资源描述
Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,*,Secure Data Transmission,EDI-INT AS1,AS2,AS3,Kevin Grant,Goals of this Presentation,Understanding Security Mechanisms,Understanding Applicability Statements,MDNs,Secure Transmission Loop,AS1,AS2,AS3,Product Certification,AS1/AS2/AS3 Standards,Applicability Statements 1(AS1),2(AS2),&3(AS3)are the current specifications developed by EDI-INT for transporting data via the Internet.,AS Standards specify how to exchange data,not how to process data.,AS1 d,efines how to perform secure file transfers via SMTP,AS2 d,efines how to perform secure file transfers via HTTP,AS3 d,efines how to perform secure file transfers via FTP,Specify Security Services over a Specific Communication protocol with the introduction of,Message Disposition Notifications(MDNs)to complete the Secure Transmission Loop,AS1/AS2/AS3 Options,Encrypted or not encrypted,Signed or unsigned,Receipt or no receipt,Receipt signed,or not signed,AS1/AS2/AS3 Message Flow,Outgoing Message,SMTP/HTTP/FTP,Recipient,Signed MDN back to sender with hash,Message Encrypted with Recipients,Public,Key,Signature/Hash Applied and Encrypted with Senders,Private,Key,Signature/hash Decrypted with Senders,Public,Key,Message Decrypted with Recipients,Private,Key,Document hash is computed,Computed hash compared with transmitted hash,Incoming MessageValidated,Security Mechanisms,Three basic building blocks are used:,Encryption,is used to provide confidentiality,can provide authentication and integrity protection,Hash algorithms,are used to provide integrity protection,can provide authentication,Digital signatures,are used to provide authentication,integrity protection,and non-repudiation,One or more security mechanisms are combined to provide a security service,Security Protocol,A typical security protocol provides one or more,services,Services are built from,mechanisms,Mechanisms are implemented using,algorithms,Hash Functions,Hashing is the transformation of a string of characters into a shorter fixed-length value or key that represents the original string.,It is used to index and retrieve items in a database because it is faster to find the item using the shorter hashed key than to find it using the original value.,Hash Functions,It is also used in many encryption algorithms.,Creates a unique“fingerprint or message digest.,Anyone can alter the data and calculate a new hash value,Message digest has to be protected in some way,Public-key Encryption,Uses matched public/private key pairs(Asymmetric),Anyone can encrypt with the public key,only one person can decrypt with the private key,Cryptography Digital Signatures,Heres where the public-key algorithm and the hashing algorithm work together:,Certificates,A certificate is a public key that has been digitally signed by a,trusted third party,Certificate Authority(CA).,A Certification Authority(CA)guarantees a public keys authenticity,MDNs,(Message Disposition Notifications),Document acknowledgment,Non-repudiation of delivery(confirms the document WAS received and by whom),Confirms that the recipient was able to decrypt,Gives a status message,as appropriate,Contains the receivers computed hash for comparison against the one originally sent with the message,MDN may be signed by the recipient of the original message,Defined by your trading partner(optional),MDN Request Headers,The MDN is requested by the“Disposition-Notification-To field found in the message header:,AS2-Version:1.1,AS2-From:AS2SENDER,AS2-To:AS2RECEIVER,Subject:G1 Test Case,Message-Id:,Disposition-Notification-To:,Receipt-Delivery-Option:,Disposition-Notification-Options:signed-receipt-,protocol=optional,pkcs7-signature;,signed-receipt-micalg=optional,sha1,Content-Type:multipart/signed;boundary=as2BouNdary1as2;,protocol=application/pkcs7-signature;micalg=sha1,MDN Request Headers,The“Receipt-Delivery-Option field is used to request MDNs in an asynchronous manner.If this field is not present,the MDN is returning via the active HTTP session(AS2):,AS2-Version:1.1,AS2-From:AS2SENDER,AS2-To:AS2RECEIVER,Subject:G1 Test Case,Message-Id:,Receipt-Delivery-Option:,Disposition-Notification-Options:signed-receipt-,protocol=optional,pkcs7-signature;,signed-receipt-micalg=optional,sha1,Content-Type:multipart/signed;boundary=as2BouNdary1as2;,protocol=application/pkcs7-signature;micalg=sha1,MDN Request Headers,The“Disposition-Notification-Options field determines whether the MDN is to be signed and identifies the preferred hash algorithm(SHA-1 or MD5):,AS2-Version:1.1,AS2-From:AS2SENDER,AS2-To:AS2RECEIVER,Subject:G1 Test Case,Message-Id:,Receipt-Delivery-Option:,Disposition-Notification-Options:signed-receipt-,protocol=optional,pkcs7-signature;signed-receipt-micalg=optional,sha1,Content-Type:multipart/signed;boundary=as2BouNdary1as2;,protocol=application/pkcs7-signature;micalg=sha1,The“Secure Transmission Loop(STL),The originator sends a signed and encrypted documen
展开阅读全文