上海交通大学硕士学位论文基于SSL安全协议的电子支付的研究姓名:龚贝毅申请学位级别:硕士专业:电子与通信工程指导教师:回红;刘冬生20081001I,SSLSSL,SSLSSLSSL,SSLRSASSLABSTRACTIIDISSERTATIONTEMPLATEFORMASTERDEGREEOFENGINEERINGINSHANGHAIJIAOTONGUNIVERSITYABSTRACTWiththedevelopmentofe-commerce,thesecurityofelectronicpaymentshasbecomemuchmoreimportant.Inordertoensurethesecurityoftheconfidentialityofcommercialinformationandpersonalprivacyinformationinthetransactionprocessonnetworks,SSLprotocolhasbeenwidelyusedandhasbecometheglobalstandardofencryptedcommunications.ThispaperproposesanimplementationbasedonSSLprotocol,includingtradedataprocessingmodelandnetworkmodelforasecureelectronicpaymentoninternet,andSSLdatatransmissionhasbeenimprovedtoensurethesecurityoftransactiondata.UsuallyusingSSLprotocoltocompletethedatatransfer,SSLhasnotaddressedtheflowofelectronicpaymenttransactions,onlyprovidingcommunicationssteps,sothispaperhasbeendesignedthat.Furthermorecreditcardinformationisnotdirectlypassedontomerchantsthroughthenetworkbutbyusingmutualauthenticationbetweenusersandbanks.ThispaperusesSSLprotocoltosecurecommunicationsfordatatransmission,alsousingtheRSAalgorithmtoencryptdatainternally.Bythiswaytoachievethetripartiteapproach,therearecertainadvantagesinthelegaldutyandextractionofevidence,anditalsohastechnicalnon-repudiation.IntheelectronicpaymentpartofspecificprojectsinShanghaihighwaypassengerinformationplatform,datatransactionmodelandnetworkarchitectureaboveappliestoe-ticketsystemandnetworkingclearingsystem,makinge-ticketandnetworkingclearingsystemgetmoresecuritysupport.Sotheterminalandtheticketingagenciescouldimprovee-ticketingandsettlementefficiencyandreducemanagementandoperatingcosts.ABSTRACTIIIKeywords:ElectronicPayment,SSL,SecurityProtocol,TransactionModel11.123000:60%1999785%1.21.2.1,,2ElectronicTrade,ETSSLSETEC(ElectronicCommerce)InternetEDIEDIEDIInternetITInternetInternet,Intranet1.2.2Internet3ebusiness,ecommerce19941219972619985001997202000377020101101/33/42000250200230001.31234SSL12CA34123412341SSL2SSL3456SSL52.1IntranetInternetIntranet6Internet,9%10%2.2200(1)(2)(3)(4)SSL2.2Internet,,7(1)(2)(3)(4)1nternet82.3InternetIntranet/:(1)(2)(3)(4)(5)9(6)()2.4InternetSSLServerWebClient()SSLX.50910WebServerSSLHTTPFTPTELNETSSLSSLSSLSSLSSL,SSLSETSecureElectronicTransactionVisaMasterCardInternetSETX.509SET/SETSSL113.1SecureElectronicTransactionSETSSL(SecureSocketLayer)NetbillHTTPS-HTTPPEMS/MIMEInternetEDISETSSLSET(PKI)X.509.SETBtoCSET967544SETSSL,IPSEC/VPN,S/MIMESETSSLNetscapeCommunicationSecureSocketsLayerSSLTCP/IPSSLSSL121.2.3.4.5.()SSL()3-1SSLFig.3-1ThemajorstepsofSSLsecurityprotocol3.43.213secretkeys:Web;Web;WebSSL40128SSL(CA)(PKI)SSLSSL()(RSA)/3.3InternetInternetPKIPublicKeyInfrastructurePKICAe-mailInternetPKIInternet14(DTS)(DigitalID)(thirdparty)(CertificateAuthority)(CertificationPracticeStatement)1RSACACA2CARAWebPublisherCACARARegisterAuthorityRARACARACARSATCP/IPWebPublisherWPInternetCACACAEmailCACACACACA153.4SSL3.4.1InternethashSSLhashhashSSLhash16consumer(merchant)(bank)1AHTTPhash1A1BhashSSL1HTTP2Chash2SSL2C2DSSLSSLhash3-2Fig.3-2Transactiondataprocessingmodel(CA)SSLRSASSL3.4.2PKIPublicKeyInfrastructure17PKI$CA3-3Fig.3-3DigitalSignatureApplicationModelPKI1CAPKICAPKI2PKICA/PKIPKI3RSAECCDES18/LDAPHash1PKICACACACALRCCRL19LDAPLightDirectoryAccessProtocolCASSLCACACAPKI232012ISO7498-233.4.3,Internet,Web3-4Fig.3-4Paymentsystemnetworkmodel21WebWebInternetInternet1Internet23456Internet7RSASET8InternetInternet123456789224.12005948745%26%22%7%13.1%InternetInternet234.2,,,,(..Hash4.2.1,,Web24WebIIOPIDLDCOMWeb,InternetIntranetExtranet1,2345,254-1Fig.4-1E-ticketsystemframework12345678910264.2.2WebWebUnixLinuxWindowsWindowsIEInternetWebB2CSSLSSLSSL44-2SSLFig.4-2SSLsecurityprotocolissupportedinShanghaiHighwayPassengerinformationplatformnetworkarchitectureSSL/TLSSSLCA27WebSSL/TLSSSLWebWebSSL/TLSWindows2000IISIISSSL/TLS24CPUPC25DELLUNIX2PC62CPUPC282PC1-2CPUPCCPU2GBSANWEBSAN4.2.31232945612123456307812123121231web1(2)34(1)(2)(3)(4)CustomerRSARSARSAa)RSAb)XMLc)XMLa)32b)RSA/c)SHA1d)e)Web33consumer(merchant)(bank)1AHTTPhash1A1BhashSSL1HTTP2Chash2SSL2C2DSSLSSLhash4-3Fig.4-3TransactiondataprocessingmodelofE-ticketsystem3a.WebWebwebweb34b.1c.14.2.4()()()()()Clearing35NettingSettlement/POS/ATMPOS/2AhashSSL2A2D/SSLhash4-4Fig.4-4TransactiondataprocessingmodelofClearingsystem12363454.3InternetB2BPKIPublicKeyInfrastructureCA/B/SB2BSSL/TLSS/MIMECA/37USBKey4.3.13SSecuritySolutionSecurityApplicationSecurityService1)2)3)4)4.3.2UPS38VPNVPN21500USBKeyUSBKeyPIN39OutlookOutlookExpressNetscapeMessengerWebWeb1Web4.3.340414.1SSLSSLSSLWebWeb4.2ECECECPKIXML4243[1]...200656-68[2][]HaroldF.TiptoMickiKrause..I().,200495-101[3],,...2006218-222.[4],,...2006304-307[5].,.200332-33[6],.PKI..200156-58[7]...200265-66[8]...2006215-230[9]...2008:156-189[10],...2007169-175[11],,...2008178-215[12],...200199-132[13].--..2000110-123[14],,,..2000145-160[15]RaviKalakotaAndrewB.Whinston...2000113-156[16]CarlisleAdamsSteveLloyd,...2000159-175[17],,...200065-90[18]...2007112-150[19],,...2005114-120[20]..2006142-162[21],...200836-5944[22].[].: