Ecommerce Security  «Prev 

Data Confidentiality

1) Data confidentiality is provided by encryption and decryption. For example, the data confidentiality of a private contract for a B2B site that will be reviewed and edited in real-time negotiation between two parties would typically be high, whereas simple information, and public domain information, (like weather or stock price) typically minimal amounts of data confidentiality.

2) Authentication is implemented by a process called digital signatures. Identification deals with ensuring that someone is who he or she claims to be, and ranks as tantamount with high priced transactions, high volume transactions, or transactions that involve the exchange of sensitive information.

3) Access controls include userids and passwords to control access to system resources. Controls on file transfers (via FTP) include restrictions on when services can be accessed and by whom ( by user or host name). Similarly, HTTP and email also have access control restrictions.

4) Data integrity ensures that information has not been modified in transit to the destination. Data integrity is provided by message digest or hashing, which uses a mathematical algorithm.

5) Non-repudiation is also implemented with a digital signature. The existence of a receipt or digital signature means that neither the merchant nor the customer can deny the purchase.