With the development of e-commerce technology, online transaction security has become the core and key issue of e-commerce development, and effective protection of online privacy data has become an important market environment condition for the smooth development of e-commerce. Network information security technology, information security protocol and P2P technology have become effective means to protect network privacy.

[Keywords:] E-commerce; Internet privacy; Information security technology; Security protocol; P2P technology; Security countermeasures

With the development of e-commerce technology, the security of online transactions has become the core and key issue of e-commerce development. Driven by interests, some businesses use various technical means to obtain and use information without the knowledge or reluctance of network users, which infringes on the privacy rights of netizens. Effective protection of network privacy has become an important market environment condition for the smooth development of e-commerce.

First, the phenomenon of online privacy infringement

1. Personal infringement. Individuals disclose, disclose, disseminate or transfer the privacy of others, themselves and others on the Internet without authorization; Individuals enter other people's computer systems without authorization to collect and obtain information or harass others; Unauthorized interception and copying of electronic information transmitted by others; Open other people's e-mails without authorization or enter the private online information field to collect and steal other people's information.

2. Infringement by commercial organizations. Commercial organizations specializing in network investigation carry out snooping business, illegally obtain other people's information and use other people's privacy. A large number of websites send spam advertisements to advertisers. By collecting users' personal information, a user information database is established, and users' personal information is transferred and sold to other companies for profit or for other commercial purposes. According to the report of The New York Times, websites such as BOO.com, Toy Intelligence and CraftShop.com all put the statistical analysis results of customers' names, addresses, emails and even credit card numbers online for sale in exchange for more funds.

3. Some hardware and software equipment suppliers intentionally infringe. Some software and hardware manufacturers have tampered with the products they sell to collect consumers' personal information. For example, a company once set a "security serial number" in a certain generation of processors it produced. Every computer using this processor can be identified in the network, and manufacturers can easily receive the information sent and received by users, track the activities of computer users, and copy and store a large amount of user information.

4. Internet provider infringement

(1) Infringement by ISP network service provider: ①ISP has subjective intention (direct intention or indirect intention), which directly infringes on users' privacy rights. For example, ISP transfers or closes customers' mail, which leads to the loss of customers' mail, the disclosure of personal privacy and business secrets. (2) The ISP should be responsible for others publishing infringing information on the website.

(ICP Internet content provider infringes. The International Comparison Programme provides information to users by establishing a website. If ICP finds obvious statements that openly publicize other people's privacy and lets them spread freely, ICP constitutes an infringement on users' privacy and should bear the responsibility for the fault.

5. Monitoring and eavesdropping by network owners or managers. For computer users in the local area network, some network owners or managers will monitor users' activities and eavesdrop on personal information, especially monitoring users' emails through the network center, which seriously infringes on users' privacy rights.

Second, the causes of network privacy problems

Infringement of network privacy is mainly due to the inherent structural characteristics of the Internet and the interest-driven development of e-commerce.

1. Openness of the Internet. From the network itself, the network is a free and open world, which connects the whole world into a whole. On the one hand, it makes it very convenient to collect personal privacy, on the other hand, it also provides a big platform for illegally spreading privacy. Due to the diversity and scattered location of Internet members, its security is not good. Information on the Internet is transmitted through routers, and users can't know which routes are used, so some people or organizations can steal user information by scanning and tracking a key node. In other words, the possibility of intercepting user information from the technical level obviously exists.

2. network cookie. Some websites will store some information in the form of text files on users' hard disks. These files are called Cookie, and they contain information related to users and their hobbies. Nowadays, many websites put cookie into visitors' computers when they enter the website, so that they can not only know what users bought on the website, but also know what users saw on the website and how long they stayed, so as to know the traffic and page views of the website. In addition, online advertisers often use cookie to count the click rate and click volume of advertising banners, so as to analyze visitors' online habits and adjust advertising strategies accordingly. Some advertising companies further link the collected information with users' browsing activities on many other websites. This obviously violates the privacy of others.

