Ect 455 e commerce web site engineering
Download
1 / 63

ECT 455 E-Commerce Web Site Engineering - PowerPoint PPT Presentation


  • 254 Views
  • Uploaded on

ECT 455 E-Commerce Web Site Engineering . Electronic Payment Systems Internet Transaction Security. Agenda. Market news Privacy Issues Digital payment Transaction security. Consumer Trust and Privacy. Consumer WebWatch Only 29% trust Web sites that sell products or services

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' ECT 455 E-Commerce Web Site Engineering ' - Michelle


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Ect 455 e commerce web site engineering l.jpg

ECT 455E-Commerce Web Site Engineering

Electronic Payment Systems

Internet Transaction Security

ECT 455/HCI 513 Susy Chan Ph.D.


Agenda l.jpg
Agenda

  • Market news

  • Privacy Issues

  • Digital payment

  • Transaction security

ECT 455/HCI 513 Susy Chan Ph.D.


Consumer trust and privacy l.jpg
Consumer Trust and Privacy

  • Consumer WebWatch

  • Only 29% trust Web sites that sell products or services

  • Sites for commerce: 95% disclosure of all fees; 93% disclosure of the site’s policy on using personal information

  • News and information sites: 65% disclosure of privacy polices, 59% clear labeling of advertisement

  • Search engine sites: 60% don’t know about ad sponsorship, 80% want search engines to revel these practices.

  • 57% read policies about credit cards; 35% privacy policies; 22% “About Us”

Consumer WebWatch: “A Matter of Trust: What Users Want From Web Sites” 4/16/02

ECT 455/HCI 513 Susy Chan Ph.D.


Internet and the right to privacy l.jpg
Internet and the Right to Privacy

  • Self-regulated medium: The Internet industry governs itself

  • Violation of Privacy Right or Better Service?

    • FTC Study: 97% collected personal information, only 62% informed the users about such practice; 57% contained 3rd party tracking devices

    • Privacy advocates argue that these efforts violate individuals’ privacy rights

    • Online marketers and advertisers suggest that online companies can better serve their users by recording the likes and dislikes of online consumers

  • Financial Services Modernization Act of 1999

    • Establishes a set of regulations concerning the management of consumer information

ECT 455/HCI 513 Susy Chan Ph.D.


Network advertising initiative nai l.jpg
Network Advertising Initiative (NAI)

  • Approved by the FTC in July 1999 to support self regulation

  • NAI currently represents 90 percent of Web advertisers

  • Determines the proper protocols for managing a Web user’s personal information on the Internet

  • Prohibits the collection of consumer data from medical and financial sites

  • Allows the combination of Web-collected data and personal information

ECT 455/HCI 513 Susy Chan Ph.D.


Doubleclick marketing with personal information l.jpg
DoubleClick: Marketing with Personal Information

  • Regulation of the Internet could limit a company’s efforts to buy and sell advertising

  • DoubleClick

    • Advertising network of over 1,500 sites and 11,000 clients

  • Abacus Direct Corp

    • Names, addresses, telephone numbers, age, gender, income levels and a history of purchases at retail, catalog and online stores

  • Digital redlining

    • Skewing of an individual’s knowledge of available products by basing the advertisements the user sees on past behavior

ECT 455/HCI 513 Susy Chan Ph.D.


Protecting your business privacy issues l.jpg
Protecting Your Business: Privacy Issues

  • Privacy policy

    • The stated policy regarding the collection and use of visitor’s personal information

  • Privacy policy services and software

    • PrivacyBot.com; TRUSTe

  • Core Fair Information Practices by FTC

    • Consumers should

      • be made aware that personal information will be collected

      • have a say in how this information will be used

      • have the ability to check the information collected to ensure that it is complete and accurate

    • The information collected should be secured

    • The Web site should be responsible for seeing that these practices are followed

ECT 455/HCI 513 Susy Chan Ph.D.


Electronic payment systems l.jpg
Electronic Payment Systems

  • Efficient and effective payment services accepted by consumers and businesses are essential to e-commerce.

  • Requirements:

    • Convenient for web purchasing

    • Transportable over the network

    • Strong enough to thwart electronic interference

    • Cost-effective for extremely low-value transactions

ECT 455/HCI 513 Susy Chan Ph.D.


