Answers question based on - Case Study Example

Case Study Case Study Introduction TradeCard facilitates electronic commercial transaction from one business to another. This entity provides a mechanism where one party can make cross-border payments through the internet. TradeCard provides more secure, easier, and cheaper payment alternatives for international trade. 1 Main elements of security protocol of trade card systemAuthenticationUser authentication is primarily handled through a combination of a username, password, and a smart card system.

A Global secure site certificate ensures that user utilizes only the valid TradeCard system in the TradeCard website. Authentication of electronic data in TradeCard is done using digital signatures that accurately verifies whether a certain user has an existing electronic document (Farhoomand & McCauley, 2008, p. 6). ConfidentialityTradeCard is very strict never to disclose private information, confidential transaction data, or business details to external parties without permission from the users.

Members’ personal identifiable information and confidential transaction data are only shared with other participating business partners and with TradeCard’s coalition partners. TradeCard uses a Global secure site that ensures the client browsers are highly confidential. The server certificates in this site have a strong (a 128-bit) encryption on all transactions between a client’s browser and TradeCard system servers (Farhoomand & McCauley, 2008, p. 7).Integrity Data integrity in any transaction is very important to people involved.

That is the reason TradeCard system provides a high-level of assurance that unauthorized person cannot alter any data in a transaction. Digital signatures protect integrity of user’s documents in the system. The Global site system can prove the integrity of a document in future by passing the document information and public key into a digital signature verification algorithm. In case of any type of data manipulation, the verification process will be unsuccessful (Farhoomand & McCauley, 2008, p. 11). 2 Levels of security built into the system architecture at TradeCardIn its effort to provide secure means of conducting global transactions, beside from the strict application procedures and verifications followed via Thomas Cook and Coface, TradeCard has created a complex security system.

The architecture of the system has three built levels of security; these are, 2-factor user authentication, server authentication, and digital signaturesServer authentication (128-bit Digital Server ID)The Global Secure Site Certificate secures TradeCard system, where by the Secure site ID ensures the user’s browser is encrypted with the communications encryption of 128 bit for US web browser and 40 bit for an exportable Web browser. Each server is protected by a user ID password to enter to the machine, double layers ensures only verified transactions enters under set protocols.

Direct access to the database is forbidden and all information passes via the application server for extra security (Farhoomand & McCauley, 2008, p. 20). 2-Factor User Authentication: Consists of,an authorized login or ID and password andan authentication code A smart card technology consisting of a wireless reader is used to match a test code before accessing the system during user authentication. When a user login into the business site, the system uses short text file found temporarily on a member’s browser to preserve user session records.

These cookies are immediately destroyed after a log out and cannot be used as a means to access any information about the user or his computer.Digital signaturesDigital signatures are necessary for one to login the TradeCard system. These Signatures validate electronic data and verify that a particular user has a valid electronic document. A false digital signature blocks any transaction and further effort to go ahead with the transaction is aborted (Farhoomand & McCauley, 2008). 3 How the TradeCard ensured physical security of its infrastructureTwo-factor authentication is used to ensure physical security of TradeCard’s system infrastructure.

Users can only change their passwords upon initial login and once in a while afterward. Strong passwords are highly recommended ensuring a minimal length that consists of digits, both common and special characters. Member’s login is protected by the 128-bit encryption in the Secure Socket Layer part found between the server and the browser. Protection of the user ID and password however is not guaranteed as someone can obtain them by looking if the user is not careful (Farhoomand & McCauley, 2008, p. 30).TradeCard gives additional security to all verified members through the TradeCard e-identity protection system, which provides a one-time access code.

This information cannot be accessed by TradeCard‘s employees and only the user knows the login details. User’s database contains only puzzling values hence it is difficult for a third party to interpret. The user has an inactive time-out that requires re-entry of ID and password to re-authenticate identity during login session (Farhoomand & McCauley, 2008, p. 32). ReferenceFarhoomand, A. & McCauley, M., 2008. TRADECARD: BUILDING A GLOBAL TRADING. Communications of AIS, 7(18), pp. 1-34.