E-Commerce Security Technology
I. Firewall
I. Firewall principles
As a new technical measure to protect computer network security in recent years, FireWall is an isolated control technology that sets a barrier between the network of a certain organization and insecure network (such as the Internet, prevent unauthorized access to information resources, or use a firewall to prevent patent information from being illegally exported from the enterprise's network. Firewall is a passive defense technology. Because it assumes the network boundaries and services, it is difficult to effectively control internal illegal access. Therefore, firewalls are most suitable for a single network with relatively independent interconnection channels with external networks and relatively concentrated network service types.
As a security software for Internet, FireWall has been widely used. Generally, enterprises set up FireWall software between enterprise networks and the Internet to maintain internal information system security. The enterprise information system selects the Receiving Method for access from the Internet. It allows or disables access from a specific type of IP address, and can also receive or reject a specific type of applications on TCP/IP. If you have any information or dangerous users on an IP host, you can use FireWall to filter out packets sent from the host. If an enterprise only uses an Internet email and WWW server to provide external information, it can be set on FireWall so that only data packets of these two types of applications can pass through. For a router, it is necessary not only to analyze the information of the IP layer, but also to further understand the information of the TCP transport layer and even the application layer for choice. FireWall is generally installed on a vro to protect a subnet, or on a host, to protect this host from infringement.
Ii. Types of firewalls
In the real sense, there are two types of firewalls: one is called a standard firewall and the other is called a dual gateway. The standard firewall system includes a Unix workstation. each end of the workstation is buffered by a router. One router interface is the external world, that is, the public network; the other is connected to the Intranet. The standard Firewall uses specialized software and requires a high level of management, and there is a certain delay in information transmission. The dual gateway expands the standard firewall, also known as the bastion host or Application Layer Gateway. It is a single system, but can complete all functions of the Standard firewall at the same time. Its advantage is that it can run more complex applications and prevent any direct connection between the Internet and internal systems. It can ensure that data packets cannot directly reach the internal network from the external network, and vice versa.
With the advancement of the firewall technology, two firewall configurations have evolved on the basis of the two gateways: one is the hidden host gateway, and the other is the hidden smart Gateway (hidden subnet ). Currently, the hidden host gateway is a common firewall configuration. As the name suggests, this configuration hides the router, and installs a bastion host between the Internet and the Intranet. The bastion host is installed on the Intranet and configured with a vro to make it the only system for communication between the Intranet and the Internet. Currently, firewalls with the most complex technologies and the highest security level are concealed smart gateways. The so-called hidden intelligent network is the only system that Internet users can see after the gateway is hidden in the public system. All Internet functions are implemented through the protection software hidden on the public system. Generally, such firewalls are the least vulnerable to damage.
In terms of implementation principle, firewall technology includes four categories: Network-level firewall (also called packet filter firewall), application-level gateway, firewall-level gateway, and rule inspection firewall. Each of them has its own strengths. The specific use or mixed use depends on the specific needs.
1. Network-level firewall
Generally, it is based on the source address and target address, application or protocol, and the port of each IP packet to determine whether to pass or not. A router is a "traditional" network-level firewall. Most routers can check this information to determine whether to forward the received packets. However, it cannot determine where an IP packet comes from, where to go.
The firewall checks each rule until it finds that the information in the packet matches a rule. If no rule can be met, the firewall will use the default rule. Generally, the default rule requires the firewall to discard the package. Secondly, by defining port numbers based on TCP or UDP data packets, the firewall can determine whether to allow specific connections, such as Telnet and FTP connections.
2. Application-level gateway
Application-level gateways can check incoming and outgoing data packets and transmit data through gateway replication to prevent direct connection between trusted servers and clients and untrusted hosts. Application-level gateways can understand the protocols at the application layer, perform complex access control, and perform fine registration and auditing. It targets special network application service protocols (data filtering protocols) and can analyze data packets and generate relevant reports. Application Gateway strictly controls some environments that allow easy logon and control of all output communication, in order to prevent valuable programs and data from being stolen. In practice, application gateways are generally completed by dedicated workstation systems. However, each protocol requires corresponding proxy software, which requires a heavy workload and is less efficient than a network-level firewall.
Application-level gateways have better access control and are currently the most secure firewall technology, but they are difficult to implement, and some application-level gateways lack "Transparency ". In practice, when a user accesses the Internet through a firewall on a trusted network, there is often a delay and Login must be performed multiple times to access the Internet or Intranet.
