电子商务安全技术的分析与研究2007-10-12 With the network technology and the rapid development of information technology, e-commerce has been growing a wide range of applications, more and more businesses and individuals rely on e-commerce users quick and It appears not only to the development and expansion of Internet has provided a new opportunity, but also to the business community into a great But e-commerce is based on vector-based computer network and a large number of important status information, accounting information, transaction information needed to carry out in-line transmission, in such circumstances, security issues become a priority Second, the current e-commerce security issues Network protocol security issue: At present, TCP / IP protocol is the most widely used network protocol, but TCP / IP itself, characterized by openness, enterprise and users of electronic transactions in the course of the data is the form of packet transmission, malicious attackers can easily launch an e-commerce site to a packet interception, or even modify the data packets and Users of information security issues: At present, the most important form of e-commerce is based on B / S (Browser / Server) structure of the e-commerce sites, users log on using the browser network transactions, as a result of the user in the registry may be used in public computer, such as Internet cafes, offices, computers, , then if they have a malicious Trojan horse computer program or virus, the user's login information such as user names, passwords may be the risk of E-commerce Web site security issue: that there are some companies established themselves in the design of e-commerce site will have a number of production security, server operating system itself, there will be loopholes, unscrupulous attackers to enter the e-commerce site if a large number of user information and transaction information will be stolen, enterprises and users to incalculable C, e-commerce security requirements The effectiveness of service requirements: e-commerce system should be able to prevent the occurrence of service failures to prevent failure due to network attacks and viruses and other system factors such as suspension of services to ensure that transaction data can be transmitted quickly and Trading requirements of the confidentiality of information: e-commerce systems to deal with the information sent by users of encryption to effectively prevent the interception of information to decipher, at the same time to prevent unauthorized access to Data integrity requirements: the number refers to the integrity of data processing, the original data and existing data is fully consistent In order to safeguard the seriousness of business dealings and fair, the transaction documents is not being modified, there will be damage to the commercial interests of the The requirements of authentication: e-commerce systems should provide safe and effective authentication mechanism to ensure that transaction information between the two sides are legitimate and effective in order to avoid trade disputes, to provide a legal D, e-commerce security measures Data encryption Data encryption is the most basic e-commerce information system security The principle is that information on the use of encryption algorithm will be converted into explicit rules according to a certain encryption ciphertext generated after the transmission, thus ensuring the confidentiality of The use of data encryption technology can solve the information requirements of the confidentiality of its Data encryption technology can be divided into symmetric key encryption and asymmetric key (1) symmetric key encryption (SecretKeyEncryption) Symmetric key encryption also known as secret / Private key encryption, that is, send and receive data between the parties must use the same key for encryption and decryption explicitly Its advantage is encryption, decryption speed, suitable for large amount of data encryption, to ensure data confidentiality and integrity; drawback is that when the large number of users, distribution and management is very difficult to key (2) non-symmetric key encryption (PublicKeyEncryption) Non-symmetric-key encryption also known as public key encryption, it mainly refers to each person only has a pair of corresponding keys: public key (the public key) and private key (the private key) public key public, private saved by the personal secret, a key used to encrypt them, they can only use the other to decrypt the Asymmetric key encryption algorithm is the advantage of easy distribution and management, the shortcomings of the algorithm complexity, encryption (3) the complexity of encryption As a result of these two types of encryption technology, each the length of the relatively common practice is to integrate the two For example, the use of information to send the information symmetric key encryption, ciphertext generated after the recipient's public key to use symmetric key encryption to generate the number of envelopes, then the number of ciphertext envelope and sent to the receiver at the same time, the receiving party by the opposite clear direction after Digital signature Digital signature is generated through specific password computing the composition of a series of symbols and codes for a signature key, to replace the written signature or seal, this electronic signature technology can also be carried out to verify, verify the accuracy of its general manual signature and verification seal Digital signature technology to ensure the integrity of information transfer and non- Accreditation agencies as well as digital E-commerce transactions due to the general users will not have face to face, so the two sides of the transaction identification is to protect the safety of the premise of e-commerce Certification body is a public and credible third party to confirm the identity of both parties, the digital certificate is signed by the certification body, including the identity of the owner of public key information as well as the public key of the Paid in the transaction process, participants must use the Certification Center of the digital certificate issued to prove his The use of Secure Electronic Transaction protocol (SET: Secure Electronic Transactions) By two major credit cards VISA and MasterCard standards SET for the division of e-commerce activities and to define the rights and obligations of the parties to the relationship between a given transaction information transmission process SET protocol guarantees the confidentiality of e-commerce systems, integrity, non-repudiation of the legitimacy and