Chapter 18:
Doing Business on the Internet
Business Data Communications, 4e
Security: The Key to E-Commerce
✘ Communications
✘ Encryption
✘ Privacy
✘ payment systems
Business Data Communic
ations, 4e
2
SSL & TLS
✘ Secure Socket Layer
✘ Transport Layer Security
✘ Protocols that sit between the underlying transport
protocol (TCP) and the application
Business Data Communic
ations, 4e
3
Secure Socket Layer (SSL)
✘ Originated by Netscape
✘ TLS has been developed by a working group of the
IETF, and is essentially SSLv3.1
✘ Provides security at the “socket” level, just above
the basic TCP/IP service
✘ Can provide security for a variety of Internet
services, not just the WWW
Business Data Communic
ations, 4e
4
SSL Implementation
✘ Focused on the initialization/handshaking to set up a secure
channel
✘
✘
✘
✘
Client specifies encryption method and provides challenge text
Server authenticates with public key certificate
Client send master key, encrypted with server key
Server returns an encrypted master key
✘ Digital signatures used in initialization are based on RSA;
after initialization, single key encryption systems like DES
can be used
Business Data Communic
ations, 4e
5
Characteristics of
On-Line Payment Systems
✘ Transaction types
✘ Means of settlement
✘ Operational characteristics
✘ Privacy and security
✘ Who takes risks
Business Data Communic
ations, 4e
6
Secure Electronic Transactions
✘ SET is a payment protocol supporting the use of
bank/credit cards for transactions
✘ Supported by MasterCard, Visa, and many
companies selling goods and services online
✘ SET is an open industry standard, using RSA publickey and DES single-key encryption
Business Data Communic
ations, 4e
7
SET Participants & Interactions
Business Data Communic
ations, 4e
8
Ideal Components of
Electronic Cash
✘ Independent of physical location
✘ Security
✘ Privacy
✘ Off-line payment
✘ No need for third-party vendor
✘ Transferability to other users
✘ Divisibility
✘ “Making change”
Business Data Communic
ations, 4e
9
E-Cash
✘ Created by David Chaum in Amsterdam in 1990
✘ Maintains the anonymity of cash transactions
✘ Users maintain an account with a participating
financial institution, and also have a “wallet” on
their computer’s hard drive
✘ Digital coins, or tokens, are stored in the wallet
Business Data Communic
ations, 4e
10
Electronic Commerce Infrastructure
✘ Intrabusiness
✘ Intranet based
✘ Supports internal transactions and transfers
✘ Business-to-Business (BTB or B2B)
✘ Extranet based
✘ Business-to-Consumer (BTC or B2C)
✘ Internet based
Business Data Communic
ations, 4e
11
Importance of BTB Commerce
Business Data Communic
ations, 4e
12
Firewalls
✘ Used to provide security for computers inside of a
given network
✘ All traffic to/from network passes through firewall
✘ Only authorized traffic is allowed through
✘ Firewall itself is a secure system
✘ Firewall performs authentication on users
✘ Firewall may encrypt transmissions
Business Data Communic
ations, 4e
13
Free Trade Zones (FTZ)
✘ Area where communication and transactions occur between
trusted parties
✘ Isolated from both the external environment and the enterprise’s
internet network
✘ Supported by firewalls on both ends
✘ Inside the FTZ, all communications can be in clear mode without
any encryption
✘ Necessary because logical boundaries between BTB and IB are
becoming fuzzy.
Business Data Communic
ations, 4e
14