Electronic payment systems9 l.jpg
Electronic Payment Systems

  • Banking and Financial Payments

    • Bank-to-bank transfer (EFT)

    • Home Banking -- CitiBank, Wells Fargo

  • Payment through an Intermediary

    • Open Market *

    • First Virtual (FirstVirtual Pin) *

* Both refer to their earlier business models

ECT 455/HCI 513 Susy Chan Ph.D.


Electronic payment systems10 l.jpg
Electronic Payment Systems

  • Electronic Currency Payment Systems

    • Electronic Cash -- Internetcash.com

    • Electronic Checks -- NetCheque

    • e-Wallets

    • Smart Cards

    • American Express (blue smart card)

    • Visa

  • Micropayments

    • Echarge, (echarge.com)

    • paystone.com

ECT 455/HCI 513 Susy Chan Ph.D.


Slide11 l.jpg
More

  • Retailing Payment Systems

    • Credit Cards -- Visa or MasterCard

    • Private Label Credit/Debit Cards

    • Charge Cards -- American Express; echarge

  • Peer-to-peer payments (between consumers)

    • PayPal (billpoint)

ECT 455/HCI 513 Susy Chan Ph.D.


Credit card transactions l.jpg
Credit-Card Transactions

  • Popular form of payment for online purchases

  • Resistance due to security concerns

  • Many cards offer capabilities for online and offline purchases

    • Mastercard

    • American Express Blue

ECT 455/HCI 513 Susy Chan Ph.D.


Credit card transaction enablers l.jpg
Credit-Card Transaction Enablers

  • Credit-Card Transaction Enablers

    • Companies that have established business relationships with financial institutions that will accept online credit-card payments for merchant clients

      • Trintech

      • Cybercash (Verisign)

ECT 455/HCI 513 Susy Chan Ph.D.


E wallets l.jpg
E-Wallets

  • E-wallets

    • Keep track of your billing and shipping information so that it can be entered with one click at participating sites

    • Store e-checks, e-cash and credit-card information

  • Credit-card companies offer a variety of e-wallets

    • Visa e-wallets

    • MBNA e-wallet allows one-click shopping at member sites

  • A group of e-wallet vendors have standardized technology with Electronic Commerce Modeling Language (ECML)

  • Yahoo Wallet (wallet.yahoo.com)

ECT 455/HCI 513 Susy Chan Ph.D.


Digital currency l.jpg
Digital Currency

  • Digital cash

    • Stored electronically, used to make online electronic payments

    • Similar to traditional bank accounts

    • Used with other payment technologies (digital wallets)

    • Alleviates some security fears online credit-card transactions

    • Allows those with no credit cards to shop online

    • Merchants accepting digital-cash payments avoid credit-card transaction fees

ECT 455/HCI 513 Susy Chan Ph.D.


Smart cards l.jpg
Smart Cards

  • Smart card

    • Card with computer chip embedded on its face, holds more information than ordinary credit card with magnetic strip

    • Contact smart cards

      • To read information on smart cards and update information, contact smart cards need to be placed in a smart card reader

    • Contactless smart cards

      • Have both a coiled antenna and a computer chip inside, enabling the cards to transmit information

    • Can require the user to have a password, giving the smart card a security advantage over credit cards

      • Information can be designated as "read only" or as "no access"

      • Possibility of personal identity theft

ECT 455/HCI 513 Susy Chan Ph.D.


Security considerations e commerce v s paper based commerce l.jpg
Security Considerations:E-commerce v.s. Paper-based Commerce

  • Security attributes of signed paper document

    • Semi-permanence of ink embedded in paper fibers

    • Particular printing process

      • such as letterhead

    • Watermarks

    • Biometrics of signature

    • Time stamp

    • Obviousness of modifications, interlineations, and deletions

ECT 455/HCI 513 Susy Chan Ph.D.


Slide18 l.jpg

Security Considerations:E-commerce v.s. Paper-based Commerce

  • Computer-based document do not have such security attributes

    • Computer-based records can be modified freely and without detection

    • Certain supplemental control mechanisms must be applied to achieve a level of trustworthiness comparable to that on paper

  • Paper-based and computer-based documents may not perform equal or exactly analogous function in business and law

    • Ex. negotiable document of title

ECT 455/HCI 513 Susy Chan Ph.D.


