TRANSACTION SECURITY ON THE INTERNET
Security is one of the primary concerns when an organization connects its private network to the Internet (Rowe, 1998, 26). In 1995, 1290 network managers reported financial losses due to ineffective network security (Lopez, 1996, 41). Twenty percent of those respondents indicated that breaches in network security stemming from Internet connections were to blame.
Increasing numbers of private networks need access to Internet services, and corporations want to offer Web access to their current and potential customers. To achieve this, an organization needs the protection that a SET (Secure Electronic Transaction) can provide (Maglitta & Booker, 1994, 79). There are many parts to an SET.
A SET begins with an encryption algorithm that requires two different keys for encryption and decryption. These keys are commonly referred to as the public and private keys. Asymmetric algorithms are slower than symmetric algorithms. Furthermore, speed of encryption may be different than the speed of decryption. Generally asymmetric algorithms are either used to exchange symmetric session keys or to digitally sign a message. RSA, RPK, and ECC are examples of asymmetric algorithms. Asymmetric encryption allows data to be disguised before it is transferred between allied parties. This encryption passes over the Internet through a Secure Socket Layer (SSL).
This transmission protocol was originally designed by Netscape Communications as a method for data that was encrypted, and authenticated to be sent across the Internet. SSL is typically used when financial communications occur between web browsers and web servers. The certain way to determine an SSL is to check that a URL (Universal Resource Locator) begins with the letters "https" (hypertext transfer protocol secure) that confirms that the SSL connections are in place and will be used. SSL provides three important things: Privacy, Authent...