1,759
社区成员
发帖
与我相关
我的任务
分享请发表友善的回复…
发表回复
SenseInfo 2003-01-29
- 打赏
- 举报
上海已经有一个案例是关于电子签名纠份的,二中院判定电子签名具有法律效应.
yangzi520 2003-01-28
- 打赏
- 举报
必須先有法案(如電子簽名法案),而後才能用電子簽名
所以立法很重要
不知道國內有沒有相關法案
所以立法很重要
不知道國內有沒有相關法案
2353939 2003-01-28
- 打赏
- 举报
gz
TrWorks 2003-01-27
- 打赏
- 举报
up
xchen1 2003-01-17
- 打赏
- 举报
4. Security Issues with XML Documents
Securing XML documents can be very complex. There are several issues that are unique to the XML documents. There are several key security issues that must be addressed:
· Since data can be collected from a wide range of sources, the validity of the source and accuracy of the data need to be checked. A hacker could introduce spoofed data into the XML document.
· Due to the processing and storage of data in separate applications, systems and/or locations, integrity of the data becomes a major concern. Transmission of documents between these heterogeneous environments could alter the original document.
· One of the major benefits of XML is that it allows documents to be more efficiently shared between multiple users with different interests. For instance, in Figure 1, the given document can be shared amongst several types of users such as other professors, students, payroll department etc.
· A professor interested in collaboration in a research paper will be interested in the subject’s ‘name’, ‘education’ and ‘research’, but perhaps has no interest in knowing the ‘teaching’ and ‘salary’ information.
· A student interested in taking a course should be provided with ‘name’, and ‘teaching’ information, but has no interest in the ‘education’ or ‘research’ of the professor. The student should be prohibited from viewing personal details such as ‘address’ or even ‘salary’.
· A University payroll administrator is only interested in the ‘name’, ‘address’ and ‘salary’ information of this professor, and has no use of the extra information about ‘education’, ‘research’, and ‘teaching’.
Thus, due to the nested structure of the document, select portions of the document need to be protected from different types of users. There is a need for security measures that allow confidential dispersion of information, based on the heterogeneous classifications of users that will be accessing the information.
Therefore, there are three key security issues that need to be ensured when securing XML documents:
1. Authentication – Subject receiving a document must be assured that the document comes from the source it claims to be from.
2. Integrity – Contents of documents are not altered during its transmission from the source(s) to the intended recipient.
3. Confidentiality – Selected document contents can only be disclosed to authorized subjects based on access control policies.[1]
Securing XML documents can be very complex. There are several issues that are unique to the XML documents. There are several key security issues that must be addressed:
· Since data can be collected from a wide range of sources, the validity of the source and accuracy of the data need to be checked. A hacker could introduce spoofed data into the XML document.
· Due to the processing and storage of data in separate applications, systems and/or locations, integrity of the data becomes a major concern. Transmission of documents between these heterogeneous environments could alter the original document.
· One of the major benefits of XML is that it allows documents to be more efficiently shared between multiple users with different interests. For instance, in Figure 1, the given document can be shared amongst several types of users such as other professors, students, payroll department etc.
· A professor interested in collaboration in a research paper will be interested in the subject’s ‘name’, ‘education’ and ‘research’, but perhaps has no interest in knowing the ‘teaching’ and ‘salary’ information.
· A student interested in taking a course should be provided with ‘name’, and ‘teaching’ information, but has no interest in the ‘education’ or ‘research’ of the professor. The student should be prohibited from viewing personal details such as ‘address’ or even ‘salary’.
· A University payroll administrator is only interested in the ‘name’, ‘address’ and ‘salary’ information of this professor, and has no use of the extra information about ‘education’, ‘research’, and ‘teaching’.
Thus, due to the nested structure of the document, select portions of the document need to be protected from different types of users. There is a need for security measures that allow confidential dispersion of information, based on the heterogeneous classifications of users that will be accessing the information.
Therefore, there are three key security issues that need to be ensured when securing XML documents:
1. Authentication – Subject receiving a document must be assured that the document comes from the source it claims to be from.
2. Integrity – Contents of documents are not altered during its transmission from the source(s) to the intended recipient.
