Professional Documents
Culture Documents
KABARAK UNIVERSITY DEPARTMENT OF COMPUTING SCIENCES Module No: Module Title: Module Leader Cell: BMIT 326 E-COMMERCE Mr. Masese 0727171725
Purpose To introduce the strategic and implementation of business issues that utilize electronic technologies To utilize electronic technologies for business implementation and/or business marketing
UNIT1 : FOUNDATIONS OF E-COMMERCE Introduction to E-commerce Categories E-Commerce based on the transacting parties Supply chain management , E-Procurement UNIT 2 : NETWORK INFRASTRUCTURE FOR E-COMMERCE Network infrastructure for E-commerce The internet, intranet and extranets as E-commerce infrastructure UNIT 3 ELECTRONIC DATA EXCHANGE AND ELECTRONIC PAYMENT SYSTEMS EDI(electronic data exchange ) Classification of electronic payment systems
Unit 4
MOBILE COMMERCE Study on mobile commerce WAP(Wireless application protocol) legal requirements in E-commerce & web security
Unit 5
Teaching and learning Strategy: Lectures, Presentations by members of the class, Case discussions, Tutorials, Assignments, Continuous assessment tests, Lab Practical, Library, appropriate software, manual/notes
prepared by Masese
1) Ravi Kalakota, Andrew b.Whinston, Frontiers of Electronic Commerce, Awl International 2) .Bajaj KK and Nag Debjani, From EDI to Electronic Commerce, TataMcGraw-Hill 3) .Bajaj and Nag, Electronic Commerce: The cutting edge of Business, Tata Mcgraw-Hill 4) .Greg Holden, Starting An E-commerce Business For Dummies,2nd edition,IDG books India 5) .David Kosiur, Understanding Electronic Commerce, Microsoft Press
prepared by Masese
standard computing environment in business, home and government, networked computing connects several computers and other electronic devices by telecommunication networks E-business it refers to broader definition of e-commerce i.e just not buying and selling but
also servicing customers and collaborating with business partners and conducting electronic translations within an organization
prepared by Masese
productivity, reaching new customers and sharing knowledge across the world
E- Commerce In Action
prepared by Masese
E-commerce can take many forms depending upon the degree of digitization of the product/ services sold the delivery process and the payment process. A product can be physical or digital, a payment process can be physical or digital and a delivery process can be physical or digital (pure commerce & partial commerce) GOALS OF ECOMMERCE The goals of ecommerce include reducing the costs associated with transactions, lowering product cycle times, improving the speed of customer response, and improving service quality. Most of these goals have been partially fulfilled. However, there is still a lot of progress to be made in these areas Others include Access new markets and extend service offerings to customers 1) 2) 3) 4) 5) Broaden current geographical parameters to operate globally Reduce the cost of marketing and promotion Improve customer service Strengthen relationships with customers and suppliers Streamline business processes and administrative functions
prepared by Masese
prepared by Masese
Technological pressure
1) Rapid technologies 2) Information overload (availability of information from different sources)
prepared by Masese
Seller/Supplie rs
Paymen 10
payme nts
4 9
Automated clearing house
t advice
1-Product/ service information request 2 - Product/ service information 3. Purchase request with payment (eg credit card no) 4. Authentication of purchaser and verification of credit status 7. Status of credit card ok 8. Purchase/service delivery (if online) or shipping document 10. Payments
prepared by Masese
Unique Features of E-commerce Technology Global reach The technology reaches across national boundaries, around Earth Effect: Commerce enabled across cultural and national boundaries seamlessly and without modification Market space includes, potentially, billions of consumers and millions of businesses worldwide Ubiquity Internet/Web technology available everywhere: work, home, etc., anytime. Effect: Marketplace removed from temporal, geographic locations to become market space Enhanced customer convenience and reduced shopping costs Global reach The technology reaches across national boundaries, around Earth Effect:
prepared by Masese
Commerce enabled across cultural and national boundaries seamlessly and without modification Market space includes, potentially, billions of consumers and millions of businesses worldwide Universal standards One set of technology standards: Internet standards Effect: Disparate computer systems easily communicate with each other Lower market entry costscosts merchants must pay to bring goods to market Lower consumers search costseffort required to find suitable products Personalization/Customization Technology permits modification of messages, goods Effect Personalized messages can be sent to individuals as well as groups Products and services can be customized to individual preferences Social technology The technology promotes user content generation and social networking Effect New Internet social and business models enable user content creation and distribution, and support social networks
10
prepared by Masese
between companies and supplies electronically through electronic funds transfer(EFT) 6) SALES FORCE MANAGEMENT: is concerned with improving the communications and flow of information among the sales, customers services and production functions through automation
