Authentication, Encryption, Digital Payments, and Digital Money

1. Authentication

Authentication is the process of identifying an individual or a message usually based on username and password or a file signature.
Authentication is distinct from authorization

• Log-in Passwords
• Weak method with short passwords
• Features commonly used to identify and authenticate an user:: Something the user knows (e.g. password).; Something the user has (e.g. token, smartcard).; Something that is part of the user (e.g. fingerprint).

Digital Signature

A digital signature is a code attached to an electronically transmitted message to identify the sender.

1. The sender composes the document.
2. The sender uses a hash algorithm to create a “one-way”hash.
3. The user uses his or her private part of a public key system to encrypt the one-way hash to create the digital signature.
4. The sender then combines the original document with the digital signature to create a new signed document and send it to the receiver
5. The receiver separates the document from its signature.
6. he receiver decrypts the digital signature using the sender public key.
7. The receiver applies the hashing algorithm to the original electronic document to produce a new one-way-hash.

1. Encryption

Encryption is the conversion of plain text or data into a unintelligible form by means of a reversible translation.

Decryption : The inverse operation to encryption.

Methods of Encrypting Data :
1. Translation Table

·         Simplest method.

·         Easy to program

·         Easy to break

·         Refinements : Table rotation; Using several tables

2. Word/byte rotation  - XOR bit masking

• If the words or bytes within a data stream are rotated, using multiple and variable direction and duration of rotation in an easily reproducible pattern, a stream of data can be quickly encoded with a method that is nearly impossible to break.
• If the code uses an XOR mask in combination with Word/byte rotation, code breaking becomes more difficult. (bits in certain positions are flipped from 1 to 0 or 0 to 1.)
• Other combinations: Pseudo-random effect.

3. Symmetric Key Encryption 

• Sender and receiver share the same key.
• Highly efficient implementation.
• Only the key decrypts the message, this assures authentication. 
• Security is compromised if the key is divulgated.

4. Asymmetric Key Encryption 

• Most common Based on RSA Data Security Algorithm. 
• Based on public keys. 
• Composed by two keys, public and private.
• The public key is published.
• Private key encrypts the information.
• Public key decrypts the information.
• Requires more computation than symmetric method.
• High Security for short messages

Confidentiality

Confidentiality has two aims:

• To use the digital signature or encrypted hash function to authenticate the identity of the sender.
• To protect the content of the message from eyes other than those of the intended recipient.

Cryptography is used to implement privacy

• Encoded message has no apparent meaning.

Two steps involved:

• In the first step, a clear message is encrypted.
• The reverse aspect is the deciphering by the recipient.

Secure Socket Layer (SSL)

• Developed by Netscape for transmitting private documents via theInternet
• Both supported by Netscape Navigator and Internet Explorer
• Many websites use SSL to obtain confidential user information, such as credit card number.

Electronic Money & Digital Money

DigiCash

• The analogy of paper money or coin : electronic bills, each with a unique identification.; prevent duplication of bills
• Expensive, as each payment transaction must be reported to the bank and recorded
• Conflict with the role of central bank’s bill issuance
• Legally, DigiCash is not supposed to issue more than an electronic gift certificate even though it may be accepted by a wide number of member stores

Stored Value Cards

• No issuance of money–Debit card a delivering vehicle of cash in an electronic form
• Either anonymous or onymous
• Advantage of an anonymous card : the card may be given from one person to another 

Smart card-based e-cash

• Can be recharged at home through the Internet
• Can be used on the Internet as well as in a non-Internet environment

Ceiling of Stored Values

• To prevent the abuse of stored values in money laundry
• S$500 in Singapore; HK$3,000 in Hong Kong

Multiple Currencies

• Can be used for cross border payments

Contactless IC Cards

Proximity Card

• Used to access buildings and for paying in buses and other transportation systems
• Bus, subway and toll card in many cities

Amplified Remote Sensing Card

• Good for a range of up to 100 feet, and can be used for tolling moving vehicles at gates
• Pay toll without stopping (e.g. Highway 91 in California)

Electronic Check Systems

Electronic Check Systems

• high processing cost for paper checks, which is the most popularpayment method for remote payees
• expect to becomemajor payment medium in B2B
• security features are basically the same as SET : encryption, digital signature, and certificates
• usage procedures are different from SET

Electronic Checkbook

• Counterpart of electronic wallet
• To be integrated with the accounting information system of business buyers and with the payment server of sellers
• To save the electronic invoice and receipt of payment in the buyers and sellers computers for future retrieval.
• Example : SafeCheck
• Used mainly in B2B

Integrating Payment Methods

Two potential consolidations:

• The on-line electronic check is merging with EFT
• The electronic check with a designated settlement date is merging with electronic credit cards

Security First Network Bank (SFNB)

• First cyberbank
• Lower service charges to challenge the service fees of traditional banks

Visa is experiment with VisaCashand ePay

• VisaCash is a debit card
• ePay is an EFT service

VIRTUAL PRIVAT NETWORK FOR E-COMMERCE

Introduction

E-commerce and online transactions have become an integral part of our lives these days. Consumers find it convenient to shop online for which the retailers offer home-delivery and online payment facilities. It appears that this mode of transaction is the safest among the rest. If you are among those people who prefer online shopping, then you must realize the fact that the transactions you make are exposed to huge security risks. These risks include theft of confidential information like web log-ins, passwords, home address, bank details and other information by hackers and eavesdroppers. But this risk can be eliminated using Virtual Private Network (VPN).

But first we must understand what actually this Virtual Private Network (VPN) is and how it can be helpful in e-commerce industry.

Virtual Private Network (VPN)

A Virtual Private Network (VPN) can be defined as a network that offers secure and remote access to one’s office network from anywhere in the world using internet. It is considered as one of the safe and secure method that offers setting up a private network for the purpose of personal communication.

E-commerce and Security Risks

This era has witnessed massive technological advancements in all fields. E-commerce is one of the best achievements of this tech-oriented world where organizations and consumers can have business deals online. Businesses and retailers offer their products and services on their websites from where consumers can place an order by making online transactions.

Although this trend offers a great convenience and support that appears to be safe and sound as well. But many people are unaware of the fact that these so called safe transactions are actually subject to a massive risk. For making a transaction, a consumer is required to enter his personal details like bank account number, passwords and other confidential data. But all these information can be accessed by hackers who can use it for harmful and unlawful purposes. Therefore, it is necessary to figure out a way that can assure the security of these transactions. The best solution is to use a Virtual Private Network (VPN) for ensuring the security against risks.

Using VPN for E-commerce

VPN can be used for secure online transactions. If you are looking for a secure means of carrying out e-commerce or online transactions, then you need to use a Virtual Private Network (VPN) acquired from a reliable VPN service Provider. It operates as a protective guard that shields you from the hackers out there in the online world looking for stealing your personal information for wrong intentions. 

A VPN builds up a secure pathway over the internet connecting you to other desired public networks. This connection is encrypted, decrypted and authenticated with the help of the creating a trustworthy connection and by using security algorithms. It offers you an IP address that is different from your system’s actual address, thus concealing your real identity from the hackers. This enables you to carry out any online transaction with complete security and safety as they will not be able to steal your information from an anonymous place.

The Virtual Private Network (VPN) works by tunneling protocols. These protocols play a significant role in transmitting data between the two ends as the data encrypted by these protocols and sent through the secure tunnel cannot be hacked without proper data encryption. This process of encryption is not limited to data only, but it also encrypts the IP addresses of the two ends. The best VPN protocols used for this purpose include PPTP, L2TP/IPSec, SSL (SSTP ad Open VPN).

Among these protocols, the most significant protocol is SSL due to its capability of being unblockable unlike other protocols. Some locations like Middle East and China use firewalls to block these protocols for their respective security concerns. This makes the VPN service supporting these protocols, useless in those areas. However, the SSL protocol does not require any VPN software but a web browser to function, making it difficult for the authorities to get it blocked.

Final Word

The time has come that the users of e-commerce must ensure the security of their online transactions using best VPN services. One must make sure to have detailed information about the services provided by the IPN providers. It is recommended that users must have a VPN service that offers SSL protocol as it can be used all over the world, including the countries where protocols are being blocked by the authorities. This will lead to a safe and secure online transaction process.