E-Commerce Engineer - Security in E-Commerce

E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme

Database ModelsVer: 1.0

Encryption and Security Measures

Definition of Security problems

A security-system is correct, if it has the following parameters:

• Closeness• Holistic• Continuity• Venture proportion

General problems of the information-security

• Security problems of the design and the development procedure

• Information-security• Data-security• Dependable working

Security problems of the design and the development

• Documentation, documents– security classification– critical hardware and network items

The information-security

• Regulation of the data-access rights• Identification and validation• Information-security on the information-system

level• Virus defence

Data-manipulating rights control

• Scope of authority issue• Control• Data-access rights• Unauthorized data-access attempt• Firewall configuration

Identification and validation

• User identification• Validation• Secession• Multilevel identification and validation system• Misregistration

Information-security on the informatics-system level

• Information-security on the level of:– Operating system– Application defence– Menu-system – File system

Virus defence

• System-servers• Application servers• Data medium• New software• For a longer time unused software

The data-security

• Security of the data-recording• Security of the data-storage• Security of the data-access

Security of the data-recording

• Input-data accuracy• Data-transmission• Development of the data-recording policy• Logging of the data-recording events• Data-recording rights• Input warrants• Semantic and syntax monitoring of input data

Security of data-storage

• Development of data-storage policies• After-processing control• Redundant-storage• Data encryption

Security of data-access

• Development of data distribution policies• Development of the data-access rights• Data-integration

Dependable working 1

• Infrastructure– physical defence of storage and computer rooms– dependable power supply– bias control

• HRM- human resource management– staff trusty operation– viewpoints– personal factors

• Audition of reliability• Restart• Data medium– storage– security copies– archiving

• Hardware– physical defence– conditions of the dependable operation– floppy-drive disabling– service– bound of workstation– communication network

• Software– legality– virus defence– testing for fail-safe operation– documentation– source-code availability

IT security in the the running system

• Access regulation• Access control• Integration control• Data-security• Fail-spanning• Restart• Development and observance of operating

policies• Disaster-plan

Cryptographic-protocol of e-commerce 1

• Identification– partner-identification– server- identification– client- identification

• Message-authentication• Verifying digital signatures• Secret-sharing

Cryptographic-protocol of e-commerce 2

• Encryption-key maintenance– generation– allocation– authentication– revocation– key server

• Time-stamp

Developers and products of the cryptographic standards 1

• ANSI standards– DSA-based digital signature– RSA -based digital signature– Ellipse-curve based digital signature (ECDSA)

• FIPS (US) standards– Escrowed encryption standard (EES)– Data encryption standard (DES)– Advanced encryption standard (AES)– Hash standard for digital signature (SHS)– Digital signature standard (DDS) using a Digital

signature algorithm (DSA)

• RSA Laboratories specifications, PKCS (Public-Key Cryptography Standards)– RSA standard– Diffie-Helmann key standard– ITU (International Telecommunication Union)– X.509 authentication framework

• PEM (privacy-enchanted mail)• W3C commendations• ETSI (European Telecommunications Standards

Institute) standards

The RSA-based encryption 1

• Algorithm of the RSA– selection of parameters– encryption keys– message-handling

Message-handling

• The message encryption:Encoding the m (0<m<n, (m,n)=1) message:

c ≡ me mod n,

c - the encrypted message

• Decoding of c(0<c<n) encrypted message:m ≡ cd mod n,

m - the resolved message

The condition (m,n)=1 ensures the unambiguous coding

• The RSA attributes (algorithms)– the RSA algorithm can be easily computerized– its security is adequate– simple mathematical background– well known– typical parameters– applied acceleration– Wassenaar command– patent

• RSA attributes (offensives)– factorisation of n : full-hacking– selection small d : full-hacking– selection of small e : some of the messages can be

hacked

• Preparation of the RSA parameters– methods for selection of p and q and for the

factorisation of n– the prime-dissociation current highest efficiency– finding primes– selection of parameter d – selection of parameter e– the RSA summing up and evaluation

