Vytauto Didžiojo Universitetas Informatikos Fakultetas Taikomosios Informatikos Katedra
Total Page:16
File Type:pdf, Size:1020Kb
VYTAUTO DIDŽIOJO UNIVERSITETAS INFORMATIKOS FAKULTETAS TAIKOMOSIOS INFORMATIKOS KATEDRA Eglė VALUŠYTĖ SKAITMENINIO PARAŠO DIEGIMO IR NAUDOJIMO ORGANIZACIJOJE TYRIMAS (anglų kalba) Magistro baigiamasis darbas Verslo informatikos studijų programa, valstybinis kodas 62109P109 Informatikos studijų kryptis Vadovas doc.dr. Kęstutis Šidlauskas _________ __________ (Moksl. laipsnis, vardas, pavardė) (Parašas) (Data) Vadovas universitete Ispanijoje Universidad del País Vasco/ Euskal Herriko Unibertsitatea - D. Julián Gutiérrez Serrano (Moksl. laipsnis, vardas, pavardė) Apginta doc.dr. Kęstutis Šidlauskas __________ __________ (Fakulteto dekanas) (Parašas) (Data) Kaunas, 2008 0 SANTRAUKA Magistro darbo autorė: Eglė Valušytė Magistro darbo pavadinimas: Skaitmeninio parašo diegimo ir naudojimo organizacijoje tyrimas Vadovas: doc. dr. Kęstutis Šidlauskas Vadovas universitete Ispanijoje: D. Julián Gutiérrez Serrano Darbas pristatytas: Vytauto Didžiojo Universitetas, Informatikos fakultetas, Kaunas, 2008, birželis Puslapių skaičius: 106 Lentelių skaičius: 11 Paveikslų skaičius: 8 Priedų skaičius: 4 Visam šiuolaikiniam pasauliui persikeliant į elektronines erdves, paslaugoms įgaunant skaitmeninę formą, vis dažniau susimąstoma ir apie visas priemones tam pasiekti, iš kurių viena – e.parašas. E.parašas kai kuriais atžvilgiais netgi lenktų rašalinį savo prototipą ne tik moksle ir IT versle, bet ir vartotojų galvose, jei ne tradiciniai, organizaciniai barjerai, naujovių ir nežinomybės baimė, bei daugelis kitų veiksnių, kuriuos naudinga ištirti. Labiausiai paplitusi e.parašo realizacija PKI (Public key infrastructure) – viešojo rakto infrastruktūra – gali atlikti žymiai daugiau nei vieną funkciją, visos PKI taikymo sričių įvairovės darbe nepavyktų atskleisti dėl vietos ir laiko stokos. Dar vadinama asimetriniu šifravimu, PKI gali ne tik suteikti galimybę pasirašyti dokumentą, bet įmanomas ir atvirkštinis procesas, t.y., užšifravimui naudojant viešąjį, o iššifravimui – privatųjį raktą, saugiai komunikuoti internete ar kitame tinkle. Darbas siekia parodyti PKI esmę ir pagrindinius principus, atskleisti galimybes ir priemones organizacijoms ir vartotojams, išanaliztuoi empirinę informaciją organizacijoje, įvertinti dabartinę PKI situaciją Lietuvoje, paliečiant Europą, atskleisti galimo skaitmeninio parašo vartotojo elgsenos ypatumus. 1 ABSTRACT Author of master thesis: Eglė Valušytė Full title of master thesis: Digital Signature Implementation And Usage Inside An Organization Research Master thesis tutor at home university: assoc. prof. dr. Kęstutis Šidlauskas Master thesis tutor at host university: D. Julián Gutiérrez Serrano Presented: Vytautas Magnus University, Faculty of Informatics, Kaunas, Lithuania, 2008, June While all the modern world is moving to the electronic space and the services are assuming a digital form, one also gives thought to the means to approach to this more and more often, and one of many of the means is digital signature. Electronic signature would even overtake its inky prototype not only in science or IT business, but also in the heads of the consumers, if there were not any traditional, organizational barriers, any fear of innovations and uncertainty amongst many other factors that are useful to explore. The most popular implementation of digital signature - PKI (Public key infrastructure) – can fill a lot more than one function; the variety of all of the PKI application areas is very wide. Also known as assymetric cryptography, PKI can provide an opportunity not only to sign a document, but also a reverse process is possible, that is to communicate safely in the Internet or other net using public key for encoding and private key for decoding. The paper strives to point out the essence and the main principles of PKI, to disclose its possibilities and means for the organizations and the users, to analyse the empirical information in an organization, to measure the current PKI situation in Lithuania also touching Europe, to reveal the mindset and behaviour peculiarities of a potential user of the digital signature. 2 TABLE OF CONTENTS SANTRAUKA ...................................................................................................................... 1 ABSTRACT ......................................................................................................................... 2 TABLE OF CONTENTS ...................................................................................................... 3 LIST OF TABLES ................................................................................................................ 4 LIST OF FIGURES .............................................................................................................. 