基于SET的认证系统的构建及其安全性研究

【作者】 刘少涛；

【导师】 凌捷；

【作者基本信息】 广东工业大学 ， 计算机应用技术， 2002， 硕士

【摘要】 随着Internet的迅猛发展，电子商务成为当前的热门话题。一个完整的电子商务系统主要包括三部分，即商家系统、支付系统和认证机构，而认证机构的实现是整个电子商务系统的关键。认证机构主要通过发放数字证书来识别网上交易各方的身份，并通过加密证书对传输的数据进行加密，以保证信息的安全性、完整性和交易的不可抵赖性，它是电子商务系统安全的核心和基础。 要想实现电子商务，必须解决网上交易的安全问题。在目前已经实现的电子商务安全协议中，最常用的是SET和SSL两种协议。而相对SSL协议而言，SET协议具有更高的安全性，它被公认为全球Internet安全的标准，其交易形式被称为未来电子商务的规范。 本文主要在SET协议基础上，从安全性方面对认证系统的构建进行了深入的研究，并提出了一套可行的、先进的实现方案。 第一章和第二章介绍认证系统安全方面的核心技术，并对认证系统的功能模型进行了分析。第三章介绍SET协议的相关理论，详细阐述了SET协议中一些加密算法的基本原理和加密步骤。第四章在SET协议的基础上，设计了一个安全性较高的CA中心网络体系结构，并提出了一种基于X.509公钥证书的密钥管理系统的设计方案，利用LDAP目录服务和存取协议，描述了构造证书服务器的方法。同时详细分析了CA中心的功能实现，开发了功能完善的客户端软件，并对RSA算法密钥的生成、存储和运算进行了研究，在基于链表结构的基础上进行了程序实现。本文还针对SET协议中存在的缺陷，提出了一种较合理的改进措施，解决了在电子交易后数据的保存和销毁问题，同时通过提供时间戳服务保证了电子交易客体对交易的不可否认性。第五章对认证中心安全的其它要求和措施进行了分析和总结。更多还原

【Abstract】 With the rapid development of Internet, Electronic Commerce (EC) has been being one of the most attractive research topics. The EC system mainly includes three parts, namely, Merchant System, Payment System and CA System. CA is the core and foundation of the security of EC. By issuing digital certificates that can authenticate the transactors’ identities and encrypting the data to be transmitted, CA can ensure the security and integrality of information and the undeniablity of electronic transactions.To develop EC efficiently, the security problems of the on-line transactions must be resolved. SET and SSL are two protocols that are currently used most commonly among the EC security protocols. Compared with SSL, SET is much securer, and, therefore, is acknowledged to be the standard of Internet security. Its transaction form is regarded as the criterion of future EC.Focusing on security, this thesis does deeply research on the design of CA system based on SET protocol, and presents an advanced solution scheme that can be used in practice.Chapters 1 and 2 introduce the core technologies of CA security, and analyze the functional model of CA system. In Chapter 3, the related theories of SET protocol are introduced, and the fundamentals and steps of some encryption algorithms adopted by SET are described in detail. Chapter 4 designs a high-security network architect of CA, presents a scheme to build Key Management System based on X.509 certification using LDA?and describes how to implement it. This thesis analyzes particularly the realization of CA’s functions and develops a perfect client-side application. It also does research on the generation, storage and operation of the key of RSA, and completes software based on the structure of Linked List. In addition, this thesis presents a reasonable improvement on SET protocol, resolving the conservation and destruction of the electronic transaction data, and ensures the undeniablity of electronic transactions by providing Time-stamp service. In Chapter 5; the other requirements and measures of CA security are analyzed and summarized.更多还原