《(含凭证与电子签章介绍).ppt》由会员分享,可在线阅读,更多相关《(含凭证与电子签章介绍).ppt(144页珍藏版)》请在三一文库上搜索。
1、1,More Internet technologies and their applications,(含憑證與電子簽章介紹),蔡文能 tsaiwncsie.nctu.edu.tw,2,Agenda,Introduction to Internet Technology Web (WWW) XML, XUL PKI與憑證簡介(主要介紹自然人憑證) J2EE Introduction to Network Security Authentication RSA Public Key Algorithm X.509 Certificates and their applications,3,In
2、ternet 的起源與發展,1962 ARPA computer program begins 1965 First actual network experiment, Lincoln Labs (now part of MIT) 1966 ARPA packet-switching experimentation 1969 First Arpanet nodes operational 1972 Distributed e-mail invented 1973 For non-U.S. computer linked to ARPAnet 1975 Arpanet transitioned
3、 to Defense communications Agency 1977 E-mail takes off, Internet becomes a reality, Number of hosts breaks 100. 1978/2 first real BBS, the Board in Chicago 1980 TCP/IP experimentation begins 1981 New host added every 20 days,4,Internet 的起源與發展(Cont.),1983 TCP/IP switchover complete 1984 Number of ho
4、sts breaks 1,000. 1986 NFSnet backbone created 1987 Number of hosts breaks 30,000. 1989 Number of hosts breaks 100,000 1990 Arpanet retired 1990 300,000 Hosts. 1,000 News groups 1991 Gopher introduced, U of Minnesota. 1991 WWW invented 1992 Hosts 1 Million. News groups 4,000 1993 Mosaic introduced (
5、第一個圖形式瀏覽器) 1993 Hosts 2 Million. 600 WWW sites,5,Internet 的起源與發展(Cont.2),1995 Internet backbone privatized 1995/May Java formally announced by Sun Microsystems (JacaScript by Netscape) 1995 6.5 Million Hosts, 100,000 WWW Sites 1996 OC-3 (155Mbps) backbone built 1996 Internet 2 1996 Next Generation I
6、nternet (NGI) 1997 20 Million Hosts, 1 Million WWW sites, 71,618 Newsgroups. 1999 Dot-com Frenzy. 2000 Dot-com Crash. 123 Million Hosts, 8.5 Million WWW sites,6,www.Y 雅虎股價,7,1968年於台灣台北出生 十歲的時候移民加州聖荷西市 四年內完成史丹佛大學及碩士課程 史丹福大學攻讀CAD博士學位 1994年與David Filo 創立Yahoo,www.Y 雅虎 (by 楊致遠),8,TANet History, Hinet,19
7、89/9 教育部召集各校研商建立教育部與各大學之整合性高速學術網路,計畫以二年時間協助各國立大學建立校園網路。 1990年2月 此網路命名為台灣學術網路(Taiwan Academic Network,簡稱 TANet)。1990年7月 TANet 正式啟用。 1991/12 TANet 用64Kbps與美國普林斯頓大學 JvNCnet 連接。 1994/4/1 交通部電信局Hinet免費讓民眾試用一年, 第一年只有發出三千個帳號, 免費的大家不喜歡用。 1994/8 行政院成立國家資訊通信基本建設專案推動小組,推動 N I I 計畫。 (National Information Infras
8、tructure project) 。行政院院長連戰指示三年內要台灣 Internet 人口達到300萬人。 1994/10 TANet 連美國頻寬提升至512 Kbps 。 1995/4 Hinet 用戶突破百萬。 1995/10 將連美國頻寬提升至T1(1.544Mbps),1996/5提昇至2條T1 ,並將進入美國之連接點由東岸JvNCnet移至西岸之GLOBAL-ONE。1998/11 TANet擴充國際電路頻寬為T3(45Mbps) 。 1998/10 教育部推動擴大內需計畫,推動全國中小學ADSL連線。 1998/12 台灣 Internet 人口正式突破300萬人。 1999/1
9、2完成全國中小學ADSL連線及四個縣市區網中心。,9,TANet History, Hinet (cont.),2000年02月,國內骨幹之區域網路中心對外頻寬為120 Mbps (ATM),縣市教育網路中心對外頻寬為45 Mbps。 2000/11 Hinet 用戶達 二百萬。 2000/12 我國網際網路用戶數達626萬人。 2001/3 我國網際網路用戶數達674萬人: TANet上網的用戶數有246萬,透過電話撥接上網用戶528萬, 專線用戶數為1.7萬,ADSL用戶數為22萬, Cable Modem用戶數達14萬,ISDN用戶數為1.5萬, 衛星用戶數為3000戶;上述用戶經過加值
10、運算、扣除一人多帳號等重複值後,計算出我國網際網路用戶數達674萬。 2001年10月,國際海纜原T3 * 2提升頻寬至STM1*2(310Mbps)。 2001/12 我國網際網路用戶數達 782 萬。 2002/1/24 中華電信 ADSL用戶突破100萬, 且持續快速成長。 2002/6 我國網際網路用戶數突破 800 萬。 2002/8 中華電信 ADSL用戶達150萬。 2003/8 中華電信 ADSL用戶達230萬,且持續快速成長。,10,TANet 國際頻寬現況,TANet國際專線目前有四路STM1(每路頻寬155Mbps)直達美國,由教育部電算中心、國家高速網路與計算中心(NC
11、HC)及中央研究院共同出資向台灣固網公司承租。目前這四條電路的頻寬分配情形如下: 第1、2路:教育部(155MbpsX 2)美國 第 3 路:國家高速網路與計算中心 155Mbps 美國 第 4 路:教育部(70Mbps)+國家高速網路與計算中心(25Mbps)+ 中研院(60Mbps) 美國 因此,教育部提供各級學校共用的頻寬合計達380 Mbps,為使資源作最佳利用,這380 Mbps的頻寬又劃分為: 圖書館專用頻寬 20 Mbps (例如電子期刊) 快速網段頻寬 280 Mbps (Proxy、DNS等專用) 一般使用者 80 Mbps (未設Proxy之一般用戶),民國,11,The
12、World Wide Web (WWW),The Year1988 John Walker, founder of Autodesk, acquires Nelsons technology and sinks $5 million into its development. However, he is beaten to the race in 1989 by Tim Berners-Lee a physicist at CERN (European Particle Physics Laboratory) who proposed a global hypertext system th
