中,我們也可以用數位化的資料結構來模擬這些紙張型式的證件,並以這些數位化的證書來支援類似紙張證件所提供的身分識別以及授權管理服務。
本論文延伸ITU-T的X.509身分識別模型,以討論如何利用X.509數位證書來建立企業內部及企業之間的數位證書的應用。論文中以職務為基礎的執行權管制(Role-Based Access Control,簡稱RBAC)、以及電子資料交換來源方授權確認(Verification of Authorization at Source,簡稱VAS)為例,說明X.509證書在企業電子商務環境的應用。在第一個應用中以數位證書承載證書主體的職務指派資訊來輔助執行權管制,可以整合身分識別和執行權管制兩種安全服務,減少向集中式伺服器取得授權資訊的通訊需求。第二個應用則可以提供電子文件的收方確認文件所代表的交易內容是經過寄方合法授權,而且我們設計的查驗機制也和企業內部控制,以及企業間的電子資料交換系統做了完善的結合。這樣的討論,除了擴展數位證書的應用範疇,也可以說是把X.509標準的身分識別功能,提昇到了企業授權管理的層次。
In real life, paper-based credentials can prove individuals’ identities, experiences, participation in activities, capabilities or professions. In computer networks, identity authentication and authorization management are as important as they are in real world, thus digital credentials which mimic the paper counterparts should be provided to support these security services.
In this dissertation, we extend the ITU-T recommended X.509 authentication framework to discuss the applications of X.509 certificates, specifically public-key certificates and attribute certificates, in business network environments. The presented applications include Role-Based Access Control (RBAC), and verification of electronic documents’ authorization at source. The first application of digital credential in RBAC can effectively streamline identity authentication and authorization validation. The second application can help assuring the received electronic document was legally created within the originating enterprise, and the proposed mechanism also integrates well with business internal control and EDI systems. Our work expands the application scope of digital credentials and raises the authentication function of the X.509 standard to the level of authorization management.
[1] N. R. Adam, Y. Yesha, Electronic Commerce: Current Research Issues and Applications, Springer, (1996).
[2] P. E. Ammann & R. Sandhu, “Implementing Transaction Control Expressions by Checking for Absence of Access Rights,” Proc. of 8th Annual Computer Security Applications Conf., San Antonio, TX, (Dec. 1992), pp.131-140.
[3] J. Barkley, Comparing Simple Role Based Access Control Models: Features and Motivations, National Institute of Standards and Technology, (August 1997).
[4] J.F. Barkley, A.V. Cincotta, D.F. Ferraiolo, S. Gavrilla, and D.R. Kuhn, Role Based Access Control for the World Wide Web, National Institute of Standards and Technology, (April 8 1997).
[5] G. Bleumer, Offline Personal Credentials, AT&T Labs-Research, (April 1998).
[6] M. Branchaud, A Survey of Public-Key Infrastructures, Master Thesis, Department of Computer Science, McGill University, Montreal, (March 1997).
[7] C. E. Brown, Internal Control Concepts,
(http://www.bus.orst.edu/faculty/brownc/lectures/controls/control1.htm )
[8] W.E.Burr, Public Key Infrastructure (PKI) Technical Specifications (Version 3): Part C─Concepts of Operations, NIST-TWG-97-59, Working Draft, (June 1998).
[9] D.F. Ferraiolo, J.F. Barkley, and D.R. Kuhn, “A Role Based Access Control Model and Reference Implementation within a Corporate Intranet,” ACM Transactions on Information Systems Security, 1 (2), (February 1999).
[10] D. Ferraiolo, J. Cugini, and D.R. Kuhn, “Role Based Access Control: Features and Motivations,” Proc. of Annual Computer Security Applications Conference, IEEE Computer Society Press, (1995).
[11] A. Fischer, “Electronic Document Authorization,” Message Handling Systems and Application Layer Communication Protocols: Proceedings of the IFIP WG6.5 International Symposium, Zurich, (October 1990).
[12] W. Ford, “Public-Key Infrastructure Interoperation,” IEEE Aerospace Conference, (1998).
[13] C. Goh, A. Baldwin, “Towards a more Complete Model of Role,” 3rd ACM Workshop on Role-Based Access Control, (1998)
[14] L.Harn, H.-Y. Lin, “Integration of user authentication and access control,” IEE PROCEEDINGS-E, 139 (2), (March 1992).
