Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 1 DATE HERE Julie Grace - NetDox, Inc. Emerging Internet Commerce.

Slides:

Advertisements

Similar presentations

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

Advertisements

Confidentiality and Privacy Controls

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

Cryptographic Technologies

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Computer Science Public Key Management Lecture 5.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Chapter 31 Network Security

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Supporting Technologies III: Security 11/16 Lecture Notes.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

CIS 1310 – HTML & CSS 12 E-Commerce Overview. CIS 1310 – HTML & CSS Learning Outcomes  Define E-commerce  Identify Benefits & Risks of E-Commerce 

Secure Electronic Transaction (SET)

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Securing Electronic Transactions University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Cryptography, Authentication and Digital Signatures

E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.

Internet Security. Four Issues of Internet Security Authenticity: Is the sender of a message who they claim to be? Privacy: Are the contents of a message.

NDSU Lunchbytes "Are They Really Who They Say They Are?" Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,

Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.

1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.

Slide 1 © 2004 Reactivity The Gap Between Reliability and Security Eric Gravengaard Reactivity.

Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.

Security Using PGP - Prajakta Bahekar. Importance of Security is one of the most widely used network service on Computer Currently .

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Mort Anvari Introduction to Encryption Technology To insert your company logo on this slide From the Insert Menu Select “Picture” Locate your logo file.

Network Security Celia Li Computer Science and Engineering York University.

Copyright 2004 MayneStay Consulting Group Ltd. - All Rights Reserved Jan-041 Security using Encryption Security Features Message Origin Authentication.

April 20023CSG11 Electronic Commerce Authentication John Wordsworth Department of Computer Science The University of Reading Room.

Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.

Copyright © Terry Felke-Morris Web Development & Design Foundations with HTML5 8 th Edition CHAPTER 12 KEY CONCEPTS 1 Copyright.

Computer Communication & Networks

12 E-Commerce Overview.

Presentation transcript:

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 1 DATE HERE Julie Grace - NetDox, Inc. Emerging Internet Commerce

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 2 FINANCIAL SERVICES & THE INTERNET Internet commerce transactions can benefit companies and customers by providing cost efficiencies in policy origination, claims processing and business development. Auto insurance policies are being sold on-line in the UK by Eagle Star AOL, Yahoo! Financial and InsWeb are providing insurance information to customers and lead generation information to insurers in the US Citicorp chairman John Reed estimates that 80% of the costs associated with customer service can be eliminated with an effective technology strategy (Yahoo! News 4/15/98) On-line purchases provide a 4% higher profit margin than other sales mediums.

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 3 EXPERT PROJECTIONS Made Projected Actual 1997 E-Commerce 1991 $150B$8B 2002 E-Commerce 1997 $327B ? $500B ? $1500B ? Source: Forrester Research, Yankee Group, Cisco, 1997

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 4 INTERNET COMMERCE EXAMPLE Customer Alice in San Francisco Broker Bob in Chicago “Did Bob receive my information?” “Is anyone reading my information while it travels the Internet?” “How do I know for certain that Bob is the one who received my information?” “Did this information really come from Alice?” “Can I count on the Internet to deliver my important information on time?”

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 5 TRUST DEFINED SECURITY TRUST= RELIABILITY ACCOUNTABILITY

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 6 SECURITY “Is anyone reading my information while it travels the Internet?”

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 7 SECURITY Avoiding It Private Networks Virtual Private Networks Cryptography Symmetric Encryption Asymmetric Encryption There are a number of ways companies are addressing security concerns for electronic communications:

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 8 Scramble the contents of a message, making it unreadable Unscramble the contents of an encrypted message, making it readable again If the key used to scramble and unscramble is the same, it is a symmetric key INFORMATION += + = SYMMETRIC KEY ENCRYPTED INFORMATION SYMMETRIC KEYS ENCRYPTED INFORMATION SYMMETRIC KEY INFORMATION Symmetric encryption key is a computer code used to: SYMMETRIC ENCRYPTION

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 9 Asymmetric keys split the function of a symmetric key into two parts: INFORMATION +=+= PUBLIC KEY ENCRYPTED INFORMATION PRIVATE KEY INFORMATION Information encrypted with the private key can only be decrypted with the public key, and vice versa ASYMMETRIC KEYS ASYMMETRIC ENCRYPTION

