Mumbai University > Information Technology > Sem 7 > e-commerce and e-business

Marks: 10M

Year: May 2016

The Tools used for secure channel of communication are:

1.Secure Sockets Layer (SSL)

2.Certificate authorities (CAs)

3.Virtual private networks

1. Secure Sockets Layer (SSL) :
2. Secure Sockets Layer (SSL) A commonly used encryption technique for scrambling data as it is passed across the Internet from a customer's web browser to a merchant's web server.
3. Secure Electronic Transaction (SET) A standard for public-key encryption intended to enable secure e-commerce transactions. Lead-develoPmont by MasterCard and Visa.
4. Secure Sockets Layer Protocol (SSL) SSL is a security protocol, originally developed by Netscape, but now supported by all browsers such as Microsoft Internet Explorer. SSL is used in the majority of B2C e-commerce transactions since it is easy for the customer to use without the need to download additional software or a certificate. When a customer enters a secure checkout area of an e-commerce site SSL is used and the customer is prompted that 'you are about to view information over a secure connection' and a key symbol is used to denote this security.
5. When encryption is occurring they will see that the web address prefix in the browser changes from https://' to https://' and a padlock appears at the bottom of the browser window.
6. The main facilities it provides are security and confidentiality. SSL enables a private link to be set up between customer and merchant. Encryption is used to scramble the details of an e-commerce transaction as it is passed between sender and receiver and also when the details are held on the computers at each end. It would require a determined attempt to intercept such a message and decrypt it.
7. SSL is more widely used than the rival S-HTTP method. The detailed stages of SSL are as follows: - Client browser sends request for a secure connection. - Server responds with a digital certificate which is sent for authentication. - Client and server negotiate session keys, which are symmetrical keys used only for the duration of the transaction.

8. Since, with enough computing power, time and motivation, it is possible to decrypt messages encrypted using SSL, much effort is being put into finding more secure methods of encryption such as SET. From a merchant's point of view there is also the problem that authentication of the customer is not possible without resorting to other methods such as credit checks.

9. Certificate authorities (CAs):

10. For secure e-commerce, there is a requirement for the management of the vast number of public keys. This management involves procedures and protocols necesssary throughout the lifetime of a key — generation, dissemination, revocation and change together with the administrative functions of time/date stamping and archiving. The successful establishment of a CA is an immense challenge of trust building and complex management. There are two opposing views on how that challenge should be met
11. Decentralize& market-driven, creating brand-name-based 'islands of trust' such as the Consumers Association. There is a practical need for a local physical office to present certificates of attestable value, e.g. passports, drivers' licences. Banks and the Post Office have a huge advantage.

12. Centralizat in the UK, the Department of Trade and Industry (DTI) has proposed a hier-archical tree leading ultimately to the government. The best-known commercial CA is Verisign (www.verisign.com) and this is commonly used for merchant verification. For example, the Avon site uses Verisign to prove to its customers that it is the genuine site. Post Offices and telecommunications suppliers are also acting as CM. Examples in the UK include BT (Trust Wise) and the Post Office (ViaCode).

13. Virtual private networks:

14. A virtual private network (VPN) is a private wide-area network that runs over the public net-work, rather than a more expensive private network. The technique by which VPN operates is sometimes referred to as 'tunnelling; and involves encrypting both packet headers and content using a secure form of the Internet Protocol known as IPSec.
15. VPNs enable the global organization to conduct its business securely, but using the public Internet rather than more expensive proprietary systems.