Current location - Education and Training Encyclopedia - Graduation thesis - Ask for the graduation thesis of "Research on E-commerce Security Technology"
Ask for the graduation thesis of "Research on E-commerce Security Technology"
Analysis and Research on E-commerce Security Technology

[Abstract] This paper first introduces the current situation of e-commerce security, analyzes the main problems, and then introduces the main e-commerce security technologies from the aspects of network security technology, data encryption technology and user authentication technology, and puts forward a reasonable e-commerce security architecture.

[Keywords:] e-commerce electronic payment security technology

I. Introduction

With the rapid development of network technology and information technology, e-commerce has been more and more widely used, and more and more enterprises and individual users rely on the rapidity and efficiency of e-commerce. Its appearance not only provides a new opportunity for the development and growth of the Internet, but also injects great energy into the business community. However, e-commerce is based on computer network, and a lot of important identity information, accounting information and transaction information need to be transmitted online. In this case, the security issue becomes the primary issue.

Second, the current security issues in e-commerce

1. Network Protocol Security: At present, TCP/IP protocol is the most widely used network protocol. However, due to the openness of TCP/IP itself, the data of enterprises and users are transmitted in the form of data packets, so it is easy for malicious attackers to intercept data packets on an e-commerce website, or even modify and impersonate them.

2. User information security: At present, the most important form of e-commerce is the e-commerce website based on B/S (browser/server) structure. Users use the browser to log on to the network to conduct transactions. Because users may use public computers when logging in, such as Internet cafes and office computers, if there are malicious Trojan horses or viruses in these computers, their login information such as user name and password may be lost.

3. Security issues of e-commerce websites: Some e-commerce websites established by some enterprises will have some security risks in design and production, and the server operating system itself will also have loopholes. If illegal attackers enter e-commerce websites, they will steal a lot of user information and transaction information, causing immeasurable losses to enterprises and users.

Third, the security requirements of e-commerce

1. Requirements for the effectiveness of services: The e-commerce system should be able to prevent the occurrence of service failures, prevent the system from stopping service due to network failures and virus outbreaks, and ensure the accurate and rapid transmission of transaction data.

2. Confidentiality requirements for transaction information: The e-commerce system should effectively encrypt the information transmitted by users to prevent the information from being intercepted and deciphered, and at the same time prevent the information from being accessed beyond authority.

3. Data integrity requirements: Digital integrity means that the original data and the current data are completely consistent during data processing. In order to ensure the seriousness and fairness of commercial transactions, the transaction documents cannot be modified, otherwise it will inevitably harm the commercial interests of one party.

4. Identity authentication requirements: the e-commerce system should provide a safe and effective identity authentication mechanism to ensure that the information of both parties to the transaction is legal and effective, and to avoid providing legal basis in case of transaction disputes.

Four, e-commerce security technical measures

1. Data encryption technology. Encrypting data is the most basic information security measure in e-commerce system. Its principle is to use encryption algorithm to convert information plaintext into ciphertext generated according to certain encryption rules and then transmit it, thus ensuring the confidentiality of data. Using data encryption technology can solve the confidentiality requirements of information itself. Data encryption technology can be divided into symmetric key encryption and asymmetric key encryption.

( 1) SecretKeyEncryption。 Symmetric key encryption is also called secret/private key encryption, that is, both parties who send and receive data must use the same key to encrypt and decrypt plaintext. Its advantages are high encryption and decryption speed, suitable for encrypting a large number of data, and ensuring the confidentiality and integrity of data; The disadvantage is that when the number of users is large, the distribution and management of keys are quite difficult.

(2) Asymmetric public key encryption. Asymmetric key encryption is also called public key encryption, which mainly means that everyone has a pair of unique corresponding keys: public key (abbreviated as public key) and private key (abbreviated as private key). The private key is kept by personal secret. If one key is used for encryption, the other key can only be used for decryption. The advantage of asymmetric key encryption algorithm is easy to allocate and manage, but the disadvantage is that the algorithm is complex and the encryption speed is slow.

(3) Complex encryption technology. Because the above two encryption technologies have their own advantages and disadvantages, it is common to integrate them at present. For example, the sender encrypts the information with a symmetric key, then encrypts the symmetric key with the public key of the receiver to generate a digital envelope, and then sends the ciphertext and the digital envelope to the receiver at the same time, and the receiver decrypts it in the opposite direction to obtain plaintext.

2. Digital signature technology. Digital signature is an electronic password, which consists of a series of symbols and codes, and is generated through a specific encryption operation, rather than writing a signature or seal. This kind of electronic signature can also be technically verified, and its verification accuracy is incomparable to that of general manual signature and stamp verification. Digital signature technology can ensure the integrity and non-repudiation of information transmission.

3. Certification bodies and digital certificates. Because there is generally no face-to-face transaction in e-commerce, the identification of the identities of both parties is the premise to ensure the security of e-commerce transactions. A certification authority is an open and trusted third party, which is used to verify the identities of both parties to a transaction. A digital certificate is a document signed by a certificate authority, including the identity information of the owner of the public key and the public key. In the process of transaction payment, participants must use the digital certificate issued by the certification center to prove their identity.

4. Use Secure Electronic Transaction (SET). It is a standard designated by VISA and MasterCard. SET is used to divide and define the rights and obligations of all parties in e-commerce activities, and gives the standards of transaction information transmission process. SET protocol ensures the confidentiality, integrity, non-repudiation and legality of e-commerce system.

Verb (abbreviation of verb) conclusion

E-commerce is an important part of national economy and social informatization, and security is an important factor related to the rapid development of e-commerce. The security of e-commerce is a complex system engineering, and it is not enough to prevent it only from the technical point of view. It is also necessary to improve the legislation of e-commerce to regulate various problems existing in the rapid development of e-commerce, so as to guide and promote the sound and rapid development of e-commerce.

References:

Qin Zheng Li Shundong. Introduction to electronic commerce [M]. Beijing: Higher Education Press, 2002.06.

[2] Yu. On the security issues in e-commerce [J]. Science and Technology Advisory Herald, 2007.02

[3] Zeng: e-commerce security needs and protection strategies [J]. Database and Information Management, 2007.06

For reference only, please learn by yourself.

I hope it helps you.