Time Stamping - E-Commerce - Lecture Slides, Slides of Fundamentals of E-Commerce

E-Commerce is taking over the traditional commerce practices. It is of special concern for the IT students. Following are the key points of these Lecture Slides : Time Stamping, Encryption, Symmetric Key, Public Key, Security Technologies, Rights Management, Secure Containers, Right Ingredients, Protection System, Optimistic

Typology: Slides

2012/2013

Uploaded on 07/30/2013

post_box
post_box 🇮🇳

4.7

(3)

113 documents

1 / 24

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Security Technologies
Encryption
Symmetric Key
Public Key
Signature
•PKI
Rights Management
Time stamping
Secure Containers
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18

Partial preview of the text

Download Time Stamping - E-Commerce - Lecture Slides and more Slides Fundamentals of E-Commerce in PDF only on Docsity!

Security Technologies

Encryption

  • Public Key– Symmetric Key

Signature

PKI

Rights Management

Time stamping

Secure Containers

Product- or Service-Developer’s Goal

  • Choose the right ingredients and weave

technical protection system (TPS).them together into an effective end-to-end

  • Ingredients must be “right” w.r.t. business

as technical context.model and legal and social content as well

Notoriously Difficult! (Shapiro and Varian

may be too optimistic.)

Content

Encrypted Distributor Content

Player App.

Player App.

CustomerPaying

CustomerPaying

Player App. Thief (no k)

k

k

Common Elements of Many TPSs

  • Mass-Market broadcast content
  • Anyone can get ciphertext, which is broadcast

on low-cost channel (

e.g.,

web page, broadcast

TV).

  • Encrypted once.
  • Decryption key k sent only to paying

channel.customers on lower-bandwidth, higher-cost

Possible Shortcomings

  • Why can’t U print, save, or otherwise

redirect displayed content?

  • Interaction of browser with other local-• Why can’t a hacker steal k while it’s in use?

network software, e.g., back-up system?

Crypto. Theory Myth: Private Environments

Key KDC

Generation

c

K AB

Bob Alice

Y Alice

E(X, K

AB

)

Bob

X

D(Y, K

AB^

)

Y

Real Sources of Compromise

Not sophisticated break-ins!• Bad Random-Number Generators• OS Bugs• Misconfigurations• Administrative Staff Changes• Unwatched Terminals

Secure Socket Layer (SSL)

Internet Standard in 1997 (version 3.x).SSL was first developed by Netscape Corp. in 1994 and became an

communicating across a “socket” (SSL is a cryptographic protocol to secure two applications

cf

. TCP).

Data transmitted through an SSL connection is encrypted.

socket connection to the server (port 443).The string https:// in an URL specifies the browser to open a securedIt is mostly used by WWW applications (web servers and browsers).

trusted CAs.hierarchy” in SSL, so browsers are preloaded with certificates ofSSL uses digital certificates for authentication. There is no “trust

markets use weakened cryptography (40-bit key vs. 128-bit key).Due to U.S. export regulations, products using SSL sold in foreign

The SSL Handshake

Server hello^ Client hello

*Request Client Certificate Present Server Certificate Server Key Exchange

Client Finish

Present Client Certificate Change Cipher SpecCertificate VerifyClient Key Exchange Server Finish

Change Cipher Spec

Client

Server

Application Data

  • Optional messages

Possible Realization for Pay-TV

  • K

ui

is entered in i

th

“set-top box” when box

is installed.

  • E(k, K

u

), …, E(k, K

uN

) are broadcast with

encrypted program.

Shortcoming:

One

broken box can be used to

steal

all

future programs.

Uses of Watermarking in TPS

shortcomings.)broadcast of encrypted content... and samedistribution of keys. (Same architecture as inBroadcast of marked object, controlled

of marked objects.Web crawlers can search for unauthorized copies

be detected by “fragile watermarking schemes.”Unauthorized modification of marked objects can

marked objects.Special-purpose devices can refuse to copy

Superdistribution

Content is packaged with “terms and conditions” that

can be augmented by value-adding middlemen.are checked by a “rights-management system” and

Content

Originator

RedistributorRedistributor

Redistributor

Redistributor

Redistributor

ClearingPayment System

userEnd

userEnd

userEnd

userEnd

Known Risks

Unknown

Risks

TPS

Copyright Law

Residual Risks

A.Rubin & M. Reiter – used with permission

INTERTRUST

  • Full Name: Intertrust Technologies

Corporation

  • Business Area: Digital Right Management• Revenues in 1999: $1,541,000• Stock Price: $4.56 (Jan 29, 2001)• Employees: 190 (end of 1999)

(DRM)