◆ Stealing information
Without using encryption measures, intruders can use the same modem to intercept information transmission in messages sent in clear text between modems. Through repeated stealing and analysis, we can find the rules and formats in the information, and then transmit the information, which leads to information leakage caused by network transmission.
◆ Tampering with information
When an intruder has mastered the information format and rules, he adds the original network modem to two modems of the same type in various ways, with the data to be transmitted in the middle and then sent to the other end. This method is not new and can be done in a router or gateway.
◆ Forging
The main data format, and can tamper with information, attackers can pretend to be legitimate users to send false information or take the initiative to obtain information, which is often difficult for remote users to distinguish.
◆ Malicious and bad.
Some attackers can access the network, transmit information in the network, master confidential information on the network, and even sneak into the internal networks of both parties, with very serious consequences.
Therefore, the security of e-commerce transactions is guaranteed from the following four aspects:
(1), the information demand of confidential trade business with confidential information. For example, the account number and user name of a credit card cannot be known by others.
(2) the certainty of the trader's identity.
Online transactions, the two sides are likely to give strangers, thousands of miles away. If the transaction is successful, the first thing is to be able to confirm the identity of the other party. Enterprises should consider that customers can't be liars, and customers will worry about whether they are fraudulent online stores. Therefore, as a prerequisite for other transactions, the identity can be easily and reliably confirmed.
(3) Non-repudiation
Providing a thousand variables, trillions of dollars, can not be denied after the agreement is signed. Failure to do this will inevitably harm the interests of the party. For example, order gold, an order with a lower price, but after receiving the order, the price of gold rose. Because the acquirer only acknowledges the actual time of receiving the order, and even denies the fact of receiving the order, the orderer will suffer losses. Therefore, electronic transactions that must be communicated in all aspects are rejected.
(4) cannot be
Transaction documents cannot be added to the listed cases of order payment. After receiving the order, it is found that the price of gold has risen sharply, because the contents of the document can be changed. After the buyer's order reaches 1 gram, the orderer can benefit significantly, and may also suffer heavy losses. Electronic transaction documents must be able to do, but not to do, to ensure the seriousness and fairness of the transaction.
3, e-commerce security measures
In early electronic transactions, some simple security measures have been adopted. Including:
(1), informing (some orders) that online transactions will become the most important data, such as credit card number, and the transaction amount will be omitted, and then the disclosure of the visit will be told on the phone.
(2) Separate confirmation (order confirmation), followed by online information and e-mail of the transfer transaction to confirm that the transaction is considered valid;
In addition to the above two items, there are other methods, all of which have certain limitations and operational problems and cannot be realized. Security and reliability of.
In recent years, the security requirements of pin electronic transactions, IT industry and financial industry have introduced many effective security transaction standards. Mainly includes:
(l), secure hypertext transfer? Protocol (S-HTTP): Information transmission between transactions that rely on key pair encryption to protect website security.
(2) Secure Sockets Layer Protocol (SSL): a secure transaction protocol proposed by Netscape, which provides encryption, authentication services and message integrity. SSL Netscape Communicator and Microsoft Internet Explorer browser to complete the required secure transaction business.
(3) Secure Transaction Technology Protocol (STT):STT Microsoft has a separate browser for authentication and decryption to improve its security control capability. This technology is used in Microsoft's Internet Explorer.
, Terisa standard set (4), set secure electronic transaction (kloc-0/996), official announcement jointly issued by Visa International, mastercard international, IBM, Microsoft, Netscape, GTE, VeriSign and State Administration for Industry and Commerce, and released at the end of May 1997. The specific situation of SET will be described in detail below.
All these secure transaction standards, such as "secure electronic transaction set" standard, online transactions that promote the use of credit cards and security protocols that have attracted widespread attention, will surely become industry standards and are expected to further promote the e-commerce market on the Internet.
More details: Cisco Network Technology College of Nine Enterprises in Shenzhen (e-commerce operation service customer service of nine enterprises)