Presentation is loading. Please wait.

Presentation is loading. Please wait.

Making Commerce Safe D. Crocker Brandenburg Consulting +1 408 246 8253 – Preliminary – Not for distribution.

Published byJoan Bridges Modified over 8 years ago

Similar presentations

Presentation on theme: "Making Commerce Safe D. Crocker Brandenburg Consulting +1 408 246 8253 – Preliminary – Not for distribution."— Presentation transcript:

1 Making Commerce Safe D. Crocker Brandenburg Consulting +1 408 246 8253 dcrocker@mordor.stanford.edu – Preliminary – Not for distribution

2 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 2 Boldly go... v Internet was (sort of) –Small (sort of) (very) –Friendly (very) –Open –Casual v Internet has become (every body/where) –Huge (every body/where) –Competitive and –Closed and open and –Casual and formal Where no public network has gone before... v Commerce changes things

3 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 3 Internet for commerce? v Strong pressures emerging –Businesses now online –Reduced access costs –Global “reach”

4 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 4 Operating a global Internet v Scaling –A chicken in every pot! v Security –Military vs. commercial vs. personal v Management –Interconnection  interoperability –Sometimes  always

5 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 5 Professional operations v Old news! –Internet commercial since 1990 v For professional operation, use professional provider –However, inter-provider management warrants improvement

6 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 6 Basic algorithms Msg Hash Msg Hash ++ Ÿ Ÿ + + Key PRIV-ORIG DigitalSignatureDigitalSignature + Key DATA Ÿ Ÿ EncryptDataEncryptData Msg Hash Msg Hash + Key DATA + Key PUB-RECIP Key PUB-RECIP IntegrityAuthentication (sign) Privacy (seal) ŸŸ EncryptKeyEncryptKey When do you need each?...not always!

7 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 7 Security choices v Trusted paths –Simple fall-back v Symmetric keys –Doesn’t scale v Asymmetric keys –Patent licensing –Computational overhead

8 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 8 Where to put security? My object Object Transport Secure My object FTP EMail Web Secure My object Secure EMail My object Web Security Web Server MTA EMail Security

9 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 9 Transport security protocols IPSEC IP-level labeling Kerberos (MIT) Third-party service S-KEY Pairwise login S-HTTP (EIT) Negotiate specifical object wrapper security SSL (Netscape) Client-server link STT (Microsoft) (TBD)

10 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 10 Object security protocols v MOSS (was PEM) –MIME Object Security Service - IETF –RSA + DES –Global, formal key certification hierarchy v PGP –Pretty Good Privacy - Phil Zimmerman –RSA + IDEA –Informal, personal, direct certification v S/MIME –Private, consortium effort –Product “plans” –Specification – http://www.rsa.com

11 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 11 What is business? v R&D –Search, browse – Test –Coordinate v Support –Discuss –Info push v Marketing –Targeted info push –Survey v Sales –Negotiate –Order, bill, pay –Deliver

12 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 12 “Commerce” business v Providing infrastructure support for commerce –EDI VAN –Interface to payment/bank service –Digital cash –Electronic notary –Online market/brokerage

13 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 13 Styles of commerce v Receiver pull –Interactive sessions –Individual, foreground refinement v Sender push –Messaging –Bulk, background distribution (Mark Smith, Intel)

14 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 14 Bilateral vs. global v On-going relationships (awkward) –Special arrangements ok(awkward) v One-time exchange –“Casual” commerce (difficult) –Needs simple use (difficult) –Needs standard(s) solutions

15 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 15 Human interaction v R&D, marketing, support –Mostly discussion or bulk transfer –Often ok to have no security, otherwise u Mild sign and/or seal is plenty –Works well today

16 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 16 EComm classic – EDI v Multiple EDI transports already –Internet is one more v EDI/MIME, proposed standard –Use MIME-based security

17 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 17 Payment system model Buyer Merchant Issuing Bank Acquiring Bank ClearingHouse 16+4 M. Rose, FV

18 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 18 Payment system issues v Transaction category “card not present” –For all bankcard approaches for Internet v Issues –Knowing buyer/merchant authorized –Avoiding third-party interception –Interchange, assessment, fees –Retrievals, chargebacks, etc. u Risk management

19 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 19 Payment system efforts Commercenet http://www.commerce.net First Virtual Holdings http://www.fv.com CyberCash http://www.cybercash.com OpenMarket http://www.openmarket.com Netmarket http://www.netmarket.com Netscape http://www.netscape.com DigiCash http://www.charm.net/~i bc/ibc2/softw_ag.html

20 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 20 Scheme “Clear” ClearingHouse Buyer Merchant 16+4 in the clear! Just trust the net... Easy to capture and replay.

21 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 21 Scheme “ID” ClearingHouse Buyer Merchant 16+4 ID ID 16+4 Still trust the net, until the next statement... Easy to capture and replay.

22 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 22 Scheme “ID confirm” ClearingHouse Buyer 16+4 ID ID Confirm ID Merchant Each transaction confirmed. Requires mildly safe user account.

23 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 23 Scheme “Secure link” ClearingHouse Buyer Merchant Encrypted16+4 16+4 Same a telephone, but encrypt over Internet. Merchant gets number. Is merchant safe??

24 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 24 Scheme “Mediated ClearingHouse Buyer Merchant Encrypted16+4 Encrypted 16+4 Encrypted 16+4 Only banks sees data in clear. Limited points of attack.

25 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 25 Create money v Private buyer and seller transaction –http://www.charm.net/~ibc/ibc2/softw_ag.ht ml v Digicash, Netcash,... –Use public key cryptography u User generates note for bank to sign u Bank debits user account u Merchant checks signature u Bank redeems note; credits merchant –Buyers anonymous

26 © D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 26 SummarySummary v Interesting times ahead v Internet commerce is real –but still formative –very fragmented –moving aggressively

Download ppt "Making Commerce Safe D. Crocker Brandenburg Consulting +1 408 246 8253 – Preliminary – Not for distribution."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
CP3397 ECommerce.

CP3397 ECommerce.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security

Cryptography and Network Security
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
The Dance of Co-Opetition Dave Crocker Brandenburg Consulting MY: +60 (19) 3299 445 +1 (408) 426 9827

The Dance of Co-Opetition Dave Crocker Brandenburg Consulting MY: +60 (19) (408)
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.

E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.
Chapter 13 Paying Via The Net. Agenda Digital Payment Requirements Fraud Detection Online Payment Methods Online Payment Types The Future Payment.

Chapter 13 Paying Via The Net. Agenda Digital Payment Requirements Fraud Detection Online Payment Methods Online Payment Types The Future Payment.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Your Presenter Amer Sharaf Electronic Payments: Where do we go from here? ByMarkus Jakobsson David Mraihi Yiannis Tsiounis Moti Yung.

Your Presenter Amer Sharaf Electronic Payments: Where do we go from here? ByMarkus Jakobsson David Mraihi Yiannis Tsiounis Moti Yung.
1 Applications of Computers Lecture-3 2 E-Commerce 4 Almost all major companies have their homes on the web, mainly for advertising 4 Companies were.

1 Applications of Computers Lecture-3 2 E-Commerce 4 Almost all major companies have their homes on the web, mainly for advertising 4 Companies were.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Chapter 8 Web Security.

Chapter 8 Web Security.
Email Security Jonathan Calazan December 12, 2005.

Security Jonathan Calazan December 12, 2005.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.

1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.

Similar presentations

Ads by Google