Current location - Quotes Website - Personality signature - What are the main entities of TVU’s e-commerce online payment system?
What are the main entities of TVU’s e-commerce online payment system?

The security requirements of e-commerce payment systems include: confidentiality, authentication, data integrity, interoperability, etc. Currently, protocols used at home and abroad to ensure the security of e-commerce payment systems include: SSL (Secure Socket Layer), SET (Secure Electronic Transaction) and other protocol standards.

2.1 SSL protocol

The Secure Socket Layer (SSL) protocol is commonly used on the Internet and can ensure the integrity, confidentiality and interoperability of data during communication between the two parties. It can be used when security requirements are not too high. It includes:

(1) Handshake protocol. That is, before transmitting information, handshake information is sent to confirm each other's identity. After confirming the identity, both parties hold a shared key.

(2) Message encryption protocol. That is, after the two parties shake hands, they use the other party's certificate (RSA public key) to encrypt a random key, and then use the random key to encrypt the information flow of both parties to achieve confidentiality.

Because it is built into browsers such as IE and NESCAPE, it is very convenient to implement. Most of the current B-C online payments adopt this method. Online payment based on this protocol can be easily implemented using the online payment interface provided by China Merchants Bank.

SSL uses encryption to establish a secure communication channel to transmit the customer's credit card number to the merchant. It is equivalent to using a secure phone connection to read the user's credit card to the merchant over the phone.

SSL transaction process diagram

Although the SSL handshake protocol can be used by both parties to confirm each other's identities, in fact it basically only uses the client to authenticate the server's identity, that is, unilateral authentication. This agreement does not protect against fraud by a shady merchant who has the customer's credit card number. Merchant fraud is one of the most serious problems facing the SSL protocol. In addition, because encryption algorithms are restricted by encryption exports from the United States, both browsers and Web Servers have the so-called "512/40" problem. Both DES symmetric encryption is 40 bits and RSA encryption is 512 bits. The low encryption strength makes it difficult to promote the B-C SSL protocol to the B-B field with higher requirements.

2.2 Secure electronic transaction protocol SET

SET implements payment using payment cards (credit cards, debit cards, ATM cards, etc.) on an open network (Internet or public multimedia network) secure transaction processing protocol. Its implementation does not require major transformation of the existing bank payment network. Version 1.0 of the protocol was released on May 31, 1997.

SET specifies the purchase and payment message transmission process for all parties in the e-commerce payment system. The attached figure is a flow chart of the SET protocol structure. It can be seen that the three parties involved in the transaction of the e-commerce payment system are: cardholder, merchant and payment gateway. The transaction process is:

(1) The cardholder decides to purchase and sends a purchase request to the merchant;

(2) The merchant returns payment consent and other information;

(3) The cardholder verifies the identity of the merchant and securely transmits the order information and payment information to the merchant, but the payment information is invisible to the merchant (encrypted with the bank's public key);

(4) The merchant verifies the identity of the payment gateway, transmits the payment information to the payment gateway, and requires verification of whether the cardholder's payment information is valid;

(5) The payment gateway verifies the merchant's identity and goes to the card-issuing bank for verification through the traditional bank network. Whether the cardholder’s payment information is valid and the result is returned to the merchant;

(6) The merchant returns the information to the cardholder and delivers the goods;

(7) The merchant regularly reports to the payment The gateway sends payment request information, the payment gateway notifies the card bank to debit, and returns the result to the merchant, and the transaction ends.

Security technologies used in secure electronic transactions include: encryption (public key encryption, secret key encryption), digital envelopes, digital signatures, double digital signatures, authentication, etc.

It ensures the security of data through encryption, the identity authentication and data integrity of transaction parties through digital signatures, and interoperability through the use of clear interaction protocols and message formats.

Because it is complex to implement, each transaction requires multiple encryption, HASH and digital signatures, and special trading software must be installed on the client. Therefore, there are not many electronic payment systems using this protocol now. Currently, the payment method in Bank of China's online banking is based on SET.