The authenticity of the identity of both parties

is how to know the participant of the negotiation is not counterfeited by someone else. If we are negotiating with some cheater, we might let out some important information, which may cause serious losses. How can we judge whether a document comes from someone really as declared?

The secrecy of information exchange

Secrecy in the process of negotiation, a tremendous amount of information should be exchanged, which usually includes the names, prices, quality of the commodities, as well as the time and place of the commodity exchange. All such information has great value and needs to be protected. If the information is divulged to the competitors, they are likely to take advantage of what they know so as to cause tremendous losses to the negotiator. Thus it is of great importance as to keep the crucial information confidential.

The integrity of information

How can the receiving party make sure that the information received is the complete message that is sent from the other party? And is the message not replaced by another faked message in the process of being transmitted.

Non-repudiation
If one party wants to invalidate the contract which has been signed because of adverse marketing situations, one of the choices it may make is to deny authenticity of the agreement. Issues like these are also very important problems encountered in the e-commerce process.

Privacy protection problem

In the traditional commercial process, when we go shopping, we check the commodity and pay for it in person. The vendor would not know who we are. In the eshopping process, however, the registration is required all the time, which may reveal a lot of private information such as gender, age, occupation, income, ID number and credit card number. But how can we know that our private information is protected rather than illegally used?

The security problems originated from the Internet itself

The Internet is a free and open world, which enables the global information exchange. On the other hand, it provides a convenient way to gather and distribute private data. Secondly, the diversity of the Internet users is also a threat to security. Since the information is transmitted online via the routers while the users cannot know which one of the routers are involved in the process, it is possible that someone will be able to view the users information by scanning and tracking data. So any online data is possible to be eavesdropped.

INTENTIONAL E-COMMERCE THREATS

Computer viruses Trojan horses Logic bombs Trap doors Denial-of-access attacks

COMPUTER VIRUSES
A computer virus is a series of self-propagating program codes triggered by a specified time or event within the computer system. When the program or the operating system containing the virus is used again, the virus attaches itself to other files and the cycle continues. The seriousness of computer viruses varies, ranging from springing a joke on a user to completely destroying computer programs and data.

COMPUTER VIRUSES
Computer viruses can also be transmitted through a network. Probably the most dangerous type of virus comes from bulletin boards; this type of virus can infect any system that accesses the bulletin board. Bulletin boards are computer systems to which different individuals can post messages or computer programs that can be downloaded by others.

COMPUTER WORM
A worm is similar to a computer virus. It is called a worm because it travels like a worm from one computer in a network to another computer or site. A worm usually does not erase the data. It either corrupts the data or it copies itself to a full-blown version that eats up computing resources. Eventually it will bring the computer and/or network to a halt.

TROJAN HORSE
A Trojan horse program contains codes intended to disrupt a computer system and or an e-commerce site. Trojan horse programs are usually hidden inside a popular useful program. These programs may erase accounting, personnel, and financial data. Unlike computer viruses and worms, a Trojan horse program does not replicate itself. Although a Trojan horse program functions differently than viruses and worms, the end results are basically the same: damage and interruption of the computer and/or network system.

LOGIC BOMBS
A logic bomb is a type of Trojan horse used to release a virus, a worm, or some other destructive code. Logic bombs are triggered at a certain point in time or by an event or an action performed by a user. An action can be pressing certain keystrokes or running a specific program. An event may be loading a backup tape or the birthday of a famous person.

TRAP DOORS
A trap door (also called a back door) is a routine built into a system by its designer or programmer. This routine allows the designer or the programmer to sneak back into the system to access software or specific programs. A trap door is usually activated by the individual (or his or her agent) who designed the system. Usually the user is not aware of the problem; a keystroke combination or a specific login may set it off.

DENIAL-OF-ACCESS ATTACKS
A denial-of-service attack is a method hackers and crackers use to prevent or deny legitimate users access to a computer or web server. Just imagine, 5,000 or more people surround a department store and block everybody who wants to enter the store. Although the store is open, it cannot provide service to its legitimate customers.

