Making Commerce Safe D. Crocker Brandenburg Consulting +1 408 246 8253 – Preliminary – Not for distribution.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Public Key Infrastructure and Applications
CP3397 ECommerce.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
The Dance of Co-Opetition Dave Crocker Brandenburg Consulting MY: +60 (19) (408)
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.
Chapter 13 Paying Via The Net. Agenda Digital Payment Requirements Fraud Detection Online Payment Methods Online Payment Types The Future Payment.
Principles of Information Security, 2nd edition1 Cryptography.
Electronic Transaction Security (E-Commerce)
Cryptography and Network Security Chapter 17
Your Presenter Amer Sharaf Electronic Payments: Where do we go from here? ByMarkus Jakobsson David Mraihi Yiannis Tsiounis Moti Yung.
1 Applications of Computers Lecture-3 2 E-Commerce 4 Almost all major companies have their homes on the web, mainly for advertising 4 Companies were.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Chapter 8 Web Security.
Security Jonathan Calazan December 12, 2005.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
Supporting Technologies III: Security 11/16 Lecture Notes.
Securing Transactions: Protocols and Politics D. Crocker Brandenberg Consulting D. Crocker Brandenberg Consulting.
BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
Electronic Payment Systems. How do we make an electronic payment? Credit and debit cards Smart cards Electronic cash (digital cash) Electronic wallets.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Electronic Payments E-payment methods –Credit cards –Electronic funds transfer (EFT) –E-payments Smart cards Digital cash and script Digital checks E-billing.
E-commerce Vocabulary Terms. E-commerce Buying and selling of goods, services, or information via World Wide Web, , or other pathways on the Internet.
E-commerce Vocabulary Terms By: Laura Kinchen. Buying and selling of goods, services, or information via World Wide Web, , or other pathways on the.
1 TCP/IP Applications. 2 NNTP: Network News Transport Protocol NNTP is a TCP/IP protocol based upon text strings sent bidirectionally over 7 bit ASCII.
Securing Electronic Transactions University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Commerce and Financial Transaction Security Over the Internet Dave Crocker Brandenburg www.brandenburg.com.
Chapter 4 Getting Paid. Objectives Understand electronic payment systems Know why you need a merchant account Know how to get a merchant account Explain.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
E-commerce 24/12/ Electronic Commerce (E-Commerce) Commerce refers to all the activities the purchase and sales of goods or services. Marketing,
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #22 Secure Web Information.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Module 7 – SET SET predecessors iKP, STT, SEPP. iKP Developed by IBM Three parties are involved - Customer, Merchant, and Acquirer Uses public key cryptography,
7.6 Secure Network Security / G.Steffen1. In This Section Threats to Protection List Overview of Encrypted Processing Example.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
Electronic Money Lincoln Stein Whitehead Institute/MIT Center for Genome Research.
Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.
Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.
1 E-cash Model Ecash Bank Client Wallet Merchant Software stores coins makes payments accepts payments Goods, Receipt Pay coins sells items accepts payments.
Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.
Electronic Banking & Security Electronic Banking & Security.
1 Original Message Scrambled Message Public Key receiver Internet Scrambled+Signed Message Original Message Private Key receiver The Process of Sending.
Cryptography and Network Security
PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471
Cryptography and Network Security
Secure Electronic Transaction (SET) University of Windsor
Module 4 System and Application Security
Cryptography and Network Security
Presentation transcript:

Making Commerce Safe D. Crocker Brandenburg Consulting – Preliminary – Not for distribution

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 2 Boldly go... v Internet was (sort of) –Small (sort of) (very) –Friendly (very) –Open –Casual v Internet has become (every body/where) –Huge (every body/where) –Competitive and –Closed and open and –Casual and formal Where no public network has gone before... v Commerce changes things

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 3 Internet for commerce? v Strong pressures emerging –Businesses now online –Reduced access costs –Global “reach”

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 4 Operating a global Internet v Scaling –A chicken in every pot! v Security –Military vs. commercial vs. personal v Management –Interconnection  interoperability –Sometimes  always

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 5 Professional operations v Old news! –Internet commercial since 1990 v For professional operation, use professional provider –However, inter-provider management warrants improvement

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 6 Basic algorithms Msg Hash Msg Hash ++ Ÿ Ÿ + + Key PRIV-ORIG DigitalSignatureDigitalSignature + Key DATA Ÿ Ÿ EncryptDataEncryptData Msg Hash Msg Hash + Key DATA + Key PUB-RECIP Key PUB-RECIP IntegrityAuthentication (sign) Privacy (seal) ŸŸ EncryptKeyEncryptKey When do you need each?...not always!

