Current location - Quotes Website - Personality signature - What role does firewall play in e-commerce security?
What role does firewall play in e-commerce security?
The emergence of e-commerce threats has led to the demand for e-commerce security, which is also all aspects needed to truly realize a secure e-commerce system, including confidentiality, integrity, authentication and non-repudiation. 1. Confidential. As a means of trade, e-commerce information directly represents the commercial secrets of individuals, enterprises or countries. The traditional paper trade is kept secret by mailing sealed letters or sending commercial messages through reliable communication channels. E-commerce is based on a relatively open network environment (especially the Internet is a more open network), and keeping business secrets is an important guarantee for the comprehensive popularization and application of e-commerce. Therefore, it is necessary to prevent illegal access to information and illegal theft of information during transmission. Privacy is usually achieved by encrypting the transmitted information through encryption technology. 2. Integrity. E-commerce simplifies the trade process, reduces human intervention, and at the same time brings the problem of maintaining the integrity and unity of business information of all parties in trade. Due to unexpected errors or fraud in data entry, the information of the parties may be different. In addition, information loss, information repetition or different information transmission sequence in the process of data transmission will also lead to information differences between the parties to the transaction. The integrity of the transaction information will affect the transaction and business strategy of the transaction party, and maintaining the integrity of the transaction information is the basis of e-commerce application. Therefore, it is necessary to prevent the random generation, modification and deletion of information, prevent the loss and repetition of information in the process of data transmission, and ensure the unity of information transmission order. Integrity can usually be obtained by extracting the abstract of the information message. 3. Certification. Due to the particularity of online e-commerce transaction system, the transactions of enterprises or individuals are usually carried out in a virtual network environment, so the identification of individuals or business entities has become a very important part of e-commerce. Identify the identity of a person or entity to ensure the authenticity of the identity, that is, the two parties to the transaction can confirm each other's identity without meeting. This means that when someone or an entity claims to have a specific identity, the authentication service will provide a way to verify the correctness of its claim, which is usually achieved through a certificate authority CA and a certificate. 4. It is undeniable. E-commerce may be directly related to the commercial transactions between two parties. How to determine the party to be traded is the expected party of the exchange is the key to ensure the smooth progress of e-commerce. In traditional paper transactions, both parties identify the transaction object by signing or stamping written documents such as transaction contracts, contracts or trade documents by hand, so as to determine the reliability of contracts, contracts and documents and prevent the occurrence of repudiation. This is what people often say "in black and white". In the paperless e-commerce mode, traders cannot be identified by handwritten signatures and seals. Therefore, in the process of transaction information transmission, it is necessary to provide reliable identification for individuals, enterprises or countries involved in the transaction. Non-repudiation can be obtained by digitally signing the sent message. 5. effectiveness. Electronic commerce replaces paper in electronic form, so how to ensure the validity of this electronic form of trade information is the premise of developing electronic commerce. As a form of trade, the effectiveness of e-commerce information will directly affect the economic interests and reputation of individuals, enterprises or countries. Therefore, it is necessary to control and prevent potential threats caused by network failures, operational errors, application errors, hardware failures, system software errors and computer viruses, so as to ensure that transaction data is valid at a specific time and place. The main technology of e-commerce security E-commerce security is the upper application of information security, which includes a wide range of technologies, mainly divided into two categories: network security technology and cryptographic technology, among which cryptographic technology can be divided into encryption, digital signature and authentication technology. 