3. Regional Gateway
A trusted gateway is used to monitor the TCP handshake information between a trusted customer or server and an untrusted host. This determines whether the Session is valid, the hierarchical gateway filters data packets at the Session Layer in the OSI model, which is a layer 2 higher than the packet filtering firewall.
The ingress gateway also provides an important security function: Proxy Server ). The proxy server is a dedicated application-level code configured on the Internet firewall gateway. This proxy service allows network administrators to allow or deny specific functions of a specific application or application. Packet Filtering Technology and Application Gateway determine whether to allow a specific packet to pass through specific logic. Once the condition is met, the structure and running status of the firewall's internal network are "Exposed" to external users, which introduces the concept of proxy service, that is, the "Link" at the application layer of the computer system inside and outside the firewall is implemented by two "Links" terminated by the proxy service, which successfully realizes the isolation of the computer system inside and outside the firewall. At the same time, the proxy service can also be used to implement strong data flow monitoring, filtering, recording and reporting functions. The agent service technology is mainly undertaken by dedicated computer hardware (such as workstation.
4. Check the firewall for rules
The firewall combines the features of the packet filtering firewall, the firewall gateway, and the application gateway. Like the packet filtering firewall, the Rule Checking firewall can filter incoming and outgoing packets through IP addresses and port numbers at the OSI network layer. It can also check whether SYN and ACK tags and serial numbers are logically ordered, just like a hierarchical gateway. Of course, like an application-level gateway, it can check the content of data packets on the OSI application layer to check whether the content meets the security rules of the enterprise network.
Although the first three features of the rule check firewall integration, unlike an application-level gateway, it does not break the Client/Server mode to analyze data at the application layer, it allows trusted clients to establish direct connections with untrusted hosts. The rule check firewall does not rely on an application-layer proxy, but on an algorithm to identify incoming and outgoing application-layer data. These algorithms compare inbound and outbound data packets through the mode of known valid data packets, in theory, this is more effective than the application-level proxy in data packet filtering.
3. Use Firewall
Firewall is a popular solution for enterprise network security issues. It places public data and services out of the firewall and restricts access to internal resources of the firewall. Generally, firewalls do not defend against viruses, although many Firewall Products claim that they have this function. Another weakness of the firewall technology is that data update between firewalls is a challenge. If the delay is too high, it will not be able to support real-time service requests. In addition, the Firewall uses the filtering technology, which usually reduces the network performance by more than 50%. if you purchase a high-speed router to improve network performance, it will greatly increase the budget.
As a network security technology, firewalls are simple and practical, with high transparency. They can meet certain security requirements without modifying the original network application system. However, if the firewall system is broken, the protected network is not protected. If an enterprise wants to conduct business activities on the Internet and communicate with a large number of customers, the firewall cannot meet the requirements.
Ii. encryption and digital signature
I. Encryption
The technical implementation of data encryption is divided into two aspects: software and hardware. Based on different functions, data encryption technology is mainly divided into four types: data transmission, data storage, data integrity identification, and key management technology.
Network applications generally adopt two types of encryption: symmetric keys and public keys. Which encryption algorithm should be used in combination with the specific application environment and system, rather than simply making judgments based on the encryption strength. In addition to the encryption algorithm itself, key distribution, encryption efficiency, and the combination of existing systems, as well as input-output analysis, should be taken into account in the actual environment.
Encrypt symmetric keys. The common encryption standard is DES. When DES is used, users and recipients use 64-bit keys to encrypt and decrypt packets. When there are special security requirements, IDEA and triple DES should be adopted. As a widely used encryption technology in traditional enterprise networks, secret keys are highly efficient. KDC is used to centrally manage and distribute keys and authenticate identities based on these keys, but it is not suitable for Internet environments.
Public key systems are used in the Internet. That is, public key encryption. Its encryption key and decryption key are different. After each user generates a key pair, one of them is made public as the public key, and the other is saved as the private key by the owner. Common public key encryption algorithms are RSA Algorithms with high encryption strength. The specific method is to combine digital signatures and data encryption. The sender must add a Data signature when sending data. In this way, use its own private key to encrypt a piece of data related to the sent data as a digital signature, and then use the receiver key to encrypt the data together with the sent data. After the ciphertext is received by the receiver, the receiver decrypts the ciphertext to obtain the sent data and the digital signature of the sender. Then, the receiver decrypts the digital signature with the public key published by the sender, if the request succeeds, it is determined that the request is sent by the sender. The digital signature is also related to factors such as the transmitted data and time. Because of the high encryption strength and does not require both parties to establish a trust relationship or share a secret in advance, it is very suitable for Internet use.
