Electronic transaction security technology in online publishing
We are a big printing company in Shenzhen China . We offer all book publications, hardcover book printing, papercover book printing, hardcover notebook, sprial book printing, saddle stiching book printing, booklet printing,packaging box, calendars, all kinds of PVC, product brochures, notes, Children's book, stickers, all kinds of special paper color printing products, game cardand so on.
For more information please visit
http://www.joyful-printing.com. ENG only
http://www.joyful-printing.net
http://www.joyful-printing.org
email: info@joyful-printing.net
From the initial military use, the network began to the study of science, technology, science and science in the mid-1980s. By 1992 and 1993, the network began to develop into another huge media. Because of the rapid development of the network, the type of online publishing also For everyone's attention.
First, the security of network publishing
The traditional publishing industry is mainly based on the manufacture of tangible publishing products, such as books, magazines and CD-ROMs, while the type of online publishing will subvert the model. Online publishing is a web-based publishing and distribution method. Its content will no longer be limited to digitizing things on the plane, or even a content that will not appear in print media. It may be achieved in the form of online publishing. That is, all the information that can be circulated on the Internet is a part of online publishing. Compared to traditional publishing, its advantages are:
1. In terms of resource utilization, online publishing does not require paper or ink, and is purely electronic, environmentally friendly, and green;
2. In terms of logistics, online publishing does not require transportation, inventory, logistics costs, and inventory is always sufficient;
3. In terms of processing and production, the correction, revision and revision of digital content published by the Internet is easy, and there is no need to reproduce the cumbersome process of filming, proofing, outputting, and binding. For short-run, almost out-of-print books, networked publishing and distribution methods are more practical and feasible [1].
But like everything else, there are some problems with online publishing. The problem of "insufficient electronic transaction security function" bears the brunt, and it has become a "bottleneck problem" that restricts network publishing, which has aroused the high concern of scholars in the publishing industry. If the order information is directly transmitted in text format on the Internet, the risk of the credit card number falling into the hands of others is very high, so that the customer's willingness to consume is reduced, and the printer is not willing to take the risk of the customer; on the other hand, A large number of customers give up online payments for fear of data disclosure. However, many types of data need to be encrypted, which makes data security in network publishing a challenging task.
These security issues are mainly caused when data is transmitted over a computer network. According to security requirements, it can be divided into the following aspects:
1. Data confidentiality: illegal users entering the system and legitimate users must refuse the illegal use of system resources; through encryption technology to prevent sensitive data from being intercepted by third parties during transmission;
2. Data integrity: Prevent data from being illegally modified and data lost during transmission;
3. Fairness of data: The use of certification bodies or activities with independent legal status confirms the duties and obligations of both parties.
Second, a brief introduction to the principle of network publishing security technology
There are two main ways to solve information security problems: private key encryption and public key encryption.
1. Private key cryptography, also known as symmetric cryptography (symmetric Encryption). This shared key is required for the transmission, encryption, and decryption of information. For example, a printer wants to send an order to a customer, hoping that only that customer can order it. After the printer encrypts the order (the text inside) with an encryption key, it sends the over-ordered order (password text) to the customer. Encryption is the disruption of information, so that no one can understand it except for a specific recipient. One of the most common methods of private key cryptography is the data encryption standard DES (Data Encryption Standard). Although private key cryptography is useful in many situations, it also has significant limitations. All participants must understand each other and trust each other completely, because each of them has a copy of the key. If the sender and receiver are in different locations, they are in the face-to-face meeting or in the public information system (Internet), when the secret keys are exchanged, it is determined that they will not be eavesdropped. As long as someone overhears or intercepts the key on the way to the key, he can use the key to read all the encrypted information.
2. Public key cryptography is also known as asymmetric cryptography (asymmetric Encryption). It takes advantage of two keys: one to encrypt the information and the other to decrypt it. There is a mathematical relationship between the two keys, so data encrypted with one key can only be decrypted with the other key. The private key cryptography of the same key is used by both parties. The public key cryptography uses a pair of keys for everyone. One is open and the other is private. The public key can be made known to others, while the private key must be kept secret, and only the holder knows its existence. But both keys must be guaranteed to prevent modification.
There are two main transaction security principles to follow: SET and SSL.
1. Secure Electronic Trading SET (Secure E1ectronic Transaction) is an open specification for protecting payment card transactions on any network. The SET specification incorporates the use of RSA data security public key code files to protect the privacy of personal and financial information on any open network. Confidentiality, software containing specifications exists in the personal computer of the cardholder and the network computer connected to the special printer. In addition, there are technologies that can solve financial information codes in the acquiring bank, as well as technologies that issue digital certificates in the certification unit.
2. SSL is developed by Netscape (Secure Socket Layer) is mainly used to cope with the security concerns of information transmission on the Web. The Web itself has not been encrypted with its data, and anyone who intercepts the transmission of Web data can access the information contained in it. Through the use of SSL, if the data is misdirected, the information it contains (such as the information on the order) other than the customer and the printer cannot be read by others. SSL works as follows: When a client roams with the Netscape browser on the Web, the browser uses the HTTP protocol to communicate with the Web server. For example, the browser sends a command to the server, wants to download a home page's HTML file, and the server responds by sending the contents of the file to the browser. The text of this command and the text of the HTML file will be transmitted via a link called Socket. Socket enables two remote computers to use the Internet to talk, but the security problem arises because most of the connections are sent in plain text, and almost everyone can read them. SSL can solve this problem by encrypting HTTP. The data is automatically encrypted before it is transmitted, and it will be decrypted at the receiving end. For those who do not have a decryption key, the information is only meaningless 0 and 1 [2].
Third, Java security mechanism and implementation
When Java emerged as a web development technology, people showed great interest in it, including the publishing industry, of course, because Java can provide good security technology for electronic transactions in online publishing, and security has always been a user. The main concern [3]. There are three mechanisms in Java technology that help ensure security:
First, the language design features: including array upper and lower limit test, legal type conversion, no pointer operation, etc.;
The second is the access mechanism that controls the code function: including files, network access, etc.
The third is the code signature mechanism: use the standard cryptographic algorithm to verify the source code to prevent illegal modification;
Therefore, through the above security mechanism, Java security technology is used to realize the security of network publishing.
1. Security policy file
Use a security policy file to set up Java on a publishing company's intranet Program permissions are an easy way. Because the location, purpose and security of each computer in the revision intranet are clear, it is especially suitable to use the security policy file to set the permissions of the Java program. The installation, setting, upgrade and migration of the software are very convenient, and can also be Digital signatures are used together, and more importantly, the permissions of each Java program can be subdivided, making it flexible and convenient to use.
A security policy can be thought of as a typical access control matrix, a collection of mappings from a source of code to the permissions that the code allows access to. The security policy of the Java application environment is represented by a P0licy object, detailing License for different resources owned by different codes.
2. digital signature
Establishing a mapping from source code to permission sets and managing security policies based on source code seems to be an ideal security mechanism. However, if the reliability of the source code is not guaranteed, this will become meaningless. In order to solve the problem of code reliability, digital signature technology can be considered.
The basic idea of digital signatures is to generate a public/private key pair using some algorithm in the field of public cryptography. The service segment (printer) encrypts the order information with a private key, and then provides the public key to the client in a trusted way. The client decrypts the order information using the public key to generate a public/private key pair. There are many methods, and RSA and DSA encryption algorithms can be used in Java. The digital signature encryption algorithm passes the result of a random process as a parameter to the encryption function, returns a public key/private key pair from the result of the function, and then encrypts and decrypts it using the public key and the private key.
If the test passes, the signature is a valid signature. Because digital signatures are difficult to forge, and any changes to the data will invalidate the signature, so it can provide a good protection. In this way, it can be determined whether the information comes from a reliable place (the provider of the public key), and has not been modified, it is trustworthy, so that the reliability of the source code can be solved.
Fourth, the conclusion
The problem of electronic transaction security technology in network publishing can be achieved not only through Java's existing security technology, but also from other security technologies and the comprehensive application of multiple security technologies. But in the final analysis, only by fully solving this "bottleneck problem", online publishing can truly usher in its golden age.