1 / 13

Dave Crocker Brandenburg Consulting dcrocker@brandenburg +1 408 246 8253 brandenburg

Commerce and Financial Transaction Security Over the Internet. Dave Crocker Brandenburg Consulting dcrocker@brandenburg.com +1 408 246 8253 www.brandenburg.com. What we will cover. Architecture Channel Object Commerce Trading Payment. Object. Channel. Secure. Email Secure.

robertkirk
Download Presentation

Dave Crocker Brandenburg Consulting dcrocker@brandenburg +1 408 246 8253 brandenburg

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Commerce and Financial Transaction Security Over the Internet Dave Crocker Brandenburg Consulting dcrocker@brandenburg.com +1 408 246 8253www.brandenburg.com

  2. What we will cover • Architecture • Channel • Object • Commerce • Trading • Payment

  3. Object Channel Secure Email Secure Web Secure My object Web Server MTA Email FTP Web Web Server MTA Email Secure Secure My object My object My object My object Where to put security? My object

  4. Channel security IPSEC IP-level labeling Kerberos (MIT) Third-party service S-KEY/OTP Pairwise login SSL/TSL Client-server link SASL Scheme selection

  5. PGP PGP, Inc. Qualcomm Years of use Significant installed base Informal CA scheme w/server S/MIME RSA DSI Netscape, Microsoft No usage history Sudden large installed base Formal CA scheme w/ server Object contenders

  6. Phases Shopping Searching Negotiating Terms Buying Instrument Paying Exchange

  7. Open Trading Protocol • OTP Consortium • Functions • Authentication • Deposit • Purchase • Refund • Withdrawal • Value Exchange

  8. Payment system model Risk Management... Clearing House Buyer Issuing Bank 16+4 Acquiring Bank Merchant M. Rose, FV

  9. Scheme “Clear” Just trust the net... Easy to capture and replay. Buyer 16+4 in the clear! Clearing House Merchant

  10. Scheme “ID” Still trust the net, until the next statement... Easy to capture and replay. Buyer 16+4 ID Clearing House ID Merchant 16+4

  11. Scheme “ID confirm” 16+4 Buyer ID Clearing House ID Confirm Merchant ID Each transaction confirmed. Requires mildly safe user account.

  12. Scheme “Secure link” Same a telephone, but encrypt over Internet. Merchant gets number. Is merchant safe?? Buyer Encrypted 16+4 Clearing House Merchant 16+4

  13. Scheme “Mediated” Only banks sees data in clear. Limited points of attack. Buyer Encrypted 16+4 Encrypted 16+4 Clearing House Merchant

More Related