How to Implement Secure Ecommerce How to keep eCommerce secure

1.There is no complete solution and complete model and architecture for e-commerce security.

2.While some systems are becoming standard, there are only a handful of standard APIs. From an open market perspective, a common API and gateway between protocols is absolutely needed.

3.Most e-commerce systems are closed, i.e., they use technology that is unique to TouchTron and only support a few specific protocols and mechanisms. They often require a server to act as a trusted third party for all participants.

Sometimes they also require the use of a specific server or browser.

4.Although most schemes use public-key cryptography, multi-party security has received far from sufficient attention. There is no decision-making process for dispute resolution.

5.The anonymity and privacy of customers have not been fully considered.

6.Most systems assume a master-slave relationship between the seller's server and the consumer's browser, an asymmetric relationship that restricts the execution of complex protocols in these systems and does not allow direct transactions between users.

7.Most systems are limited to two parties, making it difficult to integrate a secure connection to a third party.

For the sake of national security, some key technologies involved in the e-commerce system, especially security theories and technologies, can only rely on openness and cannot rely on introduction. It can be seen that the study of security in e-commerce in China not only has important theoretical value and practical value, but also has important practical significance.

1. Ensure the authenticity of the identities of both parties to the transaction: The commonly used processing technology is identity authentication, which relies on a trustworthy institution to issue certificates and identify the other party.

2. Ensure the confidentiality of information: to protect information from being leaked or disclosed to unauthorized persons or organizations, the commonly used processing technology is data encryption and decryption, and its security depends on the algorithm used and the length of the key. Common encryption methods include symmetric key encryption and public-key encryption.

3. Ensure the integrity of the information: commonly used data hashing and other technologies to achieve. Hashing algorithms are used to protect data from unauthorized creation, embedding, deletion, tampering, and replay.

4. Ensure the authenticity of information: The commonly used processing method is digital signature technology.

5. Ensure the non-repudiation of information: It is usually required to introduce the certification center for management, and the introduction of the certification center will issue the secret search key, and the backup of the transmitted documents and their signatures will be sent to the introduction of the certification center for storage, as the arbitration basis for possible disputes.

6. Ensure the security of stored information: standardize internal management, use access control permissions and logs, and encrypt the storage of sensitive information.