Technology infrastructure for electronic commerce
This presentation is the property of its rightful owner.
Sponsored Links
1 / 41

Technology Infrastructure for Electronic Commerce PowerPoint PPT Presentation


  • 68 Views
  • Uploaded on
  • Presentation posted in: General

Technology Infrastructure for Electronic Commerce. Olga Gelbart [email protected] THE GEORGE WASHINGTON UNIVERSITY based on Prof. Lance Hoffman’s Lecture on Network Infrastructure for Electronic Commerce. Snapshots of the Electronic Commerce World. Yesterday - EDI

Download Presentation

Technology Infrastructure for Electronic Commerce

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Technology infrastructure for electronic commerce

Technology Infrastructure for Electronic Commerce

Olga Gelbart

[email protected]

THE GEORGE WASHINGTON UNIVERSITY

based on Prof. Lance Hoffman’s Lecture on Network Infrastructure for Electronic Commerce


Snapshots of the electronic commerce world

Snapshots of the Electronic Commerce World

  • Yesterday - EDI

  • Today - getting our toes wet, what this course is about

  • Tomorrow - Metadata, machine understandable information on the Web.

    • Catalog information

    • Intellectual property information

    • Endorsement Information

    • Privacy information

    • see www.w3c.org/pics and www.w3c.org/p3p


How did we get here

How Did We Get Here?

  • Before the Internet

    • History of Commerce and Money

    • Elements of payment systems

  • The Start of the Internet

    • Predecessor Networks

    • Timeline of Significant Events

  • The Internet Today

    • What is the Internet?

    • How Does the Internet Work?

    • Differences from Original Net

    • Differences from Traditional World Out There

  • The Internet in the Future


What is the internet

What is the Internet?

  • On October 24, 1995, the FNC unanimously passed a resolution defining the term Internet. This definition was developed in consultation with members of the internet and intellectual property rights communities. RESOLUTION:The Federal Networking Council (FNC) agrees that the following language reflects our definition of the term "Internet". "Internet" refers to the global information system that -- (i) is logically linked together by a globally unique address space based on the Internet Protocol (IP) or its subsequent extensions/follow-ons;(ii) is able to support communications using the Transmission Control Protocol/Internet Protocol (TCP/IP) suite or its subsequent extensions/follow-ons, and/or other IP-compatible protocols; and(iii) provides, uses or makes accessible, either publicly or privately, high level services layered on the communications and related infrastructure described herein.

  • http://www.fnc.gov/Internet_res.html


The internet connections

The Internet - connections

  • Computers in the backbone connected by a (T3) data connection (45 megabits/second)

  • ISP hosts and other powerful computers connectusing (T1,Broadband) lines

  • Leased lines (some businesses)

  • Modem dial-up connections

  • Cable modems

  • ADSL - Asymmetric Digital Subscriber Line


Internet features

Internet features

  • Originally ARPAnet

    • MIT, MITRE, SRI, BBN

    • Distributed communications even with many failure points

    • Dissimilar computers exchange info easily

    • Route around nonfunctioning parts

    • 4 sites: SRI, UCLA, UCSB, Univ of Utah

  • Hafner and Lyon, Where Wizards Stay Up Late, Simon & Schuster 1996


Technology infrastructure for electronic commerce

Kahn’s Internet PrinciplesR. Kahn, Communications Principles for Operating Systems. Internal BBN memorandum, Jan. 1972.

  • Each network must stand on its own and no internal changes could be required to connect it to the Internet

  • If a transmission failed, try again

  • Simple black boxes (later called “gateways” and “routers” would connect the networks

  • No global control at operations level


The internet development

The Internet - development

1962 Licklider, J.C.R., Galactic Network memos

Licklider - MIT to ARPA

ARPANET and successors: open architecture networking

1970s: universities and other DoD contractors connect

packets rather than circuits (note many of the names in

the articles were graduate students then)

1975: 100 sites and e-mail is changing how people collaborate

Late 1970s: New Packet Switching Protocol:

Transfer Control Protocol/Internet Protocol(TCP/IP)

1980: MILNET takes over military traffic

1980s: NSFNet links together NSF researcgers,

Internet protocols incorporated into (BSD) Unix, a widespread operating system

Late 1980s: NSFNet absorbs original ARPANET (for a US university to get NSF

funding for an Internet connection, that connection had to be made available to

all qualified users on campus, regardless of discipline

1995: Commercial backbones replace NSFNet backbone

Usenet

BITNET

Commercial Networks: AOL, Compuserve, etc.