3. The responsibility of network service providers in protecting network privacy. ISP's privacy protection responsibilities in e-commerce include: informing users of possible damage to their personal rights when they apply for or start using services; Inform users of technical methods to reduce risks that can be legally used; Take appropriate steps and technologies to protect individual rights, especially to ensure the uniformity and confidentiality of data, as well as the physical and logical security of networks and network-based services; Inform users of the right to access the Internet anonymously and participate in some activities; The data shall not be used for promotional purposes unless the user's permission is obtained; Responsible for the correct use of data, we must make clear to users the protection measures of personal rights; Inform users of the content, method, purpose and use period of collecting, processing and storing information when they start to use services or visit ISP websites; We should publish data on the Internet cautiously.

At present, many online services are free, such as free email, free software download, free login as a user or member to receive some information, and some free consulting services. However, people find that when accepting these free services, a necessary procedure is to log in some personal information, such as name, address, job, hobbies and so on. Service providers will claim that this is for the convenience of management, but there is also the possibility that service providers will use this information for other purposes or even sell it.

Third, the protection of network privacy by security technology

1. Information security technology in e-commerce

The information security of e-commerce depends on the perfection of security technology to a great extent. These technologies include cryptography, authentication, access control, information flow control, data protection, software protection, virus detection and removal, content classification, identification and filtering, system security monitoring and alarm.

(1) firewall technology. Firewall is the most important security technology developed in recent years. Its main function is to strengthen the access control between networks, and prevent external users from illegally entering the internal network (protected network) through the external network.

(2) Encryption technology. Data encryption is considered as the most reliable security form, which can fundamentally meet the requirements of information integrity and is an active security prevention strategy. The principle of data encryption is to use a certain encryption algorithm to convert plaintext into meaningless ciphertext to prevent illegal users from understanding the original data, thus ensuring the confidentiality of the data.

(3) Digital signature technology. Digital signature technology encrypts the abstract with the sender's private key and sends it to the receiver together with the original text. The receiver can only decrypt the encrypted digest with the sender's public key. In e-commerce system, digital signature technology plays a particularly important role, which is used in source authentication, integrity service and undeniable service in e-commerce security service.

(4) Digital time stamp technology. In e-commerce transaction documents, time is very important information and the main content to prove the validity of documents. Add a timestamp to the signature, that is, a digital signature scheme with Digita timestamp: the signer can verify that the signature is from the group, but he does not know who signed it. No one can verify the authenticity of the signature of the designated approver except the designated approver or the signer himself.

2. E-commerce information security protocol

(1) Secure Sockets Layer. SSL is designed and developed by Netscape Communications Company in 1994, which is mainly used to improve the security factor of data between applications. The whole concept of SSL can be summarized as: a protocol to ensure the transaction security between any client and server with Secure Sockets Layer installed, which provides security measures such as client-server authentication, data integrity and information confidentiality for client and server applications based on TCP/IP.

(2) Secure Electronic Transaction (SET). SET is an open electronic payment system specification, based on online transaction of electronic money. SET adds merchant identity authentication on the premise of retaining customer credit card authentication. SET has become the industrial standard of global network.

(3) Secure Hypertext Transfer Protocol (S-HTTP). Depending on the encryption of key, the security of information exchange and transmission between websites is guaranteed. SHTTP extends the security of HT-TP and increases the security of messages. It is based on SSL technology. This protocol provides security measures such as integrity, authentication, non-repudiation and confidentiality for Internet applications.

(4) Secure Transaction Technology Protocol (STT). STT separates authentication and decryption in the browser, which improves the security control ability.

(5) United Nations/Electronic Data Interchange Standard for Administration, Commerce and Transport. UN/EDIFACT message is the only international e-commerce standard.

3.P2P technology and network information security. P2P(Peer-to-Peer) is a concept that has been widely concerned by IT circles in recent years. P2P is a distributed network, the most fundamental idea. At the same time, the most significant difference between P2P and C/S is that the peer in the network can not only obtain resources or services from other nodes, but also be the provider of resources or services, that is, it has the dual identities of client and server. Generally speaking, every node in P2P network has equal rights and obligations, including communication, service and resource consumption.

(1) Privacy security

① The current universal Internet protocol does not support the function of hiding the address of the communication terminal. Attackers can monitor users' traffic characteristics and obtain IP addresses. You can even use some tracking software to track a single user directly from the IP address. Encryption mechanisms such as SSL can prevent others from obtaining communication content, but these mechanisms cannot hide the sender of the information. In P2P, the system requires that each anonymous user is also a server that provides anonymous services for other users. Because the transmission of information is scattered among nodes without a centralized link, the possibility of users' private information being eavesdropped and leaked is greatly reduced. Another characteristic of P2P system is that it is difficult for attackers to find a clear target. In a large-scale environment, any communication may contain many potential users.

