Chapter 3.5 Online Services and Security and privacy data Flashcards
What is protecting confidentiality of data?
This means that data should only be seen by people who are authorized to see it.
What is the main technique used into ICT to ensure the confidentiality of data in online systems?
Encryption
What is encryption?
1 This is a process by which ordinary data is converted into a secret code. This is done so that anyone unauthorised to see the data doesn’t.
2 However, they do have the ability to delete the information that they intercept.
3 On the receiving of the encrypted data, it is decrypted using a secret key.
What are the different types of encryption keys?
1 Public encryption key
2 Private encryption key
What is Public encryption key?
People have a public encryption key they can tell everyone about. And they have a private encryption key, which only they know about.
If you know a persons public encryption key; you can encrypt a message and send it to them. But ONLY that individual can decrypt the message using their private key.
What is Public Key System?
This is used to encrypt data that is transmitted using the Internet for payment purposes
What methods does online banking use to keep information safe?
1 Online banking uses secure sites and all the data transferred using the Internet including your password, is encrypted
2 Use Transaction numbers (TANs): these are passwords that can only be used once. This could be sent to you via a text message from the bank. They are only valid for a few minutes thus reducing the time for a hacker to intercept and use it.
3 Ask the user to type in only part of the password. Every time the user logs in they are asked for the part of the password in a different combination (i.e. 2nd character, 3rd character, and 6th character)
4 Providing the customer with a handheld chip and PIN device. This device generates single-use passwords. Several things are required by the user to access their account, it includes the following:
1 debit card
2 PIN number
3 Online security number
4 Chip and PIN itself
Online Shopping How do you know if data is being transmitted in a secure way?
1 The ‘https’ prefix in the URL compared to the normal ‘http’
2 The secure socket layer (SSL)- the pad-lock sign at the bottom of the screen.
What to remember when online shopping?
1 The customer MUST check the contact details of the company to ensure reliability.
2 The store MUST have a privacy policy and the customer MUST read this. If the store does not have one, or the customer is unsure about some parts of it, they shouldn’t trust the online store.
3 The customer must know exactly what they are buying. “Both description and what to do in the event that they are not satisfied should be clear.”
4 A customer must always print out the details from the transaction they make in case of future disputes.
What does Data Protection Legislation do?
It keeps data private as well as confidential.
For example:
The UK Data Protection Act states
-Personal data shall be processed fairly and lawfully.
-Personal data shall be obtained only for a lawful purpose.
-Personal data shall be accurate and will be kept up-to-date.
-Appropriate measures will be taken against unauthorised processing of personal data
what is Duty of Confidence?
1 They must not tell anyone or use the information for any reason except with the permission of the person who it told them.
2 Confidential data includes business secrets or personal information.
3 This could be between an employee and employer.
4 The employee is asked to sign a confidentiality agreement.
What is Duty of Fidelity?
1 This is when an employee must remain loyal to their employer.
2 They must not tell any of the rival companies about their work.
3 However, once an employee leaves a company they have the free liberty of using their skills and knowledge that they acquired from the company.
What is Responsibility for passing on information?
1 When a company passes on information about any individual they must ensure that the least amount of information that could identify the individual is used.
2 Things like online banking or online shopping require you to give them your personal information. It MUST be ensured that information is not passed from organisation to organisation without authorisation from the individual.
What is Anonymised Information?
1 This is when information about an individual is passed on without the mention of their name.
2 Companies should always omit any personal details wherever possible.
What is Aggregated Information?
It is a summary of personal information without naming the person.
For example:
All the people who are above the age of 60 and have diabetes.
