ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI)...

38
ELECTROINC COMMERCE TOOLS Chapter 6

Transcript of ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI)...

Page 1: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

ELECTROINC COMMERCE TOOLS

Chapter 6

Page 2: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

• Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND

CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2 DIGITAL CERTIFICATES 6.1.3 DIGITAL SIGNATURES 6.1.4 PUBLIC KEY CRYPTOGRAPHY 6.1.5 PUBLIC KEY INFRASTRUCTURE (PKI) 6.1.6 CERTIFICATE AUTHORITIES 6.2 Secure Sockets Layer (SSL) and

Secure Electronic Transaction (SET) 6.2.1 Secure Sockets layer (SSL) 6.2.2 Secure Electronic Transaction (SET)

Chapter 6 – ELECTROINC COMMERCE TOOLS

Page 3: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

• Outlin

6.3 ELECTRONIC COMMERCE COMPONENT-BASED ARCHITECTURES

6.3.16.3.1 CORE COMPONENTS CORE COMPONENTS

6.3.2 BUSINESS-ORIENTED COMPONENT STRATEGIES.

6.3.3 COMMON BUSINESS LIBRARY

6.4 ELECTRONIC COMMERCE COMPONENT-BASED ARCH ITECTURES 6.4.1 Function

6.4.2 Customization

6.4.3 Integration

Page 4: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.0 IntroductionElectronic commerce promises gains in productivity, efficiency, and communication. At the same time, processing costs are expected to decrease. The objectives are achievable but they require the right types of electronic tools ,support the move to electronic business (eBusiness) operations. The introduction of the Web has transformed operations, and appropriate tools are under development to support these objectives.

Page 5: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

• Electronic commerce is dependent on a number of components. First, there must be a willing buyer and a willing seller. There must be product, service, or information offerings. If payment is to occur, there must be payment mechanisms avail able for use. In order to transact business, security technology and procedures are expected. Trust is an often overlooked item on the list of requirements for electronic commerce, but it is an essential ingredient for electronic commerce to take place and to succeed.

Page 6: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE

AUTHORITIES (CAs)

• TRUST.• DIGITAL CERTIFICATES .• DIGITAL SIGNATURES.• PUBLIC KEY CRYPTOGRAPHY.• PUBLIC KEY INFRASTRUCTURE (PKI).• CERTIFICATE AUTHORITIES.

Page 7: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.1.1 TRUST

• Physical world - Drivers’ licenses.

- Passports.

- Membership cards.

- ATM cards .

• Electronic world - Digital certificate .

- Digital signature.

Page 8: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.1.2 DIGITAL CERTIFICATES • A digital certificate is a digital document,

attesting to the binding of a public key of an individual or entity.

• Most people think there is basically one type of digital certificate. In actuality, several different types of digital certificates are available for use in business-to-consumer, business-to-business, and intra-business electronic commerce applications, including email certificates, browser certificates, server (SSL) certificates, software signing certificates, corporate empowerment certificates, SET certificates, and EDI certificates.

Page 9: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.1.2 DIGITAL CERTIFICATES

• Digital certificates contain the following Information:

1. Name of entity being certified 2. Public key 3. Name of certificate authority 4. Serial number 5. Expiration date 6. Optional additional information

Page 10: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.1.3 DIGITAL SIGNATURES

• Digital signature– Authenticates sender’s identity– Run plain-text through hash function

• Gives message a mathematical value called hash value• Hash value also known as message digest

– Collision • Occurs when multiple messages have same hash value

– Encrypt message digest with private-key– Send signature, encrypted message (with public-key)

and hash function

Page 11: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.1.4 PUBLIC KEY CRYPTOGRAPHY• Public key cryptography

– Asymmetric – two inversely related keys• Private key• Public key

– If public key encrypts only private can decrypt and vice versa

– Each party has both a public and a private key

– Either the public key or the private key can be used to encrypt a message

– Encrypted with public key and private key• Proves identity while maintaining security

Page 12: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.1.4 PUBLIC KEY CRYPTOGRAPHY

• Encrypting and decrypting a message using a symmetric key

Page 13: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.1.4 PUBLIC KEY CRYPTOGRAPHY

• Encrypting and decrypting a message using public-key cryptography

Page 14: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.1.4 PUBLIC KEY CRYPTOGRAPHY

• Authentication with a public-key algorithm

Page 15: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.1.5 PUBLIC KEY INFRASTRUCTURE (PKI)

The basic elements of PKI are as follows: • A certificate authority (CA) responsible for

issuing and verifying digital certificates. • A digital certificate including the public key or

information about the public key. • A registration authority (RA) to serve as the

verifier for the certificate authority before a digital certificate is actually issued to the requestor.

• A directory where the digital certificates and their public keys are stored.

• A certificate management system.

Page 16: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.1.6 CERTIFICATE AUTHORITIES

• A certificate authority is a trusted authority, an organization, that takes on the responsibility for issuing certificates. By issuing digital certificates containing public keys, the CA vouches for the identity of those to whom it issues the certificates. The CA’s public key must be trustworthy.