13、at he named “WorldWideWeb.” Berners-Lee specifically invented three things: HyperText Transfer Protocol (HTTP) a standard format for enabling all computers to look up documents. Universal Resource Locator (URL) a standard for finding a document by typing in an address like http:/ HyperText Markup La
14、nguage (HTML) a standard design for word processor-like functions that enables people to add special codes to text. The Year1991 Berners-Lee makes his trio of programs available on the Internet. Leads to a rapid growth in the number of web sites.,12,WWW 發明人 Tim Berners-Lee,Berners-Lee has software i
15、n his blood. Both his parents were programmers who worked for the British company Ferranti on one of the first commercial computers. He read physics at Queens College, Oxford, where he built his first computer with a soldering iron, a microprocessor chip and an old television set. Graduating in 1976
16、, he worked first for Plessey and later for a firm writing typesetting software.,13,1993: Mosaic was born,One of these programmers was Marc Andreessen, who was working for the NCSA in Urbana-Champaign, Illinois. In January 1993, Andreessen released a version of his new, handsome, point-and-click gra
17、phical browser for the Web, designed to run on Unix machines. In August, Andreessen and his co-workers at the center released free versions for Macintosh and Windows.,14,Mosiac Communications (Netscape),December 1993 Andreersson left NCSA and founded Mosiac Communications, now called Netscape. Many
18、of the key developers from NCSA went with him to work on a new browser.,December 1995 Microsoft 宣佈全力投入 Internet,Microsoft Internet Explorer (IE),Microsoft Internet Information Services (IIS),The Apache HTTP Server Project,15,Internet Technology,Speed / Capacity,VPN WEB XML,User,Data / Legacy Systems
19、,16,.NET,Internet Technology Timeline,Microsoft,J2EE,1996,1997,1998,1999,2000,2001,QC,MDB,LCE,MMC,WinDNA,J2EE,VS .NET,17,Moores Law vs. Gilders Law,摩爾定律(Moores Law),英特爾(Intel)創辦人Gordon Moore提出的,根據這條定律電子晶片(chips)處理訊息的能力每隔十八個月就增加一倍。 吉爾德定律(Gilders Law),指通訊系統的頻寬每十二個月便增加兩倍。,莫非定律 - Murphys Law ? ,18,0.01,
20、0.1,1,10,100,1000,10000,1986,1988,1990,1992,1994,1996,Performance in Mflop/s,8087,80287,6881,80387,R2000,i860,RS6000/540,Alpha,RS6000/590,Alpha,Cray 1S,Cray X-MP,Cray 2,Cray Y-MP,Cray C90,Cray T90,1998,Moores Law vs. Gilders Law : The Last Twenty Years,1982,1984,Speed in Mbps,Ethernet,Ethernet,Stora
21、ge,Storage in MB,802.11,Source: Gordon Bell, Microsoft Research,19,0.1,1,10,100,1000,10000,100000,2004,2006,2008,2010,2012,2014,Performance in Gflop/s,2016,The Next Twenty Years,2000,2002,Speed in Gbps,Wired Ethernet,Storage,Storage in GB,802.11,20,By 2009,Almost everything will be connected to the
22、Internet Appliances, automobiles, personal communicators, screens (large and small), even your watch. 3 billion Internet-capable wireless devices The Internet will be: Telephone, answering machine, television, radio, movie theatre, clock, store, cell phone, pager, post office, mailbox, library, secu
23、rity system, gaming platform, musical instrument, learning center, storage medium, and much, much more!,21,XML is .,. an eXtensible Markup Language . HTML presentation tags + your-own-tags . a meta-language for defining other languages . a semistructured data model . not a data model but just an exc
24、hange syntax the ASCII of the Web . many good (and some bad) Computer Science ideas reinvented (but now for the masses!) . good old constant change (not the XML spec., but everything else) ,22,Some History (or: from fat via lean,SGML (Standard Generalized Markup Language) ISO Standard, 1986, for dat
