Electronic Payment is the most core and the most essential link of electronic commerce, is the foundation condition which electronic commerce can carry on smoothly.Because the electronic payment needs to carry on in the open network,therefore sensitive information in payment process needs some mechanism to guarantee its security.Electronic payment protocol is one of the key technologies which can do it.Secure Electronic Transaction protocol(SET) has guaranteed security problem in the electronic payment process through formulating standard and using cryptogram technology.This paper designed and realizes an electronic payment system based on the SET protocol and around the practical requirements of applying SET protocol in China.The main work is as follows:(1) This paper elaborates electronic payment protocol related criterion,the work flow, related safety technology and authentication technology of Security Electronic Transaction protocol SET.Analyzes the SET protocol and the SSL protocol through the contrast,points out the SET protocol although surpasses the SSL protocol in the security aspect,but SET protocol still has insufficiencies in the debit card support aspect,commodity atomicity aspect, transaction flow aspect and encryption technology aspect because of its itself definition rule and safety technology stipulation.This paper analysis and improves these insufficiencies.(2) This paper researches the atomicity criterion in electronic payment protocol.In the foundation of discussing how to constructs the protocol atomicity method,the paper researches the insufficiencies on commodity atomicity and confirmation transmission atomicity aspect which is SET is unable to guarantee the business certainly can provide the commodity to the cardholder as well as provides the quality reliable also is truly the commodity which the cardholder orders after receives cardholder's correct payment.Proposed one kind of improvement SET protocol atomicity plan for this flaw,carries on the safety analysis and the atomicity analysis to this plan. (3) This paper researches debit card online personal password expansion standard in view of the practical requirements of applying SET protocol in China,makes SET to support the debit card payment.The standard is recommended by SETCO organization.Improves the SET protocol authentication way to solve the SET protocol transaction process is complex and certificate confirmation efficiency is low.This paper researches the server wallet model to promote practical application of the SET protocol in the electronic payment and to reduce the burden that the cardholder need installs the software when shopping.This paper proposes to uses the different security level when payment to compatible the present payment system business had.In this plan,each level corresponds one payment way,this plan can make the business transit gradually to the SET payment way.(4) After applying the improvement SET protocol,this paper designs and implements an electronic payment system to simulate a complete electronic payment process using the MVC pattern In J2EE platform.This paper is supported by Shaanxi Narural Science Funds(2006F50) and Aviation Science Funds(2006ZC31001). |