密码学基础11.2 Web EC Security 復大辱软件学院
1 密码学基础 11.2 Web & EC Security
Review Cry ptography Authentication techniques PKI 復大辱软件学院
2 Review • Cryptography • Authentication techniques • PKI
Review Security services Confidentiality Integrity Authentication ° Non-repudiation Availability 復大辱软件学院
3 Review • Confidentiality • Integrity • Authentication • Non-repudiation • Availability • Security services
Outline Web EC Security Considerations Definitions: web, EC threats Secure Socket Layer(SsL) and Transport Layer Security(TLs) Secure Electronic Transaction(SET) 復大辱软件学院
4 Outline • Web & EC Security Considerations – Definitions: web, EC – threats • Secure Socket Layer (SSL) and Transport Layer Security (TLS) • Secure Electronic Transaction (SET)
Outline Web EC Security Considerations Definitions: web, EC threats Secure Socket Layer (SsL) and Transport Layer Security (TLS) Secure Electronic Transaction(SET 復大辱软件学院
5 Outline • Web & EC Security Considerations – Definitions: web, EC – threats • Secure Socket Layer (SSL) and Transport Layer Security (TLS) • Secure Electronic Transaction (SET)
Web Security Web now widely used by business, government, individuals but Internet eb are vulnerable 復大辱软件学院
6 Web Security • Web now widely used by business, government, individuals • but Internet & Web are vulnerable
eof Web Security Considerations The WeB is very visible Complex software hide many security flaws Web servers are easy to configure and manage Web server may be exploited as a launching pad into the intranet Users are not aware of the risks 復大辱软件学院
7 Web Security Considerations • The WEB is very visible. • Complex software hide many security flaws. • Web servers are easy to configure and manage. • Web server may be exploited as a launching pad into the intranet. • Users are not aware of the risks
Web Security So, have a variety of threats user web server Confidentiality http,etc.plaintext integrity denial of service Authentication need added security mechanisms 復大辱软件学院
8 Web Security • So, have a variety of threats user web server – Confidentiality http, etc. plaintext – integrity – denial of service – Authentication • need added security mechanisms
oh EC, Electronic Commerce ·定义 基于电子技术来实现商务活动 电报 ·电话 互联网 復大辱软件学院
9 EC,Electronic Commerce • 定义 : –基于电子技术来实现商务活动 • 电报 • 电话 • 互联网
EC的发展历史 ·早在1839年,当电报出现,电子商务的讨论 ·20世纪50年代,电话、传真技术的发明, 利用电话和传真进行的商务处理也出现了 EDI 六十年代末,欧美提出ED的概念 70s,数字通信技术,企业间EDI系统,80s繁荣 80s,网上在线服务的电子商务新技术 90后, Internet及其上商务的发展 带来了电子商务新概念 Internet上的web,是电子商务发展的一个转折点 wEB使得商务活动的一种便宜 方便、快捷 多种多样的经济活动 復大辱软件学院
10 EC的发展历史 • 早在1839年,当电报出现,电子商务的讨论 • 20世纪50年代,电话、传真技术的发明, – 利用电话和传真进行的商务处理也出现了。 • EDI – 六十年代末,欧美提出EDI的概念 – 70s,数字通信技术,企业间EDI系统,80s繁荣 • 80s,网上在线服务的电子商务新技术 • 90后,Internet及其上商务的发展 – 带来了电子商务新概念 – Internet上的Web,是电子商务发展的一个转折点 • WEB使得商务活动的一种便宜 • 方便、快捷 • 多种多样的经济活动
