it-380 slide 1 electronic commerce and security anoop grover
TRANSCRIPT
IT-380Slide 1
Electronic Commerce Electronic Commerce and Security and Security
Anoop Grover
IT-380
Slide 2
Objectives
IntroductionShopping Cart Technology Online-AuctionsOther E-BusinessesSecurity XML and E-Commerce Data Mining, Bots, and Intelligent AgentsE-Commerce Core Technologies Future of E-Commerce Internet Marketing: Increasing Traffic E-Commerce Internet and WWW Resources
IT-380
Slide 3
Introductions
E-Commerce ?Business Models
- Amazon, Ebay, E-Trade, Priceline, Travelocity
Technologies
- databases, Internet security and web-based client / server computing
IT-380
Slide 4
Introductions
What do you need?
- online catalog of products
- take orders through their website
- accept payments in a secure environment
- send merchandise to consumers
- manage customer data (profiles)
IT-380
Slide 5
Introductions
E-Commerce is new - > e-commerce for decades
- Banking: EFT (Electronic Funds Transfer)
- Others: EDI (Electronic Data Interchange)
Business Forms -> Purchase Orders and
invoices are standardized -> share with
customers, vendors, and business partners
electronically
IT-380
Slide 6
Introductions
Problem
- Prior to WWW focus for large companies
solution: 7x 24 WW
- Insecure network
solution: ??
IT-380
Slide 7
Shopping-cart Technology
One of the most common models -> E-commerce
- Customers -> Order Processing -> store lists
Component:
- Product Catalog (db): hosted on merchant server
Success Story?
- Amazon
IT-380
Slide 8
Shopping-cart Technology
Amazon Case Study
- Opened doors in 1994
- Millions of products / millions of customers
- First few years -> mail order for books
- Now -> music, videos, DVDs, ecards,
consumer electronics, and toys
IT-380
Slide 9
Shopping-cart Technology
Online Catalog? - navigate quickly among millions of offerings
- How? Databases on server-side helps searches
on client side
Database used to store: product specifications, availability, shipping information, stock levels, on-order information, etc
Database used to search: titles, authors, prices, sales histories, publishers, reviews, etc
IT-380
Slide 10
Shopping-cart Technology
Personalizes site to service returning customers - DB keeps record of all transactions (items
purchased, shipping and credit card info)
- Greeted by name -> makes recommendations
How? Based on previous purchases / patterns
and trends of clientele
IT-380
Slide 11
Shopping-cart Technology
Process - Add product to “Shopping Cart” -> change quantity,
remove, check out, continue - Check out (first time) -> personal information form - Return: ‘1-click system’ - Order placed -> emailed / DB monitors order - Uses SS to protect information
Affiliate Program - 96 -> revenue stream -> Amazon Associate Prg
IT-380
Slide 12
Online Auctions:
EBAY Idea -> Search for candy dispensers? Which one?
Linda Omidyar innovator
Pierre made reality -> 95 founded Auction Web- 2 million + auctions, 250,000 new items
Business Week: “The bidding and close interaction between buyers and sellers promotes a sense of community – near addiction that keeps them coming back”
IT-380
Slide 13
Online Auctions:
EBAY Business Model? Submission fee + percentage of the sell
- - Final Fee - > Multi-tiered - - $ 1500 - - 5% first 25- - 2.5% difference between 25 – 1000- - 1.25% anything above 1000
How much do you pay for $1500?
Submission fee -> based on amount of exposure
- Featured Auction: specific product category -> 14.95
- Featured Items: EBAY homepage -> 99.95
- Bold Face: 2.00
IT-380
Slide 14
Online Auctions:
Technical Model? Database driven -> dynamically driven by personal infoExample:
- Seller enters product to be auctioned - Seller provides descriptions, key words, initial price, date
High availability: minimize downtimeContin
Process Model? Seller posts description of product / reg. Info
-> Specify min. opening bid -> no one accepts / no bids -> Reserve price: lowest price seller will accept (can accept higher than lowest bid) -> Bid made: negotiate shipping details, warranty, etc
IT-380
Slide 15
Online Trading:
Brokerage companies trading online Schwab, Merill, Waterhouse
Online trades -> 37% of all trades 99; 30% in 98
Business Impacts?
E*Trade – 82; founded for stock quotes TWO games -> $100,000 in ‘fake’ money -$ 1000 prize
IT-380
Slide 16
Other E-Biz
Dell -> founded 84; mail orderBusiness Model: sell-made to order
2/3 – B2B
Affiliates continued Ebates.com
IT-380
Slide 17
Other E-Biz
Recommend Sites: 1. http://www.allec.com
2. http://ecommerce.internet.com
3. http://www.cnet.com
4. http://builder.cnet.com/Business/Ecommerce20
5. http://www.freemerchant.com
6. http://store.yahoo.com (???? - > project?)
7. http://www.cybercash.com
8. http://www.clearcommerce.com
IT-380
Slide 18
Security
Fundamental Secure Transaction RequirementsPrivacy Issue: Transfer CC info is others tap?Integrity: Ensure info was not tapped / hackedAuthentication issue: company is repuatable? Non-repuatable issue: legally prove message was sent
Public Key CryptographyDigital SignaturesDigital CertificatesSSLSLT
IT-380
Slide 19
Public Key Cryptography
Info passed through the internet secure?
Private info (ie …..) must be secureSecure -> encrypt data
Cryptography - key make data incomprehensible to except intended users
- Unencrypted data: plaintext - Encrypted data: ciphertext
- Users with corresponding key: ciphertext - > plaintxt
IT-380
Slide 20
Public Key Cryptography
Symmetric Cryptography (secret key cryptography)
Historical means of maintaining secure env.
