Digital Certificates and Public Key Infrastructure (PKI) Digital certificate includes: Name of subject/company Subject’s public key Digital certificate serial number Expiration date, issuance date Digital signature of CA Public Key Infrastructure (PKI): CAs and digital certificate procedures PGP Slide 5-21
Digital Certificates and Certification Authorities Slide 5-22
Limits to Encryption Solutions Doesn’t protect storage of private key PKI not effective against insiders, employees Protection of private keys by individuals may be haphazard No guarantee that verifying computer of merchant is secure CAs are unregulated, self-selecting organizations Slide 5-23
Securing Channels of Communication Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Establishes secure, negotiated client–server session Virtual Private Network (VPN) Allows remote users to securely access internal network via the Internet Wireless (Wi-Fi) networks WPA2 Slide 5-24
Secure Negotiated Sessions Using SSL/TLS Slide 5-25
Protecting Networks Firewall Hardware or software Uses security policy to filter packets Two main methods: Packet filters Application gateways Proxy servers (proxies) Software servers that handle all communications from or sent to the Internet Intrusion detection systems Intrusion prevention systems Slide 5-26
Firewalls and Proxy Servers Slide 5-27
Protecting Servers and Clients Operating system security enhancements Upgrades, patches Anti-virus sofware Easiest and least expensive way to prevent threats to system integrity Requires daily updates Slide 5-28
Developing an E-commerce Security Plan Slide 5-29
Types of Payment Systems Cash Most common form of payment Instantly convertible into other forms of value No float Credit card Credit card associations Issuing banks Processing centers Slide 5-30
Types of Payment Systems (cont.) Stored value
You've reached the end of your free preview.
Want to read all 38 pages?
- Fall '19
- Cryptography, Public-key cryptography, Pretty Good Privacy, Certificate authority, Disrupting