Abstract: On existing online shopping on the web, SSL and
password are usually used to achieve the secure trades. SSL shields
communication from the third party who is not related with the trade,
and indicates that the trader's web site is authenticated by one of the
certification authority. Password certifies a customer as the same
person who has visited the trader's web site before, and protects the
customer's privacy such as what the customer has bought on the site.
However, there is no forensics for the trades in those cased above.
With existing methods, no one can prove what is ordered by
customers, how many products are ordered and even whether
customers have ordered or not. The reason is that the third party has to
guess what were traded with logs that are held by traders and by
customers. The logs can easily be created, deleted and forged since
they are electronically stored. To enhance security with digital
forensics for electronic commerce on the web, I indicate a secure
method with cellular phones.
Abstract: Nowadays, computer worms, viruses and Trojan horse
become popular, and they are collectively called malware. Those
malware just spoiled computers by deleting or rewriting important
files a decade ago. However, recent malware seems to be born to earn
money. Some of malware work for collecting personal information so
that malicious people can find secret information such as password for
online banking, evidence for a scandal or contact address which relates
with the target. Moreover, relation between money and malware
becomes more complex. Many kinds of malware bear bots to get
springboards. Meanwhile, for ordinary internet users,
countermeasures against malware come up against a blank wall.
Pattern matching becomes too much waste of computer resources,
since matching tools have to deal with a lot of patterns derived from
subspecies. Virus making tools can automatically bear subspecies of
malware. Moreover, metamorphic and polymorphic malware are no
longer special. Recently there appears malware checking sites that
check contents in place of users' PC. However, there appears a new
type of malicious sites that avoids check by malware checking sites. In
this paper, existing protocols and methods related with the web are
reconsidered in terms of protection from current attacks, and new
protocol and method are indicated for the purpose of security of the
web.