(2) At present, Internet privacy problems are mainly solved by relay forwarding technology, thus hiding the participants in communication between many network entities. In P2P, all participants can provide relay and forwarding functions, thus greatly improving the flexibility and reliability of anonymous communication and providing users with better privacy protection.

(2) the integrity of fairness

In order to make P2P technology play a role in more e-commerce, we must consider the trust between network nodes. In fact, peer-to-peer integrity may be an inevitable choice to strengthen trust management in various networks in the future because of its flexibility, pertinence and no need for complicated centralized management.

A key to peer-to-peer integrity is to quantify the credibility of nodes. In other words, we need to build a P2P-based credibility model. Reputation model improves the reliability of distributed system by predicting the network state. A successful example of reputation application is Yi Bei, an online auction system. In Yi Bei's credibility model, buyers and sellers can improve each other's credibility after each transaction, and the total credibility of a user is the sum of these credibility in the past six months. EBay relies on a center to manage and store reputation. Similarly, in a distributed system, peers can enhance each other's credibility after each transaction, just like in Yi Bei. For example, every time Peer I downloads a file from J, its reputation will increase (+1) or decrease (-1). If the downloaded file is untrustworthy, tampered with, or the download is interrupted, peer I will record the credibility of this transaction as negative (-1). Just like in Yi Bei, we can define local credibility as the sum of all transactions in which Peer I downloads files from Peer J. ..

Each peer I can store the number of satisfactory transactions and the number of unsatisfactory transactions between itself and peer J, which can be defined as:

Sij=sat(i，j)-unsat(i，j)

Fourth, privacy security measures in e-commerce

1. Strengthen network privacy security management. In addition to the existing division of labor, China's network privacy security management needs to establish a highly authoritative information security leading organization, so as to effectively unify and coordinate the functions of various departments, study future trends, formulate macro policies and implement major decisions.

2. Accelerate the training of network privacy and security professionals. In personnel training, we should pay attention to strengthening the exchange of experience and technology with foreign countries, grasp the most advanced safety and technical measures in the world in time, and ensure that we are active at a higher level.

3. Carry out legislation and law enforcement on network privacy security. Accelerate the legislative process and improve the legal system. We should combine the reality of our country and learn from the advanced experience of foreign network information security legislation to modify and supplement the existing legal system to make it more scientific and perfect.

4. Pay close attention to the construction of network privacy and security infrastructure. The infrastructure of key sectors of the national economy should be realized by building a series of information security infrastructure. Therefore, it is necessary to establish China's public key infrastructure, information security product detection and evaluation infrastructure and emergency response processing infrastructure.

5. Establish a network risk prevention mechanism. In the network construction and operation, e-commerce often gets into trouble because of lagging security technology, pale morality and weak law, so it is necessary to establish a network risk prevention mechanism. It is suggested that network operators can allow the insured property to be insured within the scope of the insured subject matter and make claims after an accident.

6. Strengthen network technology innovation, focusing on key chip and kernel programming technology and security basic theory. Unified organization of key technologies of information security, with innovative ideas, beyond the inherent constraints, to build an information security system with China characteristics.

7. Pay attention to the standardization of network construction. Without a unified technical specification, local networks cannot be interconnected and interacted, and it is difficult to form a network security industry scale without technical specifications. At present, there are many technical specifications and standards on network privacy security in the world, all of which are aimed at ensuring the absolute security of private information in a unified network environment. We should be inspired by this trend, and at the same time come up with technical specifications that are in line with both national conditions and international trends.

References:

[1] Qu Yunbo. Electronic commerce [M]. Beijing: Enterprise Management Press, 1999.

[2] Zhao Liping. Introduction to electronic commerce [M]. Shanghai: Fudan University Press, 2000.

[3] Zhao Zhansheng. Research on Information Security and Technology in China [J]. China Information Herald, 1999, (8).

[4] Cao Yiping. Social Informatization and Privacy Protection [J]. Forum on Politics and Law, 1998, (1).

[5] Lin Congrong. Development trend of information security in major countries in the world [J]. China Information Herald, 200 1, (1).