以員工電子職務証書為基礎之存取控制：一個系統設計

Abstract

在網際網路Internet與在企業內部網路Intranet環境中，組織內或企業間 的合作關係，經常隨著運作關係改變而改變，而傳統的資訊資源保護機制 在使用上比較缺乏效率與彈性，無法滿足多變環境的需求。指導教授黃景 彰與學長吳國禎[1]提出整合X.509公開金鑰員工電子識別証書(Public- Key Certificates)與職務為基礎的存取控制(Role Based Access Control)[9][10]的觀念，用來解決組織內部資訊資源的安全管理。本論 文延伸此觀念，設計一員工電子職務証書核發單位(Role Certificate Authority)來實現上述的觀念，此外本論文針對此提出一系統設計。 Traditional mechanisms for information protection is inflexible to meet the needs of changing organizations when Internet/ Intranet is introduced as the information environment. To fulfill the growing demand for better information protection for such an environment, Hwang & Wu[1] presented a concept that uses public-key certificates in the RBAC(Role-Based Access Control) model[9][10]. In this thesis, the author presents a system design that can realize Hwang and Wu's idea. The center of the system is a unit called Role-Certificate Authority(RCA),which is a special type of Certificate Authority(CA) in the public-key infrastructure.