跳到主要內容

臺灣博碩士論文加值系統

(18.208.126.232) 您好!臺灣時間:2022/08/12 01:41
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:曾秀琦
研究生(外文):Hsiu-Chi Tseng
論文名稱:應用LDAP的認證中心之設計與實現
論文名稱(外文):Application of the design and implement on the LDAP/CA
指導教授:楊中皇楊中皇引用關係
指導教授(外文):Chung-Huang Yang
學位類別:碩士
校院名稱:國立高雄第一科技大學
系所名稱:資訊管理所
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2002
畢業學年度:90
語文別:中文
論文頁數:88
中文關鍵詞:憑證徹銷列表輕量級目錄存取協定認證中心公鑰基礎建設LDAP資料互換格式註冊管理中心
外文關鍵詞:PKIRALDIFCRLsLDAPCA
相關次數:
  • 被引用被引用:0
  • 點閱點閱:219
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0

認證中心(縮寫為CA)是幫實體憑證作註冊、管理、撤銷和更新憑證;認證中心就像是個第三信任單位,它簽發憑證給提出申請的實體。數位憑證或憑證,提供了電子處理上的機制,它可以使用在各種電子處理,包括了電子郵件、網站的安全存取以及電子商務、群組軟體和電子交易。憑證的驗證功能是提供給終端實體或使用者作為證明和檢驗的用途。
輕量級目錄存取協定(縮寫為LDAP)。LDAP協定是比較簡易化的,提供在許多應用上豐富的運用能力。LDAP是一個由IETF所公開的開放標準協定。LDAP的設計使得只要耗費X.500的百分之十的複雜度,就可以達到百分之九十的X.500的功能。LDAP的管理允許每一個使用者透過LDAP協定來存取目錄協定。它可以幫忙使用者依不同的搜尋條件去找到相對的值,所以LDAP是相當具有彈性。
認證中心的實踐與設計,在憑證方面是依據X.509的憑證標準格式;在目錄方面著是根據LDAP協定來作為存取的處理,如此一來使得管理者易於管理目錄中的資訊。此外,本研究也針對認證中心以及LDAP作傳輸介面的設計與實踐,目的是要改善傳統的認證中心應用時程序上的複雜以及繁瑣,把LDAP協定的應用在認證中心上,以達成資訊取得以及資料媒存管理的簡單化。


A Certification Authority, or CA in short, is an entity that issues, manages, revokes, and renews certificates. CA just like the third party, it will issues certificates to someone. A digital certificate, or certificate, provides a means of proving an identity in electronic transactions; it can be used for a variety of electronic transactions including e-mail, secure Web access, electronic commerce, groupware, and electronic funds transfers. Certificates can authenticate senders and receivers both sides that trust each other. Authenticate is prove and verify the end-user entity which is person or an object. If the public key matches the digital signature, then the recipient may be sure that the message originated with the sender, and that the message was not altered in transit.
LDAP is the Lightweight Directory Access Protocol. LDAP is reasonably simple, but provide a wealth of features capable of supporting any kind of application. LDAP is an open Internet standard, produced by the Internet Engineering Task Force(IETF). LDAP was designed to provide access to 90 percent of the functionality of full X.500, at 10 percent of the cost. LDAP offers access functions, allow directory information to be managed as well as queried. LDAP is an protocol that can to be access by everyone. It can help to search different conditions that was value of LDAP. LDAP is very flexible and the information it conveys is easily extensible. LDAP protocol and Information Security domain both have not direct relate, but between LDAP protocol and implement of public-key cryptosystems are feasibility absolutely.
Implement and design of CA, the certificate standard must follow X.509 standard; the directory follow LDAP protocol that it make CA administrators easy to manage information of the directory. The research emphasized that CA and LDAP protocol both are interfaces design and implement. The purpose of the research is to improve CA conventions and complex procedures.


