The authenticity of the identity of both parties

• is how to know the participant of the negotiation is not counterfeited by someone else. • If we are negotiating with some cheater, we might let out some important information, which may cause serious losses. • How can we judge whether a document comes from someone really as declared?

The secrecy of information exchange
• Secrecy in the process of negotiation, a tremendous amount of information should be exchanged, which usually includes the names, prices, quality of the commodities, as well as the time and place of the commodity exchange. • All such information has great value and needs to be protected. • If the information is divulged to the competitors, they are likely to take advantage of what they know so as to cause tremendous losses to the negotiator. • Thus it is of great importance as to keep the crucial information confidential.

The integrity of information
• How can the receiving party make sure that the information received is the complete message that is sent from the other party? • And is the message not replaced by another faked message in the process of being transmitted.

one of the choices it may make is to deny authenticity of the agreement. • Issues like these are also very important problems encountered in the e-commerce process.Non-repudiation • If one party wants to invalidate the contract which has been signed because of adverse marketing situations. .

• But how can we know that our private information is protected rather than illegally used? . we check the commodity and pay for it in person. when we go shopping. age. occupation. ID number and credit card number. income. the registration is required all the time. which may reveal a lot of private information such as gender.Privacy protection problem • In the traditional commercial process. • The vendor would not know who we are. In the eshopping process. however.

The security problems originated from the Internet itself • The Internet is a free and open world. • Secondly. it provides a convenient way to gather and distribute private data. . • So any online data is possible to be eavesdropped. the diversity of the Internet users is also a threat to security. Since the information is transmitted online via the routers while the users cannot know which one of the routers are involved in the process. • On the other hand. it is possible that someone will be able to view the user’s information by scanning and tracking data. which enables the global information exchange.

INTENTIONAL E-COMMERCE THREATS • • • • • Computer viruses Trojan horses Logic bombs Trap doors Denial-of-access attacks .

• When the program or the operating system containing the virus is used again. • The seriousness of computer viruses varies. ranging from springing a joke on a user to completely destroying computer programs and data. the virus attaches itself to other files and the cycle continues.COMPUTER VIRUSES • A computer virus is a series of self-propagating program codes triggered by a specified time or event within the computer system. .

• Probably the most dangerous type of virus comes from bulletin boards.COMPUTER VIRUSES • Computer viruses can also be transmitted through a network. this type of virus can infect any system that accesses the bulletin board. . • Bulletin boards are computer systems to which different individuals can post messages or computer programs that can be downloaded by others.

. • Eventually it will bring the computer and/or network to a halt. • A worm usually does not erase the data.COMPUTER WORM • A worm is similar to a computer virus. • It is called a worm because it travels like a worm from one computer in a network to another computer or site. It either corrupts the data or it copies itself to a full-blown version that eats up computing resources.

• These programs may erase accounting. • Unlike computer viruses and worms. the end results are basically the same: damage and interruption of the computer and/or network system. . personnel. • Trojan horse programs are usually hidden inside a popular useful program. a Trojan horse program does not replicate itself. and financial data. • Although a Trojan horse program functions differently than viruses and worms.TROJAN HORSE • A Trojan horse program contains codes intended to disrupt a computer system and or an e-commerce site.

LOGIC BOMBS • A logic bomb is a type of Trojan horse used to release a virus. or some other destructive code. a worm. • An event may be loading a backup tape or the birthday of a famous person. • An action can be pressing certain keystrokes or running a specific program. . • Logic bombs are triggered at a certain point in time or by an event or an action performed by a user.

• A trap door is usually activated by the individual (or his or her agent) who designed the system. Usually the user is not aware of the problem. .TRAP DOORS • A trap door (also called a back door) is a routine built into a system by its designer or programmer. a keystroke combination or a specific login may set it off. • This routine allows the designer or the programmer to sneak back into the system to access software or specific programs.

• Just imagine. . • Although the store is open.DENIAL-OF-ACCESS ATTACKS • A denial-of-service attack is a method hackers and crackers use to prevent or deny legitimate users’ access to a computer or web server. 5. it cannot provide service to its legitimate customers.000 or more people surround a department store and block everybody who wants to enter the store.

making the system unusable. . • Any system connected to the Internet running Transmission Control Protocol services are subject to attack. or mail server). file transfer protocol. which floods the server’s resources.DENIAL-OF-ACCESS ATTACKS • These computer criminals use tools that send many requests to a targeted Internet server (usually the Web.

