Post on 15-Jan-2016
description
Shopping Carts and Shopping Carts and SecuritySecurity
““Putting the COMMERCE into Putting the COMMERCE into
E-COMMERCE”E-COMMERCE”
The BeginningThe Beginning
• God created the Internet
• Bill Gates created the Internet
• Al Gore created the Internet
• The heck with it, in the beginning the Internet was designed to be a content provider
The InternetThe Internet
• It was full of information
• It utilized “static” web pages
• Knowledge was shared with viewers
• No business was conducted “on-line”
The AdventThe Advent
• Many companies have taken credit for the advent of business on the Internet– Intel– Dell– Cisco– Egghead
• In 1997 Pres Clinton and VP Gore are quoted, “Electronic commerce could become a significant global economic element in the next century”
The RaceThe Race
• The stage was set, and the race was on
• The term Electronic Commerce (E-Commerce) was coined
• Initial commerce was business to business, so the payment function was still handled the “old fashioned” way of invoicing and paying by the 10th of the following month.
The ConsumerThe Consumer
• The conversion from B2B commerce to B2C (Business to Customer) was swift
• Existing companies that utilized direct marketing efforts via telephone had in place:– Sales techniques (selling from a distance)– Lack of bricks and mortar (fixed costs)– System to handle payment (most important)
The Proce$$The Proce$$
• What? Credit cards & EFT
• Who? Banks doing EFT since 1970’s
• Why? Because they are highly profitable
• Financial institutions profit on both ends of the transaction – Great proce$$ for them
The EnablerThe Enabler
• This award goes to technology, or perhaps more specifically to the technological advances that allowed us to:– Communicate via a network– More fully automate the business process– Cut customer service costs– Empower the buyer
The ModelThe Model
• For our purpose, we will use a pure retail, now called e-tail as our model
• We will call it:– Wayneazon– WayneMart– Wayne Buy– Wayne’s World
Wayne’s WorldWayne’s World
US MARKET• Projections are $60B total sales this year• Over 87% are white• Over 80% have had some college• Over 62% shop from home• Over 61% will be male• Over 43% will be under the age of 20• BUT…
The Trust FactorThe Trust Factor
• 100% have a comfortable trust factor in Electronic commerce
• Trust in Brand
• Trust in the EFT banking process
• Trust in Wayne’s World
• Trust in the Security of the site
CryptographyCryptography
• The science concentrating on the study of methods and techniques to provide security by mathematical manipulation of information
• Symmetric (secret key)
• Asymmetric (public key)
• It is the secret decoder ring and James Bond all rolled into one
Encryption / DecryptionEncryption / Decryption
• OK, now we know it is an algorithm, meaning that it is mathematical in nature.
• We also recognize that in order to have security that our data is encrypted by some form of a secret or public key
• On the other end the decryption takes place in order that the data can be read and processed
ExampleExample
Symmetric key solution
Plaintext: TO BE OR NOT TO BE THAT IS THE QUESTIONKey: RE LA T I ONS RE LA T ION SR ELA TIONSRELEncrypted :KS ME HZ BBL KS ME MPOG AJ XSE JCSFLZSY
• Decryption of an encrypted message is equally straightforward. One writes the key repeatedly above the message:
Encrypted :KS ME HZ BBL KS ME MPOG AJ XSE JCSFLZSYKey: RE LA T I ONS RE LA T ION SR ELA TIONSRELPlaintext: TO BE OR NOT TO BE THAT IS THE QUESTION
Hard Code – Not Fun!!Hard Code – Not Fun!!
'This is the My Functions file that I have including throughout this application'it consists of six (6) different functions that are used to make this application‘as secure as possible. The majority of these functions pertain to the
encrypting of the data so that it can be passed with the URL from page to page safely.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''Dim CharSet 'variable that contains crytosystem characters
'Intialize variableCharSetCharSet = Array("A","B","C","D","E","F","G","H","I","J","K","L","M",_ "N","O","P","Q","R","S","T","U","V","W","X","Y","Z",_ " ","1","2","3","4","5","6","7","8","9","0") 'these are the characters of CharSet
Hard Code p-2Hard Code p-2
Dim nCharSetSize 'variable that contains the number of characters in CharSetDim strKey 'variable for key for Vigenere Cipher
'Intialize the variable strKeystrKey = "I AM AN E COMMERCE EXPERT" 'key value for the Vigenere
Cypher
'Intialize the variable nCharSetSizenCharSetSize = ubound(CharSet) + 1'this is the character set that makes up the encryption this also designates a
key'for the Vignere Cypher that I used for encryption'You can see that the character set is made up of the 26 upper case letters, 'ten numeric digits, and the space. So the array has 37 elements
The Actual Encryption The Actual Encryption Function Encrypt(strMsg) 'the encryption function using Vigenere Cypher
Dim strKeyCharDim strMsgCharDim nShiftPos
'Response.write "STRMSG: " & strMsg & "<BR>"for i = 1 to len(strMsg)
strMsgChar = mid(strMsg, i, 1)strKeyChar = GetKeyChar(i)nShiftPos = FindPosition(strKeyChar)strFinal = strFinal & ShiftChar(strMsgChar, nShiftPos)
'Response.write "STRFINAL: " & strFinal & "<BR>"next
Encrypt = strFinal
End Function
The Actual DecryptionThe Actual DecryptionFunction Decrypt(strMsg) 'the encryption function using Vigenere Cypher
Dim strKeyCharDim strMsgCharDim nShiftPos
for i = 1 to len(strMsg)strMsgChar = mid(strMsg, i, 1)strKeyChar = GetKeyChar(i)nShiftPos = FindPosition(strKeyChar)strFinal = strFinal & ShiftChar(strMsgChar, -nShiftPos)
next
Decrypt = strFinal
End Function
A Better SolutionA Better Solution
• https://www.verisign.com
• http://www.sslplanet.com
• http://www.betrusted.com/
• http://www.thawte.com/
22ndnd Issue of E-Commerce Issue of E-Commerce
• Obtaining data
• Maintaining data
• Utilizing data
• Recalling data
• An enabler in all of this is a shopping cart
Shopping CartShopping Cart
• https://www.ecartsoft.com/cgi-bin/home.cgi
• http://store.vipcart.com
• http://www.webgenie.com/Software/Shopcart/
All on One siteAll on One site
• http://e-businessexpress.com/index.shtml
• http://www.cartserver.com/americart/features.html
Concluding remarksConcluding remarks
• The technology exists in shrink wrap format
• Do not recreate the wheel
• Use existing technology as an enabler
• Concentrate your efforts on the back room
• Security has been an issue since the early 1970’s via EFT – It will continue to be an issue
Contact informationContact information
Wayne Pauli
605-256-5800
wayne.pauli@dsu.edu
Dakota State University
820 North Washington Avenue
Madison, SD 57042
Q & A TimeQ & A Time
• Anyone
• Really anyone?
• Are you still alive??
• Tom, is this vtel working???
Thanks for ListeningThanks for Listening