Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

Published byChastity Glenn Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:"— Presentation transcript:

1 1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi: >

2 2 Learning Objectives Determine how and why encryption is important for e-commerce. Understand how security applies to e-mail, the Web, the intranet, and the extranet. Appreciate how virtual private networks are relevant to the future of e-commerce. Plan for strategies to fend-off security threats. List and understand various e-commerce modes of payment.

3 3 Confidentiality Confidentiality has two aims: –To use the digital signature or encrypted hash function to authenticate the identity of the sender. –To protect the content of the message from eyes other than those of the intended recipient. Cryptography is used to implement privacy –Encoded message has no apparent meaning

4 4 Confidentiality Two steps involved: –In the first step, a clear message is encrypted. –The reverse aspect is the deciphering by the recipient. Secure Socket Layer (SSL) –Developed by Netscape for transmitting private documents via the Internet

5 5 Confidentiality Organizations –Government –Industry Self-Regulation Platform for Privacy Preferences Project (P3P). TRUSTe Better Business Bureau Online

6 6 Authentication “Authentication is the process of identifying an individual or a message usually based on a user name and password or a file signature.” Authentication is distinct from Authorization

7 7 Authentication Log-in Passwords Weak method with short passwords

8 8 Authentication Features commonly used to identify and authenticate an user: –Something the user knows (e.g. password). –Something the user has (e.g. token, smartcard). –Something that is part of the user (e.g. fingerprint).

9 9 Authentication Digital Signature “A digital signature is a code attached to an electronically transmitted message to identify the sender.”

10 10 Authentication Digital Signature 1.The sender composes the document. 2.The sender uses a hash algorithm to create a “one-way” hash. 3.The user uses his or her private part of a public key system to encrypt the one-way hash to create the digital signature. 4.The sender then combines the original document with the digital signature to create a new signed document and send it to the receiver

11 11 Authentication Digital Signature 1.The receiver separates the document from its signature. 2.The receiver decrypts the digital signature using the sender public key. 3.The receiver applies the hashing algorithm to the original electronic document to produce a new one-way- hash.

12 12 Authentication Digital Signature

13 13 Authorization “Gives someone permission to do or have something.” Role or privileges based system. Access lists to hardware, programs, data

14 14 Integrity Control Redundancy Check (CRC) Secure Hash Algorithm (SHA-1) RSA’s Message Digest (MD5)

15 15 Auditing “As no system will ever be completely secure, policies need to be devised where unauthorized usage will not occur.”

16 16 Non-repudiation “Nonrepudiation is a proof that a message has been sent or received.” “Nonrepudiation is specially important for the secure completion of online transactions.”

17 17 Non-repudiation Digital Certificates can be used to verify the identity of a person, website or JavaScript/ Java applet. The certificate always include: –Public key. –The name of the entity. –Expiration date. –The name of the certification authority (CA). –The digital signature of the CA.

18 18 Non-repudiation

19 19 Non-repudiation - PKI

20 20 E-mail and Internet Security Secure Sockets Layer (SSL). Secure Electronic Transactions (SET). Password Authentication Protocol/ Challenge Handshake Authentication Protocol (PAP/CHAP). Private Communications Technology (PCT). S/MIME Pretty Good Privacy (PGP).

21 21 E-mail and Internet Security Secure Sockets Layer (SSL). –Created by Netscape –Widely used –Uses RSA’s encryption system. –Uses temporary keys –Implement Certificate Authorities (CA) –Client and server certificates

22 22 E-mail and Internet Security Secure Electronic Transactions (SET) –Enables the use of electronic payment methods and provides assurance about the identification of customers, merchants and banks. –Industry protocol.

23 23 E-mail and Internet Security PAP/CHAP –Commonly used with PPP connections. –With PAP the password is sent as open text, with CHAP is encrypted. –With CHAP the authentication is repeated every 10 minutes, with PAP only at connection time.

24 24 E-mail and Internet Security Private Communications Technology. –Microsoft Initiative. –Symmetric encryption. –Authenticates of server to client via certificate or CA. –Verifies message integrity with hash function message digests –Can be implemented with HTTP and FTP. –Allows a stronger encryption

25 25 E-mail and Internet Security Secure MIME. –Secure method of sending e-mails. –An IETF standard – RFC 1521

26 26 E-mail and Internet Security Pretty Good Privacy (PGP) –World’s de facto standard. –Freeware (There is also a commercial version).

27 27 Virtual Private Network “A virtual private network (VPN) is a network available when the user needs it.” IP Security Protocol (IPSec) Layer Two Tunneling Protocol (L2TP) Transport Layer Security (TLS)

28 28 Virtual Private Network – L2TP

29 29 Encryption Export Policy Regulations affect the global use of encryption techniques. Companies are allowed to export encryption items (but with weak encryption) Encryption classified as a weapon

30 30 Payment Systems Cash Checks Money Orders ORDER/INVOICE – bank transfer –(feasible for B2B) Credit Card Payments –(used most for B2C e-commerce)

31 31 Electronic Money Not widely adopted Cybercash VeriFone Stored-Value Smart Cards. Digital Cash –Visa Cash –Mondex –Digicash Micropayment

Download ppt "1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
CP3397 ECommerce.

CP3397 ECommerce.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security

Cryptography and Network Security
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication E-Mail Security E-Mail Security Secure Sockets Layer Secure.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Introduction to Cryptography

Introduction to Cryptography
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Part 5:Security Network Security (Access Control, Encryption, Firewalls)

Part 5:Security Network Security (Access Control, Encryption, Firewalls)
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.

Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Chapter 8 Web Security.

Chapter 8 Web Security.

Similar presentations

Ads by Google