Research For Online Security Pay Scheme Based On PKI And SSL Protocol

With development of e-commerce, the security issues are more and more outstanding. Network payment system, mainly used to solve instant messaging and security of funds and information flows between trading entities on the internet, is an important part of e-commerce. Network payment has always been the weak link in domestic e-commerce system and is being a key restrictive factor to development of e-commerce. Safety is the biggest threat for the thriving development of network pay business.So, the study of the security of online pay in this paper is of great importance.Firstly, e-commerce security technology such as cryptography and PKI (Public Key Infrastructure) is described. Then, the relative theories of online pay security are introduced, and the SSL and SET secure payment model are introduced and analyzed emphatically in detail. SSL secure payment mode has more advantage over SET secure payment mode in the convenience and efficiency. Finally, aiming at the shortcoming of SSL protocol for lack of a complete set of the authentication system, CA authentication technology and digital signature technology are adopted to construct the security scheme of network payment, and the scheme is based on PKI and SSL. In this security scheme, the MD5 algorithm is used to hide user confidential information, effectively solving security problems in user registration/login module.The network payment security schemes are based on PKI and SSL protocol, adopting CA authentication and digital signature technology. So the paper emphasis on designing and implementing a digital signature scheme based on CA authentication. Firstly, a CA authentication system, fitted in with middle and small enterprises, is designed. And CA server which can sign and issue digital certificate of users, is constructed. Then, the digital signature scheme based on CA Certification is designed. The scheme includes two processes:digital certification, Digital signatures and signature verification. Finally, taking the communication between sender party A and receiver party B for example, this scheme is demonstrated, using java and OpenSSL.