公開的網路下，資訊系統與其資料傳遞過程中若沒有嚴格的安全機制把關，其安全性將遭受到威脅。為了提昇資訊系統的整體安全性，在資料傳輸過程中我們利用伺服器建構的安全閘道層 (Secure Sockets Layer，簡稱 SSL)，避免資料遭到有心人士竊取。並透過我國政府目前積極推動的政府機關公開金鑰基礎建設 (Government Public Key Infrastructure，簡稱 GPKI) 之自然人憑證 (Citizen Digital Certificate，簡稱 CDC) 與組織及團體憑證 (miXed organization Digital Certification，簡稱 XDC)，利用憑證裡的公私金鑰進行密碼系統中的雜湊函數(Hash Function) 與數位簽章 (Digital Signature)，保障用戶端與伺服器端之間的安全。並實作憑證管理中心的線上憑證狀態通訊協定 (Online Certificate Status Protocol，簡稱 OCSP) 服務，確認憑證是在展期內合法的使用，讓用戶端與伺服端會檢查彼此的憑證，雙方能確保傳遞對象皆有經過可信賴的第三方憑證管理中心的認證，以達成雙向驗證技術。最後對本研究提出的資訊系統進行資料機密性 (Confidentiality)、身分鑑別性 (Authentication)、資料完整性 (Integrity)、不可否認性 (Non-repudiation) 的安全性分析。

In the public network, if the one checks without strict on the transmittance process in the information system, its security will be queried. In order to promote the whole security of the information system, in this paper utilize the server to build secure sockets layer while the information are transmitted, prevent the information from being stolen by the personage intentionally. And through our government actively promote government public key infrastructure of citizen digital certificate and the mixed organization digital certification, using certificate’s public and private key carry on cryptography to hash function and digital signature, ensure user and server of security. For reaching mutual authentication, in this paper implement online certificate status protocol service of certification authority, confirm the certificate is legal before deadline, and the user and server check each other the certificate, let both can guarantee the destination which transmit all passes the believable certification authority of third party. To conclude, we provide the data confidentiality, data integrity, non-repudiation, and identity authentication study to the system that is proposed.