CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.
-
Upload
lora-bennett -
Category
Documents
-
view
222 -
download
4
Transcript of CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.
![Page 1: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/1.jpg)
CONDUCTING E-COMMERCE
with
Peter Paolucci, Ph.D.
![Page 2: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/2.jpg)
10 LIES ABOUT E-COMMERCE
Instant and ubiquitous availability Simplifies buyer-seller relationship Reduced paperwork Reduced errors, time & overhead costs Reduced time to complete transactions Easier entrance into new markets Provides new business opportunities Wider access to experts and peers Improved product analysis Streamlined purchasing process
![Page 3: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/3.jpg)
TCP/IP
How info is transported “Transmission Control
Protocol”
How info is addressed “Internet Protocol”
![Page 4: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/4.jpg)
TCP/IP Key points
Routers handle packets
Packets follow corridors Every new router is a “hop” Packet acknowledgment when rec’d
Info moves in pieces: not in 1 chunk
![Page 5: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/5.jpg)
TCP/IP Considerations
Check tracert and ping Every hop = potential security
weakness
Solutions VPN (virtual private network) Encryption
![Page 6: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/6.jpg)
FRAMES & PACKETS
“packet” vs “frame”
Packet = any piece of information transmitted across Internet
Frame = information passed between hosts on a Ethernet network
DataHeader Trailer
![Page 7: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/7.jpg)
SERVER CHOICES Proprietary vs open standard solutions Scalability Support levels (human resources) Hardware & licensing costs Access Frequency of patches/updates needed Hosted/owner by whom?
![Page 8: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/8.jpg)
SERVER CHOICES I Kind of server affects your
security issues
Apache (Unix or Microsoft) Linux Netscape Suite Spot Microsoft IIS Lotus Notes Novell
![Page 9: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/9.jpg)
SECURITY METHODS
Authentication (personal/domain/machine)
Data confidentiality (encryption)
![Page 10: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/10.jpg)
ABOUT SECURITY What is security in non-Internet context? What is security in the Internet context? How secure can a system/transaction be? How much money and resources should you
spend?
![Page 11: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/11.jpg)
SECURITY ISSUES
Confidentiality Privacy Data integrity System integrity
![Page 12: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/12.jpg)
AUTHENTICATION
Who are you? Are you really you? Is this action from your computer? Is this action from your domain? Is this action from your ISP? Is the content of the transmission strictly confidential? Has message integrity been retained? (no tampering)
![Page 13: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/13.jpg)
E-AUTHENTICATION
Is this your credit card? Is this your bank? Do you have the funds?
![Page 14: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/14.jpg)
SYMMETRIC ENCRYPTION
AKA “single key” encrypts and decrypts 1 password on both ends (shared secret) Same key encrypts AND decrypts Best to arrange shared password (“key”) in a
secure manner Original message is called “plain text” Encrypted message is called “cipher text”
![Page 15: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/15.jpg)
CRYPTOGRAPHY What is encryption?
1. Hello = 8-5-12-12-15 (how hard is it to steal this key?)
2. Hello = I-F-M-M-P (how hard is it to steal this key?
3. Hello = &%$iIwoie&4@!)(-09UtT (how hard is it to steal this key?)
![Page 16: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/16.jpg)
CRYPTOGRAPHY
Factors1. Secrecy of key
(how hard is it to steal the key)
2. Difficulty of algorithm (complexity of formula)
3. Back doors What method used to generate
randomness (predicable patterns such as system time can be read and mimicked)
[see RSA as an example]
![Page 17: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/17.jpg)
CRYPTOGRAPHY Factors
4. key length 20 bits = 2 to the20th power or 1,048,576 possible values
exist 48 bit now crackable in a matter of minutes 128 bit is standard and would take years to crack US govt allowed up to 40 but max. for products exported
for USA
![Page 18: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/18.jpg)
ONE-WAY ENCRYPTION Aka “hash encryption”
Once password (key) has been encrypted it can never be decrypted
Typical use: ATM machine cards
Used in NT and Unix
For NT and Unix, the admin never knows what a pwd is: they must always create a new password
![Page 19: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/19.jpg)
SYMMETRIC ENCRYPTION: EXAMPLE Ted
Mary
PasswordPlain Text
Cipher TextCipher Text
Plain TextPassword
![Page 20: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/20.jpg)
PLAIN TEXT
![Page 21: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/21.jpg)
CIPHER TEXT
![Page 22: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/22.jpg)
ASYMMETRIC ENCRYPTION
Aka “public key cryptography” (MIT early 1970’s)
1 key for encrypt + 1 for decrypt X sends to Y with Y’s public key: only Y’s
private key can decrypt Reversible:
A encrypts, B can decrypt + vice versa The pairs are matched set 1 key is public: another is private Secure but slow
![Page 23: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/23.jpg)
ASYMMETRIC ENCRYPTION EXAMPLE
Ted’s Private + Public (Random Symmetric)
