Post on 04-Jan-2016
ELECTROINC COMMERCE TOOLS
Chapter 6
• Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND
CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2 DIGITAL CERTIFICATES 6.1.3 DIGITAL SIGNATURES 6.1.4 PUBLIC KEY CRYPTOGRAPHY 6.1.5 PUBLIC KEY INFRASTRUCTURE (PKI) 6.1.6 CERTIFICATE AUTHORITIES 6.2 Secure Sockets Layer (SSL) and
Secure Electronic Transaction (SET) 6.2.1 Secure Sockets layer (SSL) 6.2.2 Secure Electronic Transaction (SET)
Chapter 6 – ELECTROINC COMMERCE TOOLS
• Outlin
6.3 ELECTRONIC COMMERCE COMPONENT-BASED ARCHITECTURES
6.3.16.3.1 CORE COMPONENTS CORE COMPONENTS
6.3.2 BUSINESS-ORIENTED COMPONENT STRATEGIES.
6.3.3 COMMON BUSINESS LIBRARY
6.4 ELECTRONIC COMMERCE COMPONENT-BASED ARCH ITECTURES 6.4.1 Function
6.4.2 Customization
6.4.3 Integration
6.0 IntroductionElectronic commerce promises gains in productivity, efficiency, and communication. At the same time, processing costs are expected to decrease. The objectives are achievable but they require the right types of electronic tools ,support the move to electronic business (eBusiness) operations. The introduction of the Web has transformed operations, and appropriate tools are under development to support these objectives.
• Electronic commerce is dependent on a number of components. First, there must be a willing buyer and a willing seller. There must be product, service, or information offerings. If payment is to occur, there must be payment mechanisms avail able for use. In order to transact business, security technology and procedures are expected. Trust is an often overlooked item on the list of requirements for electronic commerce, but it is an essential ingredient for electronic commerce to take place and to succeed.
6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE
AUTHORITIES (CAs)
• TRUST.• DIGITAL CERTIFICATES .• DIGITAL SIGNATURES.• PUBLIC KEY CRYPTOGRAPHY.• PUBLIC KEY INFRASTRUCTURE (PKI).• CERTIFICATE AUTHORITIES.
6.1.1 TRUST
• Physical world - Drivers’ licenses.
- Passports.
- Membership cards.
- ATM cards .
• Electronic world - Digital certificate .
- Digital signature.
6.1.2 DIGITAL CERTIFICATES • A digital certificate is a digital document,
attesting to the binding of a public key of an individual or entity.
• Most people think there is basically one type of digital certificate. In actuality, several different types of digital certificates are available for use in business-to-consumer, business-to-business, and intra-business electronic commerce applications, including email certificates, browser certificates, server (SSL) certificates, software signing certificates, corporate empowerment certificates, SET certificates, and EDI certificates.
6.1.2 DIGITAL CERTIFICATES
• Digital certificates contain the following Information:
1. Name of entity being certified 2. Public key 3. Name of certificate authority 4. Serial number 5. Expiration date 6. Optional additional information
6.1.3 DIGITAL SIGNATURES
• Digital signature– Authenticates sender’s identity– Run plain-text through hash function
• Gives message a mathematical value called hash value• Hash value also known as message digest
– Collision • Occurs when multiple messages have same hash value
– Encrypt message digest with private-key– Send signature, encrypted message (with public-key)
and hash function
6.1.4 PUBLIC KEY CRYPTOGRAPHY• Public key cryptography
– Asymmetric – two inversely related keys• Private key• Public key
– If public key encrypts only private can decrypt and vice versa
– Each party has both a public and a private key
– Either the public key or the private key can be used to encrypt a message
– Encrypted with public key and private key• Proves identity while maintaining security
6.1.4 PUBLIC KEY CRYPTOGRAPHY
• Encrypting and decrypting a message using a symmetric key
6.1.4 PUBLIC KEY CRYPTOGRAPHY
• Encrypting and decrypting a message using public-key cryptography
6.1.4 PUBLIC KEY CRYPTOGRAPHY
• Authentication with a public-key algorithm
6.1.5 PUBLIC KEY INFRASTRUCTURE (PKI)
The basic elements of PKI are as follows: • A certificate authority (CA) responsible for
issuing and verifying digital certificates. • A digital certificate including the public key or
information about the public key. • A registration authority (RA) to serve as the
verifier for the certificate authority before a digital certificate is actually issued to the requestor.
• A directory where the digital certificates and their public keys are stored.
• A certificate management system.
6.1.6 CERTIFICATE AUTHORITIES
• A certificate authority is a trusted authority, an organization, that takes on the responsibility for issuing certificates. By issuing digital certificates containing public keys, the CA vouches for the identity of those to whom it issues the certificates. The CA’s public key must be trustworthy.
