ECommerce Security Technologies Ecommerce security threats Theft of

E-Commerce Security Technologies : • E-commerce security threats: • • Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality of customer and customer information) Maintenance of integrity of information • • • Encryption: Encryption is conversion data into secret codes for storage into database and transmission over the network. i. e The original message (clear text) is converted into coded equivalent (cipher text). Types of encryption 1. DES ( The data encryption standard) This approach uses single key known to both sender and receiver. 2. Public key encryption: This approach uses the two different key for encoding message and other for decoding.

• • • • Digital envelop: When both RSA and DES are used together. Digital signature: It an electronic authentication techniques that ensure the transmitted message originated with the authorized sender and that it was not tempered after the signature was applied. Digital certificate: Digital certificate like digital identification card that is used in conjunction with public key encryption to verify the message sender authenticity. Certification Authority (CA): CA is a company or trusted third party which issue the digital certificates such as Veri-sign PKI ( Public key infrastructure): PKI constitute the policies and procedures for administrating public and private key activities. PKI consists of CA (Certification Authority) issues and revoke digital certificate RA (Registration Authority) verify the identity of certificate applicants CR (Certification Repository) database contains current information about current certificates.

PKI • The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke (cancel) digital certificates.

• Transaction Privacy: – It means that unauthorized individuals cannot obtain transaction data. Transaction is encrypted using SSL method( developed Netscape). • Transaction authentication – It is the process of verifying transaction participants are who they claim to be. • Transaction Integrity – It ensures that transaction is not changed after the transaction completed. • Non repudiation: – It means that neither party can deny that transaction occurred.

SET • Secure Electronic Transaction (SET) was a standard protocol for securing credit card transactions over insecure networks, specifically, the Internet. SET was not itself a payment system, but rather a set of security protocols and formats that enable users to employ the existing credit card payment infrastructure on an open network in a secure fashion. However, it failed to gain traction. • SET is used by Visa, Master. Card, American Express. It establish the standards for encrypting and authenticating credit transaction data.

SSL • The Secure Socket Layer protocol was created by Netscape to ensure secure transactions between web servers and browsers. The protocol uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions