The Research And Construct Of E-commerce Security System Based On SET

As the direct outcome of information revolution, Electronic Commerce (E-commerce) has brought significant influence on thinking patterns and life styles of common people. Nowadays, e-commerce has become a kind of popular business transaction. And with its great convenience, high efficiency and low-cost, e-commerce will be a main form of economic and commercial activities in the future society.However, since it is based on an open and free Internet, the weak security of e-commerce has become a serious problem, which holdbacks greatly the development of e-commerce. Accordingly, in order to develop e-commerce, it is prerequisite to solve the security problems and guarantee the secret, integrity, availability, authenticity and undeniableness of e-commerce.SET is an e-commerce secure transaction protocol standard set based on credit card transactions over Internet. By establishing standards and adopting the technology of encryption and authentication, SET has resolved almost all security problems that once stranded the development of e-commerce. At present, it has been acknowledged by IETF and become an actual industrial standard. Therefore, it is significative to study SET for e-commerce security.SET has been studied in this paper from four sides, which are the architecture of SET, SET payment flow, the security authentication mechanism of SET, and the reasons for which SET is restricted in application.The architecture of SET and SET payment flow have been discussed in Chapter 2. The architecture of SET includes SET payment architecture and SET security architecture. The participants and the network model of the payment system have been dissertated in SET payment architecture; the technology of encryption and authentication has been stated in SET security architecture. SET payment flow includes the certificate registered phase, purchase request phase, payment authentication phase, payment captured phase. Formalization language has been used in describing the flow of each phase.The digital certificate and the technology of CA authentication are so importantin SET security architecture that they are studied specially in Chapter 3, where the format and the theory of digital certificate have been introduced detailedly as well as the structure and the mechanism of certificate management of CA authentication system are anatomized.Although SET has been supported by many big companies, SET hasn't been used widely since SET was born in 1996. So, the problems in SET have been analogized and some improvement schemes have been given in Chapter 4.At last, according to the thought of SET and the analysis in the former chapters, a complete design and modeling for the e-commerce security payment architecture has been proposed and an e-commerce security payment system, which includes six participants of cardholder, merchant, payment gateway, CA, issuer bank and acquire bank, has been implemented by J2EE technology. The system can guarantee effectually the secret, integrity, authenticity of cardholders' payment transactions on Internet.