Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

CP3397 ECommerce.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.
Electronic Transaction Security (E-Commerce)
Cryptography and Network Security Chapter 17
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 6-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 12-1© 2007 Prentice-Hall, Inc ELC 200 Day 18.
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 12-1© 2007 Prentice-Hall, Inc ELC 200 Day 24.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
ELC 200 Day 24. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Day 24 Agenda Student Evaluations Should be progressing on Framework –Scheduling.
Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
ELC 200 Day 25. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Agenda Student Evaluations Quiz 4 (last) will be April 30 Chap 13, 14, &
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 12-1© 2007 Prentice-Hall, Inc ELC 200 Day 20.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 12-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.
Chapter 8 Web Security.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment ELC 200 Day 25.
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment ELC 200 Day 24.
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
Supporting Technologies III: Security 11/16 Lecture Notes.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
CIS 1310 – HTML & CSS 12 E-Commerce Overview. CIS 1310 – HTML & CSS Learning Outcomes  Define E-commerce  Identify Benefits & Risks of E-Commerce 
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Electronic Payments E-payment methods –Credit cards –Electronic funds transfer (EFT) –E-payments Smart cards Digital cash and script Digital checks E-billing.
1 TCP/IP Applications. 2 NNTP: Network News Transport Protocol NNTP is a TCP/IP protocol based upon text strings sent bidirectionally over 7 bit ASCII.
Securing Electronic Transactions University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Web Security : Secure Socket Layer Secure Electronic Transaction.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
ELC 200 DAY 26. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Agenda Quiz 4 (last) will be April 30 Chap 13, 14, & 15 Assignment 8 on next.
ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST
ELC 200 Day 11. Agenda Questions? Assignment 3 is Not Corrected  Missing assignments Assignment 4 is posted  Due March 9:30 AM  Assignment4.pdf.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.
Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Cryptography and Network Security
Pooja programmer,cse department
Electronic Payment Security Technologies
Cryptography and Network Security
Presentation transcript:

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23

13-2 © 2007 Prentice-Hall, Inc End of days? (subject to change) Dec 6 –Chap 14 Encryption –Student Course Evaluations –Assignment 9 posted –CyberProtect Simulation Dec 10 –Chap 15 Getting the Money Dec 13 –Quiz 4 –Optional assignment 9 due Dec 18 (Tuesday) –10 AM eCommerce frameworks due –Student presentations 5 Mins each

13-3 © 2007 Prentice-Hall, Inc Agenda Assignment 8 not corrected yet Assignment 9 Posted –Due Dec 13 –Optional  replace lowest assignment grade. Ecommerce Initiative Frameworks –GuidelinesGuidelines –Due DEC 10 AM Student Course Evaluations Discussion on Encryption CyberProtect Simulation

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-4© 2007 Prentice-Hall, Inc Encryption: A Matter of Trust

13-5 © 2007 Prentice-Hall, Inc Crypto, Digital Signature and Digital Certificates Cryptography provides security by using encryption –Ensures privacy Digital Signatures are just like a real signature –DCMA makes them just as legally binding as a signed paper document Digital Certificates uses Cryptographic techniques to prove Identity

13-6 © 2007 Prentice-Hall, Inc Digital Signature Sender Receiver DSPlaintext Add Digital Signature to Each Message Provides Message-by-Message Authentication Encrypted for Confidentiality

13-7 © 2007 Prentice-Hall, Inc Digital Signature: Sender DS Plaintext MD Hash Sign (Encrypt) MD with Sender’s Private Key To Create the Digital Signature: 1.Hash the plaintext to create a brief message digest; This is NOT the digital signature 2. Sign (encrypt) the message digest with the sender’s private key to create the digital Signature

13-8 © 2007 Prentice-Hall, Inc Digital Signature Sender Encrypts Receiver Decrypts Send Plaintext plus Digital Signature Encrypted with Symmetric Session Key DSPlaintext Transmission

