The Application Of XML Security Technology In E-commerce System

XML language is widely used in the Internet and distributed heterogeneous environments, because of its powerful description, structure, easy expansion, and cross-platform, especially in the area of e-commerce with large amounts of data exchange. As Web-based XML e-commerce orders may be liable to various security threats on the Internet at transmission and storage, such as theft, camouflage, malicious deception, illegal modification and destruction, XML security technology provides security guarantees for application of XML data or non-XML data exchange. It can not only implement security that is achieved by the traditional security technologies such as Secure Sockets Layer (SSL), IP layer security standards, but also meet the new XML requirements of multiple signatures, more fine-grained encryption and signatures.Firstly, XML technology and modern security technology based on cryptography is discussed in this paper. Then The XML encryption, XML digital signature, XML Key Management Specification, security assertion markup language and XML Access Control Markup Language are studied. The features and advantages of XML security technology compared with the traditional security technology are also analyzed. Finally, an integrated XML security scheme based on XML security technology standards for data exchange program is presented and implemented. In the scheme, XML encryption technology is used to ensure the optional granularity of the XML data confidentiality; XML signatures ensure data integrity, authentication, non-repudiation of information transmission, and multiple signatures in the same XML document; XML security assertion language SAML and XML Access Control Language XACML ensure data requests controllability; Key management integrates the existing PKI on the basis of XML Key Management Specification and a trusted service layer is used to provide users with key and certificate services. In the implementation of this scheme, XML encryption / decryption functions based on 3DES encryption algorithm and RSA-based digital signature / validation function are programed with .Net platform and C# language. These modules provide the XML document confidentiality, integrity, authentication, non-repudiation, and other security services. The scheme and its implementation can satisfy the security requirements of Web-based XML e-commerce orders on the Internet transmission and storage. In the end of this paper, the security of this integrated scheme is analyzed. It is showed that the scheme can effectively solve the security problems of XML Web-based e-commerce orders.