Federal decisions that shaped the internet

Federal Decisions that Shaped the Internet

  • Agencies shared cost of common infrastructure, e.g., trans-oceanic circuits

  • CSNET/NSF (Farber) and ARPA (Kahn) shared infrastructure without metering

  • Acceptable Use Policy - no commercialization. Privately funded augmentation for commercial uses (PSI, UUNET, etc.), thought about as early as 1988 KSG conferences sponsored by NSF

  • NSF defunded NSF backbone in 1995, redistributing funds to regional networks to buy from now-numerous, private, long-haul networks

  • NSFNet $200M from 1986-1995


Technology infrastructure for electronic commerce

The Internet - Four AspectsLeiner, et al., “A Brief History of the Internet”, http://info.isoc.org/internet/history/brief.html

  • Technological Evolution

    • Packet Switching

    • Scale, Performance, Functionality

  • Operations and management of a global and complex infrastructure

  • Social Aspect - Internauts

  • Commercialization


Internet development timeline

Internet Development Timeline

From “A Brief History of the Internet” by B. Leiner, et al.,

http://info.isoc.org/internet/history/brief.html


Technology infrastructure for electronic commerce

Excerpts fromHobbes’ Internet Timelineby Robert H. Zakonhttp://www.info.isoc.org/guest/zakon/Internet/History/HIT.html

  • 1957 Sputnik; US forms ARPA

  • 1962 P Baran, Rand, “On Distributed Communications Networks”, packet switched networks

  • 1967 Larry Roberts first design paper on ARPAnet

  • 1969 ARPANet commissioned. First RFC.

  • 1970 ALOHANet (radio) connected to ARPANet in 1972

  • 1971 Ray Tomlinson E-mail, BBN

  • 1972 Telnet specification (RFC 318)

  • 1973 File transfer specification (RFC 454)

  • 1977 Mail specification (RFC 733)

  • 1979 USENet newsgroups. First MUD.

  • 1981 CSNet

  • 1982 DoD standardizes on TCP/IP

  • 1983 Name server developed at University of Wisconsin; users no longer need to remember exact path to other systems

  • 1983 Berkeley releases 4.2BSD including TCP/IP

  • 1984 DNS introduced. Now over 1,000 hosts

  • 1984 Moderated newsgroups on USENET

  • 1988 Internet worm affects 6,000 of the 60,000 Internet hosts

  • 1990 EFF founded by Mitch Kapor

  • 1991 WWW released by CERN (Tim Berners-Lee, developer)

  • 1991 PGP released by Phil Zimmerman

  • 1992 ISOC chartered

  • 1992 “Surfing the Internet” coined by Jean Armour Polly

  • 1993 US White House goes online

  • 1993 Internet Talk Radio

  • 1994 Can now order pizza from Pizza Hut online

  • 1994 First Virtual bank open for business

  • 1995 RealAudio

  • 1995 Netscape third largest ever NASDAQ IPO share value

  • 1995 Registration of domain names no longer free

  • 1996 Communications Decency Act passed, challenged in US

  • 1997 CDA overturned by Supreme Court


Growth of the internet

Growth of the Internet

From Hobbes’ Internet Timeline at http://info.isoc.org. ...


How internet manages change

How Internet Manages Change?

  • RFC process

  • W3C process

  • Now a proliferation of stakeholders

  • Debates over control of name space

  • Profits to be made and lost

  • Commercial vs. Other interests


Trends in internet applications

Trends in Internet Applications

  • Internet TV (Web TV + VIATV Videophone)

  • Voice over IP (VoIP)

  • Internet telephone

  • Internet dashboard (Alpine GPS, Windows CE in cars)

  • Wireless (WAP)


Needed in electronic commerce

Needed in Electronic Commerce

  • Authentication

  • Privacy

  • Message Integrity

  • Non-repudiation

Adapted from Gail Grant


Authentication

Authentication

  • Proving identity

    • Passports

    • Driver’s licenses

    • Credit Cards

    • Doctors’ diplomas

Gail Grant


Privacy

Privacy

  • Locks

  • Doors

  • Perimeter security

  • Castles

Gail Grant


Technology infrastructure for electronic commerce

M

Y

T

H


Technology infrastructure for electronic commerce

R

E

A

L

I

T

Y


Message integrity

Message Integrity

  • Wax seals

  • Tylenol seals

  • Custom seals

  • US Mail

Gail Grant


Non repudiation

Non-Repudiation

  • Handshake

  • Notary Public

  • Signatures

  • Contacts

Gail Grant


Electronic cash policy issues

Electronic cash policy issues

  • anonymity

    • can lead to “perfect” crime

  • traceability (accountability)

  • security (no electronic muggings)


Certification authority functions

Certification Authority Functions

  • Accept applications for certificates

  • Verify the identity of the person or organization applying for the certificate

  • Issue certificates

  • Revoke/Expire certificates

  • Provide status information about the certificates that it has issued

  • But what do the certificates mean?

Adapted from Gail Grant


Who will be ca s

Who Will Be CA’s?

  • Specialty firms (VeriSign)

  • Government agencies

  • Corporations (for employees)

  • Telecommunication companies

  • Banks

  • Internet Service Providers

  • Value-Added Networks (VAN’s)

  • Whom to trust?

    • Hierarchy vs web of trust

Gail Grant


Who sells ca products and services

Who Sells CA Products and Services?

  • Atalla Corporation

  • BBN Corporation

  • CertCo

  • Cylink Corporation

  • Entrust Technologies Inc.

  • GTE Corporation

  • IBM

  • Netscape Communications

  • VeriSign

  • Xcert Software Inc.

July 1997

Gail Grant


Legal issues

Legal Issues

  • Legislation

  • Responsibilities

  • Liability

  • International Usage

  • Certification Practice Statements


Business issues for cas

Business Issues for CAs

  • Business Models

  • Risks

  • Costs

  • In-House vs Out-Sourcing

  • Operational Considerations

  • Liability


Some problems

Some Problems

  • Untrusted computer systems

  • Not all persons are trustable

  • Law not clear

  • Policy not clear

  • Sovereignty challenged:

    • Cryptography policy

      • Anonymity

      • Confidentiality


Untrusted computer systems then malware example the internet worm shut down 6 000 machines nov 1988

25300

Untrusted Computer Systems (then)Malware Example: The Internet WormShut down 6,000 machines, Nov 1988

  • Tried three techniques in parallel to spread

    • Guess passwords

    • Exploit a bug in the finger program

    • Use a trapdoor in the sendmail program

  • Effects

    • serious degradation in performance of affected machines

    • affected machines had to be shut down or disconnected from the internet

  • Criminal justice

    • Perpetrator convicted January 1990 under 1986Computer Fraud and Abuse Act; sentenced to3 years probation, $10,000 fine, and 400 hours of community service


Web based computer systems surprise disclosures of personal information and program launches

Web-Based Computer Systems SURPRISE DISCLOSURES OF PERSONAL INFORMATION, AND PROGRAM LAUNCHES

  • Cookies

  • JAVA (Applet security issues)

  • Microsoft

    • Word macro viruses

    • ACTIVE-X

      • QUICKEN surprise bank transfer

    • Web-based viruses

  • Browser vulnerabilities (recent Netscape 4.x -- have to disable Java!)

  • A final surprise: monitoring tools (e.g.,

    SATAN) also used by the enemy


Who are trustworthy persons

Who are “trustworthy” persons?

