在網際網路上應用MIME整合EDI與電子郵件安全機制之可行性分析與系統實作

Abstract

隨著電腦網路的高度發展，電子資料交換（Electronic Data Interchange, EDI）已成為企業及政府提高效率的新利器。當EDI架構在一個開放式的網路上，如Internet，可以使得資料交換更為快速便捷，從而提昇產業整體的效能。但是架構在一個開放式網路上之EDI會面臨四面八方的威脅，譬如資料的竊取、竄改等。如何在Internet上確保EDI資訊的安全，是一個很重要的研究課題。本研究探討在網際網路上以電子郵件來傳遞EDI資料的方式，應用多用途網際網路信件延伸（Multipurpose Internet Mail Extensions, MIME）整合EDI與電子郵件安全機制，使EDI資料能在網際網路上安全的被傳遞。 本研究首先做可行性分析：綜覽EDI的格式；分析現有電子郵件的格式與相關安全機制，討論這些機制在安全性及實際建構上的優缺點；探討MIME Object Secure Service（MOSS）、Secure MIME（S/MIME）與MIME with Pretty Good Privacy（PGP/MIME）格式，研究如何將其與EDI做完美的整合。在可行性分析後，會以金融EDI系統為例，建立一個以PGP/MIME為基礎的雛形系統，並以此雛形系統實際評估金融EDI與電子郵件安全機制的整合結果。

As communication network been highly developed, the Electronic Data Exchange(EDI) has become essential to the success of the operation of governments and enterprises. When an EDI document is transferred on an open network, such as the Internet, it can be exchanged more rapidly and conveniently; thus, the performance of the enterprise is improved. However, an EDI document inevitably faces various threats; e.g., data stealing or manipulation, when electronic information is transmitted via open networks. Consequently, the security of EDI should be seriously concerned. This study will focus on applying Multipurpose Internet Mail Extensions (MIME) to integrate the EDI and the Internet e-mail security mechanisms. First, we will conduct feasibility study; by reviewing MIME format, analyzing Internet e-mail security mechanisms, like MIME Object Secure Service (MOSS), Secure MIME (S/MIME) and MIME with Pretty Good Privacy (PGP/MIME), discussing advantages and disadvantages of these mechanisms. After feasibility study, we will take a financial EDI order system as an example to develop a prototype and evaluate the result of integrating the EDI with the Internet e-mail security mechanisms by using this prototype.