Magister Manajemen Sistem Informasi 0 Electronic Commerce and Mobile Commerce Dr. Tb. Maulana Kusuma...
-
Upload
kiera-lynam -
Category
Documents
-
view
212 -
download
0
Transcript of Magister Manajemen Sistem Informasi 0 Electronic Commerce and Mobile Commerce Dr. Tb. Maulana Kusuma...
Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi 11
Electronic Commerce and Electronic Commerce and Mobile CommerceMobile Commerce
Dr. Tb. Maulana KusumaDr. Tb. Maulana [email protected]@staff.gunadarma.ac.id
http://staffsite.gunadarma.ac.id/mkusumahttp://staffsite.gunadarma.ac.id/mkusuma
Internet dan Jaringan KomputerInternet dan Jaringan Komputer
Inte
rnet
dan
Jari
ngan K
om
pu
ter
- U
niv
ers
itas
Gu
nadarm
a
200
6
E-Commerce
E-Commerce Security
Definition
Slid
es p
rep
are
d b
y T
b.
Mau
lan
a K
usu
ma,
Un
ivers
itas
Gu
nad
arm
a
FrameworkMedia Convergence
Anatomy
Transact. SecurityFirewallEncryption
Consumer Oriented
Electronic Payment
Internet SitesCommercial UsesE-Commerce & WWW
Banking & Financial
Retailing
On-line E-Commerce
Home BankingHome Shopping
Magister Manajemen Sistem InformasiMagister Manajemen Sistem InformasiUniversitas GunadarmaUniversitas Gunadarma
Public Key Infra-structure
Definition of E-CommerceDefinition of E-CommerceDefinition of E-CommerceDefinition of E-Commerce
“A modern business methodology that addresses the needs of organizations, merchants, and consumers to cut costs while improving the quality of goods and services and increasing the speed of service delivery”
Inte
rnet
dan
Jari
ngan K
om
pu
ter
- U
niv
ers
itas
Gu
nadarm
a
200
6
E-Commerce
E-Commerce Security
Definition
Slid
es p
rep
are
d b
y T
b.
Mau
lan
a K
usu
ma,
Un
ivers
itas
Gu
nad
arm
a
FrameworkMedia Convergence
Anatomy
Transact. SecurityFirewallEncryption
Consumer Oriented
Electronic Payment
Internet SitesCommercial UsesE-Commerce & WWW
Banking & Financial
Retailing
On-line E-Commerce
Home BankingHome Shopping
Magister Manajemen Sistem InformasiMagister Manajemen Sistem InformasiUniversitas GunadarmaUniversitas Gunadarma
Public Key Infra-structure
E-Commerce FrameworkE-Commerce FrameworkE-Commerce FrameworkE-Commerce Framework
The Information Superhighway infrastructure(telecom, cable TV, wireless, Internet)
Multimedia content and networkpublishing infrastructure
The messaging and informationdistribution infrastructure
Common business services infrastructure(security / authentication, electronic payment,
directories / catalogs)
Electronic Commerce Applications
• Supply chain management
• Video on-demand
• Remote Banking
• Procurement and purchasing
• On-line marketing and advertising
• Home shopping
Public policy, legaland privacy issues
Technical standardsfor electronic documents,
multimedia and network protocols
Inte
rnet
dan
Jari
ngan K
om
pu
ter
- U
niv
ers
itas
Gu
nadarm
a
200
6
E-Commerce
E-Commerce Security
Definition
Slid
es p
rep
are
d b
y T
b.
Mau
lan
a K
usu
ma,
Un
ivers
itas
Gu
nad
arm
a
FrameworkMedia Convergence
Anatomy
Transact. SecurityFirewallEncryption
Consumer Oriented
Electronic Payment
Internet SitesCommercial UsesE-Commerce & WWW
Banking & Financial
Retailing
On-line E-Commerce
Home BankingHome Shopping
Magister Manajemen Sistem InformasiMagister Manajemen Sistem InformasiUniversitas GunadarmaUniversitas Gunadarma
Public Key Infra-structure
E-Commerce & Media ConvergenceE-Commerce & Media ConvergenceE-Commerce & Media ConvergenceE-Commerce & Media Convergence
“Convergence, broadly defined, is the melding of consumer electronics, television, publishing, telecommunications, and computers for the purpose of facilitating new forms of information-based commerce”
Convergence of content
Translates all types of information content -- books, business documents, videos, movies, music -- into digital information.
Convergence of transmission
Compresses and stores digitized information so it can travel through existing phone and cable wiring.
Convergence of information access device
To function as both computers and televisions.
Inte
rnet
dan
Jari
ngan K
om
pu
ter
- U
niv
ers
itas
Gu
nadarm
a
200
6
E-Commerce
E-Commerce Security
Definition
Slid
es p
rep
are
d b
y T
b.
Mau
lan
a K
usu
ma,
Un
ivers
itas
Gu
nad
arm
a
FrameworkMedia Convergence
Anatomy
Transact. SecurityFirewallEncryption
Consumer Oriented
Electronic Payment
Internet SitesCommercial UsesE-Commerce & WWW
Banking & Financial
Retailing
On-line E-Commerce
Home BankingHome Shopping
Magister Manajemen Sistem InformasiMagister Manajemen Sistem InformasiUniversitas GunadarmaUniversitas Gunadarma
Public Key Infra-structure
Anatomy of E-Commerce Applications Anatomy of E-Commerce Applications Anatomy of E-Commerce Applications Anatomy of E-Commerce Applications
Videoservers
Governmentservers
Gameservers
Corporateservers
Libraries• Chatlines•Software
Electronicpublishing
NetworkServiceProvider
NetworkInternet
Information Servers withVariety of Content
Computer
PDA
Telephone
TV
Printer
Consumer Devices
Inte
rnet
dan
Jari
ngan K
om
pu
ter
- U
niv
ers
itas
Gu
nadarm
a
200
6
E-Commerce
E-Commerce Security
Definition
Slid
es p
rep
are
d b
y T
b.
Mau
lan
a K
usu
ma,
Un
ivers
itas
Gu
nad
arm
a
FrameworkMedia Convergence
Anatomy
Transact. SecurityFirewallEncryption
Consumer Oriented
Electronic Payment
Internet SitesCommercial UsesE-Commerce & WWW
Banking & Financial
Retailing
On-line E-Commerce
Home BankingHome Shopping
Magister Manajemen Sistem InformasiMagister Manajemen Sistem InformasiUniversitas GunadarmaUniversitas Gunadarma
Public Key Infra-structure
Types of Internet SitesTypes of Internet SitesTypes of Internet SitesTypes of Internet Sites
There are broadly speaking two main types of commercial Internet sites available to companies at present:
Static Sites
It can be used for displaying large amounts of information provided the information does not require regular updating and a high degree of functionality is not required.
Databased Sites
Sometimes referred to as Database Front-end Systems or dynamically generated Internet sites. It can be designed to interact with existing systems such as order processing, stock control systems and sources of information such as product databases.
Inte
rnet
dan
Jari
ngan K
om
pu
ter
- U
niv
ers
itas
Gu
nadarm
a
200
6
E-Commerce
E-Commerce Security
Definition
Slid
es p
rep
are
d b
y T
b.
Mau
lan
a K
usu
ma,
Un
ivers
itas
Gu
nad
arm
a
FrameworkMedia Convergence
Anatomy
Transact. SecurityFirewallEncryption
Consumer Oriented
Electronic Payment
Internet SitesCommercial UsesE-Commerce & WWW
Banking & Financial
Retailing
On-line E-Commerce
Home BankingHome Shopping
Magister Manajemen Sistem InformasiMagister Manajemen Sistem InformasiUniversitas GunadarmaUniversitas Gunadarma
Public Key Infra-structure
Commercial Uses of the InternetCommercial Uses of the InternetCommercial Uses of the InternetCommercial Uses of the Internet
TheInternet
On-line databases(selling information)
On-line databases(product & services)
Employees in the organizationwhose tasks range fromprocurement to payment
Financial institutions,banks, credit cardcompanies
Global suppliers
Customers at home
Business customers
Inte
rnet
dan
Jari
ngan K
om
pu
ter
- U
niv
ers
itas
Gu
nadarm
a
200
6
E-Commerce
E-Commerce Security
Definition
Slid
es p
rep
are
d b
y T
b.
Mau
lan
a K
usu
ma,
Un
ivers
itas
Gu
nad
arm
a
FrameworkMedia Convergence
Anatomy
Transact. SecurityFirewallEncryption
Consumer Oriented
Electronic Payment
Internet SitesCommercial UsesE-Commerce & WWW
Banking & Financial
Retailing
On-line E-Commerce
Home BankingHome Shopping
Magister Manajemen Sistem InformasiMagister Manajemen Sistem InformasiUniversitas GunadarmaUniversitas Gunadarma
Public Key Infra-structure
FirewallFirewallFirewallFirewall
EnterpriseLANor
WAN
Internet Firewall
Firewall bypassshould not be allowed
Corporate Network
Inte
rnet
dan
Jari
ngan K
om
pu
ter
- U
niv
ers
itas
Gu
nadarm
a
200
6
E-Commerce
E-Commerce Security
Definition
Slid
es p
rep
are
d b
y T
b.
Mau
lan
a K
usu
ma,
Un
ivers
itas
Gu
nad
arm
a
FrameworkMedia Convergence
Anatomy
Transact. SecurityFirewallEncryption
Consumer Oriented
Electronic Payment
Internet SitesCommercial UsesE-Commerce & WWW
Banking & Financial
Retailing
On-line E-Commerce
Home BankingHome Shopping
Magister Manajemen Sistem InformasiMagister Manajemen Sistem InformasiUniversitas GunadarmaUniversitas Gunadarma
Public Key Infra-structure
EncryptionEncryptionEncryptionEncryption
Encryption is the mutation of information in any form (text, video, graphics) into a representation unreadable by anyone without a decryption key.
Secret Key Cryptography
Involved the use of a shared key for both encryption by the transmitter and decryption by the receiver. This technique suffer from the problem of key distribution, since shared keys must be securely distributed to each pair of communicating parties.
