attachment_id=114

Download Report

Transcript attachment_id=114

Keamanan Internet dan Sistem Pembayaran Elektronik

(Internet Security and Electronic Payment Systems)

Kuliah 6

A Typical E-commerce Transaction

Slide 5-2

Slide 5-3

• • • • • • • • •

Bentuk Ancaman Keamanan Internet

Unauthorized Access – Akses atau penggunaan sistem komputer untuk menghadang transmisi dan mencuri informasi Data Alteration – Mengubah isi transaksi – nama pengguna, nomor kartu kredit, jumlah pembayaran – pada saat transmisi Monitoring – “mencuri dengar” pada informasi rahasia Spoofing – Situs palsu untuk mencuri data pengguna Denial of Service – Menutup situs atau menolak akses pengunjung Repudiation – Tidak mengakui terjadinya transaksi Spamming atau e–mail bombing – Pengiriman e–mail “sampah” ke banyak individu sekaligus Virus, Worms dan Trojan Horse – Parasitic Virus, Boot Sector Virus, Stealth Virus, Polymorphic Virus, Macro Virus Ancaman tidak disengaja – Bencana alam, kerusakan peralatan, software bugs, kesalahan entry data

Tools Available to Achieve Site Security

Slide 5-5

Teknologi Keamanan Data

• • • • • • Disaster Recovery Plan – Fault–Tolerant Systems, Mirrored Disks, Disk Duplexing, Multiple Lines, Different Networks, Peralatan Tambahan dan Uninterrupted Power Supply (UPS) Akses Kontrol Fisik Akses Kontrol Logical – User Profiles, Biometrics dan Firewalls Deteksi Unauthorized Access – Audit Logs dan Entrapment Server Enkripsi – Kriptografi Asimetrik, Kriptografi Simetrik Proteksi Terhadap Virus

Public Key Cryptography: Creating a Digital Envelope Page 254, Figure 5.8

Slide 5-7

Digital Certificates and Public Key Infrastructure

Page 255, Figure 5.9

Slide 5-8

•

Keamanan Internet

5 persyaratan keamanan internet (situs web) : – Kebebasan Pribadi (Privacy) : kemampuan untuk mengontrol siapa yang dapat / boleh melihat (dan siapa yang tidak boleh melihat) informasi tertentu – Kesahihan (Authenticity) : kemampuan untuk mengetahui identitas pihak yang diajak berkomunikasi / bertransaksi – Integritas (Integrity) : menjamin informasi yang ditransmisikan atau disimpan tidak berubah – Ketersediaan (Availability) : kemampuan untuk mengetahui apakah informasi dan layanan komunikasi tersedia atau tidak – Menahan (Blocking) : kemampuan untuk menahan gangguan dan informasi yang tidak diinginkan

Electronic Data Interchange (EDI)

   Computer-to-computer exchange of business information has become an increasingly popular form of electronic commerce.

EDI enables firms to exchange business information faster, more cheaply, and more accurately than using paper based systems.

EDI used in manufacturing, shipping, warehousing, utilities, pharmaceuticals, construction, petroleum, metals, banking, government, health care, etc.

 EDI consists of standardized electronic-message formats (transaction sets) for business documents such as requests for quotations, purchase orders, purchase change orders, bill of lading, receiving advices, and invoices.

 To move to EDI, a company must have computerized accounting records and establish trading partners who agree to exchange EDI transactions.

 Benefits of EDI: improved in overall record keeping quality, reduced inventory, better information for mgt decision making.

Document Flow without EDI

Purchase request initiated in the organization Purchase department Inventory and warehousing Buyer Finance department Payment Order delivery Paper-based mailroom Paper-based mailroom Seller Finance department Bill Order confir mation Sales department Receiving department Product delivery Shipping department Manufacturing department 11

Document Flow with EDI

Purchase request initiated in the organization Purchase department Buyer Seller Finance department Payment details EDI-capable computer Purchase-order delivery Automated order onfirmation EDI-capable computer Billing details Finance department Sales department Inventory and warehousing Receiving department Product delivery Shipping department Manufacturing department 12

Sistem Pembayaran Elektronik

• • • • • Electronic Cash (Digital Cash / eCash / Cyber Cash) Electronic Checks (eCheck) Prepaid Card and Accounts Credit Card and Accounts Card Technologies : Magnetic Cards, Smart Cards

Electronic Credit Card System on the Internet • The Players – Cardholder – Merchant (seller) – Issuer (your bank) – Acquirer (merchant’s financial institution, acquires the sales slips) – Brand (VISA, Master Card) 14

Cardholder

credit card

Merchant

Payment authorization, payment data account debit data

Card Brand Company

payment data payment data amount transfer

Issuer Bank Cardholder Account Acquirer Bank Merchant Account Credit Card Procedure (offline and online)

© Prentice Hall, 2000

Electronic Fund Transfer (EFT) on the Internet

Internet

Payee Payer Payment Gateway Cyber Bank Cyber Bank Bank

VAN

Automated Clearinghouse

VAN

Bank Payment Gateway

Debit Cards

• • • • A delivery vehicle of cash in an electronic form Mondex, VisaCash applied this approach Either anonymous or onymous CyberCash has commercialized a debit card named CyberCoin as a medium of micropayments on the Internet 17

Electronic Cash and Micropayments

• Smart Cards – The concept of e-cash is used in the non-Internet environment – Plastic cards with magnetic stripes (old technology) – Includes IC chips with programmable functions on them which makes cards “smart” – One e-cash card for one application – Recharge the card only at designated locations, such as bank office or a kiosk. Future: recharge at your PC – e.g. Mondex & VisaCash 18

Electronic Money

• DigiCash – The analogy of paper money or coins – Expensive, as each payment transaction must be reported to the bank and recorded – Conflict with the role of central bank’s bill issuance – Legally, DigiCash is not supposed to issue more than an electronic gift certificate even though it may be accepted by a wide number of member stores 19

Electronic Money

(cont.)

• Stored Value Cards – No issuance of money – Debit card — a delivering vehicle of cash in an electronic form – Either anonymous or onymous – Advantage of an anonymous card • the card may be given from one person to another – Also implemented on the Internet without employment of an IC card 20

Electronic Money

(cont.)

• • • Smart card-based e-cash – – Can be recharged at home through the Internet Can be used on the Internet as well as in a non Internet environment Ceiling of Stored Values – To prevent the abuse of stored values in money laundry – S$500 in Singapore; HK$3,000 in Hong Kong Multiple Currencies – Can be used for cross border payments 21

Teknologi Keamanan Pembayaran Elektronik

• • • • Authentication – Digital Signatures – Digital Certificates Secure Socket Layer (SSL) Secure Electronic Transaction (SET) Digital Wallet

Secure Negotiated Sessions Using SSL

Slide 5-23

Firewalls and Proxy Servers

Slide 5-24

attachment_id=114

Transcript attachment_id=114

Keamanan Internet dan Sistem Pembayaran Elektronik

Kuliah 6

A Typical E-commerce Transaction

Bentuk Ancaman Keamanan Internet

Tools Available to Achieve Site Security

Teknologi Keamanan Data

Digital Certificates and Public Key Infrastructure

Keamanan Internet

Electronic Data Interchange (EDI)

Document Flow without EDI

Document Flow with EDI

Sistem Pembayaran Elektronik

Electronic Fund Transfer (EFT) on the Internet

Debit Cards

Electronic Cash and Micropayments

Electronic Money

Electronic Money

Electronic Money

Teknologi Keamanan Pembayaran Elektronik

Secure Negotiated Sessions Using SSL

Firewalls and Proxy Servers

Directory