1. Network security technology Network security is the basis of e-commerce security, and a complete e-commerce system should be built on a secure network infrastructure. Network security involves the comparison of many aspects, such as operating system security, firewall technology, virtual private network VPN technology and various anti-hacking technologies and vulnerability detection technologies. The most important one is firewall technology. Firewall is based on communication technology and information security technology. It is used to build a security barrier between networks, filter, analyze and audit network data according to the specified strategy, and provide effective prevention for various attacks. It is mainly used for Internet access and secure connection between private network and public network. VPN is also one of the technologies to ensure network security. It refers to the establishment of a private network in the public network, and the data is spread in the public network through the established virtual security channel. Enterprises only need to rent a local data line to access the local public information network, and branches can safely transfer information to each other; At the same time, enterprises can also use the dial-up access equipment of the public information network to let their users dial into the public information network, and then they can connect to the enterprise network. Using VPN has the advantages of cost saving, remote access, strong expansibility, easy management and complete control, which is the development trend of enterprise network at present and in the future. 2. Encryption technology Encryption technology is an important means to ensure the security of e-commerce, and many cryptographic algorithms have now become the basis of network security and business information security. The encryption algorithm uses secretkeys to encrypt sensitive information, and then sends the encrypted data and key to the receiver (in a secure way). The receiver can use the same algorithm and the transmitted key to decrypt the data, thus obtaining sensitive information and ensuring the confidentiality of network data. By using another encryption technology called digital signature, the integrity and authenticity of network data can be guaranteed at the same time. The use of cryptographic technology can meet the needs of e-commerce security and ensure the confidentiality, integrity, authenticity and non-repudiation of business transactions. Although cryptography only became popular during the Second World War and is now widely used in network security and e-commerce security, its origin can be traced back to thousands of years ago, and its idea is still in use, but it only increases the mathematical complexity in the process of processing. Encryption technology includes private key encryption and public key encryption. Private key encryption, also known as symmetric key encryption, means that the sender and receiver of information use a key to encrypt and decrypt data. At present, the commonly used private key encryption algorithms are DES and IDEA. The biggest advantage of symmetric encryption technology is its fast encryption/decryption speed, which is suitable for encrypting a large number of data, but the key management is difficult. Public key encryption, also known as asymmetric key encryption system, needs to use a pair of keys to complete family secrets and decryption operations respectively. One is public release, called public key. The other is kept by the user himself in secret, called the private key. The sender of information uses public key encryption, while the receiver of information uses private key decryption. The encryption process is guaranteed to be irreversible by mathematical means, that is, the information encrypted with the public key can only be decrypted with the private key paired with the public key. Commonly used algorithms are RSA, ElGamal and so on. The public key mechanism is flexible, but the speed of encryption and decryption is much slower than that of symmetric key encryption. In order to make full use of the advantages of public key cryptography and symmetric cryptography, overcome their shortcomings and solve the problem of changing keys every time, a hybrid cryptosystem, the so-called electronic envelope technology, is proposed. The sender automatically generates a symmetric key, adds the information sent by the key to the symmetric key, and sends the generated ciphertext together with the symmetric key encrypted with the public key of the receiver. The receiver decrypts the encrypted key with its secret key to obtain a symmetric key and uses it to decrypt the ciphertext. This ensures that each transmission can be carried out with a different key selected by the sender, which better ensures the security of data communication. Using hybrid cryptosystem can provide confidentiality guarantee and access control at the same time. Using symmetric encryption algorithm to encrypt a large number of input data can provide confidentiality guarantee, and then using public key to encrypt symmetric key. If you want to make information available to multiple recipients, you can encrypt their symmetric keys with each recipient's public key, thus providing access control functions. 3. Digital signature HASH function, also known as MessageDigest, hash function or hash function, is often used for digital signature. Its input is a variable-length input, and it returns a fixed-length string called the input hash value (message digest). In daily life, documents are usually signed to ensure their authenticity and validity, and the signer can be restrained to prevent its denial behavior. The message summary can be used as a reference. In the network environment, electronic digital signature can be used as simulation, thus providing undeniable services for e-commerce. Compared with handwritten signature, digital signature has the following advantages in security: digital signature is not only related to the signer's private key, but also to the content of the message, so it is impossible to copy the signer's signature from one message to another, and at the same time, it can prevent tampering with the content of the message. 4. Certification bodies and digital certificates