2. 2
Course Outline
Overview of e-commerce
The Internet and the WWW
E-commerce software building blocks and tools
Scalability, high-performance servers, web
caching
Basic cryptography
Security, watermarking, firewalls
Payment systems
Current and future directions
3. 3
Electronic Commerce (E-Commerce)
Commerce refers to all the activities the
purchase and sales of goods or services.
Marketing, sales, payment, fulfillment,
customer service
Electronic commerce is doing commerce
with the use of computers, networks and
commerce-enabled software (more than
just online shopping)
4. 4
Brief History
1970s: Electronic Funds Transfer (EFT)
Used by the banking industry to exchange account information over
secured networks
Late 1970s and early 1980s: Electronic Data Interchange (EDI) for
e-commerce within companies
Used by businesses to transmit data from one business to another
1990s: the World Wide Web on the Internet provides easy-to-use
technology for information publishing and dissemination
Cheaper to do business (economies of scale)
Enable diverse business activities (economies of scope)
5. 5
E-commerce applications
Supply chain management
Video on demand
Remote banking
Procurement and purchasing
Online marketing and advertisement
Home shopping
Auctions
6.
7. Ecommerce infrastructure
7
Information superhighway infrastructure
Internet, LAN, WAN, routers, etc.
telecom, cable TV, wireless, etc.
Messaging and information distribution
infrastructure
HTML, XML, e-mail, HTTP, etc.
Common business infrastructure
Security, authentication, electronic payment,
directories, catalogs, etc.
8. The Main Elements of E-commerce
8
Consumer shopping on the Web, called B2C (business to
consumer)
Transactions conducted between businesses on the
Web, call B2B (business to business)
Transactions and business processes that support selling
and purchasing activities on the Web
Supplier, inventory, distribution, payment
management
Financial management, purchasing products and
information
9. Advantages of Electronic Commerce
9
Increased sales
Reach narrow market segments in geographically
dispersed locations
Create virtual communities
Decreased costs
Handling of sales inquiries
Providing price quotes
Determining product availability
Being in the space
10. 10
Disadvantages of Electronic Commerce
Loss of ability to inspect products from
remote locations
Rapid developing pace of underlying
technologies
Difficult to calculate return on
investment
Cultural and legal impediments
11. The process of e-commerce
11
1. Attract customers
Advertising, marketing
2. Interact with customers
Catalog, negotiation
3. Handle and manage orders
Order capture
Payment
Transaction
Fulfillment (physical good, service good, digital good)
4. React to customer inquiries
Customer service
Order tracking
13. 13
E-commerce Technologies
Internet
Mobile technologies
Web architecture
Component programming
Data exchange
Multimedia
Search engines
Data mining
Intelligent agents
Access security
Cryptographic security
Watermarking
Payment systems
14. Infrastructure for E-commerce
14
The Internet
system of interconnected networks that spans the globe
routers, TCP/IP, firewalls, network infrastructure, network
protocols
The World Wide Web (WWW)
part of the Internet and allows users to share information
with an easy-to-use interface
Web browsers, web servers, HTTP, HTML, XML
Web architecture
Client/server model
N-tier architecture; e.g., web servers, application servers,
database servers, scalability
16. Types of e-commerce
16
B2B: E-commerce that is conducted between businesses is referred to as Business-to-
business
(1) open to the entire public or (2) limited to a group of businesses who have
been part of the specific group
Transaction cost reduced through reduction in
search costs
costs of processing transactions (e.g. invoices, purchase orders and
payment schemes)
cost in trading processes
eliminating intermediaries and distributors
increase in price transparency
creates supply-side cost-based economies of scale
17. Types of e-commerce..contd…
B2C Commerce
commerce between companies and consumers
involves customers gathering information; purchasing physical goods or
information goods
online retailing companies such as Amazon.com, Drugstore.com, Beyond.com,
Flipkart.com, Lenskart.com
reduces transactions costs
increasing consumer access to information
reduces market entry barriers
17
18. ..Contd…
B2G e-commerce
commerce between companies and the public sector
use of the Internet for public procurement
licensing procedures
18
19. ..Contd…
C2C e-commerce
commerce between private individuals or consumers
online auctions
auctions facilitated at a portal, such as eBay, which allows online real-time bidding on
items being sold in the Web;
peer-to-peer systems, such as the Napster model (a protocol for sharing files between
users used by chat forums similar to IRC) and other file exchange and later money
exchange models; and
classified ads at portal sites such as Excite Classifieds and eWanted (an inter- active,
online marketplace where buyers and sellers can negotiate and which features “Buyer
Leads & Want Ads”).
Consumer-to-business (C2B) transactions involve reverse auctions, which empower the
consumer to drive transactions. A concrete example of this when competing airlines
gives a traveler best travel and ticket offers in response to the traveler’s post that she
wants to fly from New York to San Francisco.
