PGP Modification for Securing Digital Envelope Mail Using COM+ and Web Services
نویسندگان
چکیده
Certified email is a value-added service for standard email systems, which guarantees the fairness, i.e., the intended recipient gets the mail content if and only if the mail originator receives a non-repudiation receipt showing that the message has been received by the recipient. Most of certified email protocols schemes have more or less weaknesses and/or security flaws. E-mail communication is insecure it can be read and modified as they are passed through the Internet as clear-text. In the worst case, fairness cannot be achieved since one dishonest party can mount some attacks to cheat the honest party such that the latter cannot get the expected items. In this paper, the proposed model is an attempt to standardize a protocol used to encrypt and digitally sign e-mail correspondence. Also, end-to-end security is discussed and a mechanism of key management is proposed if this service is requested by the user. We analyze some certified email protocols and propose some improvements in order to avoid security problems. Component object model andWeb services are used to implement a prototype to the proposed model.
منابع مشابه
HTTPI Based Web Service Security over SOAP
Now a days, a new family of web applications 'open applications’, are emerging (e.g., Social Networking, News and Blogging). Generally, these open applications are non-confidential. The security needs of these applications are only client/server authentication and data integrity. For securing these open applications, effectively and efficiently, HTTPI, a new transport protocol is proposed, whic...
متن کاملSecuring SOAP Messages with a Global Message Handler and a Standardized Envelope
This paper argues that, in a collaboration context, instead of Web services requiring client applications to comply with individual permutations of security configurations, a standardized mechanism should be established to ensure global security-interoperability. Such a solution would facilitate providing Web services in Grid Services contexts as well. A framework is proposed which comprises, i...
متن کاملDesign and Implementation of an Intranet Security and Access Control System in Ubi-Com
Currently, most enterprise intranet systems process user information for security and access authentication purposes. However, this information is often captured by unauthorized users who may edit, modify, delete or otherwise corrupt this ∗ corresponding author 420 M. Lee, N.-D. Cho, K.-K. Lee, K.-S. Ko data. In addition, corruption can result from inaccurate communication protocols in the web ...
متن کاملSecuring Web Services with XML aware Digital Signatures
The evolution of web services has facilitated the integration of business processes scattered across different geographical locations of the world. Along with the benefits that web services provide for high value online transactions, it also poses some security threats. A new standard of XML aware digital signatures, recommended by W3C, provides authentication, data integrity, and support for n...
متن کاملطبقهبندی کاربردی کارکردهای عوامل نرمافزاری هوشمند و تطبیق آنها با ویژگیهای وبسایتهای کتابخانههای دیجیتال
Purpose: Web services are presently considered as technologies with highest number of applications for the purpose of providing the automatic, high-quality, and fast information interactions. The aim of this paper is therefore to provide a comprehensive framework for a collection of significant services offered by Farsi websites in libraries to be used in future designs. It also aims to classif...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- I. J. Network Security
دوره 13 شماره
صفحات -
تاریخ انتشار 2011