Transcript Chapter 18
Chapter 18:
Doing Business on the
Internet
Business Data Communications,
4e
Security: The Key to E-Commerce
Communications
Encryption
Privacy
Payment systems
2
SSL & TLS
Secure Socket Layer
Transport Layer Security
Protocols that sit between the
underlying transport protocol (TCP) and
the application
3
Secure Socket Layer (SSL)
Originated by Netscape
TLS has been developed by a working group
of the IETF, and is essentially SSLv3.1
Provides security at the “socket” level, just
above the basic TCP/IP service
Can provide security for a variety of Internet
services, not just the WWW
https://…/
TCP Port:443
4
SSL Implementation
Focused on the initialization/handshaking to
set up a secure channel
Client specifies encryption method and provides
challenge text
Server authenticates with public key certificate
Client send master key, encrypted with server key
Server returns an encrypted master key
Digital signatures used in initialization are
based on RSA; after initialization, single key
encryption systems like DES can be used
5
SSL
6
Characteristics of
On-Line Payment Systems
Transaction types
Mircopayments, large payments, …
Means of settlement
Cash, credit cards, …
Operational characteristics
On-line or off-line payments
Privacy and security
Audit trails, authentication, non-repudiation, …
Who takes risks
7
SET
-Secure Electronic Transactions
SET is a payment protocol supporting the use
of bank/credit cards for transactions
Supported by MasterCard, Visa, and many
companies selling goods and services online
SET is an open industry standard, using RSA
public-key and DES single-key encryption
8
SET Participants &
Interactions
9
SET Architecture
10
Ideal Components of
Electronic Cash
Independent of physical location
Security
Privacy
Off-line payment
No need for third-party vendor
Transferability to other users
Divisibility
“Making change”
11
E-Cash
Created by David Chaum in Amsterdam in
1990
Maintains the anonymity of cash transactions
Users maintain an account with a
participating financial institution, and also
have a “wallet” on their computer’s hard
drive
Digital coins, or tokens, are stored in the
wallet
12
Electronic Commerce
Infrastructure
Intrabusiness
Intranet based
Supports internal transactions and
transfers
Business-to-Business (BTB or B2B)
Extranet based
Business-to-Consumer (BTC or B2C)
Internet based
13
Importance of BTB Commerce
14
Firewalls
Used to provide security for computers inside
of a given network
All traffic to/from network passes through
firewall
Only authorized traffic is allowed through
Firewall itself is a secure system
Firewall performs authentication on users
Firewall may encrypt transmissions
15
DMZ- DeMilitarized Zone
Info
Server
Mail
Server
Internet
IP Filtering
Router
IP Filtering
Router
Site Systems
(1) From bastion host to inside
(2) E-mail from mail server to inside
(3) From inside to bastion host
(4) E-mail From inside to mail server
(5) WWW , Gopher from inside to info server
(6) REJECT all other traffic
Bastion Host
DMZ/Perimeter Network
(1) From bastion host to outside
(2) E-mail from mail server to outside
(3) From outside to bastion host
(4) E-mail From outside to mail server
(5) WWW , Gopher from outside to info server
(6) REJECT all other traffic
16
Free Trade Zones (FTZ)
Area where communication and transactions
occur between trusted parties
Isolated from both the external environment
and the enterprise’s internet network
Supported by firewalls on both ends
Inside the FTZ, all communications can be in
clear mode without any encryption
Necessary because logical boundaries
between BTB and IB are becoming fuzzy.
17
18
19