跳到主要內容

臺灣博碩士論文加值系統

(54.161.24.9) 您好!臺灣時間:2022/01/17 12:40
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:簡長成
研究生(外文):Chung-Chen Jean
論文名稱:電子商務上應用XML安全技術的架構:XMLSeF
論文名稱(外文):Applying XML Security to E-Commerce Application Framework:XMLSeF
指導教授:林熙禎林熙禎引用關係
指導教授(外文):Sin-Jean Lin
學位類別:碩士
校院名稱:國立中央大學
系所名稱:資訊管理研究所
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2002
畢業學年度:90
語文別:中文
論文頁數:119
中文關鍵詞:XML安全XML為基礎的架構電子付款系統XML加密XML數位簽章SAML安全聲明書XML存取控制
外文關鍵詞:XACLSAMLXML Signaturee-paymentXML EncryptionXML-based FrameworkXML Security
相關次數:
  • 被引用被引用:3
  • 點閱點閱:349
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:4
XML安全技術與相關規範是為了讓結構性XML文件有屬於自己的安全保護標準,促使XML標準更能安全地應用在電子商務上,利用XML安全技術來保護XML文件比傳統安全技術更能發揮XML本身的結構性與延展性。目前網站架構發展是以XML為基礎的網站服務導向,但是,如何應用XML安全技術來設計網站服務的安全機制甚少討論。以及其他XML為基礎的商務架構也不是應用XML安全技術來保護資訊,所以,我們在此整合W3C組織公佈的XML安全規範,應用XML安全技術作為網站服務環境之安全保護,建立一個XML為基礎的安全通訊架構XMLSeF,並依據XML安全的標準規範,制定安全交易授權書,XMLSeF架構是個集中授權的環境,使用者只要向網站服務安全提供者取得安全授權書,就可以與眾多合作網站進行交易,並且可以與其他網站服務安全提供者轉換安全授權書,到另一個網路聯盟進行交易。
研究實作方面,以XMLSeF架構為基礎實作具有「電子錢幣保護」與「電子錢幣付款系統之間溝通能力」的電子付款系統雛型-XMLSePay系統,提供電子錢幣便利流通環境的建置參考,希望為線上電子錢幣付款系統提供目前電子現金流通困境的解決方法。最後再提出旅遊行程規劃與電子交易網兩個XMLSeF架構應用劇本,映證XMLSeF架構的實用性與可行性,以及XMLSeF架構可以為網站聯盟提供一個具有安全交易的網站服務互動環境。
最終說明XMLSeF架構的五個主要特性:便利性、開放性、發展性、相容性、安全性,讓大眾更瞭解XML安全技術為XMLSeF架構所帶來的優勢。
Many organizations have instituted XML security technology and specification to protect the XML documents or files. That is to prompt XML standard to securely apply to E-Commerce. Using XML security technology to protect XML documents is better than traditional security information technology. Because XML security technology can retain structure and expansibility of XML documents. And now the development of Web-based framework is trending to XML-based Web Service. But there is less discussion or survey to introduce how to use XML security technology to build security model of Web Service. And many XML-based E-Commerce framework don’t use XML security technology to protect XML information. The result is that we integrate the XML security Specification that is published by W3C.org. Applying XML security technology to protect the Web Service environment and build a XML-based framework, XMLSeF, to support security communication between Web sites. According to XML Security specification to build Security Transactions Authorization. XMLSeF framework is a centralized authorized environment and users only need to get a Security Transactions Authorization from Web Service Security Provider. Then this user can proceed transactions with many Web sites.
In the research implementation, we build an e-payment system model in accordance with XMLSeF framework. This e-payment system can protect e-cash and have an ability to transfer e-cash between the different e-payment systems. Its name-XMLSePay. XMLSePay can be a reference resource to support e-payment system and XMLSePay be a resolution for the convenient using of e-cash.
Finally, introduce the five characteristic of XMLSeF framework: Convenience, Opening, Expansibility, Compatibility, Security.
