Ecommerce Security  «Prev  Next»
Lesson 9

ecommerce Security Conclusion

In this module you have been introduced to the basic security mechanism needed in e-commerce. This includes encryption and decryption techniques, means to provide authentication, certification message integrity, and data security.
The techniques and technologies involved with e-commerce security are often arcane and require the expertise of a specialist. Business personnel responsible for applying e-commerce for their companies, however, should at least have a basic grasp of the methods and techniques and, in particular, be sensitive to the needs of security when designing e-commerce business processes. In the next module, we will examine the basic technologies used in e-commerce. Now that you have completed this module, you should be able to:
  1. Identify symmetric, asymmetric, and one-way encryption schemes
  2. Itemize the benefits provided by security implementations such as hashing, message digests, and digital signatures
  3. Understand the certificate-related infrastructure
  4. Identify the need for secure electronic transactions
  5. Identify encryption schemes such symmetric, asymmetric, and one way
  6. Describe the methods for authentication and identification
  7. Explain the use of certificates

Key Terms and Concepts

  1. Algorithm: a process or set of rules to be followed in calculations or other problem-solving operations, especially by a computer.
  2. Asymmetric key algorithm: Asymmetric key algorithms, are used to solve two problems that symmetric key algorithms cannot: key distribution and nonrepudiation. The first helps solve privacy problems, and the latter helps solve authenticity problems.
  3. Asymmetric encryption:
  4. Authentication
  5. Certificate authority (CA):In cryptography, a certificate authority (CA) is an entity that issues digital certificates, where the digital certificate certifies the ownership of a public key by the named subject of the certificate.
  6. Cryptography:Cryptography is a method of protecting information and communications through the use of codes, so that only those for whom the information is intended can read and process it.
  7. Certificate
  8. Ciphertext
  9. Cryptanalysis
  10. cryptographic hash function: A cryptographic hash function is an algorithm that takes an arbitrary amount of data input, a credential and produces a fixed-size output of enciphered text called a hash value, or just "hash". That enciphered text can then be stored instead of the password itself, and later used to verify the user.
  11. Data Encryption Standard (DES):The Data Encryption Standard (DES) is an outdated symmetric-key method of data
  12. Digital envelope
  13. Hash algorithm
  14. MD5: The MD5 (message-digest algorithm) hashing algorithm is a one-way cryptographic function that accepts a message of any length as input and returns as output a fixed-length digest value to be used for authenticating the original message.
  15. Message digest: A message digest is a cryptographic hash function containing a string of digits created by a one-way hashing formula.
  16. One-way encryption: A one-way hash function is a cryptographic algorithm that turns an arbitrary-length input into a fixed-length binary value, and this transformation is one-way, that is, given a hash value it is statistically infeasible to re-create a document that would produce this value.
  17. Plaintext:
  18. Public-key encryption: Public key cryptography uses two separate keys instead of one shared one: 1) a public key and 2) a private key. Public key cryptography is an important technology for Internet security.
  19. RSA: The Rivest-Shamir-Adleman (RSA) encryption algorithm is an asymmetric encryption algorithm that is widely used in many products and services. Asymmetric encryption uses a key pair that is mathematically linked to encrypt and decrypt data.
  20. Hash Algorithm (SHA):In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest rendered as a hexadecimal number, 40 digits long.
  21. Symmetric encryption:
  22. firewall: A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules.
  23. encryption:
  24. key:
  25. bit: A bit (binary digit) is the smallest unit of data that a computer can process and store. A bit is always in one of two physical states, similar to an on/off switch.
  26. compression: In signal processing, data compression, source coding, or bit-rate reduction is the process of encoding information using fewer bits than the original representation.
In the next module you will learn about e-commerce solutions.

Digital Signature Authentication - Quiz

Click the Quiz link below to review what you've learned about Web-based security using various methods of encryption.
Digital Signature Authentication - Quiz