Page 1
___________________________________________________________________________
2006/SOM1/ECSG/SYM/025 Agenda Item: 24
Overview of E-commerce Protection Technologies
Purpose: Information Submitted by: Russia
APEC Symposium on Information Privacy Protection in E-Government
and E-CommerceHa Noi, Viet Nam
20-22 February 2006
Page 2
1
Overviewof E-commerce Protection Technologies
Alexey Sabanov, Aladdin (Russia)
Page 3
2
Contents
• Brief market analyze• Trust Problems of E-commerce• Identification and Authentication• Privacy Access Control• Hardware Authentication Devices• Overview of Modern Protection
Technologies
Page 4
3
E- commerce market
Russia WesternEurope
APEC
regions
CNews Analitics, 2004
Page 5
4
Russia B2B market
www.cnews.ru: NAUET (НАУЭТ), 2004
$M
2002 2004
Energy - $348.2MUniversal – $32,6 MMetal - $ 42MWood - $12.9M...... Total:$442M
Increase - 40%
Page 6
5
Topicality: financial loss
Page 7
6
Security Solutions Used
Page 8
7
Trust Problems of E-commerce
• Guarantee of confidentiality (number of a credit card, a delivery date of the goods, the address,…)
• Guarantee of data integrity• Sufficient level for controlling of operation participants:
• The seller should be assured that the buyer will not refuse purchase and in solvency of the buyer
• The bank-emitter should check up the seller before realization of his requirement for payment of purchase
• The buyer should be assured that seller is real, instead of false
Page 9
8
Some Trust Problems of E-commerce:Security weaknesses
• sensitive financial details for online paying ;• trade secrets and other confidential information;• privacy of e-commerce actions:
• pay bills, • trade stocks and shares, • file our income tax returns, • conduct legally transactions;• vote in government elections;• …
Page 10
9
PKI Trusted Services
• Authentication,• Access control,• Trust internet - banking services,• Assured privacy data delivery,• Encryption,• E-signature.
Page 11
10
The role of Authentication
Use of strong authentication may be one of the way for trust users to e-commerce
E-commerce Services
LoginPassword
Trust ?
Page 12
11
E-Signatures Types
Electronic signatures
Advanced electronic signatures
Qualified signature: advanced electronic signature
secure signature creation tokenprivate key can't leave token
Qualified signatures
Advanced electronic signature:• qualified certificate• certificate is in file system of smart card or token• private key protected by PIN
Page 13
12
Signatures TypesAdvanced electronic signature
Qualified signature
Page 14
13
Identification and Authentication
Page 15
14
Single (universal) Smart card
Passwords
Barcode & Magnetic Swipe encoding
PKI Certificates
NT Loginrparrisletmein
SAPrichardpx4Lo19b
C. Schwab
richparrecho2
FinanceRP1echo1
Flexible Role Definition
Logical Access Controls
Contactless Chip
Biometric credentials
Page 16
15
PASSWORD
PKIPKI
AuthenticationAuthentication
ApplicationsApplications
DirectoryDirectory
RegistrarRegistrar
UserUser
Security Security DatabaseDatabase
End-User Back Office Infrastructure
IssuerIssuer LCM
Life cycle management
Page 17
16
Example: Token Management System
Page 18
17
Information Security Technologies
Gartner Group, Hype Cycle for Information Security, 2005
Page 19
18
Hardware Tokens
IDC, 2004
Page 20
19
Autonomous Tokens
USB-Tokens
Software Protection Keys
IDC, 2004
Expected dynamic of market
Page 21
20
USB Tokens Market
IDC, 2004Revenue, $MShare of the Market, %Increase Annual Profit, %
Page 22
21
USB Tokens Market in Russia
Aladdin
Rainbow
Active
MultiSoft Systems
Other
Own evaluations
Page 23
22
Thanks you for attention
Alexey Sabanov [email protected] , tel.: +7(495)231-31-13