Академический Документы
Профессиональный Документы
Культура Документы
Rather than a written signature that can be used by an individual to authenticate the
identity of the sender of a message or of the signer of a document; a digital signature is
an electronic one. E-check technology also allows digital signatures to be applied to
document blocks, rather than to the entire document. This lets part of a document to be
separated from the original, without compromising the integrity of the digital signature.
This technology would also be very useful for business contracts and other legal
documents transferred over the Web. A digital signature includes any type of electronic
message encrypted with a private key that is able to identify the origin of the message.
The followings are some functions of digital signature.
The authentication function: The term digital signature in general is relevant to the
practice of adding a string of characters to an electronic message that serves to identify
the sender or the originator of a message.
The seal function: Some digital signature techniques also serve to provide a check
against any alteration of the text of the message after the digital signature was appended.
The integrity function: This function is of great interest in cases where legal
documents are created using such digital signatures.
The privacy function: Privacy and confidentiality are of significant concerns in many
instances where the sender wishes to keep the contents of the message private from all
hut the intended recipient
The simplest method of doing direct business online on Internet is to set up a secure
world wide web server then create content pages and program forms to take orders.
A secure web server must by definition support some type of security protocol. The two
most important are secure hypertext transfer protocol (S-HTTP) and secure sockets
layer (SSL), which was initially developed by Netscape and offered to the Internet
community as a proposed standard in 1995. However, one of their primary advantages
is their relative unobtrusiveness to the consumer using an SSL or S-HTTP enabled
browser.
The consumer browses through graphical and textual descriptions of the merchants
products selects a purchase and usually clicks on a button that says buy now to make
a purchase. If consumer is using a secure browser supported by secure server, that
button will produce a form on consumers screen which the consumer must complete.
Delivery and payment information has been provided the product will be delivered. If
the customer is using a browser that is not secure or that uses a protocol not supported
by the server, then some other method must be employed to consummate the
transaction. Delivery information represents name, address, delivery address, email
address and any other information necessary to deliver the product.
If product is a physical item, then a physical destination, preferred shipper and telephone
number may be necessary.If product is a digital item, then it may be transmitted directly
to consumer via the browser by e-mail or through some other application such as file
transfer.
- First the merchant needs to publish product offerings on Internet with secure server.
Servers are available that support SSL, S-HTTP and both. Because the Internet is an
open network based strictly on proper and widespread implementation of standards, it
doesnt make sense for merchants to limit their potential customers by using only one
standard.
The merchant must go beyond merely setting up the server. As with mail orders there
must be a mechanism for processing the information contained on an order form. Most
often the merchant will use interfaces of some type to automate transactions. Companies
selling physical products over Internet use email confirmations and shipping notices to
keep customers up to date on status of orders and all merchants can use network
applications to notify their internal organization of orders.
Required facilities
The merchant must understand that purchasing products over Internet requires a
significant investment in software, hardware and services. The majority of Internet
merchants will be unlikely to set up their own secure servers, because doing so can be
complicated for the Internet novice, and also because there are so many companies now
offering such services. However, merchants who are aware of what their options are can
be smarter consumers of these services, and customers who are aware of how their
online orders are processed can be smarter online consumers.
Hardware
Any computer that can run an implementation of TCP/IP and that can be connected to
Internet can be a www server. The system should have more processing power, should
have sufficient hard disk to store all information fast, Internet connection to support
maximum expected load, security features to protect system from unauthorized access.
Some organizations using Internet may prefer to simply get a server and an Internet
connection and leave their internal networks out of the loop. Some kind of firewalls is
necessary to protect their network from intruders.
Software
TCP/IP implementation is necessary for web server. This may be built in to the
operating system, or it may be a part of web server package. System administrators
make sure that there is no other software on Internet servers. This guarantees that if an
intruder should compromise that system, no network is available to intruder for further
mischief. This is the software that responds to requests from browsers on the Internet
and sends out the desired information. Security should be a part of the operating system.
Services
The raw materials are relatively cheap, but the knowledge of how to put it all together
is expensive. And there are quite a handful of different things that need to get done to
set up a server.
Some Internet service providers will also manage your link and your server hardware.
This should mean they will keep the systems up and running and manage access to and
from those systems. This often includes security and firewall services.
Creating and managing web server content is critical and is a task often formed out to
consultants. While this approach may be effective for getting a web site online quickly,
maintaining and updating content must be an ongoing task.
Transactions using credit cards must be settled. Most people will be familiar with the
swipe machines used in stores where credit cards are accepted.
Electronic malls
Setting up a web site for buying and selling can be complicated and expensive, it is not
for everyone. However some companies have been setting up electronic or vital or
online malls. The shopping mall is a familiar and comfortable model for consumers and
merchants and it is relatively straightforward to simulate using the World Wide Web.
Mall operators allow individual merchants to rent space on the mall. The financial
arrangements may vary but include some monthly charge, charge for storage space
required and charge for each transaction. As part of the ability to sell products
electronically, the online commercial environment should provide at least some of the
following abilities:
Digital checking can also take advantage of same technique, in much the same
way that debit cards are used the same way as credit cards-consumers present the
card to the merchant who must get an authorization for purchase. The charges
are paid immediately out of consumers checking account, rather than at the end
of monthly billing cycle.
A different approach is used for actual digital currencies as opposed to payment
systems. Usually anyone can participate by opening an account with a financial
institution offering digital currency service. Client software is used to withdraw
money from account, check on balances and maintain a digital wallet that holds
the value on participants computer. Cash exchanges between a user and the bank
use same types of cryptographic technologies. Digital signatures guarantee cash
transfers and transactions may be encrypted.
The message decrypted in this manner can be decrypted with the receivers
private key. The most popular algorithm with public key cryptography is the
RSA (Rivest, Shamir, Adelman) with various keys sizes like 1024 bits.
This algorithm is never been broken by the hackers hence this is considered as
the safest algorithm.
Authentication begins when a client requests a connection to an SSL server. The client
sends its public key to the server, which in turn generates a random message and sends
it back to the client. Then, the client uses its private key to encrypt the message from
the server and sends it back. All the server has to do at this point is decrypt the message
using the public key and compare it to the original message sent to the client. If the
messages match, then the server knows that it is from the client communicating with
the intended client.
4. Activate SSL on a security folder or directory. It is not a good idea to activate SSL
on all the directories because the encryption overhead created by SSL decreases system
performance.
Advantages of SSL : Some of the advantages of SSL contain the following:
Access Limit: Permits controlled access to servers, directories, files, and services.