华中科技大学硕士学位论文电子支付系统设计实现姓名：茉莉申请学位级别：硕士专业：信息与通信工程指导教师：张士军20090525? ? ? ? ? ? ? ? ? ? ? ? ?iAbstract With the fast growth of the internet, B2C e-commerce is also on the rise, and thus increasing the demand for electronic payment systems. A lot of companies are getting involved in e-commerce and are building B2C websites that need to provide consumers with payment options for their online purchases. Electronic payment systems (EPS) are systems that facilitate funds transfer in electronic commerce transactions between companies or individuals. In this thesis, the term electronic payment is used synonymously with online payments. E-commerce is still in its early stages hence there are still issues and challenges, the biggest challenge being that of security. This thesis studies electronic payment systems and ways of securing them and develops one such system. There are various technologies available to develop efficient and secure B2C web applications. In this thesis the various technologies of online payment systems are discussed and then an online bookshop application that supports the shopping process fully is designed and implemented based on the technologies. The bookshop is developed using the ASP.NET 2.0 technology because it enables fast and efficient development. The SSL protocol is said to have some security limitations however, its simplicity and efficiency are paramount hence I have used it to secure my web application. Key words: electronic payment systems, security, secure web applications, Online credit card payments, SSL, ? ? ? ? ? ? ? ? ? ? ? ? ?vList of Figures Figure 2-1 Classifications of Electronic Payment Systems 5 . 7 Figure 2-2 The credit card process . 10 Figure 2-3 Merchant oriented process . 12 Figure 2-4 Payment gateway-oriented process . 13 Figure 3-1 Symmetric key encryption . 17 Figure 3-2 Asymmetric key encryption (a) 10 . 18 Figure 3-3 Asymmetric key encryptions (b) 10 . 18 Figure 3-4 Encryption for Digital Signatures 10 . 19 Figure 4-1 Purchase Process . 29 Figure 4-2 The Checkout process . 30 Figure 4-3 Order and payment process . 31 Figure 4-4 The catalog use case diagram . 32 Figure 4-5 The shopping cart use case . 33 Figure 4-6 The checkout process use case . 34 Figure 4-7 The payment process . 35 Figure 4-8 the database design. 37 Figure 4-9 The Bookshop architecture . 38 Figure 4-10 Products catalogue page . 40 Figure 4-11 Product Description page . 41 Figure 4-12 Product Search page . 42 Figure 4-13 View shopping cart details . 43 Figure 4-14 Login page . 44 Figure 4-15 Registration page . 45 Figure 4-16 CustomerDetailsEdit page . 46 Figure 4-17 Checkout page . 47 ? ? ? ? ? ? ? ? ? ? ? ? ?vi List of Tables Table 3-1 Analysis of credit card systems 27 . 25 Table 4-1 Conventions used in payment message content . 35 ? ? ? ? ? ? ? ? ? ? ? ? ?viiAcronyms B2C Business-to-Consumer B2B - Business-to-Business C2C Consumer-to-Consumer EPS - Electronic payment Systems SSL Secure Sockets Layer SET Secure Electronic Transaction CA Certification Authority PKI Public Key Infrastructure DES Data