安全电子交易协议研究与实现

华中科技大学硕士学位论文安全电子交易协议研究与实现姓名：吴昊申请学位级别：硕士专业：计算机应用技术指导教师：胡贯荣20060509IInternetSETSETSETA-SETA-SETSETSETA-SETIIAbstractWiththerapiddevelopmentofInternet,networkiswidelyusedinallfieldsofpeople’slife.Itprovidesmoreopportunitiestopeople,andsomecompanieshavepaidmoreattentiontoelectroniccommercethantraditionalcommerce.Howeverelectroniccommercecannotavoidsecurityproblems.Whatismore,asecurepaymentsystemisofgreatimportancetoguaranteethesecurityofelectroniccommerce.Asforelectronicpayprotocol,manyprotocolshavebeenresearched,suchassecureelectronicprotocol,whichisusedinthepractice.Firstofall,weresearchSecureElectronicTransaction(SET),thenwegiveanadvancedelectronicpayprotocolnamedA-SETwiththeregardofpublicbusinessinformationterminals.A-SETinheritsthesecuritiesofSET.ItrectifiesthetransactionflowofSETandguaranteesatomicityandnon-repudiationoftransactiontothefullextent.Asaresult,itassurestheimpartialityofbothsides.AftergivinganadvancedelectronicpayprotocolnamedA-SET,weapplyitinMulti-BusinessOnlineTradeSystem(MBOTS)anditguaranteesthesecurityofthissystem.Thesystemcanbedividedintofiveparts:TerminalBrowser,MerchantTransactionSystem,SecurePaymentSystem,VirtualBankandCertificateAuthority.Inthesystem,TerminalBrowserprovidestheinterfacetousers.VirtualBankprovidesvirtualaccountantstotheparticipants.AndCertificateAuthorityisresponsibleforthemanagementofcertificatesoftheparticipants.AtthesametimewedesignandimplementSecurePaymentSystemtoprovideageneralinterfaceofcredit-cardauthorization.MerchantTransactionSystemmainlyprocessestransactionrequestsfromTerminalBrowser.KeyWordsElectronicpaySecureElectronicTransactionAtomicityNon-repudiation111.1Internet[1][2][3]21.21.2.11[4][5]DESDES64IDEADES[6]KDCInternetInternetRSARSAInternet[7]1[8]3abcd…wxyzDEFG…ZABC3studentVWXGHQW32publickey1976PKSK[9]PKSKEDSKPKPKSKPKXSKDSKEPKX=XDPKEPKX?XPKSKPKSKEPKDSKX=XRSAISO/TC97SC20CypressConsultingCyArdoin[10]4KDCKDCPKASKDCAKDCABKDCKDCACACBCA=DSKASAPKAT1CB=DSKASBPKBT2CACBCertificateABKDCSKASCACBT1T2ACACBBBAPKAPKB2123[11]ASKAXDSKAXBBAEPKADSKAX=XAASKAADSKAXXABBXDSKAXPKAAXBBXX'5BDSKAX'BXDSKAXPKASKASKBABPKAPKBAB[12]3InternetID[13]1Web[14]6ATMPIN[15]ID2BethIsrealHospital[16]GTESprintATT[17]7[18]1.2.2[19][20]1trustedthirdparty23DigitalCashElectronicMoneyandElectronicCoins[21][22]SSLSecureSocketLayerSETSecureElectronicTransaction[23]SSLNetscapeWEB8[24]TCP/IP/[25]SSLSSL123[26]SSL123456[27]SSL[28]SSL1SSL2SSL93SSL[29]SSL1SSL[30]2SSL[31]SETMasterCardVisaNetscapeIBMInternet[32]SETSETInternetHash[33]SET1SET[34]2SET[35]1.2.3[36]101ConfidentialityInternet[37][38]2DataIntegrity[39]messagedigest3VerificationofIdentityPKI[40]4Non-repudiationofDisputedCharges[41][42]111.3SETSETSETSET1SET2SET3SETSET122SETA-SETA-SETA-SET2.1SETSETMasterCardVisaNetscapeIBMInternetSETSETSETCAInternetCAX.509v3SETSET132.12.1SET1CD-ROMID2HashSETOI2.1SET14PIPIOIsignHOPPIOIPIsignHOPPIOI3HashsignHOPOIPI4HashPIPIPIOIHOP5SET156SETInternetSETSETSETSETSETSETSET1/216345SETSETSET1SET[34]2SET[35]SETA-SETA-SET2.2A-SETSETA-SETA-SETSETA-SET1SET2SET3SET417A-SET2.3A-SETA-SETA-SETA-SET2.3.1A-SET1CMPCA2||3Card_Brand4TradeID5OIMPPIMP6ZNZZ{CM}7ZIDZZ{CMPCA}8ZCERTZZ{CMP}9ZSKZZ{CMPCA}10ZPKZZ{CMP}11XYKXXYXY{CMP}1812EN-ZKMsgZKMsgZ{CMPCA}K{SKPK}ZKXXYXYK13HMsgHMsgHhash14SIGN-ZSKMsgZSKMsg2.3.2A-SETA-SETA-SETA-SETA-SETA-SETA-SET2.21Request_InitRequest_Init=Card_Brand||CID||CN2.1CIDCN2Response_MsgResponse_Msg=TradeID||CN||MN2.2TradeIDIDResponse_InitResponse_Init=MCERT||PCERT||Response_Msg||SIGN-MSKResponse_Msg2.3193Request_PurRequest_Pur=SIGN-CSKOI||EN-MPKCPK2.4OI4OICResponse_PurInfo_Vali2.2A-SET20Response_Pur=EN-MCKm||SIGN-MSKHEN-MCKm2.5mOImInfo_Val=EN-PPK2m||MCK||SIGN-CSKOI||SIGN-MSKHEN-MCK2m2.62m5SIGN-MSKHMCKmMmmRequest_PayRequest_Pay=SIGN-CSKCCERT||EN-CMKEN-CSKPI||EN-PPKPIN||CMK||EN-CMKHEN-MCKm2.7PINPI6Request_PayCRequest_AuthRequest_Auth=SIGN-MSKMCERT||CCERT||EN-CMKEN-CSKPI||EN-PPKPIN||CMK||EN-CMKHEN-MCKm2.87MEN-PPKPIN||CMKCMCCCM21PMMsgResponse_AuthResponse_Auth=EN-PSKMsg2.9Msg8MResponse_AuthPMCMCKResponse_pay2.4A-SETA-SETSETSETA-SETSETA-SET2.4.1SETA-SET1Response_Pur2.5Info_Val2.6Info_Val22MCKMCK2Request_Auth2.8Request_AuthEN-PPKPIN||CMKCMKResponse_AuthEN-CMKHEN-MCKmCMKHEN-MCKmmInfo_Val2.6Info_Val2m2m2mMCKHashHEN-MCK2mHEN-MCKmHEN-MCK2m2.4.2SETA-SETRequest_Auth2.8C23Info_Val2.62mC2mC2m2mCInfo_Val2.4.3A-SETSETA-SETA-SETPKI2.4.4SET24SET122.5SETSETA-SETA-SETA-SET253A-SETA-SETA-SET3.1A-SETWEBA-SETWeb26Windows2000A-SETA-SET3.2A-SET3.1NucleusWebHtmlJavaScript3.127WEBISAPI3.3A-SET3.3.1PBI-51A-SET2.3.2123458122834m5623.23.3.2CACAWindows2000Windows2000X.509X.50919881993X.509Hash29Windows2000APICryptoAPIWindows20001Windows2000Windows20003.2302Windows2000InternetInformationServicesWindows2000InternetWindows2000X.509V3X.509IDWindows2000ServerWindows2000CACACACAPIN313.3.3A-SET1234325673.3.41WEBISAPI33A-SETA-SET2.3.21812ID345623.333.434A-SET12343.335IISWEBISAPIISAPIWebDLLathread-safeDLLHTTPISAPIDLLWebathreadpoolDLLWebWorkerthreadsISAPIProcessTrans.dll12ReceiveInitRequ(LPTSTRpstrCertC,LPTSTRpstrCryInitInfo)pstrCertCpstrCryInitInfoReceiveInitRequA-SET2