Security issues in e commerce l.jpg
Security Issues in E-Commerce

  • User Authentication, User Authorization and Network Security

    • Password protection, encrypted data transmission

    • Firewalls

  • Data & Transaction Security

    • Encryption: Private Key vs. Public Key

  • Privacy

  • Payment Systems

ECT 455/HCI 513 Susy Chan Ph.D.


Introduction to secure ecommerce l.jpg
Introduction to Secure Ecommerce

  • What is Security?

  • What are we securing in ecommerce?

    • Security is heterogeneous concept in general.

    • All security, including e-commerce, deals with these 2 KEY concepts:

      • Risk

      • Trust

    • Business risk management

      • Risk analysis

      • Risk mitigation

      • Risk transfer

ECT 455/HCI 513 Susy Chan Ph.D.


Security risks to e commerce l.jpg
Security Risks to E-commerce

  • 2004 CSI/FBI Computer Crime and Security Survey

  • Direct financial loss resulting from fraud

    • Payment account abuse

    • Transfer funds without authorization

    • Destroy or hide financial records

    • Customer impersonation

  • Exposure of confidential information

    • False or malicious websites

    • Customer Data Exposures

      • Ex. H&R block erroneously import customers' data into others' tax returns (February 2000)

    • Data theft

ECT 455/HCI 513 Susy Chan Ph.D.


Security risks to e commerce22 l.jpg
Security Risks to E-commerce

  • Damage to relations with customer or business partners

    • An organization that suffers a security-related attack or failure may not publicize it

  • Unforeseen cost

    • Legal, public relations, or business resumption cost

      • Recovering from a security compromise

  • Public relations damage

    • Masquerading

    • Manipulation of web content

    • Malicious rumor

  • Uptake failure due to lack of confidence

Security is an essential ingredient of any e-commerce solution

ECT 455/HCI 513 Susy Chan Ph.D.


Internet security l.jpg
Internet security

  • Consumers entering highly confidential information

  • Number of security attacks increasing

  • Four requirements of a secure transaction

    • Privacy– information not read by third party

    • Integrity– information not compromised or altered

    • Authentication– sender and receiver prove identities

    • Non-repudiation– legally prove message was sent and received

  • Availability

    • Computer systems continually accessible

ECT 455/HCI 513 Susy Chan Ph.D.


Security attacks l.jpg

Info source

Info destination

Security Attacks

  • Any actions that compromises the security of information systems

    • Normal flow

    • Interruption: attack on availability

Info source

Info destination

ECT 455/HCI 513 Susy Chan Ph.D.


Security attacks continued l.jpg
Security Attacks (continued)

Info source

Info destination

Interception:

Attack on confidentiality

Modification:

Attack on Integrity

Info source

Info destination

Fabrication:

Attack on authenticity

Info source

Info destination

ECT 455/HCI 513 Susy Chan Ph.D.


Passive and active attacks l.jpg
Passive and Active Attacks

  • Passive attacks: eavesdropping on, or monitoring of, information transmission

    • Release of message contents

    • Traffic analysis

  • Active Attacks: modification or creation of false information

    • Masquerade: one entity pretends to be a different entity

      • Ex. Session Hijacking: taking over an existing active session. It can bypass the authentication process and gain access to a machine

ECT 455/HCI 513 Susy Chan Ph.D.


Passive and active attacks continued l.jpg
Passive and Active Attacks (continued)

  • Replay: passive capture of a data, retransmission to produce an unauthorized effect

  • Modification of message: some portion of a legitimate message is altered, or that message are delayed or reordered, to produce an unauthorized effect

  • Denial of service (DoS): prevents or inhibits the normal use or management of communication facilities

    • SYN flooding

    • Winnuke (Perl code of Winnuke)

  • Unfortunately, there are NO security mechanisms to counter DoS

ECT 455/HCI 513 Susy Chan Ph.D.


Key solutions to secure ecommerce issues l.jpg
Key Solutions to Secure Ecommerce Issues

  • Firewalls

  • Encryption

  • Digital signatures and certificates

  • Payment Systems

ECT 455/HCI 513 Susy Chan Ph.D.


