Security of Electronic Commerce

[Abstract] With the advent of Information age, electronic Information Technology has been rapidly growing popularity and wide application at the same time, e-commerce with its fast, convenient and so more and more recognized by the community. Luring prospects for the Development of e-commerce , but the security of commercial Information is still worthy of our attention. This e-business security from the perspective of the various e-commerce security Technology are analyzed to explore an effective and safe way to achieve e-commerce .

[Keywords:] e-commerce authentication firewall
E-commerce in the network is to ensure Information security Technology, using open Internet for Information can be cross-line commodity trading, financial and capital transactions, the whole process of business operations. The vast e-commerce has created two global virtual market the eleventh century to the economic hot spots. However, due to the openness of e-commerce and its network-based global, seamless connectivity, sharing, dynamic Development, making e-commerce security has become the focus of the current center, and constraints the further Development of e-commerce. building secure e-commerce transaction system will be the key to the future Development of Electronic Commerce.

First, the security requirements of e-commerce
(A) the requirements of e-commerce security
First, the effectiveness of the service requirements of e-commerce system should be able to prevent the occurrence of service failures to prevent network failures and virus attacks as factors such as generation of system suspended, etc., to ensure fast and accurate transaction data can be transmitted. Second, the transaction information confidentiality requirements, e-commerce systems to respond to the information sent by the user for effective encryption to prevent interception of information to decipher, but the information is to prevent unauthorized access. Third, the data integrity requirements, the digital integrity of the data processing means , the original data and completely consistent between the existing data. In order to protect the serious and fair business transactions, the transaction file is not modified, otherwise the party will inevitably damage the commercial interests. Fourth, the requirements of authentication, e-commerce systems should provide safe and effective authentication mechanism to ensure that parties to the transaction information is valid, and in order to avoid trade disputes, provide a legal basis.

(B e-commerce security elements
First, information authenticity, validity, e-commerce in electronic form instead of paper, how to ensure that trade information in electronic form and authenticity of the effectiveness of e-commerce is a prerequisite. E-commerce as a form of trade, the validity and authenticity of their information directly related to the individual, business or national economic interests and reputation. Second, the confidentiality of information, e-commerce as a means of trade, the information directly on behalf of the individual, business or national business confidential. The traditional paper-based trade is a letter or package by mail, and reliable communication channels by sending commercial messages to achieve the purpose of confidentiality. E-commerce is built on a more open network environment, the commercial anti-phishing is the electronic comprehensive application of the important business protection. Third, information integrity, Electronic Commerce simplify the trade process, reducing human intervention, but also a maintenance business information integrity, consistency. Since the time of accident data entry errors or fraud behavior that may lead to trade information between the parties. Fourth, the reliability of information, can be identified and non-repudiation, reliability is guaranteed legitimate users the use of information and resources will not be improperly rejected; undeniable requirements that is able to establish effective accountability mechanisms to prevent the entity denies the behavior, controllability requirement is to control the use of resources of the person or entity to be used. In the traditional paper-based trade, the trading parties in the transaction through contracts, leases or trade documentation and other written documents handwritten signature or seal to identify trading partners to determine contracts, deeds, documents the reliability and prevent the occurrence of acts of repudiation. paperless e-commerce in the way, through the handwritten signature and seal trade side identification is impossible. Therefore, the transaction information transmission process for individuals involved in the transaction, companies or countries to provide reliable identification.

Second, e-commerce security technologies
(The security of a network node
A firewall is a computer hardware and software from the combination between the Internet and internal networks to establish a security gateway to protect the internal network from unauthorized user intrusion. Firewall applications can effectively reduce the invasion and attack by hackers, display of e-commerce to provide a relatively more secure platform. firewalls to effectively monitor the network traffic information and communication state memory to allow or deny such to make the right judgments. through the flexible and effective use of these functions, develop the right security policy, will be able to provide a safe, efficient network system. should be given special attention is not just a router firewall, bastion host, or any device providing a combination of network security, which is part of a security policy. Security Policy establish a comprehensive defense system to protect their information resources, this security policy should include: provision of network access, service access, local and remote user authentication, incoming and outgoing, disk and data encryption, virus protection measures and management systems. all areas of cyber attacks may be the same level of security must be protected.