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 7 Security choices v Trusted paths –Simple fall-back v Symmetric keys –Doesn’t scale v Asymmetric keys –Patent licensing –Computational overhead

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 8 Where to put security? My object Object Transport Secure My object FTP Web Secure My object Secure My object Web Security Web Server MTA Security

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 9 Transport security protocols IPSEC IP-level labeling Kerberos (MIT) Third-party service S-KEY Pairwise login S-HTTP (EIT) Negotiate specifical object wrapper security SSL (Netscape) Client-server link STT (Microsoft) (TBD)

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 10 Object security protocols v MOSS (was PEM) –MIME Object Security Service - IETF –RSA + DES –Global, formal key certification hierarchy v PGP –Pretty Good Privacy - Phil Zimmerman –RSA + IDEA –Informal, personal, direct certification v S/MIME –Private, consortium effort –Product “plans” –Specification –

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 11 What is business? v R&D –Search, browse – Test –Coordinate v Support –Discuss –Info push v Marketing –Targeted info push –Survey v Sales –Negotiate –Order, bill, pay –Deliver

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 12 “Commerce” business v Providing infrastructure support for commerce –EDI VAN –Interface to payment/bank service –Digital cash –Electronic notary –Online market/brokerage

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 13 Styles of commerce v Receiver pull –Interactive sessions –Individual, foreground refinement v Sender push –Messaging –Bulk, background distribution (Mark Smith, Intel)

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 14 Bilateral vs. global v On-going relationships (awkward) –Special arrangements ok(awkward) v One-time exchange –“Casual” commerce (difficult) –Needs simple use (difficult) –Needs standard(s) solutions

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 15 Human interaction v R&D, marketing, support –Mostly discussion or bulk transfer –Often ok to have no security, otherwise u Mild sign and/or seal is plenty –Works well today

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 16 EComm classic – EDI v Multiple EDI transports already –Internet is one more v EDI/MIME, proposed standard –Use MIME-based security

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 17 Payment system model Buyer Merchant Issuing Bank Acquiring Bank ClearingHouse 16+4 M. Rose, FV

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 18 Payment system issues v Transaction category “card not present” –For all bankcard approaches for Internet v Issues –Knowing buyer/merchant authorized –Avoiding third-party interception –Interchange, assessment, fees –Retrievals, chargebacks, etc. u Risk management

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 19 Payment system efforts Commercenet First Virtual Holdings CyberCash OpenMarket Netmarket Netscape DigiCash bc/ibc2/softw_ag.html

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 20 Scheme “Clear” ClearingHouse Buyer Merchant 16+4 in the clear! Just trust the net... Easy to capture and replay.

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 21 Scheme “ID” ClearingHouse Buyer Merchant 16+4 ID ID 16+4 Still trust the net, until the next statement... Easy to capture and replay.

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 22 Scheme “ID confirm” ClearingHouse Buyer 16+4 ID ID Confirm ID Merchant Each transaction confirmed. Requires mildly safe user account.

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 23 Scheme “Secure link” ClearingHouse Buyer Merchant Encrypted Same a telephone, but encrypt over Internet. Merchant gets number. Is merchant safe??

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 24 Scheme “Mediated ClearingHouse Buyer Merchant Encrypted16+4 Encrypted 16+4 Encrypted 16+4 Only banks sees data in clear. Limited points of attack.

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 25 Create money v Private buyer and seller transaction – ml v Digicash, Netcash,... –Use public key cryptography u User generates note for bank to sign u Bank debits user account u Merchant checks signature u Bank redeems note; credits merchant –Buyers anonymous

© D. Crocker, Brandenburg Consulting, 1995Making Commerce Safe / 26 SummarySummary v Interesting times ahead v Internet commerce is real –but still formative –very fragmented –moving aggressively

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.