Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Pertemuan 6 eBusiness Security and Controls Systems Matakuliah: F0662/ Web Based Accounting Tahun: 2005 Versi: 1/0.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Pertemuan 6 eBusiness Security and Controls Systems Matakuliah: F0662/ Web Based Accounting Tahun: 2005 Versi: 1/0."— Presentation transcript:

1 1 Pertemuan 6 eBusiness Security and Controls Systems Matakuliah: F0662/ Web Based Accounting Tahun: 2005 Versi: 1/0

2 2 Learning Outcomes Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu : Menjelaskan potensi resiko dan sistem pengendalian intern yang seharusnya ada (TIK-6) Type threats and attacks (TIK-6)

3 3 Outline Materi Materi 1 Menjelaskan potensi resiko dan sistem pengendalian intern yang seharusnya ada. Materi 2 Type threats and attacks (TIK-6)

4 4 Internet Security and Electronic Payment Services

5 5 Internet Security Firewalls Intranets Extranets Secure Transmission SSL Digital Certificates Digital Signatures Electronic Payments

6 6 Typical Computer Network Security Problems Network transmissions can be intercepted No proof of sender Data Integrity Non-repudiation

7 7 Firewalls Are systems that establish control policies among networks. They can permit different users to perform different operations according to their authorisation. Two general types –Packet Level firewalls –Application Level Firewalls

8 8 Firewalls

9 9 LAN with individual internet access Internet

10 10 Firewalls LAN With Internet access through a firewall Internet firewall

11 11 Intranets A private network within a business used to share company information and computing resources among employees A client-server application use TCP/IP, HTTP communication protocols and HTML publishing May consist of interlinked local area networks, also use leased lines in the wide area network Typically includes connections through one or more gateway computers to the outside Internet

12 12 Intranets

13 13 Extranets Part of an enterprise's Intranet extended to users outside the company A private network for suppliers, vendors, partners and customers rather than the general public Uses the Internet for transmission but needs passwords for access

14 14 Extranets

15 15 Who can read my E-Mail? LAN Secure Transmission

16 16 Private Key Encryption

17 17 Public Key Encryption

18 18 Secure Transmission PGP (Pretty Good Privacy) Message Integrity SSL Provides data authentication, message integrity, and optional client authentication. Digital Certificate Authentication Digital Signature

19 19 Secure Transmission SSL encrypts and then decrypts any packets of information being transmitted. essential for sensitive corporate data or financial transactions. May not authenticate the receiver of encrypted data. Is currently implemented on –Netscape navigator –Internet Explorer Uses the widely used RSA public key cryptography

20 20 Secure Transmission Digital Certificates contains : –your name, –a serial number, –expiration dates, –a copy of the certificate holder's public key (used for decrypting messages and digital signatures), and –the digital signature of the certificate-issuing authority (a digital Passport) Morley E (October 12, 1999) digital certificate http://whatis.com/

21 21 Secure Transmission Digital Certificates can be kept in registries so that authenticated users can look up other users' public keys Morley E (October 12, 1999) digital certificate http://whatis.com/

22 22 Secure Transmission 6 Without a Digital Certificate ?

23 23 Secure Transmission 7 With a Digital Certificate !

24 24 Secure Transmission Digital Signature authenticate the identity of the sender the receiver can check that the message or document being sent is unchanged can be automatically time-stamped can be used with encrypted or normal messages can also used be with digital certificates

25 25 Secure Transmission (summary) Security Technology What it doesEffectiveness and Limitations FirewallAuthorizes access. Filters/rejects users based on access rights on server Authorizes access, but cannot authenticate identity of user. Password based, so open to many associated problems. Digital Certificate Authenticates identity of user Certificates are vulnerable to system crash or deletion. Can be compromised if computer stolen. Cannot stop certificate and key being shared. Encryption / SSL Protects data confidentiality Only encrypts data. Does not authenticate. Encryption is compromised by using passwords or certificates.

26 26 Electronic and Digital Signatures From a legal point of view, hand writing one’s name on paper has been the principle means of signature for centuries. In today's electronic world the legal concept of a signature could include: –Digitised images of paper signatures. –Typed notations. –Letterheads or e-mail origination headers.

27 27 Electronic and Digital Signatures However there is a difference between these types of electronic signatures and digital signatures.

28 28 Electronic Signature Definition DEFINITION OF ELECTRONIC SIGNATURE: Sec. 4(4). Electronic signature.-- The term "electronic signature'' means an electronic sound, symbol, or process, attached to or logically associated with a (contract or other) record and executed or adopted by a person with the intent to sign the record.

29 29 Electronic Transactions The digital signature is revolutionizing e- commerce and corporate document management systems. Legislative bodies nationwide and internationally are rewriting the definition of "signature" to include electronic signatures, and passing laws and regulations to accommodate electronic signatures on legal documents and in filings. Utah Digital Signatures Act. Singapore : Electronic Transactions act (Act25 of 1998).

30 30 Digital Signature Technology Digital signatures are created and verified by means of cryptography. Two different keys are generally used: –One for creating or transforming the data into a unintelligible form. –One for verifying a digital signature or returning the message to its original form. This is usually referred to as “Asymmetric cryptosystem.” The keys are usually referred to as the “private key” which is only known to the signer, and the “Public Key” which is usually more widely known and and used to verify the digital signature.

