A Solution On The Authentication Of Electronic Commerce

With the rapid development of Information and Technology, the human race is coming into a new era of network and information. Electronic Commerce based on Internet has become a new mode for people to pursue commerce. With more and more people execute their commerce through Internet, the prospect of Electronic Commerce is becoming more and more attracting. But at the same time, the security problem of Electronic Commerce is becoming more and more obvious. How to establish a secure and convenient application environment of Electronic Commerce has become a current topic. In the secure application environment electronic transaction should have the same security and reliability as the conventional transaction through face-to-face exchange.Now what enterprises in our country mind is the security problem, so the security of information is the most important problem to solve before developing Electronic Commerce. It has become the key of developing Electronic Commerce to study and analyze the security of Electronic Commerce and then to exploit Electronic Commerce security products of our own knowledge rights.As Electronic Commerce security involves many aspects and status authentication is the first defence in Electronic Commerce security, so this thesis mainly analyzes and probes the technologies of status authentication.After simple introduction of security technologies in Electronic Commerce, this thesis analyzes and probes deeply the technologies of status authentication, and then finds out the deficiency of the extant systems of status authentication and gives the corresponding solution schenism. This thesis applies respectively the improved One-Time Password OTP authentication mechanism and the Elliptic Curve Digital Signature Algorithm ECDSA statu sauthentication mechanism to Business-to-Client (B2C) and Business-to-Business (B2B) Electronic Commerce systems, and provides a new framework model of Electronic Commerce status authentication systems. At last, This thesis gives an implementation of the status authentication system, which can resist the small-number attack and replay attack.During the implementation, Intelligent Card technology is introduced into the Business-to-Business Electronic Commerce system, and then improves the security and utility of the status authentication system in the Business-to-Business Electronic Commerce.The main work of this thesis includes the following aspects:(1) After deeply analyzing and probing the One-Time Password authentication technology, aiming for the deficiency of the extant systems of One-Time Passwordauthentication, this thesis proposes an Improved One-Time Password authentication schenism, which can efficiently resist the small-number attack and replay attack. And What's more, during implementation the improved authentication mechanism does not require the user in the client end to install any software or to modi any configuration.(2) This thesis analyzes the deficiency of status authentication based on symmetric cryptography, analyzes the technologies of status authentication based on public-key cryptography, and especially analyzes the algorithms based on different difficult problems.(3 ) This thesis applies the elliptic curve cryptography over finite fields to the status authentication systems in the Electronic Commerce and proposes a new statusauthentication mechanism based on the discrete logarithm problem in the points on elliptic ccurves over finite fields. This new status authentication mechanism can provide increasedspeed and decreased key size for a given level of security.(4) This thesis applies respectively the improved One-Time Password authenticati -on mechanism and the status authentication mechanism based on the discrete logarithm problem in the points on elliptic curves over finite fields to Business-to-Client(B2C) and Business-to-Business(B2B) Electronic Commerce systems, and proposes a new framework model of Electronic Commerce status authentication systems.(5) Combining the Intelligent Card technology, this thesis devises an Electronic Commerce status authentication system based on OTP and ECDSA, and implements it.The status authentication system of Electronic Commerce presented in this paper,caters for the common users in convenience and security by the use of improved One-TimePassword status authentication mechanism, and caters for the cooperate enterprises by applying the secure and reliable Elliptic Curve Digital Signature Algorithm (ECDSA) to the Intelligent Card. As the Public Key Infrastructure of our country is imperfect yet today, the Electronic Commerce systems combined the given status authentication system will have better utility and popularity.