[1] AL-Helali Adnan Hadi Mahdi**, Zhang Shensheng,. CIT/XML Security Platform Syntax and Processing* [J]. Journal of Southeast University (English Edition), 2002, 18 (2): 108-113. [doi:10.3969/j.issn.1003-7985.2002.02.002]

Copy

CIT/XML Security Platform Syntax and Processing^*()

CIT/XML 安全平台语义与处理

Journal of Southeast University (English Edition)[ISSN:1003-7985/CN:32-1325/N]

Volumn:

18

Issue:

2002 2

Page:

108-113

Research Field:

Computer Science and Engineering

Publishing date:

2002-06-30

Info

Title:

CIT/XML Security Platform Syntax and Processing^*

CIT/XML 安全平台语义与处理

Author(s):

AL-Helali Adnan Hadi Mahdi^**, Zhang Shensheng

Department of Computer Science and Engineering, Shanghai Jiaotong University, Shanghai 200030, China

安南, 张申生

上海交通大学计算机科学与工程系, 上海 200030

Keywords:

electronic commerce;  security;  digital certificates;  smart card;  digital commerce;  authentication;  SPKI;  XML

电子商务;  安全;  数字证书;  智能卡;  数字商务;  认证;  SPKI;  XML

PACS:

TP309.7

DOI:

10.3969/j.issn.1003-7985.2002.02.002

Abstract:

Today companies and organizations are using the Web as the main information dissemination means both at internal and external level. Information dissemination often takes the form of XML documents that are made available at Web servers, or that are actively broadcasted by Web servers to interested clients. These documents often contain information at different degrees of sensitivity, therefore a strong XML security platform and mechanism is needed. In this paper we developed CIT/XML security platform and take a close look to syntax and processing of CIT/digital signature model, CIT/encryption model, CIT/ smart card crypto and SPKI interface security models. Security services such as authentication, integrity and confidentiality to XML documents and non-XML documents, which exchanged among various servers, are provided.

Web正成为公司和组织内部以及和外界传播信息的主要方式.信息发布通常在Web服务器端采用XML文档的形式, 或者通过Web服务器将XML文档主动发送给感兴趣的客户端.这些文档通常含有程度不同的敏感信息, 所以必须有一个强大的XML安全平台和机制.在本文中我们提出了CIT/XML安全平台, 并详细介绍了CIT数字签名, CIT加密模型, CIT智能卡加密和SPKI 接口安全模型的语义和处理.提供了对在各种服务器间交换的XML文档以及非XML文档的安全服务, 如认证、完整性以及机密性.

References:

[1] Bertino E, Castano S, Ferrari E. On specifying security policies for Web documents with an XML-based, language [J]. ACM Symposium on Access Control Models and Technologies, Fairfax, VA, May 2001.
[2] W3C. XML 1.0 Recommendation[EB/OL]. http://www.w3.org/TR/1998/REC-xml-19980210, February 1998.
[3] W3C. XML-Signature Syntax and Processing[EB/OL]. http://www.w3.org/TR/2001/, August 2001.
[4] Frank Boumphrey. Professional XML applications [M]. WROX, 1999.
[5] Elisa bertino, Barbara carminat. XML security [EB/OL]. Report http://www.elsevier.com, 2001.
[6] Dr. Shimshon Berkovits. Public key infrastructure study [EB/OL]. Final Report, 1994.
[7] Rivest R L, Shamir A, Adleman L M. A method for obtaining digital signatures and public-key cryptosystems [J]. Communications of the ACM, 1978.
[8] ElGamal T. A public-key cryptosystem and a signature scheme based on discrete [J]. Communications of the ACM, April 1985.
[9] Microsoft. SDK cryptography, smart card cryptography[EB/OL]. http://www.micosoft.com. August 1999.
[10] Schneier B. Applied cryptography [M]. Wiley, 1996.

Memo

Memo:

* The project supported by the National Natural Science Foundation of China(59789502)and 863 High-Tech R&D program(863-511-030-006).
** Born in 1961, male, graduate.

Common functions