基于智能卡的在线安全小额支付系统的研究
摘要
电子支付是电子商务的关键环节,也是电子商务得以顺利发展的基础条件。没有相应的电子支付相配合,电子商务就成了真正意义上的虚拟商务:只能实现电子商情、电子合同,而无法在网上成交。电子商务中互联网上的交易绝大部分都是小额交易,所以必须提出合适的小额支付原型。电子支付面临的最大的挑战是安全问题,而智能卡具备特有的安全特性,因此进行“基于智能卡的在线安全小额支付系统”的研发可以加速我国的电子商务的发展。
本文首先介绍了课题的研究意义,综述了电子商务和电子支付的发展和现状,详细地比较了几种电子支付系统,指出基于智能卡的支付体系的优点。
接着综述了智能卡基本原理,特别是COS(芯片操作系统)的内在安全机制,给出了本支付系统中的卡内文件结构的定义。利用网络数据库编程原理,重点讨论了Windows套接字系统工作过程、数据库的访问技术ODBC、Web数据库中间件技术CGI和ASP、C/S及B/S计算模式的特点,提出本支付系统中采用中间件的分布式B/S模型。
建立了在线小额支付系统的整体构成框架,研究了密钥管理系统,重点分析了发卡系统的各个子模块及实现的过程。实现了基于智能卡的在线安全消费交易,同时开发了用户卡管理程序,客户端用户可以方便、实时地查询智能卡里的相关信息。
本文的最后部分分析了当前电子商务领域所面临的安全隐患和通用的安全防护措施,提出了基于智能卡的安全电子邮件的解决方案,并重点改进了SET协议,分析了安全桌面操作系统的安全性,实现了基于智能卡的Windows98的安全用户登录管理。
全文研究电子商务中的电子支付问题,结合面向对象的思想,采用网络技术、数据库技术和智能卡原理,讨论了基于智能卡的在线安全小额支付系统。通过本系统,用户通过浏览商家的主页,选定要购买的商品,然后通过此技术进行在线支付。“基于智能卡的在线安全小额支付系统”方案实现起来比较方便,安全性较高,速度较快,比较适合中国的网络现状,成功地填补了当前我国在线安全小额支付的空白。
Electronic Payment (EP) is not only the key aspect of Electronic Commerce (EC), but also the basic requirements for the shape up of it. Without the proper EP system, EC will be the real "Virtual Commerce", which is market conditions and electronic contract. However, bargains can't be on line under this. What's more, most of the bargains done on line are of small-scale, as a result the prototypes for small-scale should be put forward timely. Just for the biggest challenge for EC is the problem of security and the Smart Card's proper security capability, the research on "Security small-scale EP system on line based on Smart Card" will certainly accelerate EC's development of our country.
Firstly, this thesis deal with the introduction of source of the project, the development and status quo of EC and EP systematically and compare several EP systems in detail, the virtue of EP system that based on Smart Card.
In sequence, it analyzes the primary principle of Smart Card and especially the inherence mechanism of Chip Operation System (COS), and defines the file structure of this EP system in card.
Next, adopt the principle of Web Data Base (DB) programming, especially analyzes these fields such as: Windows Socket programming; the technique of access to DB; the middleware technique of CGI and ASP; the characteristics of C/S and B/S. And it brings forward the distributing B/S model that adopts the middleware technique during this EP system.
Moreover, the whole frame of online small-scale EP system is brought out, followed by the introduction of the management system of key. It emphases the realization processes of the various modules of the distribute card system and declares the command streams of the distribute card system.
It realizes Security small-scale EP system on line based on Smart Card. In the mean time, it builds User Card Management module, the client of Web Browser can query the information of card in convenience and in real time.
Finally, it analyzes the current security malpractices and universal security protection measures that EC faced. It put forward a security e-Mail way that
based on Smart Card, especially in improving on SET protocol. And it also discusses the security capability of desktop Operation System, gives the security user login management of Windows 98 that based on Smart Card.
