Business data communications 4e chapter chapter 18
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (249.51 KB, 14 trang )
Chapter 18:
Doing Business on the Internet
Business Data Communications, 4e
Security: The Key to E-Commerce
✘ Communications
✘ Encryption
✘ Privacy
✘ payment systems
Business Data Communic
ations, 4e
2
SSL & TLS
✘ Secure Socket Layer
✘ Transport Layer Security
✘ Protocols that sit between the underlying transport
protocol (TCP) and the application
Business Data Communic
ations, 4e
3
Secure Socket Layer (SSL)
✘ Originated by Netscape
✘ TLS has been developed by a working group of the
IETF, and is essentially SSLv3.1
✘ Provides security at the “socket” level, just above
the basic TCP/IP service
✘ Can provide security for a variety of Internet
services, not just the WWW
Business Data Communic
ations, 4e
4
SSL Implementation
✘ Focused on the initialization/handshaking to set up a secure
channel
✘
✘
✘
✘
Client specifies encryption method and provides challenge text
Server authenticates with public key certificate
Client send master key, encrypted with server key
Server returns an encrypted master key
✘ Digital signatures used in initialization are based on RSA;
after initialization, single key encryption systems like DES
can be used
Business Data Communic
ations, 4e
5
Characteristics of
On-Line Payment Systems
✘ Transaction types
✘ Means of settlement
✘ Operational characteristics
✘ Privacy and security
✘ Who takes risks
Business Data Communic
ations, 4e
6
Secure Electronic Transactions
✘ SET is a payment protocol supporting the use of
bank/credit cards for transactions
✘ Supported by MasterCard, Visa, and many
companies selling goods and services online
✘ SET is an open industry standard, using RSA publickey and DES single-key encryption
Business Data Communic
ations, 4e
7
SET Participants & Interactions
Business Data Communic
ations, 4e
8
Ideal Components of
Electronic Cash
✘ Independent of physical location
✘ Security
✘ Privacy
✘ Off-line payment
✘ No need for third-party vendor
✘ Transferability to other users
✘ Divisibility
✘ “Making change”
Business Data Communic
ations, 4e
9
E-Cash
✘ Created by David Chaum in Amsterdam in 1990
✘ Maintains the anonymity of cash transactions
✘ Users maintain an account with a participating
financial institution, and also have a “wallet” on
their computer’s hard drive
✘ Digital coins, or tokens, are stored in the wallet
Business Data Communic
ations, 4e
10
Electronic Commerce Infrastructure
✘ Intrabusiness
✘ Intranet based
✘ Supports internal transactions and transfers
✘ Business-to-Business (BTB or B2B)
✘ Extranet based
✘ Business-to-Consumer (BTC or B2C)
✘ Internet based
Business Data Communic
ations, 4e
11
Importance of BTB Commerce
Business Data Communic
ations, 4e
12
Firewalls
✘ Used to provide security for computers inside of a
given network
✘ All traffic to/from network passes through firewall
✘ Only authorized traffic is allowed through
✘ Firewall itself is a secure system
✘ Firewall performs authentication on users
✘ Firewall may encrypt transmissions
Business Data Communic
ations, 4e
13
Free Trade Zones (FTZ)
✘ Area where communication and transactions occur between
trusted parties
✘ Isolated from both the external environment and the enterprise’s
internet network
✘ Supported by firewalls on both ends
✘ Inside the FTZ, all communications can be in clear mode without
any encryption
✘ Necessary because logical boundaries between BTB and IB are
becoming fuzzy.
Business Data Communic
ations, 4e
14