(B communications security
The client browser and e-commerce WEB server using SSL protocol to establish a secure link, the transmitted information is encrypted important, which to some extent, to ensure data security during transmission. Currently used for viewing The default 40-bit device encryption strength, you can also consider the strength of the encryption to 128 bits. is between the browser and server to establish security, SSL requires the server to the browser first presented its certificate, the certificate includes a public key, by a trusted certificate authority issued. levy a browser to test the correctness of the server certificate, the issuing authority must be pre-installed to provide the basis for public key. verify personal certificate is to verify the legal status of visitors, but simply want to build SSL link customers to download the site's server certificate. verify that this certificate is valid after the passage of the server certificate using the certificate and the server negotiate a symmetric encryption algorithm and a symmetric key algorithm, symmetric algorithm and then use the encrypted transmission of the plaintext. This The browser will prompt out into a safe state. reposted elsewhere in the Research Papers Download http://www.hi138.com (three security applications
Even if properly configured access control rules to meet the security of computer systems is not sufficient, because the programming errors may lead to attacks. Procedural errors in the following forms: programmers forget to check the parameters passed to the program's entry, programmer forget to check the boundary conditions, particularly when dealing with a string of memory buffer, the programmer forgot the basic principle of least privilege. The whole program is running in privileged mode, not just the limited subset of instructions running in privileged mode, the other only a narrow part of the license, the programmer uses this privilege to create a range of resources, such as a file and directory. is not explicitly set the access control, the programmer that the default permission is correct. these shortcomings have been used to attack the system behavior. is not correctly input parameters are used to deceive some of the privileged program to do it should not have to do. buffer overflow attacks is the process by giving privileges to enter a long string to achieve. program does not check Enter the string length, leave the input string is often executable commands, privileges, programs can execute instructions.

(D user authentication management
First, authentication, e-commerce business user authentication server CA certificate can be combined with the IC card is realized. CA certificate used to authenticate the identity of the server, IC card is used to authenticate the identity of business users. Individuals do not provide transactions as function Therefore, ID number and password using only a password identification system. Second, CA certificate, to confirm the transaction in the online identity of the parties and to ensure non-repudiation of transactions, you need a digital certificate for authentication, the digital certificate is a CA certificate It issued by the certification authority center. CA is the commitment to secure transactions online authentication service that can issue digital certificates, and can confirm the identity of service users. authentication center is usually of the services business, the main task is to accept applications for digital certificates , issue and manage digital certificates. CA Center is generally recognized as a reliable social organization, its individuals, organizations, examination, issuing digital certificates for the certificate into the server certificates and personal certificates. to establish the link does not necessarily have SSL security personal certificate, in fact, the certificate does not verify the customer's personal situation are many. personal certificate authentication is to verify the legal status of visitors. and simple to set up SSL link customers to the site's server to download the certificate. Third, SSL protocol, SSL through digital signatures and digital certificates to implement authentication, digital certificate obtained from the certification body, usually contains the name that uniquely identifies the certificate owner, the only name of publisher identity certificate, the certificate owner's public key, the publisher's digital signature certificate, the certificate is valid and the certificate serial numbers. in using digital certificate authentication on both sides, both sides can use the secret key for a secure session. SSL protocol at the application layer transceiver data before encryption algorithm negotiation, key and certificate to connect two sides of communication, so as to provide a secure application layer transmission channel, in which the channel can be loaded to any high-level application protocol transparent to ensure the application layer data security.

Third, improve the security of e-business support measures
To truly become a leading e-commerce business model, especially for the Development of China, the development of e-commerce, we must improve the supporting measures:
A key Technology to break through the bottleneck of the control of others. Second, as soon as possible the details of e-commerce legislation. Third, we must vigorously develop large business sites, with the support of the development of a logistics company. Fourth, we need to establish strict internal security mechanism. Five to build Network security maintenance logs, records and security-related information and events, a situation arises to facilitate tracking and tracing. Six of the important data to back up in time, and the data stored in the database, the database system should provide different depending on its importance level of data encryption. security is actually a risk management, security Technology can reduce the system has been damaged, the risk of attack. determine what security policy to control the risk depending on the system to what extent the range. the safe operation of e-commerce must be multi-pronged approach, only the technical point of view prevention is not enough. safety is only relative, not absolute. Therefore, to further improve and promote e-commerce system healthy and rapid development of industry, must be resolved in practice various problems arising in Electronic Commerce, so that relatively more secure e-commerce system.

References:
[1] Gan Yue. On the E-commerce Information Security System [J]. Northwest Adult Education, 2007 (2).

[2] Lee building. Electronic Commerce Security Technology [J]. Zhuzhou Institute of Technology, 2005 (1).

[3] Zhao Gang. Problems in the development of Electronic Commerce and Strategy [J]. Information Development and Economy, 2005 (10). Links http://www.hi138.com Research Papers Download