Chapter 18:Doing Business on the Internet Business Data Communications, 4e... SSL & TLS✘ Secure Socket Layer ✘ Transport Layer Security ✘ Protocols that sit between the underlying transp
Trang 1Chapter 18:
Doing Business on the Internet
Business Data Communications, 4e
Trang 2Security: The Key to E-Commerce
✘ Communications
✘ Encryption
✘ Privacy
✘ payment systems
Trang 3SSL & TLS
✘ Secure Socket Layer
✘ Transport Layer Security
✘ Protocols that sit between the underlying transport protocol (TCP) and the application
Trang 4Secure Socket Layer (SSL)
✘ Originated by Netscape
✘ TLS has been developed by a working group of the IETF, and is essentially SSLv3.1
✘ Provides security at the “socket” level, just above the basic TCP/IP service
✘ Can provide security for a variety of Internet
services, not just the WWW
Trang 5SSL Implementation
✘ Focused on the initialization/handshaking to set up a secure channel
✘ Client specifies encryption method and provides challenge text
✘ Server authenticates with public key certificate
✘ Client send master key, encrypted with server key
✘ Server returns an encrypted master key
✘ Digital signatures used in initialization are based on RSA; after initialization, single key encryption systems like DES can be used
Trang 6Characteristics of On-Line Payment Systems
✘ Transaction types
✘ Means of settlement
✘ Operational characteristics
✘ Privacy and security
✘ Who takes risks
Trang 7Secure Electronic Transactions
✘ SET is a payment protocol supporting the use of
bank/credit cards for transactions
✘ Supported by MasterCard, Visa, and many
companies selling goods and services online
✘ SET is an open industry standard, using RSA public-key and DES single-public-key encryption
Trang 8SET Participants & Interactions
Trang 9Ideal Components of
Electronic Cash
✘ Independent of physical location
✘ Security
✘ Privacy
✘ Off-line payment
✘ No need for third-party vendor
✘ Transferability to other users
✘ Divisibility
✘ “Making change”
Trang 10✘ Created by David Chaum in Amsterdam in 1990
✘ Maintains the anonymity of cash transactions
✘ Users maintain an account with a participating
financial institution, and also have a “wallet” on
their computer’s hard drive
✘ Digital coins, or tokens, are stored in the wallet
Trang 11Electronic Commerce Infrastructure
✘ Intrabusiness
✘ Intranet based
✘ Supports internal transactions and transfers
✘ Business-to-Business (BTB or B2B)
✘ Extranet based
✘ Business-to-Consumer (BTC or B2C)
✘ Internet based
Trang 12Importance of BTB Commerce
Trang 13✘ Used to provide security for computers inside of a given network
✘ All traffic to/from network passes through firewall
✘ Only authorized traffic is allowed through
✘ Firewall itself is a secure system
✘ Firewall performs authentication on users
✘ Firewall may encrypt transmissions
Trang 14Free Trade Zones (FTZ)
✘ Area where communication and transactions occur between
trusted parties
✘ Isolated from both the external environment and the enterprise’s internet network
✘ Supported by firewalls on both ends
✘ Inside the FTZ, all communications can be in clear mode without any encryption
✘ Necessary because logical boundaries between BTB and IB are