13-9 © 2007 Prentice-Hall, Inc Digital Signature: Receiver DSReceived Plaintext MD 1. Hash 2. Decrypt with True Party’s Public Key 3. Are they Equal? 1. Hash the received plaintext with the same hashing algorithm the sender used. This gives the message digest 2. Decrypt the digital signature with the sender’s public key. This also should give the message digest. 3. If the two match, the message is authenticated; The sender has the true Party’s private key

13-10 © 2007 Prentice-Hall, Inc Public Key Deception Impostor “I am the True Person.” “Here is TP’s public key.” (Sends Impostor’s public key) “Here is authentication based on TP’s private key.” (Really Impostor’s private key) Decryption of message from Verifier encrypted with Impostor’s public key, so Impostor can decrypt it Verifier Must authenticate True Person. Believes now has TP’s public key Believes True Person is authenticated based on Impostor’s public key “True Person, here is a message encrypted with your public key.” Critical Deception

13-11 © 2007 Prentice-Hall, Inc Digital Certificates Digital certificates are electronic documents that give the true party’s name and public key Applicants claiming to be the true party have their authentication methods tested by this public key If they are not the true party, they cannot use the true party’s private key and so will not be authenticated Digital certificates follow the X.509 Standard

13-12 © 2007 Prentice-Hall, Inc Digital Signatures and Digital Certificates Public key authentication requires both a digital signature and a digital certificate to give the public key needed to test the digital signature DSPlaintext Applicant Verifier Certificate Authority Digital Certificate: True Party’s Public Key

13-13 © 2007 Prentice-Hall, Inc Four Classes of Digital Certificates Class 1 certificates contain minimum checks on the user’s background Class 2 certificates check for information like real name, Social Security number, and the date of birth Class 3 certificates are the strongest type Class 4 certificates are the most thorough

13-14 © 2007 Prentice-Hall, Inc Managing Cryptographic Keys Key management is the process of making keys known to the systems that need them and making sure keys are protected against disclosure or substitution Key Life Cycle –Key generation and registration –Key distribution –Key backup and recovery Key escrow : location where keys held in trust by a third party reside – Notary service : company that provides encryption- oriented services including key escrow, key recovery, time stamping, trusted intermediary, and archiving –Key revocation and destruction

13-15 © 2007 Prentice-Hall, Inc Third-Party Services Certificate authority verifies certificates intended for use by other distinct legal entities Certificate policy is a set of rules that identifies how, when, and for what reasons certificates are used within the assigned organization Directory service is a repository that distributes certificates as requested by message originators

13-16 © 2007 Prentice-Hall, Inc Internet Security Protocols Two key protocols for secure World Wide Web transactions are: –Secure Socket Layer (SSL) is a protocol for secure Web transactions, secures data packets at the network layer –Secure HTTP (S-HTTP) is a protocol that secures Web transactions and nothing else Secure Electronic Transaction (SET) is a protocol used for handling funds transfers from credit card issuers to a merchant’s bank account –A digital certificate customers can request from their issuing bank by filling out a form on the bank’s Web site –A digital wallet is an online shopping device that seals personal information in a free plug-in that can be invoked when making a purchase

13-17 © 2007 Prentice-Hall, Inc Secure Pretty Good Privacy (PGP) is a protocol that encrypts the data with a one-time algorithm and then encrypts the key to the algorithm using public-key cryptography – – S/MIME (Multipurpose Internet Mail Extension) is a powerful protocol that provides security for different data types and attachments to s Message Security Protocol (MSP) is a protocol that secures attachments across multiple platforms

13-18 © 2007 Prentice-Hall, Inc Implications for E-Commerce Developing high-powered and reliable encryption methods is a top priority for many organizations Most encryption systems have prevention as the sole means of defense Merchants face a number of choices when considering encryption methods A major concern is the cost associated with different encryption methods Government regulations present considerable problems for businesses

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.