11
prepared by Masese
GOALS OF E- PROCUREMENT 1) Reduce in purchase cycle time and cost 2) enhancement in budgetary control 3) elimination of administrative errors 4) increase in buyer 's productivity 5) improvement in payment process
Product selection
Requisition
Approval cycle
B2B e- commerce
e-payments
Purchase order
Supplier fulfillment
Product received
Product shipped
12
prepared by Masese
JUST IN TIME MANUFACTURING is an interacted management system in manufacturing as well as retailing which focuses on the elimination of wastes such as time ,material ,lab our and equipments in the production cycle major benefits a) Production cost will decrease as the stock is reduced and hence overheads of maintaining large inventories are reduced b) Market risks are passed on through the supplier chain c) Quality control of production is enhanced only the goods are required at a specific period of production E-CRM What is Customer Relationship Management Increased competition, globalization, the growing cost of customer acquisition, and high customer turnover are major issues in organizations today. CRM is a combination of business process and technology that seeks understand a companys customers from a multi faceted perspective: who are they, what they do and what they like? Customer life cycle: The three phases of CRM There are three phases of CRM: Acquisition, Enhancement and Retention. Each has a different impact on the customer relationship and each can more closely tie a firm to its customers. The three phases of
13
prepared by Masese
Strategic Model for e-Business/CMS/CRM- Software Development 1. Stage of Orientation Define your short, medium and long term targets to discuss your individual requirements 2. Stage of Analysis Analyses of special requirements for your application 3. Stage of Design and Layout Visual displays based on your ideas 4. Stage of Transformation Realizing requirements and ideas in the software solutions 5. Stage of Implementation Full implementation of your e Business solutions
14
prepared by Masese
collaborators
Multimedia Content for E-Commerce Applications Multimedia content can be considered both fuel and traffic for electronic commerce
15
prepared by Masese
Information Delivery/Transport & E-Commerce Applications Transport providers are principally telecommunications, cable, & wireless industries. Transport Routers Information Transport Providers Telecommunication companies Information Delivery Methods long-distance telephone lines; local telephone lines Cable television companies Cable TV coaxial, fiber optic & satellite lines Computer-based on-line servers Internet; commercial on-line service providers Wireless communications Cellular & radio networks; paging systems
Consumer Access Devices Information Consumers Computers with audio & video capabilities Access Devices Personal/desktop computing Mobile computing
16
prepared by Masese
17
prepared by Masese
GLOBAL INFORMATION DISTRIBUTION NETWORKS They consist of the infrastructure crossing the countries and continents; they include the long distance telephone lines, satellite networks and Internet 1) Long distance networks -long distance telephone connectivity is provident through cable by the inter exchange carriers 2) Satellite networks - they are accessible from any point of the globe, they also provide broad band digital service to many points without the cost acquiring wire or cable connection 3) Internet -is a group of worldwide information highways and resources that enables the world to become an information society. It has been viewed as a prototype for the National Information Infrastructure (NII). It provides a platform for E-COMMERCE Internet Mail enables one to send information in the form of letters, messages, advertisements, spreadsheets, game programs, binary files, multimedia data files across the Net to one or more Internet addressees. Intranet. Is an intra business or intra-organization delivery system .Intranet is a technology that uses Internet technology to deliver an organizations internal information. This includes integration of E-mail, FTP, Mail Server(s) and Web server(s) with the internal
18
prepared by Masese
19
prepared by Masese
Electronic Data Interchange ( EDI) EDI and Networks: Short for Electronic Data Interchange, the transfer of data between different companies using networks such as VANs or the Internet. As more and more companies get connected to the Internet, EDI is becoming increasingly important as an easy mechanism for companies to buy, sell, and trade information. ANSI has approved a set of EDI standards known as the X12 standards. EDI and Process: Basically, the electronic data interchange process is the computer-to-computer exchange of business documents between companies. EDI documents: EDI replaces the faxing and mailing of paper documents. EDI documents use specific computer record formats that are based on widely accepted standards. However, each company may use the flexibility allowed by the standards in a unique way that fits their business needs. EDI for Industries: EDI is used in a variety of industries. In fact over 80,000 companies have made the switch to EDI to improve their efficiencies. Many of these companies require all of their partners to also use EDI.
