Presentation is loading. Please wait.

Presentation is loading. Please wait.

Magister Manajemen Sistem Informasi Transactions Security Non Technical Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Communications Server.

Published byJaida Bodin Modified over 9 years ago

Similar presentations

Presentation on theme: "Magister Manajemen Sistem Informasi Transactions Security Non Technical Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Communications Server."— Presentation transcript:

1 Magister Manajemen Sistem Informasi Transactions Security Non Technical Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Communications Server Transactional The Parties Universitas Gunadarma Back to Master Slide Areas Security Solutions Security & The Web Communications Server Transactional Categories Security Schemes Authentication Secure Socket S-HTTP Shen Internet dan Jaringan Komputer - Universitas Gunadarma 2006 Non Technical Security Systems  The user (client) can be given the possibility of placing an order without credit card details and the Internet merchant then simply contacts the user by telephone to obtain the details.  The user can be given the possibility of placing an order without credit card details and the user prints the order form and after printing, fills out the credit card details and faxes the order to the Internet merchant.

2 Magister Manajemen Sistem Informasi Transactions Security Non Technical Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Communications Server Transactional The Parties Universitas Gunadarma Back to Master Slide Areas Security Solutions Security & The Web Communications Server Transactional Categories Security Schemes Authentication Secure Socket S-HTTP Shen Internet dan Jaringan Komputer - Universitas Gunadarma 2006 The Parties to an E-Commerce Transaction The Parties to an E-Commerce Transaction  The User/Card Holder : the person wishing to purchase on-line  The Merchant : the company wishing to sell on-line  The Acquirer : the merchants financial institution, usually their Bank  The Issuer : the credit card company that issued the users card  The Certification Authority : a neutral third party authority that issues certificates to the merchant, the issuer and in some cases the cardholder

3 Magister Manajemen Sistem Informasi Transactions Security Non Technical Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Communications Server Transactional The Parties Universitas Gunadarma Back to Master Slide Areas Security Solutions Security & The Web Communications Server Transactional Categories Security Schemes Authentication Secure Socket S-HTTP Shen Internet dan Jaringan Komputer - Universitas Gunadarma 2006 Areas of Internet Security It is important before considering the issue of Internet security to be clear as what particular security issue is being discussed. 1. Communications Security 2. Server Security 3. Transactional Security

4 Magister Manajemen Sistem Informasi Transactions Security Non Technical Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Communications Server Transactional The Parties Universitas Gunadarma Back to Master Slide Areas Security Solutions Security & The Web Communications Server Transactional Categories Security Schemes Authentication Secure Socket S-HTTP Shen Internet dan Jaringan Komputer - Universitas Gunadarma 2006 Communications Security One aspect is security in the transfer of information over the Internet and to insure that sensitive information such as credit card details cannot be intercepted. Such interception can give rise to the following: 1. Third parties can obtain credit card details for use elsewhere 2. Third parties can modify communication for example to have goods shipped to another address 3. Third parties can obtain confidential commercial information with regard to transactions, for example the identity of customers and the amount purchased of a particular product

5 Magister Manajemen Sistem Informasi Transactions Security Non Technical Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Communications Server Transactional The Parties Universitas Gunadarma Back to Master Slide Areas Security Solutions Security & The Web Communications Server Transactional Categories Security Schemes Authentication Secure Socket S-HTTP Shen Internet dan Jaringan Komputer - Universitas Gunadarma 2006 Server Security The server (the machine that contains the commerce site) can be subject to being ‘cracked’ by third party and this can lead to the following: 1. The possibility that third parties can obtain confidential commercial information with regard to transactions that have taken place, for example the identity of customers and the amount purchased of a particular product 2. That the service can be disrupted 3. That the information held on the server can be destroyed 4. In the case of an integrated Internet/Intranet that users can breach the companies firewall

6 Magister Manajemen Sistem Informasi Transactions Security Non Technical Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Communications Server Transactional The Parties Universitas Gunadarma Back to Master Slide Areas Security Solutions Security & The Web Communications Server Transactional Categories Security Schemes Authentication Secure Socket S-HTTP Shen Internet dan Jaringan Komputer - Universitas Gunadarma 2006 Transactional Security Here the concern is: 1. Third parties can impersonate a user/cardholder to send spurious fraudulent orders 2. Dispatched goods are not paid for 3. The Merchant can take payment but not ship the goods

7 Magister Manajemen Sistem Informasi Transactions Security Non Technical Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Communications Server Transactional The Parties Universitas Gunadarma Back to Master Slide Areas Security Solutions Security & The Web Communications Server Transactional Categories Security Schemes Authentication Secure Socket S-HTTP Shen Internet dan Jaringan Komputer - Universitas Gunadarma 2006 Security Solutions The Internet specific dangers can be divided into three classes, one class attacks the connection between the user and the merchant where the attacke either monitors the network traffic or modifies the network traffic. The second class of attacks targets the merchant’s server itself. The third are the transactional dangers, as in is the card valid is the user really the card holder, etc.

8 Magister Manajemen Sistem Informasi Transactions Security Non Technical Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Communications Server Transactional The Parties Universitas Gunadarma Back to Master Slide Areas Security Solutions Security & The Web Communications Server Transactional Categories Security Schemes Authentication Secure Socket S-HTTP Shen Internet dan Jaringan Komputer - Universitas Gunadarma 2006 Communications Security It is technically possible to obtain credit card information interactively from the Internet in a similar manner to bugging a phone but it is extremely difficult to do. Some time ago a group of French students using a mainframe University computer managed to acquire credit card details from the Internet after a number of days. However it should be born in mind that had they gone to their local supermarket and looked in the wastepaper bin they could obtain the same information. The dangers are in fact more perceived than real. However whether or not these fears are well founded they have to be addressed if e-commerce is to realize its potential. There are a number of encryption systems in use at present to insure that information transversing the Internet is not accessible to third parties. The most common system presently in use is SSL.

9 Magister Manajemen Sistem Informasi Transactions Security Non Technical Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Communications Server Transactional The Parties Universitas Gunadarma Back to Master Slide Areas Security Solutions Security & The Web Communications Server Transactional Categories Security Schemes Authentication Secure Socket S-HTTP Shen Internet dan Jaringan Komputer - Universitas Gunadarma 2006 Server Security Whatever type of server used the merchant should adopt a procedure program to minimize the damage should the servers security be compromised or indeed should the servers hard disk be destroyed. –The merchant should backup the information held on the server regularly to an off-line machine or to tape. In this way any disaster can be quickly overcome. –The merchant should insure that the server holds no unnecessary information such as customer lists or sales records. In this way in the unlikely event that the server security is breached the damage that can be done can be quickly repaired and there is no confidential information available to the attacker.

10 Magister Manajemen Sistem Informasi Transactions Security Non Technical Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Communications Server Transactional The Parties Universitas Gunadarma Back to Master Slide Areas Security Solutions Security & The Web Communications Server Transactional Categories Security Schemes Authentication Secure Socket S-HTTP Shen Internet dan Jaringan Komputer - Universitas Gunadarma 2006 Transactional Security There are a number of systems currently available to address this issue. These solutions are often referred to as payment gateways. This involves the e-commerce system sending a request to an outside source to obtain confirmation that the credit card details of the user are correct and that the funds are available. When the goods are shipped the e-commerce system sends a further request to the payment gateway for the funds to be credited to the merchants account. In this way the merchant's concerns and the acquirers concerns are largely addressed. SET (Secure Electronic Transactions) is a new payment protocol which can be expected to become more popular in the next year. SET cannot be considered as an application it is rather a protocol that developers will use in developing payment gateways.

11 Magister Manajemen Sistem Informasi Transactions Security Non Technical Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Communications Server Transactional The Parties Universitas Gunadarma Back to Master Slide Areas Security Solutions Security & The Web Communications Server Transactional Categories Security Schemes Authentication Secure Socket S-HTTP Shen Internet dan Jaringan Komputer - Universitas Gunadarma 2006 Security & The Web  Server Authentication Client are confident about servers they are communicating with.  Privacy Using Encryption Client conversation with the server is private.  Data Integrity Clients’ conversations cannot be tampered or interfered with.

12 Magister Manajemen Sistem Informasi Transactions Security Non Technical Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Communications Server Transactional The Parties Universitas Gunadarma Back to Master Slide Areas Security Solutions Security & The Web Communications Server Transactional Categories Security Schemes Authentication Secure Socket S-HTTP Shen Internet dan Jaringan Komputer - Universitas Gunadarma 2006 Categories of Internet Data and Transactions  Public Data No security restrictions and can be read by anyone. Such data should be protected from unauthorized tampering or modification, however, because a reader may perform damaging actions on its content.  Copyright Data Copyrighted but not secret. The owner of data is willing to provide it but wishes to ensure that the user has paid for it. The objective is to maximize revenue and security.  Confidential Data Secret but whose existence is not a secret. Such data include bank account statements, personal files, and the like. Such material may be referenced by public or copyright data.  Secret Data Such data might include algorithms. It is necessary to monitor and log all access to secret data.

13 Magister Manajemen Sistem Informasi Transactions Security Non Technical Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Communications Server Transactional The Parties Universitas Gunadarma Back to Master Slide Areas Security Solutions Security & The Web Communications Server Transactional Categories Security Schemes Authentication Secure Socket S-HTTP Shen Internet dan Jaringan Komputer - Universitas Gunadarma 2006 WWW-Based Security Schemes  Secure HTTP [S-HTTP] A revision of HTTP that will enable the incorporation of various cryptographic message formats, such as DSA and RSA standards, into both the web client and the server; most of the security implementation will take place at the protocol  Security Socket Layer [SSL] Uses RSA security to wrap security information around TCP/IP-based protocols. This implementation, while different from S-HTTP, accomplishes the same task. The benefit of SSL over S-HTTP is that SSL is not restricted to HTTP, but can also be used for security for FTP and TELNET, among other Internet services  Shen (sponsored by W3 consortium) A non-commercial security. Similar to S-HTTP.

14 Magister Manajemen Sistem Informasi Transactions Security Non Technical Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Communications Server Transactional The Parties Universitas Gunadarma Back to Master Slide Areas Security Solutions Security & The Web Communications Server Transactional Categories Security Schemes Authentication Secure Socket S-HTTP Shen Internet dan Jaringan Komputer - Universitas Gunadarma 2006 Basic Authentication Features  Programs that allow a sender and a receiver to communicate in a way that does not allow third parties to read them and that certify that senders are really who they claim to be  For e-commerce application, strong authentication and message integrity are necessary

15 Magister Manajemen Sistem Informasi Transactions Security Non Technical Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Communications Server Transactional The Parties Universitas Gunadarma Back to Master Slide Areas Security Solutions Security & The Web Communications Server Transactional Categories Security Schemes Authentication Secure Socket S-HTTP Shen Internet dan Jaringan Komputer - Universitas Gunadarma 2006 Secure Socket Layer [SSL] Main champion: Netscape Communications  Netscape Commerce Server Provides  data encryption  server authentication  message integrity  client authentication for TCP/IP (optional) Fully encrypts  HTTP request  HTTP response  URL requested  submitted form contents  HTTP authorization information  data returned from server to client

16 Magister Manajemen Sistem Informasi Transactions Security Non Technical Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Communications Server Transactional The Parties Universitas Gunadarma Back to Master Slide Areas Security Solutions Security & The Web Communications Server Transactional Categories Security Schemes Authentication Secure Socket S-HTTP Shen Internet dan Jaringan Komputer - Universitas Gunadarma 2006 Secure HTTP [S-HTTP]  Proposed by CommerceNet (a coalition of businesses interested in developing Internet- based EC)  Only works with HTTP  Ensures message protection by providing  signature methods  authentication methods  integrity methods  encryption methods

17 Magister Manajemen Sistem Informasi Transactions Security Non Technical Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Communications Server Transactional The Parties Universitas Gunadarma Back to Master Slide Areas Security Solutions Security & The Web Communications Server Transactional Categories Security Schemes Authentication Secure Socket S-HTTP Shen Internet dan Jaringan Komputer - Universitas Gunadarma 2006 ShenShen  Proposed by CERN  High level replacement for existing HTTP  Not currently implemented by any browser or server vendor  Indications are that the proposal may be, for all purposes, dead

Download ppt "Magister Manajemen Sistem Informasi Transactions Security Non Technical Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Communications Server."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Working with the Internet

Working with the Internet
CP3397 ECommerce.

CP3397 ECommerce.
Cryptography and Network Security

Cryptography and Network Security
Internet dan Jaringan Komputer - Universitas Gunadarma 2006 Magister Manajemen Sistem Informasi E-Commerce & WWW Slides prepared by Tb. Maulana Kusuma,

Internet dan Jaringan Komputer - Universitas Gunadarma 2006 Magister Manajemen Sistem Informasi E-Commerce & WWW Slides prepared by Tb. Maulana Kusuma,
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Chapter 8 Web Security.

Chapter 8 Web Security.
Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.

Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.
“Electronic Payment System”

“Electronic Payment System”
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.

Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.
Supporting Technologies III: Security 11/16 Lecture Notes.

Supporting Technologies III: Security 11/16 Lecture Notes.
BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.

BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.
1 Chapter 8: Security in Electronic Commerce IT357 Electronic Commerce.

1 Chapter 8: Security in Electronic Commerce IT357 Electronic Commerce.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Similar presentations

Ads by Google