Implementing the ESES for Secure Electronic Commerce Platform

안전한 전자상거래 플랫폼 개발을 위한 ESES의 구현

  • Lee, Joo-Young (Information Security Research Division, Electronics and Telecommunications Research Institute) ;
  • Kim, Ju-Han (Information Security Research Division, Electronics and Telecommunications Research Institute) ;
  • Lee, Jae-Seung (Information Security Research Division, Electronics and Telecommunications Research Institute) ;
  • Moon, Ki-Young (Information Security Research Division, Electronics and Telecommunications Research Institute)
  • 이주영 (한국전자통신연구원 정보보호기술연구본부 EC정보보호연구팀) ;
  • 김주한 (한국전자통신연구원 정보보호기술연구본부 EC정보보호연구팀) ;
  • 이재승 (한국전자통신연구원 정보보호기술연구본부 EC정보보호연구팀) ;
  • 문기영 (한국전자통신연구원 정보보호기술연구본부 EC정보보호팀)
  • Published : 2001.10.01

Abstract

The ESES system has been developed to supply a digital signature function, an encryption function, and a library of cryptographic primitives and algorithm for securing an XML document and the existing non-XML documents that are exchanged in the electronic commerce. In this paper, we will introduce the overview of ESES system and explain how the ESES processes to offer security services Finally we\`ll conclude our talk by presenting the summary and further works.

본 논문에서는 전자상거래의 활성화를 위해 네트워크를 통해 전달되는 내용에 대한 보호 뿐 아니라 사용자 인증, 데이터 무결성 보장, 송수신에 대한 부인 봉쇄 등 다양한 보안 기능에 대한 필요성을 충족시키기 위해서 ESES(ETRI Secure E-commerce Services) 시스템을 제안한다. ESES는 현재 전자상거래 문서의 표준으로 광범위하게 채택되고 있는 XML(eXtensible Markup Language) 문서 뿐 아니라 전자상거래시 교환되는 디지털 컨텐츠를 위한 보안 서비스를 제공을 목적으로 한다. 본 논문에서는 ESES 시스템에 대한 간략한 소개와 함께 전자상거래시스템에 적용될 보안 서비스를 제공하기 위해 어떻게 설계, 구현되었는지를 기술한다. 마지막으로 ESES를 보완하기 위해 필요한 향후 연구과제를 제시한다.

Keywords

References

  1. M. Mooney and T. Pozil, American Internet user survey, http://www.cyberdialogue.com. 1998
  2. IBM AlphaWorks Homepage, http://www.alphaworks.ibm.com/tech/xmlsecuritysuite
  3. Baltimore, 'X/Secure White Paper,' http://www.baltimoreinc.com/library/whitepapers/xseure.html
  4. Baltimore, 'X/Secure Developer's Guide,' 1999
  5. IETF/W3C, XML-Signature Syntax and Processing (Working Draft), http://www.w3.org/TR/2000/WD-xmldsig-core-20001012/, October, 2000
  6. IFTF/W3C, 'XML-Signature Requirements (Working Draft),' http://www.w3.org/TR/1999/WD-xmldsig-reauire-ments-19991014.html. October, 1999
  7. W3C XML Encryption WG, 'XML Encryption Charter,' http://www.w3.org, 2001
  8. xml-encryption@w3.org Mail Archives, http://lists.w3.org/Archives/Public/xmlencryption/
  9. J. Daemen and V. Rijmen, 'AES Proposeal : Rijnael,' http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf, 1999
  10. A. J. Menezes, P. C. vanOorschot and S. A. Vanstone, Handbook of Applied Cryptography, CRC
  11. W3C, 'Canonical XML Version1.0 (Working Draft),' http://www.w3.org/TR/2000/WD-xml-c14n-20000907, 2000
  12. W3C, 'XSL Transformations (XSLT) Version 1.0,' November, 1999
  13. W3C, 'XML Path Language (XPath) Version 1.0,' November, 1999
  14. Sun, $Java^{TM}$ Cryptography Extension 1.2 API Specification and Reference, Sun micro systems, 1999
  15. Sun, '$Java{TM}$ Cryptography Architecture API Specification and Reference,' Oct. 1999
  16. J. Knudsen, Java Cryptography, O'Reilly, May, 1998
  17. S. Oaks, Java Security, O'Reilly, May, 1998
  18. Frank Boumphrey, Professional XML Applications, WROX, 1999
  19. J-H Kim, J-Y Lee, J-C Na, and S-W Sohn, 'ESES / Cipher : A Design of XML Encryption System,' Proceeding of the int'l conference in Internet Computing, Vol.1. pp.206-212, 2001