Abstract: The core issue of e-commerce transaction is security. In view of the main security problems in e-commerce transactions, this paper expounds the main technologies and measures for solving the security problems in e-commerce transactions at present.

[Keywords:] e-commerce security technology transaction security

I. Introduction

E-commerce is a new trading mode that realizes online shopping for consumers, online trading between enterprises and online electronic payment under the open network environment. Because e-commerce has the characteristics of low cost, high efficiency and globality, it is rapidly popularized around the world. E-commerce has become the most dynamic growth point of the world economy, and its application will bring great changes to social and economic development. But at present, the trade volume completed by global e-commerce only accounts for a small part of the global trade volume in the same period. The reason is that e-commerce is a complex system engineering, and its application depends on the gradual solution and improvement of corresponding social and technical problems. Among them, the security of e-commerce is the most critical issue that restricts the development of e-commerce.

Second, the security threats and security requirements of e-commerce transactions

1. Security threat. In e-commerce transactions, it is more vulnerable to the following security threats, which will often bring very serious consequences to e-commerce: First, the theft and tampering of transaction information, that is, the data transmitted in plain text in online transactions are intercepted and decoded by illegal intruders, and then illegally tampered with, deleted or inserted, which destroys the integrity of information. The second is information fraud, that is, illegal network attackers commit fraud by impersonating legitimate users or simulating false information.

2. Safety requirements. E-commerce transaction process has the following security requirements, that is, confidentiality, integrity and non-repudiation of information. The confidentiality of e-commerce information refers to the characteristic that information will not be leaked to or used by unauthorized users, entities or processes. The integrity of e-commerce information refers to the characteristics that data cannot be changed without authorization. In other words, information remains unchanged during storage or transmission, and is not destroyed or lost. The non-repudiation of e-commerce information refers to avoiding one party in a transaction from denying that he has carried out a certain transaction; Or one party denies receiving the transaction information sent by the other party.

Three, the main security technology of e-commerce transactions

1. encryption technology is the most basic security technology of e-commerce. Under the current technical conditions, encryption technology is usually divided into symmetric encryption and asymmetric encryption.

(1) Symmetric key encryption: Use the same encryption algorithm, and use the same key for encryption and decryption. If both parties can ensure that the private key is not leaked in the key exchange stage, they can use symmetric encryption method to encrypt confidential information and send the message digest and message hash value with the message to ensure the confidentiality and integrity of the message. Key secure exchange is the core link related to the effectiveness of symmetric encryption. At present, commonly used symmetric encryption algorithms include DES, PCR, IDEA, 3DES and so on. Among them, DES is the most commonly used and adopted data encryption standard by the International Organization for Standardization.

(2) Asymmetric key encryption: Asymmetric encryption is different from symmetric encryption, and its key pair is divided into public key and private key. After the key pair is generated, the public key is made public, while the private key is kept in the hands of the key issuer. Any user who gets the public key can encrypt the information with this key and send it to the publisher of the public key, and the publisher will decrypt the encrypted information with the private key corresponding to the public key. At present, the commonly used asymmetric encryption algorithm is RSA algorithm. This algorithm has been recommended by the Technical Subcommittee of Data Encryption of the International Organization for Standardization as an asymmetric key data encryption standard. Among symmetric and asymmetric encryption methods, symmetric encryption has the advantages of fast encryption speed (usually 10 times faster than asymmetric encryption) and high efficiency, and is widely used in the encryption of a large number of data. However, the fatal disadvantage of this method is that the transmission and exchange of keys also face security problems, and keys are easy to be intercepted. Moreover, if you communicate with a large number of users, it is difficult to manage a large number of key pairs safely, so there are some problems in the wide application of symmetric encryption. The advantage of asymmetric key is that it solves the problem that the number of keys in symmetric encryption is too large to manage and the cost is high, and there is no need to worry about the leakage of private keys in transmission, so the security performance is better than that of symmetric encryption technology. But the disadvantage of asymmetry is that the encryption algorithm is complex and the encryption speed is not ideal. At present, the practical application of e-commerce is often a combination of the two.

2. Identity authentication technology. At present, only encryption technology is not enough to ensure the security of e-commerce transactions, and identity authentication technology is another important technical means to ensure the security of e-commerce. The realization of identity authentication includes digital signature technology, digital certificate technology and so on.

(1) digital signature technology

Encrypted information only solves the problem of confidentiality in the process of information transmission, and other means are needed to prevent others from tampering with or destroying the transmitted information, to ensure the integrity of the information and to ensure the non-repudiation of the information sender. This means a digital signature. Digital signature technology is an identity authentication technology. Digital signatures on digitized documents are similar to handwritten signatures on paper and cannot be forged. The receiver can verify that the document really comes from the signer and the document has not been modified after signing, thus ensuring the authenticity and integrity of the information.

The current digital signature is based on public key system, which is another application of public key encryption technology. There are similarities between digital signature and written document signature. Using digital signature, you can confirm the following two points: the information was sent by the signer; This information has not been modified from the date of publication to the date of receipt. At present, there are three main digital signature methods, namely: RSA signature, DSS signature and Hash signature. These three algorithms can be used separately or together.

(2) Digital certificate technology

In the public-private key system, the private key is only known by the sender of the information, and the matching public key is public, which can ensure the confidentiality of the transmitted information, but it does not solve the distribution method of the public key. Digital signature guarantees that the information is sent by the signer and that the information has not been modified from sending to receiving, but it cannot guarantee the authenticity of the signer's identity. Therefore, a measure is needed to manage the distribution of public keys and ensure the authenticity of public keys and entity identity information related to public keys. This measure is digital certificate. Digital certificates are generally issued by authoritative, credible and willful third-party institutions, namely CA. Digital certificate is a key management medium in public key system, which binds the public key with the entity identity information and contains the digital signature of the certification authority. Digital certificate is used for the distribution and transmission of public keys in e-commerce, which proves that the identity of e-commerce entities matches the public keys.

Fourth, summary.

Encryption technology and identity authentication technology are the basic technologies of e-commerce transaction security. Encryption technology is used to encrypt information and ensure the confidentiality of information. Digital signature and digital envelope technology apply encryption technology based on public key system. Digital signature technology digitally signs information to ensure the integrity and non-repudiation of information. Digital certificate technology is a technology that supports encryption technology and digital signature. Used to manage the distribution of public keys and ensure the authenticity of public keys and entity identity information related to public keys. Therefore, the electronic certificate must be issued by an authoritative third-party certification center.

References:

[1] Zhao Shurui, Yue Wei. Analysis of e-commerce transaction security model based on SET [J]. Shopping Center Modernization, 2006, (06).

[2] Wang Xi and Yang Deli. Research on the security system and technology of e-commerce [J]. Computer Engineering, 2003, (0 1).

[3] Golve. Security Issues and Security Technologies of E-commerce [J]. Inner Mongolia Science and Technology and Economy, 2005, (13).

[4] Guo Jingjing, Li Layuan. Research on e-commerce payment system based on SET protocol [J]. Computer Application, 2002, (03).