This action might not be possible to undo. Are you sure you want to continue?
Manav Rachna College of Engg.
(MBA – IV SEM) COURSE NAME
E-Commerce : Security Concerns
Confidentiality – controlling access to information Integrity – data & programs to be free from unauthorised change or loss Availability & Legitimate Use – continual access to authorised users Non-Repudiation – ability to ensure that neither party can deny transaction or have anonymity Requires a legal framework within which to punish offenders Security = compromise – cost vs perceived security
Difficult as security is always a cost and there is no way of measuring return on investment
g. fob.access rights to certain areas Auditing – log files & journal files Information Security Policy – iterative development List all resources requiring protection – routers. etc Define physical access restrictions to servers. knowledge – password Physical – card.Security Risk Management Authentication . PCs etc Define electronic access to the above Catalogue threat for each resource and perform risk analysis . e. etc Biometric – fingerprint. retina scan.of the web site or the buyer / participant Requires some credentials. Authorisation . face recognition. firewalls.
read. .Security Mechanisms Access control mechanisms are closely connected with authentication.g.. execute). all parties involved in a communication session). a principal has to be successfully authenticated first. Encryption mechanisms Encryption mechanisms protect the confidentiality (or privacy) of data. Each access to a protected resource is mediated by a central computing facility called a reference monitor. most infiltration attacks pose no danger.g. Digital signature mechanisms Digital signatures provide not only data integrity but also nonrepudiation. An encryption mechanism always uses a key available only to a defined group of people. If access control is implemented correctly. In order to be able to use its access permissions. Each principal is assigned a set of access permissions or rights (e.. Such a group can consist of one person (the receiver of the encrypted data) or several people (e. write. It can be generated by a special digital signature mechanism as well as by some encryption mechanisms.
They can. The time service could affix a time stamp and. Routing control mechanisms A routing control mechanism makes it possible to choose a specific path for sending data through a network. traffic to keep the level approximately constant.dummy. Notarization mechanisms Notarization mechanisms are provided by a third-party notary that must be trusted by all participants. a message that has to be submitted by a specific deadline may be required to bear a time stamp from a trusted time service proving the time of submission. In this way. origin. Moreover. Traffic padding mechanisms Traffic padding mechanisms offer protection against traffic analysis. also digitally sign the message. for example. Sometimes an adversary can draw conclusions from observing. use digital signatures of message digests computed by a cryptographic hash function. the network administrator can decide to reject it. Therefore it may be advisable to generate . so that the adversary cannot gain any information. if necessary.Security Mechanisms Data integrity mechanisms Data integrity mechanisms protect data from unauthorized modification. For example. for example. trusted network nodes can be selected so that the data is not exposed to security attacks. a change in the amount of data exchanged between two principals. . time or destination of data. The notary can assure integrity. if data entering a private network has no appropriate security label.
Privacy & Ethical .Major Issues : Legal.
in India .fr France .net .It is in fact a user-friendly alphanumeric alias for an Internet Protocol (IP) address. An IP address is a unique number that identifies a particular computer that is attached to the Internet. ccTLD‟s are numerous (there are about 190 countries with ccTLD‟s) and these are represented by two letters of the alphabet.my Malaysia There are only three gTLD‟s that are generally available on a first-come-first-served basis to anyone in the world: .com . .ch Switzerland . Top Level Domain (TLD) are split into „generic‟top-level domain names (gTLD‟s) „country-code specific‟ top-level domain names (ccTLD‟s).The nature of domain names A domain name is essentially an „e-commerce logo‟ which provides companies with their „e-identity‟.org .
The fundamental difference between a trade mark and a domain name is that there can be several identical trade marks registered in different parts of the world. For example. as such names are necessarily unique.com.com. although I may register the domain name. by different people. or even in the same jurisdiction. domain name registration system offers no protection against the registration of similar names.Whilst use of an identical domain name to one registered by an e-business is therefore impossible. Each identical trade mark can relate to a different type of goods without any possibility of the trade mark use constituting an infringement. . pwcarey. this does not stop someone else registering the domain name p-w-carey.com or pcarey. By contrast there can only ever be one of each domain name.
org) in December 1999.net and ..has proved very popular and successful.uk domain names).This section considers the dispute resolution procedures of ICANN and Nominet (which administers all .That system.com. The Internet Corporation for Assigned Names and Numbers (ICANN) set up a dispute resolution system for the top-level generic domain names (.Cybersquatting Cybersquatting is the activity that involves the bad faith registration of trade marks as domain names. .known as the Uniform Dispute Resolution Policy (UDRP).It is administered by four bodies (the best known of which is the World Intellectual Property Organisation) and frequently results in a domain name being transferred to the claimant.
The Distance Selling Regulations A consumer who purchases goods or services from an e-commerce business is protected to a greater degree than a business purchaser is. . performance f) the existence of the right of cancellation g) any additional costs of using the means of distance communication h) the period for which the price remains valid i) where appropriate. The information requirements a) the identity and address of the supplier b) the characteristics of the goods or services c) the price including all taxes d) delivery costs e) arrangements for payment. delivery. the duration of a service contract.
