1 / 38

Electronic Commerce and Security

Electronic Commerce and Security. Anoop Grover. Objectives. Introduction Shopping Cart Technology Online-Auctions Other E-Businesses Security XML and E-Commerce Data Mining, Bots, and Intelligent Agents E-Commerce Core Technologies Future of E-Commerce

july
Télécharger la présentation

Electronic Commerce and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Electronic Commerce and Security Anoop Grover IT-380

  2. Objectives • Introduction • Shopping Cart Technology • Online-Auctions • Other E-Businesses • Security • XML and E-Commerce • Data Mining, Bots, and Intelligent Agents • E-Commerce Core Technologies • Future of E-Commerce • Internet Marketing: Increasing Traffic • E-Commerce Internet and WWW Resources IT-380

  3. Introductions • E-Commerce ? • Business Models - Amazon, Ebay, E-Trade, Priceline, Travelocity • Technologies - databases, Internet security and web-based client / server computing IT-380

  4. Introductions • What do you need? - online catalog of products - take orders through their website - accept payments in a secure environment - send merchandise to consumers - manage customer data (profiles) IT-380

  5. Introductions • E-Commerce is new - > e-commerce for decades - Banking: EFT (Electronic Funds Transfer) - Others: EDI (Electronic Data Interchange) Business Forms -> Purchase Orders and invoices are standardized -> share with customers, vendors, and business partners electronically IT-380

  6. Introductions • Problem - Prior to WWW focus for large companies solution: 7x 24 WW - Insecure network solution: ?? IT-380

  7. Shopping-cart Technology • One of the most common models -> E-commerce - Customers -> Order Processing -> store lists • Component: - Product Catalog (db): hosted on merchant server • Success Story? - Amazon IT-380

  8. Shopping-cart Technology • Amazon Case Study - Opened doors in 1994 - Millions of products / millions of customers - First few years -> mail order for books - Now -> music, videos, DVDs, ecards, consumer electronics, and toys IT-380

  9. Shopping-cart Technology • Online Catalog? - navigate quickly among millions of offerings - How? Databases on server-side helps searches on client side • Database used to store: product specifications, availability, shipping information, stock levels, on-order information, etc • Database used to search: titles, authors, prices, sales histories, publishers, reviews, etc IT-380

  10. Shopping-cart Technology • Personalizes site to service returning customers - DB keeps record of all transactions (items purchased, shipping and credit card info) - Greeted by name -> makes recommendations How? Based on previous purchases / patterns and trends of clientele IT-380

  11. Shopping-cart Technology • Process • - Add product to “Shopping Cart” -> change quantity, • remove, check out, continue • - Check out (first time) -> personal information form • - Return: ‘1-click system’ • - Order placed -> emailed / DB monitors order • - Uses SS to protect information • Affiliate Program - 96 -> revenue stream -> Amazon Associate Prg IT-380

  12. Online Auctions: • EBAY • Idea -> Search for candy dispensers? Which one? • Linda Omidyar innovator • Pierre made reality -> 95 founded Auction Web • 2 million + auctions, 250,000 new items • Business Week: “The bidding and close interaction between buyers and sellers promotes a sense of community – near addiction that keeps them coming back” IT-380

  13. Online Auctions: • EBAY Business Model? • Submission fee + percentage of the sell • - Final Fee - > Multi-tiered • - $ 1500 • - 5% first 25 • - 2.5% difference between 25 – 1000 • - 1.25% anything above 1000 • How much do you pay for $1500? • Submission fee -> based on amount of exposure - Featured Auction: specific product category -> 14.95 - Featured Items: EBAY homepage -> 99.95 - Bold Face: 2.00 IT-380

  14. Online Auctions: • Technical Model? • Database driven -> dynamically driven by personal info • Example: • - Seller enters product to be auctioned • - Seller provides descriptions, key words, initial price, date • High availability: minimize downtime • Contin • Process Model? • Seller posts description of product / reg. Info -> Specify min. opening bid -> no one accepts / no bids -> Reserve price: lowest price seller will accept (can accept higher than lowest bid) -> Bid made: negotiate shipping details, warranty, etc IT-380

  15. Online Trading: • Brokerage companies trading online • Schwab, Merill, Waterhouse • Online trades -> 37% of all trades 99; 30% in 98 • Business Impacts? • E*Trade – 82; founded for stock quotes • TWO games -> $100,000 in ‘fake’ money • -$ 1000 prize IT-380

  16. Other E-Biz • Dell -> founded 84; mail order • Business Model: sell-made to order • 2/3 – B2B • Affiliates continued • Ebates.com IT-380

  17. Other E-Biz • Recommend Sites: 1. http://www.allec.com 2. http://ecommerce.internet.com 3. http://www.cnet.com 4. http://builder.cnet.com/Business/Ecommerce20 5. http://www.freemerchant.com 6. http://store.yahoo.com (???? - > project?) 7. http://www.cybercash.com 8. http://www.clearcommerce.com IT-380

  18. Security • Fundamental Secure Transaction Requirements • Privacy Issue: Transfer CC info is others tap? • Integrity: Ensure info was not tapped / hacked • Authentication issue: company is repuatable? • Non-repuatable issue: legally prove message was sent • Public Key Cryptography • Digital Signatures • Digital Certificates • SSL • SLT IT-380

  19. Public Key Cryptography • Info passed through the internet secure? • Private info (ie …..) must be secure • Secure -> encrypt data • Cryptography • - key make data incomprehensible to except intended • users  • - Unencrypted data: plaintext • - Encrypted data: ciphertext • - Users with corresponding key: ciphertext - > plaintxt IT-380

