About 60 percent of all electronic commerce sites are

in English, therefore many language barriers need to

be overcome.
60
.
The political structures of the world presents some
challenges.
.
Legal, tax, and privacy are concerns of international
electronic commerce.

.

International Electronic
Commerce

The Internet is a large system of interconnected

computer networks that spans the globe.

.
The Internet supports e-mail, online newspapers and
publications, discussion groups, games, and free
software.

.
The World Wide Web includes an easy-to-use standard
interface for Internet resources accesses.

.

The Internet and World

Wide Web

A catalog display

Shopping cart capabilities

Transaction processing

Tools to populate the store catalog and to

facilitate storefront display choices

Electronic Commerce
Requirements

A small commerce site can have a simple catalog,

which is a static listing of goods and services.

.
Larger catalog has photos of items, descriptions,
and a search feature.

For example, MP3.com is a large commerce site
and Women in Music is a small site.

" MP3.com" "

"

Catalog Display

Online forms were used for online shopping.

.
A new way of online shopping is through shopping
carts.

.
QuickBuy is one company that makes this type of
shopping cart software.
.
Cookies are bits of shopping information stored on a
client computer.

.

Shopping Cart

Transaction processing occurs when the

shopper proceeds to the virtual checkout
counter.


Software needs to calculate price, volume
discounts, sales tax, and shipping costs.

.
Sales tax may vary in different states.
.

Transaction Processing

Inexpensive storefronts that are offered by

established portals, such as Yahoo!.


Robust software suites that run on large,
dedicated computers and interact with
database systems such as Oracle.


.
B2B systems must be able to connect to
existing legacy systems.
B2B
.

Electronic Commerce
Tools

There are three types of electronic

commerce threats:
Client threats
Communication channel threats
Server threats

Electronic Commerce
Threats

Web pages were mainly static.

.
The widespread use of active content has changed the
function of Web pages.

.

Sources of client threats:

Active content
Java, Java Applets, and JavaScript
ActiveX Controls
Graphics, Plug-Ins, and E-mail Attachments

Client Threats

Active content refers to programs that are embedded

transparently in Web pages and that cause action to
occur.

.
The best-known active content forms are Java
applets, ActiveX controls, JavaScript, and VBScript.

ActiveX VBScript.
Also include graphics and Web browser plug-ins.
.

Active Content

A Trojan horse is a program hidden inside another

program or Web page that masks its true purpose.

.
A zombie is a program that secretly takes over
another computer for the purpose of launching
attacks on other computers.

.
Malicious cookies can destroy files stored on client
computers.
" "
.

Active Content

Java

Java adds functionality to business applications

and can handle transactions and a wide variety
of actions on the client computer.
.

.
Java sandbox confines Java applet actions to a
set of rules defined by the security model.
Java
.
These rules apply to all untrusted Java applets.

.

Java applets that are loaded from a local

file system are trusted.
Trusted applets have full access to system
resources on the client computer.
Signed Java applets contain embedded
digital signatures from a trusted third party,
which are proof of the identity of the
source of the applet.

Java Applets

JavaScript is a scripting language to

enable Web page designers to build active
content.
JavaScript can invoke privacy and integrity
attacks by executing code that destroys
your hard disk.
JavaScript programs do not operate under
the restrictions of the Java sandbox security
model.

JavaScript

ActiveX is an object that contains programs and

properties that Web designers place on Web pages
to perform particular tasks.
ActiveX controls run only on computers running
Windows and only on browsers that support them.
Because ActiveX controls have full access to your
computer, they can cause secrecy, integrity, or
necessity violations.

ActiveX
.
ActiveX
.
ActiveX
.

ActiveX Controls

Graphics, browser plug-ins, and email attachments can harbor

executable content.
The code embedded in the graphic
could be a potential threat.
E-mail attachments provide a
convenient way to send non-text
information over a text-only system.

Graphics,, and E-mail

Attachments

A virus is software that attaches itself to another

program and can cause damage when the host
program is activated.
Worm viruses replicate themselves on other
machines.
A macro virus is coded as a small program and is
embedded in a file.
The term steganography describes information that
is hidden within another piece of information.

.
.
.

.

Virus

The Internet is not at all secure.

Messages on the Internet travel a random path
from a source node to a destination node.
Internet channel security threats include:
secrecy

integrity
.

.
:

Communication
Channel Threats

Secrecy is the prevention of

unauthorized information disclosure.
Privacy is the protection of individual
rights to nondisclosure.
Secrecy is a technical issue requiring
sophisticated physical and logical
mechanism.
Privacy protection is a legal matter.

.
.
.
.

Secrecy Threats

An integrity threat exists when an unauthorized party can

alter a message stream of information.
Cyber vandalism is an example of an integrity violation.
Masquerading or spoofing is one means of creating
havoc on Web sites.

.

Integrity Threats