目錄

中文摘要………………………………………………………………… i
英文摘要………………………………………………………………… ii
誌謝……………………………………………………………………… iii
目錄……………………………………………………………………… iv
表目錄…………………………………………………………………… vi
圖目錄…………………………………………………………………… vii
壹、緒論………………………………………………………………… 1
一、背景…………………………………………………………… 3
二、動機…………………………………………………………… 4
三、目的…………………………………………………………… 5
四、研究流程圖…………………………………………………… 7
五、論文架構……………………………………………………… 8
貳、文獻探討…………………………………………………………… 9
一、X.509………………………………………………………… 9
二、LDAP……………………………………………………………25
三、案例……………………………………………………………40
參、系統設計與實踐……………………………………………………45
一、系統架構………………………………………………………46
二、系統設計流程…………………………………………………47
三、系統發展環境…………………………………………………50
四、系統功能的實踐與說明………………………………………52
肆、憑證實務作業基礎…………………………………………………65
一、關於NkfustCA…………………………………………………65
二、核證運作之基礎………………………………………………66
三、申請程序………………………………………………………68
四、簽發憑證………………………………………………………69
五、申請人接受憑證………………………………………………70
六、憑證的使用……………………………………………………71
七、憑證中止與廢止………………………………………………72
八、憑證期效屆滿與更新…………………………………………73
九、NkfustCA 認證中心的義務………………………………… 73
十、其它規範………………………………………………………75
伍、結論…………………………………………………………………77
一、研究結論………………………………………………………77
二、研究貢獻………………………………………………………78
三、研究限制………………………………………………………81
四、未來研究方向…………………………………………………81
[參考文獻]


[1].陳周造, 陳燦煌, 2000,“ C++ Builder 5 徹底研究”, 第三版, 博碩文化股份有限公司, 台北縣.[2].中華民國政府憑證管理中心, 1998 ,“政府憑證管理中心憑證實作準則”.[3].余明興, 吳明哲等著, 2000,”Borland C++ Builder 5 學習範本”, 松崗電腦圖書資料股份有限公司.[4].柏原正三, 2001,“C語言演算法徹底入門”, 博碩文化股份有限公司, 台北縣.[5].陳彥學, 2000 ,”資訊安全理論與實務”, 文魁資訊股份有限公司,台北巿.[6].鄭明, 鄭世偉, 2002, “C++ Builder & Windows API”, 文魁資訊股份有限公司,台北巿.[7].黃鋰, “主要國家產經政策動態刊”.[8].Adams, C.,and Farrell, S., 1999, ” RFC 2510: Internet X.509 Public Key Infrastructure Certificate Management Protocols”,IETF.[9].Adams, C.,and Lloyd, S.,2000, “Public Key Infrastructure-Concept、Standard and Implement“, Macmillan Technical Publishing, Indianapolis.[10].Newman, A., “ Implementing Ipsec: Making Security Work on VPN’s, Intranets, and Extranets Elizabeth Kaufman“.[11].Boeyen, S., Howes, T. ,and Richard, P., 1999, “Internet X.509 Public Key Infrastructure Openational Protocols-LDAPv2”, IETF.[12].Burton, S. ,and Kaliski, Jr., 1993,“A Layman’s Guide to a Subset of ASN.1, BER, and DER.”, RSA Data Security Inc. , Redwood. [13].Burton, S. ,and Kaliski, Jr., 1993,“Some Examples of the PKCS Standards.” , RSA Data Security Inc. , Redwood. [14].Chokhani, S., and Ford, W., 1999, “RFC2527: Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework”, IETF. [15].David, M., 2001, “PHP3 programming browser-based applications with PHP“, McGraw-Hill, New York.[16].Douglas, R., 1995,“Cryptography- Theory and Practice“,Stinson, New York.[17].Dusse, S., 1998,“RFC2311: S/MIME Version 2 Message Specification”, IETF.[18].Elgamal, T., 1985,“ A public key cryptosystem and a signature schema based on discrete logarithms.”, IEEE Transactions on Information Theory. [19].Faldella, E.,and Prandini, M., 2000, “A novel approach to on-line status authentication of public-key certificates”, Computer Security Applications, 2000. ACSAC ‘00. 16th Annual Conference , pp.270 —277.[20].Ford, W., 1998, “Public-key infrastructure interoperation”, Aerospace Conference, 1998 IEEE , Vol. 4 , 1998 pp.329 —333.[21].Gietz, P., 2002, “LDAP and the grid”, Cluster Computing and the Grid 2nd IEEE/ACM International Symposium CCGRID2002 , pp.3—3.[22].Good, G., 2000, ”RFC 2849: The LDAP Data Interchange Format (LDIF) — Technical Specification”, IETF.[23].Kille, S., 1993,”A string Representation of Distinguished Names(OSI-DS 23(v5))”. [24].Hassler, V., 1999, “X.500 and LDAP security: a comparative overview”, IEEE Network , Vol.13 ,pp.54 —64.[25].Housley, R.,and Ford, W.,et al., 1999,“RFC 2459: Internet X.509 Public Key Infrastructure Certificate and CRL Profile”, IETF.[26].Housley, R.,and Polk, T., 2001,“ Planning for PKI“, John Wiley & Sons,Jnc. , New York. [27].Housley, R.,and Polk, W., 1999, ”RFC2528: Internet X.509 Public Key Infrastructure”, IETF. [28].Howes, T., 1997, “RFC2254: The String Representation of LDAP Search Filters”, IETF. [29].Howes, T.,and Kille, S.,et al., 1995,“RFC1778: The String Representation of Standard Attribute Syntaxes”, IETF.[30].Howes, T., and Smith, M., 1997,“ LDAP: Programming Directory-Enabled Applications with Lightweight Directory Access Protocol”, Macmillan Technical Publishing ,U.S.A..[31].Howes T.,and Smith, M., 1997,“RFC2255: The LDAP URL Format”, IETF.[32].Howes, T. ,and Smith, M., 1997, “LDAP: Programming Directory-Enabled Application with Lightweight Directory Access Protocol.”, Macmillan Technical, Indianapolis.[33].ITU-T Recommendation X.500, 1997, “X.500 through X.530.”, Telecommunication Union, Geneva, Switzerland.[34].ITU-T Recommendation X.509(1997E), 1997, ”Information Technology-Open Systems Interconnection-The Diectory: Authentication Framework”. [35].Myers, M., and Adams, C., et. al., 1999, “RFC2511: Internet X.509 Certificate Request Message Format”, IETF.[36].Myers, M.,and Ankney, R.,et al., 1999, “RFC2560 :X.509 Internet Public Key Infrastructure Online Certificate Status Protocol — OCSP”, IETF. [37].Nash, A., et al., 2001,“PKI: Implementing and Managing E-Security“, McGraw-Hill ,New York.[38].Otey, M.,and Conte, P., 2001,“ SQL Server 2000 Developer’s Guide“, McGraw-Hill, New York. [39].Rivest, R.L., Shamir, A., and Adleman, L., 1978, ”A method for obtaining digital Signatures and Public Key cryptosystems.”, Communications of the ACM. [40].Rivest, R., 1992, “RFC1321: The MD5 Message Digest Algorithm”,IETF.[41].RSA Laboratories, “Understanding Public Key Infrastructure(PKI)”, RSA Data Security Inc. , Redwood.[42].RSA Laboratories, ”PKCS #7: Cryptographic Message Syntax Standard”.Version 1.5.”, RSA Data Security Inc. , Redwood.[43].RSA Laboratories, 1993,“PKCS #10: Certification Request Syntax Standard. Version 1.0.”, RSA Data Security Inc. , Redwood.[44].Schneier, B., 2001,“ Secrets & Lies : digital Security in a networked world“, John Wiley & Sons,Jnc. , New York. [45].Severance, C., 1997, “Could LDAP be the next killer DAP?”, Computer , Vol.30 ,pp. 88 —89.[46].Wahl, M.,and Coulbeck, A.,et al., 1997,“RFC2252: Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions”, IETF. [47].Wahl, M.,and Howes, T.,et al., 1997,“RFC2251: Lightweight Directory Access Protocol (v3)”, IETF . [48].Wahl, M.,and Kille, S.,et al., 1997,“RFC2253: Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names”, IETF. [49].Yang, C.S.,and Liu, C.Y.,et al., 2001, “Design and implementation of secure Web-based LDAP management system”, Information Networking 2001, Proceedings,15th International Conference on , pp.259 —264.參考網站[50].電子簽章法, http://www.taiCA.com.tw/education/regulation.htm.[51]. ISeries Directory Services (LDAP), http://www-1.ibm.com/servers/eserver/iseries/ldap/ldapv4r5.htm[52]. Microsoft, http://msdn.microsoft.com[53].OpenLdap, http://www.openldap.org [54].RSA, http://www.rsasecurity.com[55].Eudora mail, http://www.eudora.com[56].TaiCA, http://www.taiCA.com.tw[57].Verisign, http://www.verisign.com [58].LDAP authentication module for apache, http://www.muquit.com/muquit/software/mod_auth_ldap/mod_auth_ldap.html [59].LDAP Server Configuration, http://www.movesinstitute.org/~npset/index.html[60].LDAPzone, http://www.ldapzone.com[61].Linux Fab, http://www.linuxfab.cx[62].Novell, http://www.novell.com[63].IETF Drafts, http://www.ietf.org[64].GCA, http://www.gca.gov[65].Hitrust, http://www.hitrust.com.tw[66].Entrust, http://www.entrust.com[67].JCSI, http://www.jcsinc.co.jp[68].TDB, http://www.tdb.co.jp

QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top