Presentation is loading. Please wait.

Presentation is loading. Please wait.

ECT 455/HCI 513 E-Commerce Web Site Engineering

Published byΜυρίνα Μαλαξός Modified over 5 years ago

Similar presentations

Presentation on theme: "ECT 455/HCI 513 E-Commerce Web Site Engineering"— Presentation transcript:

1 ECT 455/HCI 513 E-Commerce Web Site Engineering
Electronic Payment Systems Internet Transaction Security 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

2 Online Payment Systems
Online payment is the foundation of systems for EC. How does it mesh with the past and current currency systems? credit cards, debit cards, ATM, banks Political Challenges What about taxes? 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

3 Electronic Payment Systems
Efficient and effective payment services accepted by consumers and businesses are essential to e-commerce. Requirements: Convenient for web purchasing Transportable over the network Strong enough to thwart electronic interference Cost-effective for extremely low-value transactions 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

4 Electronic Payment Systems
Banking and Financial Payments Bank-to-bank transfer (EFT) Home Banking -- CitiBank, Wells Fargo Payment through an Intermediary Open Market * First Virtual (FirstVirtual Pin) * * Both refer to their earlier business models 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

5 Electronic Payment Systems
Electronic Currency Payment Systems Electronic Cash -- CyberCash, Internetcash.com Electronic Checks -- NetCheque e-Wallets (Visa) Smart Cards American Express (blue smart card) Visa Micropayments echarge 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

6 More Retailing Payment Systems
Credit Cards -- Visa or MasterCard Private Label Credit/Debit Cards Charge Cards -- American Express; echarge Peer-to-peer payments (between consumers) PayPal (billpoint) 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

7 Credit-Card Transactions
Popular form of payment for online purchases Resistance due to security concerns Many cards offer capabilities for online and offline purchases Prodigy Internet Mastercard American Express Blue 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

8 Online Credit-Card Transaction
To accept credit-card payments, a merchant must have a merchant account Traditional merchant accounts accept only POS (point-of-sale) transactions Transactions that occur when you present your credit card at a store Card-not-present (CNP) transaction Merchant does not see actual card being used in the purchase Authentication The person is, in fact, who they say they are 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

9 Credit-Card Transaction Enablers
Companies that have established business relationships with financial institutions that will accept online credit-card payments for merchant clients Trintech Cybercash (Verisign) 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

10 E-Wallets E-wallets Credit-card companies offer a variety of e-wallets
Keep track of your billing and shipping information so that it can be entered with one click at participating sites Store e-checks, e-cash and credit-card information Credit-card companies offer a variety of e-wallets Visa e-wallets MBNA e-wallet allows one-click shopping at member sites A group of e-wallet vendors have standardized technology with Electronic Commerce Modeling Language (ECML) 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

11 Digital Currency Digital cash
Stored electronically, used to make online electronic payments Similar to traditional bank accounts Used with other payment technologies (digital wallets) Alleviates some security fears online credit-card transactions Allows those with no credit cards to shop online Merchants accepting digital-cash payments avoid credit-card transaction fees 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

12 Smart Cards Smart card Card with computer chip embedded on its face, holds more information than ordinary credit card with magnetic strip Contact smart cards To read information on smart cards and update information, contact smart cards need to be placed in a smart card reader Contactless smart cards Have both a coiled antenna and a computer chip inside, enabling the cards to transmit information Can require the user to have a password, giving the smart card a security advantage over credit cards Information can be designated as "read only" or as "no access" Possibility of personal identity theft 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

13 Internet security Consumers entering highly confidential information
Number of security attacks increasing Four requirements of a secure transaction Privacy – information not read by third party Integrity – information not compromised or altered Authentication – sender and receiver prove identities Non-repudiation – legally prove message was sent and received Availability Computer systems continually accessible 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

14 Secret-key Cryptography
Encrypting and decrypting a message using a symmetric key                                                 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

15 Secret-key Cryptography
Distributing a session key with a key distribution center 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

16 Secret-key Cryptography
Same key to encrypt and decrypt message Sender sends message and key to receiver Problems with secret-key cryptography Key must be transmitted to receiver Different key for every receiver Key distribution centers used to reduce these problems Generates session key and sends it to sender and receiver encrypted with the unique key Encryption algorithms Dunn Encryption Standard (DES), Triple DES, Advanced Encryption Standard (AES) 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

17 Key Management Key management Handling and security of private keys
Key generation The process by which keys are created Must be truly random 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

18 Public Key Cryptography
Asymmetric – two inversely related keys Private key Public key If public key encrypts only private can decrypt and vice versa Each party has both a public and a private key Either the public key or the private key can be used to encrypt a message Encrypted with public key and private key Proves identity while maintaining security RSA public key algorithm 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

19 Public Key Encryption and Decryption
4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

20 Public Key Cryptography
Authentication with a public-key algorithm 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

21 Digital Signatures Digital signature Timestamping
Authenticates sender’s identity Run plaintext through hash function Gives message a mathematical value called hash value Hash value also known as message digest Collision Occurs when multiple messages have same hash value Encrypt message digest with private-key Send signature, encrypted message (with public-key) and hash function Timestamping Binds a time and date to message, solves non-repudiation Third party, time-stamping agency, timestamps messages 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

22 Using a digital signature to validate data integrity
4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

23 Digital Certificate A certificate is an electronic document used to identify an individual, a server, a company, or some other entity and to associate that identity with a public key. Public-key cryptography uses certificates to address the problem of impersonation Certificate authorities (CAs) are entities that validate identities and issue certificates. They can be either independent third parties or organizations running their own certificate-issuing server software 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

