Discuss the transactional risks associated with online business. Include in your answer definitions of the following terms: encryption, certification authority (CA), public key, private key, digital certificate, and public-key infrastructure.

What will be an ideal response?

---

When a company conducts business transactions over the Internet, risks associated with online transactions are an additional security concern. The company must ensure that all parties are really who they say they are (authentication), that transactions cannot be intercepted or corrupted during transmission (integrity), that no party to a transaction can deny its participation (nonrepudiation), and that transaction information is kept private (confidentiality). The primary tools used to provide transaction authentication, integrity, nonrepudiation, and confidentiality are encryption and digital certificates.?Encryption is the process of translating readable data into unreadable data to prevent unauthorized access or use. A special key decodes encrypted data at its destination. A certification authority (CA), such as VeriSign, creates the keys for a fee. When an organization wants to use encryption, it requests a set of associated public and private keys from a CA. The public key encrypts data sent to the organization and is posted by the CA to a publicly accessible directory. The private key is known only to the organization and is used to decrypt the incoming data.?A digital certificate electronically authenticates an organization's or individual's identity. CAs issue, for a fee, digital certificates that contain the issuer's name, a certificate number, an expiration date, the requesting entity's public key information, and the issuer's digital signature, which validates the certificate's legitimacy. A digital certificate is located on a public directory or registry so that interested parties can look up public keys.?A public key infrastructure is the combination of organizations or individuals sending and receiving encrypted data, their public and private keys, and the CAs that issue the keys and digital certificates.