  • With “everyone” connected by networks, how do you know who to trust?

  • Trusted Third Parties

  • Certifying Authorities

  • Digital Signatures

    • Strong, Trustable Encryption

  • Distributed Architecture: Smart Cards


Law of the net

LAW OF THE NET

  • Whose Law? Internet is not a monarchy, democracy, republic, or dictatorship; rules and formalities are nonexistent

  • Jurisdiction, treaties, harmonization of definitions

    • CDA Example, Tennessee

  • Enforcement

    • Elected officials and their designees?

    • Internet Service Providers?

    • Vigilantes?

      • Anti-spam page: http://www.dgl.com/docs/antispam.html

    • Agents Launched by Any of the Above?

      • Cancelbots

    • Netiquette?


Sovereignty case study cryptography policy

18071

Sovereignty Case study: Cryptography Policy

Government stalling, an impediment to

progress, or cautious reasoning to avoid chaos?

  • Constitutional issues- Law Enforcement- National Security

  • Privacy issues

  • Export policies

  • Jurisdictional "turf" issues


Issues in cryptography policy privacy issues

Issues in Cryptography PolicyPrivacy Issues

When should government have right tomonitor telecommunications?

What safeguards prevent abuse ofinformation obtained with taps?

Can a free society toleratehidden data with no accountability?


Technology infrastructure for electronic commerce

Clipper Chip Solution (Clipper I)

(adapted from White House briefing)

* provides successor for DES* provides law enforcement solution

WARRANT

2

Key Escrow Holders

1

Law Enforcement Agency

Court

Commerce Dept., NISTTreasury Dept., Automated Systems Div

Clipper Chip

Encryption device


The four horsemen of the apocalypse cypherpunks version

THE FOUR HORSEMEN OF THE APOCALYPSE (CYPHERPUNKS VERSION)

  • nuclear terrorists

  • child pornographers

  • money launderers

  • drug dealers

APPLICATION OF BLIND SIGNATURE TO A REAL CRIMEB. von Solms and D. Naccache, Computers and Security 11, 6 (1992)reprinted in Hoffman, L. (Ed.), Building in Big Brother,

Springer-Verlag, 1995


What if unbreakable encryption leads to this how many times per year is acceptable

19111

WHAT IF UNBREAKABLE ENCRYPTION LEADS TO THIS?How many times per year is acceptable?


Nas nrc crypto policy report highlights

19892

NAS/NRC CRYPTO POLICY REPORT HIGHLIGHTS

Commercial use: Should promote widespreadcommercial use of technologies that canprevent unauthorized access to electronic info

Exportation: Should allow export of DES toprovide an acceptable level of security

Escrow: Premature (Key recovery = current proposal)

Classified material: The debate on cryptopolicy should be open and does not requireknowledge of classified material

Total preliminary report at http://www.nap.edu/nap/online/titleindex.html#c

Cryptography's Role in Securing the Information Society, 1996,National Academy Press, 2101 Constitution Ave. NW, Box 285, Washington DC 20055, (800) 624-6242


Current encryption legislation highlights full text at http www cdt org crypto

19870

CURRENT ENCRYPTION LEGISLATIONHighlights: Full Text at http://www.cdt.org/crypto/

  • SAFE (HR 695)

    Reps. Goodlatte (R-VA), Eshoo (D-CA)

  • Pro-CODE (S 377)

    • Sen. Leahy (D-VT), Burns (R-CO), Wyden (D-OR)

    • Audio and photo transcript and lots of information

      from 3/19/97 hearing at

      www.democracy.net/archive/03191997

  • Commonalities between SAFE and Pro-CODE

    • Prohibit government from imposing mandatory key escrow

    • No export license required for public domain or

    • generally available encryption software

  • (Draft Clinton administration legislation [no warrant])


Building a home page to sell something

Building a Home Page to Sell Something

  • Just Building a Home Page

  • Now Making It Sell Something

  • What to Sell?


  • Login