• This is similar to denial-of-service attacks. • As soon as the store clerk picks up the phone.DENIAL-OF-ACCESS ATTACKS • Just imagine continuous phone calls to a traditional store. he or she finds out that this is a prank call. it prohibits the store’s legitimate customers to get hold of the store operator and use the store’s services or products. . • If this process continues.

causing it to grind to a halt. • The attacks usually come from several computers on the Web. and this makes it difficult to trace the attacks . in which a web site is bombarded with thousands of requests for information in a very short period of time.DENIAL-OF-ACCESS ATTACKS • The assaults are all of a type known as “distributed denial-of-service” attacks.

. • It is nearly impossible to trace the attack. • The methods of how and what resources are flooded differ based on the tools used by the hackers. • These computers can be centrally controlled.DENIAL-OF-ACCESS ATTACKS • A hacker secretly plants denial-of-access attack tools on several computers on the Web. particularly if the attacks come from several sites.

SECURITY MEASURES AND ENFORCEMENTS FOR E-COMMERCE • • • • • • Biometric securities Non-biometric securities Physical securities Software securities Electronic transactions securities CERT .

• Some of the drawbacks of biometrics are their relative high cost. lost. acceptance by users. and the relative difficulty of installation. copied. or passed on to others. • These security measures rely on the concept that a unique part or characteristic of an individual cannot be stolen. .BIOMETRIC SECURITIES • Biometric security measures use elements from the human body to screen users.

• Hand geometry: Hand geometry measures the length of fingers on both hands. Identification of the user is verified by data stored in a computer file. . his or her fingerprint is scanned and verified against the print stored in an electronic file. • Retinal scanning: Retinal scanning using a binocular eye camera is one of the most successful methods for security application. If there is no match. the access request is granted. Palm-print is used by law-enforcement agencies to catch criminals.BIOMETRIC SECURITIES • Fingerprint: Whenever a user tries to access the system. If there is a match. access is rejected. and the webbing between the fingers. the translucence of the fingertips. • Palm-print: The individual characteristics of the palm are used to identify the user.

This technique is relatively new.BIOMETRIC SECURITIES • Signature analysis: Signature analysis uses the signature as well as the user’s pattern. • Voice recognition: Voice recognition translates words into digital patterns for transmission to the server. A properly designed voice-based security system could provide major enhancements to the safety of financial transactions conducted over the telephone. acceleration. Voice patterns are recorded and examined by tone. and the length of the time needed to sign one’s name. Voice recognition can work over long distances via ordinary telephones. pitch. Using voice to verify user identity has one characteristic that most other biometric technologies cannot offer. pressure deviation. and research is ongoing. and so forth. .

By doing this the system separates authorized users from unauthorized users. .NONBIOMETRIC SECURITIES • Callback Modems: Using a callback modem. the system validates access by logging the user off and calling the user back.

NONBIOMETRIC SECURITIES • Callback Modems • Firewalls • Intrusion-Detection Systems .

the system validates access by logging the user off and calling the user back. . • By doing this the system separates authorized users from unauthorized users.Callback Modems • Callback Modems: Using a callback modem.

. • Predefined access and scope of use are required. and all other requests are blocked.Firewalls • A firewall is a combination of hardware and software that serves as a gateway between the private network and the Internet. • An effective firewall should protect both the export and import of data from and to the private network.

• The walls and doors of the house prevent unauthorized people from getting in. while the windows still allow those in the house to see the outside. and doors. windows. .Firewalls • A firewall’s protection is similar to a house with walls.

Firewalls If designed effectively. a firewall can look at every piece of data that passes into or out of a private network and decide whether to allow the passage based on the following: • User identification • Point of origin • Point of destination • The information contents .

Firewalls By careful examination of the packet that is trying to exit from or enter into the private network. a firewall can choose one of the following actions: • Reject the incoming packet • Send a warning to the network administrator .

Firewalls By careful examination of the packet that is trying to exit from or enter into the private network. a firewall can choose one of the following actions: • Reject the incoming packet • Send a warning to the network administrator .

Sign up to vote on this title
UsefulNot useful