Presentation is loading. Please wait.

Presentation is loading. Please wait.

ELC 200 Day 11 Introduction to E-Commerce 1 Copyright, Tony Gauvin, UMFK, 2011.

Published byAlvin Lee Modified over 9 years ago

Similar presentations

Presentation on theme: "ELC 200 Day 11 Introduction to E-Commerce 1 Copyright, Tony Gauvin, UMFK, 2011."— Presentation transcript:

1 ELC 200 Day 11 Introduction to E-Commerce 1 Copyright, Tony Gauvin, UMFK, 2011

2 Agenda Questions? Assignment 2 corrected 10 A’s, 1 B, 1 C, 1 D and 2 non-submits Assignment 3 PAST Due Will be graded by next class Assignment 4 Posted Due March 14 Assignment4.pdf Quiz 1 will be March 11 (next Class) Chap 1-5, Open Book, Open Notes, On Blackboard, 85 Min 20 M/C @ 4 points each 4 short essays @ 5 points each 1 extra credit question on Web Browswers worth 5 points Finish Chap 5, Ecommerce Security and Payment systems

3 e-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. eighth edition Copyright © 2012 Pearson Education, Inc.

4 Chapter 5 E-commerce Security and Payment Systems Copyright © 2012 Pearson Education, Inc.

5 Learning Objectives. Describe how technology helps protect the security of messages sent over the Internet. Identify the tools used to establish secure Internet communications channels and protect networks, servers, and clients. Discuss the importance of policies, procedures, and laws in creating security. Describe the features of traditional payment systems. Explain the major e-commerce payment mechanisms. Describe the features and functionality of electronic billing presentment and payment systems.

6 Insight on Technology: Class Discussion Think Your Smartphone Is Secure? What types of threats do smartphones face? Are there any particular vulnerabilities to this type of device? What did Nicolas Seriot’s “Spyphone” prove? http://www.spyphone.com/ Are apps more or less likely to be subject to threats than traditional PC software programs? Copyright © 2012 Pearson Education, Inc.Slide 5-6

7 Copyright © 2011 Pearson Education, Inc. Technology Solutions Protecting Internet communications (encryption) Securing channels of communication (SSL, S-HTTP, VPNs) Protecting networks (firewalls) Protecting servers and clients Slide 5-7

8 Copyright © 2011 Pearson Education, Inc. Tools Available to Achieve Site Security Figure 5.7, Page 287 Slide 5-8

9 Copyright © 2011 Pearson Education, Inc. Encryption  Transforms data into cipher text readable only by sender and receiver  Secures stored information and information transmission  Provides 4 of 6 key dimensions of e-commerce security: 1. Message integrity 2. Nonrepudiation 3. Authentication 4. Confidentiality Slide 5-9

10 12-10 © 2007 Prentice-Hall, Inc What Is Encryption? A way to transform a message so that only the sender and recipient can read, see, or understand it Plaintext (cleartext): the message that is being protected Encrypt (encipher): transform a plaintext into ciphertext Encryption: a mathematical procedure that scrambles data so that it is extremely difficult for anyone other than authorized recipients to recover the original message Key: a series of electronic signals stored on a PC’s hard disk or transmitted as blips of data over transmission lines  Plaintext + key = Ciphertext  Ciphertext – key = Plaintext

11 12-11 © 2007 Prentice-Hall, Inc Symmetric Key Encryption Message “Hello” Encryption Method & Key Symmetric Key Party A Party B Interceptor Network Encrypted Message Encryption uses a non-secret encryption method and a secret key

12 12-12 © 2007 Prentice-Hall, Inc Simple example (encrypt) Every letter is converted to a two digit number  A=1, Z = 26  ANTHONY  01 14 20 08 15 14 25  Produce any 4 digit key  3654 (10 N -1 choices = 9,999)  Add together in blocks of 4 digits  0114 + 3654 = 3768  2008 + 3654 = 5662  1514 + 3654 = 5168  2500 + 3654 = 6154 (pad with 00 to make even) Send 3768566251686154 to fellow Spy

13 12-13 © 2007 Prentice-Hall, Inc Simple example (Decrypt) Received 3768566251686154 from fellow Spy  Break down in 4 digits blocks 3768 /5662 /5168 /6154  Get right Key  3654  Subtract key from blocks of 4 digits  3768 - 3654 = 114  5662 - 3654 = 2008  5168 - 3654 = 1514  6154 - 3654 = 2500  If result is negative add 10000 Break down to 2 digits and decode  01 = A, 14 =N, 20 = T, 08 = H

14 Copyright © 2011 Pearson Education, Inc. Symmetric Key Encryption Sender and receiver use same digital key to encrypt and decrypt message Requires different set of keys for each transaction Strength of encryption  Length of binary key used to encrypt data  2 N -1 possible keys to guess Advanced Encryption Standard (AES)  Most widely used symmetric key encryption  Uses 128-, 192-, and 256-bit encryption keys Other standards use keys with up to 2,048 bits Slide 5-14

15 Copyright © 2011 Pearson Education, Inc. Public Key Encryption Uses two mathematically related digital keys  Public key (widely disseminated)  Private key (kept secret by owner) Both keys used to encrypt and decrypt message Once key used to encrypt message, same key cannot be used to decrypt message Sender uses recipient’s public key to encrypt message; recipient uses his/her private key to decrypt it Slide 5-15

16 Copyright © 2010 Pearson Education, Inc. Slide 1-16

17 Copyright © 2011 Pearson Education, Inc. Public Key Cryptography – A Simple Case Figure 5.8, Page 289 Slide 5-17

18 12-18 © 2007 Prentice-Hall, Inc Public Key Encryption Public Key Encryption for Confidentiality Encrypted Message Encrypted Message Party A Party B Encrypt with Party B’s Public Key Decrypt with Party B’s Private Key Decrypt with Party A’s Private Key Encrypt with Party A’s Public Key Note: Four keys are used to encrypt and decrypt in both directions

19 Copyright © 2010 Pearson Education, Inc. Public Key Encryption Using Digital Signatures and Hash Digests Hash function:  Mathematical algorithm that produces fixed-length number called message or hash digest Hash digest of message sent to recipient along with message to verify integrity Hash digest and message encrypted with recipient’s public key Entire cipher text then encrypted with recipient’s private key—creating digital signature—for authenticity, nonrepudiation Slide 5-19

20 12-20 © 2007 Prentice-Hall, Inc Digital Signature: Sender DS Plaintext MD Hash Sign (Encrypt) MD with Sender’s Private Key To Create the Digital Signature: 1.Hash the plaintext to create a brief message digest; This is NOT the digital signature 2. Sign (encrypt) the message digest with the sender’s private key to create the digital Signature

21 12-21 © 2007 Prentice-Hall, Inc Digital Signature Sender Receiver DSPlaintext Add Digital Signature to Each Message Provides Message-by-Message Authentication Encrypted for Confidentiality

22 12-22 © 2007 Prentice-Hall, Inc Digital Signature Sender Encrypts Receiver Decrypts Send Plaintext plus Digital Signature Encrypted with Public key of receiver DSPlaintext Transmission

23 12-23 © 2007 Prentice-Hall, Inc Digital Signature: Receiver DSReceived Plaintext MD 1. Hash 2. Decrypt with True Party’s Public Key 3. Are they Equal? 1. Hash the received plaintext with the same hashing algorithm the sender used. This gives the message digest 2. Decrypt the digital signature with the sender’s public key. This also should give the message digest. 3. If the two match, the message is authenticated; The sender has the true Party’s private key

24 Copyright © 2011 Pearson Education, Inc. Public Key Cryptography with Digital Signatures Figure 5.9, Page 291 Slide 5-24

25 Copyright © 2011 Pearson Education, Inc. Digital Envelopes Address weaknesses of:  Public key encryption Computationally slow, decreased transmission speed, increased processing time  Symmetric key encryption Insecure transmission lines Uses symmetric key encryption to encrypt document Uses public key encryption to encrypt and send symmetric key Slide 5-25

26 Copyright © 2011 Pearson Education, Inc. Creating a Digital Envelope Figure 5.10, Page 292 Slide 5-26

27 Man in the Middle Attack Copyright © 2010 Pearson Education, Inc. Slide 5-27

28 12-28 © 2007 Prentice-Hall, Inc Public Key Deception Impostor “I am the True Person.” “Here is TP’s public key.” (Sends Impostor’s public key) “Here is authentication based on TP’s private key.” (Really Impostor’s private key) Decryption of message from Verifier encrypted with Impostor’s public key, so Impostor can decrypt it Verifier Must authenticate True Person. Believes now has TP’s public key Believes True Person is authenticated based on Impostor’s public key “True Person, here is a message encrypted with your public key.” Critical Deception

29 Copyright © 2010 Pearson Education, Inc. Slide 5-29 http://swiki.fromdev.com/2009/11/ssl-is-not-secure-anymore-serious.html

30 12-30 © 2007 Prentice-Hall, Inc Digital Signatures and Digital Certificates Public key authentication requires both a digital signature and a digital certificate to give the public key needed to test the digital signature DSPlaintext Applicant Verifier Certificate Authority Digital Certificate: True Party’s Public Key

