| Lesson 2 | Purposes of security |
| Objective | Identify the need for secure electronic transactions. |
Purposes of Security in ecommerce
When you visit a well-designed e-commerce site you can peruse the available goods and services, review pricing and delivery terms, add items to a shopping cart (or some equivalent to a shopping cart), make payments, and track delivery. The entire system that delivers the e-commerce site and all its functions probably use several different security techniques, though it may be transparent to the customer.
Essential Purposes of Security
In e-commerce, security usually involves five essential purposes, including
These are described in the table below.
- data confidentiality,
- authentication and certification,
- access control[1],
- data integrity, and
- non-repudiation.
These are described in the table below.
| Purposes of security | Description |
|---|---|
| Data confidentiality | Much of the data and content you view on an e-commerce site has been secured. The degree of confidentiality of the data and content determines the level of security required. From a business perspective, make sure that sensitive information receives a higher degree of protection. |
| Identification: Authentication and Certification | The Internet is by nature an anonymous medium, and this anonymity affects e-commerce. Identification ensures that someone is who he or she claims to be. This requirement is tantamount when high priced transactions, high volume transactions, or transactions that involve the exchange of sensitive information are involved. Identification techniques include such things as as public-key encryption, certificates, and digital signatures. These are described in detail later in the course. To prevent unauthorized access to or from a private network, firewalls are used. Access to resources behind firewalls typically involves some kind of user access control technique, such as a userid and password; these are often used for data confidentiality also. |
| Data integrity | Data integrity ensures that information has not been modified in transit to the destination. An electronic payment system should ensure data integrity using message digests or hash algorithms. These terms are explained in a later lesson. Non-repudiationNon-repudiation is the proof that a transaction has been conducted between two specific parties; this is important to prevent merchants or customers from denying a sale or purchase. Non-repudiation may take several forms. A receipt issued to a customer is proof of purchase. Establishing similar forms of non-repudiation is important for e-commerce. |
ecommerce Management
Secure electronic transactions are implemented in various ways, with each of these five purposes in mind. The implementation of security is described in the Slide Show below.
- Data confidentiality is provided by encryption and decryption.
- Authentication is implemented by a process called digital signatures.
- Access controls include userids and passwords to control access to system resources.
- Data integrity ensures that information has not been modified in transit to the destination.
Data Confidentiality
In the next lesson, you will learn about encryption and decryption.
Security Purpose - Quiz
Click the Quiz link below to test your understanding of the purposes of security.
Security Purpose - Quiz
Security Purpose - Quiz
[1]Access control: Access control governs what resources a user or service may access on the system or network. It protects against the unauthorized use of resources.