Same Key used: encrypt / decrypt message
Sender encrypts message -> sends message/key
ProblemsPrivacy and Integrity potentially compromised
Same key used by party; can’t authenticate user
Different keys for messages sent to users
IT-380
Slide 21
Public Key Cryptography
Public Key Cryptography Asymmetric -> two related keys; public & private
- Private Key: kept secret by owner
- Public Key: freely distributed used to encrypt
messages; only corresponding private key can
decrypt
- parties have both keys (private are unique)
IT-380
Slide 22
Digital Signature
Digital Sig = Written Sig (with public c)Goal: solve problem of authentication and integrity Authentication -> proof of sender’s identity Digital Sig: legal proof (much like written)Create? -> plaintext message > hash function -> mathematical calculation -> hash value (message digest)
For Example: ADD all 1s Private key encrypt message digest
1. Receiver uses private key to decrypt 2. Reveals message digest 3. Applies hash function to message
Problems?
IT-380
Slide 23
Digital Signature
Problem: anyone with set of keys could pose as senderCustomer X places order with online merchant How does customer know website is merchants? And not ChrisC.com?
Public Key Infrastructure: Adds digital certification to process of authenticationDigital certificate issued by certification authority (CA) -> signed using CA’s private key Includes: name of subject, subject’s public key, serial #, expiration date, the authorization of trusted certification, etcThird Party orgs -> VeriSign (www.verisign.com)
IT-380
Slide 24
Digital Signature
RSA Security -> leader in online security 82; 3 MIT professors (Rivest, Shamir, and Adleman)
IT-380
Slide 25
Related Sites
Public Key Cryptography 1. http://www.rsa.com/ie.html2. www.entrust.com3. http://www.cse.dnd/ca
Digital Signature 1. http://www.elock.com2. http://www.digsitrust.com
Digital Certifications 1. http://www.verisign.com2. http://www.certco.com
IT-380
Slide 26
Secure Socket Layer (SSL)
Developed by NetscapeOperates between TCP/IP and application
Transmission Control Protocol / Internet ProtocolMost transmissions large -> packets TCP routes packets to avoid traffic jams TCP makes all packets arrived -> puts in order If packets passes -> moves to Socket (translates so app can read)
SSL uses public key and digital to authenticate serverSSL protects information from one party to another SSL do not require client authentication
IT-380
Slide 27
Secure Socket Layer (SSL)
How does it work? Client sends message to the server Server responds, and sends digital authentication Client / Server negotiate session keys Session Keys: symmetric secret keys during transaction
Keys established -> communication proceeds SSL protects info transmitted over the web; DOES not protect private information – credit card #s on merchant’s server Merchant often receives decrypted credit card info,
stored on server
IT-380
Slide 28
Secure Electronic Transaction (SET)
Developed by Visa / Mastercard
Uses digital certifications to authenticate each party (merchant, customer, bank)
Merchants need -> SET software Digital wallet software (like real wallet) Stores credit / debit information
IT-380
Slide 29
Secure Electronic Transaction (SET)
How does it work? SET software sends order info & merchant’s digital cert. To wallet
Customer selects card
Credit card info is encrypted by using merchants bank public card key, and sent to merchant along with customer information
SET -> merchant never sees clients info
IT-380
Slide 30
Related Sites
1. http://www.rsa.com/ssl
2. http://developer.netscape.com
3. http://www.setco.org
4. http://www.globeset.com
IT-380
Slide 31
XML and E-Commerce
HTML -> markup language with fixed tagsElements of a doc: header, paragraphs, bold, etc
XML (Extensible Markup Language) Allows you to create customized tags unique to an app
Create industry or organization specific tags
MathML, ChemML,
IT-380
Slide 32
XML and E-Commerce
XML is growing; helping to shape business through web
Store data WW
Create tags for invoices, electronic fund transfers, Pos
Tags need to standarized -> tags can be built in browser or plug-ins
Custom XML -> create download for plug-in
IT-380
Slide 33
XML and E-Commerce
BenefitGives online merchant better means of tracking product information
- Standard tags – bots, and search engines are able to find product information faster
Improve EDI (Electronic data interchange)- - health care industries share patient information - - Dr access information faster -> make decision - fasters -> potentially increase health care - - Health Level Seven (HL7) -> increase information exchange
- names, addresses, insurance providers, etc
(http://www.HL7.org)
IT-380
Slide 34
Data Mining, Bots, and Intelligent Agents
Data mining: uses a series of searches to find specific patterns and relationships within data
Million$$
Bots: make queries more efficient (specific); eliminating multiple searches
Shopping bots -> find specific products available through online retailers
IT-380
Slide 35
Data Mining, Bots, and Intelligent Agents
Intelligent Agents: smart bots that learn customers overtime by recording preferences, actions, and buying patterns
Customer service better than p2p
http://www.datamining.com
http://www.software.ibm.com/data/db2
IT-380
Slide 36
Data Mining, Bots, and Intelligent Agents
Who’s using bots? http://www.priceline.com
- shopping bot that takes customer bids to PL partners
- How do they make money? Difference in bid bot and retail price
http://www.travelocity.com
- shopping bot
http://www.bottomdollar.com
- intelligent agent to search products you want at lowest price
IT-380
Slide 37
Future of E-Commerce
> 1 % sales through the web
Today: Kmart -> Tomorrow: Bluelight
AOL / TIMEWARNER? Streaming audio and video
Micropayments (millicents)
3.95 for movie? What about a video?
Microsoft –rent word for 10 minutes
IT-380
Slide 38
Internet Marketing
Traffic is measured by “hit”‘hit’ -> every file transfer from server to browser (ie 3 images on page = 4 hits)
Banner advertising: http://www.linkexchange.com
Adsmart, valueclick, doubclick offer banner hosting
<meta >
Affiliate programs
Promos, giveaways, etc