TXT

06-E-commerce Security Technology

By Christina Peters,2014-05-27 15:05
18 views 0
06-E-commerce Security Technology

     ??ÎÄÓÉmy_hu??Ï×

    pptÎĵµ?ÉÄÜÔÚWAP?Ëä?ÀÀÌåÑé???Ñ????ÒéÄúÓÅÏÈÑ?ÔñTXT???òÏÂÔØÔ?ÎÄ?þµ????ú?é????

     Introduction to E-commerce EE-commerce Mechanism and Modes E?Ccommerce Infrastructural Facilities Information Processing Technology E-commerce Payment Technology E-commerce Security Technology E-commerce and the Law E-commerce and Taxation E-commerce and Business Management Construction of E-commerce System EE-commerce Website E-commerce and the Latest Development

     Ñ?ÓÃ?Ì?Ä ?º µç×ÓÉÌÎñË?Óï?Ì?Ì ×? Õß ?º ºúõÑÞ Ëï??ºì ?Æ?ª

     ?ö ?æ Éç ?º Çå?ª?óÑ??ö?æÉç

     20112011-5-12

     Main content

     2

     Case:Internet banking security Introduction to EC Security Encryption Technology Authentication Technology Firewall Technology Security Payment Technology

     EC

     E-commerce Security Technology

     List

     End

     Case: Internet banking security

     3

     EC

     E-commerce Security Technology

     List

     End

     LEARNING OBJECTIVES

     The basic requirements for security in E-commerce The meaning and types of the firewall The public key encryption technology The SSL and SET

     4

     EC

     E-commerce Security Technology

     List

     End

     Introduction to EC Security

     Security Issues in EC

     Threats from Internet

     5

     Data

     Business Logic

     Rich Client ODBC+SQL

     Server

     EC

     E-commerce Security Technology

     List

     End

     Introduction to EC Security

     Threat of hacker attacks

     6

     EC

     E-commerce Security Technology

     List

     End

     Introduction to EC Security

     Threat of network virus

     7

     EC

     E-commerce Security Technology

     List

     End

     Introduction to EC Security

     The security of computer operating system The security of computer

    applications

     Database Other software

     Cookie Java Program IE Browser

     8

     The security of communications transport protocol

     Data flow IP spoofing

     Network security management

     User rights management Vulnerability tracking Crisis Management

     EC E-commerce Security Technology

     List

     End

     Introduction to EC Security

     Security Needs of E-commerce

     Secrecy

     9

     Security Needs

     Authentication

     EC

     E-commerce Security Technology

     List

     End

     Introduction to EC Security

     Measures for E-commerce Security

     Secrecy

     Encryption

     10

     Integrity

     Digital Summary

     Undeniableness

     Digital Time Stamp Digital Signature

     Authentication

     Digital Certificates

     Reliability

     Anti-virus software

     Controllability

     Username and Password

     EC E-commerce Security Technology

     Firewalls SSL S-HTTP

     List End

     Encryption Technology

     Basic Concept

     Encryption is the coding of information by using a mathematically

    based program and a secret key to encode and produce a string of

    characters that is unintelligible.

     11

     plain text

     encryption

     cipher text

     decryption

     plain text

     (key)e

     (key)d

     EC

     E-commerce Security Technology

     List

     End

     Encryption Technology

     ??ÃÜϵÍ?µÄ?ù??ÒªÇó

     ϵÍ???Ê??ï??µ?ÀíÂÛÉÏÊÇ???ÉÆƵÄ?? ϵÍ???Ê??ï??µ?ÀíÂÛÉÏÊÇ???ÉÆƵÄ??Ò?Ó?µ? Ϊʵ?ÊÉÏ???ÉÆƵÄ?? Ϊʵ?ÊÉÏ???ÉÆƵÄ?? ϵÍ?µÄ??ÃÜÐÔ??ÒÀÀµÓÚ?Ô?ÓÃÜÌå

    ÖÆ?ò?ÓÃÜËã ??µÄ??ÃÜ???øÒÀÀµÓÚÃÜÔ??? ??µÄ??ÃÜ???øÒÀÀµÓÚÃÜÔ??? ?ÓÃܺ

    Í?âÃÜËã??ÊÊÓÃÓÚËùÓÐÃÜÔ??Õ?äÖеÄÔª ËØ?? ϵÍ??ãÓÚʵÏÖºÍÊ?ÓÃ???ã?? ϵÍ??ãÓÚʵÏÖºÍÊ?ÓÃ???ã??