The following describes the technical implementation of several of the most common encryption systems:
1. Conventional Key Cryptography
The so-called conventional key and password system means that the encryption key is the same as the decryption key.
In the early general key cryptography system, there were typical password replacement methods. The principle can be illustrated using an example:
The letters a, B, c, d ,..., The natural order of w, x, y, and z remains unchanged, but it is consistent with that of D, E, F, G ,..., Z, A, B, and C correspond respectively (that is, the difference is 3 characters ). If the plaintext is student, the corresponding ciphertext is VWXGHQW (in this case, the key is 3 ).
Because the frequency of occurrence of letters in English letters has already been counted, it is easy to decrypt the replace password in the letter frequency table.
2. Data Encryption Standard DES
The DES algorithm was developed by IBM from 1971 to 1972 to protect product confidentiality. It was then selected as a Data Encryption Standard by the US National Bureau of Standards and National Security Administration and promulgated and used in 1977. ISO also uses DES as the Data Encryption Standard.
DES encrypts 64-bit binary data and generates 64-bit ciphertext data. The key used is 64-bit, and the actual length of the key is 56-bit (eight-bit for parity ). The decryption process is similar to the encryption process, but the key order is the opposite.
The confidentiality of DES only depends on the confidentiality of the key, and the algorithm is public. The complex structure of DES is the root cause why there is no way to crack shortcuts. DES can now be implemented by software and hardware. AT&T first uses an LSI chip to implement all DES working modes. This product is called DEP, a Data Encryption processor.
3. public key cryptography
The public key password system emerged in 1976. Its primary feature is that different keys are used for encryption and decryption. Each user stores a pair of keys? Public Key PK and secret key SK. Therefore, this system is also called a two-key or asymmetric key cryptography system.
In this system, PK is public information and used as an encryption key, and SK needs to be kept confidential by the user and used as a decryption key. Both the encryption algorithm E and the decryption algorithm D are public. Although SK and PK appear in pairs, SK cannot be calculated based on PK. The Public Key algorithm has the following features:
1. Use the encryption key PK to encrypt plaintext X, and then use the decryption key SK to decrypt it to restore the plaintext, or write it as DSK (EPK (X) = X
2. the encryption key cannot be used for decryption, that is, DPK (EPK (X) =x
3. It is easy to generate a pair of PK and SK on the computer.
4. SK cannot be exported from a known PK.
5. the encryption and decryption operations can be reversed, that is, EPK (DSK (X) = X
In the public key cryptography system, the most famous one is the RSA System. It has been recommended as the Public Key Data Encryption Standard by the ISO/TC97 data encryption technology sub-committee SC20.
Ii. Digital Signature
Digital signature technology is one of the core technologies to achieve transaction security. Its implementation is based on encryption technology. Here, we will introduce the basic principles of digital signatures.
In the past, letters or documents were signed or stamped to prove their authenticity. But how should we stamp the packets transmitted in the computer network? This is the problem to be solved by the digital signature. The following must be ensured for digital signatures:
The receiver can verify the sender's signature to the message. The sender cannot offset the signature to the message afterwards. The receiver cannot forge the signature to the message.
There are many methods to implement digital signatures, but the public key algorithm is easier to implement than the conventional algorithm. This digital signature is introduced below.
Sender A uses its secret decryption key SKA to calculate message X and sends the result DSKA (X) to receiver B. B uses the public encryption key of known A to obtain EPKA (DSKA (X) = X. No one except A can have A's decryption key SKA, so no one except A can generate A ciphertext DSKA (X ). In this way, message X is signed.
If A is to deny A packet sent to B. B can present X and DSKA (X) to a third party. It is easy for A third party to confirm that A actually sends the message X to B using the ka. Otherwise, B cannot present DSKA (x') in front of a third party '). This proves that B has forged the packet. It can be seen that the digital signature is also used to identify the message source.
However, the preceding process only signs the packets. The transmitted packet X itself is not kept confidential. Because anyone who captures the ciphertext DSKA (X) and knows the sender's identity can obtain the public key of the sender through the query manual, and thus can understand the message content. You can implement both private communication and digital signatures. SKA and SKB are the secret keys of A and B respectively, while ka and PKB are the public keys of A and B respectively.