Model for ecommerce network security l.jpg
Model for Ecommerce Network Security

ECT 455/HCI 513 Susy Chan Ph.D.


Firewalls l.jpg
Firewalls

  • A filter between a corporate network and the Internet that keeps the corporate network secure from intruders, but allows authenticated corporate users uninhibited access to the Internet

  • An access policy, more than hardware and software

ECT 455/HCI 513 Susy Chan Ph.D.


Types and functions of firewalls l.jpg
Types and Functions of Firewalls

  • Proxy Application Gateways

    • An application gateway (proxy service), caching documents (Dual-homed vs. Screened-host gateway)

  • Simple Traffic Logging Systems

    • Predominant methods; record traffic flows

  • IP Packet Screening Routers

    • Filtering or blocking info packets based on screening rules

ECT 455/HCI 513 Susy Chan Ph.D.


Dual home gateway bastion host gateway l.jpg
Dual Home Gateway: Bastion Host Gateway

Bastion Gateway

Internet

Local

Network

Proxies:

Ftp, Http,…

ECT 455/HCI 513 Susy Chan Ph.D.


Screen host gateway screened subnet gateway l.jpg
Screen-host Gateway: Screened subnet gateway

Bastion

Gateway

Web server

Internet

Local

Network

Router

Router

Ftp server

Proxies:

Ftp, Http,…

ECT 455/HCI 513 Susy Chan Ph.D.


Private key cryptography l.jpg
Private Key Cryptography

  • Secret-key cryptography

    • Same key to encrypt and decrypt message

    • Sender sends message and key to receiver

  • Problems with secret-key cryptography

    • Key must be transmitted to receiver

    • Different key for every receiver

    • Key distribution centers used to reduce these problems

      • Generates session key and sends it to sender and receiver encrypted with the unique key

  • Encryption algorithms

    • Dunn Encryption Standard (DES), Triple DES, Advanced Encryption Standard (AES)

ECT 455/HCI 513 Susy Chan Ph.D.


Slide35 l.jpg

Private (Secret)-key Cryptography

  • Encrypting and decrypting a message using a symmetric key

ECT 455/HCI 513 Susy Chan Ph.D.


Public key cryptography l.jpg
Public Key Cryptography

  • Public key cryptography

    • Asymmetric– two inversely related keys

      • Private key

      • Public key

    • If public key encrypts only private can decrypt and vice versa

    • Each party has both a public and a private key

    • Either the public key or the private key can be used to encrypt a message

    • Encrypted with public key and private key

      • Proves identity while maintaining security

  • RSA public key algorithm www.rsasecurity.com

ECT 455/HCI 513 Susy Chan Ph.D.


Slide37 l.jpg

Public Key Encryption and Decryption

ECT 455/HCI 513 Susy Chan Ph.D.


Encryption transaction security secret vs public key encryption l.jpg

Secret-Key Encryption (single key)

Symmetric encryption, DES

Use a shared secret key for encryption and decryption

Key distribution & disclosure

fast, for bulk data encryption

Public-Key Encryption (Pair of keys)

Asymmetric encryption, RSA (Rivest, Shamin, Adlemann)

Private/Public keys

Need digital certificates and trusted 3rd parties

Slower

For less demanding applications

Encryption & Transaction SecuritySecret vs. Public Key Encryption

ECT 455/HCI 513 Susy Chan Ph.D.


The digital envelope the best of both worlds l.jpg
The Digital Envelope: “The Best of Both Worlds”:

Public Key Encryption

Public Key

of Recipient

Private Key

of Recipient

Session Key

Session Key

Digital Envelope

Session Key

Session Key

Private Key Encryption

Original

Text

Cipher Text

Original

Text

Recipient

Sender

ECT 455/HCI 513 Susy Chan Ph.D.


Digital signatures l.jpg
Digital Signatures

  • Digital signature

    • Authenticates sender’s identity

    • Run plaintext through hash function

      • Gives message a mathematical value called hash value

      • Hash value also known as message digest

    • Collision

      • Occurs when multiple messages have same hash value

    • Encrypt message digest with private-key

    • Send signature, encrypted message (with public-key) and hash function

  • Timestamping

    • Binds a time and date to message, solves non-repudiation

    • Third party, time-stamping agency, timestamps messages

ECT 455/HCI 513 Susy Chan Ph.D.




