| The secure transfer of the sensitive data is an important part in the network security.The security mechsnism on the two security protocols of electronic payment:SSL and SET which is often put into use now can provide the sensitive data transfer securitily.But both of them are not fit for the tiny electronic commerce,in the case of which few sensitive data need be transferred securitily,because of their features and deficits.So Xi'An University of Transportation put forword a solution which can provide the DES secure transfer of the sensitive data based on the sensitive data.The DES encryption algorithms is not enough for the secure transfer and the encryption keys are difficulte to distribute,which are deficits in the solution.The authentication method of One-Time Password is an authentication solution with enough security,which is easily put into use and is fit for the tinyelectronic commerce.So the article makes a profound study on the principle and realization of authentication method of One-Time Password and point out the weakness of it.The article so presents a new solution based on the authentication method of One-Time Password and the DES secure transfer of the sensitive data.The new solution has some changes such as user's secret passphrases which have been AES encrypted have been kept in database instead of OTP;client and server can offer AES encryption key based on OTP;some dynamic informations have been put into the challenge; AES encryption algorithms has been used in the solution instead of DES.The solution can realize bidirectional authentication and the AES secure transfer of the sensitive data.At the end of the article,it explicates some key technologies of the solution to realize it.The solution can provide enough security of the transfer of the sensitive data and has low cost.It is a new solution for the tiny electronic commerce with few sensitive data to secure transfer.
|
PDF Full Text Request