+ Mary’s Public= (produces)Cipher Text
Mary’s PrivateRandom Public (automatic)
Ted’s Public= (produces)
Plain text
![Page 24: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/24.jpg)
SECURITY STANDARDS
Set by NCSC (North Carolina Supercomputing Center) So-called “orange book”
Level D: minimal or not secure at all -- (like MS Dos); no user distinctions
Level C1: rudimentary access control (login authentication)
Level C2: unique users; system level protection (like Unix)
Level B1: mandatory access control; varied security level; user cannot change permissions on files/directories
![Page 25: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/25.jpg)
SECURITY STANDARDS
Level B2: every file labeled according to its security
level; labels change dynamically Level B3: hardware protection(terminals only connect
through trusted paths); data hiding
Level A1: requires rigorous mathematical proof that system cannot be compromised; also proof that hardware-software must have been protected during shipment to prevent tampering
![Page 26: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/26.jpg)
SECURITY WEAKNESSES Humans: passwords, procedures File system permissions System allows bad passwords Poor firewalls Bugs known and unknown Poor auditing of events Not changing system defaults Restrict parameter/field access in data bases
(along with carefully built CGI)
![Page 27: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/27.jpg)
HACKING METHODS Password and packet sniffing (software &
hardware) Spoofing (brute force or dictionary or
enlightened) Account cracking via dictionary programs Decryption & Brute-force decryption Old-fashioned snooping Capitalizing on system access when someone
leaves their desk
![Page 28: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/28.jpg)
CUSTOMER TRUST Success and Horror Stories
(http://www.zdnet.com/anchordesk/story/story_2759.html)
Customer Protection Tips You Should Address (http://www.paytips.org/contips.htm)
Other “trust” issues
![Page 29: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/29.jpg)
STRATEGIES IN E-COMMERCE
Appropriate goods and services for the Net Successful Marketing (spam, mailers, browser harvesting) Designing a successful storefront Models of Doing Business Promotion (engines, engine ad banners, newsgroups, listservs) Meta, Title and other HTML tags (what the engines
want & some legalities) Competing with the “bot” shoppers Internet Demographics& Miscellaneous
![Page 30: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/30.jpg)
MODEL’S OF DOING BUSINESS
Credit card: Manual (delayed) vs Automated (immediate)
Cyber Cash(http://www.cybercash.com/)
Traditional cheque Cybercash bought by Verisign The bad news about Verisign
![Page 31: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/31.jpg)
THE PROCESS If the client already has a merchant
number You may not use the same # for internet Apply to each of the 3 (or 4) credit cards individually
(Amex, Visa, MC, Discovery) Problem: which visa? CIBC? TD-Canada Trust? BOM? Which MC? Amex not a problem
![Page 32: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/32.jpg)
Learn Canada /Internet Secure
Internet Secure is a broker for all banks and credit cards
One time set up: $395 Send in voided cheque Form to fill out includes
Company name, address, incorporation #, business type (proprietary, sole, corporation) website, description of service, minimum/maximum value of any given order, contact person, pick id and pwd
![Page 33: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/33.jpg)
Learn Canada /Internet Secure
Bring ETF (Electronic Funds Transfer Form) to bank to verify account name and legality of account and its use
Determine funds: us or cdn or both Signed by bank official Establish price catalogue and codes Go to Internet Secure and enter catalogue
prices and code numbers
![Page 34: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/34.jpg)
Fee Structure
CANADIAN DOLLARSCANADIAN DOLLARS
SETUPSETUP MONTHLYMONTHLY / TRANS/ TRANS PLUSPLUS
$395$395 $45$45 $.45$.45 3.75% Visa3.75% Visa
4% Amex4% Amex
$395$395 $25$25 $1.50$1.50 4% Visa4% Visa
4.5% Amex4.5% Amex
$0$0 $20$20 $0$0 9% all9% all
![Page 35: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/35.jpg)
Fee Structure
USA DOLLARSUSA DOLLARS
SETUPSETUP MONTHLYMONTHLY / TRANS/ TRANS PLUSPLUS
$395$395 $35$35 $1.00$1.00 3.75% Visa3.75% Visa
4% Amex4% Amex
$395$395 $25$25 $1.50$1.50 4% Visa4% Visa
4.5% Amex4.5% Amex
$0$0 $20$20 $0$0 9% all9% all
![Page 36: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/36.jpg)
FEE STRUCTURE
Additional fee is either a security deposit (ranging from $4000 up) such as cash or assets
RMRF (Rolling Merchant Reserve Fund) in which they withhold 8% of your sales for 6 months and pay it to you in the 7th month
Transactions are deposited automatically on the 15th and 30th of every month
![Page 37: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/37.jpg)
![Page 38: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/38.jpg)
![Page 39: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/39.jpg)
![Page 40: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/40.jpg)
![Page 41: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/41.jpg)
![Page 42: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/42.jpg)
![Page 43: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/43.jpg)
![Page 44: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/44.jpg)
![Page 45: CONDUCTING E-COMMERCE with Peter Paolucci, Ph.D.](https://reader030.fdocuments.net/reader030/viewer/2022032707/56649e205503460f94b0c20e/html5/thumbnails/45.jpg)