Set digital currency
Publish: 2021-05-14 07:00:01
1. Unknown_Error
2. Set (secure electronic transaction) is an instry standard for e-commerce, which was jointly launched by visa and MasterCard on May 31, 1997. Its essence is an electronic payment system standard based on credit card, which is applied on the Internet. The purpose is to ensure the security of network transactions. Set properly solves the problems of transaction agreement, information confidentiality, data integrity and identity authentication of credit card in e-commerce transaction. Set has been recognized by IETF standard, which is the development direction of e-commerce
1. Set payment system is composed of cardholder, merchant, issuing bank, acquiring bank, payment gateway and certificate authority. Correspondingly, the online shopping system based on set protocol at least includes e-wallet software, merchant software, payment gateway software and certificate issuing software< The workflow of set protocol
2) consumers select the items they want to buy through Internet by using their own PC, and input the order form on the computer, which should include the online store, the name and quantity of the purchased items, the delivery time and place and other relevant information
2) contact the relevant online stores through the e-commerce server, and the online stores will respond and tell the consumers whether the information such as the unit price of goods, the number of accounts payable and the mode of delivery in the order form is accurate and whether there is any change
3) the consumer chooses the payment method to confirm the order and issue the payment instruction. At this point, set began to intervene
4) in set, the order and payment instruction must be digitally signed, and the double signature technology is used to ensure that the merchant can not see the consumer's account information
5) after the online store accepts the order, it requests payment approval from the consumer's Bank. The information is sent to the acquiring bank through the payment gateway, and then to the electronic currency issuing company for confirmation. After approving the transaction, return the confirmation information to the online store
6) online stores send order confirmation information to consumers. Consumer software can record transaction log for future query
7) the online store sends goods or provides services and informs the acquiring bank to transfer money from the consumer's account to the store's account, or informs the issuing bank to request payment. There is usually a time interval between the authentication operation and the payment operation. For example, before the end of each day, the bank is requested to settle the account for one day
the first two steps have nothing to do with set. Set works from the third step to the sixth step. In the process of processing, the communication protocol, the format of the request information, the definition of the data type and so on are clearly defined in set. In every step of the operation, consumers, online stores and payment gateways verify the identity of the communication subject through Ca (authentication center), so as to ensure that the other party of the communication is not an impostor. Therefore, it can be simply considered that set specification gives full play to the role of authentication center, In order to maintain the authenticity and confidentiality of the information provided by e-commerce participants on any open network.
1. Set payment system is composed of cardholder, merchant, issuing bank, acquiring bank, payment gateway and certificate authority. Correspondingly, the online shopping system based on set protocol at least includes e-wallet software, merchant software, payment gateway software and certificate issuing software< The workflow of set protocol
2) consumers select the items they want to buy through Internet by using their own PC, and input the order form on the computer, which should include the online store, the name and quantity of the purchased items, the delivery time and place and other relevant information
2) contact the relevant online stores through the e-commerce server, and the online stores will respond and tell the consumers whether the information such as the unit price of goods, the number of accounts payable and the mode of delivery in the order form is accurate and whether there is any change
3) the consumer chooses the payment method to confirm the order and issue the payment instruction. At this point, set began to intervene
4) in set, the order and payment instruction must be digitally signed, and the double signature technology is used to ensure that the merchant can not see the consumer's account information
5) after the online store accepts the order, it requests payment approval from the consumer's Bank. The information is sent to the acquiring bank through the payment gateway, and then to the electronic currency issuing company for confirmation. After approving the transaction, return the confirmation information to the online store
6) online stores send order confirmation information to consumers. Consumer software can record transaction log for future query
7) the online store sends goods or provides services and informs the acquiring bank to transfer money from the consumer's account to the store's account, or informs the issuing bank to request payment. There is usually a time interval between the authentication operation and the payment operation. For example, before the end of each day, the bank is requested to settle the account for one day
the first two steps have nothing to do with set. Set works from the third step to the sixth step. In the process of processing, the communication protocol, the format of the request information, the definition of the data type and so on are clearly defined in set. In every step of the operation, consumers, online stores and payment gateways verify the identity of the communication subject through Ca (authentication center), so as to ensure that the other party of the communication is not an impostor. Therefore, it can be simply considered that set specification gives full play to the role of authentication center, In order to maintain the authenticity and confidentiality of the information provided by e-commerce participants on any open network.
3. 1. Set is the abbreviation of secure electronic transaction. It is an open electronic payment protocol standard based on e-money. 2. The goal of set is to ensure the safe transmission of information on the Internet, to ensure the mutual isolation of e-commerce participants' information, to solve the problem of multi-party authentication, and to ensure the real-time of online transactions, The software developed by different manufacturers has compatibility and interoperability functions, and can run on different hardware and operating system platforms. 3. The objects of set protocol specification include consumers, online stores, acquiring banks, e-money and certification authority (CA). 4. SET protocol mainly uses symmetric encryption, public key encryption and hash algorithm, The application of these technologies enables set to ensure the confidentiality, consistency and integrity of transaction data, realize the authentication of businesses, provide consumers with the means to authenticate the identity of businesses, and promote the compatibility of software developed by different manufacturers, In summary, set has many advantages, so set credit card payment represents the development direction of e-commerce payment and settlement
4. The third is right
it can also be inferred from logic
2 must be before 5, 1 must be before 5
so choose 3
it can also be inferred from logic
2 must be before 5, 1 must be before 5
so choose 3
5. Set (Secure Electronic Transaction Protocol) is an instry standard for e-commerce, which was jointly launched by visa and MasterCard on May 31, 1997. Its essence is an electronic payment system standard based on credit card, which is applied on the Internet. The purpose is to ensure the security of network transactions. Set properly solves the problems of transaction agreement, information confidentiality, data integrity and identity authentication of credit card in e-commerce transaction. Set has been recognized by IETF standard, which is the development direction of e-commerce
1. Set payment system is composed of cardholder, merchant, issuing bank, acquiring bank, payment gateway and certificate authority. Correspondingly, the online shopping system based on set protocol at least includes e-wallet software, merchant software, payment gateway software and certificate issuing software< The workflow of set protocol
2) consumers select the items they want to buy through Internet by using their own PC, and input the order form on the computer, which should include the online store, the name and quantity of the purchased items, the delivery time and place and other relevant information
2) contact the relevant online stores through the e-commerce server, and the online stores will respond and tell the consumers whether the information such as the unit price of goods, the number of accounts payable and the mode of delivery in the order form is accurate and whether there is any change
3) the consumer chooses the payment method to confirm the order and issue the payment instruction. At this point, set began to intervene
4) in set, the order and payment instruction must be digitally signed, and the double signature technology is used to ensure that the merchant can not see the consumer's account information
5) after the online store accepts the order, it requests payment approval from the consumer's Bank. The information is sent to the acquiring bank through the payment gateway, and then to the electronic currency issuing company for confirmation. After approving the transaction, return the confirmation information to the online store
6) online stores send order confirmation information to consumers. Consumer software can record transaction log for future query
7) the online store sends goods or provides services and informs the acquiring bank to transfer money from the consumer's account to the store's account, or informs the issuing bank to request payment. There is usually a time interval between the authentication operation and the payment operation. For example, before the end of each day, the bank is requested to settle the account for one day
the first two steps have nothing to do with set. Set works from the third step to the sixth step. In the process of processing, the communication protocol, the format of the request information, the definition of the data type and so on are clearly defined in set. In every step of the operation, consumers, online stores and payment gateways verify the identity of the communication subject through Ca (authentication center), so as to ensure that the other party of the communication is not an impostor. Therefore, it can be simply considered that set specification gives full play to the role of authentication center, In order to maintain the authenticity and confidentiality of the information provided by e-commerce participants on any open network.
1. Set payment system is composed of cardholder, merchant, issuing bank, acquiring bank, payment gateway and certificate authority. Correspondingly, the online shopping system based on set protocol at least includes e-wallet software, merchant software, payment gateway software and certificate issuing software< The workflow of set protocol
2) consumers select the items they want to buy through Internet by using their own PC, and input the order form on the computer, which should include the online store, the name and quantity of the purchased items, the delivery time and place and other relevant information
2) contact the relevant online stores through the e-commerce server, and the online stores will respond and tell the consumers whether the information such as the unit price of goods, the number of accounts payable and the mode of delivery in the order form is accurate and whether there is any change
3) the consumer chooses the payment method to confirm the order and issue the payment instruction. At this point, set began to intervene
4) in set, the order and payment instruction must be digitally signed, and the double signature technology is used to ensure that the merchant can not see the consumer's account information
5) after the online store accepts the order, it requests payment approval from the consumer's Bank. The information is sent to the acquiring bank through the payment gateway, and then to the electronic currency issuing company for confirmation. After approving the transaction, return the confirmation information to the online store
6) online stores send order confirmation information to consumers. Consumer software can record transaction log for future query
7) the online store sends goods or provides services and informs the acquiring bank to transfer money from the consumer's account to the store's account, or informs the issuing bank to request payment. There is usually a time interval between the authentication operation and the payment operation. For example, before the end of each day, the bank is requested to settle the account for one day
the first two steps have nothing to do with set. Set works from the third step to the sixth step. In the process of processing, the communication protocol, the format of the request information, the definition of the data type and so on are clearly defined in set. In every step of the operation, consumers, online stores and payment gateways verify the identity of the communication subject through Ca (authentication center), so as to ensure that the other party of the communication is not an impostor. Therefore, it can be simply considered that set specification gives full play to the role of authentication center, In order to maintain the authenticity and confidentiality of the information provided by e-commerce participants on any open network.
6. The working procere of set protocol is divided into the following seven steps
(1) consumers use their PC to select the items they want to buy through the Internet, and input the order form on the computer. The order form should include the online store, the name and quantity of the purchased items, the delivery time and place and other relevant information
(2) contact the relevant online stores through the e-commerce server, and the online stores will respond, telling the consumers whether the unit price of the goods, the amount payable, the delivery method and other information in the order form are accurate and whether there are changes
(3) the consumer chooses the payment method, confirms the order, issues the payment instruction. At this point, set began to intervene
(4) in set, the order and payment instruction must be digitally signed, and the double signature technology is used to ensure that the merchant can not see the consumer's account information
(5) after the online store accepts the order, it requests payment approval from the consumer's Bank. The information is sent to the acquiring bank through the payment gateway, and then to the electronic currency issuing company for confirmation. After approving the transaction, return the confirmation information to the online store
(6) online stores send order confirmation information to consumers. Consumer software can record transaction log for future query
(7) when the online store sends goods or provides services, it informs the acquiring bank to transfer money from the consumer's account to the store's account, or informs the issuing bank to request payment. There is usually a time interval between the authentication operation and the payment operation. For example, before the end of each day, the bank is requested to settle the account for one day
the first two steps have nothing to do with set. Set works from the third step to the sixth step. In the process of processing, the communication protocol, the format of request information and the definition of data type are clearly defined by set. In every step of the operation, consumers, online stores and payment gateways verify the identity of the communication subject through Ca, so as to ensure that the other party of the communication is not an impostor. Therefore, it can be simply considered that set specification gives full play to the role of authentication center to maintain the authenticity and confidentiality of the information provided by e-commerce participants in any open network.