3. Confidentiality – Selected document contents can only be disclosed to authorized subjects based on access control policies.[1]
xchen1 2003-01-17
- 打赏
- 举报
1. Introduction
XML (eXtentsible Markup Language) is currently the most valuable mechanism for data exchange across the Internet. Private and public enterprises are increasingly using the “Web as the main source of information dissemination”[1]. This can take the form of providing documents upon user requests or actively broadcasting documents to interested clients.
Due to the widespread use of XML on the Internet, there is a strong need for mechanisms for securing XML documents. Since XML is primarily Internet based it provides the opportunity for other to sniff or spoof information. Traditional methods of establishing trust aren’t applicable on the Internet.
XML Signatures can be applied to any digital content. There are several reasons why XML Signatures are more effective than alternative mechanisms for protecting data in transit such as SSL. Firstly, XML Signatures “entwined within the XML data are more portable since it is part of the data rather than a sub-layer that is stripped off as the data is retrieved from the network. Secondly, an XML Signature may be applied to a complete document, parts of a single document or many documents from many sources”[5].
2. XML Basics
The basic building blocks of an XML document are tagged elements. These elements can be nested at any depth and can contain other elements leading to an eventual hierarchical structure.
Each element is delimited by two tags – start tag and end tag. The start tag is placed at the beginning of the element, and the end tag at the end of the element. These tags are denoted by angle brackets (< and >), and the name inside the tags denotes the tag name, which indicates the type of the element. Each element can contain any number of attributes that provide additional information about the element. An attribute is a pair of words consisting of a name and a value written in the form: x = “y”, where x is the name and y is the value.
In Figure 1 below, the elements are ‘professor’, ‘name’, ‘address’, ‘street’, ‘city’, and ‘course’, while an attribute is ‘country’.
Figure 1
<professor>
<name>William Farmer</name>
<education>Ph.D. Mathematics</education>
<teaching>SE 4C03
<lecturestyle>Presentation</lecturestyle>
<workload>Heavy</workload>
</teaching>
<research>IMPS</research>
<email>wmfarmer@mcmaster.ca</email>
<address Country = “US”>
<street>99 Example Street</street>
<city>Boston</city>
</address>
<salary>$200000</salary>
</professor>
3. Benefits of XML
