E-Commerce - PowerPoint PPT Presentation

1 / 34
About This Presentation
Title:

E-Commerce

Description:

E-Commerce Security ... E-Commerce – PowerPoint PPT presentation

Number of Views:105
Avg rating:3.0/5.0
Slides: 35
Provided by: COB84
Learn more at: https://faculty.sfsu.edu
Category:

less

Transcript and Presenter's Notes

Title: E-Commerce


1
E-Commerce
2
E-Commerce
  • Buying and selling, and marketing and servicing
    of products and services, and information via
    computer networks.

3
Broad Band Economy
  • A 7 percent increase in broadband adoption would
    create 2.4 million jobs across the U.S., would
    save 6.4 billion in vehicle mileage according to
    the study released by Connected Nation. In
    addition to the mileage savings, U.S. residents
    would save 3.8 billion hours a year by conducting
    transactions online, at a cost-savings of 35.2
    billion, according to the study.
  • A broadband stimulus package would pump nearly as
    much money into the U.S. economy as an economic
    stimulus package recently passed by the U.S.
    Congress, said Brian Mefford, Connected Nation's
    CEO.
  • http//www.connectednation.com/documents/CNPressRe
    lease_EISStudy_022108.pdf

4
E-Commerce Models
  • B2C Storefront model
  • E-tailing (electronic retailing)
  • Shopping cart, on-line shopping mall
  • B2B
  • Electronic Data Interchange (EDI)
  • Electronic Exchange An electronic forum where
    manufacturers, suppliers, and competitors buy and
    sell goods.
  • Example WorldWide Retail Exchange (WWRE)
  • http//www.worldwideretailexchange.org/cs/en/index
    .htm
  • C2C
  • Auction model e-Bay
  • Etc.

5
B2C System Model
6
E-Payment
  • Online credit card transaction
  • Card-not-present transaction
  • Prepaid card
  • Visa Reloadable Prepaid card
  • PayPal https//www.paypal.com/
  • Google Checkout
  • https//checkout.google.com/support/?hlen_US

7
M-Business
  • E-Business enabled by wireless communication.
  • Cell phone, PDA
  • WI-FI Wireless local area network (WLAN) based
    on the IEEE802.11 specifications.
  • Hotspot

8
Location Based Services
  • Location-Identification Technologies
  • Geocode Longitude, latitude
  • Global Positioning System (GPS)
  • Cell phone
  • Angle of Arrival (AOA)
  • Location Based Services
  • B2E (Employee)
  • B2C

9
E-Learning
  • Electronic learning or eLearning is a general
    term used to refer to computer-enhanced learning.
  • Many higher education, for-profit institutions,
    now offer on-line classes.
  • The Sloan report, based on a poll of academic
    leaders, says that students generally appear to
    be at least as satisfied with their on-line
    classes as they are with traditional ones.
  • Example GIS online course
  • http//www.ruraltech.org/video/2005/acrview/index.
    asp

10
Technology Used in E-Learning
  • blogs
  • collaborative software
  • discussion boards
  • e-mail
  • educational animation
  • learning management systems
  • podcasts
  • screencasts
  • text chat
  • virtual classrooms
  • web-based teaching materials
  • wiki

11
e-Government
  • It refers to governments use of information
    technology to exchange information and services
    with citizens, businesses, and other arms of
    government.

12
e-Government Models
  • Government-to-Citizen G2C
  • Government-to-Business (G2B)
  • Government-to-Government (G2G)
  • Government-to-Employees (G2E).
  • http//www.nbc.gov/egov/

13
Increase Traffic to Website
  • Search engine optimization
  • http//en.wikipedia.org/wiki/Search_engine_optimiz
    ation
  • http//www.sempo.org/learning_center/case_studies/
    the_secret_weapon/
  • Tips
  • http//www.2createawebsite.com/ebook/TrafficBuildi
    ngTips.pdf
  • Grow your business with Google
  • GoogleAdWords
  • Yahoo!'s Open Search Platform
  • http//tools.search.yahoo.com/newsearch/open.html

14
How Search Engines Work Search Engine Relevancy
Reviewed
  • http//www.seobook.com/relevancy/

15
Internet Security
  • Authenticity Is the sender of a message who they
    claim to be?
  • Privacy Are the contents of a message secret
    and only known to the sender and receiver?
  • Integrity Have the contents of a message been
    modified during transmission?
  • Nonrepudiation Can the sender of a message deny
    that they actually sent the message?

16
Encryption (Cryptography)
  • Plain text the original message in
    human-readable form.
  • Ciphertextthe encrypted message
  • Encryption algorithm the mathematical formula
    used to encrypt the plain text.
  • Key the secret key used to encrypt and decrypt a
    message.