25、a storage & exchange Metalanguage for defining languages (through DTDs) A famous SGML language: HTML! Separation of content and display Used in U.S. gvt. & contractors, large manufacturing companies, technical info. Publishers,. SGML reference is 600 pages long XML (eXtensible Markup Language) W3C (
26、World Wide Web Consortium) - http:/www.w3.org/XML/ recommendation in 1998 Simple subset (80/20 rule) of SGML: “ASCII of the Web”, “Semantic Web” XML specification is 26 pages long,23,HTML vs. XML, Bibliography Foundations of DBs, Abiteboul, Hull, Vianu Addison-Wesley, 1995 Logics for DBs and ISs , C
27、homicki, Saake, eds. Kluwer, 1998 Foundations of DBs Abiteboul Hull Vianu Addison-Wesley . . Chomicki . . ,HTML tags: presentation, generic document structure,XML tags: content, “semantic“, (DTD-) specific,24,XML vs SGML,origins: HTML + SGML (ISO Standard, 1986, 600pp) W3C standard (26 pp): XML synt
28、ax + DTDs XML = HTML presentational tags + user-defined DTD (tags+nesting) = really a metalanguage for defining other languages via DTDs = XML is more like SGML than HTML XML = SGML complexity, document perspective + simplicity, data exchange perspective,25,XML as a Self-Describing Data Exchange For
29、mat,can be easily “understood” by our friend (. even using CP/M & edlin) can be parsed easily contains its own structure (=parse tree) in the data = allows the application programmer to rediscover schema and content/semantics (to which extent?) may include an explicit schema description (e.g., DTD)
30、= meta-language: definition of a language w.r.t. which it is valid allows separation of marked-up content from presentation (=style sheets) many tools (and many more to come - (re)use code): parsers, validators, query languages, storage, standards (good for interoperation, integration, etc): = gener
31、ic standards (XML, DTDs, XML Schema, XPath,.) = community/industry standards (=specific markup languages),26,Different Perspectives on XML,Document (SGML) Community data = linear text documents mark up (annotate) text pieces to describe context, structure, semantics of the marked text Database Commu
32、nity XML as a (most prominent) example of the semistructured data model = captures the whole spectrum from highly structured, regular data to unstructured data (relational, object-oriented, HTML, marked up text, .),27,XML Applications & Industry Initiatives,http:/www.oasis-open.org/cover/xml.html#ap
33、plications Advertising: adXML place an ad onto an ad network or to a single vendor Literature: Gutenberg convert the worlds great literature into XML Directories: dirXML Novells Directory Services Markup Language (DSML) Web Servers: apacheXML parsers, XSL, web publishing Travel: openTravel informati
34、on for airlines, hotels, and car rental places News: NewsML creation, transfer and delivery of news Human Resources: XML-HR standardization of HR/electronic recruiting XML definitions International Dvt: IDML improve the mgt. and exchange of info. for sustainable development Voice: VoxML markup langu
35、age for voice applications Wireless: WAP (Wireless Application Protocol) wireless devices on the World Wide Web Weather: OMF Weather Observation Markup Format (simulation) Geospatial: ANZMETA distributed national directory for land information Banking: MBA Mortgage Bankers Association of America cre
36、dit report, loan file, underwriting Healthcare: HL7 DTDs for prescriptions, policies & procedures, clinical trials Math: MathML (Mathematical Markup Language) Surveys: DDI (Data Documentation Initiative) “codebooks” in the social and behavioral sciences,28,Elements and their Content,element type,cha
