电子商务密钥管理研究与实现

上海交通大学硕士学位论文电子商务密钥管理研究与实现姓名：王岢申请学位级别：硕士专业：计算机系统结构指导教师：马范援20031201-2--3--4-RESEARCH&IMPLEMENTATIONOFE-BUSINESSKEYMANAGEMENTAbstractWiththerapiddevelopmentofe-businesstechnology,securityismoreandmoreconcernedbypeople.Inthesecurityfield,PublicKeyInfrastructure(PKI)isthekeyandthefoundationstoneforthesecurityofWebApplications,andthePublicKeyTechnologybasedonPKIfulfillsthefundamentalsecurityrequirementsofWebApplications.However,theexistingPKIproductionsonthemarkethavesomedrawbacksininter-operation,applicationdevelopment,andsystemmaintenance,etc.ThesedrawbackshinderthedeploymentandapplicationofPKI,andaffectthedevelopmentofWebApplicationsnegatively.Atthesametime,whenXMLstandardbecomesuniversalinfrastructureinHeterogeneousNetworkEnvironments,tranditionalencryption,digitalsignatureandkeymanagementtechnologiescan’tadapttonewenvironments.Inordertoresolvingtheproblemsmentionedabove,thisthesisresearchesandanalyzesXKMSdesignedbyW3C.ThisthesisimplementsaSecureMessageTransportSystem(SMT)conformedtoXKMSforcnXML.ThefeaturesofSMTarefollowing:1.ProvidesXML_basedKeyManagement2.Realizesclientapplications:XMLDigitalSigning,XML-5-encrypting,servicerequest.3.Realizesinter-operationofdifferentPKIproviders’softwareandgivesclientconvenience.cnXMLisaE-businessspecificationdesignedbyInst.ofSoftwareCAS,SJTU-IBME-businessLabandChinaElectronicStandardizationInst.,whichisbasedonXMLStandardandcompatiblewithotherrelativestandards.AndthisthesisappliesSMTtocnXMLandmakecnXMLMessagetransportationhasthefeaturesofconfidentiality,authorization,integrity,non-repudiation,thisprojectgets863plansupportandit’sIDof863is2001AA414140ThethesisdescribescomponentsandfunctionsofXKMSandanalyzesdetailsaboutmanyproblemsofXKMSspecification.ItsummarizestheadvantagesofXKMS.Basedonabovework,thethesisdescribesthemechanismofkey/certificatemanagementandSMTmessageconstructionandaccessing.ItanalyzesthearchitectureofSMTserviceandclient.Itdescribesthecommunicatingmechanismbetweenclientandserviceandexplainsthedesignofclientmoduleandservicearchitecture.AndthethesisvalidatesSMTbyexperimentationofthesystemplatform.Atlastthethesisgivessomesuggestionsforsecuritymechanismanddiscussesfuturework.Keywords:XML,DSIG,XKMS,PKI,security,SMT,cnXML1200403112-8-1.1InternetInternet[1]1.Internet2.3.4.