XML differs from HTML in that it permits information providers to define their own tag elements, allows nesting and parent/child relationships, and defines its grammar for others to use.
“XML as a data container is ideal due to its simplicity, richness of data structure, and being text based the XML document is very easy for humans to understand”[7]. An XML format is also very extendible since it is very easy to create new element names and attributes.
The major benefit of XML is that it allows the presentation of data from
multiple sources. This begs the question:
3.1. How does XML present data from various sources?
1. Information can be collected from sources spread across the Internet into one instance and then presented.
2. Provide pointers and links to applicable information at different locations.
In either case the end result to the user looks the same.
xchen1 2003-01-17
- 打赏
- 举报
认识电子签名
电子签名并非是书面签名的数字图像化。它其实是一种电子代码,利用它,收件人便能在网上轻松验证发件人的身份和签名。它还能验证出文件的原文在传输过程中有无变动。
如果有人想通过网络把一份重要文件发送给外地的人,收件人和发件人都需要首先向一个许可证授权机构(CA)申请一份电子许可证。这份加密的证书包括了申请者在网上的公共钥匙即“公共电脑密码”,用于文件验证。
在收到加密的电子文件后,收件人使用CA发布的公共钥匙把文件解密并阅读。
电子签名立法
美国总统克林顿于2000年6月30日正式签署的《电子签名法案》是网络时代的重大立法,它使电子签名和传统方式的亲笔签名具有同等法律效力,被看作是美国迈向电子商务时代的一个重要标志。
6月30日,克林顿使用一个电子卡片在电脑荧屏上签署这项法令,而密码就是他爱犬的名字。不过,为了避免引起不必要的法律效力问题,他又按传统习惯用钢笔在法律文书上签下了自己的名字。
克林顿在签署这项法律时说:“不久以后,美国人民就可以使用带有数字签名的电子卡片做他们想要做的事情了,电子签名将会应用在各个领域之中,从聘请律师到抵押贷款,无所不能。在这项具有划时代意义的法律正式生效后,人们将可以使用电子签名签订在线合同和进行电子商务,这对于新经济的发展无疑具有巨大的推动作用。”
2000年-2001年,爱尔兰、德国、日本、波兰等国政府也先后通过各自的电子签名法案。
电子签名模式
不过,电子签名法并没有具体限定未来网上签名使用何种模式。目前美国使用的电子签名主要有三种模式。
智慧卡式。使用者拥有一个像信用卡一样的的磁卡,内储有关自己的数字信息,使用时只要在电脑扫描器上一扫,然后加入自己设定的密码即成。上面克林顿“表演”用的就是这一种。
密码式。就是使用者设定一个密码,由数字或字符组合而成。有的公司提供硬件,让使用者利用电子笔在电子板上签名后存入电脑。电子板不仅记录下了签名的形状,而且对使用者签名时用的力度、定字的速度都有记载。如有人想盗用签名,肯定会露出马脚。
生物测定式。就是以使用者的身体特征为基础,通过某种设备对使用者的指纹、面部、视网膜或眼球进行数字识别,从而确定对象是否与原使用者相同。许多公司的电脑程序实际运用的大都是将两种或三种技术结合在一起,这样可以大大提高电子签名的安全可靠性。
电子签名和加密技术
电子签名和加密技术,电子签名技术的实现需要使用到非对称加密(RSA算法)和报文摘要(HASH算法)。
非对称加密是指用户有两个密钥,一个是公钥,一个是私钥,公钥是公开的,任何人可以使用,私钥是保密的,只有用户自己可以使用。该用户可以用私钥加密信息,并传送给对方,对方可以用该用户的公钥将密文解开,对方应答时可以用该用户的公钥加密,该用户收到后可以用自己的私钥解密。公私钥是互相解密的,而且绝对不会有第三者能插进来。
报文摘要利用HASH算法对任何要传输的信息进行运算,生成128位的报文摘要,而不同内容的信息一定会生成不同的报文摘要,因此报文摘要就成了电子信息的“指纹”。
有了非对称加密技术和报文摘要技术,就可以实现对电子信息的电子签名了。
电子签名的软件应实现的功能
文档电子签名软件是一种电子盖章和文档安全系统,可以实现电子盖章(即数字签名)、文档加密、签名者身份验证等多项功能。对于签名者的身份确认、文档内容的完整性和签名不可抵赖性等问题的解决具有重要作用。
使用数字证书对Word文档进行数字签名,保证签名者的签名信息和被签名的文档不被非法篡改。签名者可以在签名时对文档签署意见,数字签名同样可以保证此意见不被篡改。
软件应嵌入Word环境,集成为应用组件,使用简便,界面友善。操作生成的数字签名和意见以对象方式嵌入Word文档,直观明了。
软件还应支持多人多次签名,每个签名可以在文档中的任意位置生成,完全由签名者控制。
软件避免采用宏技术,从而避免因用户禁用宏而导致软件失效。
数字签名使用的数字证书可以存储在智能卡和USB电子令牌之类的硬件设备中,这些存储介质自身有安全性高、携带方便等特点,进一步提高了系统的安全性。
在企业中,对于往来的需审批的重要文档,必须保持其安全、有效,并要求留下审批者的意见及签名,如果采用传统的方法如传真,势必造成大量的扫描文件需要存储,且不好管理,而电子签名在安全体系的保证下,将为文档管理的效率带来显著的提高。由此看来,采用先进的IT技术,能推动我们的办公无纸化进一步的向前发展。■
Eckal 2003-01-17
- 打赏
- 举报
能给个具体的例子吗?
