Transcript E-Commerce Security

E-Commerce
Introduction to Internet
• A network of networks that connects
computers across the world.
• It is growing rapidly:
– Host computers
– Users
– Information
• It is a network that follows the TCP/IP
protocol (packet switch network).
Internet protocol
– Transmission Control Protocol – handles
communications between applications.
• A message is divided into pieces called packets.
• Packets are numbered and may be transmitted by different
routes.
– Internet Protocol – handles communications between
network addresses.
• A computer on the internet is assigned an unique address, IP
address, which consists of 4 numbers (each number is less
than 256) separated by period. Exanple, 158.104.1.10
Domain Name System
• Domain:
– .com, .net, .org, ..edu, .int, .gov
– .info, .biz, .name, .etc.
• Domain names are the familiar, easy-toremember names for computers on the Internet.
– Yahoo.com
• Each domain name correlates to assigned IP
address:
– Yahoo.com – 66.218.71.102
Organizations that Regulate
Internet
• ICANN (Internet Corporation for Assigned
Names and Numbers):have
responsibilities in Internet Protocol
addresses and domain names.
• Domain name registry
Examples of Internet Services
• World Wide Web:
– A system of interlinked, hypertext documents
that runs over the Internet.
– Web publishing and browsing
• Email
• FTP - File Transfer
• Telnet
Intranet
• It is a corporate network that functions with
Internet technologies, such as browsers,
using Internet protocols.
• Major applications:
– Corporate/department/individual web pages
– Database access
– Interactive communication
– Document distribution
Extranet
• It is a network that links the intranets of business
partners over the Internet by Virtual Private
Network.
• Virtual Private Network:
– A secure network that uses the Internet as its main
backbone network to connect the intranets of a
company’s different locations, or establish extranet
links between business partners.
• Improved communications between business
partners
E-Commerce
• Buying and selling, and marketing and
servicing of products and services, and
information via computer networks.
Broad Band & Economy
• According to the study released by Connected
Nation, A 7 percent increase in broadband
adoption would:
– create 2.4 million jobs across the U.S;
– save $6.4 billion in vehicle mileage
– U.S. residents would save 3.8 billion hours a year by
conducting transactions online, at a cost-savings of
$35.2 billion, according to the study.
– http://www.nga.org/Files/pdf/0812BROADBANDCONNECTED.PDF
• U.S. is behind other nations
– http://arstechnica.com/tech-policy/news/2009/06/us-20th-inbroadband-penetration-trails-s-korea-estonia.ars
Retail E-Commerce forecast
• U.S.A:http://www.emarketer.com/Reports/All/Emarketer_2000565.
aspx
• Asia:http://www.marketresearch.com/product/display.asp?pro
ductid=2657315
• Gas Price Impact:
http://www.thestreet.com/story/11105900/1/higher-gas-prices-pressure-onconsumers-is-building.html?puc=tsczacks&cm_ven=tsczacks
• Impact of population density:
– Hong Kong: http://blogs.wsj.com/hong-kong/2011/05/05/hongkong-internet-economy-lags-behind-south-korea-japan/
• Impact of E-Commerce Security:
– http://www.abs-cbnnews.com/business/05/03/11/54-asianconsumers-still-wary-online-shopping
E-Commerce Models
• B2C: Storefront model
– E-tailing (electronic retailing)
– Shopping cart, on-line shopping mall
• B2B:
– Electronic Data Interchange (EDI)
– Electronic Exchange: An electronic forum where manufacturers,
suppliers, and competitors buy and sell goods.
• Example: Global Sources and WorldWide Retail Exchange (WWRE)
• http://wwre.globalsources.com/
• C2C:
– Auction model: e-Bay
• Etc.
Channel Conflict
• For example, a manufacturing company may
have a large, established dealer network. The
channel conflict exists, when the companies tries
to open another channel, such as an online store
where customers can purchase goods directly
from the company. This may alienate existing
dealers, since they may feel that they are
bypassed.
• Web presence without online store
– Obagi Skin Care
• http://obagiskincare.net/index.php?n=1&id=1
– Anthon Berg Chocolate
• http://toms.dk/default.aspx?AreaID=25
E-Payment Methods
• Online credit card transaction:
– Card-not-present transaction
• PayPal: https://www.paypal.com/
• Google Checkout:
– https://checkout.google.com/support/?hl=en_US
M-Business
• E-Business enabled by wireless
communication.
– Cell phone, PDA
Location Based Services
• Location-Identification Technologies:
– Geocode: Longitude, latitude
• Global Positioning System (GPS)
• Cell phone
– Angle of Arrival (AOA)
E-Learning
• Electronic learning or eLearning is a general
term used to refer to computer-enhanced
learning.
• Many higher education, for-profit institutions,
now offer on-line classes.
• The Sloan report, based on a poll of academic
leaders, says that students generally appear to
be at least as satisfied with their on-line classes
as they are with traditional ones.
• Example: GIS online course
– http://www.ruraltech.org/video/2005/acrview/index.as
p
e-Government
• It refers to government’s use of
information technology to exchange
information and services with citizens,
businesses, and other arms of
government.
Increase Traffic to Website
• Search engine optimization:
– http://en.wikipedia.org/wiki/Search_engine_optimization
• Tips:
– http://www.2createawebsite.com/ebook/TrafficBuildingTips.pdf
• Grow your business with Google
– Google AdWords
• Yahoo!'s Open Search Platform
– http://tools.search.yahoo.com/newsearch/open.html
Internet Security
• Authenticity: Is the sender/receiver of a
message who they claim to be?
• Privacy: Are the contents of a message
secret and only known to the sender and
receiver?
• Integrity: Have the contents of a message
been modified during transmission?
• Nonrepudiation: Can the sender of a
message deny that they actually sent the
message?
Encryption (Cryptography)
• Plain text: the original message in humanreadable form.
• Ciphertext:the encrypted message
• Encryption algorithm: the mathematical
formula used to encrypt the plain text.
• Key: the secret key used to encrypt and
decrypt a message.
Certificate
• A certificate is a digital document issued
by a trusted third-party certificate authority
(CA).
• A certificate contains records such as a
serial number, user’s name, owner’s public
key, name of CA, etc.
• Example of CA: VeriSign, U.S. Postal
Service.
Online Transaction Security Protocol
• Secure Sockets Layer (SSL)
– Developed by Netscape
– SSL implements public key technology using
the RSA algorithm and digital certificate to
authenticate the server in a transaction and
protect private information.
Tech heavyweights join OpenID
Foundation board
• IBM, Google, Microsoft, Yahoo and VeriSign
have joined the board of the OpenID
Foundation, which puts consumers a little closer
to being able to use a single sign-on when they
surf the Web.
• It is simpler: People no longer have to remember
multiple passwords or re-enter their personal
information every time they visit a new site.
• It is also more secure because it protects
against certain types of online attacks.
• http://openid.net/
Cookies
• Designed to hold information about a user.
– Personalized web page
• Created by a web site and saved on the
visitor’s machine.
• It contains:
– Web site that sets the cookie.
– One or more pieces of data.
– Expiration date for this cookie.
• Cookies directory:
• Browser sends cookie with the URL when you
visit the site that issued the cookie.