The Research Of Credit Card Security Payment System Based On XML

As the development of electronic commerce, security of payment has been brought into focus of public. The most frequently used e-commerce payment method is credit card payment. Especially in Europe and America, credit card users accounted for 85%.In China, the amount of credit card rapid grows recently. As a result, a growing number of people use credit card in e-commerce.Therefore, how to ensure credit card payments security is an urgent problem to solve.XML has been the information exchange format of e-commerce. As the previous payment system did not use XML data format, the efficiency of payment is very low. Therefore, this paper applies XML to credit card payment. Taking XML as information exchange format can be beneficial to flexibility and scalability of data processing. In addition, this paper applies XSLT2.0 technology to security, and dividing document into several parts by XSLT2.0. The possibility of intercepting multiple documents in the network is very low and getting part of the document and cannot be restored to the original document. Therefore, security can be improved by XML.This thesis proposed a detailed security plan to protect the security of the payment process. Because of the XML data format, this thesis combines the XML security specifications and standards, and extends on this basis. Improving the efficiency is also the key objectives of this thesis. Therefore, the theory of the ECC and AES is applied into protecting XML messages. Compared with the RSA and DES Cryptography in the traditional credit card payment system, the security and efficiency of ECC and AES has greatly improved. For digital signatures, this paper uses faster, more secure ECDSA algorithm to achieve the signature of the XML message.This credit card payment system consists of an XML message generation module, XML message send module, XML messaging receive module, XML message decomposition module, XML message merge modules, XML message encryption module, XML message decryption module, XML message signature module, and XML message signature verification module. The system has been achieved by using C# language and.Net platform. As the.Net platform does not support XSLT2.0 technology, this thesis complete XML message decomposition module and XML messages merge module by SAXON.The security of this system has been test by formal model checking. Modeling of the entire payment process, and completed the entire process of formal verification by SMV tool.