31 31 Digital Signatures The process of creating a digital signature and verifying it accomplish the essential effects desired of a signature: Signer Authentication –If a private key and a public key is associated with an identified signer, a digital signature by a private key effectively identifies the signer with the message Message authentication –The process of digitally signing also identifies the matter to be signed with greater certainty and precision than paper signatures

32 32 Digital Signatures Affirmative act –Creating a digital signature requires the signer to provide a private key and invoke a software function to create a digital signature. Efficiency –The process of creating and verifying a digital signature provides a high level of assurance that the digital signature is genuinely the signer’s and is almost entirely automated or capable of automation

33 33 Digital Signatures and Certification Authorities To ensure that parties using digital signatures are identified with a particular key pair, A trusted third party termed a “certification authority” is used to associate an identified person on one end of a transaction with the key pair creating the digital signature at the other end. Verisign. Society for Worldwide Interbank Funds Transfers (SWIFT)Society for Worldwide Interbank Funds Transfers (SWIFT). E-Club of the International Chamber of Commerce (ICC)E-Club of the International Chamber of Commerce (ICC). Identrus LLCIdentrus LLC. WISeKey S.A.

34 34 Digital Signatures costs and benefits Costs. –Institutional overhead. Cost of establishing and utilising certification authorities etc. –Product cost. Software may be expensive. Certification authority charges for issuing certificates. Verification software. Access to certificate repository.

35 35 Digital Signatures Costs and Benefits Benefits. –Imposters. Minimize risk of dealing with impostors. –Message corruption. Minimize the risk of message tampering. –Formal legal requirements. Legal requirements of writing, signature and an original document are satisfied. –Open systems. Retention of a high degree of information security when information is sent over open, insecure internet channels.

36 36 Electronic Payment Instruments and Systems To be attractive to consumers and businesses: –Should save money –Reduce costs in current systems –Enable consumers to spend their money more cheaply

37 37 Electronic Payment Instruments and Systems Cost of Transactions –Financial Institution Teller generated $1.07 –ATM$0.27 –Swiping a Credit card$0.08 - $.015 –Dipping a smart card $0.01 Can squeeze as much as $1.06 out of each of the trillions 0f financial services transactions that occur each year Good reason why electronic instruments and systems will change!!

38 38 Electronic Payments Credit cards SET (Secure Electronic Transactions) Payment Services, Merchant Gateways Micropayments (DigiCash, e-Cash, NetPay) Mondex (SmartCards)

39 39 Electronic Payments: How credit cards work Visa Net Acquirer Issuer Merchant Duncan Unwin, QSI Payments Inc., 2000

40 40 Electronic Payments: SET: Visa, Mastercard A specification which use public-key and private-key cryptography authenticate cardholders and merchants using digital certification provide confidentiality of payment data –merchant does not see the credit card number

41 41 Electronic Payments: Payment Services, Merchant Gateways 3rd Party Service –Camtech, Surelink, QSI Bank Service –CBA, ANZ, NAB, Westpac, St George Duncan Unwin, QSI Payments Inc., 2000

42 42 Electronic Payments: Micropayments: Small electronic cash payment systems –DigiCash, e-Cash, NetPay See W3C for the first public working draft of the "Common Markup for Web Micropayment Systems”, at URL http://www.w3.org/TR/WD-Micropayment- Markup

43 43 MilliCent

44 44 eCash Website

45 45 Checkfree Website

46 46 Electronic Cash systems Provide a direct electronic equivalent of cash –Clickshare –Mondex –Bpay

47 47 Mondex Website

48 48 Electronic Payments: Mondex (Smart Cards) 1 Members - –licensed to issue Mondex cards to cardholders and merchants. Merchants - –Retailers, service companies and other business that enter into an agreement with Members to enable them to accept Mondex electronic cash as payment for goods and services.

49 49 Electronic Payments: Mondex (Smart Cards) 1 Cardholders - –provided with a Mondex Card by a Member which enables them to pay for goods and services from Merchants and transfer money to/from other Cardholders.

50 50 Electronic Payments: Mondex (Smart Cards) Home Banking - –download value from your bank account to your card. Buying on the Internet - –buy low value goods and services on the Internet that aren't normally chargeable. Privacy - –no record held of the transaction, – privacy normally only afforded with physical cash. –real-time verification of funds.

51 51 Clickshare

52 52 Bpay

53 53 Bibliography Schneider and Perry, Electronic Commerce Chapter 7 http://www.course.com/downloads/sites/ec ommerce/ch07.html www.mondex.com

54 54 Summary Mahasiswa diwajibkan membuat summary

Download ppt "1 Pertemuan 6 eBusiness Security and Controls Systems Matakuliah: F0662/ Web Based Accounting Tahun: 2005 Versi: 1/0."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
CP3397 ECommerce.

CP3397 ECommerce.
Cryptography and Network Security

Cryptography and Network Security
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Chapter 13 Paying Via The Net. Agenda Digital Payment Requirements Fraud Detection Online Payment Methods Online Payment Types The Future Payment.

Chapter 13 Paying Via The Net. Agenda Digital Payment Requirements Fraud Detection Online Payment Methods Online Payment Types The Future Payment.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Part 5:Security Network Security (Access Control, Encryption, Firewalls)

Part 5:Security Network Security (Access Control, Encryption, Firewalls)
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Electronic Commerce Yong Choi School of Business CSU, Bakersfield.

Electronic Commerce Yong Choi School of Business CSU, Bakersfield.
1 Pertemuan 6 Transaksi Dokumen dan pembayaran Elektronik Matakuliah: H0292 / E-Business Tahun: 2005 Versi: v0 / Revisi 1.

1 Pertemuan 6 Transaksi Dokumen dan pembayaran Elektronik Matakuliah: H0292 / E-Business Tahun: 2005 Versi: v0 / Revisi 1.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Chapter 8 Web Security.

Chapter 8 Web Security.
Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.

Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.

Similar presentations

Ads by Google