20
prepared by Masese
21
prepared by Masese
Disadvantage: Drawbacks are few and far between, but there are some. For example, companies choosing to implement both paper and EDI processes must manage both of these processes. However, as stated before, using EDI is much more efficient than using paper, lending strength to the argument against paper documents. Also, companies must ensure that they have the resources in place to make an EDI program work; however, the need for these resources (or their hiring) may be offset by the increased efficiency that EDI provides.
22
prepared by Masese
EDI Communication Systems and translation software: VAN is a third-party link in the EDI communication system that provide the EDI translation software-service. Value Added Network (VAN): VANs are private networks that add value to the basic communication provided by common carriers by offering specialized services such as access to commercial data bases, E-mail and video conferencing. Safaricom broadband is an example of a VAN. VANs present an attraction for companies that exploit the benefits of telecommunication without any major investment. A value-added network (VAN) is a hosted service offering that acts as an intermediary between business partners sharing standards based or proprietary data via shared business processes. VANs traditionally transmitted data formatted as Electronic Data Interchange (EDI).
Traditional methods of business document handling versus sending these documents over EDI.
23
prepared by Masese
Computerized business applications and standard formats: Since data is exchanged in standard predefined formats, it becomes, possible to exchange business documents irrespective of the computerised business application at either end of communication. Accounts Receivable application as example: For example, the supplier's Accounts
Receivable application for raising an Invoice for payment could still be implemented on a file system using COBOL while the customer's Accounts Payable may be based on an RDBMS such as ORACLE.
24
prepared by Masese
Application-to-application without rekeying: Once data is entered into the buyer's computer system and transmitted electronically, the same data gets entered into the seller's computer, without the need for rekeying or re-entry. This is normally referred to as application-toapplication EDI.
Integrated with application programs: EDI can be fully integrated with application programs. This allows data to flow electronically between trading partners without the need for rekeying, and between internal applications of each of the trading partners.
25
prepared by Masese
26
prepared by Masese
Costs and Benefits Direct benefits 1. No need to rekey: Since the transfer of information from computer to computer is automatic, there is no need to rekey information. Data is only entered at the source* 2. Cost of processing EDI documents is much smaller than that of processing paper documents. 3. Customer service is improved. The quick transfer of business documents and marked decrease in errors allow orders to be fulfilled faster. 4. Information is managed more effectively . 5. There is improved job satisfaction among data entry operators, clerks etc. when redeployed in more creative activities Strategic benefits 1. Customer relations are improved through better quality and speed of service.
27
prepared by Masese
Three Main Components of EDI: The three main components required to be able to send or receive EDI messages are: 1) EDI standards 2) EDI software 3) third party networks for communications.
EDI STANDARDS EDI and Business application and hardware: Using EDI it becomes possible for a business application on the computer of one organization to communicate directly with the business application on the computer of another organization. This exchange of information should be independent of hardware, software or the nature of implementation at either of these two organizations.
28
prepared by Masese
EDI SOFTWARE Structured EDI format: EDI software consists of computer instructions that translate the information from unstructured, company-specific format to the structured EDI format, and then communicate the EDI message. EDI software and translates: EDI software also receives the message and translates from standard format to company-specific formats Thus the major functions of the EDI software are data conversion, data formatting and message communication. EDI software available for computers: EDI software is available for mainframes, minicomputers, and microcomputers. The requirements of EDI are: a computer, a communication interface and appropriate software. EDI Translators: EDI Translators perform the important function of translating business data from company-specific formats to standard formats and vice-versa. When a document is
29
prepared by Masese
Networks EDI server with mailboxes: EDI documents are electronically exchanged over communication networks which connect trading partners to one another. These documents are stored in user mailboxes on the network's EDI server from where they can be downloaded/uploaded at the user's convenience. VAN and Trading partners: These Value Added Networks (VANs) provide users with a single point interface to the trading community freeing the user from the worries of handling different communication protocols, time zones and availability of the computer system at the other endcommon problems in cases where direct links have to be maintained with each trading prepared by Masese partner
30
Electronic payments systems are proliferating in banking, retail, health care, online markets and even governments. It provides cost effective and provide higher quality service to the end users(customers)
EFT(Electronic Funds Transfer) is any transfer of funds initiated through an electronic terminal, telephonic instrument or computer so as to order, instruct or authorize a financial institution to debit or credit an amount EFT uses computer and telecommunication components both to supply and transfer money or financial assets Electronic payment requirement need to fulfill the following: 1) Acceptability : in order to be successful, the payment system needs to be widely accepted 2) Convertibility : the digital money should be able to be converted into other types of funds 3) Efficiency : the cost per transaction should be low or nearly zero
4) Flexibility : several methods of payment should be supported 5) Scalability : payment should be easy as in the real world 6) Security : electronic payment systems should allow financial transactions over open networks such as the internet Types of electronic payments systems
31
prepared by Masese
Electronic cash Electronic cash ,digital money,e-cash provide the means to transfer money between transacting over a network such as the internet. Electronic cash must satisfy some properties of digital money : 1) monetary value :e-cash must have a monetary value either by cash or bank authorized credit 2) interoperability : exchangeable as payment for other e-cash, paper cash, goods and
32
prepared by Masese
33
prepared by Masese
There are a number of electronic cash protocols. To a degree, all digital cash schemes operate in the following manner: A user installs a "cyber wallet" onto computer. 1) Money can be put in the wallet by deciding how much is needed and then sending an encrypted message to the bank asking for this amount to be deducted from the user's account. 2) The bank reads the message with private key decryption and verifies if it has been digitally signed in order to identify the user. 3) The bank then generates "serial numbers", encrypts the message, signs it with its digital signature and returns it. The user is now entitled to use the message (coin or token) to spend it at merchant sites. Merchants receive e-cash during a transaction and see that it has been authorized by a bank. 4) They then contact the bank to make sure the coins have not been spent somewhere else,
34
prepared by Masese
As it was mentioned in the introduction, there are two types of system for digital cash, namely, the online system and offline system. In the following, systems structure, advantages and disadvantages are discussed.
Bank Result
Deposit
banks
Withdraw Coins
Deposit Coins
Coins
User
Payment
Merchant
Receipt
35
prepared by Masese
The user ID in this online digital cash system is fully anonymous and it is done by using a protocol called Blind Signature Protocol. Blind signatures are typically employed in privacy-related
protocols where the signer and message author are different parties.
This protocol simply eliminates the association between the user ID and the serial number of the coin. Although it is good to hide users identity totally, but this raises the problem of double spending since the digital cash is digitally represented, it is very easy to duplicate and let the user spend the coin twice.
To tackle the double spending problem, the merchant has to verify the coin with the bank at the point of sale in each of the transaction, this verification of the legitimacy of the coin requires extra bandwidth and is a potential bottleneck of the system especially when the traffic is high. The real time verification also means there is a need for the synchronization between bank servers.
Pros and Cons of the online digital cash system Here is the summary of the pros and cons of the online system: Pros
Provides fully anonymous and untraceable digital cash: - Provides user with confident that their user ID will not be revealed in anyways. No double spending problems. - Double spending is not possible at all due to the fact that coins are checked in real time during the transaction. Don't require additional secure hardware - No additional hardware is needed for the implementation; existing POS (Point of Sale)
36
prepared by Masese
Cons Communications overhead between merchant and the bank. - The cost of the extra security and anonymity also becomes the bottleneck of the system due to real time verification. Huge database of coin records. - The bank server needs to maintain an ever-growing database for all the used coins serial numbers. Difficult to scale, need synchronization between bank servers. - There is a need to perform synchronization of coins serial numbers every time a coin is deposit into the bank. This is simply impractical. Coins are not reusable - It has to be deposited back to the bank for verification; therefore, coins can only be used once.
