| With the development of the Internet, Online Banking, Online Securities, Online Insurance and E-Business become the focus of business innovation and have been paid high attention to. However, their development is far behind the expectation, and the service they provide is very narrow in this country. There are many reasons, one of these is that the public don't have enough confidence for online payment. To resolve this, we must change the traditional idea of consumption, besides high-quality security measures must be provided. For this the article discusses the PKI system. Actually, it is in the EDI class in 1999 that I first learned the basic technology of encryption and digital signature. It is also the time when Certificate Authorities have fast development in this country. Large numbers of related articles and material gave me much knowledge of PKI and I become interested in the certification. This article is based on the construction experience of PKI in China. Targeting at improving the online finance transactions, it puts forward the idea that pertinent requirements are to be defined corresponding to the deference among applications, and relative standards are to be set down further. There are several reasons. Firstly, the operation of CA is not authoritative without criterion. Some CAs are not serious at issuing and auditing certificates and they issue certificates without strict identity validation, which damages CA's credit greatly. Without authority CA couldn't provide just and credible third party authentication service. Secondly, PKI can not practice without the right application. Today many CAs don't make efforts to develop CA's application, instead they indulge in the competition not regarding to the technology and market. Thus PKI is not bound with the right application and customers can't get the satisfactory service. Afterwards the article makes the PKI demand analysis and process design of the online finance transaction.Infrastructure analysis mainly discusses key management and certificate management. The analysis of each stage talks about the issues that should be considered when deploying a PKI system. The key management involves key pairs' generation, distribution, usage, update, destruction, backup, recovery and archiving. It points out that the PKI system of online finance transaction should generate signing and encrypting key pairs separately. Update should be done at the point of 80% of the key's life time, and the original private signing key must be destroyed completely. The private decrypting key should be backuped and archived, and in no case can the private signing key be backuped or archived. The backup and recovery of CA private key(s) should apply Secret Sharing mechanism and so on. The certificate management includes certificate registration, issuance, operation, update, revocation, suspension, resumption and archiving. It makes out when the certificate becomes valid and invalid.Some certificates should be stored locally to improve its search efficiency. Authenticating certificate should apply the method of certificate chain authentication to ensure each certificate along the certificate path is valid and is from the right CA. When it is near the expiration of certificate, PKI system should automatically notify the user to update it to avoid any loss from transaction delay. It also discusses periodical and real-time CRL publication method and the push, pull and online verification method that is about how the users can get CRL.This article makes process design to e-Business, Online Banking and Online Securities. SET is a kind of electrical payment protocol that can ensure the transaction security paid by credit card on public network. Based on SET purchasing this section makes the transaction flow chart. The format of SET protocol comprises of a series of requirement / response message pairs. The article discusses the important payment message pairs: purchasing(PurReq/PurRes), authority(AuthReq/AuthRes)and capital transfer(CapReq/CapRes)... |
PDF Full Text Request