Iii. Key Management
A critical weakness of symmetric key encryption is its key management difficulty. Therefore, it is difficult to be widely used in e-commerce practices. At this point, the public key encryption method has an absolute advantage. However, no matter which solution is implemented, key management should be considered. This is especially true when the network is larger and more users are added. CyArdoin, president of Cypress Consulting, a security Consulting firm, said: "In all encryption schemes, keys must be managed ."
Currently, it is recognized that the key distribution center (KDC) is used to manage and allocate public keys. Each user only saves his/her own secret key and KDC's public key PKAS. You can obtain the public key of any other user through KDC.
First, A applies to KDC for A public key and sends the information (A, B) to KDC. The information returned by KDC to A is (CA, CB), where CA = DSKAS (A, ka, T1), CB = DSKAS (B, PKB, T2 ). CA and CB are known as certificates and contain the public keys of A and B respectively. KDC uses its decryption key SKAS to sign CA and CB to prevent forgery. Timestamp T1 and T2 are used to prevent replay attacks.
Finally, A sends the certificate CA and CB to B. B obtains the Public Key PKS of A and can also test its own public key PKB.
3. user identification and Security Authentication
Encryption alone is not enough. Comprehensive Protection also requires authentication and identification. It ensures that the person involved in the encrypted conversation is indeed himself. Manufacturers rely on many mechanisms to implement authentication, from security cards to identity authentication. The previous security protection ensures that only authorized users can perform interactive transactions on the Internet through their personal computers. The latter provides a method, use it to generate some form of password or digital signature, and the other party of the transaction authenticates his trading partner accordingly. User-managed passwords are usually the previous security measures. hardware/software solutions are gradually becoming a means of digital identity authentication, it can also be used by trusted third parties to confirm the user's digital identity (ID.
I. Basic principles of authentication and Recognition
Authentication means that the user must provide a proof of who he is. He is an employee, an organization's agent, or a software process (such as a stock trading system or a Web ordering system's software process ). The standard method of authentication is to find out who he is, what characteristics he has, and what he knows can be used to identify his things. For example, if the system stores his fingerprints, the fingerprint must be provided on the electronic fingerprint machine connected to the network (this prevents him from spoofing the system with false fingerprints or other electronic information), and only when the fingerprint matches can he access the system. Generally, it is identified by the distribution of retina vessels. The principle is the same as that of fingerprint recognition. Acoustic ripple recognition is also a recognition method adopted by commercial systems. The network is identified by what the user has. It is generally identified by a smart card or other special form of sign, which can be read from the reader connected to the computer. When talking about "what does he know", the most common is the password, which has the attribute of sharing secrets. For example, to enable the server operating system to identify the user to access, the user must send the user name and password to the server. The server will compare it with the username and password in the database. If they match, they will pass the authentication and can access the Internet. The password is shared by the server and the user. More confidential authentication can be composed of several methods. For example, use an ATM card or a PIN card. The weakest aspect of security is the interception of the procedure analyzer. If the password is transmitted in plaintext (unencrypted, the procedure analyzer that is connected to the internet records the user's account and password, and anyone who obtains the information can work online.
Smart card technology will become the first choice for security requirements such as user access and user identity authentication. The user will obtain the smart card security device from the trusted issuer with the certification license, or from other public key and password security solution senders. In this way, the smart card reader will become a key part of the user access and authentication security solution. More and more people in the industry are actively providing smart card security solutions. Although the situation in this field is still unclear, we have no reason to exclude the possibility of a trusted issuer of digital IDs and related licenses, some economic organizations or credit card companies owned by some banks may become leaders in this field.
Ii. Main authentication methods
To solve security problems, some companies and organizations are doing everything they can to solve the problem of user identity authentication. There are mainly the following authentication methods.
1. Dual authentication. For example, Beston's Beth Isreal Hospital and Italy's home-based telecommunications companies are using a "dual authentication" approach to ensure the identity of users. In other words, they do not adopt one method, but adopt two forms of proof methods, including tokens, smart cards and bionic devices, such as retina or fingerprint scanners.
2. Digital Certificate. This is an electronic file for user identity verification and a tool that enterprises can use now. This certificate can be purchased with authorization, providing stronger access control and high security and reliability. GTE has used digital certificates to share user information with its competitors, including Sprint and AT&T.
