3. E- Transactions
• E-Transactions are any form of data transaction,
including financial and knowledge management.
This is a broad category that may include
applications, without limitation, for example: e-
billing, e-funds transfer, e-settlements, e-
payments, e-inventory management, e-enquiry and
response systems, e-identification management
and security services, e-monitoring and control
systems, and e-sourcing.
4. • A transactional unit of work is one in
which the following four fundamental
transactional properties are
satisfied: atomicity, consistency,
isolation, and durability (ACID).
These are discussed as below:
• Atomicity
• Consistency
• Isolation
• Durability
5. Transaction processing
• In computer science, transaction
processing is information processing that
is divided into individual, indivisible
operations, called transactions. Each
transaction must succeed or fail as a
complete unit; it cannot remain in an
intermediate state. Transaction
mandatorily requires acknowledgment to
get received as a necessary feedback for
accomplishment.
6. Basic principles of all
transaction-processing
systems
• Rollback Transaction
• Rollforward
• Deadlocks
• Compensating transaction
7. Transaction processing
has these benefits:
• It allows sharing of computer resources
among many users.
• It shifts the time of job processing to
when the computing resources are less
busy.
• It avoids idling the computing resources
without minute-by-minute human
interaction and supervision.
9. Secure Online Transaction
Models
• This module looks the models that can be
employed for secure online transactions.
An organization may outsource or contract
with a third-party organizations like
electronic mail operators, Internet
Service Providers (ISP), etc to manage
servers, e-mail orders, website, etc; or
may use secure online transactions models
themselves
10. Secure Online Transaction
Models
• This module looks the models that can be
employed for secure online transactions.
An organization may outsource or contract
with a third-party organizations like
electronic mail operators, Internet
Service Providers (ISP), etc to manage
servers, e-mail orders, website, etc; or
may use secure online transactions models
themselves.
11. Steps needed for Secure
Online Transaction Models
• Secure Web Servers
• Secure Server Purchasing
• Secure Server Selling
• Required Hardware & Software
• Electronic Malls
12. Online Commercial
Environment
• The e-com organizations must provide
online commercial environment for its
clients. They must engineer and implement
a technique through which users can
browse through their products online,
purchase them and get delivered at the
same time in case of digital products.
13. The merchant’s website
should be able to collect
some information about the
customer like:
• Product delivery timings and address
• Transaction settlement
• Account activity reports
• Confirmations
• Order status reports
• Gathering of marketing information
for future needs
14. Digital Currencies &
Payment Systems
Digital currencies & payment systems are
intended to carry value in a protected
digital form over the internet. They are
actually a way of exchanging value for any
product or service.
15. There are basically 2 types
of approaches provided:
• One way is to link the customer payment method (credit
card, checking account, etc) to an online identity that is
managed by the service provider. It is the responsibility of
the third-party to validate the transactions by
authenticating the payee including his payment techniques
(checking credit card authenticity, amount in card, etc).
• Another way is to open an account with a financial
institution offering digital currency service. The client’s
software is used to withdraw money from the account,
check on balances; and maintain the ‘digital wallet’, which
holds the digital value for a customer. The cash is
exchanged by the use of encryption techniques and digital
signatures.
16. Electronic Finds Transfer
(EFT)
• Electronic Finds Transfer (EFT) is
defined as the “transfer of funds initiated
through an electronic terminal like
telephone, computer or magnetic tape so
as to order, instruct, or authorize a
financial institution to debit or credit
account”.
17. The transfer is information-
based & intangible. EFT can be
categorized into three:
• Banking & financial payments: Large scale
or wholesale payments (bank-to-bank
transfer), small scale payments like ATMS,
home banking like bill payments, etc.
• Retailing payments: Credit cards (Visa or
MasterCard), debit cards, charge cards
like American Express.
• Online e-com payments: Token based
payment systems (digicash, e-checks, etc).
18. Offline Secure Processing
Most of the e-com applications use online
payment processing and employ various
cryptographic techniques for securing data
transfer from one end to another.
Cryptography enables real-time transfer
of funds online. However, some developers
and entrepreneurs suggest that the
benefit of securing the data is actually
outweighed by the cost involved in
implementation.
19. The costs involved in encryption implementation
are as follows:
• License fees for patented certification
facilities.
• Creation & distribution of new internet
browsers & servers.
• Maintenance of public key certification
facilities.
• Increased computational overhead for
business transactions.
• Issues in using strong cryptography
outside U.S.A.
20. Private Data Networks
• Internet is an open network where
security is minimal; hence a lot of
bigger companies are afraid of using
internet for mission-critical business
operations. However, they still want
to be connected to the global world
to avoid distinction from world
economic map.
21. Requirment of Private Data Networks
A solution for these companies is the use of ‘Private
Data Networks’ to pass the data to & through
internet. Companies like CompuServe, Advantis,
AT&T, BBN Planet, etc have offered private data
networks for companies that are looking for a
large network but do want to build such a large
network. Hence, they just pay for the companies
to use private data network to get connected. The
distribution company will employ all the required
security parameters like firewalls, secure
browsers and e-com web servers for other
organizations and will charge monthly fees of
transaction fees from them
22. Security Protocols
• there are two main security
protocols, HTTPS and SSL for
secure transfer of funds online. I will
describe both one by one. However,
these days there is a new protocol
based on SSL known as Transport
Layer Security (TLS), also developed
by Netscape.
23. Secure Sockets Layer
(SSL):
• SSL comes in two options, simple and mutual. The
mutual version is more secure, but requires the user to
install a personal certificate in their browser in order
to authenticate them. Whatever strategy is used
(simple or mutual), the level of protection strongly
depends on the correctness of the implementation of
the web browser and the server software and the
actual cryptographic algorithms supported.
24. Transport Layer
Security (TLS)
• TLS is cryptographic protocols that provide
communication security over the Internet. TLS
and SSL encrypt the segments of network
connections above the Transport Layer, using
asymmetric cryptography for privacy and a keyed
message authentication code for message
reliability. Several versions of the protocols are
in widespread use in applications such as web
browsing, electronic mail, Internet faxing, instant
messaging and voice-over-IP (VoIP).
25. Applications of TLS
• In applications design, TLS is usually
implemented on top of any of the
Transport Layer protocols,
encapsulating the application-specific
protocols such as HTTP, FTP, SMTP,
NNTP and XMPP
26. Security :TLS has a variety
of security measures:
• Protection against a downgrade of the protocol to
a previous (less secure) version or a weaker cipher
suite.
• Numbering subsequent Application records with a
sequence number and using this sequence number
in the message authentication codes (MACs).
• Using a message digest enhanced with a key (so
only a key-holder can check the MAC).
• The message that ends the handshake
("Finished") sends a hash of all the exchanged
handshake messages seen by both parties.
27. Hypertext Transfer
Protocol Secure (HTTPS)
• HTTPS is a combination of the Hypertext
Transfer Protocol (HTTP) with SSL/TLS
protocol to provide encrypted
communication and secure identification of
a network web server. HTTPS connections
are often used for payment transactions
on the World Wide Web and for sensitive
transactions in corporate information
systems.
28. Main ideas of HTTPS
• The main idea of HTTPS is to create
a secure channel over an insecure
network. This ensures reasonable
protection from eavesdroppers and
man-in-the-middle attacks, provided
that adequate cipher suites are used
and that the server certificate is
verified and trusted.