Skip to main content

Home/ IPGO2010/ Group items tagged security

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Spauit group

ecommerce security issues: an introduction - 0 views

www.ecommerce-digest.com/ecommerce-security-issues.html

security issues

shared by Spauit group on 11 May 10 - Cached
  • Any system has to meet four requirements: privacy: information must be kept from unauthorized parties. integrity: message must not be altered or tampered with. authentication: sender and recipient must prove their identities to each other. non-repudiation: proof is needed that the message was indeed receive
  • Digital signatures meet the need for authentication and integrity. To vastly simplify matters (as throughout this page), a plain text message is run through a hash function and so given a value: the message digest. This digest, the hash function and the plain text encrypted with the recipient's public key is sent to the recipient. The recipient decodes the message with their private key, and runs the message through the supplied hash function to that the message digest value remains unchanged (message has not been tampered with). Very often, the message is also timestamped by a third party agency, which provides non-repudiation.
  • What about authentication? How does a customer know that the website receiving sensitive information is not set up by some other party posing as the e-merchant? They check the digital certificate
  • ...3 more annotations...
  • The procedure is something like this: the client sends a message to the server, which replies with a digital certificate. Using PKI, server and client negotiate to create session keys, which are symmetrical secret keys specially created for that particular transmission. Once the session keys are agreed, communication continues with these session keys and the digital certificates.
  • Credit card details can be safely sent with SSL, but once stored on the server they are vulnerable to outsiders hacking into the server and accompanying network. A PCI (peripheral component interconnect: hardware) card is often added for protection, therefore, or another approach altogether is adopted: SET (Secure Electronic Transaction). Developed by Visa and Mastercard, SET uses PKI for privacy, and digital certificates to authenticate the three parties: merchant, customer and bank. More importantly, sensitive information is not seen by the merchant, and is not kept on the merchant's server.
  • Sensitive information has to be protected through at least three transactions: credit card details supplied by the customer, either to the merchant or payment gateway. Handled by the server's SSL and the merchant/server's digital certificates. credit card details passed to the bank for processing. Handled by the complex security measures of the payment gateway. order and customer details supplied to the merchant, either directly or from the payment gateway/credit card processing company. Handled by SSL, server security, digital certificates (and payment gateway sometimes).
Spauit group

Commerce One Inc - 0 views

ecommerce.hostip.info/...Commerce-One-Inc.html

ecommerce

shared by Spauit group on 11 May 10 - Cached
  • ommerce One builds business-to-business (B2B) e-commerce exchanges that allow companies to do business via the World Wide Web or other electronic platforms
  • . The idea behind these exchanges, or marketplaces, is to cut costs for all parties involved by creating a single place where buyers, sellers, distributors, and suppliers can complete commerce transactions.
  • Commerce One exchanges, based on the firm's Market Site Portal software, offer auction capabilities, which let clients collect offers for their merchandise to get the best possible prices. Similarly, reverse auctions allow businesses to solicit competitive bids for products and services they are looking to purchase. Commerce One's BuySite procurement software suite is geared more toward creating private supply chain sites for individual companies. This technology also allows buyers to view various supplier catalogs online and complete secure transactions electronically.
  • Spauit group on 11 May 10
     
    B2B
Spauit group

Local Express Delivery - 0 views

www.squidoo.com/LocalExpressDelivery

ecommerce delivery

shared by Spauit group on 11 May 10 - Cached
  • Ecommerce Stores begin to Offer Same Day Delivery Service
  • It's no surprise that these two industries meet.  The same day delivery and the ecommerce industry.  Consumers of ecommerce stores want the convenience and speed of the process and the courier service industry allows the online stores get their product in the hands of their consumers within hours
  • This type of service requires special logistics of contractor drivers.  These drivers are typically someone who has a social security number and a vehicl
  • ...2 more annotations...
  • The process is quite simple.  A transaction is made and the order is sent to clients nearest warehouse location.  The client and the warehouse may be a few miles apart or a few hundred.  It doesn't matter, a courier service can still get the product in the hands of the customer in a very short time.  The order is then electronically dispatched to the courier service provider.
  • hey can do this very quickly with the use of courier software such as Courier Complete and electronically dispatch their order with GPS tracking to the best available delivery driver
  • Spauit group on 11 May 10
     
    Ecommerce Stores begin to Offer Same Day Delivery Service
1 - 5 of 5
Showing 20 items per page