daxiao5564 2003-01-16
- 打赏
- 举报
任何开发者如果计划通过网络发布代码或信息,都有被冒充和篡改的危险,而有一种专门为商业软件开发者设计的代码签名证书有效防止了这种危险。这类证书类似于商业执照,它代表了组织或个人在网络上的身份及合法性。代码签名证书设计的目的在于体现出通过零售渠道销售软件所能达到的安全保障。
Lhby2000 2003-01-16
- 打赏
- 举报
你可以下一个PGP试用一下。数字签名是和非对称加密技术和CA的建立分不开的。基本协议很简单:
1. A首先产生消息摘要H(m)。
2. A用她的私人密钥对消息摘要加密,从而对文件签名。
3. A将签名的文件和文件原文传给B。
4. B用A的公开密钥解密消息摘要,从而验证签名。
H(m)指单向散列函数
一个HASH函数H是把一个输入m转变为被称为hash值h(h=H(m))的固定长度串,使用在密码技术中时hash函数通常选择具有下列附加性质的函数:
1、输入可以是任意长度
2、输出为固定长度
3、对任意x,H(x)是相对容易计算的
4、H(x)是单向的(给顶一个hash函数值h在计算机上求H(x)=h是不可行的)
5、H(x)为无碰撞的(要找出任意两个随机消息x和y,使H(x)=H(y)在计算上是不可行的)
这个协议满足我们期待的签名特征:
(1) 签名是可信的。当B用A的公开密钥验证消息时,他知道是由A签名的。
(2) 签名是不可伪造的。只有A知道她的私人密钥。
(3) 签名是不可重用的。签名是文件的函数,并且不可能转换成另外的文件。
(4) 被签名的文件是不可改变的。如果文件有任何改变,文件就不能用A的公开密钥验证。
(5) 签名是不可抵赖的。B不用A的帮助就能验证A的签名。
1. A首先产生消息摘要H(m)。
2. A用她的私人密钥对消息摘要加密,从而对文件签名。
3. A将签名的文件和文件原文传给B。
4. B用A的公开密钥解密消息摘要,从而验证签名。
H(m)指单向散列函数
一个HASH函数H是把一个输入m转变为被称为hash值h(h=H(m))的固定长度串,使用在密码技术中时hash函数通常选择具有下列附加性质的函数:
1、输入可以是任意长度
2、输出为固定长度
3、对任意x,H(x)是相对容易计算的
4、H(x)是单向的(给顶一个hash函数值h在计算机上求H(x)=h是不可行的)
5、H(x)为无碰撞的(要找出任意两个随机消息x和y,使H(x)=H(y)在计算上是不可行的)
这个协议满足我们期待的签名特征:
(1) 签名是可信的。当B用A的公开密钥验证消息时,他知道是由A签名的。
(2) 签名是不可伪造的。只有A知道她的私人密钥。
(3) 签名是不可重用的。签名是文件的函数,并且不可能转换成另外的文件。
(4) 被签名的文件是不可改变的。如果文件有任何改变,文件就不能用A的公开密钥验证。
(5) 签名是不可抵赖的。B不用A的帮助就能验证A的签名。
Eckal 2003-01-15
- 打赏
- 举报
hdyes(我是流氓,我怕谁,你是流氓,谁怕你) 你好
可以谈谈你的实现吗?
100分不够可以再给
可以谈谈你的实现吗?
100分不够可以再给
basagx 2003-01-15
- 打赏
- 举报
gz
ilian 2003-01-14
- 打赏
- 举报
gz
YewPu 2003-01-13
- 打赏
- 举报
我在开发着一套网上签名的。
igis 2003-01-13
- 打赏
- 举报
up
UserR 2003-01-13
- 打赏
- 举报
关注 帮忙UP
Eckal 2003-01-13
- 打赏
- 举报
能举个例子吗?
用户怎么操作呢?
用户怎么操作呢?
diruser 2003-01-11
- 打赏
- 举报
楼上有实现的代码吗?
libi 2003-01-10
- 打赏
- 举报
数字签名是一种加密技术。
RSA加密算法有两个密钥,用其中一个来加密信息,可以由另一个来解密。用户可以自己保留一个密钥(私钥),把另一个向外界公开(公钥)。那么对于一段信息,用户以自己的私钥加密,那么别人可以用他的私钥解密。由于RSA算法的安全性,可以认为这段信息是被该用户私钥加密过的,该用户对此不可抵赖。所以这种方法可以作为数字信息的一种签名方法,就叫数字签名。
RSA加密算法有两个密钥,用其中一个来加密信息,可以由另一个来解密。用户可以自己保留一个密钥(私钥),把另一个向外界公开(公钥)。那么对于一段信息,用户以自己的私钥加密,那么别人可以用他的私钥解密。由于RSA算法的安全性,可以认为这段信息是被该用户私钥加密过的,该用户对此不可抵赖。所以这种方法可以作为数字信息的一种签名方法,就叫数字签名。
rwdx 2003-01-10
- 打赏
- 举报
就是用数字来实现签名,呵呵