第一章 緒論1
1.1 研究背景與動機1
1.2 研究目的2
1.3 研究方法3
1.4 章節概述5
第二章 文獻探討6
2.1 XML與電子商務6
2.1.1 電子商務上XML的應用6
2.1.2 電子商務上XML所帶來技術面的解決方案7
2.1.3 XML Security的重要性9
2.2 W3C與XML SECURITY10
2.2.1 XML Encryption11
2.2.2 XML Signature16
2.2.3 XML Key Management Specification (XKMS)21
2.2.4 Security Assertion Markup Language (SAML)24
2.2.5 XML Access Control Markup Language (XACL)28
2.2.6 Simple Object Access Protocol(SOAP)與安全性31
2.2.7 XML安全技術工具組35
2.3 XML-BASED的標準與架構35
2.3.1 XML為基礎的標準35
2.3.2 BizTalk Framework36
2.3.3 E-speak Service38
2.4 線上電子付款系統40
2.4.1 Millicent40
2.4.2 eCoin42
2.4.3 NetBill44
2.4.4 HiNet AAA45
2.5 網站服務的安全性(WEB SERVICE SECURITY)47
2.6 單一登錄模式(SINGLE SIGN-ON)48
2.6.1 Microsoft Passport49
2.6.2 Sun One Platform for Network Identity50
第三章 網站服務的安全架構:XMLSEF52
3.1設計理念與架構目標52
3.2 系統架構與組成元件52
3.2.1 網站服務安全提供者(Web Service Security Provider, WSSP)54
3.2.2 網站服務提供者(Web Service Provider)55
3.2.3 安全授權書訊息的架構56
3.2.4 聯盟交易網中各個網站的密鑰管理模式58
3.2.5 網站與網站之間的通訊方式59
3.3 XMLSEF架構的交易流程60
3.3.1 安全授權書的產生、驗證與交易資訊記錄60
3.3.2 交易訊息的傳輸流程61
3.3.3 交易訊息的回收流程64
3.4 評估與比較67
3.4.1安全評估準則67
3.4.2 相關架構與議題的評估67
第四章 應用XMLSEF架構的電子付款系統69
4.1 系統設計69
4.1.1 XMLSeF系統角色與功能69
4.1.2 電子錢幣內容結構與參數格式介紹70
4.1.3 電子錢幣的訊息結構71
4.1.4 信任關係(Trust Relation)73
4.2 系統架構73
4.3 系統交易流程74
4.3.1 電子錢幣的產生、驗證與購物結算74
4.3.2 購物與付款交易流程76
4.3.3 電子錢幣回收流程79
4.5 系統實作81
4.5.1 系統環境與工具組81
4.5.2 系統執行架構82
4.5.3 系統運作流程實作83
4.6 系統評估與分析89
4.6.1 小額電子付款系統的需求原則89
4.6.2 與之前介紹電子付款系統的分析90
第五章 架構的應用發展94
5.1 旅遊排程應用-旅遊經紀人應用模式94
5.1.1 國內旅遊行程規劃模式95
5.1.2 國外旅遊行程規劃模式96
5.1.3 旅遊行程規劃模式的特色97
5.2 電子交易網採購模式98
5.2.1 單一電子交易網環境採購模式98
5.2.2 兩個以上電子交易網環境的採購模式100
5.2.3 電子交易網採購模式的特色101
5.3 XMLSEF架構的發展情況101
第六章 結論與未來研究102
6.1 結論102
6.2 研究貢獻與研究限制103
6.3 未來發展與建議106
參考文獻108
附錄111
附錄一、XML安全技術相關範例111
附錄二、XMLSEPAY電子付款系統實作結果參考113
附錄三、其他研究相關資訊119
參考文獻1. Aparicio, Martin, et al., “XML Key Management Specification (XKMS 2.0),” W3C, 2002/3, http://www.w3.org/TR/xkms2.2. Balakerishnan, Ravi, “A Service Framework Specification for dynamic e-services interaction,” Enterprise Distributed Object Computing Conference, 2000., 2000/9.3. BizTalk http://www.biztalk.org/.4. Chen, Anne,”單一登入系統三分天下 電子商務網站如何選擇”,Taiwan CNet,http://taiwan.cnet.com/,2001。5. Chester, Timothy M., “Cross-Platform Integration with XML and SOAP,” IT Professional, 2001.6. Cox, Benjamin, et al, “NetBill Security and Transaction Protocol”, Carnegie Mellon University, 1995.7. eCoin http://www.ecoin.net/.8. Entrust, “Web Services Trust and XML Security Standards Version 1.0,” Entrust Technologies Inc., 2001/4.9. Ferreira, L. and R. Dahab, “A scheme for Analyzing Electronic Payment Systems,” 14th Annual Computer Security Application Conference, 1998/12.10. Glassman, Steve and Mark Manasse, et al., “The MilliCent Protocol for Inexpensive Electronic Commerce”, the 4th International World Wide Web Conference, 1995/12.11. Growbal:跨平台e化程式設計-XML/Java/SOAP整合應用,Microsoft出版,2001/3。12. Hada , Satoshi and Michiharu Kudo, ”XML Access Control Language: Provisional Authorization for XML Documents,” IBM Research, 2001/8.13. Hallam-Baker, Phillip and Eve Maler, ”Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML),” Organization for the Advancement of Structured Information Standards (OASIS), 2002/4.14. HiNet AAA, http://www.hib2b.com.tw/. 