Public Key Cryptography
Public-key techniques involve a pair of keys; a private key and a public key associated with each user. Information encrypted by the private key can be decrypted only using the corresponding public key. The private key, used to encrypt transmitted information by the user, is kept secret. The public key is used to decrypt information at the receiver and is not kept secret.
Inte
rnet
dan
Jari
ngan K
om
pu
ter
- U
niv
ers
itas
Gu
nadarm
a
200
6
E-Commerce
E-Commerce Security
Definition
Slid
es p
rep
are
d b
y T
b.
Mau
lan
a K
usu
ma,
Un
ivers
itas
Gu
nad
arm
a
FrameworkMedia Convergence
Anatomy
Transact. SecurityFirewallEncryption
Consumer Oriented
Electronic Payment
Internet SitesCommercial UsesE-Commerce & WWW
Banking & Financial
Retailing
On-line E-Commerce
Home BankingHome Shopping
Magister Manajemen Sistem InformasiMagister Manajemen Sistem InformasiUniversitas GunadarmaUniversitas Gunadarma
Public Key Infra-structure
Personal Finance and Home Personal Finance and Home Banking ManagementBanking ManagementPersonal Finance and Home Personal Finance and Home Banking ManagementBanking Management
Home computer
Home computer
The Internet
Bank Server
ATM
ATM
Inte
rnet
dan
Jari
ngan K
om
pu
ter
- U
niv
ers
itas
Gu
nadarm
a
200
6
E-Commerce
E-Commerce Security
Definition
Slid
es p
rep
are
d b
y T
b.
Mau
lan
a K
usu
ma,
Un
ivers
itas
Gu
nad
arm
a
FrameworkMedia Convergence
Anatomy
Transact. SecurityFirewallEncryption
Consumer Oriented
Electronic Payment
Internet SitesCommercial UsesE-Commerce & WWW
Banking & Financial
Retailing
On-line E-Commerce
Home BankingHome Shopping
Magister Manajemen Sistem InformasiMagister Manajemen Sistem InformasiUniversitas GunadarmaUniversitas Gunadarma
Public Key Infra-structure
Home ShoppingHome ShoppingHome ShoppingHome Shopping
Inte
rnet
dan
Jari
ngan K
om
pu
ter
- U
niv
ers
itas
Gu
nadarm
a
200
6
E-Commerce
E-Commerce Security
Definition
Slid
es p
rep
are
d b
y T
b.
Mau
lan
a K
usu
ma,
Un
ivers
itas
Gu
nad
arm
a
FrameworkMedia Convergence
Anatomy
Transact. SecurityFirewallEncryption
Consumer Oriented
Electronic Payment
Internet SitesCommercial UsesE-Commerce & WWW
Banking & Financial
Retailing
On-line E-Commerce
Home BankingHome Shopping
Magister Manajemen Sistem InformasiMagister Manajemen Sistem InformasiUniversitas GunadarmaUniversitas Gunadarma
Public Key Infra-structure
Banking & Financial Payments Banking & Financial Payments Banking & Financial Payments Banking & Financial Payments
Large-scale or wholesale payments
e.g., bank-to-bank transfer
Small-scale or retail payments
e.g., automated teler machines and cash dispenser
Home Banking
e.g., bill payment
Inte
rnet
dan
Jari
ngan K
om
pu
ter
- U
niv
ers
itas
Gu
nadarm
a
200
6
E-Commerce
E-Commerce Security
Definition
Slid
es p
rep
are
d b
y T
b.
Mau
lan
a K
usu
ma,
Un
ivers
itas
Gu
nad
arm
a
FrameworkMedia Convergence
Anatomy
Transact. SecurityFirewallEncryption
Consumer Oriented
Electronic Payment
Internet SitesCommercial UsesE-Commerce & WWW
Banking & Financial
Retailing
On-line E-Commerce
Home BankingHome Shopping
Magister Manajemen Sistem InformasiMagister Manajemen Sistem InformasiUniversitas GunadarmaUniversitas Gunadarma
Public Key Infra-structure
Retailing PaymentsRetailing PaymentsRetailing PaymentsRetailing Payments
Credit cards
e.g., VISA or MasterCard
Private label credit / debit cards
e.g., J.C. Penney Card, BCA Debit
Charge cards
e.g., American Express
Inte
rnet
dan
Jari
ngan K
om
pu
ter
- U
niv
ers
itas
Gu
nadarm
a
200
6
E-Commerce
E-Commerce Security
Definition
Slid
es p
rep
are
d b
y T
b.
