Research on security of e-payment in e-commerce.doc
《Research on security of e-payment in e-commerce.doc》由会员分享,可在线阅读,更多相关《Research on security of e-payment in e-commerce.doc(9页珍藏版)》请在三一文库上搜索。
1、精品论文Research on security of e-payment in e-commerceGuoxu Deng, Zhiqian WangBeijing university of Posts & Telecommunications Network Information Center(100876)E-mail: AbstractElectronic payment is a critical technology to ensure the normal running of electronic commerce. E- payment can work on Intern
2、et, mobile phone and PSTN. They achieve security mainly through SSLand SET. However, the detailed implementations are different. This paper researches the secure schemes of them and seeks a proper way to ensure the security of e-payment on PSTN network on which there is not even an operative method.
3、Key words: Payment PSTN SSL SET key encryption1. INTRODUCTIONElectronic payment is a critical technology to ensure the normal running of electronic commerce. Electronic payment means charging through e-cash, credit card, debit card and so on. Different forms of money lead to different payments. This
4、 paper mainly discusses paying by bank card. Generally speaking, client, merchant and bank are the three key parts in a payment scheme. During a transaction, client pays to merchant for products or services and merchant can get the payment from bank while the bank transfers money to merchants accoun
5、t from clients account.The process of paying with bank card can be described as follows:A, Client sends the credit card information to merchant in a safe way before actual products, services and money transmission.B, Merchant verifies the clients identification.C, Merchant sends the money amount and
6、 signature to bank or credit card on-line processor. D, Bank or processor sends the information to clients issuer bank for authorization.E, Clients issuer bank returns the credit card data, payment confirmation and authorization. F, payment finishes.Security, validity and convenience are greatly con
7、cerned about in a payment system. A secure payment system should include the following functions:A, certificate all sides.B, keep transaction details secret.C, make sure the integrity of transaction.D, non-deny of transaction when dispute occurs. 1In this paper, we mainly discuss the system security
8、 from the above aspects. Nowadays e- commerce is not only used on Internet, but also on mobile phone and telephone. Methods to protect payment security are different in different payment scenarios. Secure payment on Internet is deep researched for it is the most popular way and therefore some mature
9、 protocols have been created. Architecture of mobile payment is something like the Internet payment system although it has some distinguishing features. This kind of payment has also been in use for several years abroad. Comparatively speaking, telephone payment is a relatively new scheme and there
10、is noteven an operative way to secure it. It is meaningful to find an efficient solution to it. Cryptography method is the main technology to achieve security in payment systems. This paper will discuss the features of these payment systems and the corresponding schemes and try to seek an operativew
11、ay to secure payment on PSTN from cryptography perspective.- 9 -2. PAYMENTS ON INTERNET2.1 System overviewOn Internet, the e-payment model is shown in figure1:Figure 1. e-payment system on InternetBanks, merchants and clients are connected together by Internet. Internet is an open network and there
12、are millions of computers on it. A word says on Internet no body knows whether you are a dog. Meanwhile, a great number of people stay waiting for chances to launch evil attacks. Whats worse, it is difficult to track down those invaders when damage occurs. Therefore, it seems more important to keep
13、sensitive information secret and authenticate entities identity over Internet. There are two main protocols based on which to ensure the security, SSL(secure socket layer) protocol and SET(secure electronic transaction) protocol.2.2 SSLSSL protocol is firstly developed by Netscape and widely used fo
14、r authentication and securedata transmission between web server and client browser. SSL protocol works on the session layer of OSI Reference Model. It includes two protocols. The first is handshake protocol, which is to authenticate the identification of client and server and choose a proper encrypt
15、ion algorithm and session key. The second is record protocol, which is to transmit secure information encrypted with the negotiated algorithm and key. The whole process can be described in figure 2:Figure 2. SSL processStep1, this message contains the clients version of SSL, a random number used lat
16、er in key derivation, as well as a collection of cipher suite offers. The offers are identifiers that specify the ciphers and hashing algorithms the client is willing to use.Step2, When establishing the initial connection, the server chooses an offer it is willing to use, and communicates that offer
17、 back to the client along with its certificate and a random value of its own. Step3, The client then verifies the server using the certificate and extracts the servers public key. Using the public key, the client encrypts the pre-master secret, a random value that will be used to generate the symmet
18、ric keys independently, and sends the encrypted message to the server, which decrypts the message using its private key.Step4, Once the server receives the pre-master secret from the client, both the server and the client generate the same symmetric keys using the pre-master secret and the random nu
19、mbers exchanged above using the TLS pseudo-random function (PRF), which expands a secret and some data into a block of arbitrary length. This way, only the small pre-master secret is encrypted using public-key cryptography, limiting the impact of the expensive operation on performance.Step5, As soon
20、 as the keys are generated, the client and server exchange change cipher spec messages to indicate that they each now have symmetric keys and all further communications will be conducted using the symmetric algorithm chosen in the initial stages of the handshake. 2We can easily get that SSL is an en
21、d-to-end protocol. It can protect messages from eavesdropping and active attacks, providing efficient authentication and secure information transmission between two communicating parties. However, there are still some defects. For example, it has no signature function and cant provide non-deny servi
22、ce. Whats the most important, for an e-payment system, messages often need to be transmitted among multi-partiesbut SSL cant coordinate information transmission and trust-ship of them. In addition, during an e- commerce transaction, clients purchase information would be sent to merchant firstly and
23、then be transmitted to bank by merchant in SSL. It provides more benefits to merchant rather than clients and is unfair to clients.32.3 SETIn order to make up for the defeats of SSL, Visa and MasterCard developed SET protocol to secure payment based on credit card on Internet. SET has successfully s
24、olved the problems such as transaction protocol, secret, integrity and authentication.SET can be regarded as an application of PKI, which also uses encryption technology to achieve secret, integrity, authentication, non-deny and authorization. CA plays an important role in the whole work process. Ev
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- Research on security of e-payment in e-commerce payment commerce
链接地址:https://www.31doc.com/p-3618976.html