Study On The Safety Problem Of E-commerce Based On SET Protocol

With the rapid development of information technology, computer and network have become increasingly important in people’s daily life. The businesses carried out by computer&network have become increasingly diverse, one of which is e-commerce.E-commerce is based on the open Internet. On the internet, every user is faced with various threats of insecurity, and e-commerce also involves a lot of private personal information, hence safety assurance is particularly important. In this thesis, based on the current development of the domestic e-commerce, the author collects a series of domestic literature on e-commerce security information, organizes the research points of view, analyzes e-commerce security issues involved, and the implement of security technologies, and indicates the theories of e-commerce security. Meanwhile, based on the analysis of the Secure Electronic Transaction (SET), the author points the defects of the agreement, and proposes some improvements. This thesis is mainly made from the following two aspects:1. Research on SET protocol digital encryption technologyE-commerce based on SET, digital encryption technology and its application is one of the important means to ensure security of e-commerce.Through the digital encryption technology, digital signatures,digital envelopes, digital security certificates can be obtained to ensure the information of authentication, confidentiality, integrity and non-repudiation in e-commerce transactions. In this thesis, the author analyzes the classic encryption algorithms (DES, RSA, MD5) in a theoretical way, and through the JAVA programming for the actual test, and a comparison of the test results, sums up the characteristics of three encryption algorithms.2. Research on Secure Electronic Transaction (SET)First of all, the author describes the processing logic of SET protocol, analyzes the security problem of SET, and finally, points out existing disputes in the registration process, the transaction process and paying process, over these three aspects based on the electronic commerce activity SET protocol, and proposes the following improvement schemes:(1) In registration, Certificate Authority should establish a registration key database, compare the user key requirements in registration, and ensure CA cannot allocate the same key to different users.(2) In the transaction process, in independent third party should be employed. In order to protect customer information not informed by merchant, the third party can manage the true information of the clients, verify the customer information and feedback the results to the merchants.(3) After the electronic payment, if there are disputes, the issuers should the disputes as the arbitration identity.Based on the analysis of SET, the improvement programs to the registration and paying processes can be realized by modulars.Based on the analysis of SET protocol, the author points out the inherent deficiencies of SET protocol, puts forward the corresponding improvement programs with higher security and in line with the characteristics of electronic commerce. Hence, this thesis obtains some theoretical value as well as certain practical significance.