chapter 6 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Chapter 6 PowerPoint Presentation
Download Presentation
Chapter 6

Loading in 2 Seconds...

play fullscreen
1 / 38

Chapter 6 - PowerPoint PPT Presentation


  • 58 Views
  • Uploaded on

Chapter 6. ELECTROINC COMMERCE TOOLS. Chapter 6 – ELECTROINC COMMERCE TOOLS. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2 DIGITAL CERTIFICATES 6.1.3 DIGITAL SIGNATURES 6.1.4 PUBLIC KEY CRYPTOGRAPHY

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Chapter 6' - allistair-haley


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
chapter 6
Chapter 6

ELECTROINC COMMERCE TOOLS

chapter 6 electroinc commerce tools
Chapter 6 – ELECTROINC COMMERCE TOOLS
  • Outline

6.0 Introduction

6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs)

6.1.1 TRUST

6.1.2 DIGITAL CERTIFICATES

6.1.3 DIGITAL SIGNATURES

6.1.4 PUBLIC KEY CRYPTOGRAPHY

6.1.5 PUBLIC KEY INFRASTRUCTURE (PKI)

6.1.6 CERTIFICATE AUTHORITIES

6.2 Secure Sockets Layer (SSL) and Secure Electronic Transaction (SET)

6.2.1 Secure Sockets layer (SSL)

6.2.2 Secure Electronic Transaction (SET)

slide3
Outlin

6.3 ELECTRONIC COMMERCE COMPONENT-BASED ARCHITECTURES

6.3.1 CORE COMPONENTS

6.3.2 BUSINESS-ORIENTED COMPONENT STRATEGIES.

6.3.3 COMMON BUSINESS LIBRARY

6.4 ELECTRONIC COMMERCE COMPONENT-BASED ARCH ITECTURES 6.4.1 Function

6.4.2 Customization

6.4.3 Integration

6 0 introduction

6.0 Introduction

Electronic commerce promises gains in productivity, efficiency, and communication. At the same time, processing costs are expected to decrease. The objectives are achievable but they require the right types of electronic tools ,support the move to electronic business (eBusiness) operations. The introduction of the Web has transformed operations, and appropriate tools are under development to support these objectives.

slide5
Electronic commerce is dependent on a number of components. First, there must be a willing buyer and a willing seller. There must be product, service, or information offerings. If payment is to occur, there must be payment mechanisms avail able for use. In order to transact business, security technology and procedures are expected. Trust is an often overlooked item on the list of requirements for electronic commerce, but it is an essential ingredient for electronic commerce to take place and to succeed.
6 1 public key infrastructure pki and certificate authorities cas
6.1PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs)
  • TRUST.
  • DIGITAL CERTIFICATES .
  • DIGITAL SIGNATURES.
  • PUBLIC KEY CRYPTOGRAPHY.
  • PUBLIC KEY INFRASTRUCTURE (PKI).
  • CERTIFICATE AUTHORITIES.
6 1 1 trust
6.1.1 TRUST
  • Physical world

- Drivers’ licenses.

- Passports.

- Membership cards.

- ATM cards .

  • Electronic world

- Digital certificate.

- Digital signature.

6 1 2 digital certificates
6.1.2 DIGITAL CERTIFICATES
  • A digital certificate is a digital document, attesting to the binding of a public key of an individual or entity.
  • Most people think there is basically one type of digital certificate. In actuality, several different types of digital certificates are available for use in business-to-consumer, business-to-business, and intra-business electronic commerce applications, including email certificates, browser certificates, server (SSL) certificates, software signing certificates, corporate empowerment certificates, SET certificates, and EDI certificates.
6 1 2 digital certificates1
Digital certificates contain the following Information:

1. Name of entity being certified 2. Public key 3. Name of certificate authority 4. Serial number 5. Expiration date 6. Optional additional information

6.1.2 DIGITAL CERTIFICATES
6 1 3 digital signatures
6.1.3 DIGITAL SIGNATURES
  • Digital signature
    • Authenticates sender’s identity
    • Run plain-text through hash function
      • Gives message a mathematical value called hash value
      • Hash value also known as message digest
    • Collision
      • Occurs when multiple messages have same hash value
    • Encrypt message digest with private-key
    • Send signature, encrypted message (with public-key) and hash function
6 1 4 public key cryptography
6.1.4 PUBLIC KEY CRYPTOGRAPHY
  • Public key cryptography
    • Asymmetric – two inversely related keys
      • Private key
      • Public key
    • If public key encrypts only private can decrypt and vice versa
    • Each party has both a public and a private key
    • Either the public key or the private key can be used to encrypt a message
    • Encrypted with public key and private key
      • Proves identity while maintaining security
6 1 4 public key cryptography1
6.1.4 PUBLIC KEY CRYPTOGRAPHY
  • Encrypting and decrypting a message using a symmetric key
6 1 4 public key cryptography2
6.1.4 PUBLIC KEY CRYPTOGRAPHY
  • Encrypting and decrypting a message using public-key cryptography
6 1 4 public key cryptography3
6.1.4 PUBLIC KEY CRYPTOGRAPHY
  • Authentication with a public-key algorithm
6 1 5 public key infrastructure pki
6.1.5 PUBLIC KEY INFRASTRUCTURE (PKI)

The basic elements of PKI are as follows:

• A certificate authority (CA) responsible for issuing and verifying digital certificates.

• A digital certificate including the public key or information about the public key.

• A registration authority (RA) to serve as the verifier for the certificate authority before a digital certificate is actually issued to the requestor.

