Skip to main content

IMPLEMENTATION AND MANAGEMENT ISSUES

IMPLEMENTATION AND MANAGEMENT ISSUES

This section explores important issues that should be considered when de-signing, implementing, and integrating encryption to engage in electronic commerce.

Hardware versus Software Implementations

Encryption can be imple-mented in either hardware or software.
Each has its related costs and bene-fits. The trade-offs among security, cost, simplicity, efficiency, and ease of implementation need to be studied when acquiring security products.

In general, software is less expensive and slower than hardware, al-though for large applications, hardware may be less expensive.
In addition, software is less secure, since it is more easily modified or bypassed than some hardware products.
In many cases, encryption is implemented in a hardware device (such as a card/key entry system), but is controlled by software. This software re-quires integrity protection to ensure that the hardware device is provided with correct information (controls, data) and is not bypassed. Thus, a hy-brid solution of software and hardware is generally provided. Effective se-curity requires the correct management of the entire hybrid solution.

Key Management

All keys need to be protected against modification, and secret keys and private keys need protection against unauthorized disclo-sure. The proper management of cryptographic keys is essential to the effec-tive use of encryption for security. Key management involves the procedures and protocols, both manual and automated, used throughout the entire life cycle of the keys. This includes the generation, distribution, storage, entry, use, destruction, and archiving of cryptographic keys.
Ultimately, the security of information protected by encryption directly de-pends upon the protection afforded to keys.

With secret-key encryption, the secret key(s) must be securely distrib-uted (safeguarded against unauthorized replacement, modification, and disclosure) to the parties wishing to communicate.
Depending on the num-ber and location of users, this task may be difficult. Automated techniques for generating and distributing cryptographic keys can ease overhead costs of key management, but some resources have to be devoted to this task.

Public-key encryption users also have to satisfy certain key manage-ment requirements. For example, since a private/ public-key pair is associ-ated with (generated or held by) a specific user, it is necessary to link the public part of the key pair to the user. In some cases, the key may be linked to a position or an organization, rather than to an individual user.

In a small community of users, public keys and their II owners
II can be strongly bound by simply exchanging public keys.
However, business con-ducted on a larger scale, involving geographically distributed users, neces-sitates a means for obtaining public keys online with a high degree of confidence in their integrity and binding to individuals. The support for the binding between a key and its owner is generally referred to as a public-key infrastructure. This involves support for users being able to enter the com-munity of key holders, generate keys (or have them generated on their be-half), disseminate public keys, revoke keys (in case, for example, of compromise of the private key), and change keys. In addition, it may be necessary to build in time/date stamping and to archive keys for verifica-tion of old signatures.

Complying with Export Rules

A number of governments have regula-tions regarding the import or export of encryption. The V.S. government controls the export of cryptographic implementations because it considers them part of munitions. As a general rule, the V.S. government allows en-cryption to be used when: the data being encrypted is of a financial nature and the transaction is between known banks; the content of the data is well- defined; the length of the data is limited; and the encryption cannot easily be used for other purposes. The rules governing export can be quite com-plex, since they consider multiple factors. In addition, encryption is a rapidly changing field, and rules may change from time to time. Questions concerning the export of a particular implementation should be addressed to appropriate legal counsel.

Other Business Issues

Three problems deter widespread acceptance of encryption for public commerce. First, successful encryption requires that all participating parties use the same encryption scheme. Standards that make encryption feasible have to be established within an organization or a cooperating group (such as banks).

Second, the distribution of keys has prevented wider use of encryption, as there is no easy way to distribute the secret key to an unknown person on the network. The only safe way to communicate a key is in person, and even then the distributor must provide a different secret key for each per-son. Even public-key schemes require a method for key distribution.

The final deterrent to widespread acceptance of encryption is that it is difficult to use. For encryption to flourish, the encryption user interface must be simplified so that an average consumer can easily use the software. Currently, a consumer will not wait more than a few seconds for informa-tion access or retrieval. In the future, encryption will be done by fast hard-ware rather than software.

Legal Issues

As encryption becomes commonplace in the commercial world, employers will face the problem of producing documents that only certain employees can decrypt. Given labor force mobility, a company may be confronted with the task of producing documents encrypted by ex- employees who may not wish to cooperate.

Encryption raises a plethora of legal problems for corporations including: Will courts tolerate the production of pivotal evidence in encrypted form? Will a party’s counsel produce information or data without first hav-ing it decrypted, leaving the opposing counsel with the task of “cracking” the encryption?
On what basis could counsel claim such a data file was ir-relevant or privileged? Will the producer have the onus of contacting the ex-employee in the hope that the employee will remember the password necessary for decryption? Will the courts compel individuals to provide their passwords?

Imagine the operational problems if all employees routinely used en-cryption and changed their passwords regularly, both encouraged practices in security-minded organizations. It may not be unusual, in the years ahead, to find that 100 percent of all electronic mail messages, and perhaps 30 to 50 percent of computer-based documents, are stored in encrypted form [AJL94].

Comments

Popular posts from this blog

Production planning and control in mass production

Production planning and control in mass production Mass production Only one type of product or maximum 2 or 3 type of products are manufactured in large quantities and much emphasis is not given to retail consumer orders. Standardization of products, processes, materials, machines, uninterrupted flow of materials are the main characteristics of this system. Example: - petrochemical industry, cement industry, steel industry, sugar industry, cigarette industry etc. Features of mass production system o It includes manufacturing of high volume standardized products. o There is a smooth flow material from one work station to another workstation. o Production time of production unit as a whole is short (i.e. because of specialization principle). o Closely spaced work station reduce material handling. o Production planning and control is simple. o Work in progress inventory is less. Production planning and control is possible under mass production only with the help of line balan

ELECTRONIC COMMERCE AND ONLINE PUBLISHING

ELECTRONIC COMMERCE AND ONLINE PUBLISHING Electronic Commerce and Online Publishing The Web may have blossomed because of peer-to-peer publishing, but judg-ing from recent product offerings, there is an enormous groundswell of in-terest among both commercial and corporate publishers in the Web. For instance, it was reported that, in less than three months, the Wall Street Journal Interactive Edition attracted 500,000 registered readers on the Web, and that number is growing by some 3,000 readers per day. Also, the elec-tronic edition has attracted more than thirty advertisers paying to reach this audince. Initially, growth in the online publishing marketplace was driven by the potential of new interactive technologies and applications. The promise of new interactive publishing captured the imagination of both content providers and the public. However, from 1993 to 1995 much of online publishing was inhibited by a lack of business purpose. At that time, the con-tent creation s

MANAGEMENT ISSUES IN ONLINE BANKING

MANAGEMENT ISSUES IN ONLINE BANKING The challenge facing the banking industry is whether management has the creativity and vision to harness the technology and provide customers with new financial products necessary to satisfy their continually changing fi-nancial needs. Banks must deliver high quality products at the customers’ convenience with high-tech, high-touch personal and affordable service. In order to achieve this, management has to balance the five key values that increasingly drive customers’ banking decisions: simplicity, customized ser-vice, convenience, quality, and price. if you like my post then pls click on advertisment and add as you in my follower list . Its beneficial for you and me both.