3. Smart Card. This solution can last for a long time and be more flexible, store more information, and have an alternative management method.
4. Secure Electronic Transaction (SET) protocol. This is the most complete and authoritative E-Commerce Security Protection Agreement so far. We will discuss it in more detail in section 6.
4. Prevent Network Viruses
I. Threats to Network Viruses
The virus itself is a headache. However, with the pioneering development of the Internet, viruses may have disastrous consequences for the network. The Internet brings two different security threats. One threat is file download. These browsed or files downloaded through FTP may have viruses. The shared software and various executable files, such as formatted presentation, have become an important way to spread viruses. Moreover, malicious Applets in the form of Java and Active X appear on the Internet. Another major threat is email. Most Internet mail systems provide the function of transmitting formatted documents and mails over the network. As long as you simply press on the keyboard, emails can be sent to one or more recipients. Therefore, infected documents or files may flood into the enterprise network through gateways and email servers.
Another network trend also increases the threat of viruses. This trend is evolving towards groupware applications, such as Lotus Notes, Microsoft Exchange, Novell Groupwise, and Netscape Colabra. Because the core of a group is to share documents in the network, this provides a rich foundation for the development of viruses. Group components are not only the storage room for shared documents, but also provide cooperation functions to synchronize documents between Working Groups. This greatly increases the chance of virus transmission. Therefore, the security protection of the groupware system is extremely important.
2. enterprise-wide virus prevention and control
First, you should consider where to install the virus prevention software. In enterprises, important data is often stored on the file server located at the central node of the network, which is also the primary target of virus attacks. To protect this data, the network administrator must set comprehensive protection measures at multiple layers of the network.
Effective multi-layer protection measures must have four features:
Integration: all protection measures must be logically unified and coordinated.
Single point management: as an integrated solution, the most basic one is to have a focus on security management.
Automation: The system requires the ability to automatically update the virus pattern database and other related information.
Multi-layer distribution: This solution should be multi-level, where appropriate anti-virus components are distributed to the maximum extent, without affecting the network burden. The anti-virus software should be installed on the server workstation and the mail system.
Workstation is the main way for viruses to enter the network, so anti-virus software should be installed on the workstation. This approach is reasonable. Because virus scanning tasks are undertaken by all workstations on the network, this makes the tasks undertaken by each workstation easy. If the latest anti-virus software is installed on each workstation, in this way, virus scanning can be added to the daily work of the workstation.
As shown in the following figure, the performance of the task may be decreased slightly, but no new device is required.
Email server is the second focus of anti-virus software. Emails are important sources of viruses. Before an email is sent to its destination, it first enters the email server and is stored in the mailbox. Therefore, it is very effective to install anti-virus software here. Assuming that the ratio of workstation to email server is, this is obviously a cost saving.
The backup server is used to save important data. If the backup server crashes, the entire system will be paralyzed. Damaged files on the backup server cannot be reused, or even infect the system in turn. Preventing a backup server from virus infection is an important part of network security protection. Therefore, a good anti-virus software must be able to resolve this conflict and work with the backup system, provides virus-free real-time backup and recovery.
Any location where files and databases are stored on the network may be faulty, so you need to protect these areas. The file server stores important enterprise data. Installing anti-virus software on Internet servers is of paramount importance. Uploading and downloading files without viruses is very important for your network and your customers.
3. deploy and manage anti-virus software
To deploy an anti-virus service, perform the following steps:
1. Develop a plan. Learn what types of data and information are stored on the network you manage.
2. investigation. Select an anti-virus software that meets your requirements and has as many features as possible.
3. Test. Install and test selected anti-virus software in a small scope to ensure that it works properly and is compatible with existing network systems and application software.
4. Maintenance. Manage and update the system to ensure that it can provide the expected functions and manage the system by using existing devices and personnel. Download the virus pattern Database Update file and perform upgrades within the test scope, thoroughly understand important aspects of this anti-virus system.
5. system installation. After the test results are satisfactory, the anti-virus software can be installed throughout the network.
V. Secure Electronic Transaction (SET) protocol and CA authentication
I. Secure Electronic Transaction specification (SET)
1. Role of SET
The SET (Secure Electronic Transaction) protocol is created by VISA International Organization and MasterCard International Organization, in combination with an international standard for secure electronic transactions in E-Commerce developed by companies such as IBM, Microsoft, Netscope, and GTE. Its main purpose is to solve the security problem of electronic payment by credit card:
It ensures the confidentiality of information, ensures secure transmission of information, and prevents eavesdropping. Only the recipient can obtain and decrypt the information.