The whole paper does research on EP system during EC. In accordance with object-oriented principle, it adopts the technique of network, DB and Smart Card to build "Security small-scale EP system on line based on Smart Card". Through this system, the customer can pay on line for the choosing correlative merchandise by browsing the shop's homepage. "Security small-scale EP system on line based on Smart Card" is very easy to adopt. And it has good security performance and quick speed. It suits for the current actuality of Chinese network, success in filling up the blank of our country in secure EP system on line.
本文首先介绍了课题的研究意义,综述了电子商务和电子支付的发展和现状,详细地比较了几种电子支付系统,指出基于智能卡的支付体系的优点。
接着综述了智能卡基本原理,特别是COS(芯片操作系统)的内在安全机制,给出了本支付系统中的卡内文件结构的定义。利用网络数据库编程原理,重点讨论了Windows套接字系统工作过程、数据库的访问技术ODBC、Web数据库中间件技术CGI和ASP、C/S及B/S计算模式的特点,提出本支付系统中采用中间件的分布式B/S模型。
建立了在线小额支付系统的整体构成框架,研究了密钥管理系统,重点分析了发卡系统的各个子模块及实现的过程。实现了基于智能卡的在线安全消费交易,同时开发了用户卡管理程序,客户端用户可以方便、实时地查询智能卡里的相关信息。
本文的最后部分分析了当前电子商务领域所面临的安全隐患和通用的安全防护措施,提出了基于智能卡的安全电子邮件的解决方案,并重点改进了SET协议,分析了安全桌面操作系统的安全性,实现了基于智能卡的Windows98的安全用户登录管理。
全文研究电子商务中的电子支付问题,结合面向对象的思想,采用网络技术、数据库技术和智能卡原理,讨论了基于智能卡的在线安全小额支付系统。通过本系统,用户通过浏览商家的主页,选定要购买的商品,然后通过此技术进行在线支付。“基于智能卡的在线安全小额支付系统”方案实现起来比较方便,安全性较高,速度较快,比较适合中国的网络现状,成功地填补了当前我国在线安全小额支付的空白。
Electronic Payment (EP) is not only the key aspect of Electronic Commerce (EC), but also the basic requirements for the shape up of it. Without the proper EP system, EC will be the real "Virtual Commerce", which is market conditions and electronic contract. However, bargains can't be on line under this. What's more, most of the bargains done on line are of small-scale, as a result the prototypes for small-scale should be put forward timely. Just for the biggest challenge for EC is the problem of security and the Smart Card's proper security capability, the research on "Security small-scale EP system on line based on Smart Card" will certainly accelerate EC's development of our country.
Firstly, this thesis deal with the introduction of source of the project, the development and status quo of EC and EP systematically and compare several EP systems in detail, the virtue of EP system that based on Smart Card.
In sequence, it analyzes the primary principle of Smart Card and especially the inherence mechanism of Chip Operation System (COS), and defines the file structure of this EP system in card.
Next, adopt the principle of Web Data Base (DB) programming, especially analyzes these fields such as: Windows Socket programming; the technique of access to DB; the middleware technique of CGI and ASP; the characteristics of C/S and B/S. And it brings forward the distributing B/S model that adopts the middleware technique during this EP system.
Moreover, the whole frame of online small-scale EP system is brought out, followed by the introduction of the management system of key. It emphases the realization processes of the various modules of the distribute card system and declares the command streams of the distribute card system.
It realizes Security small-scale EP system on line based on Smart Card. In the mean time, it builds User Card Management module, the client of Web Browser can query the information of card in convenience and in real time.
Finally, it analyzes the current security malpractices and universal security protection measures that EC faced. It put forward a security e-Mail way that
based on Smart Card, especially in improving on SET protocol. And it also discusses the security capability of desktop Operation System, gives the security user login management of Windows 98 that based on Smart Card.
The whole paper does research on EP system during EC. In accordance with object-oriented principle, it adopts the technique of network, DB and Smart Card to build "Security small-scale EP system on line based on Smart Card". Through this system, the customer can pay on line for the choosing correlative merchandise by browsing the shop's homepage. "Security small-scale EP system on line based on Smart Card" is very easy to adopt. And it has good security performance and quick speed. It suits for the current actuality of Chinese network, success in filling up the blank of our country in secure EP system on line.
