Some common network applications, such as e-commerce, are carried out at the application layer of the network. So how can we ensure the security of the application layer protocol? In this respect, we mainly discuss the set protocol. First of all, let's learn about the security protocol environment on the Internet.
Dealing with e-commerce on the open internet and ensuring the security of data transmission between buyers and sellers has become an important topic of e-commerce? In order to overcome the shortcomings of ssl security protocol, meet the growing security requirements of electronic transactions, and meet the market requirements for transaction security and cost performance, companies such as visa International Organization such as MasterCard? Microsoft? Ibm, etc. * * * released a set (secure electronic transaction) announcement?
Is this an open online transaction? The specification of electronic payment system based on electronic money adopts public key cryptosystem and x.509 digital certificate standard, which is mainly used in b to c mode to ensure the security of payment information. On the premise of retaining the customer's credit card authentication, set adds the authentication of merchant identity, which is very important for transactions that need to pay money? Set application layer protocol has won the support of many large companies and consumers because of its reasonable design, and has become the industrial standard of global network, and its transaction form will become the norm of future "e-commerce"?
1.set application layer protocol description
The specification of secure electronic transactions provides an open standard for conducting secure electronic commerce on the Internet? Set mainly uses electronic authentication technology, and its authentication process uses rsa and des algorithms, so it can provide strong security protection for e-commerce? It can be said that the set specification is the most important protocol in e-commerce at present, and its launch will greatly promote the prosperity and development of e-commerce? Set will establish a standard for safe use of bank cards for online shopping? The secure electronic transaction specification is a rule that provides security measures for electronic transactions based on credit cards, and it is a secure electronic payment protocol that can be widely used in the Internet. It can extend the starting point of widely used credit cards from present stores to consumers' homes and to consumers' personal computers.
Set secure electronic transaction protocol is a protocol based on message flow, mainly to solve the problem of users? Is it to ensure the confidentiality of payment information that merchants and banks use credit cards to make online payments? Integrity of the payment process? What is the legal status and operability of cardholders? The core technology in set mainly includes public key encryption? Digital signature? Digital envelope? Digital certificates, etc? The working principle and flow of set application layer protocol are shown in the following figure:
2. Setting the application layer protocol has five main objectives:
(1) Ensure that the information of e-commerce participants is isolated from each other? After the customer's data is encrypted or packaged, the merchant arrives at the bank, but the merchant can't see the customer's account and password information;
(2) Ensure the safe transmission of information on the Internet and prevent data from being stolen by hackers or insiders;
(3) To solve the problem of multi-party authentication, we should not only authenticate consumers' corner cards, but also authenticate the reputation of online stores and consumers. Authentication between online stores and banks;
(4) Ensure real-time online transactions, and all payment processes are online;
(5) standardize the protocol and message format, so that the software developed by different manufacturers has compatibility and interoperability functions, and can run on different hardware and operating system platforms?