Emerging Internet Commerce Julie Grace - NetDox, Inc. ‹#›
advertisement
Emerging Internet Commerce Julie Grace - NetDox, Inc. ‹#› HERE DATE Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL FINANCIAL SERVICES & THE INTERNET Internet commerce transactions can benefit companies and customers by providing cost efficiencies in policy origination, claims processing and business development. • Auto insurance policies are being sold on-line in the UK by Eagle Star • AOL, Yahoo! Financial and InsWeb are providing insurance information to customers and lead generation information to insurers in the US • Citicorp chairman John Reed estimates that 80% of the costs associated with customer service can be eliminated with an effective technology strategy (Yahoo! News 4/15/98) On-line purchases provide a 4% higher profit margin than other sales mediums. ‹#› Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL EXPERT PROJECTIONS Made Projected Actual 1997 E-Commerce 1991 $150B $8B 2002 E-Commerce 1997 $327B ? $500B ? $1500B ? Source: Forrester Research, Yankee Group, Cisco, 1997 ‹#› Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL INTERNET COMMERCE EXAMPLE “Can I count on the Internet to deliver my important information on time?” “Is anyone reading my information while it travels the Internet?” Customer Alice in San Francisco “Did Bob receive my information?” ‹#› “How do I know for certain that Bob is the one who received my information?” Broker Bob in Chicago “Did this information really come from Alice?” Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL TRUST DEFINED SECURITY TRUST = RELIABILITY ACCOUNTABILITY ‹#› Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL SECURITY “Is anyone reading my information while it travels the Internet?” ‹#› Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL SECURITY There are a number of ways companies are addressing security concerns for electronic communications: • Avoiding It • Private Networks • Virtual Private Networks • Cryptography • Symmetric Encryption • Asymmetric Encryption ‹#› Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL SYMMETRIC ENCRYPTION Symmetric encryption key is a computer code used to: Unscramble the contents of an encrypted message, making it readable again Scramble the contents of a message, making it unreadable + INFORMATION SYMMETRIC KEY + = ENCRYPTED INFORMATION = ENCRYPTED SYMMETRIC INFORMATION INFORMATION KEY SYMMETRIC KEYS If the key used to scramble and unscramble is the same, it is a symmetric key ‹#› Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL ASYMMETRIC ENCRYPTION Asymmetric keys split the function of a symmetric key into two parts: + = INFORMATION PUBLIC KEY + ENCRYPTED INFORMATION ENCRYPTED INFORMATION = PRIVATE INFORMATION KEY ASYMMETRIC KEYS Information encrypted with the private key can only be decrypted with the public key, and vice versa ‹#› ALICE BOB BENEFIT Encrypt with Bob’s Public Key Encrypt with Alice’s Private Key Decrypt with Bob’s Private Key Decrypt with Alice’s Public Key Confidentiality: Only Bob can open Proof of Authorship: Only Alice can send Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL SYMMETRIC & ASYMMETRIC COMPARED Symmetric Encryption Relatively easy-to-use Several security and administration issues... Need to share the symmetric encryption key with the recipient • Must use an “out-of-band” method Anyone who acquires the session key can use it to: • Decrypt the message you sent Asymmetric Encryption Enhanced security and flexibility Requires longer keys which greatly increases processing time ‹#› Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL SYMMETRIC & ASYMMETRIC COMBINED Get advantages of both by using them together ALICE + INFORMATION + SYMMETRIC KEY ‹#› BOB + = SYMMETRIC KEY ENCRYPTED INFORMATION ENCRYPTED SYMMETRIC KEY BOB’S ASYMMETRIC PRIVATE KEY + = BOB’S ASYMMETRIC PUBLIC KEY = ENCRYPTED SYMMETRIC KEY ENCRYPTED INFORMATION SYMMETRIC KEY = SYMMETRIC KEY INFORMATION Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL RELIABILITY “Can I count on the Internet to deliver my information on time?” ‹#› Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL RELIABILITY No single entity “owns” the Internet, therefore no one completely controls its reliability. Companies are addressing the challenge of reliability with: • Hardware - reliable mail servers, web servers, routers • Software - reliable email packages, languages • Connectivity - reliable Internet Service Providers (ISPs) • Information - status confirmation ‹#› Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL ACCOUNTABILITY “Did this information really come from Alice?” ‹#› Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL ACCOUNTABILITY Companies who enable Internet Commerce must be accountable for: Integrity The information has not been altered in transit Identity The sender and recipient are who they claim to be Non-Repudiation Providing indisputable proof of a transaction after the fact Financial Guarantees Assuming liability for information exchanges ‹#› Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL INTEGRITY A digital hash is a computed number that uniquely represent information If the document changes in the slightest, so does the digital hash INFORMATION HASHING FUNCTION = DIGITAL HASH ‹#› DIGITAL FINGERPRINT Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL INTEGRITY A digital hash ensures information was not altered in transit Alice sends both the message and her hash of the message to Bob Bob does his own hash of the message and compares it to the hash Alice sent INFORMATION INFORMATION HASHING FUNCTION HASHING FUNCTION ? = ALICE’S DIGITAL HASH ‹#› BOB’S DIGITAL HASH ALICE’S DIGITAL HASH Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL IDENTITY Combine a digital hash with encryption to produce a digital signature which provides proof of authorship MESSAGE HASHING FUNCTION DIGITAL HASH ‹#› + = ALICE’S PRIVATE KEY Alice DIGITAL SIGNATURE Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL IDENTITY Digital certificates bind an identity to a public encryption key ALICE’S PUBLIC KEY + ALICE INFO Email Address Employer Etc. CERTIFICATE AUTHORITY ALICE ALICE’S DIGITAL CERTIFICATE ‹#› Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL DIGITAL CERTIFICATE INDUSTRY UPDATE • Recent survey* of 50 Fortune 1,000 firms, 72% plan to use digital certificates within 2 years • Financial Services industry is leading the way of digital certificate use for intercompany electronic commerce • Why use digital certificates? “Non-repudiation. We need to be sure that when someone appears to initiate a message, they’re the ones who really did it.” (Commercial Bank) * Forrester Research, Inc. 1997 ‹#› Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL NON-REPUDIATION Non-repudiation takes several forms • Digital certificates to prove authorship • Archive transaction records to prove information exchanged at a specific date and time • Archived transaction content to prove exact details of an information exchange ‹#› Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL FINANCIAL GUARANTEES Companies assuming liability for services and products that enable Internet commerce is an important step forward. • VeriSign and IDMetrix insure digital certificates • NetDox insures Internet messages • AT&T guarantees network (Internet) access • BBN Internet Service takes full responsibility for delivery of data packets from source to destination ‹#› Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL SUMMARY Building trust through security, reliability, and accountability will enable businesses to harness the power of Internet Commerce. ‹#› Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL MORE INFORMATION Cryptography: RSA website - www.rsa.com Digital Certificates: Entrust - www.entrust.com GTE - www.gte.com IDMetrix - www.idmetrix.com VeriSign - vwww.verisign.com World Wide Web Security: World Wide Web Security FAQ - www.w3.org NetDox: www.netdox.com ‹#› Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL
