Presentation is loading. Please wait.

Presentation is loading. Please wait.

Electronic Transaction Security (E-Commerce)

Similar presentations

Presentation on theme: "Electronic Transaction Security (E-Commerce)"— Presentation transcript:

1 Electronic Transaction Security (E-Commerce)
By Joel Milazzo

2 E-Commerce Electronic Commerce - the buying and selling of products or services over electronic systems. Common Sites: Electronic commerce that is conducted between businesses and consumers, on the other hand, is referred to as business-to-consumer or B2C. Online shopping is a form of electronic commerce where the buyer is directly online to the seller's computer usually via the internet.  If an intermediary is present, then the sale and purchase transaction is called electronic commerce such as


4 Public-key Encryption
Public Key Encryption – Uses a pair of asymmetric keys for encryption and decryption Public Key which is made public by distributing it widely. Private Key is never distributed, kept secret. Data that is encrypted with the public key can be decrypted only with the private key. Conversely, data encrypted with the private key can be decrypted only with the public key. This asymmetry is the property that makes public key cryptography so useful.

5 Public-Key Encryption Basics
Person A, Person B Person A wants to authenticate Person B’s identity or information. Person B gives their public key to Person A, in return Person A sends a message to Person B. Person B uses their private key to encrypt the message sent to them, the message is then sent back to Person A where it is decrypted once more by using the public key that was given.

6 Secure Sockets Layer(SSL)
SSL – Protocol that uses the implementation of Public-Key encryption to provide security for communications over networks such as the internet. Originally developed by Netscape, it is used by internet browsers and web servers to transmit sensitive information. Successor Transport Layer Security(TLS)

7 SSL/TLS in Action Create a “Certificate”
Third party company such as Thawte is used to prove the identity of the company, the company is now given a new public key that has additional information. This information is the third parties certification that the public key is verified and specific to the company. This information is encrypted with the third parties private key.

8 SSL/TLS in Action Connect to the company website, which is directed to a special port on the website that is set up for SSL/TLS communications only. Company sends back its public key (which has additional information) Client then uses the public key of the third party(which are stored in browser) to decrypt the key. Decision… If the public key has expired, this could be a problem If the public key claims to be for some domain that is not that could be a problem. If the client doesn’t trust the server, then the communication is terminated.

9 Are you secure? Few ways to find out if you are using a secure protocol simply by viewing your browser. TLS and its predecessor SSL make significant use of certificate authorities. Once your browser requests a secure page and adds the "s" onto "http," the browser sends out the public key and the certificate, checking three things: 1) that the certificate comes from a trusted party; 2) that the certificate is currently valid; and 3) that the certificate has a relationship with the site from which it's coming. The browser then uses the public key to encrypt a randomly selected symmetric key. Public-key encryption takes a lot of computing, so most systems use a combination of public-key and symmetric key encryption. When two computers initiate a secure session, one computer creates a symmetric key and sends it to the other computer using public-key encryption. The two computers can then communicate using symmetric-key encryption. Once the session is finished, each computer discards the symmetric key used for that session. Any additional sessions require that a new symmetric key be created, and the process is repeated Represents Encryption Secure Connection

10 How it is used in e-commerce
1.Customer places order 2.Customer’s browser confirms merchant 3.Browser sends the order information, this message is encrypted with the merchant’s public key. Payment information is encrypted with the bank’s public key. 4.Merchant verifies the customer 5.Merchant sends order information to bank Which insures that the merchant can’t read the information

11 How it is used in e-commerce cont.
6. Bank verifies the merchant and the information of the consumer. 7. The bank authorizes the transaction to the merchant who can then fill the order.

12 One Time Session To ensure security each transaction session is given a combination of a symmetric and public keys. Upon leaving the session or breaking connection for any reason you must start the session over with a new symmetric key.

13 3-D Secure Stands for Three Domain Secure
XML based protocol used as a security precaution for online credit and debit card transactions. Developed by Visa in order to improve security and has since been adopted by other card companies such as MasterCard and JCB International.

14 What does it do? Tie the financial authorization process with the idea of individual online authentication. Previously no way to identify if the legitimate cardholder was entering the card details. Adds another step for online payments to safe guard bank accounts.

15 Added Protection Cardholder answers a series of one time security questions by their bank which only the card issuer and cardholder will ever know. Select a password and a secret phrase which will now be used during online transactions. During the checkout process the 3-D Secure of the card issuer(Visa, MasterCard, etc) will redirect the user to the website of the bank to authorize the transaction.

Download ppt "Electronic Transaction Security (E-Commerce)"

Similar presentations

Ads by Google