P1: IML/FFX P2: IML/FFX QC: IML/FFX T1: IML
WL040C-21 WL040/Bidgolio-Vol I WL040-Sample.cls August 13, 2003 17:16 Char Count= 0
272 SECURESOCKETSLAYER(SSL)In addition, the SET protocol supports all features of
a credit card system: cardholder registration, merchant
registration, purchase requests, payment authorizations,
funds transfer (payment capture), chargebacks (refunds),
credits, credit reversals, and debit card transactions. Fur-
ther, SET can manage real-time and batch transactions
and installment payments. In addition, because SET is
used for financial transactions only, it can be exported
and hence can be a global solution for e-commerce. The
details of SET are discussed in another chapter.
In the area of providing a secure channel for messages
there are alternatives to SSL/TLS.
One is IPSec (IP Security), which is a set of open stan-
dards designed by IETF and specified in RFC 2401 (2002).
IPSec provides for end-to-end encryption and authentica-
tion at the IP layer. IPSec is supported in Ipv4 and manda-
tory in Ipv6.
Another alternative to SSL/TLS is SSH (secure shell).
SSH is an application and protocol suite that allows a se-
cure connection to be established between two computers
that are using a public network. The SSH protocol archi-
tecture has three components:Transport Layer Protocol, which provides server authen-
tication, confidentiality, and data integrity
Authentication Protocol, which provides user authen-
tication
Connection Protocol, which provide multiple data chan-
nels in a single encrypted tunnel.These protocols run on top of the TCP layer in the
TCP/IP protocol suite. This is similar to SSL and TLS.GLOSSARY
Asymmetric encryption A cryptographic algorithm
that uses separate but related keys for encryption and
decryption. If one key of the pair is used for encryp-
tion then the other key of the pair must be used for
decryption. This is sometime referred to as a public-
key algorithm.
Authentication The process of verifying that a particu-
lar client or server is who it claims to be.
Block cipher A cipher that encrypts blocks of data of a
fixed size.
Certificate, public key A specified formatted block of
data that contains the name of the owner of a public
key as well as the public key. In addition, the certifi-
cate contains the digital signature of a CA. This digital
signature authenticates the CA.
Certification authority (CA) A trusted entity that signs
public key certificates.
Ciphertext The result of encrypting plaintext.
Confidentiality A condition in which information ex-
changed between a client and server is disclosed only
to those intended to receive it.
Data encryption standard (DES) A widely commer-
cially used block cipher.
Diffie–Hellman (DH) An asymmetric algorithm that
generates a secret shared between a client and server
on the basis of some shared, public and randomly gen-
erated data.Digital signature A data value computed using a pub-
lic key algorithm. A data block is encrypted with the
sender’s private key. This ciphertext is not confidential
but the message cannot be altered without using the
sender’s private key.
Digital signature standard (DSS) A digital signature
algorithm developed by the National Security Agency
(NSA) and endorsed by the National Institute of Stan-
dards and Technology.
Hash function A function that maps a variable-length
message into a value of a specified bit length. This value
is the hash code. There is no known method that will
produce the original message using the hash value of
the message. There is no known way of creating two
different messages that hash to the same value.
Integrity Being able to ensure that data are transmit-
ted from source to destination without unauthorized
modification.
Internet protocol A protocol that allows packets of data
to be sent between hosts in a network or hosts in con-
nected networks.
Message digest #5 (MD5) A one-way hash algorithm.
Nonrepudiation Being able to assure the receiver that
the sender of a message did indeed send that message
even if the sender denies sending the message.
Rivest cipher #2 (RC2) A block cipher sold by RSA data
security. This is a 40-bit key cipher.
Rivest cipher #4 (RC4) A stream cipher used in com-
mercial products
Rivest, Shamir, Adelman (RSA) An asymmetric cipher
(public-key cipher) that can encrypt/decrypt. It is also
used in creating digital signatures.
Secret key A cryptographic key that is used with a sym-
metric algorithm.
Session key A secret key that is used for a limited period
of time. This time period covers the length of time there
is communication between a client and a server.
Symmetric algorithm A cipher that requires one
shared key for both encryption and decryption. This
shared key a is secret key and the strength of the ci-
phertext depends on keeping the shared key secret.
Transmission control protocol (TCP) The Internet
protocol that provides reliable communication be-
tween client and a server.
Triple DES (3DES) A cipher that uses DES three times
with either two or three different DES keys.
X.509 A public-key certificate.CROSS REFERENCES
SeeAuthentication; Client/Server Computing; Digital Sig-
natures and Electronic Signatures; Electronic Payment; En-
cryption; Guidelines for a Comprehensive Security Sys-
tem; Internet Security Standards; Public Key Infrastruc-
ture (PKI); Secure Electronic Transmissions (SET); TCP/IP
Suite.REFERENCES
Boncella, R. J. (2000). Web security for e-commerce.
Communications of the AIS, 4, Article 10. Retrieved
October 1, 2002, from http://cais.isworld.org/