Discuss the transactional risks associated with online business. Include in your answer definitions of the following terms: encryption, certification authority (CA), public key, private key, digital certificate, and public-key infrastructure.

What will be an ideal response?


When a company conducts business transactions over the Internet, risks associated with online transactions are an additional security concern. The company must ensure that all parties are really who they say they are (authentication), that transactions cannot be intercepted or corrupted during transmission (integrity), that no party to a transaction can deny its participation (nonrepudiation), and that transaction information is kept private (confidentiality). The primary tools used to provide transaction authentication, integrity, nonrepudiation, and confidentiality are encryption and digital certificates.?Encryption is the process of translating readable data into unreadable data to prevent unauthorized access or use. A special key decodes encrypted data at its destination. A certification authority (CA), such as VeriSign, creates the keys for a fee. When an organization wants to use encryption, it requests a set of associated public and private keys from a CA. The public key encrypts data sent to the organization and is posted by the CA to a publicly accessible directory. The private key is known only to the organization and is used to decrypt the incoming data.?A digital certificate electronically authenticates an organization's or individual's identity. CAs issue, for a fee, digital certificates that contain the issuer's name, a certificate number, an expiration date, the requesting entity's public key information, and the issuer's digital signature, which validates the certificate's legitimacy. A digital certificate is located on a public directory or registry so that interested parties can look up public keys.?A public key infrastructure is the combination of organizations or individuals sending and receiving encrypted data, their public and private keys, and the CAs that issue the keys and digital certificates.

Computer Science & Information Technology

You might also like to view...

A binary tree with no root

A) must have only one node B) must have exactly two nodes C) must be empty D) None of the above

Computer Science & Information Technology

Can the system under consideration be represented as an actor? Justify your answer.

What will be an ideal response?

Computer Science & Information Technology

?In a data dictionary, _____ refers to whether the data element contains numeric, alphabetic, or character values.

A. ?pool B. ?type C. ?valence D. ?domain

Computer Science & Information Technology

When decreasing the indention within a cell, choose the Decrease Indent button from the Alignment group on the Home tab.

Answer the following statement true (T) or false (F)

Computer Science & Information Technology