DENIAL-OF-ACCESS ATTACKS
These computer criminals use tools that send many requests to a targeted Internet server (usually the Web, file transfer protocol, or mail server), which floods the servers resources, making the system unusable. Any system connected to the Internet running Transmission Control Protocol services are subject to attack.

DENIAL-OF-ACCESS ATTACKS
Just imagine continuous phone calls to a traditional store. As soon as the store clerk picks up the phone, he or she finds out that this is a prank call. If this process continues, it prohibits the stores legitimate customers to get hold of the store operator and use the stores services or products. This is similar to denial-of-service attacks.

DENIAL-OF-ACCESS ATTACKS
The assaults are all of a type known as distributed denial-of-service attacks, in which a web site is bombarded with thousands of requests for information in a very short period of time, causing it to grind to a halt. The attacks usually come from several computers on the Web, and this makes it difficult to trace the attacks

DENIAL-OF-ACCESS ATTACKS
A hacker secretly plants denial-of-access attack tools on several computers on the Web. These computers can be centrally controlled. The methods of how and what resources are flooded differ based on the tools used by the hackers. It is nearly impossible to trace the attack, particularly if the attacks come from several sites.

SECURITY MEASURES AND ENFORCEMENTS FOR E-COMMERCE

Biometric securities Non-biometric securities Physical securities Software securities Electronic transactions securities CERT

BIOMETRIC SECURITIES
Biometric security measures use elements from the human body to screen users. These security measures rely on the concept that a unique part or characteristic of an individual cannot be stolen, lost, copied, or passed on to others. Some of the drawbacks of biometrics are their relative high cost, acceptance by users, and the relative difficulty of installation.

BIOMETRIC SECURITIES
Fingerprint: Whenever a user tries to access the system, his or her fingerprint is scanned and verified against the print stored in an electronic file. If there is a match, the access request is granted. If there is no match, access is rejected. Hand geometry: Hand geometry measures the length of fingers on both hands, the translucence of the fingertips, and the webbing between the fingers. Palm-print: The individual characteristics of the palm are used to identify the user. Palm-print is used by law-enforcement agencies to catch criminals. Retinal scanning: Retinal scanning using a binocular eye camera is one of the most successful methods for security application. Identification of the user is verified by data stored in a computer file.

BIOMETRIC SECURITIES
Signature analysis: Signature analysis uses the signature as well as the users pattern, pressure deviation, acceleration, and the length of the time needed to sign ones name. Voice recognition: Voice recognition translates words into digital patterns for transmission to the server. Voice patterns are recorded and examined by tone, pitch, and so forth. This technique is relatively new, and research is ongoing. Using voice to verify user identity has one characteristic that most other biometric technologies cannot offer. Voice recognition can work over long distances via ordinary telephones. A properly designed voice-based security system could provide major enhancements to the safety of financial transactions conducted over the telephone.

NONBIOMETRIC SECURITIES
Callback Modems: Using a callback modem, the system validates access by logging the user off and calling the user back. By doing this the system separates authorized users from unauthorized users.

NONBIOMETRIC SECURITIES
Callback Modems Firewalls Intrusion-Detection Systems

Callback Modems
Callback Modems: Using a callback modem, the system validates access by logging the user off and calling the user back. By doing this the system separates authorized users from unauthorized users.

Firewalls
A firewall is a combination of hardware and software that serves as a gateway between the private network and the Internet. Predefined access and scope of use are required, and all other requests are blocked. An effective firewall should protect both the export and import of data from and to the private network.

Firewalls
A firewalls protection is similar to a house with walls, windows, and doors. The walls and doors of the house prevent unauthorized people from getting in, while the windows still allow those in the house to see the outside.

Firewalls
If designed effectively, a firewall can look at every piece of data that passes into or out of a private network and decide whether to allow the passage based on the following: User identification Point of origin Point of destination The information contents

Firewalls
By careful examination of the packet that is trying to exit from or enter into the private network, a firewall can choose one of the following actions: Reject the incoming packet Send a warning to the network administrator

Firewalls
By careful examination of the packet that is trying to exit from or enter into the private network, a firewall can choose one of the following actions: Reject the incoming packet Send a warning to the network administrator