How to protect the security of e-commerce

[Abstract] With the development of information on how to create a safe, convenient e-commerce applications, to ensure that the business activities of information security has become an urgent need to solve a problem. This paper is facing the development of electronic commerce The real problem, discusses a number of security measures for the protection of e-commerce.

[Keywords:] e-commerce security measures
With the rapid development of information Technology, human beings are at an unprecedented rate into the web-based information age, the network has not only promoted the rapid development of communication and exchange of people, but it also brings great business and economic model change. Based on network of e-business, has gradually become a new model for business, e-commerce relies on network Technology and telecommunications Technology to reduce the customer information collection costs, reduce customer service costs. However, there must be an open information system many potential security risks. As the Internet is a completely open network, any Computer can join with them, and with its various online business, and the two parties can not communicate face to face, which to those with ulterior motives organizations or individuals to steal secrets of others, or even destroy the opportunity to run another network system. can be said that safety is an important factor restricting its development is related to the success of e-commerce system to run the most important issue. An e-commerce important technical feature is the use of Computer Technology to transmit and process business information, on the one hand it is the platform via the Internet for business transactions, need to guard against electronic technical level, on the other hand, acts as a business sale and purchase transactions, it also with some basic features of commodity trading, follow the rules of business transactions, it also needs to guard against the level of safety management.

First, starting from the technological level, to strengthen security measures
(A leading e-commerce security Technology
First, the encryption technology. Encryption key e-commerce security measures taken, is to achieve information confidentiality, integrity of the core. The one hand applied to the data encryption, file encryption, the other is authentication, digital signature, etc. the basis of security technology. according to the different keys, encryption keys are symmetric key systems and asymmetric systems. Symmetric cryptography, also known as private key cryptography, the sender and the receiver must use the same password key to encrypt and decrypt the message operations. symmetric encryption algorithm is the biggest advantage of low overhead, fast encryption speed, it is widely used on large amounts of data such as file encryption. its limitations is that two communicating parties to ensure the security of key exchange, key distribution and management is very complex and can not identify the final transaction or transactions the initiator side. non-symmetric key encryption, also known as public key algorithm, requires two keys: a public key and open to the public saved their own private key. public key used to encrypt confidential information, private key used to decrypt confidential information. Since the public key is open storage, key distribution and management of the problem is easily solved. However, the speed of public key encryption algorithm much slower than private key encryption algorithm, encryption and publicly take on greater resources, the network transmission speed will be affected. In practice, usually combining the two kinds of encryption technology. digital envelope encryption technology that uses two advantages, the first encryption key using public key cryptography to send, then the private key password encrypted transmission of information, to ensure the security of information transmission.

Second, the security authentication technology. A summary of digital and digital signature technology. Summarization using Hash function to be mapped into a string of plaintext encrypted shorter fixed-length ciphertext, the ciphertext string, also known as digital fingerprints, can be to ensure that data is not modified, to ensure the integrity of information. digital signature to the use of a digital summary of technology, and traditional signature has the same validity, its principles are as follows: Message sending text messages generated from a 128-bit message abstracts, and with their own private key to encrypt this summary, the formation of the sender's digital signature; then, the digital signature for message attachments and message to send packets with the receiving party; the first message from the receiver received the original message in the calculation of 128-bit message digest, and then using the public key to the sender of the message decrypts the digital signature attached. If the two digests the same, then the receiver to confirm the digital signature is Jiuneng sender. Digital signature technology can ensure the integrity of the information transfer process, providing information of the sender authentication and non-repudiation. the other is the digital certificate. a digital certificate, also known as digital certificates, the trusted, impartial authority issued. CA Center for the applicant to verify the information provided, then the parties involved in electronic commerce through the issuance of digital certificates, to verify the authenticity of all identity, legitimacy and access to network resources, etc to ensure online payment security.

(B in e-commerce application security technology
Flexible use of encryption technology can effectively solve many of the security of e-commerce. For example, digital envelope technology combines symmetric cryptography and asymmetric cryptography advantages of the electronic transaction process to ensure that only the recipient can read the specific provisions of communication content. senders randomly generated first symmetric key used to encrypt information, then the recipient's public key with a symmetric key encryption, symmetric key is encrypted or digital envelope. in the transmission information, the digital sender envelopes and sent with the encrypted information to the receiver, the receiver must use its own private key for digital envelope apart to get the symmetric key to decrypt the symmetric key used to see contents of the letter.

Therefore, the use of digital envelope technology, even if the encrypted messages intercepted by others illegally intercepted contents of the letter were also unable to know in order to ensure that only required the recipient to read the content of information. Use of asymmetric cryptography algorithm can be used to achieve non-repudiation resistance. A to B to send data, first with the MD5 algorithm to send the message digest of data, and then on the summary of their private key to form encrypted digital signature. B receives the data, using a public key to decrypt and confirm the data content. and then B and then with their own private key to sign and pass the data to a. A receive data, using B's public key to decrypt and verify data content, the content stored. Through this operation to achieve the non-repudiation.

Authentication is an important mechanism to achieve one of network security. The parties involved in electronic commerce must be some form of authentication mechanism to prove their identity, verify the user's identity is consistent with the claims in order to achieve for different users access control and logging. identity authentication by digital signatures and digital certificates to achieve. If the recipient can successfully decrypt the digital signature to authenticate the sender to confirm the integrity of transmitted information. However, if the receiver get open key is not the sender, the digital signature becomes ineffective. Therefore, the only digital signature authentication can not be achieved. digital certificate provides a way to authenticate users, able to identify the public key really belongs to a user, the user of any need to public key people can get this certificate and digital signature by the corresponding public key to verify the effectiveness. reposted elsewhere in the Research Papers Download http://www.hi138.com Second, starting from the management level to strengthen security measures in the environment
(A sound management system and regulatory environment
Overall there are plans to consider the issue of information security. As the various departments, there are individual differences between companies for different business areas, the information security has different meanings and characteristics of information security system of the building must include all sectors and companies information security system of the relevant content. shall collect existing safety problems have occurred, and e-commerce solutions to enterprises engaged in e-commerce operations staff and customers to collect e-commerce information security issues facing the potential, through establishing and maintaining dialogue with the experts to promote the issue is resolved, and stored to the database, it issues connected with the corresponding e-commerce operators to ensure safety in the face when trying to solve problems and obtain the necessary information as soon as possible.

Accelerate the training of information security. Through various forms of the primary selection, after a certain time of investigation, selection strong sense of responsibility, principled discipline, understand the market and understand the basic knowledge of network knowledge and security personnel. For important business, in particular, is the enterprise user information confidential business documents and do not arrange for someone to be managed separately, should be implemented between two or more restriction mechanism; important business operators and transaction security term of office is limited; for the network access settings should ensure that different services should have different access rights.

Raise awareness of enterprise and public safety. Requires strict compliance with e-commerce business online trading online trading personnel security system, a clear line trading staff and management responsibilities, attention to management, to avoid "heavy, light management" phenomenon. When faced with security problems timely reporting, and online transaction security breach provisions of the act of punishment, should be the responsible person seriously.

(B establishment of e-commerce system for safe operation
First, we assess the security of e-commerce sites, the first e-commerce sites to hire experts to conduct comprehensive safety assessment, timely detection of potential safety problems, plug the security holes as soon as possible. Second, we must establish a secure architecture. Once again, good virus protection, collective training in the enterprise anti-virus awareness, anti-virus strategy to deploy a unified, efficient and timely response to viral invasion. Finally, using a combination of multiple security technologies, including firewall, intrusion detection technology, digital encryption, digital signature, authentication technology , to ensure that web systems, information and data security and confidentiality. Second, to establish a sound e-commerce laws and regulations to crack down on illegal and criminal activities in electronic commerce. To ensure that e-commerce activities to be normal, and the Government need to provide a transparent and harmonious business legal environment. At present, the urgent need to develop laws and regulations related to electronic commerce authentication methods are buyers and sellers, the legality of electronic contracts, procedures, electronic payment systems security, information confidentiality, intellectual property infringement rules, the tax collection methods, Control of advertising and web content filtering. Another suggested that the state judiciary investigation of cybercrime investigated to increase efforts to crack down on crime e-commerce, e-commerce to create a piece of pure land.

Summary
The development of the whole society from the point of view, the speed of some of the excessive development of electronic commerce, resulting in the safety technology and safety management does not implement synchronization, which is an increasingly prominent and urgent problems. In addition, security is development, dynamic, both network attack and defense or anti-fraud scam and are counter-balance, especially in security technology, and its sensitivity, very competitive, need to constantly review, assess and adjust the corresponding security strategy.

References
[1] Hu Yun. Digital watermarking technology and its application in the field of e-commerce security [J]. Computer Knowledge and Technology, 2007, (3).

[2] Shi Ren. E-commerce core technology - Secure Electronic Transaction Theory and Design [M]. Xi'an: Xidian University Press, 2004, (9. Reposted elsewhere in the Research Papers Download http://www. hi138.com