Electronic Commerce Systems:Security, Assurance, and Trust.

By -

Security, Assurance, and Trust

Trust is the catalyst for sustaining electronic commerce. Both consumers and businesses are drawn to organizations that are perceived to have integrity. Organizations must convey a sense that they are competent and conduct business fairly with their customers, trading partners, and employees. This is a two- pronged problem. First, the company must implement the technological infrastructure and controls needed to provide for adequate security. Second, the company must assure potential customers and trading partners that adequate safeguards are in place and working. A large part of data security involves data encryption, digital authentication, and firewalls. These security techniques are outlined in the following section, but are presented in more detail in Chapter 16. This section concludes with a review of seals of assurance techniques that promote trust in electronic commerce.

ENCRYPTION

Encryption is the conversion of data into a secret code for storage in databases and transmission over net- works. The sender uses an encryption algorithm to convert the original message (called cleartext) into a coded equivalent (called ciphertext). At the receiving end, the ciphertext is decoded (decrypted) back into cleartext.

The earliest encryption method is called the Caesar cipher, which Julius Caesar is said to have used to send coded messages to his generals in the field. Like modern-day encryption, the Caesar cipher has two fundamental components: a key and an algorithm.

The key is a mathematical value that the sender selects. The algorithm is the procedure of shifting each letter in the cleartext message the number of positions that the key value indicates. Thus, a key value of รพ3 would shift each letter three places to the right. For example, the letter A in cleartext would be rep- resented as the letter D in the ciphertext message. The receiver of the ciphertext message reverses the process to decode it and recreates the cleartext, in this case shifting each ciphertext letter three places to the left. Obviously, both the sender and receiver of the message must know the key.

Modern-day encryption algorithms, however, are far more complex, and encryption keys may be up to 128 bits in length. The more bits in the key, the stronger the encryption method. Today, nothing less than 128-bit algorithms are considered truly secure. Two commonly used methods of encryption are private key and public key encryption.

Advanced encryption standard (AES), also known as Rijndael, is a private key (or symmetric key) encryption technique. The U.S. government has adopted it as an encryption standard. To encode a message, the sender provides the encryption algorithm with the key, which produces the ciphertext message. This is transmitted to the receiver’s location, where it is decoded using the same key to produce a clear- text message. Because the same key is used for coding and decoding, control over the key becomes an important security issue. The more individuals that need to exchange encrypted data, the greater the chance that the key will become known to an intruder who could intercept a message and read it, change it, delay it, or destroy it.

To overcome this problem, public key encryption was devised. This approach uses two different keys: one for encoding messages and the other for decoding them. The recipient has a private key used for decoding that is kept secret. The encoding key is public and published for everyone to use. This approach is illustrated in Figure 12-5.

Receivers never need to share private keys with senders, which reduces the likelihood that they fall into the hands of an intruder. One of the most trusted public key encryption methods is Rivest-Shamir Adleman (RSA). This method is, however, computationally intensive and much slower than private key encryption. Sometimes, both private key and public key encryption are used together in what is called a digital envelope.

DIGITAL AUTHENTICATION

Encryption alone cannot resolve all security concerns. For example, how does the supplier (receiver) know for sure that a hacker did not intercept and alter a customer’s (sender) purchase order (message) for 1,000 units of product to read 100,000? If such an alteration went undetected, the supplier would incur the labor, material, manufacturing, and distribution costs for the order. Litigation between the innocent parties may ensue.

A digital signature is an electronic authentication technique that ensures the transmitted message originated with the authorized sender and that it was not tampered with after the signature was applied. The digital signature is derived from a mathematically computed digest of the document that has been encrypted with the sender’s private key. Both the digital signature and the text message are encrypted using the receiver’s public key and transmitted to the receiver. At the receiving end, the message is decrypted using the receiver’s private key to produce the digital signature (encrypted digest) and the cleartext version of the message. Finally, the receiver uses the sender’s public key to decrypt the digital signal to produce the digest. The receiver recalculates the digest from the cleartext using the original hashing algorithm and compares this to the transmitted digest. If the message is authentic, the two digest values will match. If even a single character of the message was changed in transmission, the digest figures will not be equal.

Another concern facing the receiver is determining if the expected sender actually initiated a message.

For example, suppose that the supplier receives a purchase order addressed from Customer A for 100,000 units of product, which was actually sent from an unknown computer criminal. Once again, significant costs would accrue to the supplier if it acts on this fraudulent order.