(1) consumers use their PC to select the items they want to buy through the Internet, and input the order form on the computer. The order form should include the online store, the name and quantity of the purchased items, the delivery time and place and other relevant information
(2) contact the relevant online stores through the e-commerce server, and the online stores will respond, telling the consumers whether the unit price of the goods, the amount payable, the delivery method and other information in the order form are accurate and whether there are changes
(3) the consumer chooses the payment method, confirms the order, issues the payment instruction. At this point, set began to intervene
(4) in set, the order and payment instruction must be digitally signed, and the double signature technology is used to ensure that the merchant can not see the consumer's account information
(5) after the online store accepts the order, it requests payment approval from the consumer's Bank. The information is sent to the acquiring bank through the payment gateway, and then to the electronic currency issuing company for confirmation. After approving the transaction, return the confirmation information to the online store
(6) online stores send order confirmation information to consumers. Consumer software can record transaction log for future query
(7) when the online store sends goods or provides services, it informs the acquiring bank to transfer money from the consumer's account to the store's account, or informs the issuing bank to request payment. There is usually a time interval between the authentication operation and the payment operation. For example, before the end of each day, the bank is requested to settle the account for one day
the first two steps have nothing to do with set. Set works from the third step to the sixth step. In the process of processing, the communication protocol, the format of request information and the definition of data type are clearly defined by set. In every step of the operation, consumers, online stores and payment gateways verify the identity of the communication subject through Ca, so as to ensure that the other party of the communication is not an impostor. Therefore, it can be simply considered that set specification gives full play to the role of authentication center to maintain the authenticity and confidentiality of the information provided by e-commerce participants in any open network.
7. Both are network security protocols used in e-commerce. Can ensure the security, confidentiality and integrity of transaction data. SSL is called secure socket layer protocol. It is the earliest protocol used in the world and has become an instrial standard. However, its basic point is the commitment of businesses to keep customers' information confidential, so it is beneficial to businesses but not beneficial to customers. Set, called secure electronic transaction protocol, is an open standard to ensure the security of credit card payment when concting online transactions on the Internet. Because its objects include consumers, merchants, card issuing banks, acquiring banks, payment gateways and certification centers, it is equally beneficial to consumers and merchants. It is increasingly recognized by the public and will become the norm of e-commerce in the future. In recent years, the IT instry and the financial instry have launched many more effective security transaction standards. There are mainly: (1) Secure Hypertext Transfer Protocol (s-http): rely on key pair encryption to ensure the security of transaction information transmission between web sites 2) SSL (secure socket layer) is a secure communication protocol developed by Netscape company. It encrypts the whole session between computers and provides encryption, authentication services and message integrity. It can provide strong protection for credit card and personal information. SSL is used in Netscape communicator and Microsoft IE browser to complete the required secure transaction operations. In SSL, public key and private key are used 3) Secure transaction technology (STT): proposed by Microsoft, STT separates authentication and decryption in browser to improve security control capability. Microsoft will adopt this technology in Internet Explorer 4) Set: secure electronic transaction (set): set is a specification jointly launched by visa and MasterCard in May 1997. Set is mainly designed to solve the transaction of credit card payment among users, merchants and banks, so as to ensure the confidentiality of payment information, the integrity of payment process, the legal identity of merchants and cardholders, and operability. The core technologies of set include public key encryption, electronic digital signature, electronic envelope, electronic security certificate, etc. At present, the published official text of set covers the transaction agreement, information confidentiality, data integrity and digital authentication, digital signature of credit card in e-commerce transaction. This standard is recognized as the standard of global Internet, and its transaction form will become the norm of "e-commerce" in the future. Payment system is the key of e-commerce, but the future direction of the key technology supporting payment system has not been determined. Secure socket layer (SSL) and secure electronic transaction (set) are two important communication protocols, each of which provides a means of payment through the Internet. But who will lead the future? Will set replace SSL now? Will set die out because of its complexity? Can SSL really meet the needs of e-commerce? We can see from the following comparison: SSL provides a secure connection between two machines. Payment systems are often built by transferring credit card numbers over SSL connections, and online banking and other financial systems are often built on SSL. Although credit card payment based on SSL promotes the development of e-commerce, if e-commerce is to be successfully carried out widely, we must adopt more advanced payment system. SSL is widely used because it is built into most web browsers and web servers, so it is easy to be applied. Except RSA public key algorithm, set and SSL have no similarity in other technologies. RSA is also used to achieve different security goals. Set is a protocol based on message flow, which is mainly designed and released by MasterCard, visa and some other mainstream manufacturers in the instry to ensure the security of bank card payment transactions on the public network. Set has been used and tested by a large number of experiments in the world, but most consumers who buy on the Internet do not really use set. Set is a very complex protocol, because it is very detailed and accurate to reflect the various relationships between the card