Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.

Slides:

Advertisements

Similar presentations

Enabling Secure Internet Access with ISA Server

Advertisements

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Chapter 12 Designing System Interfaces, Controls, and Security

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Electronic Commerce Yong Choi School of Business CSU, Bakersfield.

Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

Chapter9 Introduction to Information Technology Turban, Rainer and Potter John Wiley & Sons, Inc. Copyright 2005.

IS425 Autumn Norma Sutcliffe Session 71 Web Services A set of tools and protocols which enable software applications to communicate, pass data.

14 Systems Analysis and Design in a Changing World, Fourth Edition.

Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System architectures Updated: November 2014.

Fundamental System Concepts Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica Updated: September 2014.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 4 E-BusinessE-Business.

1st Project Introduction to HTML.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

CSCI 6962: Server-side Design and Programming

INTRODUCTION TO WEB DATABASE PROGRAMMING

Basic Technology for Electronic Commerce Fan Fan address: GUANGXI UNIVERSITY BUSINESS SCHOOL 2005.

Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

DATA COMMUNICATION DONE BY: ALVIN SAMPATH CARLVIN SAMPATH.

16-1 The World Wide Web The Web An infrastructure of distributed information combined with software that uses networks as a vehicle to exchange that information.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.

World Wide Web Hypertext model Use of hypertext in World Wide Web (WWW) WWW client-server model Use of TCP/IP protocols in WWW.

15 Chapter 15 Design System Interfaces, Controls, and Security Systems Analysis and Design in a Changing World, 5th Edition.

1 12 Systems Analysis and Design in a Changing World, 2 nd Edition, Satzinger, Jackson, & Burd Chapter 12 Designing Systems Interfaces, Controls, and Security.

Web Services An introduction for eWiSACWIS May 2008.

Advanced Accounting Information Systems Day 27 Financial Reporting in an Electronic Environment October 28, 2009.

E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.

Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Web Security : Secure Socket Layer Secure Electronic Transaction.

Types of Electronic Infection

Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.

Encryption / Security Victor Norman IS333 / CS332 Spring 2014.

INFORMATION X INFO425: Systems Design Chapter 15 Designing System Interfaces, Security and Controls.

1 MSCS 237 Overview of web technologies (A specific type of distributed systems)

Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.

Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

IAD 2263: System Analysis and Design Chapter 7: Designing System Databases, Interfaces and Security.

Module: Software Engineering of Web Applications Chapter 2: Technologies 1.

The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”

Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica User interface II Updated: November 2014.

Web Design New Brighton High School Exploring the History of the World Wide WebWorld Wide Web.

Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

Electronic Data Interchange

Key Management and Distribution Anand Seetharam CST 312.

Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.

EMI is partially funded by the European Commission under Grant Agreement RI Common Authentication Library Daniel Kouril, for the CaNL PT EGI CF.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

14 Systems Analysis and Design in a Changing World, Fourth Edition.

General Principles for Phyto Ecert (day 1) Peter Johnston Plant Exports.

Controlling Computer-Based Information Systems, Part II

Database Driven Websites

Lecture 4 - Cryptography

Install AD Certificate Services

Electronic Payment Security Technologies

Presentation transcript:

Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014

3510 Systems Analysis & Design * Bob Travica2 of 10 Outline System interface concept Electronic Data Interchange eXtensible Markup Language Rules for system inputs Rules for system outputs

3510 Systems Analysis & Design * Bob Travica3 of 10 System interface concept 1) Interface with no or minimal participation of users AND 2) Destination is another system, not user (System-to-system link; Inputs & outputs exchanged b/w systems).* Examples: Inputs from other systems & external databases Automated inputs (e.g., bar code reader) Outputs to other systems & external databases Note: In contrast to book, reports are part of user interface (see slides for the previous class).

3510 Systems Analysis & Design * Bob Travica4 of 10 Technologies for system interfaces - From EDI to Internet of Things Electronic data interchange (EDI) input/output files (More...)More... Automatically formatted text files that represent business documents Since 1960s Auto industry big user Can link to electronic funds transfer (EFT) Both sender and receiver must use same EDI system. Was complex, expensive; cheaper Internet-based solutions today.

3510 Systems Analysis & Design * Bob Travica5 of 10 eXtensible Markup Language eXtensible Markup Language (XML) input/output files Text files with embedded markup that describes content Since late 1990s Sender and receiver share definition of content (Data Type Definition) Simple, cheap Security issues

3510 Systems Analysis & Design * Bob Travica6 of 10 XML example

Internet of Things (IoT) An expandable network of devices connected via the Internet to support remote control, automation, and new services at work, home, and in settlements Systems Analysis & Design * Bob Travica7 of 11

3510 Systems Analysis & Design * Bob Travica8 of 10 Identifying system interfaces System Sequence Diagram can indicate system interfaces

3510 Systems Analysis & Design * Bob Travica9 of 10 Rules for system inputs 1. Must come from a trusted source 2. Be secure (encryption) 3. Be validated for accuracy (values’ range, data type, completeness, algorithms) 4. Capture data close to the source 5. Use automatic entry and avoid human involvement as much as possible electronic input rather than manual reentering of data (e.g., bar-code scanner, radio frequency identifier)

3510 Systems Analysis & Design * Bob Travica10 of 10 Rules for system outputs System output must go to a right address and be secure (encryption)

3510 Systems Analysis & Design * Bob Travica11 of 10 Encryption and decryption Single-key encryption/decryption Key sharing complicated with many trading partners and in B2C e-commerce

Encryption and decryption 3510 Systems Analysis & Design * Bob Travica12 of 11 Sender (Client) can generate a private shared key for the session, encrypt it by Server’s public key, and send it to Server. Receiver (Server) can send Digital Certification issued by Certifying Authority and encrypted by CA’s private key, to get authenticated by Client. Client's browser usually has CA’s public key built in and thus decrypts the certificate. Double-key encryption/decryption

3510 Systems Analysis & Design * Bob Travica Encryption and decryption Double-key encryption/decryption 4. Client sends its public key to the Server. Connection is secured from that point on as both will encrypt messages with public keys. 2. Receiver (Server) sends Digital Certification issued by Certifying Authority (CA) and encrypted by CA’s private key, to get authenticated by Client. Possible secure communication process: 1. Sender (Client) requests Receiver’s (Server) authentication and secure connection. 3. Client's browser decrypts message using CA’s public key built into Client's browser. Or: Either side generates a private key for the session, encrypts it by the other side’s public key, & sends it over. Connection is secured as in single private key encryption model.