17
Encryption Example
  • Digits 0-9,
  • Encryptor
  • Replace each digit by Mod(Digit Key, 10)
  • Keys value is from 0 to 9
  • If Key 7, then
  • 0 -gt 7, 1-gt8, 2-gt9, 3-gt0, 4-gt1, 5-gt2
  • Decryptor
  • Replace each digit byMod(Digit (10-Key), 10)
  • If key7, then
  • 7-gt0, 8-gt1, 9-gt2, 0-gt3

18
Encryption Algorithms
  • Private key encryption
  • symmetric cryptography
  • Public key encryption
  • asymmetric cryptography
  • Digital signature
  • Digital certificate

19
Private Key (secret Key) Encryption
  • The same key is used by a sender (for encryption)
    and a receiver (for decryption)
  • The key must be transmitted to the receiver.
  • Example
  • DES (Data Encryption Standard) algorithm with
    56-bit key

20
Public Key Encryption
  • Uses two different keys a public and a private
    key.
  • Receivers public key must be delivered in
    advance.
  • Sender uses receivers public key to encrypt the
    message and receiver uses private key to decrypt
    the message (Sender can be sure the receiver is
    the true receiver)
  • Example
  • RSA (Rivest, Shamir, and Adelman) algorithm with
    512-bit to 1024-bit key.
  • Note Although the two keys are mathematically
    related, deriving one from the other is
    computationally infeasible.

21
Digital Signature
  • It is used for the authentication and
    nonrepudiation of senders.

22
Certificate
  • A certificate is a digital document issued by a
    trusted third-party certificate authority (CA).
  • A certificate contains records such as a serial
    number, users name, owners public key, name of
    CA, etc.
  • Example of CA VeriSign, U.S. Postal Service.

23
Online Transaction Security Protocol
  • Secure Sockets Layer (SSL)
  • Developed by Netscape
  • SSL implements public key technology using the
    RSA algorithm and digital certificate to
    authenticate the server in a transaction and
    protect private information.

24
  • 1. A client sends a message to a server.
  • 2. The server sends its digital certificate to
    the client for authentication (authenticate the
    server)
  • 3. The client and server negotiate session keys
    to continue the transaction and use session keys
    and digital certificate for encryption.

25
Tech heavyweights join OpenID Foundation board
  • IBM, Google, Microsoft, Yahoo and VeriSign have
    joined the board of the OpenID Foundation, which
    puts consumers a little closer to being able to
    use a single sign-on when they surf the Web.
  • It is simpler People no longer have to remember
    multiple passwords or re-enter their personal
    information every time they visit a new site.
  • It is also more secure because it protects
    against certain types of online attacks.
  • http//openid.net/

26
Cookies
  • Designed to hold information about a user.
  • Created by a web site and saved on the visitors
    machine.
  • It contains
  • Web site that sets the cookie.
  • One or more pieces of data.
  • Expiration date for this cookie.
  • Cookies directory
  • Browser sends cookie with the URL when you visit
    the site that issued the cookie.

27
Excels Security
  • Use password to protect spreadsheet file
  • Tools/Option/Security
  • Password to open
  • Password to modify
  • Protect spreadsheet content
  • Tools/Protection
  • Protect sheet
  • Allow user to edit range
  • Hide data
  • Format/Cells/Number/Custom
  • Enter (three semicolons)

28
Database Security
29
Database Security
  • Database Security Protection of the data against
    accidental or intentional loss, destruction, or
    misuse
  • Increased difficulty due to Internet access and
    client/server technologies

30
Threats to Data Security
  • Accidental losses attributable to
  • People
  • Users using another persons means of access,
    viewing unauthorized data, introduction of
    viruses
  • Programmers/Operators
  • Database administrator Inadequate security
    policy
  • Software failure
  • DBMS security mechanism, privilege
  • Application software program alteration
  • Hardware failure
  • Theft and fraud
  • Improper data access
  • Loss of privacy (personal data)
  • Loss of confidentiality (corporate data)
  • Loss of availability (through, e.g. sabotage)

31
Countermeasures to Threats
  • Authorization
  • Authentication
  • Access controls privileges
  • Database views
  • BackUp and Recovery
  • Enforcing integrity rules
  • Encryption
  • Symmetric encryptionuse same key for encryption
    and decryption
  • Asymmetric encryption
  • Public key for encryption
  • Private key decryption
  • RAID

32
Authorization Rules
  • Controls incorporated in the data management
    system
  • ?Restrict
  • access to data
  • actions that people can take on data
  • ?Authorization matrix for
  • Subjects
  • Objects
  • Actions
  • Constraints

33
Authorization matrix
34
Access security
  • Database Password
  • Must open the database exclusively
  • In the File/Open window, click Open buttons
    dropdown list and select Open Exclusive
  • Tools/Security/Set database password
  • Tools/Security/Encode Decode
  • User group/User level security
Write a Comment
User Comments (0)
About PowerShow.com