Mau
lan
a K
usu
ma,
Un
ivers
itas
Gu
nad
arm
a
FrameworkMedia Convergence
Anatomy
Transact. SecurityFirewallEncryption
Consumer Oriented
Electronic Payment
Internet SitesCommercial UsesE-Commerce & WWW
Banking & Financial
Retailing
On-line E-Commerce
Home BankingHome Shopping
Magister Manajemen Sistem InformasiMagister Manajemen Sistem InformasiUniversitas GunadarmaUniversitas Gunadarma
Public Key Infra-structure
On-line E-Commerce Payment SystemsOn-line E-Commerce Payment SystemsOn-line E-Commerce Payment SystemsOn-line E-Commerce Payment Systems
Token-based payment systems Electronic cash (e.g., DigiCash)
Electronic checks (e.g., NetCheque)
Smart cards or debit cards (e.g., Mondex)
Credit card-based payment systems Encrypted Credit cards (e.g., WWW form-
based encryption)
Third-party authorization numbers (e.g., First Virtual)
1515Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
OutlineOutline
m-Commerce Overviewm-Commerce Overview
InfrastructureInfrastructure
m-Commerce Applicationsm-Commerce Applications
Mobile PaymentMobile Payment
LimitationsLimitations
Security in m-CommerceSecurity in m-Commerce
1616Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Mobile Commerce: OverviewMobile Commerce: Overview
Mobile commerce (m-Commerce, Mobile commerce (m-Commerce,
m-Business)—anym-Business)—any e-Commerce done in a e-Commerce done in a wireless environment, especially via the wireless environment, especially via the InternetInternet Can be done via the Internet, private Can be done via the Internet, private
communication lines, smart cards, etc.communication lines, smart cards, etc. Creates opportunity to deliver new services to Creates opportunity to deliver new services to
existing customers and to attract new onesexisting customers and to attract new ones
1717Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Mobile commerce from the Customer‘s Mobile commerce from the Customer‘s point of viewpoint of view
The customer wants to access information, goods The customer wants to access information, goods and services any time and in any place on his and services any time and in any place on his mobile device.mobile device.
He can use his mobile device to purchase tickets for He can use his mobile device to purchase tickets for events or public transport, pay for parking, download events or public transport, pay for parking, download content and even order books and CDs. content and even order books and CDs.
He should be offered appropriate payment methods. He should be offered appropriate payment methods. They can range from secure mobile micropayment They can range from secure mobile micropayment to service subscriptions.to service subscriptions.
1818Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Mobile commerce from the Provider‘s Mobile commerce from the Provider‘s point ofpoint of viewview
The future development of the mobile telecommunication The future development of the mobile telecommunication sector is heading more and more towards value-added sector is heading more and more towards value-added services. Analysts forecast that soon half of mobile services. Analysts forecast that soon half of mobile operators‘ revenue will be earned through mobile operators‘ revenue will be earned through mobile commerce. commerce.
Consequently operators as well as third party providers Consequently operators as well as third party providers will focus on value-added-services. To enable mobile will focus on value-added-services. To enable mobile services, providers with expertise on different sectors will services, providers with expertise on different sectors will have to cooperate.have to cooperate.
Innovative service scenarios will be needed that meet Innovative service scenarios will be needed that meet the customer‘s expectations and business models that the customer‘s expectations and business models that satisfy all partners involved.satisfy all partners involved.
1919Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
m-Commerce Terminologym-Commerce Terminology
GenerationsGenerations 1G1G: 1979-1992 wireless technology: 1979-1992 wireless technology 2G2G: current wireless technology; mainly : current wireless technology; mainly
accommodates textaccommodates text 2.5G2.5G: interim technology accommodates graphics: interim technology accommodates graphics 3G3G: 3: 3rdrd generation technology (2001-2005) generation technology (2001-2005)
supports rich media (video clips)supports rich media (video clips) 4G4G: will provide faster multimedia display (2006-: will provide faster multimedia display (2006-
2010)2010)
2020Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Terminology and StandardsTerminology and Standards
GPSGPS: Satellite-based Global Positioning System: Satellite-based Global Positioning System
PDAPDA: Personal Digital Assistant—handheld : Personal Digital Assistant—handheld wireless computerwireless computer
SMSSMS: Short Message Service: Short Message Service
EMSEMS: Enhanced Messaging Service: Enhanced Messaging Service
MMSMMS: Multimedia Messaging Service: Multimedia Messaging Service
WAPWAP: Wireless Application Protocol: Wireless Application Protocol
Smart-phonesSmart-phones—Internet-enabled cell phones —Internet-enabled cell phones with attached applicationswith attached applications
2121Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Attributes of m-Commerce and Its Attributes of m-Commerce and Its Economic AdvantagesEconomic Advantages
MobilityMobility—users carry cell phones or other mobile —users carry cell phones or other mobile devicesdevices
Broad reachBroad reach—people can be reached at any time—people can be reached at any time UbiquityUbiquity—easier information access in real-time—easier information access in real-time ConvenienceConvenience—devices that store data and have —devices that store data and have
Internet, intranet, extranet connectionsInternet, intranet, extranet connections Instant connectivityInstant connectivity—easy and quick connection to —easy and quick connection to
Internet, intranets, other mobile devices, databasesInternet, intranets, other mobile devices, databases PersonalizationPersonalization—preparation of information for —preparation of information for
individual consumersindividual consumers Localization of products and servicesLocalization of products and services—knowing where —knowing where
the user is located at any given time and match service the user is located at any given time and match service to themto them
2222Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
OutlineOutline
m-Commercem-Commerce
InfrastructureInfrastructure
m-Commerce Applicationsm-Commerce Applications
Mobile PaymentMobile Payment
LimitationsLimitations
Security in m-CommerceSecurity in m-Commerce
2323Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Mobile Computing InfrastructureMobile Computing Infrastructure
Screenphones—a Screenphones—a telephone equipped with telephone equipped with color screen, keyboard, e-color screen, keyboard, e-mail, and Internet mail, and Internet capabilitiescapabilities
E-mail handheldsE-mail handhelds
Wirelined—connected by Wirelined—connected by wires to a networkwires to a network
Cellular (mobile) phonesCellular (mobile) phones
Attachable keyboardAttachable keyboard
PDAsPDAs
Interactive pagersInteractive pagers
Other devicesOther devices NotebooksNotebooks HandheldsHandhelds SmartpadsSmartpads
Hardware
2424Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Mobile Computing InfrastructureMobile Computing Infrastructure(cont.)(cont.)