Functional encrypting

• Encrypting data files

• RSA SecurID method– advantages– disadvantages

The SHIELD-system 1

• Inventor and developer of the SHIELD-program is:Balogh Zoltán

• The SHIELD function– Operation– Attributes

• countermoves• signal• notes

The SHIELD-system 2

• Comparison with other defence systems

– with the DES

– with the RSA

Firewall and e-mail screening 1

• The structure of the security system of a local area networked organisation– Usually steps of building up the security system– Security-policy– E-mail– Outer connection from the Internet

• The firewall configuration– The network tools of the firewall – Risks you want to avoid using a firewall– Filtering options– Firewall types– Downloads– AVG FREE EDITION

• E-mail screening– Arrange of scope of the screening– User-level screening– Spam notification– The attachment-screening

Laws for data-security

• Current laws in Hungary• Current laws in the European Union

Other information

• MTA SZTAKI– Post Address: H-1518 Budapest, P.O. Box 63.– Phone: +36 (1) 279-6000– Telefax: +36 (1) 466-7503

• Éva Feuer– Post Address: H-1518 Budapest, P.O. Box 63.– Phone: +36 (1) 279-6285– Telefax: +36 (1) 466-7503

E-Commerce Engineer - Security in E-Commerce

Documents

Transcript of E-Commerce Engineer - Security in E-Commerce

E-Commerce: E-Commerce Fundamentals · E-commerce Buyers and sellers together make up e-commerce, short for electronic commerce. E-commerce is the transaction between a buyer and

E-Commerce Matters...E-Commerce Leadership Matters More

Proportion of Internet users purchasing online and ... · e-commerce platforms E-COMMERCE PLATFORMS Third party e-commerce platforms GOODS e-commerce platforms SERVICES e-commerce

E-Commerce Strategies_The Relationship Between E-commerce & Competitiveness

Overview of E-commerce E-Commerce

E-Commerce: How can Regional Trade Agreement E-commerce · E-Commerce: How can Regional Trade Agreement Facilitate Cross-border E-commerce •Cross-border E-commerce serves as an

E-Commerce Lyon 2009 : Optimisation e-commerce

VIDEO IN COMMERCE MIKE ROGGE: Senior Engagement Manager (Digital Media) PAUL TOMSIC: Senior Solutions Engineer (Commerce)

Magento | E-commerce | Custom E-commerce Store

E Commerce Panel New Generation E Commerce

E-Commerce 1. 2 E-commerce Describe E-CommerceDescribe E-Commerce Identify benefits and risks of E-CommerceIdentify benefits and risks of E-Commerce Describe.

END BACKNEXT Introduction to e- Commerce Scope of e- Commerce E-Commerce Processes Electronic Payment Processes Section II E-Commerce Applications B2C.

4. E-COMMERCE, M-COMMERCE & EMERGING TECHNOLOGIESE-COMMERCE, M-COMMERCE & EMERGING TECHNOLOGIES INTRODUCTION TO E-COMMERCE Q.No.1. What is E-commerce? Explain? (B) 1. E - Commerce

Electronic Commerce Systems e-Commerce trends e-Commerce processes e-Commerce success factors e-Commerce categories Chapter 8 McGraw-Hill/Irwin Copyright.

ELECTRONIC COMMERCE. CONTEXT: Definition of E-Commerce. History of E-Commerce. Advantages and Disadvantages of E-Commerce. Types of E-Commerce. E-Commerce.

E-Business E-Commerce M-Commerce

Sterling Commerce at Impact 2011 FINALpublic.dhe.ibm.com/software/commerce/Sterling... · – Re-engineer the Customer Experience Increase OperationalAgility Sterling Commerce content

ISE316 E-Commerce History and Trends. Daniel L. Silver2 Outline History of E-Commerce/E-Business History of E-Commerce/E-Business Effects of E-Commerce/E-Business.

E commerce essentials - Introduction to E-commerce

Awicaksi E-Commerce Security & Payment System E-Commerce.