transaction parties. Set also defines the format of encrypted information and the rules for each party to transmit information in the process of completing a card payment transaction. In fact, set is far more than a technical agreement. It also explains the legal meaning of the digital certificate held by each party, the actions of all parties who want to get the digital certificate and response information, and the responsibility sharing closely related to a transaction SSL Security Protocol SSL security protocol was originally designed and developed by Netscape communication company, also known as "Secure Sockets Layer Protocol", which is mainly used to improve the data security coefficient between applications. The whole concept of SSL protocol can be summarized as: a protocol to ensure the transaction security between any client and server installed with secure socket, which involves all TC / IP applications. SSL security protocol mainly provides three services: authentication of the legitimacy of users and servers, so that they can be sure that the data will be sent to the correct client and server. Both the client and the server have their own identification numbers, which are numbered by the public key. In order to verify whether the user is legal, the secure socket layer protocol requires digital authentication in handshake exchange data, so as to ensure the legitimacy of the user. There are both symmetric key technology and public key technology used in secure socket layer protocol to encrypt data to hide the transmitted data. Before the data exchange between the client and the server, the initial SSL handshake information is exchanged. In the SSL handshake information, various encryption technologies are used to encrypt it to ensure its confidentiality and data integrity, and the digital certificate is used for authentication. This can prevent illegal users from deciphering. To protect the integrity of data, secure socket layer protocol uses hash function and secret sharing method to provide information integrity service, and establishes a secure channel between client and server, so that all services processed by secure socket layer protocol can arrive at the destination completely and accurately in the transmission process. It should be noted that the secure socket layer protocol is a protocol to ensure the security of computer communication and protect the communication dialogue process. For example, when a client is connected to a host, the first step is to initialize the handshake protocol, and then an SSL is established. Let's move on. Until the end of the conversation, the protocol encrypts the whole communication process and checks its integrity. Such a conversation period is a handshake. In the HTTP protocol, every connection is a handshake. Therefore, compared with HTTP, it is more convenient. The communication efficiency of secure socket layer protocol will be higher 1) Connection stage: the customer greets the service provider through the network, and the service provider responds 2) Password exchange stage: the client and server exchange the password recognized by both sides, generally using RSA algorithm, and some using Diffie hellmanf and Fortezza Kea algorithm 3) Session password stage: the session password generated between customers and service providers to talk with each other 4) Inspection stage: the password obtained by the inspection service provider 5) Customer authentication stage: verify the credibility of customers 6) In the end stage, customers and service providers exchange the end information with each other. When the above action is completed, the data transmission between the two will be encrypted, and the other party will restore the encoded data after receiving the data. Even if the thief obtains the encoded information on the network, if there is no original cryptographic algorithm, he cannot obtain the readable and useful information. When sending, the information is encrypted with symmetric key, symmetric key is encrypted with asymmetric algorithm, and then the two packets are sent together. The process of receiving is just the opposite of sending. First open the encrypted package with symmetric key, and then decrypt it with symmetric key. In the process of e-commerce transactions, e to the participation of banks, according to the SSL protocol, customers' purchase information is first sent to the merchant, and then the merchant forwards the information to the bank. After the bank verifies the legitimacy of the customer's information, it informs the merchant that the payment is successful, and then the merchant informs the customer that the purchase is successful, and sends the goods to the customer. SSL security protocol is the first network security protocol used in e-commerce in the world, and it is still used by many online stores. In the traditional mail order activities, customers first look for commodity information, and then remit money to merchants, who send the goods to customers. Here, businesses can be trusted, so customers pay to businesses first. At the beginning of e-commerce, businesses are also worried that customers will not pay after purchase, or use expired credit cards, so they want the bank to give authentication. SSL security protocol is proced under this background. The basic point of SSL protocol is the promise of business to keep customer's information secret. However, in the above process, we can also notice that SSL protocol is beneficial to businesses but not to customers. The customer's information is transmitted to the merchant first, and then to the bank after the merchant reads it. In this way, the security of the customer's information will be threatened. It is necessary for businesses to authenticate customers, but in the whole process, there is a lack of customer authentication. At the beginning of e-commerce, because most of the companies involved in e-commerce are big companies with high reputation, this problem has not attracted people's attention. With the rapid increase of e-commerce manufacturers, the problem of authentication for manufacturers is becoming more and more prominent, and the shortcomings of SSL protocol are fully exposed. SSL protocol will be graally replaced by new e-commerce protocols such as set[ [page] 11. Set security protocol deals with e-commerce on the open Internet, ensuring the security of data transmission between buyers and sellers has become an important issue of e-commerce. In order to overcome the shortcomings of SSL security protocol and meet the increasing security requirements of electronic transactions, Visa International Organization and other companies, such as master card, micro soft and IBM, have jointly formulated the announcement of secure electronic transactions (set). This is an open and e-money-based electronic payment system for online transactions. On the premise of keeping the customer's credit card authentication, set also increases the authentication of the merchant's identity, which is very important for transactions that need to pay money. Due to its reasonable design, set protocol has been supported by many large companies and consumers, and has become the instrial standard of global network. Its transaction form will become the norm of "e-commerce" in the future. Secure electronic transaction specification provides an open standard for secure e-commerce on the Internet. Set mainly uses electronic authentication technology, and its authentication process uses rs not too much