31 Copyright © 2011 Pearson Education, Inc. Digital Certificates and Public Key Infrastructure (PKI) Digital certificate includes:  Name of subject/company  Subject’s public key  Digital certificate serial number  Expiration date, issuance date  Digital signature of CA Public Key Infrastructure (PKI):  CAs and digital certificate procedures  PGP http://www.pgpi.org/http://www.pgpi.org/ Slide 5-31

32 Copyright © 2011 Pearson Education, Inc. Digital Certificates and Certification Authorities Figure 5.11, Page 294 Slide 5-32

33 Copyright © 2011 Pearson Education, Inc. Limits to Encryption Solutions Doesn’t protect storage of private key  PKI not effective against insiders, employees  Protection of private keys by individuals may be haphazard No guarantee that verifying computer of merchant is secure CAs are unregulated, self-selecting organizations Slide 5-33

34 Copyright © 2011 Pearson Education, Inc. Slide 5-34

35 Insight on Society: Class Discussion Web Dogs and Anonymity What are some of the benefits of continuing the anonymity of the Internet? What are the disadvantages of an identity system? Are there advantages to an identity system beyond security? Who should control a central identity system? Copyright © 2012 Pearson Education, Inc.Slide 5-35

36 Securing Channels of Communication Secure Sockets Layer (SSL):  Establishes a secure, negotiated client-server session in which URL of requested document, along with contents, is encrypted Virtual Private Network (VPN):  Allows remote users to securely access internal network via the Internet Copyright © 2012 Pearson Education, Inc.Slide 5-36

37 Secure Negotiated Sessions Using SSL Figure 5.12, Page 303 Copyright © 2012 Pearson Education, Inc.Slide 5-37

38 Protecting Networks Firewall (Guarded Gate)  Hardware or software  Uses security policy to filter packets  Two main methods: Packet filters Application gateways Proxy servers (proxies)  Software servers that handle all communications originating from or being sent to the Internet Copyright © 2012 Pearson Education, Inc.Slide 5-38

39 Firewalls and Proxy Servers Figure 5.13, Page 306 Copyright © 2012 Pearson Education, Inc.Slide 5-39

40 Copyright © 2011 Pearson Education, Inc. Protecting Servers and Clients Operating system security enhancements  Upgrades, patches  Zero Day attacks Anti-virus software:  Easiest and least expensive way to prevent threats to system integrity  Requires daily updates  http://www.umfk.edu/it/downloads.cfm http://www.umfk.edu/it/downloads.cfm Slide 5-40

41 Management Policies, Business Procedures, and Public Laws U.S. firms and organizations spend 14% of IT budget on security hardware, software, services ($35 billion in 2010) Managing risk includes  Technology  Effective management policies  Public laws and active enforcement Copyright © 2012 Pearson Education, Inc.Slide 5-41

42 A Security Plan: Management Policies Risk assessment Security policy Implementation plan  Security organization  Access controls  Authentication procedures, including biometrics  Authorization policies, authorization management systems Security audit Copyright © 2012 Pearson Education, Inc.Slide 5-42

43 Developing an E-commerce Security Plan Figure 5.14, Page 308 Copyright © 2012 Pearson Education, Inc.Slide 5-43

44 Copyright © 2011 Pearson Education, Inc. The Role of Laws and Public Policy Laws that give authorities tools for identifying, tracing, prosecuting cybercriminals:  National Information Infrastructure Protection Act of 1996  USA Patriot Act  Homeland Security Act Private and private-public cooperation  CERT Coordination Center http://www.cert.org/http://www.cert.org/  US-CERT http://www.us-cert.gov/ncas/current-activity/http://www.us-cert.gov/ncas/current-activity/ Government policies and controls on encryption software OECD guidelines OECD_Cyber_Security.pdfOECD_Cyber_Security.pdf Slide 5-44

45 Copyright © 2012 Pearson Education, Inc.Slide 5-45

46 BRIEF HISTORY OF MONEY Barter Medium of Exchange  Tokens  Notational Money  Credit System

47 Types of Payment Systems Cash  Most common form of payment  Instantly convertible into other forms of value Checking transfer  Second most common payment form in United States Credit card  Credit card associations  Issuing banks  Processing centers Copyright © 2012 Pearson Education, Inc.Slide 5-47

48 Types of Payment Systems (cont.) Stored value  Funds deposited into account, from which funds are paid out or withdrawn as needed, e.g., debit cards, gift certificates  Peer-to-peer payment systems Accumulating balance  Accounts that accumulate expenditures and to which consumers make period payments  e.g., utility, phone, American Express accounts Copyright © 2012 Pearson Education, Inc.Slide 5-48

49 Check Numbers http://en.wikipedia.org/wiki/Demand_draft http://en.wikipedia.org/wiki/Qchex

50 Copyright © 2011 Pearson Education, Inc. Table 5.6, Page 312 Slide 5-50

51 Payment System Stakeholders’ Priorities Consumers  Low-risk, low-cost, refutable, convenience, reliability Merchants  Low-risk, low-cost, irrefutable, secure, reliable Financial intermediaries  Secure, low-risk, maximizing profit Government regulators  Security, trust, protecting participants and enforcing reporting Copyright © 2012 Pearson Education, Inc.Slide 5-51

52 Copyright © 2012 Pearson Education, Inc.Slide 5-52

53 E-commerce Payment Systems Credit cards  45% of online payments in 2011 (U.S.) Debit cards  28% online payments in 2011 (U.S.) Limitations of online credit card payment  Security, merchant risk  Cost  Social equity Copyright © 2012 Pearson Education, Inc.Slide 5-53

54 How an Online Credit Transaction Works Figure 5.16, Page 319 Copyright © 2012 Pearson Education, Inc.Slide 5-54

55 E-commerce Payment Systems (cont.) Digital wallets  Emulates functionality of wallet by authenticating consumer, storing and transferring value, and securing payment process from consumer to merchant  Early efforts to popularize failed  Latest effort: Google Checkout Digital cash (David Chaum)  Value storage and exchange using tokens  Most early examples have disappeared; protocols and practices too complex Copyright © 2012 Pearson Education, Inc.Slide 5-55

56 E-commerce Payment Systems (cont.) Online stored value systems  Based on value stored in a consumer’s bank, checking, or credit card account  PayPal  Smart cards Contact—use card reader Contactless  e.g., EZPass, Octopus card (Hong Kong)  Radio Frequency ID (RFID)  Near Field Communications (NFC) Copyright © 2012 Pearson Education, Inc.Slide 5-56

57 E-commerce Payment Systems (cont.) Digital accumulated balance payment:  Users accumulate a debit balance for which they are billed at the end of the month  PaymentsPlus, BillMeLater Digital checking:  Extends functionality of existing checking accounts for use online  PayByCheck, EBillMe Copyright © 2012 Pearson Education, Inc.Slide 5-57

58 Mobile Payment Systems Use of mobile handsets as payment devices well-established in Europe, Japan, South Korea Japanese mobile payment systems  E-money (stored value)  Mobile debit cards  Mobile credit cards Not as well established yet in United States  Infrastructure still developing  Apple, Google, RIM developing separate NFC systems Copyright © 2012 Pearson Education, Inc.Slide 5-58

59 Electronic Billing Presentment and Payment (EBPP) Online payment systems for monthly bills 30% + of households in 2010 used some EBPP; expected to continue to grow Two competing EBPP business models:  Biller-direct (dominant model)  Consolidator Both models are supported by EBPP infrastructure providers Copyright © 2012 Pearson Education, Inc.Slide 5-59

60 Copyright © 2012 Pearson Education, Inc.Slide 5-60

Download ppt "ELC 200 Day 11 Introduction to E-Commerce 1 Copyright, Tony Gauvin, UMFK, 2011."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Copyright © 2013 Pearson Education, Inc.

Copyright © 2013 Pearson Education, Inc.
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallCopyright © 2009 Pearson Education, Inc. Slide 5-1 Online Security and Payment Systems.

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallCopyright © 2009 Pearson Education, Inc. Slide 5-1 Online Security and Payment Systems.
E-commerce business. technology. society. Kenneth C. Laudon

E-commerce business. technology. society. Kenneth C. Laudon
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Copyright © 2009 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol.

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Copyright © 2009 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol.
E-commerce: business. technology. society.

E-commerce: business. technology. society.
Chapter 5 Security and Encryption

Chapter 5 Security and Encryption
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Chapter 6 E-commerce Payment Systems

Chapter 6 E-commerce Payment Systems
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Copyright © 2007 Pearson Education, Inc. Slide 6-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Third Edition.

Copyright © 2007 Pearson Education, Inc. Slide 6-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Third Edition.
Copyright © 2015 Pearson Education, Inc.

Copyright © 2015 Pearson Education, Inc.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.
Copyright © 2004 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.

Copyright © 2004 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 12-1© 2007 Prentice-Hall, Inc ELC 200 Day 24.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 12-1© 2007 Prentice-Hall, Inc ELC 200 Day 24.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Similar presentations

Ads by Google