Encryption and Public Key Infrastructure

1. Digital certificate

1.1. Data file used to establish the identity of users and electronic assets for protection of online transactions

1.2. Uses a trusted third party, certification authority (CA), to validate a user's identity

1.3. CA verifies user’s identity, stores information in CA server, which generates encrypted digital certificate containing owner ID information and copy of owner’s public key

2. Public key infrastructure (PKI)

2.1. Use of public key cryptography working with certificate authority

2.2. Widely used in e-commerce

3. System Availability

3.1. Online transaction processing requires 100% availability

3.2. Fault-tolerant computer systems

3.3. Deep packet inspection:

3.4. Security outsourcing

3.4.1. Managed security service providers (MSSPs)

4. Software Quality

4.1. Software metrics: Objective assessments of system in form of quantified measurements

4.2. Early and regular testing

4.3. Walkthrough: Review of specification or design document by small group of qualified people

4.4. Debugging: Process by which errors are eliminated

5. Encryption

5.1. Secure Sockets Layer (SSL) and successor Transport Layer Security (TLS)

5.2. Secure Hypertext Transfer Protocol (S-HTTP)

6. Two methods of encryption

6.1. Symmetric key encryption

6.2. Public key encryption

7. Types of encryption

7.1. Symmetric Keys

7.1.1. Encryption and decryption use the same key

7.2. Asymmetric Keys

7.2.1. Encryption and decryption use different keys, a public key and private key

7.3. One-way hash

8. Security Issues

8.1. Cloud Computing

8.1.1. Responsibility for security resides with company owning the data

8.1.2. Firms must ensure providers provide adequate protection

8.1.3. Service level agreements (SLAs)

8.2. the Mobile Digital Platform

8.2.1. Security policies should include and cover any special requirements for mobile devices

8.2.2. Mobile device management tools

8.2.3. Software for segregating corporate data on devices