-9-5.XML[2]PublicKeyInfrastructurePKI[3]PKIPKIPKIPKIPKI[4]1.2863--“-cnXML”[5]uXMLWebXMLuXKMSuXMLXKMSuSMTuSMTcnXMLXMLXML[6][7]XKMSXKMSXMLXMLXMLXMLWeb-10-1.3XMLØ,Ø,Ø,XKMSXKMSØ,SMT(SecureMessageTransport)ØSMTØ,cnXMLSMTcnXMLØ,Ø-11-2.1InternetInternetElectronicCommerceECInternet2.22.2.1,,,//[9],,,,-12-,,n,n(),(DES),,(EFT)DES56DESDES56(EDI)3,112RC2RC4RSARC2RC4DES,,RC2RC4(LotusNotesAppleOpenCollaborationEnvironment)/[10],()(),(),,,:;;RSA[11],,(EDI[12]),2.2.2,,,,(EDI),-13-(EDI),,/()(ITU)X.509[13](:),(ISO)(IEC)ISO/IEC95948:195()(CA[13]),,ECInternetExplorer3.0Navigator3.0PKI,PublicKeyInfrastructurePKIPKIPKICRL[13]CRLCRL1)PKIPKIPKIPKIPKIPKI/CRLCA[13]RA[13]CAPKI/RACARACACA/RA-14-WEBFTPX.500[13]CRLPKIPKI///CRL2)X.509ISO/ITUANSIIETFX.509X.509CRLX.509X.509(1)X.509CAMD2[13]MD5[13]SHA1[14]RSADSA[14]RSADSADH[13]KEA[13]ECDSA[13](2)X.509X.509EmailIPDNSURI(3)CACRL(4)CACA(5)CACACAX.509CA3)PKIPKIPKITCPHTTPSMTPFTPRSAMD5-15-PKICRLPKIPKI2-1Figure2-1X.509PKIXModel-16-PKIPKIXMLWebXMLW3C2000XMLXMLXMLXMLXML/XMLXMLPKIPKIPKIXML2001VersignwebMethodsXMLXMLKeyManagementSpecification,XKMSPKIXKMS2.2.3:128(),128(),,-17-2.2.4InternetSSL[17]SSLNetscape,TCP/IP/SSLSSLDES[17]MD5[17],X.509,InternetIntranetNetscapeIBMInternetSHTTP[18]SHTTP()HTTP,SSLWWW,InternetRFC2.2.5XMLlXMLXencXMLXencXMLW3CIETFXMLXMLXMLW3CXMLXMLlXMLXML-SIGXMLXMLXMLXML“XML”XML-18-XMLXMLlXMLXKMSXKMSW3CXML-SIGXKMSXMLX-KRSSXMLX-KISSX-KRSSX-KISSXMLlXACML[19]XACMLOasisIBMMilanSAMLXMLXACMLXACLXACMLSAMLXMLXpointers[19]Xpaths[19]XMLXACMLSAMLlSAML[20]OasisSAMLXACMLSAMLHTTPSOAPSAMLXACMLXMLSAMLOasis“”-19-XKMS2001W3CXMLXMLKeyManagementSpecification,XKMSPKIXMLXMLXKMS312XML3PKIXKMSlXMLXMLlXMLXMLlASN.1[21]llXKMSXMLSOAP[22]1.2,WSDL[23]XKMS,WebPKIXKMSPKIXKMSPKIXKMSSOAPWSDLXMLXKMS3.1XKMS200011VeriSignMicrosoftwebMethodsPKIXML:XML(XMLKeyManagementSpecification,XKMS)200111.13W3CTechnicalNotes20017W3CXMLXMLKeyManagementActivity,11XKMS1.120034182.020038262.020043-20-XKMS3-12001/03/30XKMSNote”XKMS”submission2002/03/18XBULKWorkingDraft2002/03/18XKMS2.0WorkingDraft2003/04/18XKMS2.0BindingsWorkingDraft2003/04/18XKMS2.0WorkingDraft2003/05/05XKMS2.0RequirementsNote2003/08/26XKMS2.0XKMSBaltimoreTechnologies,IONATechnologies,PureEdgeSolutions,Citigroup,HP,IBM,Entrust,RSA,SAIXKMSXKMS3-2WarwickFord,E-mail:xml-trust@yahoogroups.comBrianO'Higgins,E-mail:entrustXKMS@entrust.comMITLabforComputerScienceJoseph,W3C/IETFWorkingGroupchairE-mail:reagle@mit.eduHomepage:~reagle/W3CSpecificationTel/Fax+44(0)1784434455/437520E-mail:hemanthk8222@yahoo.co.ukVerisignXMLTrustCenter(XKMS)FrederickJ.HirschXKMS,XMLSignture,XMLEncryptionrr_suvistas@yahoo.comEncryption,XMLEncryption,XMLKeyManagmentTomasPerlinesHormannXKMS,OCSP,SCVPXKMSXKMS-21-()1.1VeriSign2001JavaEntrustXKMSPKIYahoo20011VeriSignXKMSXKMSXKMSXKMS