This practice.was challenged on the basis that it allowed users access to the site without being required to travel via the homepage.Website linking Agreements To date operators of websites have provided links from their own sites to those of third parties with little thought for the legal consequences. putting in place a written contract that sets out the obligations of the parties to a linking agreement.known as deep linking. E-commerce businesses should therefore consider.The contract should deal with the following issues: The link Intellectual property Commission Charges Data protection Database right . involving the website of a Scottish newspaper.in appropriate circumstances. an e-business was sued for providing a link to a page within the site of the newspaper. In one case.
. Essentially the protection that exists prevents any person from copying the material without permission.if you were to include aspects of a third party website in the design of your own site then you ould be at risk from an infringement action. In fact copyright protection exists as soon as a copyright work is made. The most common misconception about copyright is that it requires registration. Similarly. For example.Liability for website content Copyright : The law of copyright provides protection to certain types of works.if you design a web page then copyright will exist in the web page. If anyone copies your web page (online or offline) you should be able to maintain an infringement action.
. having regard to all relevant circumstances. any director or manager found to have consented to or to have been negligent in relation to the offence may also be convicted. to read.’ Descriptions and prices Under the Trade Descriptions Act 1968 it is a criminal offence to „apply a false trade description‟to goods or services.The maximum punishment is two years imprisonment. if taken as a whole. s1 provides that: ‘an article shall be deemed to be obscene if its effect or (where the article comprises two or more distinct items) the effect of any one of its items is. Offensive and indecent materials Obscene Publications Act 1959.Where the person convicted of the offence is a corporate body. such as to tend to deprave and corrupt persons who are likely. see or hear the matter contained or embodied in it.
request.The Debate about Free Speech on the Internet Provisions in law for 2 cases that limit free speech obscene material compelling government interest “Indecency” “any comment. proposal. or other communication that. depicts or describes. in context. image. suggestion. in terms patently offensive as measured by contemporary community standards. sexual or excretory activities or organs” .
Cookies Reasons for using cookies to personalize information to improve online sales/services to simplify tracking of popular links or demographics to keep sites fresh and relevant to the user‟s interests to enable subscribers to log in without having to enter a password every visit to keep track of a customer‟s search preferences personal profiles created are more accurate than selfregistration Solutions to cookies users can delete cookie files stored in their computer use of anti-cookie software (e.g. Cookie Cutter and Anonymous Cookie) .
Human Rights and E-commerce .
Security ELECTRONIC SIGNATURES ENCRYPTION .
.or digital. the first piece of pure e-commerce legislation in the UK. provides that an electronic signature „incorporated into or logically associated with a particular electronic communication or particular electronic data. Electronic signatures The Electronic Communications Act 2000.1. an electronic identification of a person or company can be used in court to show that that person or company made a contract.signature is essentially something associated with an electronic document that performs the same function as a manual signature. and the certification by any person of such a signature‟ shall be admissible in evidence in any legal proceedings as to the authenticity or integrity of the communication or data. An electronic.
Encryption •The Electronic Communications Act 2000 sets up a register of cryptography service providers. •This is defined as any service to those sending or receiving electronic communications. •The Act imposes a duty on the Secretary of State to establish and maintain a register of approved providers of „cryptography support services‟.2. only by certain persons (the „confidentiality provision‟) • ensuring that the authenticity or integrity of such communication or data is capable of being ascertained. or to those who store electronic data. . techniques for the following purposes: • ensuring that such communications or data can be accessed or put into an intelligible form. and which is designed to facilitate the use of cryptographic.
or institutions to determine for themselves when.Protecting Privacy Privacy The right to be left alone and the right to be free of unreasonable personal intrusions Information Privacy The “claim of individuals. information about them is communicated to others” . groups. and to what extent.
or self-regulation. Enforcement/Redress— There must always exist a method of enforcement and remedy. . Consent may be granted through „opt-Out‟ clauses requiring steps. Access/Participation— Consumers must be able to access their personal information and challenge the validity of the data. Integrity/security— Consumers must be assured that the data is secure and accurate. legislation for private remedies.Privacy Protection 5 basic principles Notice/Awareness— Customers must be given notice and be able to make informed decisions. Choice/Consent— Customers must be made aware of their options as to how their personal information may be used. The alternatives are government intervention.
why is it bad? Spamming “the practice of indiscriminate distribution of messages (for example junk mail) without permission of the receiver and without consideration for the messages’ appropriateness” Spamming‟s negative impacts Spam comprised 30% of all mail sent on America Online slowing the Internet in general shutting ISPs down completely now less than 10% .Controlling Spamming What is spamming.
Controlling Spamming How to cut spamming Tell users not to validate their addresses by answering spam requests for replies if they want to be taken off mailing lists Disable the relay feature on SMTP (mail) servers so mail cannot be bounced off the server Delete spam and forget it— it‟s a fact of life and not worth wasting time over .
and other fraud schemes Customers may Other Financial Fraud Other Fraud in EC receive poor quality products and services not get products in time be asked to pay for things they assume will be paid for by sellers .Fraud on the Internet Internet Stocks Fraud SEC brought charges against 44 companies and individuals who illegally promoted stocks on computer bulletin boards. online newsletters and investment Web sites Selling bogus investments. phantom business opportunities.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.