Presentation is loading. Please wait.

Presentation is loading. Please wait.

Electronic Transaction Security (E-Commerce)

Published by Modified over 10 years ago

Similar presentations

Presentation on theme: "Electronic Transaction Security (E-Commerce)"— Presentation transcript:

1 Electronic Transaction Security (E-Commerce)
By Joel Milazzo

2 E-Commerce Electronic Commerce - the buying and selling of products or services over electronic systems. Common Sites: Electronic commerce that is conducted between businesses and consumers, on the other hand, is referred to as business-to-consumer or B2C. Online shopping is a form of electronic commerce where the buyer is directly online to the seller's computer usually via the internet.  If an intermediary is present, then the sale and purchase transaction is called electronic commerce such as eBay.com.

3

4 Public-key Encryption
Public Key Encryption – Uses a pair of asymmetric keys for encryption and decryption Public Key which is made public by distributing it widely. Private Key is never distributed, kept secret. Data that is encrypted with the public key can be decrypted only with the private key. Conversely, data encrypted with the private key can be decrypted only with the public key. This asymmetry is the property that makes public key cryptography so useful.

5 Public-Key Encryption Basics
Person A, Person B Person A wants to authenticate Person B’s identity or information. Person B gives their public key to Person A, in return Person A sends a message to Person B. Person B uses their private key to encrypt the message sent to them, the message is then sent back to Person A where it is decrypted once more by using the public key that was given.

6 Secure Sockets Layer(SSL)
SSL – Protocol that uses the implementation of Public-Key encryption to provide security for communications over networks such as the internet. Originally developed by Netscape, it is used by internet browsers and web servers to transmit sensitive information. Successor Transport Layer Security(TLS)

7 SSL/TLS in Action Create a “Certificate”
Third party company such as Thawte is used to prove the identity of the company, the company is now given a new public key that has additional information. This information is the third parties certification that the public key is verified and specific to the company. This information is encrypted with the third parties private key.

8 SSL/TLS in Action Connect to the company website, which is directed to a special port on the website that is set up for SSL/TLS communications only. Company sends back its public key (which has additional information) Client then uses the public key of the third party(which are stored in browser) to decrypt the key. Decision… If the public key has expired, this could be a problem If the public key claims to be for some domain that is not company.com that could be a problem. If the client doesn’t trust the server, then the communication is terminated.

9 Are you secure? Few ways to find out if you are using a secure protocol simply by viewing your browser. TLS and its predecessor SSL make significant use of certificate authorities. Once your browser requests a secure page and adds the "s" onto "http," the browser sends out the public key and the certificate, checking three things: 1) that the certificate comes from a trusted party; 2) that the certificate is currently valid; and 3) that the certificate has a relationship with the site from which it's coming. The browser then uses the public key to encrypt a randomly selected symmetric key. Public-key encryption takes a lot of computing, so most systems use a combination of public-key and symmetric key encryption. When two computers initiate a secure session, one computer creates a symmetric key and sends it to the other computer using public-key encryption. The two computers can then communicate using symmetric-key encryption. Once the session is finished, each computer discards the symmetric key used for that session. Any additional sessions require that a new symmetric key be created, and the process is repeated Represents Encryption Secure Connection

10 How it is used in e-commerce
1.Customer places order 2.Customer’s browser confirms merchant 3.Browser sends the order information, this message is encrypted with the merchant’s public key. Payment information is encrypted with the bank’s public key. 4.Merchant verifies the customer 5.Merchant sends order information to bank Which insures that the merchant can’t read the information

11 How it is used in e-commerce cont.
6. Bank verifies the merchant and the information of the consumer. 7. The bank authorizes the transaction to the merchant who can then fill the order.

12 One Time Session To ensure security each transaction session is given a combination of a symmetric and public keys. Upon leaving the session or breaking connection for any reason you must start the session over with a new symmetric key.

13 3-D Secure Stands for Three Domain Secure
XML based protocol used as a security precaution for online credit and debit card transactions. Developed by Visa in order to improve security and has since been adopted by other card companies such as MasterCard and JCB International.

14 What does it do? Tie the financial authorization process with the idea of individual online authentication. Previously no way to identify if the legitimate cardholder was entering the card details. Adds another step for online payments to safe guard bank accounts.

15 Added Protection Cardholder answers a series of one time security questions by their bank which only the card issuer and cardholder will ever know. Select a password and a secret phrase which will now be used during online transactions. During the checkout process the 3-D Secure of the card issuer(Visa, MasterCard, etc) will redirect the user to the website of the bank to authorize the transaction.

Download ppt "Electronic Transaction Security (E-Commerce)"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
CP3397 ECommerce.

CP3397 ECommerce.
Cryptography and Network Security

Cryptography and Network Security
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.

1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
1 Applications of Computers Lecture-3 2 E-Commerce 4 Almost all major companies have their homes on the web, mainly for advertising 4 Companies were.

1 Applications of Computers Lecture-3 2 E-Commerce 4 Almost all major companies have their homes on the web, mainly for advertising 4 Companies were.
Collaboration and Trading Online Communities of Interest B2B e-Commerce Web Portals Dependence on Internet- Based Trading Platforms e-Commerce Processes.

Collaboration and Trading Online Communities of Interest B2B e-Commerce Web Portals Dependence on Internet- Based Trading Platforms e-Commerce Processes.
Chapter 8 Web Security.

Chapter 8 Web Security.
1 Web Developer Foundations: Using XHTML Chapter 12 Key Concepts.

1 Web Developer Foundations: Using XHTML Chapter 12 Key Concepts.
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
Supporting Technologies III: Security 11/16 Lecture Notes.

Supporting Technologies III: Security 11/16 Lecture Notes.
BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.

BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.

Similar presentations

Ads by Google