37、racter content,element,empty element, Y.Papakonstantinou S. Abiteboul H. Garcia-Molina Object Fusion in Mediator Systems VLDB 96 ,element content,29,What is XUL ?,XML-based User interface Language (“zool”) An XML grammar to add/modify UI widgets of the browser Makes UI building easier and faster Use
38、s W3C standards: HTML, XML, CSS, DOM XPToolkit is the finite set of interface-specific elements created in XUL XPFE (cross Platform Front End) is the front end created from XPToolkit XUL provides flexibility and ease of use Cross-platform UI easily Power enough to build application UI Ready-made wid
39、gets,Programming in Facebook ?,30,XUL Widget & Syntax,Widget: Window, box, menu, button, tabbox, checkbox, Syntax & Rules: XUL is case sensitive: all events and attribute must be written in lower case All strings must be double quoted All attributes must have a value XUL file extension: .xul,Program
40、ming in Facebook ?,31,Inside XUL package,Main components Content: XUL files describes XML description of UI Appearance: CSS, images, and others control presentation Behavior: JavaScript defines event handling within widgets Locale: All localizable strings in external DTD,32,XUL and JavaScript,XUL in
41、terface is a collection of disconnected widgets until programmed Using JavaScript and/or C+ JavaScript included in XUL or a separate file function InitWindow( ) var checkbox = document.getElementByID(“remember“); if (checkbox) checkbox.checked = true; ,33,何謂自然人憑證,自然人憑證是可以在網路上作資料交換時,如同網路身分證辨識雙方身分。 憑證
42、包含了數位簽章跟公開金鑰。這個公開金鑰是智慧型的 IC卡自己演算出來的一組金鑰對中的一半,另一半稱為私密金鑰,則永遠儲存在IC晶片當中。 經由憑證使用人和憑證管理中心約定,日後用這憑證,身分就可以辨認,啟用了加解密的功能,不管你在網路上傳什麼資料,資料都被加密,駭客攔截了資料也無法輕易的解開。,34,自然人憑證,35,我國之政府公開金鑰基礎建設 (Government Public Key Infrastructure,GPKI),36,自然人申辦服務流程,步驟一 請於預約申辦服務畫面點選 申辦註冊 選項。 步驟二 請輸入申請人基本聯絡資料及密碼,完成登錄註冊。 步驟三 完成登錄註冊後,請點選
43、 申辦預約 選項,輸入身分證資料及密碼,選擇欲預約申辦之戶政事務所與時間。 步驟四 於預約申辦當日,請申請人攜帶本人國民身分證,依預約申辦時間與地點,親臨戶政事務所申辦自然人憑證。 自然人憑證IC卡有效期限為五年(申請當天起算)。,37,自然人憑證申請流程圖 (舊),38,http:/village.gov.tw/,39,X.509 Authentication Service,Distributed set of servers that maintains a database about users. Each certificate contains the public key of
44、 a user and is signed with the private key of a CA. Is used in S/MIME, IP Security, SSL/TLS and SET. RSA is recommended to use.,40,Certificate Authority,Trusted, 3rd party organization CA (Certificate Authority) guarantees that the individual granted a certificate is who he/she claims to be CA usual
45、ly has arrangement with financial institution to confirm identity Critical to data security and electronic commerce,41,Certificate Authority generates the “signature” that is added to raw “Certificate”,MIC,Hash,Raw “Certificate” has user name, public key, expiration date, .,Raw Cert.,Signed Cert.,41
46、,Generate hash code of Raw Certificate,Encrypt hash code with CAs private key to form CAs signature,Signed Certificate Recipient can verify signature using CAs public key.,42,42,X.509 Formats,43,This Certificate belongs to: trading subnet a 1199 Charles Schwab & Co., Inc. Phoenix, Arizona, US This
47、Certificate was issued by: Secure Server Certification Authority RSA Data Security, Inc. US Serial Number: 6B:68:2F:3B:FD:8A:46:73:04:33:10:8A:32:1E:47:5B This Certificate is valid from Wed Nov 03, 1999 to Thu Nov 02, 2000 Certificate Fingerprint: 4B:80:C6:C5:2D:63:14:E7:6F:50:BD:16:39:3C:96:FD,43,S
48、ample Certificate information,44,Public Key Infrastructure (PKI),No absolute definition or standard Each party has an associated key pair: one public and one private Private keys are not divulged Public keys are published Infrastructure enables both encryption and digital signatures (to thwart man in the middle) Problem: public key spoofing,45,PKI-Secured Applications,46,PKCS related documents,Public Key Cryptographic Standards, PKCS A collection of 13 papers PKCS #1 to PKCS #15 developed by RSA Labs and repre