Research And Application Of The Encryption And Signature Technologies In Web Services Communications

Web Services security is becoming more and more important,with fast developments of Web Services in electronic commerce and government affair etc.In order to solve these security questions, relevant authoritative organizations have corporately drew up a series of security standards, thereinto,IBM and Microsoft etc have drew up WS-Security(Web Services Security)specification, this specification defines a kind of comparatively perfect standard through the expansion of the SOAP protocol.This thesis analyzes emphatically current challenges which Web Services forces,and the status of communication security in Web Services security,compares exsiting Web Services communication security technologies,stands out the technologies of SOAP encryption and SOAP digital signature. The thesis mainly discusses SOAP encryption and SOAP digital signature technologies in WS-Security specification,expounds digital signature,digital certificate and digital envelope, and analyzes XML digital signature and XML encryption mechanism in detail.Making use of the great advantage of the structure of the Web Services system, which can communicate with other applications with a kind of technology based on standard and with different programme languages on different platforms,this thesis conceives the prototype of bank and corporation connected straight,which main design idea is that corporation conveniently transfers bank accounts and pays salary for employees through calling Web Services.The thesis first analyzes the security of the prototype, and puts forward communication security measures,then designs the system and implements security, in the end ,we make security test and pressure test. Combined to security requirements of transfering accounts and paying salary Web Services in the prototype ,we put forward a kind of security communication model based on WS-Security,the idea of the model is to make a series of security management before the SOAP messages sent and received,for example, encrypt and sign messages, accordingly make sure the secuirty in Web Services communication .In order to avoid attack of redelivering messages,we use exclusive customer message ID in transfering bank accounts and paying salary Web Services.The thesis mainly discusses that how to insert security mechanism into SOAP messages with WS-Security and Versign TSIK (Trust Services Integration Kit) toolkits in security message processor chain . encryption, decryption,signature, signature verification and status verification in Web Services communication , ensures confidentiality, integrality, status verification and no denying in Web Services communication,and also avoids attack of redelivering messages with random exclusive message ID.In the end,we make the whole contents of the thesis summarized and expected.