• A directory where the digital certificates and their public keys are stored.

• A certificate management system.

6 1 6 certificate authorities
6.1.6 CERTIFICATE AUTHORITIES
  • A certificate authority is a trusted authority, an organization, that takes on the responsibility for issuing certificates. By issuing digital certificates containing public keys, the CA vouches for the identity of those to whom it issues the certificates. The CA’s public key must be trustworthy.
6 1 6 certificate authorities1
6.1.6 CERTIFICATE AUTHORITIES
  • The CA issuance process consists of the following steps:

1. Generate public/private key pair.

2. Send public key to CA.

3. Prove identity to CA—verify.

4. CA signs and issues certificate.

5. CA emails certificate or Requestor retrieves certificate from secure Web site.

6. Requestor uses certificate to demonstrate legitimacy of his or her public key.

6 2 secure sockets layer ssl and secure electronic transaction set
6.2 Secure Sockets Layer (SSL) andSecure Electronic Transaction (SET)
  • Transaction security protocols
    • Secure Sockets Layer (SSL)
    • Secure Electronic Transaction (SET)
6 2 1 secure sockets layer ssl
6.2.1 Secure Sockets layer (SSL)
  • SSL
    • Uses public-key technology and digital certificates to authenticate the server in a transaction
    • Protects information as it travels over Internet
      • Does not protect once stored on receivers server
    • Peripheral component interconnect (PCI) cards
      • Installed on servers to secure data for an SSL transaction
6 2 1 secure sockets layer ssl1
6.2.1 Secure Sockets layer (SSL)

SSL Protocol

Client side

Server side

Hello?

Client initiates a connection

Server responds by sending the client its Digital ID. The server may also request the client’s Digital ID for client authentication.

Server Digital ID

Client verifies the server’s Digital ID. If requested by the server, the client sends its Digital ID.

Client Digital ID

When the authentication is complete, the client sends the server a session key encrypted using the server’s public key.

Sessionkey

Once a session key is established, secure communications

commence between client and server

6 2 2 secure electronic transaction set
6.2.2 Secure Electronic Transaction (SET)
  • SET protocol
    • Designed to protect e-commerce payments
    • Certifies customer, merchant and merchant’s bank
    • Requirements
      • Merchants must have a digital certificate and SET software
      • Customers must have a digital certificate and digital wallet
    • Digital wallet
      • Stores credit card information and identification
    • Merchant never sees the customer’s personal information
      • Sent straight to banks
  • Microsoft Authenticode
    • Authenticates file downloads
    • Informs users of the download’s author
6 3 electronic commerce component based arch itectures
6.3 ELECTRONIC COMMERCE COMPONENT-BASED ARCH ITECTURES

CORE COMPONENTS

  • Catalog Management.
  • Content Management.
  • Transaction services.
  • Personalization facilities.
  • Customer support and customer service.
  • Interfaces to internal business systems.
6 3 1 core components
6.3.1 CORE COMPONENTS
  • Catalog Management

- Which provides facilities to store, search, and retrieve product information

6 3 1 core components1
6.3.1 CORE COMPONENTS
  • Content Management

- To enhance product information available through catalog entries.

6 3 1 core components2
6.3.1 CORE COMPONENTS
  • Transaction services

- Providing online purchasing mechanisms. These facilities may include online shopping carts and credit card authorization services.

6 3 1 core components3
6.3.1 CORE COMPONENTS
  • Personalization facilities

- Including user profiling and features to customize content delivery based on individual usage patterns and individual user preferences, background, and characteristics .

6 3 1 core components4
6.3.1 CORE COMPONENTS
  • Customer support and customer service

- Including facilities to handle customers’ questions and requests for Information.

6 3 1 core components5
6.3.1 CORE COMPONENTS
  • Interfaces to internal business systems

- Including functions, APIs (application program interfaces), and development tools to connect Web-based electronic.

6 3 2 business oriented component strategies
6.3.2 BUSINESS-ORIENTED COMPONENT STRATEGIES
  • Most e-commerce server vendors are not offering business-oriented component strategies yet. However, vendors are offering network-available business services. There are transaction engines and catalog management applications.
6 3 3 common business library
6.3.3 COMMON BUSINESS LIBRARY
  • A common business library (CBL) is under development as part of the CornmerceNet eCo framework. The library will include: - APIs for businesses, markets, processes, applications, and services.

- Common Business Objects for catalogs, product information, business forms, and companies.

6 3 3 common business library1
6.3.3 COMMON BUSINESS LIBRARY
  • we can view documents as the input and output to these business services, Some of these document types include:

- Profiles of customers and vendors.

- Catalogs, data sheets, price lists.

- Invoices.

- Purchase orders (POs)

6 3 3 common business library2
6.3.3 COMMON BUSINESS LIBRARY

- Inventory reports

- Bill of materials

- Contracts

- Credit reports

- Reports on shipping, tracking, and order status

- Receipts

6 4 electronic commerce solution
6.4 Electronic commerce solution

Electronic commerceSolution = Function + Customization + Integration

6 4 1 function
6.4.1 FUNCTION
  • The electronic commerce solution function may consist of packaged off-the-shelf software. Off-the-shelf software may be enhanced in-house.
6 4 2 customization
6.4.2 CUSTOMIZATION
  • Another option to consider is whether your electronic commerce solution should involve personalization according to the profile of the customer/user.
6 4 3 integration
6.4.3 INTEGRATION
  • In designing your organization’s electronic commerce solution, you need to consider the type of interaction that you want to see between a customer and the company.