8. 1 According to the workflow of set protocol, the whole working procere can be divided into the following seven steps:
(1) consumers use their PC to select the items they want to buy through the Internet, and input the order form on the computer. The purchase order should include the online store, the name and quantity of the purchased goods, the delivery time and place, etc
(2) contact the relevant online stores through the e-commerce server, and the online stores will make a response to tell the consumers whether the information such as the unit price of goods, the number of accounts payable and the delivery method in the order form filled in is accurate and whether there is any change
(3) consumers choose payment methods, confirm orders and issue payment instructions. At this time, SFT began to intervene
(4) in set, consumers must digitally sign orders and payment instructions, and use double signature technology to ensure that businesses can not see consumers' account information
(5) after the online store accepts the order, it requests payment approval from the consumer's Bank. The information is sent to the acquiring bank through the payment gateway, and then to the electronic currency issuing company for confirmation. After approving the transaction, return the confirmation information to the online store
(6) online stores send order confirmation information to consumers. The consumer software can record transaction log for query
(7) the online store sends goods or provides services, and informs the acquiring bank to transfer money from the consumer's account number to the store's account number, or informs the issuing bank to request payment
there is usually a time interval between authentication and payment operations, such as asking the bank to settle the account for one day before the end of the day. The first two steps have nothing to do with set. Set works from the third step to the seventh step. In the process of processing, the communication protocol, the format of request information, the definition of data type, etc. are clearly defined by set. In every step of the operation, consumers, online stores and payment gateways verify the identity of the communication subject through CA to ensure that the other party is not an impostor. Therefore, it can be simply considered that set specification gives full play to the role of certification authority to maintain the authenticity and confidentiality of information provided by e-commerce participants in any open network< When br />
2. binds Alipay on Taobao, Alipay acts as an intermediary in the transaction. The buyer sees a baby on Taobao, buys with Alipay, when you pay the money did not arrive in the seller's hand, only when you click confirm receipt, Alipay will give the money to the seller. But you do not confirm receipt, nor do you apply for a refund. After a certain period of time, Alipay will confirm that you have received the treasure and transferred the money to the seller, so there are many problems in the transaction, which are often negotiated between buyers and sellers. Alipay can not play a regulatory role.
(1) consumers use their PC to select the items they want to buy through the Internet, and input the order form on the computer. The purchase order should include the online store, the name and quantity of the purchased goods, the delivery time and place, etc
(2) contact the relevant online stores through the e-commerce server, and the online stores will make a response to tell the consumers whether the information such as the unit price of goods, the number of accounts payable and the delivery method in the order form filled in is accurate and whether there is any change
(3) consumers choose payment methods, confirm orders and issue payment instructions. At this time, SFT began to intervene
(4) in set, consumers must digitally sign orders and payment instructions, and use double signature technology to ensure that businesses can not see consumers' account information
(5) after the online store accepts the order, it requests payment approval from the consumer's Bank. The information is sent to the acquiring bank through the payment gateway, and then to the electronic currency issuing company for confirmation. After approving the transaction, return the confirmation information to the online store
(6) online stores send order confirmation information to consumers. The consumer software can record transaction log for query
(7) the online store sends goods or provides services, and informs the acquiring bank to transfer money from the consumer's account number to the store's account number, or informs the issuing bank to request payment
there is usually a time interval between authentication and payment operations, such as asking the bank to settle the account for one day before the end of the day. The first two steps have nothing to do with set. Set works from the third step to the seventh step. In the process of processing, the communication protocol, the format of request information, the definition of data type, etc. are clearly defined by set. In every step of the operation, consumers, online stores and payment gateways verify the identity of the communication subject through CA to ensure that the other party is not an impostor. Therefore, it can be simply considered that set specification gives full play to the role of certification authority to maintain the authenticity and confidentiality of information provided by e-commerce participants in any open network< When br />
2. binds Alipay on Taobao, Alipay acts as an intermediary in the transaction. The buyer sees a baby on Taobao, buys with Alipay, when you pay the money did not arrive in the seller's hand, only when you click confirm receipt, Alipay will give the money to the seller. But you do not confirm receipt, nor do you apply for a refund. After a certain period of time, Alipay will confirm that you have received the treasure and transferred the money to the seller, so there are many problems in the transaction, which are often negotiated between buyers and sellers. Alipay can not play a regulatory role.
9. Both are network security protocols used in e-commerce. Can ensure the security, confidentiality and integrity of transaction data
SSL is called secure socket layer protocol, which is the earliest used protocol in the world and has become an instrial standard. However, the basic point of SSL is the commitment of businesses to keep customers' information confidential, so it is beneficial to businesses but not beneficial to customers
set is called secure electronic transaction protocol, which is an open standard to ensure the security of credit card payment when online transactions are carried out on the Internet. Because its objects include consumers, merchants, card issuing banks, acquiring banks, payment gateways and certification centers, it is equally beneficial to consumers and merchants. It is more and more recognized by the public and will become the norm of e-commerce in the future
in recent years, the IT instry and the financial instry have launched many more effective security transaction standards. There are mainly:
(1) Secure Hypertext Transfer Protocol (s-http): rely on key pair encryption to ensure the security of transaction information transmission between web sites
(2) secure socket layer (SSL) is a secure communication protocol developed by Netscape company, which encrypts the whole session between computers and provides encryption, authentication services and message integrity. It can provide strong protection for credit card and personal information. SSL is used in Netscape communicator and Microsoft IE browser to complete the required secure transaction operations. In SSL, public key and private key are used
(3) secure transaction technology protocol (STT): it is proposed by Microsoft company. STT separates authentication and decryption in browser to improve security control ability. Microsoft will adopt this technology in Internet Explorer
(4) secure electronic transaction (set): set is a specification jointly launched by visa and MasterCard in May 1997. Set is mainly designed to solve the transaction of credit card payment among users, merchants and banks, so as to ensure the confidentiality of payment information, the integrity of payment process, the legal identity of merchants and cardholders, and operability. The core technologies of set include public key encryption, electronic digital signature, electronic envelope, electronic security certificate, etc
at present, the published set official text covers the transaction agreement, information confidentiality, data integrity, digital authentication and digital signature of credit card in e-commerce transaction. This standard is recognized as the standard of global Internet, and its transaction form will become the norm of "e-commerce" in the future
payment system is the key of e-commerce, but the future trend of key technologies supporting payment system has not been determined. Secure socket layer (SSL) and secure electronic transaction (set) are two important communication protocols, each of which provides a means of payment through the Internet. But who will lead the future? Will set replace SSL now? Will set die out because of its complexity? Can SSL really meet the needs of e-commerce? We can see from the following comparison:
SSL provides a secure connection between two machines. Payment systems are often built by transferring credit card numbers over SSL connections, and online banking and other financial systems are often built on SSL. Although credit card payment based on SSL promotes the development of e-commerce, if e-commerce is to be successfully carried out widely, we must adopt more advanced payment system. SSL is widely used because it is built into most web browsers and web servers, so it is easy to be applied
except that both set and SSL adopt RSA public key algorithm, they have no similarity in other technologies. RSA is also used to achieve different security goals
set is a message flow based protocol, which is mainly designed and released by MasterCard, visa and some other mainstream manufacturers in the instry to ensure the security of bank card payment transactions on the public network. Set has been used and tested by a large number of experiments in the world, but most consumers who buy on the Internet do not really use set
set is a very complex protocol, because it is very detailed and accurate to reflect the various relationships between card transaction parties. Set also defines the format of encrypted information and the rules for each party to transmit information in the process of completing a card payment transaction. In fact, set is far more than a technical agreement. It also explains the legal meaning of the digital certificate held by each party, the actions of all parties who want to get the digital certificate and response information, and the responsibility sharing closely related to a transaction< SSL security protocol
originally designed and developed by Netscape communication company, also known as "Secure Sockets Layer Protocol", is mainly used to improve the data security between applications. The whole concept of SSL protocol can be summarized as: a protocol to ensure the transaction security between any client and server installed with secure socket, which involves all TC / IP applications<
SSL security protocol mainly provides three services:
authentication of user and server legitimacy
authentication of user and server legitimacy, so that they can be sure that the data will be sent to the correct client and server. Both the client and the server have their own identification numbers, which are numbered by the public key. In order to verify whether the user is legal, the secure socket layer protocol requires digital authentication in handshake exchange data, so as to ensure the legitimacy of the user<
encrypting data to hide the transmitted data
the encryption technology used in secure socket layer protocol includes both symmetric key technology and public key technology. Before the data exchange between the client and the server, the initial SSL handshake information is exchanged. In the SSL handshake information, various encryption technologies are used to encrypt it to ensure its confidentiality and data integrity, and the digital certificate is used for authentication. This can prevent illegal users from deciphering<
protect data integrity
secure socket layer protocol uses hash function and secret sharing method to provide information integrity service, establishes a secure channel between client and server, so that all services processed by secure socket layer protocol can arrive at the destination completely and accurately in the transmission process
it should be noted that the secure socket layer protocol is a protocol to ensure the security of computer communication and protect the communication dialogue process. For example, when a client is connected to a host, the first step is to initialize the handshake protocol, and then an SSL is established. Let's move on. Until the end of the conversation, the protocol encrypts the whole communication process and checks its integrity. Such a conversation period is a handshake. In the HTTP protocol, every connection is a handshake. Therefore, compared with HTTP, it is more convenient. The communication efficiency of secure socket layer protocol will be higher
(1) connection stage: the customer greets the service provider through the network, and the service provider responds
(2) password exchange stage: RSA algorithm, Diffie hellmanf and Fortezza Kea algorithm are generally used to exchange passwords approved by both parties between client and server
(3) session password stage: the session password generated between the customer and the service provider
(4) inspection phase: the password obtained by the inspection service provider
(5) customer authentication stage: verify the credibility of customers
(6) in the end stage, the end information is exchanged between customers and service providers
after the above actions are completed, the data transmission between them will be encrypted, and the other party will restore the encoded data after receiving the data. Even if the thief obtains the encoded information on the network, if there is no original cryptographic algorithm, he cannot obtain the readable and useful information
when sending, the information is encrypted with a symmetric key, and the symmetric key is encrypted with an asymmetric algorithm, and then the two packets are bound together and transmitted
the process of receiving is just the opposite of sending. First, open the encrypted package with symmetric key, and then decrypt it with symmetric key
in the process of e-commerce transaction, e to the participation of the bank, according to the SSL protocol, the customer's purchase information is first sent to the merchant, and then the merchant forwards the information to the bank. After the bank verifies the legitimacy of the customer's information, it informs the merchant that the payment is successful, and then the merchant informs the customer that the purchase is successful, and sends the goods to the customer
SSL security protocol is the first network security protocol used in e-commerce in the world, and it is still used by many online stores. In the traditional mail order activities, customers first look for commodity information, and then remit money to merchants, who send the goods to customers. Here, businesses can be trusted, so customers pay to businesses first. At the beginning of e-commerce, businesses are also worried that customers will not pay after purchase, or use expired credit cards, so they want the bank to give authentication. SSL security protocol is proced under this background
the basic point of SSL protocol operation is the commitment of merchants to keep customers' information confidential. However, in the above process, we can also notice that SSL protocol is beneficial to businesses but not to customers. The customer's information is transmitted to the merchant first, and then to the bank after the merchant reads it. In this way, the security of the customer's information will be threatened. It is necessary for businesses to authenticate customers, but in the whole process, there is a lack of customer authentication. At the beginning of e-commerce, because most of the companies involved in e-commerce are big companies with high reputation, this problem has not attracted people's attention. With the rapid increase of e-commerce manufacturers, the problem of authentication for manufacturers is becoming more and more prominent, and the shortcomings of SSL protocol are fully exposed. SSL protocol will be graally replaced by new e-commerce protocols such as set
[page]
11. Set security protocol
dealing with e-commerce on the open Internet, ensuring the security of data transmission between buyers and sellers has become an important issue of e-commerce. In order to overcome the shortcomings of SSL security protocol and meet the increasing security requirements of electronic transactions, Visa International Organization and other companies, such as master card, micro soft and IBM, have jointly formulated the announcement of secure electronic transactions (set). This is an open and e-money-based electronic payment system for online transactions. On the premise of keeping the customer's credit card authentication, set also increases the authentication of the merchant's identity, which is very important for transactions that need to pay money. Due to its reasonable design, set protocol has been supported by many large companies and consumers, and has become the instrial standard of global network. Its transaction form will become the norm of "e-commerce" in the future
secure electronic transaction specification provides an open standard for secure e-commerce on the Internet. Set is mainly electronic
SSL is called secure socket layer protocol, which is the earliest used protocol in the world and has become an instrial standard. However, the basic point of SSL is the commitment of businesses to keep customers' information confidential, so it is beneficial to businesses but not beneficial to customers
set is called secure electronic transaction protocol, which is an open standard to ensure the security of credit card payment when online transactions are carried out on the Internet. Because its objects include consumers, merchants, card issuing banks, acquiring banks, payment gateways and certification centers, it is equally beneficial to consumers and merchants. It is more and more recognized by the public and will become the norm of e-commerce in the future
in recent years, the IT instry and the financial instry have launched many more effective security transaction standards. There are mainly:
(1) Secure Hypertext Transfer Protocol (s-http): rely on key pair encryption to ensure the security of transaction information transmission between web sites
(2) secure socket layer (SSL) is a secure communication protocol developed by Netscape company, which encrypts the whole session between computers and provides encryption, authentication services and message integrity. It can provide strong protection for credit card and personal information. SSL is used in Netscape communicator and Microsoft IE browser to complete the required secure transaction operations. In SSL, public key and private key are used
(3) secure transaction technology protocol (STT): it is proposed by Microsoft company. STT separates authentication and decryption in browser to improve security control ability. Microsoft will adopt this technology in Internet Explorer
(4) secure electronic transaction (set): set is a specification jointly launched by visa and MasterCard in May 1997. Set is mainly designed to solve the transaction of credit card payment among users, merchants and banks, so as to ensure the confidentiality of payment information, the integrity of payment process, the legal identity of merchants and cardholders, and operability. The core technologies of set include public key encryption, electronic digital signature, electronic envelope, electronic security certificate, etc
at present, the published set official text covers the transaction agreement, information confidentiality, data integrity, digital authentication and digital signature of credit card in e-commerce transaction. This standard is recognized as the standard of global Internet, and its transaction form will become the norm of "e-commerce" in the future
payment system is the key of e-commerce, but the future trend of key technologies supporting payment system has not been determined. Secure socket layer (SSL) and secure electronic transaction (set) are two important communication protocols, each of which provides a means of payment through the Internet. But who will lead the future? Will set replace SSL now? Will set die out because of its complexity? Can SSL really meet the needs of e-commerce? We can see from the following comparison:
SSL provides a secure connection between two machines. Payment systems are often built by transferring credit card numbers over SSL connections, and online banking and other financial systems are often built on SSL. Although credit card payment based on SSL promotes the development of e-commerce, if e-commerce is to be successfully carried out widely, we must adopt more advanced payment system. SSL is widely used because it is built into most web browsers and web servers, so it is easy to be applied
except that both set and SSL adopt RSA public key algorithm, they have no similarity in other technologies. RSA is also used to achieve different security goals
set is a message flow based protocol, which is mainly designed and released by MasterCard, visa and some other mainstream manufacturers in the instry to ensure the security of bank card payment transactions on the public network. Set has been used and tested by a large number of experiments in the world, but most consumers who buy on the Internet do not really use set
set is a very complex protocol, because it is very detailed and accurate to reflect the various relationships between card transaction parties. Set also defines the format of encrypted information and the rules for each party to transmit information in the process of completing a card payment transaction. In fact, set is far more than a technical agreement. It also explains the legal meaning of the digital certificate held by each party, the actions of all parties who want to get the digital certificate and response information, and the responsibility sharing closely related to a transaction< SSL security protocol
originally designed and developed by Netscape communication company, also known as "Secure Sockets Layer Protocol", is mainly used to improve the data security between applications. The whole concept of SSL protocol can be summarized as: a protocol to ensure the transaction security between any client and server installed with secure socket, which involves all TC / IP applications<
SSL security protocol mainly provides three services:
authentication of user and server legitimacy
authentication of user and server legitimacy, so that they can be sure that the data will be sent to the correct client and server. Both the client and the server have their own identification numbers, which are numbered by the public key. In order to verify whether the user is legal, the secure socket layer protocol requires digital authentication in handshake exchange data, so as to ensure the legitimacy of the user<
encrypting data to hide the transmitted data
the encryption technology used in secure socket layer protocol includes both symmetric key technology and public key technology. Before the data exchange between the client and the server, the initial SSL handshake information is exchanged. In the SSL handshake information, various encryption technologies are used to encrypt it to ensure its confidentiality and data integrity, and the digital certificate is used for authentication. This can prevent illegal users from deciphering<
protect data integrity
secure socket layer protocol uses hash function and secret sharing method to provide information integrity service, establishes a secure channel between client and server, so that all services processed by secure socket layer protocol can arrive at the destination completely and accurately in the transmission process
it should be noted that the secure socket layer protocol is a protocol to ensure the security of computer communication and protect the communication dialogue process. For example, when a client is connected to a host, the first step is to initialize the handshake protocol, and then an SSL is established. Let's move on. Until the end of the conversation, the protocol encrypts the whole communication process and checks its integrity. Such a conversation period is a handshake. In the HTTP protocol, every connection is a handshake. Therefore, compared with HTTP, it is more convenient. The communication efficiency of secure socket layer protocol will be higher
(1) connection stage: the customer greets the service provider through the network, and the service provider responds
(2) password exchange stage: RSA algorithm, Diffie hellmanf and Fortezza Kea algorithm are generally used to exchange passwords approved by both parties between client and server
(3) session password stage: the session password generated between the customer and the service provider
(4) inspection phase: the password obtained by the inspection service provider
(5) customer authentication stage: verify the credibility of customers
(6) in the end stage, the end information is exchanged between customers and service providers
after the above actions are completed, the data transmission between them will be encrypted, and the other party will restore the encoded data after receiving the data. Even if the thief obtains the encoded information on the network, if there is no original cryptographic algorithm, he cannot obtain the readable and useful information
when sending, the information is encrypted with a symmetric key, and the symmetric key is encrypted with an asymmetric algorithm, and then the two packets are bound together and transmitted
the process of receiving is just the opposite of sending. First, open the encrypted package with symmetric key, and then decrypt it with symmetric key
in the process of e-commerce transaction, e to the participation of the bank, according to the SSL protocol, the customer's purchase information is first sent to the merchant, and then the merchant forwards the information to the bank. After the bank verifies the legitimacy of the customer's information, it informs the merchant that the payment is successful, and then the merchant informs the customer that the purchase is successful, and sends the goods to the customer
SSL security protocol is the first network security protocol used in e-commerce in the world, and it is still used by many online stores. In the traditional mail order activities, customers first look for commodity information, and then remit money to merchants, who send the goods to customers. Here, businesses can be trusted, so customers pay to businesses first. At the beginning of e-commerce, businesses are also worried that customers will not pay after purchase, or use expired credit cards, so they want the bank to give authentication. SSL security protocol is proced under this background
the basic point of SSL protocol operation is the commitment of merchants to keep customers' information confidential. However, in the above process, we can also notice that SSL protocol is beneficial to businesses but not to customers. The customer's information is transmitted to the merchant first, and then to the bank after the merchant reads it. In this way, the security of the customer's information will be threatened. It is necessary for businesses to authenticate customers, but in the whole process, there is a lack of customer authentication. At the beginning of e-commerce, because most of the companies involved in e-commerce are big companies with high reputation, this problem has not attracted people's attention. With the rapid increase of e-commerce manufacturers, the problem of authentication for manufacturers is becoming more and more prominent, and the shortcomings of SSL protocol are fully exposed. SSL protocol will be graally replaced by new e-commerce protocols such as set
[page]
11. Set security protocol
dealing with e-commerce on the open Internet, ensuring the security of data transmission between buyers and sellers has become an important issue of e-commerce. In order to overcome the shortcomings of SSL security protocol and meet the increasing security requirements of electronic transactions, Visa International Organization and other companies, such as master card, micro soft and IBM, have jointly formulated the announcement of secure electronic transactions (set). This is an open and e-money-based electronic payment system for online transactions. On the premise of keeping the customer's credit card authentication, set also increases the authentication of the merchant's identity, which is very important for transactions that need to pay money. Due to its reasonable design, set protocol has been supported by many large companies and consumers, and has become the instrial standard of global network. Its transaction form will become the norm of "e-commerce" in the future
secure electronic transaction specification provides an open standard for secure e-commerce on the Internet. Set is mainly electronic
Hot content