Encryption - E-Commerce - Lecture Slides, Slides of Fundamentals of E-Commerce

Students of Communication, study E-Commerce as an auxiliary subject. these are the key points discussed in these Lecture Slides of E-Commerce : Encryption, Distribution Businesses, Symmetric Key, Public Key, Signature, Rights Management, Time Stamping, Secure Containers, Digital Documents, Special Purpose

Typology: Slides

2012/2013

Uploaded on 07/29/2013

sharad_984
sharad_984 🇮🇳

4.5

(13)

129 documents

1 / 13

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CS155b: E-Commerce
TPSs and Content-Distribution Businesses
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd

Partial preview of the text

Download Encryption - E-Commerce - Lecture Slides and more Slides Fundamentals of E-Commerce in PDF only on Docsity!

CS155b: E-Commerce

TPSs and Content-Distribution Businesses

Security Technologies

-^

Encryption^ –

Symmetric Key

Public Key

-^

Signature

-^

PKI

-^

Rights Management

-^

Time stamping

-^

Secure Containers

General Points about TPSs

-^

TPS is a means, not an end. Cannot answer legal,social, or economic questions about ownership of orrights over digital documents.

-^

No TPS is perfect.

-^

Continued improvement in TPS requires ongoingR&D, including “circumvention.”

-^

TPS easier to design for special purpose devices andsystems (

e.g.,

cable television) than for the Internet.

-^

TPS should serve customers’ needs,

e.g.,

assured

provenance, as well as rightsholders’ needs.

ContentDistributor EncryptedContent

PlayerApp.

PlayerApp. PayingCustomer

PayingCustomer

PlayerApp.

Thief (no k)

k^

k

Possible Realization for Web Pages

•^

Customer U and content-server use basicsecurity protocol,

e.g.,

SSL, to create “session

key” K

U^

and transfer payment from U to server.

•^

Server sends k` = E(k, K

U

) to U.

•^

U’s browser computes k = D (k`, K

),U

downloads encrypted content, decrypts itusing k, and displays it.

Possible Shortcomings

•^

Why can’t U print, save, or otherwise redirectdisplayed content?

-^

Why can’t a hacker steal k while it’s in use?

-^

Interaction of browser with other local-network software, e.g., back-up system?

Modern Computing Reality

Alice^ Admin

A

j

A

i

Bob

Admin

B

k

B

l

Eve

Alice

Real Sources of Compromise

•^

Unwatched Terminals

-^

Administrative Staff Changes

-^

Misconfigurations

-^

OS Bugs

-^

Bad Random-Number Generators Not sophisticated break-ins!

SSL In Online Retailing

-^

Most Internet retail sites use SSL to secure online payments.

-^

Online merchants purchase digital certificates from CAs (

e.g

., Verisign)

to authenticate itself to the browser software.

-^

SSL is NOT an electronic payment protocol. It is used to safelytransmit sensitive financial information (

e.g

., credit card number ,

personal address, etc.)

-^

It means online merchants using SSL (

e.g

., Amazon.com) do not

process the credit cards in real-time. A traditional mailorder/telephone order (MOTO) protocol is used after for paymentprocessing later,

-^

SSL provides security in authentication and communication. It doesnot address other security issues: it is up to the individual to trust aname linked to a certificate, and in its ability to protect and notmisuse its database.