以Web為基礎(Web-based)的資訊應用已成為目前的潮流，然而由於傳統主從式架構(Client/Server，C/S)仍有其優點，加上舊有系統(Legacy System)的歷史包袱的考量下，大部分的企業並無法徹底拋棄舊有系統，而不得不採用Web_based與傳統主從式架構共存的模式。單一簽入(Single Sign-on，SSO)機制最主要目的在於解決使用者為登入不同的資訊系統必須重覆輸入帳號密碼的問題。然而目前常見的單一簽入解決方案(SSO Solution)主要都只針對Web-based架構的資訊系統，這對同時存在兩種不同架構資訊系統的企業來說，並不能完全解決單一簽入的問題。
一般基於安全性考量，網路上的身分認證方式，大多會結合公開金鑰基礎建設（Public Key Infrastructure, PKI）認證機制。而企業為了實現PKI機制，往往因此而自行建置憑證管理中心(Certificate Authority，CA)，自行發放及管理憑證。但因為建置上複雜度高、成本花費大且有許多技術上的問題需克服，實行上往往不是很順利，且企業自建CA所發放之憑證僅可應用於企業內部，在應用上缺乏彈性。
本研究最主要目的在於提出一個結合自然人憑證之整合性單一簽入系統架構，此一架構除了可同時適用於We-based及傳統主從式資訊系統外，並結合內政部憑證管理中心所發放之自然人憑證，以解決一般企業在使用PKI認證機制時所遇到的上述問題，以最經濟有效的方式將企業內部各種不同架構的資訊系統整合在一起。同時並根據此一架構進行系統實作，以驗證此系統架構的可行性。最後並以本研究提出之系統架構與目前現有解決方案做進一步的比較及評估分析，以確認本研究提出架構的優缺點，並做為未來研究的參考。

Web-based application has become an increasingly popular method for information system development. However, due to the advantage of traditional Client/Server and the consideration of the history burden and other factors of legacy systems. Greatly part of enterprise have to adopt the Client/Server and Web-based to configure the coexistence mode.
Most of the SSO solutions are only aim at the Web-based information system currently. This can''t resolve the problem for general enterprise completely. And the authentication mechanism of these solutions adoption must spend a great deal of cost mostly keep both in many complicated technique problems.
The main purpose of this research is to propose a single sign on integration architecture for Web-based and Client/Server information systems, which provide a new architecture to solve the problems mentioned above. By using Citizen Digital Certificate to integrate the information system of Web-based and Client/Server structure. In order to proof the feasibility of the architecture, a sample was implemented. In the final, by analysis and compare with the current single sign on solutions, we ensure the benefits of the architecture and offer some suggestions for the future research.

目 錄
表目錄......................................................V
圖目錄.....................................................VI
一、緒論................................................... 1
1.1 研究背景與動機......................................... 1
1.2 研究目的................................................1
1.3 研究範圍與限制......................................... 2
1.4 研究流程............................................... 2
1.5 論文架構............................................... 3
二、文獻探討............................................... 4
2.1 資訊系統開發架構....................................... 4
2.1.1資訊系統架構的演進.....................................4
2.1.2傳統主從式資訊系統架構.................................4
2.1.3 Web-based資訊系統架構.................................5
2.2 單一簽入技術............................................6
2.2.1 以通行票券為基礎的單一簽入解決方案....................6
2.2.2 以Cookie為基礎的單一簽入解決方案......................8
2.2.3 以反向代理伺服器為主之單一簽入解決方案.............. 10
2.3公開金鑰基礎建設(PKI).................................. 11
2.3.1 X.509認證服務........................................12
2.3.2憑證廢止清冊..........................................14
2.3.3數位簽章 .............................................16
2.3.4我國政府公開金鑰基礎建設(GPKI) .......................18
2.3.5自然人憑證............................................20
三、系統架構.............................................. 22
3.1自然人憑證單一簽入認證機制..............................22
3.1.1概念性架構............................................22
3.1.2自然人憑證認證模式....................................22
3.2 Web-based單一簽入機制(Web-based SSO)...................25
3.2.1 Web-based SSO架構....................................25
3.2.2 Web-based SSO運作流程................................27
3.3 傳統主從式單一簽入機制(C/S SSO)........................28
3.3.1 C/S SSO架構..........................................28
3.3.2 C/S SSO運作流程......................................29
3.4整合Web-based與傳統主從式單一簽入機制(整合SSO)..........30
3.4.1整合SSO架構...........................................30
3.4.2整合SSO運作流程.......................................32
四、系統實作與試用.........................................34
4.1系統實作................................................34
4.1.1實作環境..............................................34
4.1.2系統開發..............................................35
(1) Web-based SSO......................................36
(2) C/S SSO............................................43
(3) 整合SSO............................................48
4.2系統試用................................................52
(1) Web-based SSO......................................52
(2) C/S SSO............................................57
(3) 整合SSO............................................59
五、系統評估分析...........................................62
六、結論與未來研究方向.....................................66
參考文獻...................................................67

