【作者】 黎壤；

【导师】 毛培法；

【作者基本信息】 浙江工业大学 ， 通信与信息系统， 2004， 硕士

【摘要】 电子商务模式自问世以来，得到了飞速的发展，成为了公认的未来的商业活动的主要途径。2002年，发达国家的电子商务交易额已占到零售总额的14％，而在我国，目前只为0.02％，制约我国电子商务发展的主要因素就是对电子商务安全性的质疑。 事实上，电子商务的最高阶段是网络交易，网络交易最重要最复杂的问题就是在线支付的安全性。安全性的问题目前是限制电子商务发展的主要问题。 发展电子商务的需求推动对网络交易安全体制的研究不断深入。以IPsec(Internet Protocol Security)和SSL(Secure Socket Layer)为代表的网络安全协议被应用在电子商务甚至是在线支付等场合。它们在得到广泛应用的同时也暴露了严重的安全性问题。 另一方面，美国等发达国家出于意识形态差异的考虑，不允许128bit密钥以上的SSL产品出口到中国，这清楚的表明了电子商务安全和电子商务安全产品的重要性不亚于先进的军火。探索中国自己的电子商务安全技术，开发相应产品，是我国电子商务研究者迫切的任务。 本文的主要内容就是在成熟的SSL协议的基础上，进行改进， 基于SSL协议的新型网络交易安全体制的设计和仿真以尽量适应现代电子商务的要求。 本文首先介绍了网络安全体制的主要技术(加密技术和身份认证技术)，然后详细分析了SSL协议在电子商务场合应用的不足。 针对这些不足，作者尝试在SSL协议的基础上，添加双向身份认证，保证客户获得和商家平等的交易环境，同时对密钥的管理进行了改进，限制了同一密钥的生存周期，使得密文拥有更高的随机性，以对抗中间人黑客的监听和破解。同时，本文还尝试将尚处研究阶段的属性证书应用在新的网络安全协议中，以管理海量用户的访问权限。 作者用软件仿真了新的网络交易安全体制在现实中的应用，并对新的协议作出了初步的评估。仿真的结果显示，新的网络交易安全协议的运行效率和原有的SSL协议非常接近，却能提供比后者更高的安全性，黑客所能监听到的只是高度随机的bit流，从通信原理上来讲，对其进行破解具有相当难度。 限于现有材料和技术力量的不足，新型协议仍然存在缺陷，主要是无法实现多方握手，用于三方以上交易时会有困难。 杭州某科技公司将这种新的协议应用于“网上申报”和“网上公证”两种类电子商务的网络活动，也取的了良好的效果。更多还原

【Abstract】 Since the new business methed EC (E-Commerce) had come out, it received a flying development. It has been regarded as the most promising business methed. In 2002, the sum of EC took up 14% in retail sum while the proportion in China is only 0.02%. The major factor restrict EC’s development in China is the suspicion to the security of EC.As we know, the most important and complex part in EC is the security assurance in online payment. This conundrum is going to be the major obstruction of the EC’s developing.Pursuing the assurance of security has got some achievement such as Ipsec (Internet Protocol Security) and SSL (Secure Socket Layer). These protocols are developed for Internet security rather than EC security, but they did well for some years except some sever problems.On the other hand, develop countries such as the USA prohibit export high grade networks security technologies or productions to China due to consciousness difference..it is clearthat networks security technologies are as important as advanced ammo. To develop our own EC security technologies is an exigent mission.Based on SSL, we can develop new EC security protocol, which can offer us more security assurance. This is I would like to do in this paper.On the basis of some conceptions relating to EC security such as encrpytion techniques and Identity-Authentication, we mainly discuss the disadvantages of using SSL in online payment.To solve these disadvantages of SSL, I try to add bilateral-identity-authentication to give the customs more equitable circumstance to do EC businesses. For the reason of confronting the hacking, the management of cryptogram must to be improved. Thus a new EC security protocol has formed. At the same time, we try to use attribution certificate to manager the mass popedoms.New software has been developed to simulate this new EC security protocol, to show whether the new one is better than olders. The result shows that the new one could run as fast as the old, while offering much hight security insurance. The output bit flow of the new has a good randomicity that is quite useful forpreventing hacking.Due to the scarcity of technologies and reference, the new protocol has its shortcomes. It can hardly to be used for the occasion of trisection EC business.Some company use this technology to secure their online notarization and online declaration operation, it do a good job until now.更多还原