Presentation is loading. Please wait.

Presentation is loading. Please wait.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Similar presentations


Presentation on theme: "E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality."— Presentation transcript:

1 E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality of customer and customer information) Maintenance of integrity of information

2 Encryption: E ncryption is the process of transforming information ( plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (in cryptography, referred to as ciphertext). The reverse process, i.e., to make the encrypted information readable again, is referred to as decryption (i.e., to make it unencrypted)Types of encryptioninformationplaintextalgorithmcipherkeyciphertext

3 Advantages of Encryption Data security when data is kept at Storage media Encryption is also used to protect data in transit, for example data being transferred via networks (e.g. the Internet, e- commerce), mobile telephones, wireless microphones, wireless intercom systems, Bluetooth devices and bank automatic teller machines. networksInternete- commercemobile telephoneswireless microphoneswireless intercomBluetoothautomatic teller machines

4 Types of Encryption: 1. DES ( The Data Encryption standard) This approach uses single key known to both sender and receiver. 2. Public key encryption: This approach uses the two different key for encoding message and other for decoding.

5 Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security of e- mail communications. It was created by Phil Zimmermann in 1991.data encryptioncomputer programcryptographicprivacyauthenticationdecryptingPhil Zimmermann PGP and similar products follow the OpenPGP standard (RFC 4880) for encrypting and decrypting data.OpenPGPRFC 4880data

6 Digital envelop: When both RSA (RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman,)and DES are used together.Ron RivestAdi ShamirLeonard Adleman Digital signature: It an electronic authentication techniques that ensure the transmitted message originated with the authorized sender and that it was not tempered after the signature was applied. Digital certificate: Digital certificate like digital identification card that is used in conjunction with public key encryption to verify the message sender authenticity. Certification Authority (CA): CA is a company or trusted third party which issue the digital certificates such as Veri-sign

7 PKI ( Public key infrastructure): PKI constitute the policies and procedures for administrating public and private key activities. PKI consists of CA (Certification Authority) issues and revoke digital certificate RA (Registration Authority) verify the identity of certificate applicants CR (Certification Repository) database contains current information about current certificates.

8 PKI The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke (cancel) digital certificates.

9 Transaction Privacy: –It means that unauthorized individuals cannot obtain transaction data. Transaction is encrypted using SSL method( developed Netscape). Transaction authentication –It is the process of verifying transaction participants are who they claim to be. Transaction Integrity –It ensures that transaction is not changed after the transaction completed. Non repudiation : –It means that neither party can deny that transaction occurred.

10 SET Secure Electronic Transaction (SET) was a standard protocol for securing credit card transactions over insecure networks, specifically, the Internet. SET was not itself a payment system, but rather a set of security protocols and formats that enable users to employ the existing credit card payment infrastructure on an open network in a secure fashion. However, it failed to gain traction. protocolcredit cardnetworksInternetpayment system SET is used by Visa, MasterCard, American Express. It establish the standards for encrypting and authenticating credit transaction data.

11 SSL The Secure Socket Layer protocol was created by Netscape to ensure secure transactions between web servers and browsers. The protocol uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions


Download ppt "E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality."

Similar presentations


Ads by Google