A digital certificate is like an electronic identification card that is used in conjunction with a public key encryption system to verify the authenticity of the message sender. Trusted third parties known as certification authorities (CAs) (for example, Veri-Sign, Inc.) issue digital certificates, also called digital IDs. The digital certificate is actually the sender’s public key that the CA has digitally signed. The digital certificate is transmitted with the encrypted message to authenticate the sender. The receiver uses the CA’s public key to decrypt the sender’s public key, which is attached to the message, and then uses the sender’s public key to decrypt the actual message.

Because public key encryption is central to digital authentication, public key management becomes an important internal control issue. Public key infrastructure (PKI) constitutes the policies and procedures for administering this activity. A PKI system consists of:

1. A certification authority that issues and revokes digital certificates.

2. A registration authority that verifies the identity of certificate applicants. The process varies depending on the level of certification desired. It involves establishing one’s identity with formal documents such as a driver’s license, notarization, fingerprints, and proving one’s ownership of the public key.

3. A certification repository, which is a publicly accessible database that contains current information about current certificates and a certification revocation list of certificates that have been revoked and the reasons for revocation.

Electronic Commerce Systems-0008

FIREWALLS

A firewall is a system used to insulate an organization’s intranet from the Internet. It can be used to authenticate an outside user of the network, verify his or her level of access authority, and then direct the user to the program, data, or service requested. In addition to insulating the organization’s network from external networks, firewalls can also be used to protect LANs from unauthorized internal access.

A common configuration employs two firewalls: a network-level firewall and an application-level fire- wall. The network-level firewall provides basic screening of low-security messages (for example, e-mail) and routes them to their destinations based on the source and destination addresses attached. The application-level firewall provides high-level network security. These firewalls are configured to run security applications called proxies that perform sophisticated functions such as verifying user authentication.

SEALS OF ASSURANCE

In response to consumer demand for evidence that a Web-based business is trustworthy, a number of trusted third-party organizations are offering seals of assurance that businesses can display on their Web site home pages. To legitimately bear the seal, the company must show that it complies with certain busi- ness practices, capabilities, and controls. This section reviews six seal-granting organizations: Better Business Bureau (BBB), TRUSTe, Veri-Sign, Inc., International Computer Security Association (ICSA), AICPA/CICA WebTrust, and AICPA/CICA SysTrust.

Better Business Bureau

The BBB is a nonprofit organization that has been promoting ethical business practices through self-regu- lation since 1912. The BBB has extended its mission to the Internet through a wholly owned subsidiary called BBBOnline, Inc. To qualify for the BBBOnline seal, an organization must:

• Become a member of the BBB.

• Provide information about the company’s ownership, management, address, and phone number. This is verified by a physical visit to the company’s premises.

• Be in business for at least 1 year.

• Promptly respond to customer complaints.

• Agree to binding arbitration for unresolved disputes with customers.

The assurance BBBOnline provides relates primarily to concern about business policies, ethical advertising, and consumer privacy. BBBOnline does not verify controls over transaction processing integrity and data security issues.

TRUSTe

Founded in 1996, TRUSTe is a nonprofit organization dedicated to improving consumer privacy practices among Internet businesses and Web sites. To qualify for the TRUSTe seal, the organization must:

• Agree to follow TRUSTe privacy policies and disclosure standards.

• Post a privacy statement on the Web site disclosing the type of information being collected, the purpose for collecting information, and with whom it is shared.

• Promptly respond to customer complaints.

• Agree to site compliance reviews by TRUSTe or an independent third party.

TRUSTe addresses consumer privacy concerns exclusively and provides a mechanism for posting con- sumer complaints against its members. If a member organization is found to be out of compliance with TRUSTe standards, its right to display the trust seal may be revoked.

Veri-Sign, Inc.

Veri-Sign, Inc., was established as a for-profit organization in 1995. It provides assurance regarding the security of transmitted data. The organization does not verify security of stored data or address concerns related to business policies, business processes, or privacy. Its mission is to provide digital certificate solutions that enable trusted commerce and communications. Their products allow customers to transmit encrypted data and verify the source and destination of transmissions. Veri-Sign, Inc., issues three classes of certificates to individuals, businesses, and organizations. To qualify for class three certification, the individual, business, or organization must provide a third-party confirmation of name, address, telephone number, and Web site domain name.