一、中文部分
[1] 內政部憑證管理中心網站，2004，http://moica.nat.gov.tw/html/index.htm。
[2] 朱建達，2001，”建立於公開金鑰基礎建設的單一簽入系統”，國立交通大學，碩士論文。
[3] 李長庚，2003，”一個開放的Web-Based Single Sign-On 服務架構”， 國立交通大學，碩士論文。
[4] 林誠，2004，”E化宜蘭縣府公文整合與線上簽核的平台”，2004台灣網際網路研討會。
[5] 周伯錕，2003，”利用智慧卡之遠端身份認證之研究”，國立中興大學資訊科學系，碩士論文。
[6] 廖峻鋒、李蔡彥，2003，”SAWA:支援單一登入及MVC 樣式的校務行政系統應用程式框架”， TANET 2003 台灣網際網路研討會。
[7] 劉廷楷，2003，”電子病歷分享系統中安全技術之設計與實作”，私立東海大學資訊工程與科學系，碩士論文。
[8] 顏志臻，2002，”運用公開金鑰基礎建設 生物認證技術及Kerberos 建構一個應用於分散式系統之安全認證機制”，國立清華大學電機工程學系，碩士論文。
[9] 張清文，2003，”利用XML Security與RBAC設計企業文件控管系統”，國立中央大學資訊管理學系，碩士論文。
[10] 王國榮，”VB5 & ActiveX 程式設計”，旗標出版社。
[11] VB入門網網站，http://www.vbguide.com.tw。
[12] 蔡明志，”Visual C++ 6 教學手冊”，�眳p資訊。

二、英文部分
[1] Chris Dunne, 2003,”Build and implement a single sign-on solution”,http://www-130.ibm.com/developerworks/.
[2] Camillo Sars ,1998, “Unified Single Sign-On”, Proceedings of the Helsinki University of Technology Seminar on Network Security.
[3] Dae-Hee Seo; Im-Yeong Lee; Soo-Young Chae; Choon-Soo Kim, ,2003,”Single sign-on authentication model using MAS(multiagent system)”, Communications, Computers and signal Processing, 2003. PACRIM. 2003 IEEE Pacific Rim Conference on , Volume: 2 , 692 - 695.
[4] Gross, T. ,2003,”Security analysis of the SAML single sign-on browser/artifact profile”,Computer Security Applications Conference, 2003. Proceedings. 19th Annual , 298 – 307.
[5] Jani Hurst ,1997,”Single Sign-on”, Proceedings of the Helsinki University of Technology Seminar on Network Security.
[6] Peter Kohler,2004,”Simple Single Sign-On Solution for Web Applications”,SANS Institute.
[7] Pfitzmann, B. and Waidner, M. ,2003,”Analysis of liberty single-sign-on with enabled clients”,Internet Computing, IEEE , Volume: 7 , Issue: 6 , 38 – 44.
[8] Peter Doyle and Steve Hanna,2003,”Survey on Obstacles to PKI Deployment and Usage”,Prepared and Published by the OASIS Public Key Infrastructure Technical Committee.
[9] Pashalidis, A.; Mitchell, C. , 2003,”Using GSM/UMTS for single sign-on”,Mobile Future and Symposium on Trends in Communications, 2003. SympoTIC ''03. Joint First Workshop on , 138 – 145.
[10] Satoh, F. and Itoh, T. ,2004,”Single Sign On architecture with dynamic tokens”,Applications and the Internet, 2004. Proceedings. 2004 International Symposium on,197 – 200.
[11]Sumalatha Adabala,et al.,2004,”Single sign-on in In-VIGO: role-based access via delegation mechanisms using short-lived user identities”, Parallel and Distributed Processing Symposium, 2004. Proceedings. 18th International , 26-30 April 2004.
[12] Vipin Samar,1999,”Single sign-on using cookies for Web applications”,In Proceedings of the 8th IEEE Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises,158--163.
[13] Liang, S., The Java Native Interface Programmer''s Guide and Specification, Addison-Wesley, 1999.