Professional Documents
Culture Documents
Abstract 1. Introduction
In this paper, an important problem that the security Digital signature technology, as the core technology
of e-commerce system has become one of the core of e-commerce transactions which is used to test the
issues and the main bottlenecks which constraints the authenticity of identity verification and transaction,
development of e-commerce is pointed out; the demand undeniable and an important component of e-
of an e-commerce system security and the realizing commerce security protection, is more and more
process of an e-signature technology as the essential concerned by the society.[1,2]
key technology in the safety control are elaborated; the
insufficiency in current e-signature realizing process is 2. The Existing Process of Digital Signature
pointed out; based on digital encryption and
information hiding, an improving thinking and some The message digest is the basis of digital signature.
realizing schemes for the techniques of e-signature are One-way hash function is a fast encryption algorithm
given; a creative new idea to guide the selection among which can be used for generating the message digest.
the e-signature technical schemes with a “safety/speed One-way hash function does not use secret keys. It is
ratio” digital signature strength theory is proposed; just a more complicated formula, but it can transform
and the developing direction of an e-commerce security any length plaintext into a message digest which is a
technology is advanced. string of 16 characters. In this way, in spite of how
sender
different
receiver
encryptionPublic key
Message Digital signature
Fake text digest
compare
decryption
True text Message plaintext
digest
true
much characters the user inputs, the final result will Accordingly, the digital signature process [3-5], can be
always be a string of 16 characters, sequentially, each summarized as (shown in figure 1):
plaintext can generate a random message digest. (1) The sender generates a message digest randomly.
Password generator
Embedding key Extracting key
Secret message
Hiding carrier Secret message
Embedding process Extracting process
Carrying Hiding Carrying information
i f i
Fig.2: The general model of the information hiding system
hidden in it from the surface of the public information, greatly enhancing the security of the information
then no mention about extracting the secret information transmission.
from it. Thus, the latter has a more enhanced protection The general model of the information hiding system
than the former; this will make the secret information can be summarized as (shown in figure 2) [6-7] :
from "fail to understand" into "invisible", thereby (1) Key generator generates the embedding key and
the extracting key (Two keys are the same or related).
594
596
(2) The sender embeds the secret information into the getting scrambling is disorderly and unsystematic, it
carrying information by the embedding key, and then arouses the attention of the attackers easily. Therefore,
the hiding carrier is formed. (3) The sender sends the we can distribute the secret information which gets
hiding carrier to the receiver. (4) The receiver extracts scrambling randomly in the carrying information by
the secret information out of the hiding carrier by the using the information sharing technology. This makes
extracting key after he receives the hiding carrier. In the attackers difficult to find the secret information
the case of the key unknown, as long as they attack the hidden in the carrying information from the eyes,
hiding carrier brutishly by the use of known reducing the attention of the attackers, decreases the
information hiding algorithm, the secret information possibility of the attack, raising the security of the
may completely be extracted from the hiding carrier. secret information transmission largely.
However, if we can get the secret information
scrambling before hiding it, making the secret 3.2 High-intensity Digital Signature Approach
information lost its original features, then the security
will be enhanced highly. Even if the secret information The hidden trouble that the simple digital signature
is extracted, for the secret information is so disorderly exists can be solved by a method which should
and unsystematic that the attackers can not distinguish combine the approach that encryption with the
the specific content the original secret information plaintext and the information hiding technology
contains before the information getting scrambling. But together. A feasible whole encrypted digital signature
as the same reason that the secret information after solution can be designed as follows (shown in figure 3):
Carrying information
Symmetric
Cipher text network
encryption hiding carrier
plaintext
Same
595
597
(5) The receiver receives the message from the Through the approach above, we can achieve and
sender, then: ① the receiver extracts the secret enhance the monitor of the information’s security and
information out of the hiding carrier by using the integrity in the transmission.
extracting key. ② the receiver restores the shuffling
signature to the original appearance, and then the 3.3 Medial-intensity Digital Signature Approach
receiver will achieve the digital signature signed by the
sender.③ the receiver decrypts the digital signature by From the process of the whole encrypted digital
using the sender’s public key to get the message digest. signature solution, we can see that the security of the
If the receiver can decrypt it, the fact shows that the message has been fully protected; but we must also
message is indeed sent from the sender, thus, the realize clearly that because of encrypting and
receiver can verify the authenticity of the sender’s decrypting the whole message, the whole process
becomes time-consuming. However e-commerce is
identity. ④ the receiver decrypts the encrypted
known for its convenience and the amount of its online
symmetric key that encrypted by the sender with his
transactions is mostly small, therefore, both sides
own private key, then the receiver will get the sender’s
between the transactions seek for the higher security,
symmetric key.⑤ The receiver decrypts the cipher text and at the same time, they will also require the time
with the symmetric key and then gets the plaintext.⑥ they trade as little as possible. According to this, we
The step is the same with ② in step (4) of the existing propose another improvement program-- the local
digital signature process.