Bank 1
Bank
Others
T.R.D.
In the off-line scheme, the withdrawal and disposal of the coins are very similar to the one in the online scheme; the main difference is in the transaction part of the model. Instead of verifying coins during every transaction, the security of each entity in the system is guaranteed without a direct
37
prepared by Masese
Off-line scheme
-The offline model is a fully offline and portable system.
38
prepared by Masese
39
prepared by Masese
40
prepared by Masese
Buyers bank
Sellers bank
4) forward cheque
5) Forward cheque
6) Transfer money
Accounting server
Buyers browse r
Sellers server
2) Select goods, transfer e-cheque
41
prepared by Masese
CREDIT CARD BASED ELECTRONIC PAYMENT SYSTEM A credit card is a small plastic card that has a magnetic strip on the exterior; the magnetic strip carries some encoded form of encoded information about the card number and the card holder. The data that is encoded onto the card the card may be encrypted making it difficult for potential thieves to decode or copy the information onto another card. A card reader I required to read as well write information to the magnetic strip
Magnetic strip card: Holds a value that can be recharged by inserting it into the appropriate machines, inserting currency into the machine, and withdrawing the card; the
42
prepared by Masese
Categories of on line payments over the internet 1) Payments using plain credit card details 2) Payments using encrypted credit card details 3) Payments using third party verification Payments using plain credit card details The earliest method of payment was through unencrypted credit card numbers over the internet ,the low level of security inherent in the design of the internet makes this method problematic. Authentication is also a significant problem and the vendor is usually responsible to ensure that the person using the credit card is its owner.
Once registered, the buyer or payer can issue electronic cheques for the purchase of goods and services Card issuers server
4 request 3. forward to issuer
Acquirers server
9.Request for payment forwarded and money transferred Account update to customer and transfer of funds 8.request to clear payment
6) Check for
6.authorisati on forward
43
Customers browser
prepared by Masese
2. Select goods and make credit card
Payment through credit card number
Vendors server
Smart card: A stored-value card that is a plastic card with an embedded microchip that can store information. Credit, debit, and charge cards currently store limited information on a magnetic strip. A smart card can store about 100 times the amount of information that a magnetic strip plastic card can store. A smart card can hold private user data, such as financial facts, encryption keys, account information, credit card numbers, health insurance information, medical records,
However, this would add to the cost of the credit card translation itself and hence encryption may be restricted to only high value, sensitive payments The scheme uses two sets of public private keys, one belonging to the customer and the other to the credit card issuer ,the credit card number is doubly encrypted using the banker s(issuers) public key for the confidentiality(only the bank can decrypt the credit the credit card) and the customers private key for authenticity of the sender(only the customer could have encrypted card number) Payments using third party verification In third-party processing, the consumer register with a third party on the internet to verify electronic transactions via credit cards. such third parties are commonly referred to as on-line third party processors(OTPPS) OTPPS requires an OTPP account number by filling out the registration form consisting of the customer information profile that is backed by a traditional financial instrument such as a credit card.
