About of E-commerce security
The security in e-commerce is becoming more topical part.in the ongoing success and growth. However, Internet is an open communications network and anyone can exploitits vulnerabilities for fraudulent gain. If the Internet is to succeed as a business and communications tool, then the security is the most fundamental issue that needs to be taken care of. The following are some of the security features that can be implemented for success of e-commerce:
• Identification or Authenticatior: The persons/entities with whom we are
communicating are really w" " . 'ly they are.
• Confidentiality: The content of the message or transaction is kept
confidential. It should only be read and understood by the intended sender
and receiver.
• Integrity: The content of the message or transaction is not tampered
accidentally or deliberately.
• Non-Repudiation: The sender and receiver cannot deny sending and
receiving of the message or transaction respectively.
• Access Control: Access to the protected information is only realized by the
intended person or entity.
There are two levels for securing information over the Internet:
• The first level is issue of a Digital certificate. Digital certificates provide a
means of proving your identity in electronic transactions; much like a
driving license or a passport. With a Digital certificate, you can assure
friends, business associates, and online services that the electronic
information they receive from you is authentic.
• The second level is SSL (Secure Sockets Layer). SSL is a standard security
technology that helps in establishing an encrypted link between the server
and the client - typically a web server (e-commerce website) and a browser
(consumer side). SSL allows client/server apil1icationsto exchange sensitive . .•....
information such as credit card numbers and login credentials securely
preventing others from eavesdropping, tampering or forging the information.
Digital Certificates
Digital certificates are electronic files that are used to uniquely identify people and resources over the Internet. They enable secure, confidential communications between two parties. Digital certificates are issued by CA (Certifying Authorities), such as VeriSign or Entrust Technologies. A CA is a trusted entity whose main responsibility is certifying the authenticity of users. There are four types of certificates available:
• Server Certificates: These types of certificates are used by web servers to identify the company running the server and to allow encrypted SSL sessions and SET (Secure Electronic Transaction) processing.
• Personal Certificates: These certificates are for individuals who want to send SIMIME messages and access web servers using SSL and SET.
• Publisher Certificates: These are used by software authors to sign and identify their release codes so that users will know of tampering, if it happens.
• Certificate Information: All digital certificates include information about its owner and the CA who issued it. A digital certificate includes the following information: Name of the certificate holder and other identifying information unique to the holder such as URL or e-mail address, holder's public key, name of the CA who issued the certificate, serial number of certificate and validity period of the certificate (start and end date).
SSL
SSL allows the client and server to communicate with each other in' a way that prevents the tampering of data that is being transmitted. SSL requires all information sent between a client and-a server be encrypted (by the server) when sent and decrypted' (by the client) when received ..SSL also has the ability to detect any tampering of data. SSL certificates are available in two strengths: 40-bit encryption and 128-bit encryption. The higher the: bit number, the more difficult it is to break the encryption code.
0 Comments