Securing Online Transactions Using Digital Certificates

1
Securing Online Transactions Using Digital
Certificates
2
Agenda

• Situation 1
• Securing Client Data Exchange Using SSL
  Certificates
• SSL Certificate
• Situation 2
• Securing Website Access User Confirmation on
  e-Transaction
• PKI Certificate
• Conclusion

3
Situation 1

• Securing Client
• Data Exchange
• Using SSL Certificates

4
Process

• User wants to reserve a ticket on the online
  portal
• User registers to the site
• Name
• Age
• company
• Username
• Password
• Credit card number, etc.
• User completes the process and pays online

5
Registration Process
Company
Age
Password
Name
Username
Amount
UserID
Account No.
Address
Marital Status
E-mail
User
Data Tunnel
Electronic Registration Form
6
Unsecured Site Hacking User Information
1. Listen to Information get access
2. Change Information change values and
path
3. Update changed values (to his own benefit)
7
Security?
Company
Age
Password
Name
Username
Amount
UserID
Account No.
Address
Marital Status
E-mail
User
Data Tunnel
Electronic Registration Form
8
SSL Certificate
9
Secured Site Hacker fails to Access User
Information
Try to access data, but data is encrypted No
Data Found
10
What is an SSL Certificate?

• SSL Secure socket layer (HTTPS)
• Standard security technology for creating
  encrypted link between web browser and server
• Installed per company URL site
• Secure, confidential and integral exchange of
  data to perform online transactions / commerce
  (confidentiality / integrity)
• Prevents anyone from monitoring the link from
  grabbing user id, password, credit card
  information personal information, etc.
• Key length 128/256 bit strong encryption
  security (the longer, the more complex to break)
• Improve online sales for customers

11
Benefits of VeriSign SSL
12
Existing SSL Certificate
13
Situation 2

• Securing Website Access
• User Confirmation
• on
• e-Transaction

14
Process

• User wants to reserve a ticket from the online
  portal
• User registers
• User enters reservation information
• User pays online

15
Login Using Username Password
User
Security risk of being hacked and manipulated
16
Login using Digital Certificate
User
Something you have (Card / Token)
Something you own (PIN)
Certificate
Most Level of Protection
Your Identify
17
??????? ??????? ??????
1- ?????? ??????? ?????? ????? ??????
??????? 2-????? ??? ????? ????? ???????? ????? ??
??? ???? ??? ?? ?????? 3-???? ??????? ??????
???????? ? ??????? ???????? ?? ??????? ????????
?????????..
????? ??????? ??????????
????? ???? ???
????? ???? ??? ???
18
Difference between Manual Digital Signature
19
PKI / Benefits

• PKI Public Key Infrastructure
• securely and privately exchange data through
  unsecured networks (e.g. Internet, etc.)
• Usage of digital certificate (private / public
  key)
• Assurance that message truly comes from claimed
  sender
• Protection against change of message content and
  modification
• Timesaving solutions to handle documents and
  contracts electronically rather than signed
  physically
• Reduction of paper work and physical paper
  storage through sending documents electronically
• Encryption and signing of e-mails, forms,
  documents, etc.

20
Benefits of VeriSign Digital Certificates
21
PKI Applications
21
22
Example of a Digital Certificate
23
Conclusion

• SSL Certificate for protecting data exchanged
  between client and server
• PKI certificate for
• Authentication
• Privacy
• Encryption
• Integrity
• Non-repudiation
• PKI Interface

24
How To Reach Us

• Head Office
• 177 Al Orouba St., Heliopolis,
• Cairo, Egypt
• Tel 20(2)22668856
• Fax 20(2)22668856
• E-mail info_at_egypttrust.com
• Website http//www.egypttrust.com

25
Thank You