1 / 38

Chapter 6

Chapter 6. ELECTROINC COMMERCE TOOLS. Chapter 6 – ELECTROINC COMMERCE TOOLS. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2 DIGITAL CERTIFICATES 6.1.3 DIGITAL SIGNATURES 6.1.4 PUBLIC KEY CRYPTOGRAPHY

allistair-haley
Download Presentation

Chapter 6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 6 ELECTROINC COMMERCE TOOLS

  2. Chapter 6 – ELECTROINC COMMERCE TOOLS • Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) 6.1.1 TRUST 6.1.2 DIGITAL CERTIFICATES 6.1.3 DIGITAL SIGNATURES 6.1.4 PUBLIC KEY CRYPTOGRAPHY 6.1.5 PUBLIC KEY INFRASTRUCTURE (PKI) 6.1.6 CERTIFICATE AUTHORITIES 6.2 Secure Sockets Layer (SSL) and Secure Electronic Transaction (SET) 6.2.1 Secure Sockets layer (SSL) 6.2.2 Secure Electronic Transaction (SET)

  3. Outlin 6.3 ELECTRONIC COMMERCE COMPONENT-BASED ARCHITECTURES 6.3.1 CORE COMPONENTS 6.3.2 BUSINESS-ORIENTED COMPONENT STRATEGIES. 6.3.3 COMMON BUSINESS LIBRARY 6.4 ELECTRONIC COMMERCE COMPONENT-BASED ARCH ITECTURES 6.4.1 Function 6.4.2 Customization 6.4.3 Integration

  4. 6.0 Introduction Electronic commerce promises gains in productivity, efficiency, and communication. At the same time, processing costs are expected to decrease. The objectives are achievable but they require the right types of electronic tools ,support the move to electronic business (eBusiness) operations. The introduction of the Web has transformed operations, and appropriate tools are under development to support these objectives.

  5. Electronic commerce is dependent on a number of components. First, there must be a willing buyer and a willing seller. There must be product, service, or information offerings. If payment is to occur, there must be payment mechanisms avail able for use. In order to transact business, security technology and procedures are expected. Trust is an often overlooked item on the list of requirements for electronic commerce, but it is an essential ingredient for electronic commerce to take place and to succeed.

  6. 6.1PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) • TRUST. • DIGITAL CERTIFICATES . • DIGITAL SIGNATURES. • PUBLIC KEY CRYPTOGRAPHY. • PUBLIC KEY INFRASTRUCTURE (PKI). • CERTIFICATE AUTHORITIES.

  7. 6.1.1 TRUST • Physical world - Drivers’ licenses. - Passports. - Membership cards. - ATM cards . • Electronic world - Digital certificate. - Digital signature.

  8. 6.1.2 DIGITAL CERTIFICATES • A digital certificate is a digital document, attesting to the binding of a public key of an individual or entity. • Most people think there is basically one type of digital certificate. In actuality, several different types of digital certificates are available for use in business-to-consumer, business-to-business, and intra-business electronic commerce applications, including email certificates, browser certificates, server (SSL) certificates, software signing certificates, corporate empowerment certificates, SET certificates, and EDI certificates.

  9. Digital certificates contain the following Information: 1. Name of entity being certified 2. Public key 3. Name of certificate authority 4. Serial number 5. Expiration date 6. Optional additional information 6.1.2 DIGITAL CERTIFICATES

  10. 6.1.3 DIGITAL SIGNATURES • Digital signature • Authenticates sender’s identity • Run plain-text through hash function • Gives message a mathematical value called hash value • Hash value also known as message digest • Collision • Occurs when multiple messages have same hash value • Encrypt message digest with private-key • Send signature, encrypted message (with public-key) and hash function

  11. 6.1.4 PUBLIC KEY CRYPTOGRAPHY • Public key cryptography • Asymmetric – two inversely related keys • Private key • Public key • If public key encrypts only private can decrypt and vice versa • Each party has both a public and a private key • Either the public key or the private key can be used to encrypt a message • Encrypted with public key and private key • Proves identity while maintaining security

  12. 6.1.4 PUBLIC KEY CRYPTOGRAPHY • Encrypting and decrypting a message using a symmetric key

  13. 6.1.4 PUBLIC KEY CRYPTOGRAPHY • Encrypting and decrypting a message using public-key cryptography

  14. 6.1.4 PUBLIC KEY CRYPTOGRAPHY • Authentication with a public-key algorithm

  15. 6.1.5 PUBLIC KEY INFRASTRUCTURE (PKI) The basic elements of PKI are as follows: • A certificate authority (CA) responsible for issuing and verifying digital certificates. • A digital certificate including the public key or information about the public key. • A registration authority (RA) to serve as the verifier for the certificate authority before a digital certificate is actually issued to the requestor. • A directory where the digital certificates and their public keys are stored. • A certificate management system.