24 Digital Certificate A digital certificate includes:
the public key the name of the entity it identifies an expiration date the name of the CA that issued the certificate a serial number, and other information. Most importantly, a certificate always includes the digital signature of the issuing CA. The CA's digital signature allows the certificate to function as a "letter of introduction" for users who know and trust the CA but don't know the entity identified by the certificate. 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

25 Encryption & Transaction Security Secret vs. Public Key Encryption
Secret-Key Encryption (single key) Symmetric encryption, DES Use a shared secret key for encryption and decryption Key distribution & disclosure fast, for bulk data encryption Public-Key Encryption (Pair of keys) Asymmetric encryption, RSA (Rivest, Shamin, Adlemann) Private/Public keys Need digital certificates and trusted 3rd parties Slower For less demanding applications 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

26 Client Authentication
Password-Based Authentication. A server might require a user to type a name and password before granting access to the server. The server maintains a list of names and passwords; if a particular name is on the list, and if the user types the correct password, the server grants access. Certificate-Based Authentication. Client authentication based on certificates is part of the SSL protocol. The client digitally signs a randomly generated piece of data and sends both the certificate and the signed data across the network. The server uses techniques of public-key cryptography to validate the signature and confirm the validity of the certificate 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

27 Using a password to authenticate a client to a server
4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

28 Using a certificate to authenticate a client to a server
4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

29 Public Key Infrastructure, Certificates and Certification Authorities
Public Key Infrastructure (PKI) Integrates public key cryptography with digital certificates and certification authorities Digital certificate Digital document issued by certification authority Includes name of subject, subject’s public key, serial number, expiration date and signature of trusted third party Verisign ( Leading certificate authority Periodically changing key pairs helps security 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

30 SET Secure Electronic Transaction
The SET protocol is a collection of encryption and security specification used as an industry-wide, open standard for ensuring secure payment transaction over the Internet. A payment protocol to accelerate development of e-commerce and to bolster consumer confidence 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

31 SET Secure Electronic Transaction
SET establishes a method for interoperability of secure transactions software over multiple, popular hardware platforms and operating systems Developed by Visa and MasterCard, with GTE, IBM, Microsoft, Netscape, SAIC, Terisa Systems and Verisign. Based on encryption technology from RSA Data Security. 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

32 SET Secure Electronic Transaction
Use digital certificates to authenticate all the parties involved in a transaction SET-compliant software validates both merchant and cardholder before exchange of information Employs public-key encryption and digital signature Complete documentation in visa.com 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

33 Secure Electronic Transaction (SET)
SET protocol Designed to protect e-commerce payments Certifies customer, merchant and merchant’s bank Requirements Merchants must have a digital certificate and SET software Customers must have a digital certificate and digital wallet Digital wallet Stores credit card information and identification Merchant never sees the customer’s personal information Sent straight to banks Microsoft Authenticode Authenticates file downloads Informs users of the download’s author 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

34 Advantages of SET Over Channel Encryption
Participants are authenticated via certificates Financial institutions provide assurance, not software SET allows a wallet to clearly distinguish a payment from other uses of web forms SET prevents terminated merchants from obtaining account information (three party transaction) 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

35 Merchant Benefits of SET
More sales Increased trust in merchant Visa global acceptance Cost Savings Fewer losses from chargebacks Assured payment Reduced overhead Automated payment process 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

36 Secure Sockets Layer (SSL)
A transport-level technology for authentication and data encryption between a Web server and a Web browser. SSL negotiates point-to-point security between a client and a server. SSL secures the routes of Internet communication, but it does not protect you from unscrupulous or careless people. Source: Use Public Key Do not protect private information. 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

37 Secure Sockets layer (SSL)
Uses public-key technology and digital certificates to authenticate the server in a transaction Protects information as it travels over Internet Does not protect once stored on receivers server Peripheral component interconnect (PCI) cards Installed on servers to secure data for an SSL transaction 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

38 SET versus SSL SET SSL Three party protocol Two party protocol
Application protocol Trust requirement: All participants have been authenticated for a specific role in payment card transaction processing SSL Two party protocol TCP/IP Communication protocol Trust requirement: communicating with a trustable server 4/14/2019 ECT 455/HCI 513 Susy Chan Ph.D.

Download ppt "ECT 455/HCI 513 E-Commerce Web Site Engineering"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
CP3397 ECommerce.

CP3397 ECommerce.
Cryptography and Network Security

Cryptography and Network Security
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.

Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Computer and Network Security Risanuri Hidayat, Ir., M.Sc.

Computer and Network Security Risanuri Hidayat, Ir., M.Sc.
Chapter 8 Web Security.

Chapter 8 Web Security.
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.

 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.
Payment Systems for Electronic Commerce

Payment Systems for Electronic Commerce
Traditional and Electronic Payment Methods Chapter 3.

Traditional and Electronic Payment Methods Chapter 3.
Saad Haj Bakry, PhD, CEng, FIEE 1 Information Security for e -Business Saad Haj Bakry, PhD, CEng, FIEE P RESENTATIONS IN N ETWORK S ECURITY.

Saad Haj Bakry, PhD, CEng, FIEE 1 Information Security for e -Business Saad Haj Bakry, PhD, CEng, FIEE P RESENTATIONS IN N ETWORK S ECURITY.
Supporting Technologies III: Security 11/16 Lecture Notes.

Supporting Technologies III: Security 11/16 Lecture Notes.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Copyright © 2002 Pearson Education, Inc. Slide 6-1.

Copyright © 2002 Pearson Education, Inc. Slide 6-1.

Similar presentations

Ads by Google