在網際網路上應用MIME整合EDI與電子郵件安全機制之可行性分析與系統實做---以金融EDI為例

全文

(1)

(2) MIME EDI

(3) . — EDI ! Using MIME to Integrate EDI and Security Mechanisms of the Internet Electronic Mail – Feasibility Study and System Implementation with Case of Finanical EDI. 88-2416-H-009-019 87 8 1

(4) 88 7 31

(5) ! However, an EDI document inevitably faces various threats; e.g., data stealing or manipulation, when electronic information is transmitted via open networks. Consequently, the security of EDI should be seriously concerned. This study will focus on applying Multipurpose Internet Mail Extensions (MIME) to integrate the EDI and the Internet e-mail security mechanisms.. "#$%&' "#$%&'()*+,-$./ 01Electronic Data Interchange, EDI2345 6789:;)<=(>?@AB EDI CD EFGHIJ(&'K-L Internet-MNO P/0Q5RSTU-VW;XY7Z [(<\A]^CDEFGHIJ&'K_ EDI àbcade(fg-hL/(i jklmnALoE Internet Kpq EDI (rs-^FGtuv(wxAy z{E&|&'KN$.}~ EDI / ( e J- &|&'~ 1 Multipurpose Internet Mail Extensions, MIME2Z EDI $.}~rs-O EDI /\E&|&'Krs(A. Keyword: Electronic Data Interchange, Internet Electronic Mail Security Mechanisms, Multipurpose Internet Mail Extensions.. (#)* +, "#$%&'()*+,-$./ 01Electronic Data Interchange, EDI2345 6789:;)<=(>?@AB EDI CD EFGHIJ(&'K-L Internet-MNO P/0Q5RSTU-VW;XY7Z [(<\A]^CDEFGHIJ&'K_ EDI àbcade(fg-hL/(i jklmnALoE Internet Kpq EDI (rs-^FGtuv(wxA RFC 1341 &|&'~ 1 Multipurpose Internet Mail Extensions, MIME2AMIME &|&'$. }~(\-Oj J( mail -¡¢(£¤¥ JARFC 1767 ¦§? MIME ¨ EDI . $./0k$.}~rs k &|&'~. Abstract As communication networks been highly developed, the Electronic Data Exchange(EDI) has become essential to the success of the operation of governments and enterprises. When an EDI document is transferred on an open network, such as the Internet, it can be exchanged more rapidly and conveniently; thus, the performance of the enterprise is improved. 1.

(6) MIME EDI

(7) ¦§Ú¹( EDI öeJ8¬¬(&| &'$.}~rs-ÒÓ;ÇFGZ (CDL÷ 1 A

(8) . 1 Internet EDI . B

(9) . Mapper. Mapper. . . Translator. Translator. Èy( EDI öøùúaû[k £ü0û[8öû[-WÒÓE ö_ýþKFrsû[Npq£( pÕ8ö(rsÕA 1. úaû[ Mapper ú a û [^ú¯( Jk/ ìíü0û[ ( ~-\ Ê¨ EDI £Ç

(10) ã¡ê J ( Ê /ü04£ü0û[M( EDI £a/ (Flat file)-8B EDI £

(11) ã£ü0û[ü0ç( EDI £ a/ þü04ìíMj( Ê/A 2. £ü0û[ Translator £ü0û[;³ EDI £(ü0-M ãúaû[Y( EDI £a/ ü04( EDI J Ê_Mã ( EDI J Êü04 EDI £a/ (Flat file)A§¯ü0û[(Õ-ä ;³( EDI £ü0-ÑýO ( 5 _ ý ú ( UN/EDIFACT 8 ANSI X.12A 3. rsû[ ;³£/rs\-Nk !"neJ§¨( EDI £;³ £åZÕkÁM#$Õk£%ÕnnA 4. öû[ &' EDI /(öAEy(ÒÓO MIME JN SMTP (eJ öA. £©ª J-N MIME « EDI

(12)

(13) £(¨-^F¬M(A]^®¯ MIME Jy°±²;³$.}~rs (´µ-¶§¯·¸rs( EDI-¹# Communicator Communicator K(º»A¼Fea-¦§$.}~r s - L Privacy Enhenced Message 1PEM2kPretty Good Privacy1PGP2n½^5F¾$.}~(¿ 1RFC 8222À -±Á\ÂÃO¯ MIME J($.} ~ K A Ä Å Æ ¹ ; Ç N MIME multipart/signed k multipart/encrypted 1 RFC 1847 2 MIME Object Security Service 1MOSS21RFC 184825ÈÉ(ZeÊ L S/MIME PGP/MIME-]ËÌ+,Í -¹ÎÏFÐ(mÏA yÑ(^- MIME Z EDI &|&'$.}~rsAÒÓ`Ô«M ÕÖ×ØÙ MIME ( J-Ö×Ú¹$ .}~rs-{Û¶ÜÝErsÕ8 Þ|ßDK(àáâ-z{ MOSSkS/MIME PGP/MIME J-Loãä EDI « åæ(ZAEMÕÖ×ç-`NFèé EDI ê ë . ì í 5 î - ß ï F G N PGP/MIME 5ÈÉ(ðñìí-±Nòðñ ìíÞ|óô EDI $.}~rs(Z <õA. PGP/MIME 1. ìíÞ)* Þ8+,)*-(.[À/vø ù Sun Ultra 10 Workstation F0 1¹ RJ-45 &'2_ Pentium PC 30. . 2.

(14) Þ (©ªû[J87. EDI +¨ìí(aE¯Vbcêë ( O ú a ö d - ã EDI /ü04 EDIFACT J±« MIME ef-þg h PGP/MIME ¿ (!"8-g® SMTP ã EDI /i¨Ç AZG EDI +¨ ìíMÖ5;jkGbl (1) Oúa bcFWmìí((¨êë.ìíEë(;³ Security ë_O ^#!"8^#(n-±voO p+¨(XèU Ê8Ã(WH èUMail Setting ëq;³Oödi ¨$.}~r-(A. 0 ; ³ E-mail ´ µ ( Sun Ultra 10 Workstation N SunOS 5.7 50 Client N Win95 OSR2/Win98 5J+ ,0 sendmail.8.8.8 RSAEURO 1.06 cryptography library Borland C++ Builder 4.0 5JH+8 4)* 2. Þìí¿ 56Þ(MÕ788¿ 97 /(jP-Þìí:N;(¿ EDIUN/EDIFACT MIME rsPGP/MIME ANSI X.12 5æ<ê( EDI Ñý:òF(=>5?æ UN/EDIFACT 5@<ê-Ñý3A< |Õ(B$8:AN-ÒÓC:Ã D*)kOEFG( UN/EDIFACT 5Þ ( EDI A E MIME r s ( - Ò Ó MOSSkS/MIME 8 PGP/MIMEAMOSS 5 FH( MIME rs-vMI ^5 MIME rs;³FGðñ8E î-S/MIME 8 PGP/MIME J97 MOSS W mÏAW S/MIME -vFGåZ( CA CD «$K(L+kM-WE0NÑ ý ( ) * ( ± O \ å Z ( CA - L N S/MIME ÞM\E CA PÖ`¹Þ(º »-NÒÓ:Á-v CA ( PGP/MIME 5Þ( MIME rsA . . :';<=>?@AB@ACD .EF. .

(15) . GH 12675. !"#$%. * & +,+-''.I7. !$% &''(). GH 12/05. Zft. Op. Zft. > @TU@AVWX Y';<=>?@AB@A. 1234/05. * & +,+-''/0JK. Op. Zft. * & +,+-''./0. Op. ''(). !$% I''(). !"#$% LC. . $%. 1234675 Zft. * & +,+-''.67. Op. 89. EDI . M.

(16) NO CP.. QRSLC . EDI . 2 EDI

(17) . !"#$%&'. (2) EDIFACT ü0bl v(a^ãOúaöÇ( EDI / ü 0 4 h EDIFACT J( ÊA (3) EDIFACT ( MIME efbl v(a^ã EDIFACT ü0bl öÇ( EDIFACT J ÊK MIME e fA (4) PGP/MIME !"bl. Þìí(Q-L÷ 2-MÖ5 EDI /+¨R EDI /Ã3ea-S EDI Center ;³( E-Mail Server TA 1. RSA èU§YJ v\5Y+¨8ÃV -(WHèU8XèUAJYZ

(18) SÁ[(\5]^-_Á[O P©`( RSA èU§A 2. EDI +¨ìíJ 3.

(19) BEOúa(v!"