There is little information on the relative size of global C2C e-commerce. However, C2C
figures of popular C2C sites such as eBay and Napster indicate that this market is quite
large. These sites produce millions of dollars in sales every day
19
20. M-Commerce
20
buying and selling of goods and services through wireless technology
handheld devices such as cellular telephones and personal digital assistants
(PDAs) are used
m-commerce will become the choice for digital commerce transactions
bill payment and account reviews can all be conducted from the handheld
devices
consumers are given the ability to place and pay for orders on-the-fly
delivery of entertainment, financial news, sports figures and traffic updates to a
single mobile
different server than that accessed by the regular online users
allow users to book and cancel rail, flight, movie tickets through their mobile
devices
21. M-Commerce..contd..
critical considerations for this strategy is the software solution that the organization
uses
‘all in one’ device strategy vs individual device based technology
banks can use cost effective virtual distribution channel
Financial inclusion
Greater reach across the population
convenience without compromising security
benefits are in terms of usage, reach, cost of installation, efforts and money for
maintenance, upgradeability and sustainability
21
22. M commerce..contd..
address the needs of all the players (including regulatory requirements)
solution is adopted that can be deployed fast, and can be scalable
care of disparate systems, customized solutions and maintenance cost
a platform that easily integrates new services and allows banks to be flexible
allowing the bank to reap benefits from the full potential of the mobile commerce
M commerce strategy requires a clear vision and objectives and not ‘one size fits all’
approach
22
23. Factors affecting e-commerce
Major forces fuelling e-commerce
economic forces,
marketing and customer interaction forces, and
Technology
communications costs,
low-cost technological infrastructure,
speedier and more economic electronic transactions with suppliers,
lower global information sharing and advertising costs, and
cheaper customer service cost
networking of corporations, suppliers, customers/clients, and independent
contractors into one community
Networking of the various departments within a corporation, and of business
operations and processes
23
24. Factors affecting e-commerce..contd..
critical business information to be stored in a digital form
retrieved instantly
transmitted electronically
connecting businesses (small, medium or large) to trading partners
sourcing out supplies, buying and selling goods and services online in real time
center for management of content and the processing of business transactions
support services such as financial clearance and information services
regional, vertical and industry-specific interoperable B2B e-markets across the globe
24
25. Factors affecting e-commerce..contd..
provide their target consumers with more detailed product and service information
using e-commerce
logistical and technological infrastructure to other retailers
expertise in credit analysis
tracking orders
product comparison systems
digitizing content, compression and the promotion of open systems technology
convergence of telephone services, television broadcast, cable television, and
Internet access
25
26. E-commerce components
A corporate Web site with e-commerce capabilities
A corporate intranet so that orders are processed in an efficient manner
IT-literate employees to manage the information flows and maintain the e-commerce
system
Banking institutions that offer transaction clearing services
National and international logistics
cost-efficient transport of small and big packages
critical mass of the population with access to the Internet and disposable income
Firms/Businesses with order fulfilling capability
26
27. E-commerce components..contd..
A legal framework governing e-commerce transactions
Legal institutions that would enforce the legal framework
A robust and reliable Internet infrastructure;
A pricing structure that doesn’t penalize consumers for spending time on and buying
goods over the Internet
global collection of networks connected to share information
common set of protocols
27
28. E-commerce components
28
Important component of e-commerce based firm is the website
website should have technology that will make it easier for its customers to
navigate
site should offer every single feature necessary
fully-functional and sustainable ecommerce web site
stable server for hosting
provide customer specific services
technology partners who constantly upgrade the features as well as technology
help business partners such as logistics partners and suppliers to share and
exchange business data
Alternatively SaaS can be used for running these services (reduce cost)
29. Business transformation through e-commerce
Linking stakeholders through e-commerce
Supply chain management integration
The product flow
The information flow
The finances flow
Shared data in diverse database systems, data warehouse
Sharing data “upstream” (with a company’s suppliers) and “downstream” (with a
company’s clients)
shared digital business infrastructure
including integrated value chains
e-business management model
business policies consistent with e-commerce laws, teleworking/virtual work,
distance learning, incentive schemes
29
30. E-COMMERCE APPLICATIONS: ISSUES AND PROSPECTS
e-banking, e-tailing and online publishing/online retailing
telephone banking, credit cards, ATMs
E-commerce in developing countries
Cash-on-delivery
Bank payments
electronic payment system
Security issues in e-payment
Factors the growth of e-banking in developing countries
access to the Internet
Inclination for banking over the internet
access to high-quality products
Security over internet
30
31. E-Commerce Software
31
Content Transport
pull, push, web-caching, MIME
Server Components
CGI, server-side scripting
Programming Clients
Sessions and Cookies
Object Technology
CORBA, COM, Java Beans/RMI
Visual Studio .NET 2005 (ORCAS, ASP.NET, … etc)
Technology of Fulfillment of Digital Goods
Secure and fail-safe delivery, rights management
32. System Design Issues
32
Good architectural properties
Functional separation
Performance (load balancing, web caching)
Secure
Reliable
Available
Scalable
33. 33
Cryptography
Keeping secrets
Privacy: interceptor cannot use information
Authentication: sender’s identity cannot be forged
Integrity: data cannot be altered
Non-repudiation: sender cannot deny sending
How to evaluate cryptography
Secret key (symmetric) cryptography; e.g., DES
Public key (asymmetric) cryptosystems; e.g, RSA
Digital signatures, digital certificates
Key management; e.g., PKI
35. Basic terminology
1. Plaintext: original message to be encrypted
2. Ciphertext: the encrypted message
3. Enciphering or encryption: the process of
converting plaintext into ciphertext
4. Encryption algorithm: performs encryption
5. Two inputs: a plaintext and a secret key
37. Deciphering or decryption: recovering plaintext from
ciphertext
Decryption algorithm: performs decryption
Two inputs: ciphertext and secret key
Secret key: same key used for encryption and
decryption. Also referred to as a symmetric key
Symmetric Cipher Model
38. Cipher or cryptographic system :
A scheme for encryption and decryption
Cryptography:
Science of studying ciphers
Cryptanalysis:
Science of studying attacks against
cryptographic systems
Cryptology: cryptography + cryptanalysis
Symmetric Cipher Model
39. Ciphers
Symmetric cipher: same key used for
encryption and decryption
Block cipher: encrypts a block of plaintext at a
time (typically 64 or 128 bits)
Stream cipher: encrypts data one bit or one
byte at a time
Asymmetric cipher: different keys used
for encryption and decryption
40. Security
40
Concerns about security
Client security issues
Server security issues
Security policy, risk assessment
Authentication methods
Something you know: passwords
Something you have: smart card
Something you are: biometrics
Firewalls, proxy servers, intrusion detection
Denial of service (DOS) attacks, viruses, worms
41. 41
Payment Systems
Role of payment
Cash
properties: wide accept, convenient, anonymity, un-
traceability, no buyer transaction cost
Online credit card payment, Smart Cards
Secure protocols: SSL, SET
Internet payment systems
Electronic cash, digital wallets
Micro-payments
Wireless devices
42. Transactions Processing
42
Transactions and e-commerce
Overview of transaction processing
Transaction processing in e-commerce
Keeping business records, audit, backup
High-availability systems
Replication and scaling
Implementation
43. 43
Other System Components
Taxes
Shipping and handling
Search engines
Data mining
Intelligent agents
Inventory management, enterprise
resource planning (ERP)
Customer relation management (CRM)
44. 44
• SSL was first developed by Netscape in 1994 and
became an internet standard in 1996 ( RFC 2246
– TLS V1.0)
• SSL is a cryptographic protocol to secure network
across a connection-oriented layer
• Any program using TCP can be modified to use
SSL connection
Encryption and its types SSL Facts
45. 45
• SSL connection uses a dedicated TCP/IP
socket(e.g. port 443 for https)
• SSL is flexible in choice of which symmetric
encryption, message digest, and authentication
can be used
• SSL provides built in data compression
SSL Facts
46. 46
• Authenticate the server to the client
• Allow the client and server to select
cryptographic algorithms, or ciphers, that they
both support
• Optionally authenticate the client to the server
• Use public key encryption techniques to
generate shared secret
• Establish an encrypted SSL connection
SSL Usage
47. 47
SSL is a secure protocol which runs
above TCP/IP and allows users to
encrypt data and authenticate
servers/vendors identity securely
Application
layer
Transport
layerTCP/IP layer
SMTPSFTPSHTTPS
SECURE SOCKET LAYER
SSL
56. 56
Hashing
Hashing is an algorithm that calculates a fixed-size bit string value
from a file. A file basically contains blocks of data. Hashing
transforms this data into a far shorter fixed-length value or key
which represents the original string. The hash value can be
considered the distilled summary of everything within that file.
A good hashing algorithm would exhibit a property called the
avalanche effect, where the resulting hash output would change
significantly or entirely even when a single bit or byte of data within
a file is changed. A hash function that does not do this is
considered to have poor randomization, which would be easy to
break by hackers.
57. 57
Hashing
A hash is usually a hexadecimal string of several characters.
Hashing is also a unidirectional process so you can never work
backwards to get back the original data.
A good hash algorithm should be complex enough such that it
does not produce the same hash value from two different inputs. If
it does, this is known as a hash collision. A hash algorithm can
only be considered good and acceptable if it can offer a very low
chance of collision.
Types of Hashing
There are many different types of hash algorithms such as
RipeMD, Tiger, xxhash and more, but the most common type of
hashing used for file integrity checks are MD5, SHA-2 and CRC32.