Embedding key
middle text Local middle text
Hiding
plainte
Different
extracting by the extracting key
sender Receiver’s private New
Fake text Message digest plaintext
Key decryption Cipher text
compar
encrypted digital signature, the specific process can be (4) The sender encrypts the parties which extracting
designed as follows (shown in figure 4): from the head text, the middle text and the tail text with
(1)~(2) The steps are the same with (1)~(2) of the the receiver’s public key, then, the local cipher text and
whole encrypted digital signature process. the remaining part of plaintext will form a new local
(3) The sender distributes the message with a certain encrypted cipher text.
algorithm that agreed Prior into three parts, then the (5) The sender achieves the hiding carrier by using
sender will get the head text, the middle text and the the embedding key and information sharing technology
tail text. The head text, the middle text and the tail text which can hide the shuffling signature and the new
hold α, β, 1–α-β of the whole message (0<α, 0<β, α+β local encrypted cipher text in the carrying information
<1). randomly; then, the sender will send the hiding carrier
to the receiver.
596
598
(6) The receiver receives the hiding carrier from the commerce. Digital signature technology holds good
sender, then: 1) ①—③ The steps are the same with characteristics of anti-counterfeiting, tamper-proof, and
① — ③ in step(5) of the whole encrypted digital anti-denial, and China lately promulgated the
signature process. 2) ④ The receiver converts the new "electronic signature law" which made it have the same
local encrypted cipher text into the plaintext with the rights and interests with the traditional handwritten
signature in the area of e-commerce. It is becoming one
inversion algorithm. 3) ⑤ The step is the same with ②
of the key technologies which can protect the security
in step (4) of the existing digital signature process.
of e-commerce. It can be predicted that: Only further
improving the security technologies of e-commerce
3.4 The Evaluation and Selection Mechanism of the
including digital signature, information hiding etc, we
Two Improving Digital Signatures
can provide strong technical support for the
sustainable, leaping development of e-commerce.
From the process of the improved digital signatures
above, we can see that: for the whole encrypted digital
signature method, the characteristics of encrypting the 5. References:
whole text makes it have higher encryption intensity [1] Cuntao Xiao, Digital signature and e-commerce
and higher safety factor; But precisely because it security. Network Security Technology &
encrypt with the whole plaintext, the process is Application, Jul.2005, pp. 67~69.
complex and time-consuming, this method is more [2] Lan Peng, Renquan Liao, Digital signature
suitable for “the lager payment occasion” which should technology in e-commerce security, Financial
pay a huge amount of money and take a high degree of Computer of China, Jan.2004, pp. 74~76.
attention. The second local encrypted digital signature [3] Zhifeng Ji, Peng Ding, E-commerce system security
method, its local encryption method makes the text and digital signature technology. China Economist,
have a moderate intensity; And because it only Aug.2004, pp. 100.
encrypts with a part of the plaintext, it saves some time [4] Lu Xia, Electronic signature security issues and
and increases the speed of transactions; even if there solutions of China. Special Zone Economy,
exists a " interception reading" hidden danger, but the Aug.2004, pp. 99~100.
information intercepted is incomplete, the receiving [5] Tao Ma, Electronic signatures security issue.
information is worthless, and accordingly, it will not Economic Tribune, Dec.2002, pp. 42~43.
cause significant losses and balance a certain security. [6] Shuzhen Zhang, Information hiding technology in
Therefore, the latter is more applicable to "the small information security. Computer Knowledge and
payment, micro-payment" occasion which requires Technology, Sep.2005, pp. 75~77.
smaller amount of money and takes a general degree of [7] Zhou Qihai. The Isomorphic Object-oriented
attention. Programming Principles whit C++. Tsinghua
According to this, we can select the appropriate university press and Beijing jiaotong university
encryption method through the "safety / speed ratio". press, 2004.
That is: we should be balanced, completely measure
and compare seriously "the importance of the security
and speed in the course of the transactions", then we
can choose the suitable encryption method: If the
importance of security is greater than the importance of
speed, we can choose the first high-intensity digital
signature approach; If we deal more attention to the
speed factor and also care the safety at the same time,
we can choose the second method of the medial-
intensity digital signature; When we consider that the
most important factor is the speed and only require the
general safety in the transactions, in this case, we can
choose the simple method of the low-intensity digital
signature.
4. Conclusions
The security of e-commerce has been one of the
main bottlenecks that hinder the development of e-
597
599