5 ABBREVIATIONS .............................................................................................................. 6 1. INTRODUCTION............................................................................................................. 7 1.1 Analysis of Antecedents (History) ................................................................................ 7 1.2 Analysis of Factibility .................................................................................................. 9 2.D. O. P., ........................................................................................................................... 12 DOCUMENT OF THE OBJECTIVES OF THE PROJECT ................................................ 12 2.1 ................................................................................................................................... 12 General Vision of the Project ........................................................................................... 12 2.2 Model of the Project: .................................................................................................. 13 2.3 Definition of the Tasks ............................................................................................... 15 2.4 Criteria for Completion .............................................................................................. 16 2.5 Risk Factors ............................................................................................................... 17 3. MANAGEMENT OF THE PROJECT ............................................................................ 18 3.1 ................................................................................................................................... 18 Project Stages .................................................................................................................. 18 3.2 Time Estimation ......................................................................................................... 19 3.3 The Calendar of the Project ........................................................................................ 20 4. ANALYSIS OF PKI INFRASTRUCTURE, USER MEANS AND USAGE IN ORGANIZATION .............................................................................................................. 21 4.1 Digital Signature Infrastructure .................................................................................. 21 4.2 Analysis of PKI User Means ...................................................................................... 46 4.3 Organizational Aspects of PKI Implementation .......................................................... 61 4.4 Evaluation Of Digital Signature User Behaviour And Market ..................................... 75 5. PROJECT PART: SUGGESTED SOLUTIONS FOR PKI IMPLEMENTATION IN AN ORGANIZATION .............................................................................................................. 81 5.1 Digital signature and PKI ........................................................................................... 81 5.2 PKI applications in VMU ........................................................................................... 86 5.3 Digital signature user means for VMU ....................................................................... 88 5.4 Organizational aspects for PKI implementation in VMU ............................................ 92 5.5 The user of PKI in VMU ............................................................................................ 97 6. CONCLUSIONS ............................................................................................................. 98 LITERATURE .................................................................................................................. 103 ANNEXES........................................................................................................................ 106 3 LIST OF TABLES Table 1.1 “Operational factibility of the paper” Table 1.2 “Technical factibility of the paper” Table 1.3 ”Researching factibility of the paper” Table 3.1 “Time estimation of the project” Table 3.2 “The calendar of the project” Table 4.1 ”The network readiness ranks given by the World Economic Forum to the Baltic states and “Spain” Table 4.2 “PKI Application in China’s e-government” Table 4.3 “PKI application possibilities in universities” Table 4.4 “Comparation of the user means” Table 4.5 “Criteria for SWOT analysis” Table 5.1 ”Documents signed in VMU” 4 LIST OF FIGURES Figure 4.1: PKI functioning in digital communications Figure 4.2: Usage of keys in asymmetric cryptography Figure 4.3: PKI applications and technologiesFigure 4.4: Digital signatures functions in organizations Figure 4.4: Digital signatures functions in organizations Figure 4.5: