With case studies to illustrate the entire e-commerce transaction process what security problems exist, what are the outstanding performance?

I, e-commerce security problems edit this paragraph e-commerce is simply the use of the Internet for trading activities, e-commerce: "electronic" + "business", from the definition of e-commerce can be understood e-commerce security can be divided into two aspects of security: on the one hand, "electronic" aspects of the security, that is, e-commerce must use the Internet to carry out, and the Internet itself belongs to the computer network, so the first aspect of security is the computer network security, it includes the computer network security. Internet to carry out, and the Internet itself belongs to the computer network, so the first aspect of e-commerce security is the security of the computer network, which includes the security of the computer network hardware and the security of the computer network software, the computer network exists a lot of security threats, but also to the e-commerce security threats; on the other hand is the "business" aspect of the security is the traditional business activities on the Internet, the security of the Internet. When traditional business activities are carried out on the Internet, there are a lot of security risks on the Internet that bring security threats to e-commerce, which is referred to as "business transaction security threats". These two aspects of the security threat to e-commerce has brought a lot of security problems:

(a) computer network security threats

E-commerce contains "three streams": information flow, capital flow, logistics, "three streams" in the core of the information flow is the most important, e-commerce is precisely through the flow of information for the completion of the flow of capital and logistics. The most important difference between e-commerce and traditional business is that the computer network is used to transmit information and promote the completion of information flow. The security of computer network will definitely affect the "information flow" of e-commerce, and will definitely affect the development of e-commerce. There are the following security threats to computer networks:

1. Hacking

Hacking refers to the hacker's illegal access to the network, illegal use of network resources. With the development of the Internet, hacker attacks are also frequent and indefensible, hackers use any loopholes and defects on the Internet to modify web pages, illegal access to the host, steal information and other related harmful activities. 2003, the U.S. Department of Defense's "Pentagon" alone was subjected to 2.3 million attempts to attack its network. From here we can see that hacker attacks have become an important security threat to computer networks in e-commerce.

2. Attacks by computer viruses

Virus is a program that can destroy the normal operation of a computer system and is infectious. With the development of the Internet, viruses use the Internet, making the spread of viruses greatly accelerated, it invades the network, destroying resources, has become another important security threat to computer networks in e-commerce.

3. Denial of Service Attack

Denial of Service Attack (DoS) is a destructive attack, it is a user to use some means to intentionally take up a large number of network resources, so that the system does not have the remaining resources to provide services to other users of the attack. Currently representative means of denial of service attacks include SYNflood, ICMPflood, UDPflood, etc. With the development of the Internet, denial-of-service attacks have become an important threat in network security.

(2) Business transaction security threats

The traditional business activities on the Internet, due to the characteristics of the Internet itself, there are many security threats to the e-commerce has brought the security problem. Internet originated from the demand for computer resources **** enjoyment, has a good openness, but it is precisely because of its openness, make it produce more serious problems. The Internet has the following security risks:

1. Openness

Openness and resource ****sharing is the Internet's biggest feature, but its problems can not be ignored. It is this openness that brings security threats to e-commerce.

2. Lack of security mechanisms of the transmission protocol

TCP / IP protocol is built under the trusted environment, the lack of appropriate security mechanisms, this address-based protocol itself will leak the password, there is no consideration of the security issue; TCP / IP protocol is completely open, its remote access features so that many attackers do not have to be present to the scene will be able to get, the connection of the hosts based on the principle of mutual trust and other such properties make the network more insecure.

3. Vulnerabilities in software systems

With the increasing scale of software systems, security vulnerabilities or "backdoors" in the system are inevitable. Such as cookie programs, JAVA applications, Internet Explorer and other software and programs may bring security threats to our e-commerce.

4. Electronic information

The inherent weakness of electronic information is the lack of credibility, whether the electronic information is correct and complete is very difficult to identify by the information itself, and in the Internet delivery of electronic information, there is difficulty in confirming that the sender of the information and whether the information is correctly delivered to the recipient of the problem.

