Scribd
Upload
73 views

E Comm

The document discusses security issues related to e-commerce. It outlines the basic role of security in e-commerce, including authentication, access control, data confidentiality, integrity, and non-repudiation of transactions. It also discusses principles of network security like encryption and public key infrastructure. Finally, it proposes a hierarchical security infrastructure and standards-based solutions like smart cards to provide global e-commerce security.

Uploaded by

Foram Chheda
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
73 views

E Comm

The document discusses security issues related to e-commerce. It outlines the basic role of security in e-commerce, including authentication, access control, data confidentiality, integrity, and non-repudiation of transactions. It also discusses principles of network security like encryption and public key infrastructure. Finally, it proposes a hierarchical security infrastructure and standards-based solutions like smart cards to provide global e-commerce security.

Uploaded by

Foram Chheda
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 3

Security Technologies and Infrastructures for Electronic Commerce Systems

Introduction
This page is an overview of security issues related to E-commerce on the application level. Much of the topic here takes an abstract approach to analyzing the issues involved in providing a secure environment for commerce over the line. The talk focuses on how to provide security on a global scale. Here is an outline for the page. The Role of Security for E-commerce Provides information on the general role security plays into E-Commerce. Basic Principles of Network Security Provides a brief look at the principles involved in what it means to provide security The Concept of Security Platform and Infrastructure Provides an approach to globally implement a security system. Security Requirements for E-commerce Environments Provides some outlines on E-commerce security needs Security Solutions Gives some applied and emerging technological solutions.

The Role of Security for E-commerce


E-commerce has many standardized security services. These services deal with the control and flow of information so that the informations integrity remains as its originator intended. These services protect E-commerce transactions by: Authentication: Identities such as users, computers, and files can be uniquely identified. Control of Access: Controlling unwanted access to realms of the internetwork. Data Confidentiality: Protection of privacy. Data Integrity Assurance: Protection of data from modifications. Transaction Non-Repudiation: Reliability of transactions.

These security services are provided to ensure basic E-commerce requirements. Security services

provide a way for safe, authentic, and reliable communications between two or more parties. Security not only includes that the information stays within the communicating parties but also it can be verified and noted as authentic. Signing of contracts, registration of mail, disclosures, anonymity, and authorization schemes of the real world must be able to be replicated and done in the electronic world.

Basic Principles of Network Security


Encryption is generally done with Secret Key Cryptography. Several schemes exist, and they are only as strong at there cryptogram generation. However providing a secret key by itself is not enough, a strong backbone system must be in place to offset the weaknesses of individual encryption/decryption efforts. The system involves: Public Key Cryptography: Providing two keys, one encryption key and a decryption key. One is kept private while another is used publicly. Public Key Servers: Must provide a safe place where public keys can be shared but not tampered with. Certification Authority: Provides the guarantee of authentic keys. A use of a hierarchy can certify keys within the system. You are only as safe as the authority you trust above you that is providing the certification. This is generally a safe mechanism for providing security.

The Concept of Security Platform and Infrastructure


The security platform should allow for heterogeneous platform use. As the networking world grows it encompasses many types of systems that must be hosted. Assuring allowance for all systems provides a security mechanism will last. As E-commerce environment expands it becomes an even bigger concern for security systems to be installed. An expert reports that only about 3% of credit card use is on the Internet today, of these 3% half are from fraudulent usage. As the usage of credit cards increase overtime it becomes vastly important to discourage fraudulent use. Installation of a security infrastructure can be used to ensure safety. This infrastructure is a hierarchical approach to security. A role above each grouping of users will provide security measures. This continues up a chain where it resolves to a single point of authorization.

Security Requirements for E-commerce Environments


Again, to ensure safety within the E-commerce environment, a structured hierarchy must be used. Such systems exist, such as the X.500/Smart Card Registration. A smart card is a device that allows security and personal identification techniques to be carried by a person. This allows

personalization and answers to question who are you? The X.500 an international security solution system that provides hierarchical registration of uniquely identified smart cards. Certification in such a system occurs on two levels, local and global. Locally users are assured safety by certification authorization by the head of there department, group, or system. They are guaranteed security amongst their peers. To provide a worldwide and further reaching security, a global registration is put into place. The providers for local security are then secured themselves in the same manner. This continues up a tree to global certification scheme. For this type of system to work efficiently and without disjoint groups, standards must come to rise. Situations involving payments, document exchange, and sensitive information sharing are then highly secured within a standard very strong security system. The same system may be used for secure financial transactions, supporting business transactions, and personal safety.

Security Solutions
Today many in-place and emerging solutions are providing for a safe Internet world. Some of the more interesting ones rely on cryptographic keys and personalized smart card type technologies. They provide for user authentication and privacy protection. Here are a few systems. E-Commerce Infrastructure: Providing ways to access Credit Card information, and transaction control. E-Commerce Specialized Components, Wallets: Provide safekeeping of customer transactions. E-Commerce Specialized Components, Merchant Servers: Payments and inquiries E-Commerce Specialized Components: Bank Server: Provides for access to all security clearances, registrations, payments, etc. E-Commerce Specialized Components, Certification Servers: Registration and certifications. Smart Card Systems: By one expert is probably best solution for security and personalization of the Internet. Smart Card systems provide a good protection scheme as it takes the security issues away from the Internet/PC domain and puts it into the persons real world wallet.

You might also like