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 10 SYMMETRIC & ASYMMETRIC COMPARED Symmetric Encryption  Relatively easy-to-use  Several security and administration issues... Need to share the symmetric encryption key with the recipient Must use an “out-of-band” method Anyone who acquires the session key can use it to: Decrypt the message you sent Asymmetric Encryption  Enhanced security and flexibility  Requires longer keys which greatly increases processing time

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 11 SYMMETRIC & ASYMMETRIC COMBINED Get advantages of both by using them together INFORMATION += SYMMETRIC KEY ENCRYPTED INFORMATION + BOB’S ASYMMETRIC PUBLIC KEY SYMMETRIC KEY = ENCRYPTED SYMMETRIC KEY ENCRYPTED INFORMATION INFORMATION + SYMMETRIC KEY = ENCRYPTED SYMMETRIC KEY =+ BOB’S ASYMMETRIC PRIVATE KEY SYMMETRIC KEY ALICEBOB

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 12 RELIABILITY “Can I count on the Internet to deliver my information on time?”

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 13 RELIABILITY No single entity “owns” the Internet, therefore no one completely controls its reliability. Companies are addressing the challenge of reliability with: Hardware - reliable mail servers, web servers, routers Software - reliable packages, languages Connectivity - reliable Internet Service Providers (ISPs) Information - status confirmation

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 14 ACCOUNTABILITY “Did this information really come from Alice?”

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 15 ACCOUNTABILITY Companies who enable Internet Commerce must be accountable for : Integrity The information has not been altered in transit Identity The sender and recipient are who they claim to be Non-Repudiation Providing indisputable proof of a transaction after the fact Financial Guarantees Assuming liability for information exchanges

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 16 INTEGRITY A digital hash is a computed number that uniquely represent information  If the document changes in the slightest, so does the digital hash INFORMATION DIGITAL FINGERPRINT HASHING FUNCTION DIGITAL HASH =

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 17 INTEGRITY A digital hash ensures information was not altered in transit INFORMATION HASHING FUNCTION ALICE’S DIGITAL HASH INFORMATION HASHING FUNCTION BOB’S DIGITAL HASH ?=?= ALICE’S DIGITAL HASH Alice sends both the message and her hash of the message to Bob Bob does his own hash of the message and compares it to the hash Alice sent

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 18 IDENTITY Combine a digital hash with encryption to produce a digital signature which provides proof of authorship MESSAGE HASHING FUNCTION DIGITAL HASH + ALICE’S PRIVATE KEY = Alice DIGITAL SIGNATURE

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 19 IDENTITY Digital certificates bind an identity to a public encryption key + ALICE ALICE’S PUBLIC KEY CERTIFICATE AUTHORITY ALICE INFO  Address  Employer  Etc. ALICE’S DIGITAL CERTIFICATE

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 20 DIGITAL CERTIFICATE INDUSTRY UPDATE Recent survey* of 50 Fortune 1,000 firms, 72% plan to use digital certificates within 2 years Financial Services industry is leading the way of digital certificate use for intercompany electronic commerce Why use digital certificates? “Non-repudiation. We need to be sure that when someone appears to initiate a message, they’re the ones who really did it.” (Commercial Bank) * Forrester Research, Inc. 1997

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 21 NON-REPUDIATION Non-repudiation takes several forms Digital certificates to prove authorship Archive transaction records to prove information exchanged at a specific date and time Archived transaction content to prove exact details of an information exchange

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 22 FINANCIAL GUARANTEES Companies assuming liability for services and products that enable Internet commerce is an important step forward. VeriSign and IDMetrix insure digital certificates NetDox insures Internet messages AT&T guarantees network (Internet) access BBN Internet Service takes full responsibility for delivery of data packets from source to destination

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 23 SUMMARY Building trust through security, reliability, and accountability will enable businesses to harness the power of Internet Commerce.

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 24 MORE INFORMATION Cryptography: RSA website - Digital Certificates: Entrust - GTE - IDMetrix - VeriSign - vwww.verisign.com World Wide Web Security: World Wide Web Security FAQ - NetDox: