ECommerce Technology

ECommerce >> Internet Security

Internet Security

 The Internet has become a tremendous asset to human life. It provides access to comprehensive information literally at our fingertips. Even more than that, the Internet plays host to one of the great discoveries of the 20th Century; e-commerce. Besides having the ability to access virtually limitless information at our fingertips, it has, at our ready disposal is the ability to buy just about anything we want, from the comfort of our own homes. E-commerce means we can buy books, computers, holidays, flights even cars and more, without having to leave our homes. Although this is a very appealing concept, it was rather slow to take off in the beginning because people feared that placing their credit card details and bank details into a “black hole”, was just too much of a risk. Even though the risk was minimal, the risk still existed.

 The risk was largely due to the fact that credit card details etc, were sent as plain text. This means that un-encoded information intercepted by a thief using electronic methods, could read the numbers and use them for fraudulent purposes. To overcome this problem and protect the consumer, various technologies have been developed, thus instilling confident and encouraging people to purchase online.

S-HTTP (Secure Hypertext Transfer Protocol)

 As we have seen from previous modules, a Web site is really an HTTP server that responds to HTTP requests. The HTTP protocol provides no security, and so in order to create a secure Web site, a way of encrypting the information that is passed using HTTP, needs to be found. An organisation called NCSA created a new, secure version of the HTTP protocol, called S-HTTP.

 S-HTTP is a secure version of the standard HTTP command set used to communicate with a Web site. The fact that it is not a proprietary standard, is a great advantage, and although it is supported by almost all Web server software, it is not so well supported by commercial Web browsers. Netscape, who produces the rival secure protocol SSL, has said that it will attempt to include support for S-HTTP within its products in the near future. When this happens, users will be able to use a browser to communicate with either a S-HTTP or SSL server.

 S-HTTP works between the TCP/IP layer and the HTTP protocol; whenever HTTP requests information to be sent to another server, it passes the request to S-HTTP which then ensures that the information is encrypted and authenticated before passing the newly encrypted information to TCP/IP for transmission.

 S-HTTP provides a number of services to ensure security. It:

 - Encrypts information to ensure that only the intended recipient can read the information. A wide range of encryption standards are supported.

- Provides authentication to ensure that the sender is the author and to ensure that the information has not been tampered with en-route.

 - Supports digital signatures to confirm the sender is who he claims to be.

- Will work with a client who does not have a client public key certificate, which means the user does not need to register a client key and so instantaneous secure session can be established.

- Will only encrypt a compete document or form rather than just parts of the document or form. This means that a form requesting names, addresses, telephone numbers etc, will be completely encrypted, thus providing greater security.