     12

     EC

     E-commerce Security Technology

     List

     End

     Encryption Technology

     Symmetric Encryption Technology

     Symmetric Encryption is also known as private-key encryption or

    single-key encryption. Symmetric Encryption Principle

     13

     Ke=Kd=K

     Key Key Internet c c Encryption p Decryption p

     EC

     E-commerce Security Technology

     List

     End

     Encryption Technology

     Replacement cipher

     e.g. Caesar cipher

     plain cipher plain cipher a E n R b F o S c G p T d H q U e I r V

    f J s W g K t X h L u Y i M v Z j N w A k O x B l P y C m Q z D

     14

     p=end

     c=IRH

     K=4

     EC

     E-commerce Security Technology

     List

     End

     Encryption Technology

     e.g. Key=GUANGDONGGDCCHUMEIYAN

     plain cipher plain cipher a G n F b U o J c A p K d N q L e D r P

    f O s Q g C t R h H u S i M v T j E w V k I x W l Y y X m B z Z

     15

     P=internet

     C=MFRDPFDR

     EC

     E-commerce Security Technology

     List

     End

     Encryption Technology

     e.g.

     P = it can allow students to get close up views

     itcan allow stude ntsto getcl oseup views

     16

     C1=IASNGOVTLTTESICLUS TEEAODTCUWNWEOLPS

     C2=NACTIWOLLAEDUTSOTS TNLCTEGPUESOSWEIV

     EC

     E-commerce Security Technology

     List

     End

     Encryption Technology

     Problems in Symmetric Encryption System

     17

     exchange the key

     1

     2

     private key pairs Problems

     3

     break a DES

     4

     difficult to identify

     EC

     E-commerce Security Technology

     List

     End

     Encryption Technology

     Asymmetric Encryption Technology

     Asymmetric Encryption also can be called public-key encryption or

    key-pair encryption. Asymmetric Encryption Principle

     18

     Ke?ÙKd

     P-key Interne t c c S-key Encryption P Decryption P

     EC

     E-commerce Security Technology

     List

     End

     Encryption Technology

     The Advantage of Asymmetric Encryption

     Small number of encryption keys

     19

     Advantage

     Key distribution is easy

     Digital signature and authentication

     The Shortcoming of Asymmetric Encryption

     The shortcoming for asymmetrical key encryption is that the speed

    of encrypting and decrypting is slow.

     EC E-commerce Security Technology

     List

     End

     Encryption Technology

     Mixed EncryptionTechnology

     A P

     Encryption Decryption

     20

     {EDES(P)}

     c c

     B P

     Interne t

     DES

     Encryption Decryption

     DES

     {Ekpb(DES)}

     Kpb Kpb: public key of receiver B Ksb: secret key of receiver B Ksb

     c{EDES(P)} {Ekpb(DES)}

     EC E-commerce Security Technology

     DDES[EDES(P)]=P

     Dksb[{Ekpb(DES)}]=DES

     List End

     Authentication Technology

     Basic Concept

     Adopting authentication technology can directly meet various online transaction security demands like identity authentication, information integrity, non-repudiation and anti-modification in case of threats such as counterfeiting, altering, repudiating, faking and so on. Authentication's Purposes

     to identify the sender to verify the information integrity

     21

     EC

     E-commerce Security Technology

     List

     End

     Authentication Technology

     Message Digest

     Message digest is a technique of making use of digital fingerprint for integrity verification. The digital fingerprint of the file is transmitted along with the file to the recipient in transmission. After receiving the file, the recipient calculates the hash value of the received file in the same way when the result is identical with the digest code received, it is concluded that the file has not been altered.

     22

     Message digest digest

     EC E-commerce Security Technology

     List

     End

     Authentication Technology

     Hash function

     A Hash function H is a transformation that takes an input of arbitrary-sized number M and returns a fixed-size string of number. Mathematical expression is: h??H??M?? ?? ?? ??

     H???? is the one-way Hash Function M is plaintext of any length h is a Hash value of fixed length

     23

     EC

     E-commerce Security Technology

     List

     End

     Authentication Technology

     Features of Hash function

     ?Ù If the output of Hash functions is given, to get its input is difficult. That is, y=Hash (x) is given, it is difficult to get x. ?Ú If x?? is given, to calculate y????Hash (x??), it is difficult to form x?? to make Hash (x??)??y??. ??

     24

     ?Û y??Hash (x), each bit of y is correlated with that of x and highly ?? sensitive. That is, every one bit change of x will tamper with y evidently.

     It can be seen that the Hash value of message H undoubtedly becomes the imprint of M, so it is also called the digital fingerprint of input M. Usually it is used as Message Authentication Code (MAC).

     EC

     E-commerce Security Technology

     List

     End

     Authentication Technology

     1) C=Ek[M|h(m)]

     Sender A M MUX k h E C D k h(M) Recipient B M?? DMX h ?? h(M??) Output

     25

     2) C=M|Ek[h(m)]

     Sender A M MUX h E k k C Recipient B M?? DMX h ?? h(M) D h(M) h(M??) Output

     EC

     E-commerce Security Technology

     List

     End

     Authentication Technology

     3) C=M|Eksa[h(m)]

     Sender A M MUX h E kSA M|EKSA[h(M)] Recipient B M?? DMX EKSA[h(M)] kPA h ?? D h(M) h(M??) Output

     26

     h(M)

     EKSA[h(M)]

     4) C=Ek{M|Eksa[h(m)]}

     Sender A M MUX h E kSA kPA E k h(M) C Recipient B M?? D k D DMX h

    ?? h(M) h(M??) Output

     EC

     E-commerce Security Technology

     List

     End

     Authentication Technology

     Digital Signatures

     27

     In affairs related to computer files, electronic signatures are

    needed, i.e., digital signatures.

     Verify the real identity of the sender

     Functions

     Cannot repudiate

     Cannot alter and fake the message

     EC

     E-commerce Security Technology

     List

     End

     Authentication Technology

     RSA??s Digital Signature

     Sending A P?? P Interne t compare P Encryption Digital signature

    Digital signature Receiving B

     28

     Decryption

     Ksa

     Kpa

     Ksa: secret key of sender A Kpa: public key of sender A

     EC E-commerce Security Technology

     List

     End

     Authentication Technology

     Message Digest or Hash Function Digital Signature

     Sending A P p?? Receiving B

     29

    

     H(p??)

     ?Û ?Ù

     H(p)

     Encryption Hash Interne t

     Hash

    

     compare

     H(p)

     Digital signature Ksa

    

     Decryption

     Digital signature Kpa

    

     recipient transforms the received digest digestkey encryption algorithm and his sends the signed message with digitally signs received message and the Hash key algorithms and decrypts the message with secure one-way message together to the ?Ý ?Ü ?Û ?Ú ?Ù The sender transforms the themessagemessage with withsame secure one-way Hash DigitaltheSignature publicoriginalpublic functions to produce = E digest.{Hash(P)} ?Þ The recipient compares the decrypted message digest with new message digest, if recipient. digest. sender??s to generate a new messageKsa the public key functions as of the sender. private key. message they are the same, it proves that message has not been altered or dropped during transmission and meanwhile verifies the identity of the sender. If they are different, the digital signature is invalid and cannot be accepted. This is guaranteed by virtue of the features of digital fingerprints mentioned above. List

     EC

     E-commerce Security Technology

     End

     Authentication Technology

     Digital Certificates

     30

     Digital Certificate, also called Digital ID, is a section of data containing user identity information, user public key information and CA digital signature. Digital certificate verifies a user??s identity and his accessibility to network resources by electronic means, which is an identity proof for various end entity and end users to realize information exchange and business activities.

     EC

     E-commerce Security Technology

     List

     End

     Authentication Technology

     Certificate contents

     Information of applicants

     31

     ?Ù Version information. ?Ú Certificate serial number, every

    certificate issued by CA has to have a unique serial number. ?Û Autograph algorithms used by CA. ?Ü Name of CA that issues the certificate. ?Ý Expiring date of the certificate. ?Þ Certificate title. ?ß Verified public key information, including public key algorithm, bit and value. ?à Special extension including extra information.

     Information of CA

     Signature of CA Signature algorithms

     List End

     EC

     E-commerce Security Technology

     Authentication Technology

     Certificate Authority

     Certificate Authority (CA) is the core organization of Ecommerce security authentication system. Tree Authentication Structure

     32

     Root-CA

     CA-A

     CA-B

     CA-D

     Customer 1

     Customer 2

     CA-C

     EC

     E-commerce Security Technology

     List

     End

     Authentication Technology

     The core function of CA is to issue and manage Digital Certificate.

     Application for certification Business processing Security server Security server Security server

     33

     Registration Authorities digital certification user LDAPserver

     CA server

     LDAPserver

     DB server

     DB Server

     digital certification download or query

     EC

     E-commerce Security Technology

     List

     End

     Authentication Technology

     Digital Time Stamp

     A digital time stamp is a proof file of the receiving and sending

Report this document

For any questions or suggestions please email
cust-service@docsford.com