E-commerce is thriving but faces many challenges. Standardization, trust, business-to-business transactions, and intellectual property protection present open research questions. As e-commerce expands to new areas like wireless and agent-based systems, additional challenges arise regarding security, privacy, and establishing trust in new environments and between new parties. Continued research aims to address these challenges and further innovation in electronic commerce.

1. E-Commerce: Hype, Hope… Help Needed Larry Korba National Research Council of Canada [email_address] http://www.iit.nrc.ca National Research Council Canada Conseil national de recherches Canada Institute for Institut de technologie Information Technology de l'information C a n a d a

2. Definition and Caveats Definition: Caveats: Not an E-Commerce “Course” Research Perspective Highlights Electronic Commerce - the secure exchange of goods, services and information electronically Forester Research

3. Outline E-Commerce Today Future of E-Commerce Now… Near Future Selected Challenges Only a Few! Conclusions SET Business-Business Agent- Based E-Commerce E-Commerce Anywhere IP Protection PKI

4. E-Commerce Today….. Big Money Assumption, “Hi Tech” Other Attractive Internet Words: Java, Agents, Security!

5. EC Today: Why is it so ? Business-to-Consumer Internet Hype Lower Costs Market Expansion? Business-to-Business Now and in Future Growth

6. EC Today: Why Hot: Lower Telecommunication Costs Cost of a 3 Minute Phone Call From New York to London

7. EC Today: Why Hot: Internet Growth Extraordinary Growth in Internet Access

8. EC Today: Why Hot? B-C, B-B Growth

9. EC Today: Challenges It Works Quite Well, But…. Many “Standards”, Products Threats Common Threats Threats to Buyers Threats to Sellers Threats to Financial Institutions

10. EC Today: “Standards”, Products SSL <=> SET Many products to chose from Credit Card Transaction Providers Commerce Servers IBM, Microsoft, Inex, Bestware, MANY MORE Middleware Shareware, Cold Fusion…. Databases SQL, DB2, Oracle, Access… Web Portals Consultants

11. EC Today: Common Threats Insider Fraud Software Security Holes All O/S & Applications Good Security Hard to Build Software Complexity Security as an Add-On Installation/Set Up Errors Shopping Cart Exposure

12. EC Today: Threats to Buyers Hijacking, Spoofing Denial of Service Loss of Privacy Fraudulent Credit Card Use

13. EC Today: Threats to Sellers Fake Order Flood Site Impersonation Site Alteration Denial of Service

14. EC Today: Threats to Financial Institutions, Transaction Providers Any Kind of Loss $ Credit Card Fraud Information Service Obstruction

15. Future Challenges of E-Commerce What is happening in Research Standardization Trust Business-to-Business Agent-Based E-Commerce Automation Learning Copyright Protection Electronic Distribution E-Commerce Anywhere

16. Future Challenges: Research Research Competition Words to get Funding (or to get Published): Electronic Commerce Security Agent Java Ontology...

17. Standardization Many Acronyms…. Development Times, Costs, Interoperability OMG/ CBO X.509 XML/ EDI OBI OTP OFX CIP PKI RSA PKIX OPS SET SSL IMS ECML ICE

18. Trust and Electronic Commerce Biometry Many Technologies Determining trustworthiness of Transaction Participants e.g. Auction Sites. Research Distributed Trust Web Browsers, Agents Models for Trust, Formalisms E-Commerce and Group work applications

19. Biometry... Technologies Iris, Face, Fingerprint, Hand Geometry, Typing, Handwriting, Voice Must work well No False Positives: I Got IN!!! No False Negatives: Let Me IN! Must NOT Lose Biometric Data! Irreplaceable… Once stolen, gives access to the store… Single Sign On for Everything...

20. SET Many different proprietary electronic transaction Third Party Solutions SET: The Answer to Strife in the World! Open Standard Eliminates No Card Present Fraud Visa/Master Card Like that! Eliminate Non-Repudiation in Transactions No Middleman

21. SET: Challenges Complicated Protocol = Slow Response 3000 Line ASN.1 28 Stage Transaction Process 6 RSA Encryption Steps (Slow) Four Part Model Interoperability Constant Evolution Standard Fragmentation? SET <=> Credit Card-Based Other Possibilities: XML/EDI, Smart SET

22. Public Key Infrastructure Cornerstone for Network Security Technology Issues/Revokes Certificates Cross Certify Organizations Generate Certificates for authorized users Enable SET for EC and other applications

23. PKI:Challenges Non-Trivial to set up Cross-Certification A lot like Beta Testing Software! Interoperability Issues X.509 v3 Extensions Network Overhead Costs Infrastructure is one thing, you need to buy the applications Dealing with Multiple Certificates

24. Business-to-Business Factors Just-In-Time Delivery Requirement Reduce Inventory, Cycle Times Reduced Costs International Trade (Globalization, Deregulation) Move to Automated Transactions

25. Business-to-Business: Challenges Developing Trust With New Partners Contract Protocols: Formal, Creative Low-Cost, Secure Large Transactions Sharing Minimum Required Operational Information Company A Company B Company C ?

26. Agent-Based E-commerce Bargain Finder Negotiator User Interface Mobile Agents? Agent A Agent B

27. Agent-Based E-commerce: Challenges Trust Agent Code Agent Environment Confidentiality/Integrity Customer/vendor Information Standards Agent Communication Agent Environments APIs

28. Intellectual Property Protection Electronically Transferable IP Network Distribution: Lower Cost Potential Risks Potential for New Forms of Licensing

29. IP Protection: Challenges It’s Hard to Protect IP Text Graphics E-Books Software 3D Models Different Restrictions Trade Exclusivity Usage

30. Software Copying

31. IP Protection: Examples Software Protection Software Copying/Cracking is Epidemic Hardware (Dongles), Software Flexible Electronic Licensing Needed Recording Industry Analog Copying is Easy Audio CD copying MP3 Distribution

32. E-Commerce Anywhere Wireless Access Investors Business Operators Service Centres Convenience Demand

33. E-Commerce Anywhere: Challenges V-Commerce Tedious Secure? False Negatives Eavesdropping? Electronic Human Replay? SSL/SET over voice/pager? Wireless LANs Coverage, Implementation

34. Wireless LAN Implementation IEEE 802.11 Symmetric Key Available For View! In Network Dialog Box for Client Or Via SNMP from Access Point

35. Summary E-Commerce is here, and Thriving Works quite well Big Money going into E-Commerce Researchers Developers Software Implementation Errors Prevention SW/HW Version Authentication Electronic Delivery Enforcing Copyright Protection

36. Summary (Continued) Secure E-Commerce Everywhere Portable Electronic Wallet Biometry E-Commerce Agents Trust and Privacy Agent Mobility Room for Innovation Resource Page: http://132.246.128.180/ecommerce/ecomlinks.html Email Address: [email_address]