Ecommerce Security   «Prev  Next»
Lesson 8Security Services
ObjectiveDescribe the Application of Encryption Methods to Security Services.

Application of Encryption Methods

Email, virtual private network (VPN) connections, and other forms of enterprise-grade encryption use symmetric, asymmetric, and one-way encryption all at once. The various encryption methods enable you to achieve:
  1. Data confidentiality
  2. Data integrity
  3. Authentication
  4. Access control
  5. Nonrepudiation

The Slide Show below describes these security services.

1) Security Services 1 2) Security Services 2 3) Security Services 3 4) Security Services 4 5) Security Services 5

Program 1 Program 2 Program 3 Program 4 Program 5
  1. Authentication: Authentication proves the identity of an entity during communication or transfer of data. Authentication is implemented by public key encryption, digital certificates or digital signatures.
  2. Data Confidentiality: Data confidentiality protects data from unauthorized disclosure using encryption methods. Data confidentiality is provided by encryption and decryption
  3. Data Integrity: Data Integrity verifies the consistency of information transferred over the internet. Data integrity is provided by message digest or secure hash algorithms
  4. Access Control: Access control gives you the ability to control where information goes in and comes out.
  5. Non-repudiation: Non repudiation provides proof of origin and proof of delivery. Non-repudiation is implemented with a digital signature. It also stops people from denying that they sent a message.

Security Services

Access control

Access control designates the resources a user or service may access on the system or network. Access controls include valid IDs and passwords to control access to system resources. Controls on FTP include when the services can be accessed and by whom (by user or host name). Similarly, HTTP and email have access control restrictions.

E-commerce protocols

  1. Secure MIME (S/MIME): A specification for secure electronic mail. S/MIME was designed to add security to email messages in MIME format. The security services offered are authentication (using digital signatures) and privacy (using encryption). S/MIME assumes that both the sender and receiver of secure email messages have public/private key pairs and uses the concept of a digital envelope
  2. Secure Sockets Layer (SSL): An encryption method enabled by digital certificates.
  3. Secure Electronic Transaction (SET): A method of information exchange that allows businesses and clients an extra level of protection while conducting business.
The primary protocols used in e-commerce are the Secure MIME (S/MIME) , Secure Sockets Layer (SSL), and Secure Electronic Transactions (SET) protocols. These protocols are discussed in more detail in later lessons. The next lesson concludes this module.

Encryption Purposes Methods

Click the link below to read about the terms for various methods and purposes of encryption and their definitions.
Encryption Purposes Methods

Security Services - Exercise

Click the Exercise link below to solve a security issue for the course project.
Security Services - Exercise