(20) ` òblAòbl(va5§ EDIFACT /« MD5 (£svç-þN+¨(X èU§£sv-å4 PGP/MIME (!"çþNtB( MIME Header efA (5) PGP/MIME bl BEOúa(v

(21) ` òblAòbl(va5"YF IDEA uèU§ EDI /-þNÃe ( RSA WHèUuèUAçy vþKtB( MIME Header efA (6) $.}~öbl òbl(va^wåx( EDI /-göyçi¨p( EDI /Ã($.}~zA 3. EDI ÃìíJ EDI Ãìí(a®$.}~Ã JH-VÃ EDI {($.}~ z(j EDI /}~-ã(g8 !"( EDI /«V8!"p$ç-þV EDIFACT Jü04ÃO( / J-|çNbcÃ(êëìí(O úa}Ú(êëAZG EDI Ã ìíMÖ5;j~Gbl (1) $.}~Ãbl òbl(va^Ã POP3 ServerÃ$.}~z(( EDI /±Vö y-ÃçV MIME Header /^# k¹!"k^Äblø POP3 ©ªÀ(ëA (2) PGP/MIME Vbl va/g

(22) -Ô? Ã(XèUVÇuèU-þ§ «VA (3) PGP/MIME !"Kbl va^B/g!"

(23) -Ô ?+¨(WHèUVÇ MD5 £svþ§!"ef(« MD5 £sv§ £sv^#©hA (4) EDIFACT Jü0bl. òbl(va^ãN EDIFACT J}Ú( EDI /-ü04Ã¡ê ( Ê J/ JA (5) Ãêëúa òêëúa5bcÃWm_Ãê ë.ìí(ÃñAva^ã3ü4 Ã¡ê J(êëNbc(úa} ÚA. ã EDI CDE Internet KO EDI ( EFPN-] EDI /(rsxQ ñuvAUN/EDIFACTkANSI X.12 n EDI (OO EDI ìíH+QeT8 W MOSSkS/MIME 8 PGP/MIME n MIME rsM¦§¬Y7 EDI -Á [*(rs-o;³t(´µ-Eü0 4 EDI J( EDI /vK MIME r sOP EDI /\E Internet KN$.} ~ ( e J r s ( A Ò Ó ? UN/EDIFACT 8 PGP/MIME bc3D (èé EDI êëö.ìí-VWp$E &|&'K MIME Z EDI $.}~ rs^M(A ²¹;aGeMN z{( CA NEFÞ ÕkìíM2(Smart Card)-ã e(XèU8KI¯2K-B vj2K(/

(24) rÔödFGG yM;³F(q-ãXè UI¯¹q (.¡(vPrsA. . [1]. [2] [3] [4]. 4. Andrew Fletcher, EDI-Electronic Commerce, EDI and the Internet, Reed Business Information, England 1997 R. Power. R., “UN/EDIFACT Syntax Implementation Guideline”, UNECE Paul Kimberley, Electronic Data interchange, McGRAW-HILL, 1991 N. Borenstein, N. Freed., “MIME (Multipurpose Internet Mail Extensions): Mechanisms for Specifying and Describing.

(25) [5] [6] [7]. [8]. [9] [10] [11] [12] [13]. [14] [15] [16]. the Format of Internet Message Bodies, RFC 1341”, June 1992 Zimmermann, p., “PGP User’s Guide, Vol.I Essential topics”, 1994 Zimmermann, p., “PGP User’s Guide, Vol.II Special topics”, 1994 D. Atkins, W. Stallings, P. Zimmermann, “PGP Message Exchange Formats, RFC 1991”, August 1996 J. Linn, “Privacy Enhancement for Internet Electronic Mail, Part I-IV, RFC 1421-1424”, IAB 1993 S. Crocker, “MIME Object Security Services, RFC 1848”, October 1995 J. Galvin , “Security Multiparts for MIME, RFC 1847”, October 1995 S. Dusse, “S/MIME Version 2 Message Specification, RFC 2311”, March 1998 B. Kaliski. “PKCS #1: RSA Encryption Version 1.5, RFC 2313”, March 1998 B. Kaliski, “PKCS #7: Cryptographic Message Syntax Version 1.5, RFC 2315”, March 1998 B. Kaliski. “PKCS 10: Certification Request Syntax Version 1.5, RFC 2314”, March 1998 M. Elkins, “MIME Security with Pretty Good Privacy, RFC 2015”, October 1996 Chuck Shih, “MIME-based Secure EDI, draft-ietf-ediint-as1-08”, May 1998. 5.

(26)