Lesson 2 | Purposes of security |
Objective | Identify the need for secure electronic transactions. |
Purposes of security | Description |
---|---|
Data confidentiality | Much of the data and content you view on an e-commerce site has been secured. The degree of confidentiality of the data and content determines the level of security required. From a business perspective, make sure that sensitive information receives a higher degree of protection. |
Identification: Authentication and Certification | The Internet is by nature an anonymous medium, and this anonymity affects e-commerce. Identification ensures that someone is who he or she claims to be. This requirement is tantamount when high priced transactions, high volume transactions, or transactions that involve the exchange of sensitive information are involved. Identification techniques include such things as as public-key encryption, certificates, and digital signatures. These are described in detail later in the course. To prevent unauthorized access to or from a private network, firewalls are used. Access to resources behind firewalls typically involves some kind of user access control technique, such as a userid and password; these are often used for data confidentiality also. |
Data integrity | Data integrity ensures that information has not been modified in transit to the destination. An electronic payment system should ensure data integrity using message digests or hash algorithms. These terms are explained in a later lesson. Non-repudiationNon-repudiation is the proof that a transaction has been conducted between two specific parties; this is important to prevent merchants or customers from denying a sale or purchase. Non-repudiation may take several forms. A receipt issued to a customer is proof of purchase. Establishing similar forms of non-repudiation is important for e-commerce. |