Along with for instance electronic commerce and so on Electronic bank, on-line shopping are getting more and more frequent in ours life appears, the people to the electronic commerce transaction's payment's security, the privacy, the feasibility also set more and more high request. Electronic commerce is under the Internet open network environment, based on the browser/server application way, realizes between consumer's on-line shopping, merchant's on-line transaction and the online electronic payment commercial movement pattern. As a result of Internet openness, when many traditional commercial way applications when Internet, will then bring many stems from the security aspect the question.The public key infrastructure (Public Key Infrastructure), is one kind follows decides the standard the key management platform, it can provide the key which and the certificate management system for all network application password services and so on encryption and digital signature and must. PKI is provides the safe service using the public key theory technical establishment the infrastructure. The user use the digital certificates which (Certificate Authority, CA) signs and issues by the certificate authority authentication center, the union encryption technology, may guarantee that the correspondence content the secrecy, the integrity, the reliability and the transaction may not denying, and carry on the user status the recognition. But wishes in some sentiments, for instance the authorization management system management system, the independent status authentication technology already could not satisfy completely requests. The authorization management system management system not only requests the user to provide the legitimate status certificate to use in the status authentication, moreover the request provides the corresponding authorized management mechanism, uses in controlling user's in system behavior and the movement. The authorized management infrastructure (PrivilegeM anagementIn frastructure, is called PMI) is proposed in the PKI developing process and gradually a new concept which separates from PKI. Uses the PKC certificate with PKI to be the same, the PMI use attribute certificate (AC, Attribute Certificate) completes based on the role visit twists the system. PMI is nimble using the attribute certificate, the term of validity short characteristic, has realized safely, nimble, the highly effective authorized management well.This article is mainly aims at PKI and PMI in the electronic commerce payment system domain applied research work. Conducts the research to PKI and the PMI technology's principle and in the reality several kind of application pattern, and to makes the thorough discussion based on the PKI/PMI electronic commerce payment system's security. The goal lies in enhances PKI/PMI in the electronic commerce payment system's application, simultaneously also unearths the safer electronic commerce payment system construction, enhances in the electronic commerce payment process the security, the privacy and the feasibility. And proposes a customer, the business, the bank, the fund supervision and manufacturer new "five sides" the electronic commerce payment system, thus achieves the first guarantee electronic commerce payment the safe transaction, second guarantee big-ticket item commodity quality, maintenance goal, specifically speaking, this article prime task includes:(1) pair of nowadays's electronic commerce carries on the elaboration and the analysis.(2) pair of PKI/PMI system (contained digital certificates and attribute certificate) has carried on complete, the exhaustive analysis and the elaboration.(3), and has carried on the analysis in view of the PKI/PMI application example. (4) to establishes based on the PKI/PMI unified security the research which carries on using the platform.(5) designs a guarantee pay security, to be advantageous for the operation, the safeguard physical distribution five side electronic commerce payment system. |