Lesson 9

In this module you have been introduced to the basic security mechanism needed in e-commerce. This includes encryption and decryption
techniques, means to provide authentication, certification message integrity, and data security.

The techniques and technologies involved with e-commerce security are often arcane and require the expertise of a specialist. Business personnel responsible for applying e-commerce for their companies, however, should at least have a basic grasp of the methods and techniques and, in particular, be sensitive to the needs of security when designing e-commerce business processes. In the next module, we will examine the basic technologies used in e-commerce. Now that you have completed this module, you should be able to:

The techniques and technologies involved with e-commerce security are often arcane and require the expertise of a specialist. Business personnel responsible for applying e-commerce for their companies, however, should at least have a basic grasp of the methods and techniques and, in particular, be sensitive to the needs of security when designing e-commerce business processes. In the next module, we will examine the basic technologies used in e-commerce. Now that you have completed this module, you should be able to:

- Identify symmetric, asymmetric, and one-way encryption schemes
- Itemize the benefits provided by security implementations such as hashing, message digests, and digital signatures
- Understand the certificate-related infrastructure
- Identify the need for secure electronic transactions
- Identify encryption schemes such symmetric, asymmetric, and one way
- Describe the methods for authentication and identification
- Explain the use of certificates

*Algorithm:*a process or set of rules to be followed in calculations or other problem-solving operations, especially by a computer.*Asymmetric key algorithm:*Asymmetric key algorithms, are used to solve two problems that symmetric key algorithms cannot: key distribution and nonrepudiation. The first helps solve privacy problems, and the latter helps solve authenticity problems.*Asymmetric encryption:**Authentication**Certificate authority (CA):*In cryptography, a certificate authority (CA) is an entity that issues digital certificates, where the digital certificate certifies the ownership of a public key by the named subject of the certificate.*Cryptography:*Cryptography is a method of protecting information and communications through the use of codes, so that only those for whom the information is intended can read and process it.*Certificate**Ciphertext**Cryptanalysis**cryptographic hash function:*A cryptographic hash function is an algorithm that takes an arbitrary amount of data input, a credential and produces a fixed-size output of enciphered text called a hash value, or just "hash". That enciphered text can then be stored instead of the password itself, and later used to verify the user.*Data Encryption Standard (DES):*The Data Encryption Standard (DES) is an outdated symmetric-key method of data*Digital envelope**Hash algorithm**MD5:*The MD5 (message-digest algorithm) hashing algorithm is a one-way cryptographic function that accepts a message of any length as input and returns as output a fixed-length digest value to be used for authenticating the original message.*Message digest:*A message digest is a cryptographic hash function containing a string of digits created by a one-way hashing formula.*One-way encryption:*A one-way hash function is a cryptographic algorithm that turns an arbitrary-length input into a fixed-length binary value, and this transformation is one-way, that is, given a hash value it is statistically infeasible to re-create a document that would produce this value.*Plaintext:**Public-key encryption:*Public key cryptography uses two separate keys instead of one shared one: 1) a public key and 2) a private key. Public key cryptography is an important technology for Internet security.*RSA:*The Rivest-Shamir-Adleman (RSA) encryption algorithm is an asymmetric encryption algorithm that is widely used in many products and services. Asymmetric encryption uses a key pair that is mathematically linked to encrypt and decrypt data.*Hash Algorithm (SHA):*In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest rendered as a hexadecimal number, 40 digits long.*Symmetric encryption:**firewall:*A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules.*encryption:**key:**bit:*A bit (binary digit) is the smallest unit of data that a computer can process and store. A bit is always in one of two physical states, similar to an on/off switch.*compression:*In signal processing, data compression, source coding, or bit-rate reduction is the process of encoding information using fewer bits than the original representation.