A Free Trial That Lets You Build Big!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
E-commerce appeared in 1990s and has not been developed for a long time. However, compared with traditional commerce, e-commerce has an amazing development speed. E-commerce security has become the biggest obstacle in the development of e-commerce. Therefore, the key to e-commerce is to ensure the security of each link in the business activities, that is, to ensure that the Internet-based e-commerce transaction process is as secure and reliable as the traditional transaction method. The security of E-commerce is not an isolated concept. The underlying technology of the virtual environment that provides transactions for e-commerce is closely related to the security of computers, especially determined by the security technology of network communication.
Ii. Main requirements of E-Commerce Security
1. Confidentiality. As a means of trade, e-commerce information directly represents the trade secrets of individuals, enterprises or countries. Traditional paper trade aims to keep confidential by mailing encapsulated letters or sending commercial reports through reliable communication channels. E-commerce is built on an open network environment. Maintaining trade secrets is an important guarantee for the full promotion and application of e-commerce.
2. Integrity. E-commerce simplifies the trade process and reduces human intervention. It also brings about the integrity and unification of commercial information of all parties in trade. Accidental errors or frauds during data input may lead to information differences between trading parties. In addition, information loss, duplication of information, or order difference in information transmission during data transmission may also lead to different information of trade parties. It is necessary to prevent the arbitrary generation, modification and deletion of information, prevent the loss and duplication of information during data transmission, and ensure the unified order of information transmission.
3. reliability. In traditional paper trade, the trade sides identify the trade partners by hand signing or stamping the written documents such as the transaction contract, contract or trade document, determine the reliability of contracts, contracts, and documents and prevent the occurrence of credit. This is what people often say: "Black and White ". In the paperless e-commerce mode, it is impossible to identify the trade party by hand signature and seal. Therefore, A reliable identifier should be provided for the individual, enterprise, or country involved in the transaction during the transmission of transaction information.
4. validity. E-commerce replaces paper with electronic form, so how to ensure the effectiveness of such electronic form of trade information is the prerequisite for carrying out e-commerce.
Iii. Security factors that cause e-commerce
The storage of business information relies on computer database technology. The main channel for information transmission is the Internet. Therefore, the security of e-commerce is also aimed at the security vulnerabilities of computer database technology and network communication technology, which constitutes the main cause of threat to e-commerce activities, it becomes the main way for criminals to intrude into the system.
1. database security issues. Most enterprises that implement e-commerce have established core databases used to store and manage various business data. For most legal users, this core database is a very convenient way to store key information. From the perspective of attackers, directly cracking this database brings more benefits than sniffing data on the network. By cracking the database, you can access accurate data information on only one point. Once attackers steal access to the database, they can use database query commands to conveniently obtain desired information, such as credit card numbers, customer information, quotations, price lists, and other confidential commercial information. The security problems faced by e-commerce in the database are manifested in attacks by illegal intruders against the database.
2. network communication security issues. The security problems faced by e-commerce in network communication are mainly reflected in the following aspects: Transaction content is stolen by a third party; electronic transaction information is transmitted online, it may be modified, deleted, or replayed by others. The reliability of network transmission is limited by the defects of hardware devices or software, so that the information transmission process is not guaranteed; the storage and transmission of information is threatened by malicious damage (such as virus threats ).
Iv. Security Protection Technology in E-commerce
To meet the security requirements of e-commerce, e-commerce systems must use security technologies to provide reliable security services for e-commerce participants. The specific technologies available are as follows:
1. digital signature technology. "Digital Signature" is an image of Electronic Transaction Security through the Cryptography technology, and is the main form of electronic signature. It tries to solve several fundamental problems faced by Internet transactions: data confidentiality, data is not tampered with, transactions can authenticate each other, and the transaction initiator cannot deny his data. "Digital Signature" is an electronic signature method that is most widely used, most mature, and operable in e-commerce and e-government. It adopts standardized procedures and scientific methods to identify the identity of the signatory and to recognize an electronic data content. It can also verify whether the original file is changed during transmission, and ensure the integrity, authenticity and non-repudiation of the electronic file.
2. firewall technology. Firewall is a recently developed technical measure to protect computer network security. It is a barrier used to prevent hackers from accessing the network of a certain organization, it can also be called the threshold for Controlling Inbound/outbound communication. On the network boundary, the corresponding network communication monitoring system is established to isolate the internal and external networks to prevent the intrusion of the external network. Currently, there are three types of firewalls: Packet Filtering Firewall, proxy firewall, and dual-point host firewall.
3. intrusion detection system. The intrusion detection system can monitor and track systems, events, security records, and system logs, as well as data packets in the network, and identify any activity that might not be expected. Before intruders endanger the system, intrusion attacks are detected, and alarms and protection systems are used to respond to and block intrusions.
4. Information encryption technology. The purpose of information encryption is to protect data, files, passwords, and control information in the network, and protect data transmitted online. Common network encryption methods include link encryption, Endpoint Encryption, and node encryption. Link encryption aims to protect the link information security between network nodes. End-end encryption aims to protect the data from source users to target users; the purpose of node encryption is to protect the transmission link between the source node and the target node. You can select the preceding encryption method based on network conditions.
5. Security Authentication Technology. Security authentication is mainly used for information Authentication. The purpose of Information Authentication is to confirm the identity of the Information sender and verify the integrity of information, that is, to confirm that information has not been tampered with during transmission or storage.
6. Anti-Virus System. Viruses are stored, transmitted, and infected on the Internet in many ways, with high speed and different methods, which pose great harm to websites. Therefore, we should use all-round Anti-Virus products to implement anti-virus policies that combine layer-by-layer fortification, centralized control, and prevention, to build a comprehensive Anti-Virus System.
Security is the lifeblood of the survival and development of e-commerce. With the development of network information technology, the security technology platform and security management policy will continue to develop and improve. E-commerce website designers must carefully analyze security analysis, risk assessment, business needs analysis, and website operation efficiency analysis to develop an overall security solution.
(Edited by Lu Libo: China E-Commerce Research Center)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service