(1) symmetric encryption/symmetric key encryption/private key encryption?
This method uses the same key to encrypt and decrypt information. Using symmetric encryption will simplify the encryption process, and each trader does not need to study and exchange special encryption algorithms with each other, but uses the same encryption algorithm and only exchanges the special keys enjoyed by * * *. If the communication trader can guarantee that the private key is not leaked in the key exchange stage, then the confidentiality and message integrity can be realized by encrypting the confidential information by symmetric encryption method and sending the message digest or message hash value with the message. ?
(2) Asymmetric encryption/public key encryption?
In this encryption system, the key is decomposed into a pair. Any key can be disclosed to others in a non-confidential way as a public key, while the other key can be kept as a private key. The public key is used to encrypt confidentiality, and the private key is used to decrypt encrypted information. The private key can only be mastered by the traders who generate the key pair, and the public key can be widely distributed, but only corresponding to the traders who generate the key. ?
(3) digital summary?
This method is also called secure hash coding or MD5. The plaintext to be encrypted is "abstracted" into a series of ciphertexts of 128bit by one-way hash function, that is, digital fingerprints, with fixed length. Different plaintexts are abstracted into ciphertexts, and the results are always different, but the abstracts of the same plaintext must be consistent. This abstract can be used as a "fingerprint" to verify whether the plaintext is "true". ?
(4) Digital signature?
The information was sent by the signer; The information was not modified during transmission. In this way, the digital signature can be used to prevent electronic information from being tampered with because it is easy to be modified; Or send information in the name of others; Or send (receive) a letter and deny it. ?
(5) Digital timestamp?
It is an encrypted voucher document, including three parts: the summary of the file that needs time stamp; Date and time when DTS received the file; Digital signature of DTS. ?
(6) Digital vouchers?
Digital certificate, also known as digital certificate, is an electronic way to prove a user's identity and access to network resources. In online electronic transactions, if both parties present their respective digital vouchers and use them for transactions, then both parties need not worry about the authenticity of the other party's identity. It includes: the name of the certificate owner; The public key of the certificate owner; The validity period of the public key; Units that issue digital certificates; The serial number of the digital voucher; The digital signature of the unit that issued the digital certificate. ?
There are three types of digital vouchers: personal vouchers, enterprise (server) vouchers and software (developer) vouchers. ?
2. Internet e-mail security protocol?
(1)PEM: This is a draft standard to enhance the privacy of Internet e-mail. It adds the functions of encryption, authentication and key management to the standard format of Internet e-mail, allows the use of public key and private key encryption methods, and supports a variety of encryption tools. For each email, you can specify specific security measures in the email header, such as encryption algorithm, digital authentication algorithm and hash function. ?
(2)S/MIME: It is an agreement to add digital signature and encryption technology to the multi-functional Internet e-mail expansion message described in RFC 152 1, with the purpose of defining the implementation of security service measures on MIME. ?
(3)PEM-MIME: It combines the characteristics of PEM and MIME. ?
3. What are the main ones? Internet security protocol?
(1)SSL: provides security measures such as client-server authentication, data integrity and information confidentiality for client/server applications based on TCP/IP. This protocol realizes the review of security features by exchanging SSL initial handshake information before exchanging data between applications. In SSL handshake information, encryption technologies such as DES and MD5 are used to realize confidentiality and data integrity, and X.509 digital certificate is used to realize authentication. ?
(2)S-HTTP: It extends the security features of HTTP and increases the security of messages. It is based on SSL technology. This protocol provides security measures such as integrity, authentication, non-repudiation and confidentiality for WWW applications.
(3) STT: STT separates authentication and decryption in the browser to improve the security control ability. ?
(4)SET: The main files include SET service description, SET programmer's guide and SET protocol description. SET 1.0 has been published and can be applied to any bank payment service. It covers the transaction agreement, information confidentiality, data integrity, data authentication and data signature of credit cards in e-commerce transactions. ?
The main goal of SET specification is to ensure payment security, determine the interoperability of applications and make them accepted by the global market.
4.UN/EDIFACT's Security Company?
UN/EDIFACT message is the only international EDI standard. Using the Internet for EDI has become an increasingly concerned field, and ensuring the security of EDI has become the main problem to be solved.
5. Virtual Private Network (VPN)?
It can establish a secure channel (or tunnel) between two systems for electronic data exchange. It is different from credit card transaction and customer sending order transaction, because in VPN, the data communication between the two parties is much larger and both parties are familiar with it. This means that complex special encryption and authentication technologies can be used, as long as the communication parties default, there is no need to uniformly encrypt and authenticate all VPNs. ?
6. Digital authentication?
Electronic means prove the identity of the sender and receiver of information, the integrity of documents (such as the invoice has not been modified), and even the validity of data media (such as recordings and photos). ?
At present, digital authentication is generally realized by one-way hash function, which can verify the integrity of data of both parties to the transaction. ?
7. Certificate Authority (CA)?
What is the basic function of CA?
Generate and save public keys and private keys, digital certificates and their digital signatures that meet the requirements of security authentication protocols. ?
Verify digital certificates and digital signatures. ?
Digital certificate management focuses on certificate revocation management, while pursuing automatic management. ?
Establish application program interface, especially payment interface. Whether CA has a payment interface is the key to support e-commerce.
8. Firewall technology?
A firewall has the following five basic functions: (1) filtering data entering and leaving the network; (2) Managing the access behavior of the network; (3) shielding some prohibited behaviors; (4) Recording the information content and activities passing through the firewall; (5) Detecting and alarming network attacks. ?
There are two main types of firewalls at present. One is packet filtering firewall, and the other is application layer firewall. ?
Intrusion detection technology is a reasonable supplement to firewall technology, and its main contents include: intrusion means and technology, distributed intrusion detection technology, intelligent intrusion detection technology and comprehensive security defense scheme.