E-commerce has presented a new way of doing business all over the world using internet. Organizations have changed their way of doing business from a traditional approach to embrace ecommerce processes. As individuals and businesses increase information sharing, a concern regarding the exchange of money securely and conveniently over the internet increases. Therefore, security is a necessity in an e-commerce transaction. The purpose of this paper is to present a token based Secure E-commerce Protocol. The purpose of this paper is to present a paradigm that is capable of satisfying security objectives by using token based secure
Keywords: Trusted Third Party (TTP), Pretty Good ...view middle of the document...
The eradication of trust in e-commerce applications may cause prudent business operators and clients to forego the use of the Internet for now and revert back to traditional methods of doing business. Gaining access to sensitive information and replay are some common threats that hackers impose to E-commerce systems .
The successful functioning of E-commerce security depends on a complex interrelationship between several applications development platforms, database management systems, systems software and network infrastructure . By doing online business, it is a facility of reaching to everyone. Exploring the opportunities challenges conventional notions of business competition through electronic flows of information and money . Payment on Internet or network is a critical important chain of whole e-commerce, which contains the payment activity . Security protection starts with the preservation of the confidentiality, integrity and availability of data and computer resources . These three tenets of information security are sometimes represented in the Confidentiality, Integrity and Authentication Triad in the Figure 1.
FIGURE 1: The Confidentiality, Integrity and Authentication Triad.
Including the elements of the Confidentiality, Integrity and Authentication Triad, the six security needs in E-commerce are:
i. Access Control.
iv. Non Repudiation.
Access control ensures only those that legitimately require access to resources are given access .
Confidentiality is concerned with warranting that data is only revealed to parties who have a legitimate need, while privacy ensures that customers’ personal data collected from their electronic transactions are protected from indecent and/or unauthorized disclosure . Issues related to privacy can be considered as a subset of issues related to access control.
Authentication provides for a sender and a receiver of information to validate each other as the appropriate entity. This means having the capability to determine who sent the message and from where and which machine.
Non-repudiation is a property of the transaction that positively confirms that a particular client did indeed request the transaction in question without having the ability to deny making the request .
Integrity ensures that if the context of a message is altered, the receiver can detect it. It is possible that as a file, electronic mail, or data is transmitted from one location to another, its integrity may be compromised.
Availability as defined in an information security context ensures that access data or computing resources needed by the appropriate personnel are both reliable and available in a timely manner.
2. RELATED WORK
Several research papers have been presented discussing security aspects in E-commerce. Ecommerce software packages should also...