semper: a security framework for the global electronic marketplca jian zheng [email protected]...
TRANSCRIPT
![Page 1: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/1.jpg)
SEMPER: A Security Framework for the Global
Electronic Marketplca Jian Zheng
Nov. 30, 1998
![Page 2: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/2.jpg)
Context
• Introduction
• The Security Marketplace
• Model of Electronic Commerce
• SEMPER Architecture
• The Field Trial
• Reference
![Page 3: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/3.jpg)
Context
• IntroductionIntroduction
![Page 4: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/4.jpg)
Introduction• The Emerging Electronic Commerce
– by 2000, over 25B will conducted via Internet
• Such an electronic marketplace requires security and establishing sufficient trust
• Current Achievements:– payment, cryptography, intellectual property rights
protection
– however, they did not integrate the different solution in a consistent way
![Page 5: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/5.jpg)
Introduction(cont’d)
• SEMPER(Security Electronic Marketplace for Europe) – proposes an open security framework that
should provide an integrated, complete and global electronic marketplace
– backed by the European Commission – technically led by IBM Zurich Research Lab
![Page 6: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/6.jpg)
Context
• The Security MarketplaceThe Security Marketplace
![Page 7: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/7.jpg)
The Security Marketplace
• Requirements– The traditional business “terms” and
“requirements” should be appropriately translated into electronic terms
– trust should be restored on such an insecure media (Internet)
– the recovery of transaction and the resolution of dispute must be guaranteed
![Page 8: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/8.jpg)
The Security Marketplace(cont’d)• Fundamental Issues
– the systems must address the complete set of issues raised by E-commerce
– users must be able to trust their system– these systems should be fully interoperable– E-commerce needs to be backed by a legal framework
which is transparent and predictable for users– there is a network for registration, certification and key
distribution
![Page 9: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/9.jpg)
The Security Marketplace(cont’d)
• Current Status– three waves on the Internet business
• web sites for promoting and marketing
• digital libraries and online catalogs
• possible to authenticate, user can browse, place the order and pay for them; secure payment with credit card based on SSL and SET
– however, no generally accepted model and architecture for building E-commerce
![Page 10: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/10.jpg)
The Security Marketplace(cont’d)
• SEMPER Objectives– addresses the complete problem of E-commerce
over insecure networks– based on a business model consisting of
“tranfers” and “fair exchanges”– goal: develop an open and comprehensive
security framework for building the secure marketplace
![Page 11: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/11.jpg)
Context
• Model of Electronic CommerceModel of Electronic Commerce
![Page 12: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/12.jpg)
Model for E-commerce
• Model– two-party E-commerce: describes business
scenarios in terms of sequences of “transfers” and “exchanges” of data with decisions based on the success of these actions
– similar to the dialogues of interactive EDI
![Page 13: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/13.jpg)
Model for E-commerce(cont’d)
![Page 14: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/14.jpg)
Model for E-commerce(cont’d)
• Basic Concepts– “transfer”: One party sends a package of
business items to one or more business parties. The sending party specifies the security requirements.
– “exchange”: A simultaneous exchange of packages of business items among two parties.
![Page 15: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/15.jpg)
Model for E-commerce(cont’d)
• Basic Concepts(cont’d)– “business items”:
• credentials
• statements
• money
![Page 16: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/16.jpg)
Model for E-commerce(cont’d)
Transfer/Exchange
Money Credential Information
Nothing(i.e., transfer)
Payment Certificatetransfer
Informationtransfer
Money Air moneyexchange
Fair paymentwith receipt
Fair purchase
Credential Same as … Fair contractsigning
Fairconditionalaccess
Information … in upper… …right half Fairinformationexchange
![Page 17: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/17.jpg)
Context
• SEMPER ArchitectureSEMPER Architecture
![Page 18: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/18.jpg)
SEMPER Architecture
• Structured in layers
• the highest layer deals with commercial issues only
• the lowest layer deals with low-level security primitives and other supporting services
![Page 19: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/19.jpg)
SEMPER Architecture(cont’d)
![Page 20: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/20.jpg)
SEMPER Architecture(cont’d)
![Page 21: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/21.jpg)
SEMPER Architecture(cont’d)
• Commerce Service– directly implements protocols of business
scenarios– implements the flow of control– includes some more general use services– can also securely download new services
![Page 22: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/22.jpg)
SEMPER Architecture(cont’d)
• Exchange Service– handle and package business items– transfer and fair exchange of packages– each type of items is managed by a separate
manager which provides the unified services based on integrating existing implementations
• payment manager
![Page 23: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/23.jpg)
SEMPER Architecture(cont’d)
![Page 24: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/24.jpg)
SEMPER Architecture(cont’d)
• Supporting Service– provides user preference management,
persistent object storage, communication, crypto services, access control, etc.
![Page 25: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/25.jpg)
SEMPER Architecture(cont’d)
• Multi-party security– buyers, service
providers, banks, CA authorities, notary public
• Trust hierarchy– browser/server
– Signed business application
– Commerce layer
– System kernel
![Page 26: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/26.jpg)
SEMPER Offers Security Services for Today and Tomorrow
• Basic Services– Authentication
– Signed offer
– Signed order
– Payment
– Signed delivery
• Advanced Services– Fair exchange– Security document
handling• certified mail• contract signing• credentials
– New payment instructments
– Anonymity– Resolution of dispute
![Page 27: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/27.jpg)
Context
• the Field Trialthe Field Trial
![Page 28: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/28.jpg)
The Field Trial
• EUROCOM– offer multimedia courseware in the area of
telecommunications– implements online purchases of multimedia
courses
![Page 29: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/29.jpg)
The Field Trial(cont’d)
• FOGRA– distribute information to their members on a
subscription basis and sell consultancy to non-members
– use SEMPER for online purchase and processing of subscription s well as sales of consultancy
![Page 30: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/30.jpg)
The Field Trial(cont’d)
• OTTO VERSAND– one of the largest mail-order retailer world wide– online order of goods– online order of tickets and other credentials
![Page 31: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/31.jpg)
Context
• ReferenceReference
![Page 32: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/32.jpg)
Reference
• SEMPER Home Page– http://www.semper.org
• SEMPER public reports– http://www.semper.org/info
• Security Research Droup at IBM Zurich Research Lab– http://www.zurich.ibm.com/Technology/
Security/
![Page 33: SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998](https://reader036.vdocuments.us/reader036/viewer/2022062515/56649d045503460f949d7bc9/html5/thumbnails/33.jpg)
Reference(cont’d)• Field Trials
– Actimedia (F) - satellite pictures on ATM networ• http://www.ippolis.fr/mediatronics/ActimedF.html
– Acri (F) - CD-ROMs on the Internet• http://www.acri.fr/
– Gecap / Bowne (F) - software localisation• http://www.gecap.de/
– Viajes Eroski / Enyca (E) - travel• http://grupoeroski.mcc.es/home_ing.html