  20. Public Key Cryptography • Symmetric Cryptography (secret key cryptography) • Historical means of maintaining secure env. • Same Key used: encrypt / decrypt message • Sender encrypts message -> sends message/key • Problems • Privacy and Integrity potentially compromised • Same key used by party; can’t authenticate user • Different keys for messages sent to users IT-380

  21. Public Key Cryptography • Public Key Cryptography • Asymmetric -> two related keys; public & private - Private Key: kept secret by owner - Public Key: freely distributed used to encrypt messages; only corresponding private key can decrypt - parties have both keys (private are unique) IT-380

  22. Digital Signature • Digital Sig = Written Sig (with public c) • Goal: solve problem of authentication and integrity • Authentication -> proof of sender’s identity • Digital Sig: legal proof (much like written) • Create? -> plaintext message > hash function -> mathematical calculation -> hash value (message digest) For Example: ADD all 1s • Private key encrypt message digest 1. Receiver uses private key to decrypt 2. Reveals message digest 3. Applies hash function to message • Problems? IT-380

  23. Digital Signature • Problem: anyone with set of keys could pose as sender • Customer X places order with online merchant • How does customer know website is merchants? And not ChrisC.com? • Public Key Infrastructure: • Adds digital certification to process of authentication • Digital certificate issued by certification authority (CA) -> signed using CA’s private key • Includes: name of subject, subject’s public key, serial #, expiration date, the authorization of trusted certification, etc • Third Party orgs -> VeriSign (www.verisign.com) IT-380

  24. Digital Signature • RSA Security -> leader in online security • 82; 3 MIT professors (Rivest, Shamir, and Adleman) IT-380

  25. Related Sites Public Key Cryptography • http://www.rsa.com/ie.html • www.entrust.com • http://www.cse.dnd/ca Digital Signature • http://www.elock.com • http://www.digsitrust.com Digital Certifications • http://www.verisign.com • http://www.certco.com IT-380

  26. Secure Socket Layer (SSL) • Developed by Netscape • Operates between TCP/IP and application • Transmission Control Protocol / Internet Protocol • Most transmissions large -> packets • TCP routes packets to avoid traffic jams • TCP makes all packets arrived -> puts in order • If packets passes -> moves to Socket (translates so app can read) • SSL uses public key and digital to authenticate server • SSL protects information from one party to another • SSL do not require client authentication IT-380

  27. Secure Socket Layer (SSL) • How does it work? • Client sends message to the server • Server responds, and sends digital authentication • Client / Server negotiate session keys • Session Keys: symmetric secret keys during transaction • Keys established -> communication proceeds • SSL protects info transmitted over the web; DOES not protect private information – credit card #s on merchant’s server • Merchant often receives decrypted credit card info, stored on server IT-380

  28. Secure Electronic Transaction (SET) • Developed by Visa / Mastercard • Uses digital certifications to authenticate each party (merchant, customer, bank) • Merchants need -> SET software • Digital wallet software (like real wallet) • Stores credit / debit information IT-380

  29. Secure Electronic Transaction (SET) • How does it work? • SET software sends order info & merchant’s digital cert. To wallet • Customer selects card • Credit card info is encrypted by using merchants bank public card key, and sent to merchant along with customer information • SET -> merchant never sees clients info IT-380

  30. Related Sites • http://www.rsa.com/ssl • http://developer.netscape.com • http://www.setco.org • http://www.globeset.com IT-380

  31. XML and E-Commerce • HTML -> markup language with fixed tags • Elements of a doc: header, paragraphs, bold, etc • XML (Extensible Markup Language) • Allows you to create customized tags unique to an app • Create industry or organization specific tags MathML, ChemML, IT-380

  32. XML and E-Commerce • XML is growing; helping to shape business through web • Store data WW • Create tags for invoices, electronic fund transfers, Pos • Tags need to standarized -> tags can be built in browser or plug-ins • Custom XML -> create download for plug-in IT-380

  33. XML and E-Commerce • Benefit • Gives online merchant better means of tracking product information • Standard tags – bots, and search engines are able to find product information faster • Improve EDI (Electronic data interchange) • - health care industries share patient information • - Dr access information faster -> make decision • fasters -> potentially increase health care • - Health Level Seven (HL7) -> increase information exchange • names, addresses, insurance providers, etc (http://www.HL7.org) IT-380

  34. Data Mining, Bots, and Intelligent Agents • Data mining: uses a series of searches to find specific patterns and relationships within data • Million$$ • Bots: make queries more efficient (specific); eliminating multiple searches • Shopping bots -> find specific products available through online retailers IT-380

  35. Data Mining, Bots, and Intelligent Agents • Intelligent Agents: smart bots that learn customers overtime by recording preferences, actions, and buying patterns • Customer service better than p2p • http://www.datamining.com • http://www.software.ibm.com/data/db2 IT-380

  36. Data Mining, Bots, and Intelligent Agents • Who’s using bots? • http://www.priceline.com - shopping bot that takes customer bids to PL partners - How do they make money? Difference in bid bot and retail price • http://www.travelocity.com - shopping bot • http://www.bottomdollar.com - intelligent agent to search products you want at lowest price IT-380

  37. Future of E-Commerce • > 1 % sales through the web • Today: Kmart -> Tomorrow: Bluelight • AOL / TIMEWARNER? • Streaming audio and video • Micropayments (millicents) • 3.95 for movie? What about a video? • Microsoft –rent word for 10 minutes IT-380

  38. Internet Marketing • Traffic is measured by “hit” • ‘hit’ -> every file transfer from server to browser (ie 3 images on page = 4 hits) • Banner advertising: http://www.linkexchange.com • Adsmart, valueclick, doubclick offer banner hosting • <meta > • Affiliate programs • Promos, giveaways, etc IT-380

More Related