Aisch 03

Electronic Commerce
Chapter 3
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
31
Learning Objective 1
Explain the history of the Internet and how it works.
32
Electronic Networks
Electronic networks are groups of computers that are connected together electronically. Local area networks (LANs) are networks that span a single site. Metropolitan area networks (MANs) span a single city or metropolitan area.
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 33
Electronic Networks
Wide area networks (WANs) are networks of computers that span at least two metropolitan areas.
34
The Internet
The Internet is an electronic highway that allows computers to communicate with each other. The earliest practical version of the Internet was created in the early 1970s by the Pentagons Advanced Research Projects Agency (ARPA). It was called ARPANET.
The Internet
Bitnet
MILnet
NSFnet
They adopted a common set of communications protocols called TCP/IP (Transmission Control Protocol/Internet Protocol).
The Internet
Transmission Control Protocol (TCP) divides electronic messages into packets of information and then reassembles these packets at the end.
Internet Protocol (IP) assigns a unique address to each computer on the Internet.
37
The Internet
Fixed IP address
Dynamic IP address
Domain name Domain name servers
Describe intranets and explain how they are made secure.
39
Intranets
It is a self-contained, in-house internet. Extranets exist when the intranets of two or more companies are linked together.
3 10
Intranet Security Issues

The Internet
Network computers
Corporate Intranet
Firewall
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 3 11
Intranet Security Issues

Firewalls can be defeated.
An attacker can assume a false identify such as a false IP address.

What are additional layers of defense?
Access limits through password control

Encryption Proxy servers
3 12
Explain client-server technology and how it applies to electronic financial transactions.
3 13
Commerce on the Internet
It is a robot-type program that constantly runs on some computers and exchanges information with clients.
3 14

What is a client?
It is a program that accesses and exchanges information with a server. A great many of the business transactions that occur on the Internet take place in client-server environments.
3 15

Being robots, servers dont get paid by the hour and dont require fringe benefits. Servers can deal with hundreds of users (clients) at one time. Servers can be accessed at any time of day, anywhere in the world, with no per-minute communication charges.
Types of Servers
There are many kinds of servers on the Internet: Mail servers Web servers File servers Commerce servers
3 17
Types of Servers
Mail Server
Senders mail client Message sender Senders mail server Receivers mail server The Internet
3 18
Receivers mail client Message receiver
Types of Servers
What are file servers?
They allow authorized clients to retrieve files from libraries of files that exist on remote computers. The most common protocol for file serves is called FTP. A file server that uses this protocol is called an FTP server.
Types of Servers
What is a Web server? It is a server that allows a user (client) to access documents and run computer programs that reside on remote computers. All Web clients automatically read and interpret HTML (hypertext markup language).
Types of Servers
Hyperlinked Documents
Hyperlink World Wide Web document on server in Chicago World Wide Web document on server in San Diego World Wide Web document on server in Tokyo
Types of Servers
They are specialized types of Web servers with various commerce-related features. Support for the secure electronic transaction (SET) protocol
3 22
Types of Servers
Support for specialized types of client and server authentication Support for interfacing with external programs Enhanced security features Online credit card or bank verification
Types of Servers
Bank Encrypted communication link Verify payment
Order/payment information
Internet
Consumers client Commerce server
Product information and order verification

Types of Servers
Commerce server
Corporate accounting system
Goods shipped to customer
Shipping
Order file
3 25
Electronic Payment Systems

Traditional electronic bill payment systems
Traditional credit card systems

Secure electronic transaction (SET) systems Virtual cash systems
3 26
Describe various approaches to securing electronic financial transactions.
3 27
Security for Electronic Transaction
Secret-key encryption Public-key encryption
Digital envelopes
3 28
Secret-Key Encryption
Secret key
Message
Encryption
Decryption
Message
3 29
Public-Key Encryption
Recipients public key Recipients private key
Message
Encryption
Ciphertext
Decryption
Message
3 30
Digital Envelope
What is a digital envelope? It is an encryption method in which the message is encrypted with a secret key, and the secret key is encrypted with the recipients public key. This method is sometimes referred to as double-key encryption.
Double-Key Encryption
Recipients public key
Random message key

Public-key encryption
Encrypted message key
Message
Private-key encryption
Ciphertext
3 32
Double-Key Encryption
Recipients private key
Message key Encrypted message key Public-key decryption
Ciphertext
Private-key decryption
Message
3 33
Digital Signatures
A digital signature occurs when someone encrypts a message with his or her own private key.
What is a hashing function?

A hashing function takes a long variable-length string of characters and converts it into a short fixed-length string.
Digital Signature Creation

Hashing algorithm
Senders private key
Hash of message
Public-key decryption
Digital signature
Message
Verification of Digital Signature
Message
Hashing algorithm
Hash of message
Verify signature
Digital signature
Public-key decryption
Senders public key

3 36
Digital Time-Stamping
What is a digital time-stamping service (DTS)? It is an organization that adds digital time-stamps to documents.
3 37
Digital Time-Stamp Procedure

Attach date and time, then digital signature
Message
Digital time stamp service

Message
Date and time Digital signature
3 38
Verification of Digital Time-Stamp
Message Date and time Digital signature
Hash message and date and time
Hashed message and date and time
Verify match
Decrypt DTSs signature with DTSs public key
Decrypted digital signature

3 39
Security Issues for Public-Key Encryption Systems

What is cryptanalysis attack? It involves various techniques for analyzing encrypted messages for purposes of decoding them without legitimate access to the keys.
The simplest possible attack on a message is the guessed plaintext attack.


The whole security of public-key encryption depends on the assumption that an attacker cannot factor the product of two large prime numbers (factoring attack).
The best way to prevent cryptanalysis and factoring attacks is to use very long keys.
3 41

What are some ways of protecting private keys? Creating and distributing keys Digital certificates Certificate revocation list (CRLS) Certificate chains Certificate-signing units Key expirations
Electronic Commerce and Encryption Technology

What is digital cash? It is money created when a bank attaches its digital signature to a note promising to pay the bearer some amount of money.
3 43
Electronic Commerce and Encryption Technology

What is blinding? It is a technique in which a bank issues digital cash in such a way the it is unable to link the payer to the payee.
What is a blinded digital signature?

It is a digital signature and related digital cash that have been issued with blinding.
Computer Software and Computer Card Systems

What is an electronic wallet? It is a computer program that keeps track of the various keys and items of information associated with digital money.
What are smart cards?

They are hand-held electronic cards that are used for payments.
Computer Software and Computer Card Systems
Memory cards Shared-key cards
Signature-transporting cards
Signature-creating cards
End of Chapter 3
3 47

Aisch 03

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Aisch 03

Uploaded by

Copyright:

Available Formats

Electronic Commerce

Explain the history of the Internet and how it works.

Describe intranets and explain how they are made secure.

Intranet Security Issues

Intranet Security Issues

An attacker can assume a false identify such as a false IP address.

Access limits through password control

Explain client-server technology and how it applies to electronic financial transactions.

Commerce on the Internet

Commerce on the Internet

Commerce on the Internet

Receivers mail client Message receiver

Product information and order verification

Corporate accounting system

Goods shipped to customer

Electronic Payment Systems

Traditional credit card systems

Describe various approaches to securing electronic financial transactions.

Security for Electronic Transaction

Secret-key encryption Public-key encryption

Random message key

Encrypted message key

What is a hashing function?

Digital Signature Creation

Senders private key

Verification of Digital Signature

Senders public key

Digital Time-Stamp Procedure

Digital time stamp service

Date and time Digital signature

Verification of Digital Time-Stamp

Message Date and time Digital signature

Hash message and date and time

Hashed message and date and time

Decrypt DTSs signature with DTSs public key

Decrypted digital signature

Security Issues for Public-Key Encryption Systems

The simplest possible attack on a message is the guessed plaintext attack.

Security Issues for Public-Key Encryption Systems

Security Issues for Public-Key Encryption Systems

Electronic Commerce and Encryption Technology

Electronic Commerce and Encryption Technology

What is a blinded digital signature?

Computer Software and Computer Card Systems

What are smart cards?

Computer Software and Computer Card Systems

Memory cards Shared-key cards

You might also like