Embed Size (px)
Citation preview
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL1DATE HERE
Julie Grace - NetDox, Inc.
Emerging Internet Commerce
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL2
FINANCIAL SERVICES & THE INTERNET
Internet commerce transactions can benefit companies and customers by providing cost efficiencies in policy origination, claims processing and business development.
• Auto insurance policies are being sold on-line in the UK by Eagle Star• AOL, Yahoo! Financial and InsWeb are providing insurance
information to customers and lead generation information to insurers in the US
• Citicorp chairman John Reed estimates that 80% of the costs associated with customer service can be eliminated with an effective technology strategy (Yahoo! News 4/15/98)
On-line purchases provide a 4% higher profit margin
than other sales mediums.
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL3
EXPERT PROJECTIONS
Made Projected Actual
1997 E-Commerce 1991 $150B $8B
2002 E-Commerce 1997 $327B ?
$500B ?
$1500B ?
Source: Forrester Research, Yankee Group, Cisco, 1997
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL4
INTERNET COMMERCE EXAMPLE
Customer Alice in San Francisco
Broker Bob in Chicago
“Did Bob receive my information?”
“Is anyone reading myinformation while it
travels the Internet?”
“How do I know for certain that Bob is the one who
received my information?”
“Did this information really come from Alice?”
“Can I count on the Internet to deliver my important information on time?”
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL5
TRUST DEFINED
SECURITY
TRUST = RELIABILITY
ACCOUNTABILITY
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL6
SECURITY
“Is anyone reading my information while it travels the Internet?”
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL7
SECURITY
• Avoiding It
• Private Networks
• Virtual Private Networks
• Cryptography• Symmetric Encryption• Asymmetric Encryption
There are a number of ways companies are addressing security concerns for electronic communications:
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL8
Scramble the contents of a message, making it unreadable
Unscramble the contents of an encrypted message, making it readable again
If the key used to scramble and unscramble is the same, it is a symmetric key
INFORMATION
+ = + =
SYMMETRIC KEY
ENCRYPTED INFORMATION
SYMMETRIC KEYS
ENCRYPTED INFORMATION
SYMMETRIC KEY
INFORMATION
Symmetric encryption key is a computer code used to:
SYMMETRIC ENCRYPTION
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL9
Asymmetric keys split the function of a symmetric key into two parts:
INFORMATION
+ = + =
PUBLIC KEY
ENCRYPTED INFORMATION
ENCRYPTED INFORMATION
PRIVATE KEY
INFORMATION
Information encrypted with the private key can only be decrypted with the public key, and vice versa
ASYMMETRIC KEYS
ALICE BOB BENEFIT
Encrypt with Bob’s Public Key
Decrypt withBob’s Private Key
Confidentiality:Only Bob can open
Encrypt withAlice’s Private Key
Decrypt withAlice’s Public Key
Proof of Authorship:Only Alice can send
ASYMMETRIC ENCRYPTION
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL10
SYMMETRIC & ASYMMETRIC COMPARED
Symmetric Encryption Relatively easy-to-use Several security and administration issues...
Need to share the symmetric encryption key with the recipient
• Must use an “out-of-band” method
Anyone who acquires the session key can use it to:• Decrypt the message you sent
Asymmetric Encryption Enhanced security and flexibility Requires longer keys which greatly increases processing time
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL11
SYMMETRIC & ASYMMETRIC COMBINED
Get advantages of both by using them together
INFORMATION
+ =
SYMMETRIC KEY
ENCRYPTED INFORMATION
+
BOB’SASYMMETRIC
PUBLIC KEY
SYMMETRIC KEY
=
ENCRYPTED SYMMETRIC
KEY
ENCRYPTED INFORMATION
INFORMATION
+
SYMMETRIC KEY
=
ENCRYPTED SYMMETRIC
KEY
=+
BOB’SASYMMETRIC
PRIVATEKEY
SYMMETRIC KEY
ALICE BOB
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL12
RELIABILITY
“Can I count on the Internet to deliver my information on time?”
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL13
RELIABILITY
No single entity “owns” the Internet, therefore no one completely controls its reliability.
Companies are addressing the challenge of reliability with:
• Hardware - reliable mail servers, web servers, routers
• Software - reliable email packages, languages
• Connectivity - reliable Internet Service Providers (ISPs)
• Information - status confirmation
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL14
ACCOUNTABILITY
“Did this information really come from Alice?”
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL15
ACCOUNTABILITY
Companies who enable Internet Commerce must be accountable for:
IntegrityThe information has not been altered in transit
IdentityThe sender and recipient are who they claim to be
Non-RepudiationProviding indisputable proof of a transaction after the fact
Financial GuaranteesAssuming liability for information exchanges
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL16
INTEGRITY
A digital hash is a computed number that uniquely represent information If the document changes in the slightest, so does the digital hash
INFORMATION
DIGITAL FINGERPRINT
HASHING FUNCTION
DIGITAL HASH
=
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL17
INTEGRITY
A digital hash ensures information was not altered in transit
INFORMATION
HASHING FUNCTION
ALICE’S DIGITAL HASH
INFORMATION
HASHING FUNCTION
BOB’S DIGITAL HASH
?=
ALICE’S DIGITAL HASH
Alice sends both the message and her hash of the message to Bob
Bob does his own hash of the message and compares it to the hash Alice sent
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL18
IDENTITY
Combine a digital hash with encryption to produce a digital signature which provides proof of authorship
MESSAGE
HASHING FUNCTION
DIGITAL HASH+
ALICE’SPRIVATE KEY
=Alice
DIGITAL SIGNATURE
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL19
IDENTITY
Digital certificates bind an identity to a public encryption key
+
ALICE
ALICE’S PUBLIC KEY
CERTIFICATE AUTHORITY
ALICE INFOEmail AddressEmployerEtc.
ALICE’S DIGITAL CERTIFICATE
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL20
DIGITAL CERTIFICATE INDUSTRY UPDATE
• Recent survey* of 50 Fortune 1,000 firms, 72% plan to use digital certificates within 2 years
• Financial Services industry is leading the way of digital certificate use for intercompany electronic commerce
• Why use digital certificates? “Non-repudiation. We need to be sure that when someone appears to initiate a message, they’re the ones who really did it.” (Commercial Bank)
* Forrester Research, Inc. 1997
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL21
NON-REPUDIATION
Non-repudiation takes several forms
• Digital certificates to prove authorship
• Archive transaction records to prove information exchanged at a specific date and time
• Archived transaction content to prove exact details of an information exchange
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL22
FINANCIAL GUARANTEES
Companies assuming liability for services and products that enable Internet commerce is an important step forward.
• VeriSign and IDMetrix insure digital certificates
• NetDox insures Internet messages
• AT&T guarantees network (Internet) access
• BBN Internet Service takes full responsibility for delivery of data packets from source to destination
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL23
SUMMARY
Building trust through security, reliability, and accountability will enable
businesses to harness the power of Internet Commerce.
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL24
MORE INFORMATION
Cryptography: RSA website - www.rsa.com
Digital Certificates: Entrust - www.entrust.com
GTE - www.gte.com
IDMetrix - www.idmetrix.com
VeriSign - vwww.verisign.com
World Wide Web Security:World Wide Web Security FAQ - www.w3.org
NetDox:www.netdox.com