6.1.6 CERTIFICATE AUTHORITIES
• The CA issuance process consists of the following steps:
1. Generate public/private key pair. 2. Send public key to CA. 3. Prove identity to CA—verify. 4. CA signs and issues certificate. 5. CA emails certificate or Requestor retrieves
certificate from secure Web site. 6. Requestor uses certificate to demonstrate
legitimacy of his or her public key.
6.2 Secure Sockets Layer (SSL) andSecure Electronic Transaction (SET)
• Transaction security protocols– Secure Sockets Layer (SSL)– Secure Electronic Transaction (SET)
• SSL– Uses public-key technology and digital
certificates to authenticate the server in a transaction
– Protects information as it travels over Internet• Does not protect once stored on receivers server
– Peripheral component interconnect (PCI) cards
• Installed on servers to secure data for an SSL transaction
6.2.1 Secure Sockets layer (SSL)
6.2.1 Secure Sockets layer (SSL)
Client initiates a connection Hello?
Server responds by sending the client its Digital ID. The server may also request the client’s Digital ID for client
authentication.
Server Digital
ID
Client Digital
ID
Sessionkey
Client verifies the server’s Digital ID. If requested by
the server, the client sends its Digital ID.
When the authentication is complete, the client sends the
server a session key encrypted using the server’s
public key.
Client side Server side
Once a session key is established, secure communicationscommence between client and server
SSL Protocol
6.2.2 Secure Electronic Transaction (SET)
• SET protocol– Designed to protect e-commerce payments– Certifies customer, merchant and merchant’s bank– Requirements
• Merchants must have a digital certificate and SET software• Customers must have a digital certificate and digital wallet
– Digital wallet• Stores credit card information and identification
– Merchant never sees the customer’s personal information
• Sent straight to banks
• Microsoft Authenticode– Authenticates file downloads– Informs users of the download’s author
6.2.2 Secure Electronic Transaction (SET)
Digital wallet
6.3 ELECTRONIC COMMERCE COMPONENT-BASED ARCH ITECTURES
CORE COMPONENTSCORE COMPONENTS• Catalog Management.• Content Management. • Transaction services. • Personalization facilities. • Customer support and customer service. • Interfaces to internal business systems.
6.3.1 CORE COMPONENTSCORE COMPONENTS
• Catalog Management - Which provides facilities to store, search, and
retrieve product information
6.3.1 CORE COMPONENTSCORE COMPONENTS
• Content Management - To enhance product information available
through catalog entries.
6.3.1 CORE COMPONENTSCORE COMPONENTS
• Transaction services
- Providing online purchasing mechanisms. These facilities may include online shopping carts and credit card authorization services.
6.3.1 CORE COMPONENTSCORE COMPONENTS
• Personalization facilities
- Including user profiling and features to customize content delivery based on individual usage patterns and individual user preferences,
background, and characteristics .
6.3.1 CORE COMPONENTSCORE COMPONENTS
• Customer support and customer service
- Including facilities to handle customers’ questions and requests for Information.
6.3.1 CORE COMPONENTSCORE COMPONENTS
• Interfaces to internal business systems
- Including functions, APIs (application program interfaces), and development tools to connect Web-based electronic.
6.3.2 BUSINESS-ORIENTED COMPONENT STRATEGIES
• Most e-commerce server vendors are not offering business-oriented component strategies yet. However, vendors are offering network-available business services. There are transaction engines and catalog management applications.
6.3.3 COMMON BUSINESS LIBRARY
• A common business library (CBL) is under development as part of the CornmerceNet eCo framework. The library will include: - APIs for businesses, markets, processes, applications, and services.
- Common Business Objects for catalogs, product information, business forms, and companies.
6.3.3 COMMON BUSINESS LIBRARY
• we can view documents as the input and output to these business services, Some of these document types include:
- Profiles of customers and vendors.
- Catalogs, data sheets, price lists.
- Invoices.
- Purchase orders (POs)
6.3.3 COMMON BUSINESS LIBRARY
- Inventory reports
- Bill of materials
- Contracts
- Credit reports
- Reports on shipping, tracking, and order status
- Receipts
6.4 Electronic commerce solution
Electronic commerce Solution =
Function +
Customization +
Integration
6.4.1 FUNCTION
• The electronic commerce solution function may consist of packaged off-the-shelf software. Off-the-shelf software may be enhanced in-house.
6.4.2 CUSTOMIZATION
• Another option to consider is whether your electronic commerce solution should involve personalization according to the profile of the customer/user.
6.4.3 INTEGRATION
• In designing your organization’s electronic commerce solution, you need to consider the type of interaction that you want to see between a customer and the company.