research on non-repudiation service by yi zhang. motivation of non-repudiation in paper-based...
TRANSCRIPT
![Page 1: Research on Non-repudiation service By Yi Zhang. Motivation of Non-repudiation In paper-based business Electronic business transactions Less physical](https://reader035.vdocuments.us/reader035/viewer/2022072010/56649dcf5503460f94ac328d/html5/thumbnails/1.jpg)
Research on Non-repudiation service
By Yi Zhang
![Page 2: Research on Non-repudiation service By Yi Zhang. Motivation of Non-repudiation In paper-based business Electronic business transactions Less physical](https://reader035.vdocuments.us/reader035/viewer/2022072010/56649dcf5503460f94ac328d/html5/thumbnails/2.jpg)
Motivation of Non-repudiation
In paper-based businessElectronic business transactions Less physical evidence The availability of sophisticated
technologies
Parties potentially involved in a dispute should be able to obtain sufficient evidence to establish what had actually happened
![Page 3: Research on Non-repudiation service By Yi Zhang. Motivation of Non-repudiation In paper-based business Electronic business transactions Less physical](https://reader035.vdocuments.us/reader035/viewer/2022072010/56649dcf5503460f94ac328d/html5/thumbnails/3.jpg)
What is non-repudiation
The goal of a non-repudiation serviceDigital signature is vulnerable to replay attacksSender authentication does not guarantee that messages were not modifiedNon-repudiation service requires both
![Page 4: Research on Non-repudiation service By Yi Zhang. Motivation of Non-repudiation In paper-based business Electronic business transactions Less physical](https://reader035.vdocuments.us/reader035/viewer/2022072010/56649dcf5503460f94ac328d/html5/thumbnails/4.jpg)
Model of Non-Repudiation
Sender Receiver
NRO NRS NRR
NRD
Direct Transmission
![Page 5: Research on Non-repudiation service By Yi Zhang. Motivation of Non-repudiation In paper-based business Electronic business transactions Less physical](https://reader035.vdocuments.us/reader035/viewer/2022072010/56649dcf5503460f94ac328d/html5/thumbnails/5.jpg)
Model of Non-Repudiation
Indirect Transmission
Sender Receiver
NRO NRS NRR
NRD
Delivery authority
![Page 6: Research on Non-repudiation service By Yi Zhang. Motivation of Non-repudiation In paper-based business Electronic business transactions Less physical](https://reader035.vdocuments.us/reader035/viewer/2022072010/56649dcf5503460f94ac328d/html5/thumbnails/6.jpg)
Technology Overview
Message Authentication Message Authentication Code (MAC) Digital Signature
Sender/Receiver Authentication Username and Password SSL Server and Client
![Page 7: Research on Non-repudiation service By Yi Zhang. Motivation of Non-repudiation In paper-based business Electronic business transactions Less physical](https://reader035.vdocuments.us/reader035/viewer/2022072010/56649dcf5503460f94ac328d/html5/thumbnails/7.jpg)
Technology Overview
SOAP (Simple Object Access Protocol) XML based protocol An envelope A set of encoding rules A convention for representing remote
procedure calls and responses A simple SOAP sample
SOAP-DSIG appends digital signatures to SOAP
![Page 8: Research on Non-repudiation service By Yi Zhang. Motivation of Non-repudiation In paper-based business Electronic business transactions Less physical](https://reader035.vdocuments.us/reader035/viewer/2022072010/56649dcf5503460f94ac328d/html5/thumbnails/8.jpg)
Request Example
HTML Header followed by SOAP message.
POST /order HTTP/1.1 Host: www.onlinetrade.com Content-Type: text/xml; charset="UTF-8" Content-Length: nnnn SOAPAction: "http://www.onlinetrade.com/order#buy“
……
SOAP message
![Page 9: Research on Non-repudiation service By Yi Zhang. Motivation of Non-repudiation In paper-based business Electronic business transactions Less physical](https://reader035.vdocuments.us/reader035/viewer/2022072010/56649dcf5503460f94ac328d/html5/thumbnails/9.jpg)
Response Example
HTTP/1.1 200 OK Content-Type: text/xml; charset="UTF-8" Content-Length: nnnn
……
SOAP message
![Page 10: Research on Non-repudiation service By Yi Zhang. Motivation of Non-repudiation In paper-based business Electronic business transactions Less physical](https://reader035.vdocuments.us/reader035/viewer/2022072010/56649dcf5503460f94ac328d/html5/thumbnails/10.jpg)
Satisfaction of Non-repudiation service
Exchanging the above HTTP messages over SSL.To guarantee the signer of a SOAP message is the same as the sender The private key used to sign the order
should be the same for SSL client authentication.
The private key used to sign the receipt should be the same for SSL server authentication