Security in E-Commerce Systems

From
Revision as of 00:36, 18 January 2005 by 217.186.28.168 (talk)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Technologie

The most used protection technologie in e-Commerce Systems is PKI (Public Key Infrastructure). A PKI consists of a Registration Authority (RA) and a Certification Authority (CA).


Tasks of the RA:

  • Reception of certificate requests
  • Authentication of persons and authorities
  • Verification of data
  • communicates confidentially with the CA
  • Distribution and verification of certificates
  • direct interface to the customer


Tasks of the CA:

  • Generation of certificates
  • Prolongation/Renewal/Withdrawal
  • Validation, Cross Certification


For more information about PKI and Certificates see also: Digital Certificates and Digital Signatures.


Weak Points

The most frequent weak points in e-Commerce Systems are:

  • too short and too simple passwords
  • weak encryption (with too short keys)
  • careless use with passwords and access data
Retrieved from "https://sarwiki.informatik.hu-berlin.de/index.php?title=Security_in_E-Commerce_Systems&oldid=662"