【作者】 王志标；

【导师】 王舜燕；

【作者基本信息】 武汉理工大学 ， 计算机应用技术， 2007， 硕士

【摘要】 扩展标记语言XML(Extensible Markup Language)是世界万维网联盟W3C(The Worldwide Web Consortium)制定的一种数据标准。它以其结构化、互操作性、易于交换和可扩展性的特点在很多行业得到了广泛的应用。XML为实现安全、高效的电子商务提供了一种开放的标准，它解决了传统数据交换的一些弱点，将中小企业带入到电子商务之中。使用XML结构化的数据可以将数据从商业规范和表现形式中分离出来，便利地进行交换和处理，所以它一经出现就成为新一代数据交换的标准。但是电子商务对XML的关注过多地放在实现数据交换上，对于保证XML数据安全的问题缺乏足够的重视。与传统的数据传输安全相比，XML数据在实施安全保护措施方面有着自身的特点。忽视XML数据的安全会使得交易中的机密信息和敏感信息面临危险。因此，如何在非安全的网络中实现XML数据的安全传输是电子商务急需要解决的问题。XML安全技术主要涉及下列安全问题：XML加密、XML签名、XML密钥管理规范(XML Key Management Specification，XKMS)和安全断言标记语言(Security Assertion Markup Language，SAML)。本论文重点研究XML加密、XML签名这两部分。XML安全技术能保证被传输数据的完整性、真实性和不可否认性，它可以弥补传统安全技术所存在的不足，能有效地增强WEB资源的安全性。并且XML签名和XML加密是安全Web服务(Web Services)中一系列规范的基础，所以保证XML的安全对整个Web的发展都起着至关重要的作用。本论文围绕XML安全技术这一目标展开，主要内容如下：1．介绍了XML的编写规则、特点、编程接口、内容显示及应用领域。2．具体分析了XML安全中的XML加密和XML签名的工作原理，探讨了XML加密和XML签名的实现技术，对XML签名和传统的数字签名做了较深入的比较。3．基于VS．net平台，通过把C#技术，XML安全规范中的XML加密、XML签名有机地结合起来，在“航旅通预定系统”中实现了XML加密、解密、XML签名及验证签名等功能。更多还原

【Abstract】 XML (Extensible Markup Language) is a data standard developed by W3C (The Worldwide Web Consortium). Its structure, interoperability、scalability and easy exchange feature have been widely used in many industries.XML for the realization safe and highly effective E-Commerce provided one kind of open standard. It solved some of the weaknesses of traditional data exchange, and lead small and medium-sized enterprises into E-Commerce. XML-structured data can be separated from commercial norms and manifestations; and can extremely conveniently to exchange and processing. Thus, it has become a new generation emerged data exchange standards as soon as it appears.E-Commerce takes too much attention on XML data exchange, but less on ensures the safety of the XML data exchange. Compare With the traditional data transmission security, the XML data in the implementation of security measures has its own characteristics. Ignore XML data security will make transactions confidential and sensitive information at risk. Therefore, how to realize the security of XML data transmission in the unsafe network is very urgent.XML security technologies involved in the following security issues: XML Encryption, XML Signature, XKMS (XML Key Management Specification) and SAML (Security Assertion Markup Language). This paper focuses on XML Encryption, XML signature two parts.XML Security technology can ensure the integrity, authenticity and non-repudiation of data transmission. It can also make up for the deficiencies of the traditional security technologies. And XML Signature and XML Encryption is the foundation of a series of standard of the secure Web Services. Therefore, Ensure the safety of XML data will play a vital role in the entire Web development.This paper focus on XML security technology, the major elements are as follow:1. Introduced the preparation rules, characteristics, programming interfaces, show, and application areas of XML.2. Specific analyses the working principle of XML Encryption and XML Signature, discussed the realization of XML Encryption and XML Signature technology. And it has deep compared XML Signature and traditional digital Signature.3. Based on VS.net platform, organic combination with C #, XML Encryption, XML Signature, in the "Flight travel reservation system" project, fulfills the XML Encryption, Decryption, Signature and validation of XML Signature, and other functions.更多还原