Transcript Doing Business on the Internet

Chapter 18:
Doing Business on the Internet
Business Data Communications, 4e
Security: The Key to E-Commerce
Communications
Encryption
Privacy
payment systems
Business Data Communications, 4e
2
SSL & TLS
Secure Socket Layer
Transport Layer Security
Protocols that sit between the underlying transport
protocol (TCP) and the application
Business Data Communications, 4e
3
Secure Socket Layer (SSL)
Originated by Netscape
TLS has been developed by a working group of the
IETF, and is essentially SSLv3.1
Provides security at the “socket” level, just above
the basic TCP/IP service
Can provide security for a variety of Internet
services, not just the WWW
Business Data Communications, 4e
4
SSL Implementation
 Focused on the initialization/handshaking to set up a secure
channel
 Client specifies encryption method and provides challenge text
 Server authenticates with public key certificate
 Client send master key, encrypted with server key
 Server returns an encrypted master key
 Digital signatures used in initialization are based on RSA;
after initialization, single key encryption systems like DES
can be used
Business Data Communications, 4e
5
Characteristics of
On-Line Payment Systems
Transaction types
Means of settlement
Operational characteristics
Privacy and security
Who takes risks
Business Data Communications, 4e
6
Secure Electronic Transactions
SET is a payment protocol supporting the use of
bank/credit cards for transactions
Supported by MasterCard, Visa, and many
companies selling goods and services online
SET is an open industry standard, using RSA publickey and DES single-key encryption
Business Data Communications, 4e
7
SET Participants & Interactions
Business Data Communications, 4e
8
Ideal Components of
Electronic Cash
Independent of physical location
Security
Privacy
Off-line payment
No need for third-party vendor
Transferability to other users
Divisibility
“Making change”Business Data Communications, 4e
9
E-Cash
Created by David Chaum in Amsterdam in 1990
Maintains the anonymity of cash transactions
Users maintain an account with a participating
financial institution, and also have a “wallet” on
their computer’s hard drive
Digital coins, or tokens, are stored in the wallet
Business Data Communications, 4e
10
Electronic Commerce Infrastructure
Intrabusiness
Intranet based
Supports internal transactions and transfers
Business-to-Business (BTB or B2B)
Extranet based
Business-to-Consumer (BTC or B2C)
Internet based
Business Data Communications, 4e
11
Importance of BTB Commerce
Business Data Communications, 4e
12
Firewalls
Used to provide security for computers inside of a
given network
All traffic to/from network passes through firewall
Only authorized traffic is allowed through
Firewall itself is a secure system
Firewall performs authentication on users
Firewall may encrypt transmissions
Business Data Communications, 4e
13
Free Trade Zones (FTZ)
 Area where communication and transactions occur between
trusted parties
 Isolated from both the external environment and the
enterprise’s internet network
 Supported by firewalls on both ends
 Inside the FTZ, all communications can be in clear mode
without any encryption
 Necessary because logical boundaries between BTB and IB
are becoming fuzzy.
Business Data Communications, 4e
14