[15] R.J. Hayton, J.M.Bacon, K. Moody, “Access Control in an Open Distributed Environment,” IEEE Symposium on Security and Privacy, (1998).
[16] Y.-K. Hsu, “An Intranet Security Framework Based on Short-Lived Certificates,” IEEE Internet Computing, (March-April 1998), pp.73-79.
[17] Y.-K. Hsu, “Development of an Intranet Security Infrastructure and Its Application,” Seventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise, (1998), pp.334-339.
[18] ITU-T Recommendation X.509 (ISO/IEC 9594-8), Information Technology─Open Systems Interconnection─The Directory: Authentication Framework, (June 1997).
[19] ITU-T Recommendation X.812 (ISO/IEC 10181-3), Information Technology─Open Systems Interconnection─Security Framework For Open System : Access Control Framework, (1996).
[20] W. Johnston, S. Mudumbai, and M. Thompson, “Authorization and Attribute Certificates for Widely Distributed Access Control,” Seventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise, (1998), pp.340-345.
[21] V.E. Jones, N. Ching, M. Winslett, “Credentials for Privacy and Interoperation, “ New Security Paradigms Workshop, (1995), pp.92-100.
'
[22] R. Kalakota, A.B. Whinston, Frontiers of Electronic Commerce, Addison-Wesley Publishing Company Inc., (1996).
[23] C. King, “Building a Corporate Public Key Infrastructure,” Computer Security Journal, 8 (2), (1997), pp.13-24.
[24] A. Kini and J. Choobineh, “Trust in Electronic Commerce: Definition and Theoretical Considerations,” Proc. 31st Annual Hawaii International Conference on System Science, (1998), 51-61.
[25] W. Kou, Networking Security and Standards, Kluwer Academic Publishers, (1997).
[26] L.G. Lawrence, “The Role of Roles,” Computers and Security, 12 (1), 1993.
[27] P. Lin, L. Lin, “Security in Enterprise Networking: A Quick Tour,” IEEE Communications Magazine, (January 1996), pp.56-61.
[28] K. Lindup, “The Role of Information Security in Corporate Governance,” Computer & Security, 15, (1996), pp.477-485.
[29] L. Lo’pez, J. Carracedo, “Hierarchical Organization of Certification Authorities for Secure Environments,” Proceedings of the 1997 Symposium on Network and Distributed System Security, (1997), pp.112-121.
[30] J. G. Maley, “Enterprise Security Infrastructure,” Proceedings of the 5th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprise, (1996), pp.92-99.
[31] M. Myers, R. Ankney, A. Malpani, S. Galperin, C. Adams, X.509 Internet Public Key Infrastructure Online Certificate Status Protocol─OCSP, PKIX Working Group, http://www.edvz.univie.ac.at/netinfo/internet-drafts/draft-ietf-pkiz-ocsp-05.txt, (August 1998).
[32] B. C. Neuman, “Proxy-Based Authentication and Accounting for Distributed Systems,” Proceedings of the 13th International Conference on Distributed Computing Systems, Pittsburgh, (May 1993).
[33] T.A.Parker, A Secure European System for Applications in a Multi-vendor Environment (The SESAME Project), Associated Services Division, ICL, http://www.engarde.com/~mcn/sunrise/sesame.html, (26th March 1992).
[34] R. L. Rivest, B. Lampson, SDSI─A Simple Distributed Security Infrastructure, (Sep. 15 1996). (http://theory.lcs.mit.edu/~rivest/sdsi10.html)
[35] S. Russell, “paradigms for Verification of Authorization at Source of Electronic documents in an Integrated Environment,” Proceedings of the 8th Annual Computer Security Applications Conference, San Antonio, Texas, (December 1992).
[36] S. Russell, “Transparent Cosignatures for Electronic Documents,” Proceedings of the Ninth Annual Computer Security Application Conference, (1993), pp.82-91.
[37] S. Russell, “Audit-by-receiver Paradigms for Verification of Authorization at Source of Electronic Documents,” Computers & Security, 13, (1994), pp.59-67.
[38] Y. Sameshima, P. Kirstein, “Authorization with Security Attributes and Privilege Delegation─Access Control beyond the ACL,” Computer Communications, 20, (1997), pp.376-384.
