1 / 10

Research on Non-repudiation service

Research on Non-repudiation service. By Yi Zhang. Motivation of Non-repudiation. In paper-based business Electronic business transactions Less physical evidence The availability of sophisticated technologies

aiden
Télécharger la présentation

Research on Non-repudiation service

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Research on Non-repudiation service By Yi Zhang

  2. Motivation of Non-repudiation • In paper-based business • Electronic business transactions • Less physical evidence • The availability of sophisticated technologies • Parties potentially involved in a dispute should be able to obtain sufficient evidence to establish what had actually happened

  3. What is non-repudiation • The goal of a non-repudiation service • Digital signature is vulnerable to replay attacks • Sender authentication does not guarantee that messages were not modified • Non-repudiation service requires both

  4. NRD Sender Receiver NRO NRS NRR Model of Non-Repudiation Direct Transmission

  5. Delivery authority NRD Sender Receiver NRO NRS NRR Model of Non-Repudiation Indirect Transmission

  6. Technology Overview • Message Authentication • Message Authentication Code (MAC) • Digital Signature • Sender/Receiver Authentication • Username and Password • SSL Server and Client

  7. Technology Overview • SOAP (Simple Object Access Protocol) • XML based protocol • An envelope • A set of encoding rules • A convention for representing remote procedure calls and responses • A simple SOAP sample • SOAP-DSIG appends digital signatures to SOAP

  8. Request Example • HTML Header followed by SOAP message. POST /order HTTP/1.1 Host: www.onlinetrade.com Content-Type: text/xml; charset="UTF-8" Content-Length: nnnn SOAPAction: "http://www.onlinetrade.com/order#buy“ …… SOAP message

  9. Response Example HTTP/1.1 200 OK Content-Type: text/xml; charset="UTF-8" Content-Length: nnnn …… SOAP message

  10. Satisfaction of Non-repudiation service • Exchanging the above HTTP messages over SSL. • To guarantee the signer of a SOAP message is the same as the sender • The private key used to sign the order should be the same for SSL client authentication. • The private key used to sign the receipt should be the same for SSL server authentication

More Related