Digital certificate l.jpg
Digital Certificate

  • A certificate is an electronic document used to identify an individual, a server, a company, or some other entity and to associate that identity with a public key.

  • Public-key cryptography uses certificates to address the problem of impersonation

  • Certificate authorities (CAs) are entities that validate identities and issue certificates. They can be either independent third parties or organizations running their own certificate-issuing server software

ECT 455/HCI 513 Susy Chan Ph.D.


What is a certificate authority l.jpg
What is a Certificate Authority?

  • Trusted third party

  • Issues and manages certificates

  • Specific trust domains

    • Describes relationships between parties

    • Predefines policies and expectations

    • Certificates validate memberships in domain

  • Subscribers agree/depend on practices

  • Acts as a arbiter of trust in a digital relationship

ECT 455/HCI 513 Susy Chan Ph.D.


Digital certificate45 l.jpg
Digital Certificate

  • A digital certificate includes:

    • the public key

    • the name of the entity it identifies

    • an expiration date

    • the name of the CA that issued the certificate

    • a serial number, and other information. Most importantly, a certificate always includes the digital signature of the issuing CA.

  • The CA's digital signature allows the certificate to function as a "letter of introduction" for users who know and trust the CA but don't know the entity identified by the certificate.

ECT 455/HCI 513 Susy Chan Ph.D.


Slide46 l.jpg

What is a Digital Certificate?

  • Cryptographically encoded binary file

  • Binds public key to individual

  • Notarized by trusted third party

  • Used to verify digital signature of owner

  • Used to safely encrypt messages for owner

“Digital ID”

ECT 455/HCI 513 Susy Chan Ph.D.


An illustrative certificate l.jpg
An Illustrative Certificate

Name: “Richard”

Key-Exchange Key:

Signature Key:

Serial #: 34569044

Other Data: 469222-002

Expires: 6/19/02

Signed: CA’s signature

ECT 455/HCI 513 Susy Chan Ph.D.


Slide48 l.jpg

Role of Digital Certificates

ECT 455/HCI 513 Susy Chan Ph.D.


Digital certificate process description l.jpg
Digital Certificate Process Description

  • CA (Certificate Authority)

  • Creates certificate with applicant’s public key

  • Uses its private key to encrypt the certificate

  • Sends signed certificate to applicant

Wants to send message and asks for signed certificate.

Sends certificate to sender.

Sender

Recipient (applicant)

  • Sender

  • Uses public key of CA to decrypt certificate (this ensures the sender

  • the true identity of the recipient)

  • After decrypting the CA certificate, the sender uses the embedded

  • public key of recipient to encrypt message

ECT 455/HCI 513 Susy Chan Ph.D.


Public key infrastructure certificates and certification authorities l.jpg
Public Key Infrastructure, Certificates and Certification Authorities

Public Key Infrastructure (PKI)

Integrates public key cryptography with digital certificates and certification authorities

Digital certificate

Digital document issued by certification authority

Includes name of subject, subject’s public key, serial number, expiration date and signature of trusted third party

Verisign (www.verisign.com)

Leading certificate authority

Periodically changing key pairs helps security

ECT 455/HCI 513 Susy Chan Ph.D.


Digital signatures certificates l.jpg

Digital Signatures Authorities

Public key encryption

Used for sender authentication

Digital Certificates

Use 3rd party certificate authority (CA) to authenticate the ownership of key

Increased trust

Digital Signatures & Certificates

ECT 455/HCI 513 Susy Chan Ph.D.


Client authentication l.jpg
Client Authentication Authorities

  • Password-Based Authentication.

    • A server might require a user to type a name and password before granting access to the server.

    • The server maintains a list of names and passwords; if a particular name is on the list, and if the user types the correct password, the server grants access.

  • Certificate-Based Authentication.

    • Client authentication based on certificates is part of the SSL protocol.

    • The client digitally signs a randomly generated piece of data and sends both the certificate and the signed data across the network.

    • The server uses techniques of public-key cryptography to validate the signature and confirm the validity of the certificate

ECT 455/HCI 513 Susy Chan Ph.D.


Client authentication53 l.jpg
Client Authentication Authorities

  • Password-Based Authentication.

