This page is an overview of security issues related to E-commerce on the application level. Much of the topic here takes an abstract approach to analyzing the issues involved in providing a secure environment for commerce over the line. The talk focuses on how to provide security on a global scale. Here is an outline for the page.
The Role of Security for E-commerce
Provides information on the general role security plays into E-Commerce.
Basic Principles of Network Security
Provides a brief look at the principles involved in what it means to provide security
The Concept of Security Platform and Infrastructure
Provides an approach to globally implement a security system.
Security Requirements for E-commerce Environments
Provides some outlines on E-commerce security needs
Gives some applied and emerging technological solutions.
E-commerce has many standardized security services. These services deal with the control and flow of information so that the information’s integrity remains as its originator intended. These services protect E-commerce transactions by:
These security services are provided to ensure basic E-commerce requirements. Security services provide a way for safe, authentic, and reliable communications between two or more parties. Security not only includes that the information stays within the communicating parties but also it can be verified and noted as authentic. Signing of contracts, registration of mail, disclosures, anonymity, and authorization schemes of the real world must be able to be replicated and done in the electronic world.
Encryption is generally done with Secret Key Cryptography. Several schemes exist, and they are only as strong at there cryptogram generation. However providing a secret key by itself is not enough, a strong backbone system must be in place to offset the weaknesses of individual encryption/decryption efforts. The system involves:
Public Key Cryptography: Providing two keys, one encryption key and a decryption key. One is kept private while another is used publicly.
Public Key Servers: Must provide a safe place where public keys can be shared but not tampered with.
Certification Authority: Provides the guarantee of authentic keys. A use of a hierarchy can certify keys within the system. You are only as safe as the authority you trust above you that is providing the certification. This is generally a safe mechanism for providing security.
The security platform should allow for heterogeneous platform use. As the networking world grows it encompasses many types of systems that must be hosted. Assuring allowance for all systems provides a security mechanism will last.
As E-commerce environment expands it becomes an even bigger concern for security systems to be installed. An expert reports that only about 3% of credit card use is on the Internet today, of these 3% half are from fraudulent usage. As the usage of credit cards increase overtime it becomes vastly important to discourage fraudulent use.
Installation of a security infrastructure can be used to ensure safety. This infrastructure is a hierarchical approach to security. A role above each grouping of users will provide security measures. This continues up a chain where it resolves to a single point of authorization.
Again, to ensure safety within the E-commerce environment, a structured hierarchy must be used. Such systems exist, such as the X.500/Smart Card Registration. A smart card is a device that allows security and personal identification techniques to be carried by a person. This allows personalization and answers to question “who are you?” The X.500 an international security solution system that provides hierarchical registration of uniquely identified smart cards.
Certification in such a system occurs on two levels, local and global. Locally users are assured safety by certification authorization by the head of there department, group, or system. They are guaranteed security amongst their peers. To provide a worldwide and further reaching security, a global registration is put into place. The providers for local security are then secured themselves in the same manner. This continues up a tree to global certification scheme.
For this type of system to work efficiently and without disjoint groups, standards must come to rise. Situations involving payments, document exchange, and sensitive information sharing are then highly secured within a standard very strong security system. The same system may be used for secure financial transactions, supporting business transactions, and personal safety.
Today many in-place and emerging solutions are providing for a safe Internet world. Some of the more interesting ones rely on cryptographic keys and personalized smart card type technologies. They provide for user authentication and privacy protection. Here are a few systems.