• Title/Summary/Keyword: XML encryption

Search Result 48, Processing Time 0.022 seconds

Conformance Testing Tool Implementation for XML Encryption Products (XML 암호화 제품을 위한 표준적합성 시험도구 구현)

  • Chae Han-Na;Rhee Gwang-Soo
    • The KIPS Transactions:PartC
    • /
    • v.13C no.4 s.107
    • /
    • pp.435-440
    • /
    • 2006
  • XML encryption is to provide confidentiality service, though not limited to, for web contents. XML encryption can be applied to entire data files as opaque objects, or more frequently to various parts of XML documents, supporting various encryption granularity. It is this characteristic that makes XML encryption a more efficient alternative for data confidentiality in various web applications than is possible with SSL/TLS, IPsec, PGP, or S/MIME. It is essential for successful deployment of XML encryption to achieve interoperability among the products implementing this technology, which requires the products to implement the XML encryption standards correctly. Conformance testing is to test if products implement the relevant standard correctly. In this paper we present a conformance testing method for XML encryption products and implement it. We will first look at XML encryption standards developed by W3C, and extract test criteria. Then we propose a testing method in which the encryption capability and the decryption capability of a product are tested separately. The proposed methody is actually implemented as a GUI-based testing tool and some test results are presented.

The Validity Verification of Encrypted XML Document using the XML Schema (XML 스키마를 이용한 암호화된 XML 문서 유효성 검증)

  • Hong, Seong-Pyo;Lee, Joon
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.7 no.5
    • /
    • pp.972-977
    • /
    • 2003
  • XML has weakness problems on document modulation and elimination of data Because of the XML gives priority to present data format, XML signature, XML encryption, or XML access control is provided to overcome those weakness problems. However, structured XML efficiency contravention problem occurred from XML encryption and absence of protection from DID attack are still remains unsolved. In this paper, we suggests the XML schema that satisfies both validity and encryption. The DTD is unnecessary because XML schema supports Well-Formed XML documents and include meta information. Also XML schema has possibility to generate each XML document dynamically and because of self efficiency investigator rule, it has an advantage on extendability of DID based encryption of XML documents.

Access Control of Content Package by Using XML Subject-based Encryption (XML의 주체 기반 암호화를 이용한 콘텐츠 패키지의 접근 제어)

  • Cho Kwang-Moon
    • The Journal of the Korea Contents Association
    • /
    • v.6 no.1
    • /
    • pp.137-142
    • /
    • 2006
  • As a large quantity of information is represented in XML format on the web, there are increasing demands for XML security. Until now research on XML security has been focused on the security of data network using digital signature and encryption technology. As XML data become extensive and complex, however, XML security comes to involve not only network security but also managerial security. But XML encryption support only simple network security. So it cannot support multiple users and multiple access control policy. In this paper, we propose an integration method of encryption and access control policy for securing XML documents. This methodology can support multiple authorization of multiple users with integrating access control.

  • PDF

Role based XML Encryption for Enforcing Access Control Policy (접근제어 정책구현을 위한 역할기반 XML 암호화)

  • Choi Dong-Hee;Park Seog
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.15 no.1
    • /
    • pp.3-15
    • /
    • 2005
  • As a large quantity of information is presented in XML format on the web, there are increasing demands for XML security. Research area or n security is about Encryption Digital signature, Key management and Access control. until now research on U security has been focused on the security of data network using digital signature and encryption technology. As XML data become extensive and complex XML security comes to involve not only network security but also managerial security. Managerial security is guaranteed through access control. But XML Encryption supports simple network security. So it can't support multiple users and multiple access control policies. In this paper, we propose an integration method of encryption and access control policy for securing XML documents. This methodology can supper multiple authorizations of multiple users with integrating access control. And this can reduce the cost of evaluation process of the existing complicated access authorization with pre-processing.

Access Control of Digital Content Package by Using XML Encryption (XML 암호화를 이용한 디지털 콘텐츠 패키지의 접근 제어)

  • Cho, Kwang-Moon
    • Proceedings of the Korea Contents Association Conference
    • /
    • 2004.11a
    • /
    • pp.291-295
    • /
    • 2004
  • As a large quantity of information is presented in XML format on the web, there are increasing demands for XML security. Until now research on XML security has been focused on the security of data network using digital signature and encryption technology. As XML data become extensive and complex however XML security comes to involve not only network security but also managerial security. But XML encryption support simple network security. So it cannot support multiple users and multiple access control policy. In this paper, we propose an integration method of encryption and access control policy for securing XML documents. This methodology can support multiple authorization of multiple users with integrating access control. And this can reduce the cost of the existing complicated access evaluation process of access control by using pre-processing.

