Full metadata record
DC FieldValueLanguage
dc.contributor.author賴威伸en_US
dc.contributor.authorWei-Shen Laien_US
dc.contributor.author葉義雄en_US
dc.contributor.authorYi-Shiung Yehen_US
dc.date.accessioned2014-12-12T02:27:43Z-
dc.date.available2014-12-12T02:27:43Z-
dc.date.issued2001en_US
dc.identifier.urihttp://140.113.39.130/cdrfb3/record/nctu/#NT900392109en_US
dc.identifier.urihttp://hdl.handle.net/11536/68517-
dc.description.abstract輕量目錄存取協定(LDAP; Lightweight Directory Access Protocol)是一項運用於網際網路的新技術。在使用TCP/IP協定的大型網路系統中,沒有一個標準建議使用單一目錄,當然對於企業內部網路系統亦如此。LDAP服務具備許多的優點-例如,提供快速與進階搜尋、快速回應與以階層式展現資料。它也可以被運用到許多其他的應用中。 憑證授權中心(CA; Certification Authority)是一個被信任的系統,它在終端實體(包括人與機器)間扮演一個類似公正人的橋接角色,幫助終端實體間建立安全環境。假如某個終端實體想要與其他終端實體交易或溝通,它需要透過一張CA系統發行的憑證來取信於其他終端實體。當有許多終端實體需要憑證服務時,CA系統的負載會變得相當的沉重。使用分散式的CA系統聽起來可能是一個好點子,但是其建購成本太高。在這本論文中,我們將運用目錄系統來設計一個會議式憑證授權中心(Session CA)以減輕CA系統的負載,因為屬性憑證(Attribute Certificate)生命週期很短暫所以此系統不需維護憑證廢止序列(CRL; Certificate Revocation List)。 基於LDAP目錄服務具備上述的優點,因此很值得我們採用它來設計一個新的CA系統。藉由使用LDAP服務,我們可以明顯減輕CA系統與終端實體間的憑證服務負載。此外,此技術可以減少管理上的維護工作並改善我們所提CA系統的效能。因此,結合以角色為基礎的存取控制與屬性憑證,我們系統的安全性將大幅改善。zh_TW
dc.description.abstractLightweight Directory Access Protocol (LDAP) service [1, 2] is a new technology being applied on the Internet. On large-scale network systems using TCP/IP protocol, there's no standard suggested for single directory − certainly without one to be routinely used on the scale of intranets. LDAP service has many great features, such as providing quick and advanced search, quick response and hierarchy view of data. It also can be utilized to many different applications. Certification Authority (CA) [3] is a trusted system, and it plays an important role just like a notary bridging between end-entities and helps end-entities to establish a secure environment. If someone wants to trade or communicate with others, he or she needs the certificate issued by the CA to help him or her get the trust from others. When a number of end-entities need this service, the load of CA may become huge. Using distributed CAs may sound like a good idea, but it costs too much. In this dissertation, we have designed a Session CA using a directory system to share its load without the necessity to maintain the Certificate Revocation List (CRL) [4, 5] because the lifetime of the attribute certificate is very short. With these great features of LDAP service mentioned above, it becomes desirable that we can apply them to design a new CA system. By using LDAP service, we can reduce the load of certification significantly between CA and end-entity. In addition, this new technology can reduce the maintenance work of administration and improve the efficiency of our new proposed CA. Furthermore, combining with Role-Based Access Control (RBAC) [6] and attribute certificate, the security of our system is greatly improved.en_US
dc.language.isoen_USen_US
dc.subject公開金鑰基礎架構zh_TW
dc.subject以角色為基礎的存取控制zh_TW
dc.subject優先權管理基礎架構zh_TW
dc.subject非決定與決定的密碼系統zh_TW
dc.subject非決定的訊息認證碼zh_TW
dc.subject身分確認式TELNET協定zh_TW
dc.subjectPublic-Key Infrastructureen_US
dc.subjectRole-Based Access Controlen_US
dc.subjectPrivilege Management Infrastructureen_US
dc.subjectNondeterministic-Deterministic Cipheren_US
dc.subjectNondeterministic Message Authentication Codeen_US
dc.subjectAuthenticated TELNET Protocolen_US
dc.title設計以角色為基礎之存取控制於目錄服務與公開金鑰基礎架構zh_TW
dc.titleDesign of Role-Based Access Control on Directory Service with Public-Key Infrastructureen_US
dc.typeThesisen_US
dc.contributor.department資訊科學與工程研究所zh_TW
Appears in Collections:Thesis