44
prepared by Masese
Customer cu browser
Vendor server
5. Authorisation 2. Request for verification of customer account and credit status 4.approval
OTPP server
Smart cards and electronic payment systems Smart cards have been in existence since 1980s and have become a widely accepted and secure means of handling off-line as well as transactions A smart card is a small plastic that contains a microprocessor and a storage unit. Smart card technology has been able to overcome most of the limitations of the magnetic strip cards. However they are expensive to implement. But they hold greater amounts of data compared to magnetic strip cards Smart cards are classified as follows: 1. Memory smart cards or electronic purses or debit cards 2. Intelligent or relationship- based smart cards
Memory smart cards or electronic purses or debit cards Electronic purses are smart cards that are capable of storing monetary value onto their microprocessor chip, this money can be used by the consumer for purchase. These are used as debit cards for the payments against purchase of goods/services or as pre
45
prepared by Masese
1. Privacy : the user must not be exploited ,the payments should be anonymous as possible 2. Security: security of the translation can be achieved through user authentication and restriction of the information/ service through access control 3. User friendly interface : users value convenience is vital hence the interface should be easy to use 4. Brokers : a network broker i.e someone to broker goods and services, settle conflicts and facilitate financial translations electronically must be available . 5. Pricing :there should be subsidies to encourage the customers to move the traditional payment systems to e- payment systems 6. Standards : standardization of the electronic payment systems is desirable for
interoperability, giving the users the ability to buy and receive information, regardless of which financial institutions is managing their accounts
46
prepared by Masese
Benefits of wireless and mobile computing 1) MOBILITY: mobility indicates constant physical movement of a person and his network
appliance i.e extending the office to any location in which a person might be. 2) Ease of installation in difficult to wire areas : the implementations of wireless networks offers many tangible cost saving when performing installations in difficult to wire areas such as rivers, freeways or other obstacles separating the building you want to connect 3) Reduced installation time : the installations of cabling is often a time consuming activity, on other hand the deployment of wireless LANS,MANS and WANS greatly reduces the need for
47
prepared by Masese
2) Personal Digital Assistant : the personal digital assistant may be thought of a PC reduced in size to fit inside the coat pocket, however, optimization in size and weight means limiting the functionality The PDA may be subdivided as follows
48
prepared by Masese
49
prepared by Masese
B91901156
Mobile Commerce
Mobile commerce from the Customers point of view 1) The customer wants to access information, goods and services any time and in any place on his mobile device. 2) He can use his mobile device to purchase tickets for events or public transport, pay for parking, download content and even order books and CDs. 3) He should be offered appropriate payment methods. They can range from secure mobile micro payment to service subscriptions Providers point of view
50
prepared by Masese
51
prepared by Masese
52
prepared by Masese
53
prepared by Masese
54
prepared by Masese
WAP(Protocol) and i-mode(Service) WAP(Wireless Application Protocol) It is a open and standard wireless application software protocol. The WAP system are composed of two main factors 1) 2) 3) 4) 1) 2) WMLWireless Markup Language: similar to HTML WAP Gateway / Proxy : to change the webpage source code to the suitable one. Need a connecting action Payment according to time used. i-mode The first packet-based, always-on, mobile Internet service Various services available : Banking, game, wallpaper, music.
55
prepared by Masese
IPv4 Addresses are 32 bits (4 bytes) in length. Must support a 576-byte packet size (possibly fragmented).
IPv6 Addresses are 128 bits (16 bytes) in length Must support a 1280-byte packet size (without fragmentation).
Non-repudiation refers to a state of affairs where the purported maker of a statement will not be able to successfully challenge the validity of the statement or contract
56
prepared by Masese
Mobipay system
OR Internet Merchant Mobipay System with Access Node router 8 4 5 3 GSM 6 8 4 7 +
WEB WEB 2 1
REF:REF: )))) Delivery 01021234 01021234 1234 REF 1500 ptas OPERATOR Store X x Store NETWORK Alternative: PIN:OK + PIN 12345 -----
4. Data validation 1. User chooses Mobipay payment method on merchant site 2. Merchant sends unique Mobipay reference asociated with amount 3. User sends reference (+ PIN) 5. PIN request 6. PIN response 7. Authorisation 8. Confirmation
If PIN not entered directly
User
57
prepared by Masese
1)
E commerce is available to only those places where we have net connectivity, but with m commerce we are free from all such boundaries.
2)
Video conferencing has become possible with m commerce even in places where there is no internet.
3)
E commerce not only needs internet but also electricity whereas there is no such requirement with m commerce.
4)
M commerce is easier to get to in comparison to e commerce but at present, using m commerce is costlier than using e commerce
58
prepared by Masese
using people's private information like credit card numbers to sabotage of major organizations with a presence on a network. To secure data, one has to ensure that it makes sense only to
those for whom it is meant. This is the case for data transactions where we want to prevent eavesdroppers from listening to and stealing data. Other aspects of security involve protecting user data on a computer by providing password
restricted access to the data and maybe some resources so that only authorized people get to use these, and identifying miscreants(trouble maker) and thwarting(upsetting) their attempts
to cause damage to the network among other things. Network security includes the following four steps: Secure: Lock your networks with a combination of authentication, encryption, firewalls, and continuous patching of system vulnerabilities. Examine: To maintain a secure network, you have to regularly monitor the state of security mechanisms, readiness, and incident handling procedures. Network vulnerability scanners from a number of reputable vendors will proactively locate areas of weakness, and IDSs can alert and respond to security events when they occur. Your organization can get high visibility of the network data stream and the security condition of the network using emerging security solutions.
