1 / 0

E-commerce

E-commerce. What are the relationships among: Client (i.e. you) Server Bank Certification authority Other things to consider: How to set up your own online business The steps of a secure session Authentication Digital signature . Setting it up. You have products to sell

fisk
Télécharger la présentation

E-commerce

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. E-commerce What are the relationships among: Client (i.e. you) Server Bank Certification authority Other things to consider: How to set up your own online business The steps of a secure session Authentication Digital signature
  2. Setting it up You have products to sell Create a Web site Subscribe for Web hosting, acquire HW/SW as needed Need accounts with a bank, and individual credit card merchant accounts, PayPal, etc. Subscribe to SSL service E.g. Verisign is now owned by Symantec Maintain database of transactions E.g. individual purchases
  3. Secure Web session Here’s one way to do it. Client wants to buy goods on server’s secure site. Server sends its public key & authentication certificate to client. Client’s Web browser verifies certificate with CA Client uses RSA with server’s public key to encrypt DES key. Send to server. Server uses own RSA-private key to decrypt DES key. Now, both parties can communicate with DES.
  4. Notes Why not just use RSA for everything? DES is much faster. We just use RSA to communicate the DES key. Client & server have “agreed” on a key, but we did not use Diffie-Hellman. DES key was chosen by the client, sent to server securely. Diffie-Hellman by itself can’t authenticate. Authentication goes both ways CA verifies server identity to client (you). Bank verifies client (you) to the server.
  5. Digital signature A closely related concept using RSA Purpose: verify sender & integrity of message Useful when resolving disputes: non-repudiation When A sends message to B Message  private key  D.S. Append D.S. to the message B receives message (with D.S.) from A Separate the D.S. from body of the message. D.S.  public key  output Verify that the output matches the message. (To save time, the message is usually “hashed”)
More Related