(C) Computer Network Security Threats and Business Transaction Security Threats to E-Commerce Security Problems

1. Information Leakage

In e-commerce is manifested as the leakage of business secrets, and the above computer network security threats and Internet security hazards may make information leakage in e-commerce, which mainly includes two aspects: (1) The content of the transaction party to carry out the transaction is stolen by a third party. (2) the transaction of a party to provide the other party to use the document third-party illegal use.

2. Tampering

It is because of the above computer network security threats and Internet security risks, electronic transaction information in the process of transmission on the network, may be illegally modified, deleted or replayed by others (refers to the use of the information can only be used once by the use of information for many times), so that the information has lost the authenticity and integrity.

3. Identification

It is because the two parties in an e-commerce transaction to complete the transaction through the network, the two sides do not meet each other, do not know each other, the security threat of the computer network and the security risks of the Internet, but also may make e-commerce transactions in the transaction of the identity of the transaction of the body to fake the problem.

4. Information destruction

The computer network itself is susceptible to some malicious programs, such as computer viruses, Trojan horse programs, logic bombs, etc., resulting in e-commerce information in the transmission process is destroyed.

5. Destruction of the validity of the information

The transaction process in e-commerce is to electronic information instead of paper information, the information we must also ensure that it is the time of the validity of the information and its own validity, we must be able to confirm that the information is indeed issued by the transaction party, the threat of the security of the computer network and the security risks of the Internet, making it difficult to ensure the validity of the information in e-commerce. The validity of information in e-commerce.

6. Disclosure of privacy

Privacy is an issue of great concern to individuals involved in e-commerce. Individuals involved in e-commerce must provide personal information, and computer network security threats and Internet security risks may lead to the leakage of personal information, destroying personal privacy.

Two, the security requirements of e-commerce to edit this paragraph It is because of e-commerce in the process of carrying out a lot of security problems, we want to make e-commerce in a normal and orderly manner, it is necessary to ensure that e-commerce security, to solve the above security problems, to create a safe e-commerce environment, so such a safe e-commerce environment and what are the security requirements to be a solution for us to solve the security problems of e-commerce. E-commerce security issues to be addressed next:

(a) confidentiality of information

Transactions in the business information generally have confidentiality requirements, the content of the information can not be accessed by others, especially when it comes to a number of business secrets and payment and other sensitive information, the confidentiality of the information is more important.

(ii) the integrity of the information

The integrity of the information, including e-commerce information is not tampered with, not to be omitted.

(iii) Non-repudiation and non-repudiation of communication

After a piece of information in e-commerce activities has been sent or received, it should be ensured in a certain way that the parties to the information have sufficient evidence to prove that the operation of receiving or sending has taken place.

(d) Authentication of the identity of the parties to the transaction

To make an online transaction successful, those involved in the transaction should first be able to confirm the identity of the other party, and to determine whether the other party's true identity is the same as the other party's claim.

(E) the validity of the information

E-commerce in electronic form to replace paper, then how to ensure the validity of this electronic form of trade information is to carry out the premise of e-commerce.

(F) Protection of personal privacy

Whether or not personal privacy can be protected in e-commerce will inevitably affect the motivation of individual consumers to participate in e-commerce.

Three, e-commerce security countermeasures to edit this paragraph To create an e-commerce environment that meets the security requirements of e-commerce, it is correspondingly necessary to address two aspects of the security threat: one is the security threat of the computer network, and the other is the security threat to the business transaction, the security of e-commerce brought about by the security problem. We create a safe e-commerce environment countermeasures are:

(a) the use of e-commerce security technology

1. computer network security technology

e-commerce in the use of important tools computer networks, there are many security threats, the establishment of computer networks enough to carry out the basis of e-commerce, we want to ensure the security of e-commerce, first of all, to ensure the security of computer networks. To ensure the security of e-commerce, we must first ensure the security of the computer network.

(1) firewall technology

Firewall refers to the isolation of the local network and the outside world between a defense facility, is a general term for this type of preventive measures. It can restrict others to enter the internal network, filter out unsafe services and illegal users: allow part of the host of the internal network to be accessed by the external network, the other part of the protection; limit the internal network of users to the Internet access to special sites; to monitor the Internet security to provide convenience. Opponents of us to create a secure e-commerce environment is currently the safest way to utilize the dual firewall dual server approach.

(2) Intrusion Detection System (IDS)

Firewall is very good, but the firewall also has a lot of shortcomings, such as firewalls can not prevent attacks that do not pass through the firewall, firewalls can not prevent new network security issues. In order to make up for the shortcomings of the firewall, we can use intrusion detection systems to ensure the security of computer networks. Intrusion Detection (Intrusion Detection), as the name suggests, is the detection of intrusion behavior. It collects information and analyzes it through a number of key points in a computer network or computer system, from which it finds out whether there is a violation of security policies and signs of attack in the network or system. The combination of software and hardware for intrusion detection is the Intrusion Detection System (IDS).

(3) Virtual Private Network (VPN) technology

Virtual Private Network (VPN) is a new network technology. As the name suggests, the virtual private network is not really a private network, it uses the unreliable public network as the medium of information transmission, through additional security tunnels, user authentication and access control and other technologies to achieve similar security functions with the private network, so as to realize the safe transmission of important information. By utilizing virtual private network technology, we can create a relatively secure network.

(4) virus prevention and control technology

E-commerce computer networks are constantly being harmed by virus attacks, in order to minimize the harm of computer viruses, we can start from the following aspects: First, attach great importance to computer viruses; Second, the installation of computer virus prevention and control software, and constantly update the virus database.

2. Business Transaction Security Technology

In order to create a secure e-commerce environment, we must ensure the security of traditional business activities on the Internet, we should establish a security system for e-commerce.

(1) Basic Encryption Technology

The process of performing some kind of transformation on plaintext data to make it into an unintelligible form is encryption, and this unintelligible form is called ciphertext. Decryption is the reverse process of encryption, whereby the ciphertext is restored to plaintext. Encryption of information using cryptography is the most commonly used means of security. In e-commerce, there are two types of modern encryption techniques that have gained wide application: symmetric encryption regime and asymmetric encryption regime. The basic encryption technology is the foundation of e-commerce security system, as well as the security authentication means and security protocols, the use of which can ensure the confidentiality of information in e-commerce.

(2) security authentication means

The use of basic encryption technology can only guarantee the confidentiality of information in e-commerce, in order to create a secure e-commerce environment, we must also ensure that e-commerce in the integrity of the information, non-repudiation, non-repudiation of the communication, the identity of all parties involved in the transaction, the authentication of the validity of the information, which has to be used to the basic encryption technology based on the development of the Security authentication means:

①Use of digital envelope technology to ensure the confidentiality of information in electronic commerce.

②The use of Hash function as the core of the digital digest technology to ensure the integrity of information in electronic commerce.

③The establishment of CA authentication system to the e-commerce transaction parties to issue digital certificates to ensure that e-commerce transactions in the identity of the parties to the authentication. In e-commerce, in order to make a large number of certification authorities CA (Certification Authority) with an open standard, so that the interconnection between the mutual authentication, to achieve secure CA management, which requires the establishment of public key infrastructure (Public Key Infrastructure, referred to as PKI).

④The use of digital time stamps to ensure the validity of information in e-commerce.

⑤ The use of digital signature technology to ensure the non-repudiation and non-repudiation of communications in e-commerce and the validity of information.

(3) security protocols

To ensure the security of the e-commerce environment, it is necessary to establish e-commerce security solutions with security authentication means and security protocols. At present, there are two security authentication protocols widely used in e-commerce, namely, Secure Sockets Layer (Secure Sockets Layer) protocol and Secure Electronic Transaction SET (Secure Electronic Transaction) protocol.

(B) the development of e-commerce security management system

e-commerce security management system is in the form of text on the security requirements of the provisions of these systems should include personnel management system, confidentiality system, tracking and auditing system, system maintenance system, data backup system, virus cleaning system on a regular basis.

(C) Strengthen the integrity of education, the establishment of a social integrity system

E-commerce in many security issues such as the transaction of the denial, denial, destruction of personal privacy, in the final analysis, is still the problem of human integrity, in order to promote the better development of e-commerce, to dispel the consumer security concerns about e-commerce, we should strengthen the integrity of education, the establishment of a social integrity system.