59
prepared by Masese
Security service Is something that enhances the security of the data processing systems and the information transfers of an organization, intended to counter security attacks make use of one or more security mechanisms to provide the service, replicate functions normally associated with physical documents eg have signatures, dates; need protection from disclosure, tampering, or destruction; be
60
prepared by Masese
originated from.
In practice the recipient of a message will often authenticate the sender of a message that is
received by first checking that the signed data in the message has been signed using the public certificate whose private key was used to sign the message for message integrity purposes and then checking the credentials in that public certificate to determine the identity of the sender.
61
prepared by Masese
Certificate identifies the public key which is used to encrypt the symmetric key which is used
to encrypt the various parts of the message. Its structure and semantics is the same as Certificate as defined under Message Integrity.
Message Parts are a list of the parts of the message that are encrypted. Each part is
encrypted separately. It may contain some combination of: Body, Start Header and Signature. Signature means the digital signature that results from signing the message is encrypted.
62
prepared by Masese
using this model requires us to: generate the secret information (keys) used by the algorithm develop methods to distribute and share the secret information design a suitable algorithm for the security transformation
63
prepared by Masese
USING THIS MODEL REQUIRES US TO: Select appropriate gatekeeper functions to identify users Implement security controls to ensure only authorised users access designated information or resources
COMMUNICATION SECURITY GOALS The basic goal inn protecting communications will be to provide reasonable assurance that
64
prepared by Masese
2. Easy communication with multiple hosts Each host in the organization need to communicate with a growing communicate of other hosts, it must be connected to LAN
3. Generic internet access Internet provides a wealthy of information and communication opportunities ,but it also brings a broadly based international threat directly to you desk top 4. Strongly secrecy Leaking a single message can seriously compromise the organization goals and cause damage from which it is very difficult to recover strongly secrecy is very expensive to achieve. Cryptography Data that can be read and understood without any special measures is called plaintext or cleartext. The method of disguising plaintext in such a way as to hide its substance is called encryption. Encrypting plaintext results in unreadable gibberish called ciphertext. You use encryption to
65
prepared by Masese
Plaintext _____ Encryption ________ cipher______text plaintext _decry encryption Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient.
Social Engineering It is the means of breaking and entering into a computer system by extracting information
such as passwords, firewall configurations data, network operating system data from
unsuspecting company employers or employers or employees willing to help Social engineers play on the general trusting nature of human beings and their natural instinct
information, most commonly social engineers use the telephone to gain information by calling and posing as a service person or high level executive or a person from the help desk
Hence the rule should be not to divulge sensitive information over the phone ,even if the
66
prepared by Masese
67
prepared by Masese
Privacy protection The privacy issues on the internet are of concern and protecting the privacy of users a number of regulatory and self regulatory frameworks have come up 1. Self regulatory acts There are some suggestions how the users can protect their privacy a) Think before you give out personal information on a site b) Use encryption for sending critical information as credit numbers
68
prepared by Masese
Intellectual property issues Intellectual property is the intangible created by individual or corporations which is protected under copyright, trade secret and patent laws Copy right is a statutory grant that provides the creators of intellectual property with ownership of it for 28 years, they are entitled to collect fees from anyone who wants to copy or use the property Trade secret is intellectual work which is a company secret and not based on public information Patent is a document that grants the holder exclusive rights on an invention for 17 years
Copy righting is the major intellectual property issues related to E-commerce include : 1)The internet and cyber space are fast encouraging and enabling the use of pirated soft wares, cds, music and movies- destroying thousands of jobs and millions in revenue 2) Software is a major issue on the internet, reproduction and distribution of copyrighted works is common on the internet 3) Another controversial issues in the electronic world is the expansion of library and distance over the internet without compromising copyrights
69
prepared by Masese