  16. 6.1.6 CERTIFICATE AUTHORITIES • A certificate authority is a trusted authority, an organization, that takes on the responsibility for issuing certificates. By issuing digital certificates containing public keys, the CA vouches for the identity of those to whom it issues the certificates. The CA’s public key must be trustworthy.

  17. 6.1.6 CERTIFICATE AUTHORITIES • The CA issuance process consists of the following steps: 1. Generate public/private key pair. 2. Send public key to CA. 3. Prove identity to CA—verify. 4. CA signs and issues certificate. 5. CA emails certificate or Requestor retrieves certificate from secure Web site. 6. Requestor uses certificate to demonstrate legitimacy of his or her public key.

  18. 6.2 Secure Sockets Layer (SSL) andSecure Electronic Transaction (SET) • Transaction security protocols • Secure Sockets Layer (SSL) • Secure Electronic Transaction (SET)

  19. 6.2.1 Secure Sockets layer (SSL) • SSL • Uses public-key technology and digital certificates to authenticate the server in a transaction • Protects information as it travels over Internet • Does not protect once stored on receivers server • Peripheral component interconnect (PCI) cards • Installed on servers to secure data for an SSL transaction

  20. 6.2.1 Secure Sockets layer (SSL) SSL Protocol Client side Server side Hello? Client initiates a connection Server responds by sending the client its Digital ID. The server may also request the client’s Digital ID for client authentication. Server Digital ID Client verifies the server’s Digital ID. If requested by the server, the client sends its Digital ID. Client Digital ID When the authentication is complete, the client sends the server a session key encrypted using the server’s public key. Sessionkey Once a session key is established, secure communications commence between client and server

  21. 6.2.2 Secure Electronic Transaction (SET) • SET protocol • Designed to protect e-commerce payments • Certifies customer, merchant and merchant’s bank • Requirements • Merchants must have a digital certificate and SET software • Customers must have a digital certificate and digital wallet • Digital wallet • Stores credit card information and identification • Merchant never sees the customer’s personal information • Sent straight to banks • Microsoft Authenticode • Authenticates file downloads • Informs users of the download’s author

  22. 6.2.2 Secure Electronic Transaction (SET)

  23. Digital wallet

  24. 6.3 ELECTRONIC COMMERCE COMPONENT-BASED ARCH ITECTURES CORE COMPONENTS • Catalog Management. • Content Management. • Transaction services. • Personalization facilities. • Customer support and customer service. • Interfaces to internal business systems.

  25. 6.3.1 CORE COMPONENTS • Catalog Management - Which provides facilities to store, search, and retrieve product information

  26. 6.3.1 CORE COMPONENTS • Content Management - To enhance product information available through catalog entries.

  27. 6.3.1 CORE COMPONENTS • Transaction services - Providing online purchasing mechanisms. These facilities may include online shopping carts and credit card authorization services.

  28. 6.3.1 CORE COMPONENTS • Personalization facilities - Including user profiling and features to customize content delivery based on individual usage patterns and individual user preferences, background, and characteristics .

  29. 6.3.1 CORE COMPONENTS • Customer support and customer service - Including facilities to handle customers’ questions and requests for Information.

  30. 6.3.1 CORE COMPONENTS • Interfaces to internal business systems - Including functions, APIs (application program interfaces), and development tools to connect Web-based electronic.

  31. 6.3.2 BUSINESS-ORIENTED COMPONENT STRATEGIES • Most e-commerce server vendors are not offering business-oriented component strategies yet. However, vendors are offering network-available business services. There are transaction engines and catalog management applications.

  32. 6.3.3 COMMON BUSINESS LIBRARY • A common business library (CBL) is under development as part of the CornmerceNet eCo framework. The library will include: - APIs for businesses, markets, processes, applications, and services. - Common Business Objects for catalogs, product information, business forms, and companies.

  33. 6.3.3 COMMON BUSINESS LIBRARY • we can view documents as the input and output to these business services, Some of these document types include: - Profiles of customers and vendors. - Catalogs, data sheets, price lists. - Invoices. - Purchase orders (POs)

  34. 6.3.3 COMMON BUSINESS LIBRARY - Inventory reports - Bill of materials - Contracts - Credit reports - Reports on shipping, tracking, and order status - Receipts

  35. 6.4 Electronic commerce solution Electronic commerceSolution = Function + Customization + Integration

  36. 6.4.1 FUNCTION • The electronic commerce solution function may consist of packaged off-the-shelf software. Off-the-shelf software may be enhanced in-house.

  37. 6.4.2 CUSTOMIZATION • Another option to consider is whether your electronic commerce solution should involve personalization according to the profile of the customer/user.

  38. 6.4.3 INTEGRATION • In designing your organization’s electronic commerce solution, you need to consider the type of interaction that you want to see between a customer and the company.

More Related