15. Hondo, M. and N. Nagaratnam, et al., ”Securing Web Service”, IBM Systems Journal, 2002/2.16. Hong, Tony, ”Advancing SOAP interoperability,” IBM developerWorks, 2001/617. Huang, Shi-Ming and Irene Kwan, et al., ”Developing an XML Gateway for Business-to-Business Commerce,” Web Information Systems Engineering, 2000. Proceedings of the First International Conference, 2000/6.18. Imamura, Takeshi, et al., “XML Encryption Syntax and Processing,” W3C, 2002/3, http://www.w3.org/TR/xmlenc-core/.19. John, Rekesh and Uma Maheswari, “Securing Web Services using XKMS,” California Software Laboratories, 2001/8.20. Kudo, Michiharu and Satoshi Hada, “XML Document Security based on Provisional Authorization,” Proceedings of the 7th ACM Conference, 2000.21. Lindstrom, Pete, “Special Report: The Language Of XML Security,” Network Magazine, 2001/6.22. Mactaggart, Murdoch, “Enabling XML security: An introduction to XML encryption and XML signature,” IBM developerWorks, 2001/9.23. Microsoft, ”BizTalk Framework 2.0: Document and Message Specification,”Microsoft BizTalk Server Web Site, 2000/12, http://www.biztalk.org/home/framework.asp.24. Moses, Tim and Prateek Mishra, et al., “Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML),” Organization for the Advancement of Structured Information Standards (OASIS), 2002/4.25. Nakamur, Yuichi and Satoshi Hada, et al., ”Towards the Integration of Web Services Security on Enterprise Environments,” Applications and the Internet (SAINT) Workshops, 2002, 2002/2.26. Netegrity, “JSAML Toolkit Netegrity’s Java implementation of the Security Assertions Markup Language (SAML) specification,” Netegrity, Inc., 2001/9.27. Netegrity, “S2ML: The XML Standard for Describing and Sharing Security Services on the Internet,” Netegrity, Inc., 2000.28. Siddiqui, Bilal, ”Exploring XML Encryption, Part 1,” IBM developerWorks, 2002/3.29. Signature Syntax and Processing, http://www.w3.org/TR/xmldsig-core/. 30. Simon, Ed and Paul Madsen, et al., “An Introduction to XML Digital. Signatures,” XML.com, http://www.xml.com/pub/a/2001/08/08/xmldsig.html.31. Simple Object Access Protocol (SOAP) 1.1, http://www.w3.org/TR/SOAP.32. Sun Microsystems, ”How to Implement Network Identity”, Sun Microsystems, Inc., 2002, http://www.sun.com/sunone/identity.33. Tidwell, Doug, ” The XML Security Suite: Increasing the security of e-business,” IBM developerWorks, 2000/4.34. Tosic, V. and D. Mennie, et al., “On Dynamic Service Composition and Its Applicability to E-Business Software Systems,”ECOOP 2001, 2001/1, Accepted at the WOOBS (Workshop on Object-Oriented Business Solutions) workshop.35. Tosic, V. and D. Mennie, et al., “Software Configuration Management Related to Management of Distributed Systems and Services and Advanced Service Creation,” ICSE 2001, 2001/5.36. Travis, Brian E.,紀學勤譯:搞懂XML,看清SOAP,攻佔BizTalk,Microsoft出版,2001/237. VeriSign, “XML Key Management White Paper,” VeriSign, Inc., 2000.38. VeriSign, ”XML Key Management Specification Developer’s Guide,” VeriSign, Inc., 2002/2.39. W3C, http://www.w3c.org.40. 王維民,”電子商務多元收付款架構之研究”,碩士論文,交通大學資訊管理研究所,2001。41. 江憲坤,陳孟廷,”以Web Service為核心之電子化企業協同合作研究,” 台灣區網際網路研討會TANet2001,2001。42. 何永顯,“具公平性的高效率小額付款系統”,碩士論文,台灣大學電機研究所,1997。43. 段智華,”SOAP技術及其安全性研究”,China IBM DeveloperWorks,2001/11。44. 孫三才,”整合開發運用HailStorm-實作 Passport Single Sign-In及 Alert Service 介紹”,Microsoft Visual Studio .NET研討會,2000。45. 張真誠,林祝興,江季翰:電子商務安全,松崗電腦圖書資料股份有限公司,2000/2。46. 梁中平,徐子淵,謝鎮擇:XML與電子商務標準,財團法人資訊工程策進會,2000/11。47. 陳會安:XML網頁製作徹底研究,旗標出版股份有限公司,2000/11
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top