1 TCP/IP Applications
2 NNTP: Network News Transport Protocol NNTP is a TCP/IP protocol based upon text strings sent bidirectionally over 7 bit ASCII TCP channels. It is used to transfer articles between servers as well as to read and post articles.
3 TCP/IP Today Multipurpose Internet Mail Extension World Wide Web
4 Emerging Internet Standards Secure Electronic Transactions Secure, Authenticated Mail Packet- level Security
5 Other TCP/IP Security Features Secure Electronic Transactions Secure, Authenticated Mail Packet- level Security Secure Web Transfers
6 Secure Sockets Layer Can encrypt everything above TCP Security is on a session basis: –Client authenticates server, gets public key –Client generates symmetric master key –Key is encrypted with servers public key –exchange begins All transmissions then use the master key
7 S/WAN -- IPSec Standard IP Security Protocol Working Group (IPSEC) A security protocol in the network layer Authentication, integrity, access control, and confidentiality preliminary goals: –host-to-host security followed by –subnet-to-subnet and host-to-subnet Submitted as draft standard 7/97
8 Secure-HTTP Application layer, like HTTP Negotiates many parameters –Encryption –Authentication –Digital Signature Methods –Key Exchange Algorithm Can use X.509 certificates Can be used on top of SSL
9 SET - Secure Electronic Transactions Uses RSA and DES Secures only the financial info –Payment authorization and transport –Confirmation and delivery –Merchant reimbursement
10 SET Certificates Certificates are X.509 –Cardholder needs certificate from CCA –Merchant needs two certificates from MCA –Financial institution gets two certificates from CA
11 Purchase Request
12 MIME Multi-purpose Internet Mail Extension Follows ad hoc encoding schemes –BINHEX –UUEncode Extensible, define file extension, handling program Basic algorithm converts 3 x 8-bit bytes to 4 x 6-bit ASCII characters
13 S-MIME Secure MIME Prevent interception and forgery of Uses RSA’s Public-Key Cryptography Standards (PKCS) Beyond –EDI software –Internet push products such as software distribution –on-line electronic commerce services
14 Pretty Good Privacy Phil Zimmerman Public key system for encryption and authentication Is used like S/MIME PGP won export battle for banks: Nov 4th: “ The U.S. Department of Commerce has granted Pretty Good Privacy, Inc., (PGP) approval to export PGP's and message encryption software to banks worldwide. ”
15 E-Cash Independence Security Privacy Off-Line Payment Transferability Divisibility
16 Secure Net Commerce SSL S/WAN -- IPSec S-MIME S-HTTP SET PGP E-Cash