Unseen infrastructure requirementsUnseen infrastructure requirements Suitably configured wireline or wireless WAN Suitably configured wireline or wireless WAN
modemmodem Web server with wireless supportWeb server with wireless support Application or database serverApplication or database server Large enterprise application serverLarge enterprise application server GPS locator used to determine the location of GPS locator used to determine the location of
mobile computing device carriermobile computing device carrier
2525Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Mobile Computing Infrastructure Mobile Computing Infrastructure (cont.)(cont.)
SoftwareSoftware Micro browserMicro browser Mobile client operating system (OS)Mobile client operating system (OS) Bluetooth—a chip technology and WPAN standard Bluetooth—a chip technology and WPAN standard
that enables voice and data communications between that enables voice and data communications between wireless devices over short-range radio frequency wireless devices over short-range radio frequency (RF)(RF)
Mobile application user interfaceMobile application user interface Back-end legacy application softwareBack-end legacy application software Application middlewareApplication middleware Wireless middlewareWireless middleware
2626Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Mobile Computing Infrastructure Mobile Computing Infrastructure (cont.)(cont.)
Networks and accessNetworks and access Wireless transmission mediaWireless transmission media
MicrowaveMicrowave
SatellitesSatellites
RadioRadio
InfraredInfrared
Cellular radio technologyCellular radio technology Wireless systemsWireless systems
2727Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
OutlineOutline
m-Commerce Overviewm-Commerce Overview
InfrastructureInfrastructure
m-Commerce Applicationsm-Commerce Applications
Mobile PaymentMobile Payment
LimitationsLimitations
Security in m-CommerceSecurity in m-Commerce
2828Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Mobile Service ScenariosMobile Service Scenarios
Financial Services.Financial Services.Entertainment.Entertainment.Shopping.Shopping.Information Services.Information Services.Payment.Payment.Advertising.Advertising.And more ...And more ...
2929Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Early content and applications have all been geared around information Early content and applications have all been geared around information delivery but as time moves on the accent will be on revenue delivery but as time moves on the accent will be on revenue
generation.generation.
m-Commerce
Entertainment• Music• Games• Graphics• Video
Communications• Short Messaging• Multimedia Messaging• Unified Messaging• e-mail• Chat rooms• Video - conferencing
Transactions• Banking• Broking• Shopping• Auctions• Betting• Booking &
reservations• Mobile wallet• Mobile purse
Information• News• City guides• Directory Services• Maps• Traffic and weather• Corporate information• Market data
3030Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Classes of M-Commerce ApplicationsClasses of M-Commerce Applications
3131Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Mobile Application: Financial ToolMobile Application: Financial Tool
As mobile devices become more secureAs mobile devices become more secureMobile bankingMobile banking
Bill payment servicesBill payment services
m-Brokerage servicesm-Brokerage services
Mobile money transfersMobile money transfers
Mobile micro paymentsMobile micro payments
Replace ATM’s and credit cards??Replace ATM’s and credit cards??
3232Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Financial Tool: Financial Tool: Wireless Electronic Payment SystemsWireless Electronic Payment Systems
““transform mobile phones into secure, transform mobile phones into secure, self-contained purchasing tools capable self-contained purchasing tools capable of instantly authorizing payments…”of instantly authorizing payments…”
Types:Types: Micro paymentsMicro payments Wireless wallets (m-Wallet)Wireless wallets (m-Wallet) Bill paymentsBill payments
3333Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
ExamplesExamples
Swedish Postal BankSwedish Postal Bank Check Balances/Make Payments & Conduct Check Balances/Make Payments & Conduct
some transactionssome transactions
Dagens IndustriDagens Industri Receive Financial Data and Trade on Receive Financial Data and Trade on
Stockholm ExchangeStockholm Exchange
CitibankCitibank Access balances, pay bills & transfer funds Access balances, pay bills & transfer funds
using SMSusing SMS
3434Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Mobile Applications : Marketing, Mobile Applications : Marketing, Advertising, And Customer ServiceAdvertising, And Customer Service
Shopping from Wireless DevicesShopping from Wireless Devices Have access to services similar to those of Have access to services similar to those of
wireline shopperswireline shoppersShopping cartsShopping carts
Price comparisonsPrice comparisons
Order statusOrder status FutureFuture
Will be able to view and purchase products using Will be able to view and purchase products using handheld mobile deviceshandheld mobile devices
3535Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Mobile Applications : Marketing, Mobile Applications : Marketing, Advertising, And Customer ServiceAdvertising, And Customer Service
Targeted AdvertisingTargeted Advertising Using demographic information can Using demographic information can
personalize wireless services personalize wireless services (barnesandnoble.com)(barnesandnoble.com)
Knowing users’ preferences and surfing Knowing users’ preferences and surfing habits marketers can send:habits marketers can send:
User-specific advertising messagesUser-specific advertising messages
Location-specific advertising messagesLocation-specific advertising messages
3636Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Mobile Applications : Marketing, Mobile Applications : Marketing, Advertising, And Customer ServiceAdvertising, And Customer Service
CRM applicationsCRM applications MobileCRMMobileCRM Comparison shopping using Internet capable Comparison shopping using Internet capable
phonesphones Voice PortalsVoice Portals
Enhanced customer service improved access to Enhanced customer service improved access to data for employeesdata for employees
3737Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Mobile PortalsMobile Portals
““A customer interaction channel that A customer interaction channel that aggregates content and services for aggregates content and services for mobile users.”mobile users.” Charge per time for service or subscription Charge per time for service or subscription
basedbasedExample: I-Mode in JapanExample: I-Mode in Japan
Mobile corporate portalMobile corporate portalServes corporations customers and suppliersServes corporations customers and suppliers
3838Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Mobile Intrabusiness and Enterprise Mobile Intrabusiness and Enterprise ApplicationsApplications
Support of Mobile EmployeesSupport of Mobile Employees
by 2005 25% of all workers could be mobile by 2005 25% of all workers could be mobile employeesemployees
sales people in the field, traveling executives, sales people in the field, traveling executives, telecommuters, consultants working on-site, telecommuters, consultants working on-site, repair or installation employeesrepair or installation employees
need same corporate data as those working need same corporate data as those working inside company’s officesinside company’s offices
solution: wireless devicessolution: wireless devices
wearable devices: cameras, screen, wearable devices: cameras, screen, keyboard, touch-panel displaykeyboard, touch-panel display
3939Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Mobile B2B and Supply Chain Mobile B2B and Supply Chain ApplicationsApplications
““mobile computing solutions enable organizations to mobile computing solutions enable organizations to respond faster to supply chain disruptions by proactively respond faster to supply chain disruptions by proactively adjusting plans or shifting resources related to critical supply adjusting plans or shifting resources related to critical supply chain events as they occur.”chain events as they occur.” accurate and timely informationaccurate and timely information opportunity to collaborate along supply chainopportunity to collaborate along supply chain must integrate mobile devices into information exchangesmust integrate mobile devices into information exchanges example: “telemetry” integration of wireless example: “telemetry” integration of wireless
communications, vehicle monitoring systems, and vehicle communications, vehicle monitoring systems, and vehicle location deviceslocation devices
leads to reduced overhead and faster service leads to reduced overhead and faster service responsiveness (vending machines)responsiveness (vending machines)
4040Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Applications of Mobile Devices for Applications of Mobile Devices for Consumers/IndustriesConsumers/Industries
Personal Service ApplicationsPersonal Service Applications example airportexample airportMobile Gaming and GamblingMobile Gaming and GamblingMobile EntertainmentMobile Entertainment music and videomusic and videoHotelsHotelsIntelligent Homes and AppliancesIntelligent Homes and AppliancesWireless TelemedicineWireless TelemedicineOther Services for ConsumersOther Services for Consumers
4141Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
OutlineOutline
m-Commerce Overviewm-Commerce Overview
InfrastructureInfrastructure
m-Commerce Applicationsm-Commerce Applications
Mobile PaymentMobile Payment
LimitationsLimitations
Security in m-CommerceSecurity in m-Commerce
4242Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Mobile Payment for m-CommerceMobile Payment for m-Commerce
Mobile Payment can be offered as a stand-alone Mobile Payment can be offered as a stand-alone service.service.
Mobile Payment could also be an important Mobile Payment could also be an important enabling service for other m-commerce services enabling service for other m-commerce services (e.g. mobile ticketing, shopping, gambling…) : (e.g. mobile ticketing, shopping, gambling…) :
It could improve user acceptance by making the It could improve user acceptance by making the services more secure and user-friendly. services more secure and user-friendly.
In many cases offering mobile payment methods is the In many cases offering mobile payment methods is the only chance the service providers have to gain revenue only chance the service providers have to gain revenue from an m-Commerce service.from an m-Commerce service.
4343Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Mobile Payment (cont.)Mobile Payment (cont.)
the consumer must be informed of: what is being bought, and how much to pay options to pay;
the payment must be made
payments must be traceable.
4444Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Mobile Payment (cont.)Mobile Payment (cont.)
Customer requirementsCustomer requirements:: a larger selection of merchants with whom they a larger selection of merchants with whom they
can tradecan trade a more consistent payment interface when a more consistent payment interface when
making the purchase with multiple payment making the purchase with multiple payment schemes, like:schemes, like:
• Credit Card paymentCredit Card payment• Bank Account/Debit Card Payment Bank Account/Debit Card Payment
Merchant benefits:Merchant benefits:• brands to offer a wider variety of paymentbrands to offer a wider variety of payment• Easy-to-use payment interface developmentEasy-to-use payment interface development
Bank and financial institution benefitsBank and financial institution benefits• to offer a consistent payment interface to to offer a consistent payment interface to
consumer and merchantsconsumer and merchants
4545Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Payment via Internet Payment ProviderPayment via Internet Payment Provider
WAP GW/Proxy
SSL tunnel
Mobile e-Payment Server
GSM Security
SMS-C
User
Browsing (negotiation)
Merchant
Mobile Wallet
CC/Bank
IPP
4646Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Payment via Integrated Payment ServerPayment via Integrated Payment Server
WAP GW/Proxy
ISO8583 BasedCP
Mobile CommerceServer
GSM Security
SMS-C
User
Browsing (negotiation)
CC/Bank
Merchant
Mobile WalletVoice Pre-Paid
VPP IF
SSL tunnel
4747Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
OutlineOutline
m-Commerce Overviewm-Commerce Overview
InfrastructureInfrastructure
m-Commerce Applicationsm-Commerce Applications
Mobile PaymentMobile Payment
LimitationsLimitations
Security in m-CommerceSecurity in m-Commerce
4848Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Limitations of m-CommerceLimitations of m-Commerce
Usability ProblemUsability Problemsmall size of mobile devices (screens, small size of mobile devices (screens, keyboards, etc)keyboards, etc)
limited storage capacity of deviceslimited storage capacity of devices
hard to browse siteshard to browse sites
Technical LimitationsTechnical Limitationslack of a standardized security protocollack of a standardized security protocol
insufficient bandwidthinsufficient bandwidth
3G licenses3G licenses
4949Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Limitations of m-CommerceLimitations of m-Commerce
Technical Limitations…Technical Limitations…transmission and power consumption limitationstransmission and power consumption limitations
poor reception in tunnels and certain buildingspoor reception in tunnels and certain buildings multi-path interference, weather, and terrain problems multi-path interference, weather, and terrain problems
and distance-limited connectionsand distance-limited connections
WAP LimitationsWAP LimitationsSpeedSpeed
CostCost
AccessibilityAccessibility
5050Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Limiting Technological FactorsLimiting Technological Factors
Mobile Devices•Battery•Memory•CPU•Display Size
Networks•Bandwidth•Interoperability•Cell Range•Roaming
Localization•Upgrade of Network•Upgrade of Mobile Devices•Precision
Mobile Middleware•Standards•Distribution
Security•Mobile Device•Network•Gateway
5151Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Potential Health HazardsPotential Health Hazards
Cellular radio signals = cancer?Cellular radio signals = cancer? No conclusive evidence yetNo conclusive evidence yet could allow for myriad of lawsuitscould allow for myriad of lawsuits mobile devices may interfere with sensitive mobile devices may interfere with sensitive
medical devices such as pacemakersmedical devices such as pacemakers
5252Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
OutlineOutline
m-Commerce Overviewm-Commerce Overview
InfrastructureInfrastructure
m-Commerce Applicationsm-Commerce Applications
Mobile PaymentMobile Payment
LimitationsLimitations
Security in m-CommerceSecurity in m-Commerce
5353Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Security in m-Commerce: Security in m-Commerce: EnvironmentEnvironment
Operator centric modelOperator centric model
CA
Bank (FI)
Merchant
ContentAggregation
Internet
SAT GW
WAP GW
MobileNetwork
Mobile Bank
WAP1.1 (+SIM where avail.)
WAP1.2(WIM)
(SIM)
Security andSecurity andPaymentPayment
Mobile e-CommerceMobile e-CommerceServerServer
Mobile IP
Service ProviderNetwork
5454Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
WAP ArchitectureWAP Architecture
Web Server
Content
CGIScripts
etc.
WM
L D
ecks
wit
h W
ML
-Scr
ipt
WAP Gateway
WML Encoder
WMLScriptCompiler
Protocol Adapters
Client
WML
WML-Script
WTAI
Etc.
HTTPWSP/WTP
5555Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Comparison between Internet and Comparison between Internet and WAP TechnologiesWAP Technologies
HTMLJavaScript
HTTP
TLS - SSL
TCP/IPUDP/IP
Wireless Application Protocol
Wireless ApplicationEnvironment (WAE)
Session Layer (WSP)
Security Layer (WTLS)
Transport Layer (WDP)
Other Services andApplications
Transaction Layer (WTP)
SMS USSD CSD IS-136 CDMA CDPD PDC-P Etc..
Bearers:
5656Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
WAP RisksWAP Risks
WAP GapWAP Gap Claim:Claim: WTLS protects WAP as SSL protects WTLS protects WAP as SSL protects
HTTPHTTP Problem:Problem: In the process of translating one In the process of translating one
protocol to another, information is decrypted protocol to another, information is decrypted and re-encryptedand re-encrypted
Solution:Solution: Doing decryption/re-encryption in Doing decryption/re-encryption in the same process on the WAP gatewaythe same process on the WAP gateway
Wireless gateways as single point of Wireless gateways as single point of failure failure
5757Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Platform RisksPlatform Risks
Without a secure OS, achieving security on Without a secure OS, achieving security on mobile devices is almost impossiblemobile devices is almost impossible
Learned lessons:Learned lessons: Memory protection of processesMemory protection of processes Protected kernel ringsProtected kernel rings File access controlFile access control Authentication of principles to resourcesAuthentication of principles to resources Differentiated user and process privilegesDifferentiated user and process privileges Sandboxes for untrusted codeSandboxes for untrusted code Biometric authentication Biometric authentication
5858Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
WMLScriptWMLScript
Scripting is heavily used for client-side processing to offload servers and reduce demand on bandwidth
Wireless Markup Language (WML) is the equivalent to HTML, but derived from XML
WMLScript is WAP’s equivalent to JavaScript Derived from JavaScript™
5959Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
WMLScript (cont.)WMLScript (cont.)
