Research And Implement Of Secure Channel For Internet E-payments

With the rapid development of computer network technology, E-commerce has gradually become the main mode that people engage in business activities, for which contains characteristics of transaction convenient and flexible, high efficiency, low cost, wide choice of user and so on. Internet e-payments, as the important link during the e-commerce activities, it’s network security issues are becoming more and more prominent, especially the problem of secure channel of Internet e-payments, so it attracts people’s attention. Currently, the secure channel of Internet e-payments are based on an ordinary channel that between personal computer and server. Because ordinary personal computer is vulnerably attacked by hackers, Trojans and virus, and it’s environment is complex. Therefore, it is difficult to guarantee the security of the Internet e-payments secure channel in ordinary environment. Firstly, on the basis of the in-depth study and analysis of the SSL security protocols and existing construction methods of Internet electronic payment security channel, an e-payments secure transmission channel based on SSL protocols is designed in the paper, which contains the core function such as authentication, data encryption and decryption, data integrity verification and so on of both communication sides. While SSL protocols completely embedded inside the terminal, all functions are realized in the internal of both the terminal and server. So it can effectively prevent security threats that through attacking the ordinary personal computer from the attacker. Thus the sensitive data that transport safely from the Internet e-payments terminal to the server is realized in the paper. Secondly, against the problem that SSL handshake protocols take no account of source data information, what is easily attacked by man-in-the-middle, starting from hardware platform of the e-payments terminal. And by using the trusted computing technology, an improved SSL protocols for anti man-in-the-middle attack based on TCM is proposed,by which the problem that man-in-the-middle attack of SSL protocols has been solved finally.