E-Commerce Security - San Francisco State University

E-Commerce Security - San Francisco State University

E-Commerce Security E-Commerce Buying and selling, and marketing and servicing of products and services, and information via computer networks. E-Commerce Models 1. Storefront model: b2c Shopping cart, on-line shopping mall 2. Auction model: e-Bay

3. Portal model: yahoo.com 4. Dynamic pricing: name-your-price, comparison-pricing, bartering(exchange items), 5. B2B & EDI (Electronic Data Interchange) 6. Etc. M-Business E-Business enabled by wireless communication. WI-FI: Wireless local area network (WLAN) based on the IEEE802.11 specifications. Hotspot: A person with a Wi-Fi device, such as a

computer, cell telephone, or personal digital assistant (PDA) can connect to the Internet when in proximity of an Access Point. The region covered by one or several access points is called a hotspot. Location Based Services Location-Identification Technologies: Global Positioning System (GPS) Cell phone Angle of Arrival (AOA)

Location Based Services: B2E (Employee) B2C Internet Security Authenticity: Is the sender of a message who they claim to be? Privacy: Are the contents of a message secret and only known to the sender and receiver?

Integrity: Have the contents of a message been modified during transmission? Nonrepudiation: Can the sender of a message deny that they actually sent the message? Encryption (Cryptography) Plain text: the original message in humanreadable form. Ciphertext:the encrypted message Encryption algorithm: the mathematical formula used to encrypt the plain text.

Key: the secret key used to encrypt and decrypt a message. Encryption Example Digits: 0-9, Encryptor: Replace each digit by Mod(Digit + Key, 10) Keys value is from 0 to 9 If Key = 7, then: 0 -> 7, 1->8, 2->9, 3->0, 4->1, 5->2

Decryptor: Replace ach digit byMod(Digit + (10-Key), 10) If key=7, then 7->0, 8->1, 9->2, 0->3 Encryption Algorithms

Private key encryption Public key encryption Digital signature Digital certificate Private Key (secret Key) Encryption The same key is used by a sender (for encryption) and a receiver (for decryption) The key must be transmitted to the

receiver. Example: DES (Data Encryption Standard) algorithm with 56-bit key Public Key Encryption Uses two different keys: a public and a private key. Receivers public key must be delivered in advance. Sender uses receivers public key to encrypt the message and receiver uses private key to decrypt the message (Sender can be sure the receiver is the true

receiver) Example: RSA (Rivest, Shamir, and Adelman) algorithm with 512-bit to 1024-bit key. Note: Although the two keys are mathematically related, deriving one from the other is computationally infeasible. Digital Signature It is used for the authentication and nonrepudiation of

senders by applying public key encryption in reverse. How digital signature works: Sender: Create message digest: Hash(original message) Digital signature: Encrypt(Message digest, Senders private key) Encrypted message: Encrypt(Original message, Receivers public key)

Send the hash function, digital signature, and the encrypted message to receiver. Receiver: Use receivers private key to decrypt the encrypted message to reveal the original message. Use the senders public key to decrypt digital signature and reveal the message digest. Apply the hash function to the original message. If the hash value matches the message digest in the digital signature, the message is intact.

Ceritificate A certificate is a digital document issued by a trusted third-party certificate authority (CA). A certificate contains records such as a serial number, users name, owners public key, name of CA, etc. Example of CA: VeriSign, U.S. Postal Service.

Online Transaction Security Protocol Secure Sockets Layer (SSL) Developed by Netscape SSL implements public key technology using the RSA algorithm and digital certificate to authenticate the server in a transaction and protect private information Cookies Designed to hold information about a user. Created by a web site and saved on the visitors machine.

It contains: Web site that sets the cookie. One or more pieces of data. Expiration date for this cookie. Cookies directory: Browser sends cookie with the URL when you visit the site that issued the cookie.

Recently Viewed Presentations

  • Pressure Measurement

    Pressure Measurement

    PIEZOMETER--It is the simplest form of Manometer,used for measuring moderate pressure.It consist of a Tube,open at one end to the Atmosphere,inwhich,Liquid can rise freely without overflow,theHeight,to which the Liquid rises up in the Tube,gives the Pressure Head directly.p= γ h--not...
  • The Impact of Communication and Behavior on Learning

    The Impact of Communication and Behavior on Learning

    The Impact of Communication and Behavior on Learning/ Evaluation Guest Speaker Instruction Integration and performance of cognitive, social, and motor skills Communication Bill of Rights - National Joint Committee for the Communicative Needs of Persons with Severe Disabilities, 1992 Trend...
  • Chapter 1

    Chapter 1

    General Characteristics of Microorganisms. ... The Development of Aseptic Techniques. A) Joseph Lister (1867) - introduced aseptic technique ... His work started the field of immunology. 2. Florence Nightingale (1854) A) Founded the world's first nursing school.
  • The metaphysics of mind: an overview

    The metaphysics of mind: an overview

    Property dualism: mental are a completely different type of property, neither identical to, nor dependent on, physical properties. They are a new type of 'fundamental' property. Eliminative materialism.
  • Measuring waist and hip circumference Quality assurance Based

    Measuring waist and hip circumference Quality assurance Based

    Training of the personnel. Checking the equipment . Audit visits . Evaluation of the measurement data during the fieldwork. Quality assurance of waist and hip circumference measurements
  • AAQG Surveillance Team Report Prepared by: Tim Lee

    AAQG Surveillance Team Report Prepared by: Tim Lee

    Title: PowerPoint Presentation Author: LM Aero-FW Last modified by: btl5688 Created Date: 1/29/2002 1:54:44 PM Document presentation format: On-screen Show
  • December 2018 MNSPUG Intro

    December 2018 MNSPUG Intro

    Updates to Microsoft Flow and PowerApps for Office 365. Posted 11/28/2018. Effective February 1, 2019 require additional licensing. Creation and publication of custom connectors
  • Introduction to Databases & E-R Data Modeling

    Introduction to Databases & E-R Data Modeling

    je jednoznačně zodpověditelný Databáze - úvod, modelování dat * BCNF a další normalizace Bohužel tabulky v BCNF trpí mnohdy tzv. aktualizačními problémy. Přijde-li nový učitel databází Franta a bude používat tytéž dvě učebnice, bude nutno doplnit dva záznamy.