International Computer Security Association

The ICSA established its Web certification program in 1996. ICSA certification addresses data security and privacy concerns. It does not deal with concerns about business policy and business processes. Organizations that qualify to display the ICSA seal have undergone an extensive review of firewall security from outside hackers. Organizations must be recertified annually and undergo at least two surprise checks each year.

AICPA/CICA WebTrust

The AICPA and CICA established the WebTrust program in 1997. To display the AICPA/CICA Web- Trust seal, the organization undergoes an examination according to the AICPA’s Standards for Attestation Engagements, No. 1, by a specially Web-certified CPA or CA. The examination focuses on the areas of business practices (policies), transaction integrity (business process), and information protection (data security). The seal must be renewed every 90 days.

AICPA/CICA SysTrust

In July 1999, the AICPA/CICA introduced an exposure draft describing a new assurance service called SysTrust. It is designed to increase management, customer, and trading partner confidence in systems that sup- port entire businesses or specific processes. The assurance service involves the public accountant evaluating the system’s reliability against four essential criteria: availability, security, integrity, and maintainability.

The potential users of SysTrust are trading partners, creditors, shareholders, and others who rely on the integrity and capability of the system. For example, Virtual Company is considering outsourcing some of its vital functions to third-party organizations. Virtual needs assurance that the third parties’ sys- tems are reliable and adequate to provide the contracted services. As part of the outsourcing contract, Virtual requires the servicing organizations to produce a clean Sys Trust report every 3 months.

In theory, the Sys Trust service will enable organizations to differentiate themselves from their competitors. Those organizations that undergo a Sys Trust engagement will be perceived as competent service providers and trustworthy. They will be more attuned to the risks in their environment and equipped with the necessary controls to deal with the risks.8

Comments

Post a Comment

Popular posts from this blog

The Conversion Cycle:The Traditional Manufacturing Environment

By -
Image
The Traditional Manufacturing Environment The conversion cycle consists of both physical and information activities related to manufacturing products for sale. The context-level data flow diagram (DFD) in Figure 7-1 illustrates the central role of the conversion cycle and its interactions with other business cycles. Production is triggered by customer orders from the revenue cycle and/or by sales forecasts from marketing. These inputs are used to set a production target and prepare a production plan, which drives production activities. Purchase requisitions for the raw materials needed to meet production objectives are sent to the purchases procedures (expenditure cycle), which prepares purchase orders for vendors. Labor used in production is transmitted to the payroll system (expenditure cycle) for payroll processing. Manufacturing costs associated with intermediate work-in-process and finished goods (FG) are sent to the general ledger (GL) and financial reporting system. Dependin
Read more

The Revenue Cycle:Manual Systems

By -
Image
Manual Systems The purpose of this section is to support the system concepts presented in the previous section with models depicting people, organizational units, and physical documents and files. This section should help you envision the segregation of duties and independent verifications, which are essential to effective internal control regardless of the technology in place. In addition, we highlight inefficiencies intrinsic to manual systems, which gave rise to modern systems using improved technologies. SALES ORDER PROCESSING The system flowchart in Figure 4-12 shows the procedures and the documents typical to a manual sales order system. In manual systems, maintaining physical files of source documents is critical to the audit trail. As we walk through the flowchart, notice that in each department, after completion of the assigned task, one or more documents are filed as evidence that the task was completed. Sales Department The sales process begins with a customer cont
Read more

HIPO (hierarchy plus input-process-output)

By -
Image
HIPO (hierarchy plus input-process-output) 64.1 Purpose The HIPO (Hierarchy plus Input-Process-Output) technique is a tool for planning and/or documenting a computer program. A HIPO model consists of a hierarchy chart that graphically represents the program’s control structure and a set of IPO (Input-Process-Output) charts that describe the inputs to, the outputs from, and the functions (or processes) performed by each module on the hierarchy chart. 64.2 Strengths, weaknesses, and limitations Using the HIPO technique, designers can evaluate and refine a program’s design, and correct flaws prior to implementation. Given the graphic nature of HIPO, users and managers can easily follow a program’s structure. The hierarchy chart serves as a useful planning and visualization document for managing the program development process. The IPO charts define for the programmer each module’s inputs, outputs, and algorithms. In theory, HIPO provides valuable long-term documentation. However
Read more