  • PDF

Implementation of Key Recovery Model based on XML for B2B (B2B를 위한 XML기반의 키 복구 구현)

  • 김주한;문기영;손승원
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.12 no.5
    • /
    • pp.53-61
    • /
    • 2002
  • In this paper, we will introduce a design of key recovery based on XML can be used in B2B environment. XML Digital Signature and XML Encryption that are defied recently as standards by W3C(World Wide Web Consortium) are deployed to sign/verify or encrypt/decrypt documents for electronic commerce and keys to store/load at/from key recovery server. The result of signature or encryption is always an XML document and all messages used in this key recovery system are also XML documents. It enables to adapt transparently this key recovery system to legacy XML applications and electronic commerce platforms based on XML. And its method for key recovery is key escrow. One of the characteristics of this key recovery is that one enterprise can recover keys of some documents for electronic commerce from external key recovery system in other enterprises related with them and also recover keys from owns.

XML Signature System on Mobile Environment (모바일 환경에서 XML 전자서명 시스템)

  • Cao, Ke-Rang;Kim, Chang-Su;Jung, Hoe-Kyung
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.12 no.8
    • /
    • pp.1441-1447
    • /
    • 2008
  • It is possible to transfer huge data in mobile device by advancing mobile technology, and so in this base, various services are offered. Especially, E-commerce service is offering on mobile environment, and this service is based on XML(eXtensible Markup Language) Signature. XML Signature assure that process integrity, message authentication, and/or signer authentication. And WIPI(Wireless Internet Protocol for Interoperability) that is mobile internet integration platform was proposed to integrate mobile device platform. However, because WIPI transmits and exchanges message by tort of XML base, encryption of XML document and necessity of XML signature are increasing because of weakness of security. Therefor in this paper, Encryption and XML signature module of XML document that satisfy standard requirement in WIPI platform base design and implementation. System that was proposed in this paper used standard encryption and XML signature algorithm and supports safe encryption and XML signature through doing security simulation applied various algorithm for XML document of mobile environment.

Design and Implementation of XML Encryption and Digital signature API for Mobile Environment (모바일 환경에서 XML 암호화 및 전자서명 API 설계 및 구현)

  • Cho, Tae-Beom;Ryu, Hwang;Park, Jeong-Yong;Jung, Hoe-Kyung
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.14 no.6
    • /
    • pp.1416-1422
    • /
    • 2010
  • Various other platforms have appeared due to the abolishment of WIPI requirement and increased problems related with hacking and security. Since levels consisting of these platforms are composed of various APIs (Application Programming Interfaces) which are not standardized, other ways must be considered to protect data which are transferred using XML formats. Therefore, XML encryption API and XML digital signature API for data protection and certification, which are both responsible to define mark-up languages for XML encryption and digital signature respectively, were designed in this paper. The simulation system which played the role of the server and client between two terminal units was realized to validate the APIs.

Design and Implementation of a new XML-Signcryption scheme to protect the XML document (XML 문서 보안을 위한 새로운 XML-Signcryption scheme 설계 및 구현)

  • Han, Myung-Jin;Lee, Young-Kyung;Shin, Jung-Hwa;Rhee, Kyung-Hyung
    • The KIPS Transactions:PartC
    • /
    • v.10C no.4
    • /
    • pp.405-412
    • /
    • 2003
  • As the XML is approved standard language by the UN, the progress which complemented the XML security has being processed rapidly. In this paper, we design and implement the "XML-Signcryption" as a security mechanism to protect the XML document that can operate between other platforms. The signature and encryption which is the standard specification in W3C needs to be able to proceed them separately. Generally the signature and encryption require four times modular exponential operation, however the signcryption only needed three times modular exponential operation. This will benefit overall system effectiveness in terms of cost. And this scheme offers to convenient the user, because the signature and encryption implement as a single XML format. This tool can save the parsing time as a number of tags is few within a document. And also, in this paper, based on a research of Web Services security, we can apply XML-Signcryption to the SOAP message to provide the security services. Based on the XML-Signcryption scheme which provides confidentiality, integrity, authentication and non-repudiation to the XML document and Web Service security simultaneously.

Design and Implementation of on XML Data Encryption System considering Validation (유효성을 고려한 XML 데이타 암호화 시스템의 설계 및 구현)

  • 남궁영환;박대하;허승호;백두권
    • Journal of KIISE:Databases
    • /
    • v.29 no.6
    • /
    • pp.417-428
    • /
    • 2002
  • XML(extensible Markup Language) is effective to information retrieval and sharing but has defects related to the data security. And, as a solution of this problem, the current XML security researches such as XML digital signature, XML data encryption, and XML access control exclude the validation property of XML document. The validation of XML should be considered for the secure information sharing in the XML-based environment. In this paper, we design and implement the system to support both security and validation to XML document. Our system performs data encryption and maintenance of valid status of XML document by referencing new XML schema namespace. In addition, it also provides the XML schema security function through the XML schema digital signature. During generating XML schema digital signature, DOMHash method which has the advantage of the faster speed than canonical XML method is applied to XML schema. In conclusion, our system shows the improved functions in flexibility, scalability, and reliability compared with the existing XML security researches.