1 / 10

Enhancing Non-Repudiation in Electronic Business Transactions

Research on non-repudiation services by Yi Zhang, discussing the motivation, concept, and technology overview to ensure parties can obtain sufficient evidence in disputes. Learn about direct and indirect transmission models, and technology like digital signatures and SSL. Satisfaction of the service through HTTP messages over SSL.

aiden
Download Presentation

Enhancing Non-Repudiation in Electronic Business Transactions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Research on Non-repudiation service By Yi Zhang

  2. Motivation of Non-repudiation • In paper-based business • Electronic business transactions • Less physical evidence • The availability of sophisticated technologies • Parties potentially involved in a dispute should be able to obtain sufficient evidence to establish what had actually happened

  3. What is non-repudiation • The goal of a non-repudiation service • Digital signature is vulnerable to replay attacks • Sender authentication does not guarantee that messages were not modified • Non-repudiation service requires both

  4. NRD Sender Receiver NRO NRS NRR Model of Non-Repudiation Direct Transmission

  5. Delivery authority NRD Sender Receiver NRO NRS NRR Model of Non-Repudiation Indirect Transmission

  6. Technology Overview • Message Authentication • Message Authentication Code (MAC) • Digital Signature • Sender/Receiver Authentication • Username and Password • SSL Server and Client

  7. Technology Overview • SOAP (Simple Object Access Protocol) • XML based protocol • An envelope • A set of encoding rules • A convention for representing remote procedure calls and responses • A simple SOAP sample • SOAP-DSIG appends digital signatures to SOAP

  8. Request Example • HTML Header followed by SOAP message. POST /order HTTP/1.1 Host: www.onlinetrade.com Content-Type: text/xml; charset="UTF-8" Content-Length: nnnn SOAPAction: "http://www.onlinetrade.com/order#buy“ …… SOAP message

  9. Response Example HTTP/1.1 200 OK Content-Type: text/xml; charset="UTF-8" Content-Length: nnnn …… SOAP message

  10. Satisfaction of Non-repudiation service • Exchanging the above HTTP messages over SSL. • To guarantee the signer of a SOAP message is the same as the sender • The private key used to sign the order should be the same for SSL client authentication. • The private key used to sign the receipt should be the same for SSL server authentication

More Related