引文
[1] 龚炳铮主编,EDI与电子商务.北京:清华大学出版社,1999.2
[2] 何伟君.电子商务与物流.现代计算机.2000.7
[3] 方美琪主编,电子商务概论.北京:清华大学出版社,2002.1
[4] 隆益民.浅谈电子商务.现代计算机.2000.2
[5] 祁明.电子商务实用教程.北京:高等教育出版社,2000.7
[6] (美)Ravi Kalakota Andrew B.Whiston著.电子商务管理、技术、应用.北京:清华大学出版社,2000.
[7] 覃征编著.电子商务导论.北京:人民邮电出版社,2000.11
[8] 隆益民.浅谈电子商务.广州:现代计算机,2000,2
[9] [美]Ravi Kalakota Andrew B.Whiston著.电子商务管理、技术、应用.北京:清华大学出版社,2000.5
[10] 杨振宇.电子商务知识与技术.北京:中国商业出版社,2000.5
[11] 蔡小虎、钱世德.信用卡在线安全支付的分析与构建.微型电脑应用,2000.1
[12] Larry Loeb.安全电子交易 人民邮电出版社,2001.1
[13] International Standard ISO 7810. Identification cards. Physical characteristics, 1985
[14] International Standard ISO 7811/1. Identification cards. Recording technique, Part 1:Embossing, 1985
[15] International Standard ISO 7811/2. Identification cards. Recording technique, Part 2:Magnetic stripe, 1985
[16] International Standard ISO 7811/4. Identification cards. Recording technique, Part 4:Location of read-only magnetic tracks, 1985
[17] International Standard ISO 7812. Identification cards. Numbering system and registration procedure for issuer identifiers, 1987
[18] http://hipc.myrice.com/pcjy/ic.htm
[19] http://perry76.3322.net/tech/6.htm
[20] Jerome Svigals. SMART CARD: The Ultimate Personal Computer, 1985
[21] Bruce Bosworth. Codes Ciphers and Computers-An Introduction to Information Security. Hayden Book Company INC, 1982
[22] Dominigue de Waleffe & Fean-Facgues Quisguater. CORSAIR: A Smart Card for Public key, Cryptosystems. Advances in Cryptology-CRYPTO, 1990
[23] Er M H, Wong D J, Sethu A A-L and Ngeow K S. Design and Implementation of an RSA Cryptosystem Using Multiple DSP Chips. 《Microprocessors and Microsystems》, 1991, 15(7)
[24] Michael Hill. The development of Semiconductor Technology Expectations For Future Smart Cards. The Smart Card Guide'95
[25] Kathleen Brown. Developing Smart Card Specific Technologies. 1995(1)
[26] Atmel Corporation CMOS Integrated Circuit Data Book 1993. 1994
[27] http://www. wiegand.com. cn/ygwz htm/jicuzhishi. htm
[28] http://www. iccard. com. cn/resources/guide/scdefined.htm
[29] http://www. iccard. com. cn/resources/guide/scapplication.htm
[30] http://www. advanceic.com/business/COS.html
[31] http://www. laogu. com/12.25/zhineng. htm
[32] http://www.mwcard.com
[33] 蒋东兴 林鄂华.Windows Sockets网络程序设计指南.北京:清华大学出版社,1999
[34] 夏云庆.Visual C++6.0数据库高级编程.北京希望电子出版社,2002.1
[35] 胡道元.计算机网络.北京:清华大学出版社.1999.
[36] Andrew S.Tanenbaum.计算机网络.北京:清华大学出版社,1999
[37] http://fun.ccidnet.com/school/dict/explain/C 289.html
[38] 罗可.数据库技术及其最新发展.计算机工程与应用,1999,78(5)
[39] 高锦.Web数据库技术综述.云南省计算机学会通讯2000年文章选编
[40] 武苍林.Web技术综述.电脑与信息技术.2000.2
[41] 曾晓金.Web数据库中间件技术.云南省计算机学会通讯2000年文章选编
[42] 王洪婷.基于Internet的中间层应用服务器.电脑与信息技术,2000.5
[43] 夏雨佳,陈坚,董胜化,席裕庚.JDBC与ODBC在网络数据库开发中的应用研究.计算机工程与应用,2000,105(10).
[44] htpp://www.microsoft.com
[45] http://extend.hk.hi.cn/yrch168/cgi.html
[46] 张建章.浅谈ASP开发Web数据库应用技术.计算机系统应用,1998,36(9).
[47] Jason.S.Counchman.Oracle 8i Certified Professional SQL and PL/SQl Exam Cuide.China Machine Press,2001
[48] 刘江宁等.几种构件模型的比较分析.计算机世界,1999.15
[49] 吴良清.现行各种Web数据库设计技术的分析与比较.计算机系统应用,1999.3.
[50] 邓芳伟、曹化工.基于处理分布的C/S计算模式的研究.计算机工程与科学,1999,42(1).
[51] 俎涛.基于B/S/S的电子商务系统的研究与设计.云南省计算机学会通讯2000年文章选编.
[52] 吴刚、孙家启.基于组件的Web数据库互连研究.电脑与信息技术,2000.5
[53] 陈豪,孙正义,张德富.三层客户/服务器体系结构的一个应用实例.计算机工程与应用,2000,173(3).
[54] 王爱英.智能卡技术.清华大学出版社,2000.10
[55] 冯健.ASP与数据库的运用—在线调查系统.计算机应用文摘,2001
[56] 陈峰棋 林志强.完全接触ASP之基础与实例.电子工业出版社,2002.1
[57] (美)Ben Ezzell,Jim Blaney,Windows NT4/Windows 95高级开发指南.电子工业出版社.1998
[58] 北京希望电脑公司.Visual C++编程高手.北京希望电子出版社.2000.11
[59] 陈维兴,林小茶.C++面向对象程序设计教程.清华大学出版社.2001.1
[60] [美]James Jaworksi著.JavaScript与Jscript从入门到精通.电子工业出版社.1999.8
[61] 杨正华.趣味程序导学JavaScript北京:清华大学出版社,2002.1
[62] 段练军,郝风华等.WINDOWS环境下的WEB数据库访问技术.郑州牧业工程高等专科学校学报.2001
[63] 武苍林,朱建民.Web数据库互连技术.计算机应用研究.1999
[64] Guo Yun Hua, Chen Xi Yang, Chen Ding Fang. Research on distributed web based smart card application. 2001 International Conference on eCommerce Engineering
[65] 陈喜阳,郭蕴华,陈定方.基于智能卡的在线安全小额支付系统 武汉:交通与计算机2002
[66] Engene.The MFC Answer Book.中国电力出版社,2001.7
[67] Akerly J etc. Beveloping an e_business Application for the IBM Websphere Aplication Server. International Technical Support Orgnization. 1999 (http://www. redbooks.ibm. com)
[68] Kalakta R, Whinston AB. Electronic Commerce. A manager's Guide. Addison Wesley Longman, Inc. 1997.
[69] Cisco TCP/IP Routing Professional Reference. Chris Lewis. McGraw-Hill, 1997. ISBN 0070410887.
[70] Information War and the Air Force: Ware of the Future? Current. Fad? Glenn Buchan. http://www.rand.org/publications/IP/IP149
[71] Information Security: Computer Attacks at Department of Defense Pose Increasing Risks. U.S. Government Accounting Office. http://www.access.gpo. gov/cgi-bin/getdoc.cgi?dbname=gao&doeid=f:ai960 84. txt.
[72] TCP/IP and the AS/400. Dan Riehl and Mike Ryan. Duke Communications, 1998. ISBN 1882419723.
[73] Internetworking with TCP/IP: Client-Server Programming and Applications. Douglas E. Comer and David L. Stevens. Prentice Hall, 1997. ISBN 0138487146.
[74] Desogning TCP/IP Internetworks. Geoff Bennett. John Wiley & Sons, 1997. ISBN 0471286435
[75] Internetworking with TCP/IP: Principles, Protocols, and Architecture. Douglas E. Comer. Prentice Hall, 1995. ISBN 0132169878.
[76] TCP/IP: Running a Successful Network. Kevin Washburn and Jim Evans. Addison-Wesley Publishing Co., 1996. ISBN 0201877112.
[77] 陈爱明、于康友、管海明编著.计算机的安全与保密.北京:电子工业出版社,1992.
[78] 钱世德.电子商务的安全控制要求和基本方法(http://www.cims.edu.cn/CCIMSForum/wwww.ardx/messages/7.html)
[79] 中国国际电子商务中心安全认证系统(http://www.cabenter.com.cn/iteml.htm
[80] 俞时权、李齐.电子商务中的一种数据安全模型.微型电脑应用.2000.7
[81] 卢开澄.计算机密码学——计算机网络中的数据保密与安全.北京:清华大学出版社,1998
[82] 孙利群.电子商务的安全策略.现代计算机.广州.2000.8
[83] 樊成丰、林东.网络信息安全&PGP加密.北京:清华大学出版社,1998.
[84] [美]Carlton IPSec:VPN的安全措施 北京:清华大学出版社,2002.1
[85] RSA加密算法的研究.(http://www.rsa.com)
[86] 冯登国、裴定一.密码学导引.北京.科学出版社.1999.4
[87] Bruce Schneier.应用密码学.北京:机械工业出版社,2000.
[88] 柴新忠、周韧.公共密钥体制在数字签名中的应用.现代计算机.广州.2000.4
[89] 看雪.加密与解密—软件保护技术及完全解决方案电子工业出版社,2001.9
[90] 孔静萍.Internet的安全通信协议SSL与SET的剖析和比较.现代计算机,2000.89(4):40~42
[91] 施松,刘兰.针对Outlook Express谈安全电子邮件.经济技术协作信息.2001
[92] Liu Jin Peng, Chen Xi Yang, Chen Ding Fang. The Concept and implement of smart card in security E-commerce. 2001 International Conference on eCommerce Engineering
[93] 陈喜阳、刘金鹏、陈定方,智能卡在安全电子邮件系统中的应用,武汉理工大学学报,2002 Vol.26 No.3
[2] 何伟君.电子商务与物流.现代计算机.2000.7
[3] 方美琪主编,电子商务概论.北京:清华大学出版社,2002.1
[4] 隆益民.浅谈电子商务.现代计算机.2000.2
[5] 祁明.电子商务实用教程.北京:高等教育出版社,2000.7
[6] (美)Ravi Kalakota Andrew B.Whiston著.电子商务管理、技术、应用.北京:清华大学出版社,2000.
[7] 覃征编著.电子商务导论.北京:人民邮电出版社,2000.11
[8] 隆益民.浅谈电子商务.广州:现代计算机,2000,2
[9] [美]Ravi Kalakota Andrew B.Whiston著.电子商务管理、技术、应用.北京:清华大学出版社,2000.5
[10] 杨振宇.电子商务知识与技术.北京:中国商业出版社,2000.5
[11] 蔡小虎、钱世德.信用卡在线安全支付的分析与构建.微型电脑应用,2000.1
[12] Larry Loeb.安全电子交易 人民邮电出版社,2001.1
[13] International Standard ISO 7810. Identification cards. Physical characteristics, 1985
[14] International Standard ISO 7811/1. Identification cards. Recording technique, Part 1:Embossing, 1985
[15] International Standard ISO 7811/2. Identification cards. Recording technique, Part 2:Magnetic stripe, 1985
[16] International Standard ISO 7811/4. Identification cards. Recording technique, Part 4:Location of read-only magnetic tracks, 1985
[17] International Standard ISO 7812. Identification cards. Numbering system and registration procedure for issuer identifiers, 1987
[18] http://hipc.myrice.com/pcjy/ic.htm
[19] http://perry76.3322.net/tech/6.htm
[20] Jerome Svigals. SMART CARD: The Ultimate Personal Computer, 1985
[21] Bruce Bosworth. Codes Ciphers and Computers-An Introduction to Information Security. Hayden Book Company INC, 1982
[22] Dominigue de Waleffe & Fean-Facgues Quisguater. CORSAIR: A Smart Card for Public key, Cryptosystems. Advances in Cryptology-CRYPTO, 1990
[23] Er M H, Wong D J, Sethu A A-L and Ngeow K S. Design and Implementation of an RSA Cryptosystem Using Multiple DSP Chips. 《Microprocessors and Microsystems》, 1991, 15(7)
[24] Michael Hill. The development of Semiconductor Technology Expectations For Future Smart Cards. The Smart Card Guide'95
[25] Kathleen Brown. Developing Smart Card Specific Technologies. 1995(1)
[26] Atmel Corporation CMOS Integrated Circuit Data Book 1993. 1994
[27] http://www. wiegand.com. cn/ygwz htm/jicuzhishi. htm
[28] http://www. iccard. com. cn/resources/guide/scdefined.htm
[29] http://www. iccard. com. cn/resources/guide/scapplication.htm
[30] http://www. advanceic.com/business/COS.html
[31] http://www. laogu. com/12.25/zhineng. htm
[32] http://www.mwcard.com
[33] 蒋东兴 林鄂华.Windows Sockets网络程序设计指南.北京:清华大学出版社,1999
[34] 夏云庆.Visual C++6.0数据库高级编程.北京希望电子出版社,2002.1
[35] 胡道元.计算机网络.北京:清华大学出版社.1999.
[36] Andrew S.Tanenbaum.计算机网络.北京:清华大学出版社,1999
[37] http://fun.ccidnet.com/school/dict/explain/C 289.html
[38] 罗可.数据库技术及其最新发展.计算机工程与应用,1999,78(5)
[39] 高锦.Web数据库技术综述.云南省计算机学会通讯2000年文章选编
[40] 武苍林.Web技术综述.电脑与信息技术.2000.2
[41] 曾晓金.Web数据库中间件技术.云南省计算机学会通讯2000年文章选编
[42] 王洪婷.基于Internet的中间层应用服务器.电脑与信息技术,2000.5
[43] 夏雨佳,陈坚,董胜化,席裕庚.JDBC与ODBC在网络数据库开发中的应用研究.计算机工程与应用,2000,105(10).
[44] htpp://www.microsoft.com
[45] http://extend.hk.hi.cn/yrch168/cgi.html
[46] 张建章.浅谈ASP开发Web数据库应用技术.计算机系统应用,1998,36(9).
[47] Jason.S.Counchman.Oracle 8i Certified Professional SQL and PL/SQl Exam Cuide.China Machine Press,2001
[48] 刘江宁等.几种构件模型的比较分析.计算机世界,1999.15
[49] 吴良清.现行各种Web数据库设计技术的分析与比较.计算机系统应用,1999.3.
[50] 邓芳伟、曹化工.基于处理分布的C/S计算模式的研究.计算机工程与科学,1999,42(1).
[51] 俎涛.基于B/S/S的电子商务系统的研究与设计.云南省计算机学会通讯2000年文章选编.
[52] 吴刚、孙家启.基于组件的Web数据库互连研究.电脑与信息技术,2000.5
[53] 陈豪,孙正义,张德富.三层客户/服务器体系结构的一个应用实例.计算机工程与应用,2000,173(3).
[54] 王爱英.智能卡技术.清华大学出版社,2000.10
[55] 冯健.ASP与数据库的运用—在线调查系统.计算机应用文摘,2001
[56] 陈峰棋 林志强.完全接触ASP之基础与实例.电子工业出版社,2002.1
[57] (美)Ben Ezzell,Jim Blaney,Windows NT4/Windows 95高级开发指南.电子工业出版社.1998
[58] 北京希望电脑公司.Visual C++编程高手.北京希望电子出版社.2000.11
[59] 陈维兴,林小茶.C++面向对象程序设计教程.清华大学出版社.2001.1
[60] [美]James Jaworksi著.JavaScript与Jscript从入门到精通.电子工业出版社.1999.8
[61] 杨正华.趣味程序导学JavaScript北京:清华大学出版社,2002.1
[62] 段练军,郝风华等.WINDOWS环境下的WEB数据库访问技术.郑州牧业工程高等专科学校学报.2001
[63] 武苍林,朱建民.Web数据库互连技术.计算机应用研究.1999
[64] Guo Yun Hua, Chen Xi Yang, Chen Ding Fang. Research on distributed web based smart card application. 2001 International Conference on eCommerce Engineering
[65] 陈喜阳,郭蕴华,陈定方.基于智能卡的在线安全小额支付系统 武汉:交通与计算机2002
[66] Engene.The MFC Answer Book.中国电力出版社,2001.7
[67] Akerly J etc. Beveloping an e_business Application for the IBM Websphere Aplication Server. International Technical Support Orgnization. 1999 (http://www. redbooks.ibm. com)
[68] Kalakta R, Whinston AB. Electronic Commerce. A manager's Guide. Addison Wesley Longman, Inc. 1997.
[69] Cisco TCP/IP Routing Professional Reference. Chris Lewis. McGraw-Hill, 1997. ISBN 0070410887.
[70] Information War and the Air Force: Ware of the Future? Current. Fad? Glenn Buchan. http://www.rand.org/publications/IP/IP149
[71] Information Security: Computer Attacks at Department of Defense Pose Increasing Risks. U.S. Government Accounting Office. http://www.access.gpo. gov/cgi-bin/getdoc.cgi?dbname=gao&doeid=f:ai960 84. txt.
[72] TCP/IP and the AS/400. Dan Riehl and Mike Ryan. Duke Communications, 1998. ISBN 1882419723.
[73] Internetworking with TCP/IP: Client-Server Programming and Applications. Douglas E. Comer and David L. Stevens. Prentice Hall, 1997. ISBN 0138487146.
[74] Desogning TCP/IP Internetworks. Geoff Bennett. John Wiley & Sons, 1997. ISBN 0471286435
[75] Internetworking with TCP/IP: Principles, Protocols, and Architecture. Douglas E. Comer. Prentice Hall, 1995. ISBN 0132169878.
[76] TCP/IP: Running a Successful Network. Kevin Washburn and Jim Evans. Addison-Wesley Publishing Co., 1996. ISBN 0201877112.
[77] 陈爱明、于康友、管海明编著.计算机的安全与保密.北京:电子工业出版社,1992.
[78] 钱世德.电子商务的安全控制要求和基本方法(http://www.cims.edu.cn/CCIMSForum/wwww.ardx/messages/7.html)
[79] 中国国际电子商务中心安全认证系统(http://www.cabenter.com.cn/iteml.htm
[80] 俞时权、李齐.电子商务中的一种数据安全模型.微型电脑应用.2000.7
[81] 卢开澄.计算机密码学——计算机网络中的数据保密与安全.北京:清华大学出版社,1998
[82] 孙利群.电子商务的安全策略.现代计算机.广州.2000.8
[83] 樊成丰、林东.网络信息安全&PGP加密.北京:清华大学出版社,1998.
[84] [美]Carlton IPSec:VPN的安全措施 北京:清华大学出版社,2002.1
[85] RSA加密算法的研究.(http://www.rsa.com)
[86] 冯登国、裴定一.密码学导引.北京.科学出版社.1999.4
[87] Bruce Schneier.应用密码学.北京:机械工业出版社,2000.
[88] 柴新忠、周韧.公共密钥体制在数字签名中的应用.现代计算机.广州.2000.4
[89] 看雪.加密与解密—软件保护技术及完全解决方案电子工业出版社,2001.9
[90] 孔静萍.Internet的安全通信协议SSL与SET的剖析和比较.现代计算机,2000.89(4):40~42
[91] 施松,刘兰.针对Outlook Express谈安全电子邮件.经济技术协作信息.2001
[92] Liu Jin Peng, Chen Xi Yang, Chen Ding Fang. The Concept and implement of smart card in security E-commerce. 2001 International Conference on eCommerce Engineering
[93] 陈喜阳、刘金鹏、陈定方,智能卡在安全电子邮件系统中的应用,武汉理工大学学报,2002 Vol.26 No.3