    • A server might require a user to type a name and password before granting access to the server.

    • The server maintains a list of names and passwords; if a particular name is on the list, and if the user types the correct password, the server grants access.

  • Certificate-Based Authentication.

    • Client authentication based on certificates is part of the SSL protocol.

    • The client digitally signs a randomly generated piece of data and sends both the certificate and the signed data across the network.

    • The server uses techniques of public-key cryptography to validate the signature and confirm the validity of the certificate

ECT 455/HCI 513 Susy Chan Ph.D.


Slide54 l.jpg

Using a password to authenticate a client to a server Authorities

ECT 455/HCI 513 Susy Chan Ph.D.


Slide55 l.jpg

Using a certificate to authenticate a client to a server Authorities

ECT 455/HCI 513 Susy Chan Ph.D.


Set secure electronic transaction l.jpg
SET Secure Electronic Transaction Authorities

  • A collection of encryption and security specification used as an industry-wide, open standard for ensuring secure payment transaction over the Internet

  • A method for interoperability of secure transactions software over multiple, popular hardware platforms and operating systems

  • Developed by Visa and MasterCard, with GTE, IBM, Microsoft, Netscape, SAIC, Terisa Systems and Verisign.

  • Based on encryption technology from RSA Data Security.

ECT 455/HCI 513 Susy Chan Ph.D.


Set secure electronic transaction57 l.jpg
SET Secure Electronic Transaction Authorities

  • Use digital certificates to authenticate all the parties involved in a transaction

  • SET-compliant software validates both merchant and cardholder before exchange of information

  • Employs public-key encryption and digital signature

  • Complete documentation in visa.com

ECT 455/HCI 513 Susy Chan Ph.D.


Set transaction flow l.jpg
SET Transaction Flow Authorities

  • The customer interacts with the merchant Web site to select goods for purchase.

  • The merchant sends an order description that wakes up the customer SET wallet.

  • The customer checks the order and transmit a payment request back to the merchant’s SET module.

  • The merchant sends the payment request to the payment gateway.

  • The payment gateway validates the merchant and the customer and obtains an authorization from the customer’s issuing bank through an interchange network.

  • The payment gateway sends an order capture token back to the merchant.

  • The merchant sends a receipt to the customer wallet.

  • The merchant uses the order capture token to settle the transaction.

ECT 455/HCI 513 Susy Chan Ph.D.


Advantages of set over channel encryption l.jpg
Advantages of SET Over Channel Encryption Authorities

  • Participants are authenticated via certificates

  • Financial institutions provide assurance, not software

  • SET allows a wallet to clearly distinguish a payment from other uses of web forms

  • SET prevents terminated merchants from obtaining account information (three party transaction)

ECT 455/HCI 513 Susy Chan Ph.D.


3d secure l.jpg
3D Secure Authorities

  • Developed by card associations to replace SET.

  • Does not require client software.

  • Reduce the requirement s placed on the merchant.

ECT 455/HCI 513 Susy Chan Ph.D.


Secure sockets layer ssl l.jpg
Secure Sockets Layer (SSL) Authorities

  • A transport-level technology for authentication and data encryption between a Web server and a Web browser.

  • SSL negotiates point-to-point security between a client and a server.

  • SSL secures the routes of Internet communication, but it does not protect you from unscrupulous or careless people.

    • Source: www.Netscape.com

  • Use Public Key

  • Do not protect private information.

ECT 455/HCI 513 Susy Chan Ph.D.


Secure sockets layer ssl62 l.jpg
Secure Sockets layer (SSL) Authorities

  • SSL

    • Uses public-key technology and digital certificates to authenticate the server in a transaction

    • Protects information as it travels over Internet

      • Does not protect once stored on receivers server

    • Peripheral component interconnect (PCI) cards

      • Installed on servers to secure data for an SSL transaction

ECT 455/HCI 513 Susy Chan Ph.D.


Set versus ssl l.jpg
SET versus SSL Authorities

SET

Three party protocol

Application protocol

Trust requirement: All participants have been authenticated for a specific role in payment card transaction processing

SSL

Two party protocol

TCP/IP Communication protocol

Trust requirement: communicating with a trustable server

ECT 455/HCI 513 Susy Chan Ph.D.


ad