[39] R. Sandhu, “Transaction Control Expressions for Separation of Duties,” Proc. 4th Aerospace Computer Security Applications Conference, Orlando, Florida, (Dec. 1988), pp.282-286.
[40] R. Sandhu, “Separation of Duties in Computerized Information Systems,” Proc. of the IFIP WG11.3 Workshop on Database Security, Halifax, U.K., (September 1990).
[41] R. Sandhu, E. J. Coyne, H.L. Feinstein, and C.E. Youman, “Role-Based Access Control Models,” IEEE Computer, (1996), pp.38-47.
[42] R. Sandhu, E. J. Coyne, H.L. Feinstein, and C. E. Youman, “Role-Based Access Control: A Multi-Dimensional View,” Proc. of 10th Annual Computer Security Applications Conference, Orlando, Florida, (December 1994), pp.54-62.
[43] R. Sandhu, P. Samarati, “Access Control: Principles and Practices,” IEEE Communication magazine, 32 (9), (1994), pp.40-48.
[44] A. Sheth, Workflow Automation, Tutorial notes, SIGMOD Conference, May 1995, California. (http:// www.cs.uga.edu/LSDIS )
[45] C. Shih, M. Jansson, R. Drummon, L. Yarbrough, Requirements for Inter-operable Internet EDI, EDIINT Working Group, ftp://ftp.ietf.org/internet-drafts/draft-ietf-ediint-req-00.txt, (Jul. 1996).
[46] C. L. Smith, “A Survey to Determine Federal Agency Needs for a Role-Based Access Control Security Product,” IEEE, (1997), pp.222-232.
[47] R.C. Summers, Secure Computing: Threats and Safeguards, McGraw-Hill, (1997)
[48] Z. Tari, S.-W. Chan, “A Role-Based Access Control for Intranet Security,” IEEE Internet Computing, (1997), pp.24-34.
[49] A.Tate, Workflow Management Coalition-Overview,
(http://www.aiai.ed.ac.uk/WfMC )
[50] R.K. Thomas and R. Sandhu, “Towards a tast-based paradigm for flexible and adaptable access control in distributed applications,” Proc. of 1992-1993 ACM SIGSAC New Security Paradigms Workshops, Little Compton, RI, (1993), pp.138-142.
[51] R.K. Thomas and R. Sandhu, “Task-based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management,” Proceedings of the IFIP WG11.3 Workshop on Database Security, Lake Tahoe, California, (August 1997).
[52] P. Tom, Sundt, Chris, “Role-based access control in real systems,” Information Systems Security, 5 (1), (Spring 96).
[53] TrustedWeb Technical Summary, TrustedWeb, (April 1997).
(http://www.trustedweb.com)
[54] M. Vandenwauver, R. Govaerts, J. Vandewalle, “How Role Based Access Control is implemented in SESAME,” Sixth Workshop on Enabling Technologies: infrastructure for collaborative enterprises, (1997), pp.293-298.
[55] S. Wilson, “Certificates and trust in electronic commerce,” Information Management & Computer Security, 5 (5), (1997), pp.175-181.
[56] M. Winslett, N. Ching, V. Jones and I. Slepchin, “Using digital credentials on the World Wide Web,” Journal of Computer Security, 5, (1997), pp.255-267.
[57] 黃景彰,吳國禎,EDI數位簽章的安全管理(1)﹕密碼金匙的管理,行政院國家科學委員會專題研究計畫成果報告 NSC85-2213-E-009-054,(1996)
[58] 樊國楨,電子商務高階安全防護,資訊與電腦出版社,(1997)。
[59] 鍾丁順,黃景彰,以員工職務證書為基礎之存取控制:一個系統設計,國立交通大學資訊管理研究所,碩士論文(1998)。
[60] 陳彥學,樊國楨,工商登記驗證體系訊息交換協定雛議,第九屆全國資訊安全會議論文集,(1999),pp.262-269。
 
 
 
 
第一頁 上一頁 下一頁 最後一頁 top
QR Code
QRCODE

臺灣人文及社會科學引文索引資料庫

目前上線人數:757(臺灣:752,外國:5) / 本年度總使用人次:2071125 / 訪客人次(自102年09月):67879250
國家圖書館著作權聲明 Copyright © 2013 All rights reserved.
本館地址: 100201臺北市中山南路20號. 本館地圖及交通資訊
總機:(02)23619132.最佳瀏覽解析度為1024x768以上