Internet-based e-commerce system technology makes it very convenient and easy for online shopping customers to obtain information about businesses and enterprises, but it also increases the risk of abusing some sensitive or valuable data.

All financial transactions conducted on the Internet must be true and reliable, and all parties to the transaction, such as customers, businesses and enterprises, must have absolute confidence, so the Internet e-commerce system must ensure very reliable security and confidentiality technology.

In other words, we must ensure the four elements of network security, namely, the confidentiality of information transmission, the integrity of data exchange, the non-repudiation of sent information and the certainty of trader's identity.

1, information is confidential.

Business information in the transaction needs to be kept confidential. If you know the account number and user name of the credit card, you may be stolen. If the information of ordering and payment is known by competitors, you may lose business opportunities. Therefore, in the information dissemination of e-commerce, encryption is generally needed.

2. The certainty of the trader's identity

The two sides of online transactions are probably strangers, thousands of miles apart. In order to make the transaction successful, we must first be able to confirm the identity of the other party. For merchants, it is necessary to consider that the client can't be a liar, and customers will worry that the online shop is not a black shop playing tricks. Therefore, it is the premise of the transaction to confirm the identity of the other party conveniently and reliably.

For banks, credit card companies and sales stores that provide services to customers or users, in order to carry out service activities safely, confidentially and reliably, identity authentication must be carried out.

For the relevant sales stores, they don't know the card number of the credit card used by customers, and the stores can only give the credit card confirmation to the bank. Banks and credit card companies can use all kinds of confidentiality and identification means to confirm whether the customer's identity is legal, and at the same time, they should also prevent the problem of refusal to pay, and confirm the order and order collection information.

3. There is no denying it

Due to the ever-changing business conditions, once the transaction is reached, it cannot be denied. Otherwise, it will inevitably harm the interests of one party. For example, when ordering gold, the price of gold is low, but after receiving the order, the price of gold rises. If the acquirer can deny the actual time of receiving the order, or even the fact of receiving the order, then the orderer will suffer losses. Therefore, all links in the communication process of electronic transactions must be undeniable.

4. It cannot be modified

Transaction documents cannot be modified, such as ordering gold mentioned in the above example. After receiving the order, the supplier found that the price of gold rose sharply. If the contents of the document can be changed and the order number is changed from 1 ton to 1 gram, it will benefit greatly and the ordering unit may suffer losses. Therefore, electronic transaction documents should also be irrevocable to ensure the seriousness and fairness of the transaction.

While lamenting the great potential of e-commerce, people have to think calmly about how to ensure the fairness and security of transactions and the authenticity of the identities of both parties when conducting transactions and operations on the computer Internet where people do not meet each other. There is a mature security solution in the world, which is to establish a security certificate architecture.

Digital security certificate provides a way to verify identity on the Internet. The security certificate system mainly adopts public key system, and others include symmetric key encryption, digital signature and digital envelope.

We can use digital certificates and establish a strict identity authentication system by using symmetric and asymmetric encryption technologies to ensure that information will not be stolen by others except the sender and receiver; Information is not tampered with during transmission; The sender can confirm the identity of the receiver through the digital certificate; The sender cannot deny his information.

Extended data:

Enterprise electronic certificate issuing authority:

CA, also known as Certificate Authority Center, as a trusted third party in e-commerce transactions, is responsible for checking the legality of public keys in public key systems.

The CA Center issues a digital certificate to each user who uses the public key. The function of digital certificate is to prove that the user listed in the certificate legally owns the public key listed in the certificate.

The digital signature of CA makes it impossible for attackers to forge and tamper with certificates. It is responsible for the generation, distribution and management of digital certificates required by all individuals participating in online transactions, so it is the core link of secure electronic transactions. Therefore, the construction of certification center is a necessary step to develop and standardize the e-commerce market.

In order to ensure the security, authenticity, reliability, integrity and non-repudiation of information transmitted between users on the Internet, it is necessary not only to verify the authenticity of users' identities, but also to have an authoritative, impartial and unique institution responsible for issuing and managing e-commerce security certificates that meet domestic and international standards for secure electronic transactions.

Baidu Encyclopedia-Digital Certificate