Abstract [eng] |
This work presents operation principles of e-service systems, based on electronic transaction documents and problems, related to security of transaction documents, when transactions are performed in a cloud based IT infrastructure. In such case, a transaction is performed between a customer and a service provider, while there is a third actor - an untrustworthy cloud service provider between them (for example, application and storage service provider). The work presents a review of existing methods for securing e-transaction documents in web environment, exposing their features, advantages and disadvantages. Then a new possible e-transaction documents’ security method is presented: a subject fills a transaction document, signs it with his private key, encrypts it and sends back to service provider. The other possible usage of this method is signing e-documents in web-based document management system. This way all security requirements for e-document based transactions are satisfied (confidentiality, integrity, authentication and non repudiation). A method specification and a working prototype, used for experiment is also discussed in this work. The method has been evaluated by running performance tests, analyzing and comparing security features of other, reviewed methods. Finally, the results of all tests and evaluation are presented at the end of this work. |