Page 17: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.1.6 CERTIFICATE AUTHORITIES

• The CA issuance process consists of the following steps:

1. Generate public/private key pair. 2. Send public key to CA. 3. Prove identity to CA—verify. 4. CA signs and issues certificate. 5. CA emails certificate or Requestor retrieves

certificate from secure Web site. 6. Requestor uses certificate to demonstrate

legitimacy of his or her public key.

Page 18: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.2 Secure Sockets Layer (SSL) andSecure Electronic Transaction (SET)

• Transaction security protocols– Secure Sockets Layer (SSL)– Secure Electronic Transaction (SET)

Page 19: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

• SSL– Uses public-key technology and digital

certificates to authenticate the server in a transaction

– Protects information as it travels over Internet• Does not protect once stored on receivers server

– Peripheral component interconnect (PCI) cards

• Installed on servers to secure data for an SSL transaction

6.2.1 Secure Sockets layer (SSL)

Page 20: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.2.1 Secure Sockets layer (SSL)

Client initiates a connection Hello?

Server responds by sending the client its Digital ID. The server may also request the client’s Digital ID for client

authentication.

Server Digital

ID

Client Digital

ID

Sessionkey

Client verifies the server’s Digital ID. If requested by

the server, the client sends its Digital ID.

When the authentication is complete, the client sends the

server a session key encrypted using the server’s

public key.

Client side Server side

Once a session key is established, secure communicationscommence between client and server

SSL Protocol

Page 21: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.2.2 Secure Electronic Transaction (SET)

• SET protocol– Designed to protect e-commerce payments– Certifies customer, merchant and merchant’s bank– Requirements

• Merchants must have a digital certificate and SET software• Customers must have a digital certificate and digital wallet

– Digital wallet• Stores credit card information and identification

– Merchant never sees the customer’s personal information

• Sent straight to banks

• Microsoft Authenticode– Authenticates file downloads– Informs users of the download’s author

Page 22: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.2.2 Secure Electronic Transaction (SET)

Page 23: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

Digital wallet

Page 24: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.3 ELECTRONIC COMMERCE COMPONENT-BASED ARCH ITECTURES

CORE COMPONENTSCORE COMPONENTS• Catalog Management.• Content Management. • Transaction services. • Personalization facilities. • Customer support and customer service. • Interfaces to internal business systems.

Page 25: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.3.1 CORE COMPONENTSCORE COMPONENTS

• Catalog Management - Which provides facilities to store, search, and

retrieve product information

Page 26: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.3.1 CORE COMPONENTSCORE COMPONENTS

• Content Management - To enhance product information available

through catalog entries.

Page 27: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.3.1 CORE COMPONENTSCORE COMPONENTS

• Transaction services

- Providing online purchasing mechanisms. These facilities may include online shopping carts and credit card authorization services.

Page 28: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.3.1 CORE COMPONENTSCORE COMPONENTS

• Personalization facilities

- Including user profiling and features to customize content delivery based on individual usage patterns and individual user preferences,

background, and characteristics .

Page 29: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.3.1 CORE COMPONENTSCORE COMPONENTS

• Customer support and customer service

- Including facilities to handle customers’ questions and requests for Information.

Page 30: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.3.1 CORE COMPONENTSCORE COMPONENTS

• Interfaces to internal business systems

- Including functions, APIs (application program interfaces), and development tools to connect Web-based electronic.

Page 31: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.3.2 BUSINESS-ORIENTED COMPONENT STRATEGIES

• Most e-commerce server vendors are not offering business-oriented component strategies yet. However, vendors are offering network-available business services. There are transaction engines and catalog management applications.

Page 32: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.3.3 COMMON BUSINESS LIBRARY

• A common business library (CBL) is under development as part of the CornmerceNet eCo framework. The library will include: - APIs for businesses, markets, processes, applications, and services.

- Common Business Objects for catalogs, product information, business forms, and companies.

Page 33: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.3.3 COMMON BUSINESS LIBRARY

• we can view documents as the input and output to these business services, Some of these document types include:

- Profiles of customers and vendors.

- Catalogs, data sheets, price lists.

- Invoices.

- Purchase orders (POs)

Page 34: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.3.3 COMMON BUSINESS LIBRARY

- Inventory reports

- Bill of materials

- Contracts

- Credit reports

- Reports on shipping, tracking, and order status

- Receipts

Page 35: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.4 Electronic commerce solution

Electronic commerce Solution =

Function +

Customization +

Integration

Page 36: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.4.1 FUNCTION

• The electronic commerce solution function may consist of packaged off-the-shelf software. Off-the-shelf software may be enhanced in-house.

Page 37: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.4.2 CUSTOMIZATION

• Another option to consider is whether your electronic commerce solution should involve personalization according to the profile of the customer/user.

Page 38: ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2.

6.4.3 INTEGRATION

• In designing your organization’s electronic commerce solution, you need to consider the type of interaction that you want to see between a customer and the company.