Ensure the integrity of the payment information, ensure that the transmitted data is fully received, and will not be tampered with in the middle.
Authenticate sellers and customers, and verify the validity of sellers, cardholders, and transaction activities on the public network.
Extensive interoperability ensures public adaptability to the communication protocols, information formats, and standards used. In this way, products of different vendors can be integrated in public interconnection networks.
2. SET application process
The e-commerce workflow is very similar to the actual shopping process. From when a customer enters the online store through a browser, until the specified goods are delivered to the door or the service is completed, and then the funds on the account are transferred, all these are completed through the Internet. The specific process is as follows:
The Cardholder can view the online product catalog and browse the product on the merchant's WEB homepage.
The cardholder selects the item to purchase.
The cardholder fills in the order and transfers the order from the merchant through the information flow.
The cardholder selects the payment method, and the SET starts to intervene.
The cardholder sends a complete order to the seller and the order for payment. In SET, the order and payment instruction are digitally signed by the cardholder. At the same time, the dual signature technology is used to ensure that the seller does not see the cardholder's account information.
After accepting the order, the merchant requests the payment for approval from the cardholder's financial institution. Go to the bank through the Gateway, go to the card issuer for confirmation, and approve the transaction. Then return the confirmation information to the merchant.
The merchant sends the order confirmation information to the customer. The customer software can record transaction logs for future queries.
The merchant ships the goods to the customer or completes the ordered service. So far, a purchase process has ended. The merchant can immediately request the bank to transfer the payment from the shopper's account to the merchant's account, or wait for a period of time to request batch accounting.
The seller requests payment from the cardholder's financial institution. There is usually a time interval between authentication and payment.
The first three steps have nothing to do with the SET. The SET function starts from step 4. In the process, the communication protocol, request information format, data type definition, and so on, SET has clear provisions. In each step of the operation, the cardholder, merchant, and gateway verify the identity of the Communication subject through the CA to confirm the identity of the other party.
3. SET Technology Overview
(1) encryption technology
SET uses two encryption algorithms for encryption and decryption. Key Encryption is the foundation, and public key encryption is the core of the application:
Use the same key to encrypt and decrypt data. The main algorithm is DES, such as encrypting the personal identification code (PIN) of the bank card holder );
A public key must be a pair of keys, one for public publishing and the other for storage by the recipient. The sender encrypts the data with a public key, and the receiver decrypts the data with a private key. The main algorithm is RSA, for example, encrypted payment request data. The encryption process can be irreversible. You must use a private password to decrypt the data.
(2) Digital Signature
Financial transactions require that signature data be sent at the same time as message data for verification. This digital signature is a set of encrypted numbers. SET requires that the user sign the transaction electronically before sending data.
(3) Electronic Authentication
During the electronic transaction process, it is necessary to confirm whether the user, the merchant and the transaction itself are legal and reliable. A dedicated electronic authentication center (CA) is generally required to verify the real identity of users and sellers and the legitimacy of transaction requests. The certification center will issue e-certificates to users, merchants, banks, and other individuals or groups conducting online commerce activities.
(4) Electronic envelopes
Keys used by financial exchanges must be replaced frequently. SET uses electronic envelopes to transmit replacement keys. In this way, the sender automatically generates a private key, uses it to encrypt the original text, and transmits the generated ciphertext together with the key itself by means of a public key. After the receiver decrypts the data, the receiver obtains the private key and the encrypted ciphertext. This ensures that different keys can be selected by the sender for each transmission.
Software systems designed according to SET standards must undergo SET verification before they can be authorized for use. First, register and then perform the SET standard compatibility test. At present, products of many companies have passed the SET verification.
Ii. CA authentication system
The security of public network systems is guaranteed by user and merchant authentication, data encryption, and validity verification of transaction requests.
During the electronic transaction process, it is necessary to confirm whether the user, the merchant and the transaction itself are legal and reliable. A dedicated electronic authentication center (CA) is generally required to verify the real identity of users and sellers and the legitimacy of transaction requests. The certification center will issue e-certificates to users, merchants, banks, and other individuals or groups conducting online commerce activities.
In e-commerce, the establishment of online banking, the establishment of CA is the key. Only by establishing a good CA system can we better develop online banking and achieve online payment, electronic shopping is truly realized. CA organizations go hand in hand and build different CAS. In the future, there will be conflicts between CAS, and the customer's multi-factor authentication. There should be a recognized institution such as a bank, post and telecommunications or security department to establish an authoritative Certification Authority (CA ).
1. SET authentication (CA)
In terms of user identity authentication, SET introduces the certificate and Certificate Authorities mechanisms.
(1) certificate
A certificate is a document that records the user's public key and other identity information. In SET, the primary certificate is the Cardholder Certificate and the Merchant certificate.
The cardholder is actually an electronic representation of the payment card. It is signed by a financial institution and cannot be changed at will. The cardholder's certificate does not include account and end date information. Instead, it uses a one-way hash algorithm to generate an Encoding Based on the account and end date, if you know the account, end date, and password value, you can export this code value. Otherwise, it will not work.
Merchant certificate: indicates which cards are acceptable for commercial settlement. It is issued by a financial institution and cannot be changed by a third party. In the SET environment, a seller must have at least one pair of certificates. A merchant can also have multiple pairs of certificates, indicating that it has cooperation with multiple banks and can accept multiple payment methods.
In addition to the Cardholder Certificate and merchant certificate, there are also payment gateway certificate, bank certificate, and issuer certificate.
(2) Certificate Authority
A ca is a third-party organization that provides user authentication trusted by one or more users. A certificate generally contains the identity name and public key of the owner, and is digitally signed by the CA.
CA functions include receiving registration requests, processing, approving/rejecting requests, and issuing certificates. The user submits his/her own public key and information (such as the ID card number or e-mail address) to the CA. After the CA verifies the user's valid identity, issue a certificate signed by the CA private key to the user.
(3) tree verification structure of the certificate
When the two parties communicate, they will prove their identity by presenting a certificate issued by a CA. If they do not trust the CA itself, they can verify the identity of the CA, and so on, to the recognized authority CA. You can be sure that the certificate is valid. The SET certificate is verified step by step through the trust level. With the SET authentication mechanism, you no longer need to verify and trust the public key of every user who wants to exchange information, but you only need to verify and trust the public key of the CA that issues the certificate.
2. China Merchants Bank CA Solution
China's e-commerce is developing, and various normative requirements have not yet been formed. At present, China Merchants Bank, Bank of China, China Construction Bank, and Industrial and Commercial Bank of China are all preparing to develop online banking services. China Merchants Bank is used as an example to introduce its CA solution.
The CA system of China Merchants Bank is used for the SSL Public Key Certificate of Web servers. It can also be used to issue certificates to browser customers and Encrypt Key parameters during the SSL secret key exchange process. Other cryptographic services will be developed in the future, and public key authentication services will be carried out under the provisions of relevant national departments.
The CA system is not online, and the system running the CA is on the private network. Users cannot access the system over the Internet. The CA provides the query and customer certificate application interfaces on the Web server. You can query the Certificate Status and submit a certificate request. The Web server runs an independent copy of the CA database and has no network connection with the CA.
In this solution, a hierarchical authentication structure is used, and the PEM-defined authentication hierarchy is used. The following types of objectives are set:
IPRA (Internet Policy registry Authority): IPRA manages authentication policies, authenticates PCA, and checks the consistency between PCA operations and policies.
Policy Certification Authority (PCA): it specifies the authentication Policy based on business needs and submits it to IPRA for approval. It authenticates the next CA Based on the authentication Policy to ensure the consistency between CA operation and Policy.
CA (Certification Authority): CA selects the corresponding authentication policy as needed to provide public key authentication for users.
User: the user is the final entity in X.509.
RA (Registration Authority): when users have difficulty communicating with CA, CA cannot identify users. RA replaces CA to authenticate user identities according to CA's business requirements.
CA Management provides CA key management, authentication policy management and configuration, and service level management. An important function of CA Management is CA key and policy management. Including: generating new key pairs, installing certificates, revoking certificates, backing up the private keys of CA, and installing the backed up private keys of CA. These functions can be completed only when two security administrators register at the same time.
At present, CA supports the following public key algorithms: RSA/DH/DSA and provides certificates for the preceding keys. We plan to add support for Elliptic Curve encryption algorithms. In addition, to improve the security of the CA key, the CA key must be encrypted and stored. In the future, all operations of the CA key-related departments will be completed in the IC card.