Integrated with WML Reduces network traffic
Has procedural logic, loops, conditionals, etc
Optimized for small-memory, small-CPU devices
Bytecode-based virtual machine
Compiler in network
Works with Wireless Telephony Application (WTA) to provide telephony functions
6060Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Risks of WMLScript
• Lack of Security Model Lack of Security Model
• Does not differentiate trusted local code from untrusted code Does not differentiate trusted local code from untrusted code downloaded from the Internet. So, there is no access control!!downloaded from the Internet. So, there is no access control!!
• WML Script is not type-safe.WML Script is not type-safe.
• Scripts can be scheduled to be pushed to the client device without Scripts can be scheduled to be pushed to the client device without the user’s knowledgethe user’s knowledge
• Does not prevent access to persistent storageDoes not prevent access to persistent storage
• Possible attacks:Possible attacks:
• Theft or damage of personal informationTheft or damage of personal information
• Abusing user’s authentication informationAbusing user’s authentication information
• Maliciously offloading money saved on smart cardsMaliciously offloading money saved on smart cards
6161Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
BluetoothBluetooth
Bluetooth is the codename for a small, low-cost, short range Bluetooth is the codename for a small, low-cost, short range wireless technology specification wireless technology specification
Enables users to connect a wide range of computing and Enables users to connect a wide range of computing and telecommunication devices easily and simply, without the telecommunication devices easily and simply, without the need to buy, carry, or connect cables.need to buy, carry, or connect cables.
Bluetooth enables mobile phones, computers and PDAs to Bluetooth enables mobile phones, computers and PDAs to connect with each other using short-range radio waves, connect with each other using short-range radio waves, allowing them to "talk" to each otherallowing them to "talk" to each other
It is also cheapIt is also cheap
6262Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
Bluetooth SecurityBluetooth Security
Bluetooth provides security between any two Bluetooth devices for user protection and secrecy
mutual and unidirectional authentication encrypts data between two devices Session key generation
• configurable encryption key length• keys can be changed at any time during a connection
Authorization (whether device X is allowed to have access service Y)
• Trusted Device: The device has been previously authenticated, a link key is stored and the device is marked as “trusted” in the Device Database.
• Untrusted Device: The device has been previously authenticated, link key is stored but the device is not marked as “trusted” in the Device Database
• Unknown Device: No security information is available for this device. This is also an untrusted device.
automatic output power adaptation to reduce the range exactly to requirement, makes the system extremely difficult to eavesdrop
6363Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
New Security Risks in m-CommerceNew Security Risks in m-Commerce
• Abuse of cooperative nature of ad-hoc networksAbuse of cooperative nature of ad-hoc networks
• An adversary that compromises one node can An adversary that compromises one node can disseminate false routing information.disseminate false routing information.
• Malicious domainsMalicious domains
• A single malicious domain can compromise devices by A single malicious domain can compromise devices by downloading malicious codedownloading malicious code
• Roaming (are you going to the bad guys ?)Roaming (are you going to the bad guys ?)
• Users roam among non-trustworthy domainsUsers roam among non-trustworthy domains
6464Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
New Security Risks (cont.)New Security Risks (cont.)
• Launching attacks from mobile devicesLaunching attacks from mobile devices
• With mobility, it is difficult to identify attackersWith mobility, it is difficult to identify attackers
• Loss or theft of deviceLoss or theft of device
• More private information than desktop computersMore private information than desktop computers
• Security keys might have been saved on the deviceSecurity keys might have been saved on the device
• Access to corporate systemsAccess to corporate systems
• BluetoothBluetooth provides security at the lower layers only: a provides security at the lower layers only: a stolen device can still be trustedstolen device can still be trusted
6565Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
New Security Risks (cont.)New Security Risks (cont.)
• Problems with Wireless Transport Layer Security Problems with Wireless Transport Layer Security (WTLS) protocol(WTLS) protocol
• Security Classes:Security Classes:
• No certificatesNo certificates
• Server only certificate (Server only certificate (Most CommonMost Common))
• Server and client CertificatesServer and client Certificates
• Re-establishing connection without re-authenticationRe-establishing connection without re-authentication
• Requests can be redirected to malicious sitesRequests can be redirected to malicious sites
6666Magister Manajemen Sistem InformasiMagister Manajemen Sistem Informasi
New Privacy RisksNew Privacy Risks
• Monitoring user’s private informationMonitoring user’s private information
• Offline telemarketingOffline telemarketing
• Who is going to read the “legal jargon”Who is going to read the “legal jargon”
• Value added services based on location awareness Value added services based on location awareness (Location-Based Services)(Location-Based Services)