This action might not be possible to undo. Are you sure you want to continue?
BY: N. Badal, KNIT, Sultanpur
Introduction To the Course
Course gives a survey of the key technological elements of e-commerce. Focus on the technical aspects : it discusses how to build different parts of an e-commerce system and integrate into a full system. Covers key underlying technologies of e-commerce including web system and web protocol web programming using java servlets. Also covers some business strategies essential to e-commerce.
Topic to be Covered
• • • • • • • • • • • Introduction to electronic commerce The Internet and the Web : Infrastructure for electronic commerce Web-based tools for electronic commerce Electronic commerce Software Security threats to electronic commerce , Implementing security for electronic commerce Electronic payment systems Strategies for marketing, sales and promotion Strategies for purchasing and support activities Strategies for web auctions, virtual communities and web portals The environment of electronic commerce: international, legal, ethical and tax issues Business plans for implementing electronic commerce Practical implementation of an electronic commerce site. E.g. 3 VBS
A Quick Survey
Which of the following have you done? • Used e-mail • Browsed the Web • Bought a product on the Web (what?) • Created a web page using an authoring tool • Written some HTML NOT teach you HTML ASP,JAVA SCRIPT, JAVA SERVLETS.
• To many people the term electronic commerce, often shortened to e-commerce, is equivalent to shopping on the web. • The term electronic business is sometimes used to capture the broader notion of e-commerce. • In this course, we will use e-commerce in its broadest sense. It encompasses both web shopping and other business conducted electronically.
E-commerce is not New
• Banks have used electronic funds transfers (EFTs), also called wire transfers, for decades. • Businesses have been engaging in electronic data interchange for years. EDI occurs when one business transmits computer readable data in a standard format to another business.
7 . mailing. • By sending the information electronically in a standard format. • Electronic transfer of data also introduces fewer errors than manual transfer.Electronic Data Interchange • In the 1960s businesses realized that many of the documents they exchanged related to the shipping of goods and contained the same set of information for each transaction. and re-entry of data. the businesses could save money on printing.
8 . • Note that technology does not always improve commerce. we can consider how technology can improve them.Technology and Commerce • In order to understand how technology can aid commerce we need to understand traditional commerce. • Once we have identified what activities are involved in traditional commerce.
• Commerce Is a basic economic activity involving trading or buying and selling of goods. Instead of performing all services and producing all goods independently. • Example: Customer enters a bookshop ….Origins of Commerce • The origins of traditional commerce predate recorded history. 9 . people rely on each other for the goods and services they need. • Commerce is based on the specialization of skills.
Commerce Traditional Commerce Internet Commerce Mobile Commerce Business Focused E-Commerce Consumer focused E-Commerce 10 .Commerce E.
Traditional Commerce • Although money has replaced bartering. • Commerce is a negotiated exchange of valuable objects or services between at least two parties and includes all activities that each of the parties undertakes the complete the transaction. 11 . the basic mechanics of commerce remain the same: one member of society creates something of value that another member of society desires.
12 .Views of Commerce Commerce can be viewed from at least two different perspectives: 1. The seller’s viewpoint Both perspectives will illustrate that commerce involves a number of distinct activities. called business processes. The buyer’s viewpoint 2.
The Buyer’s Perspective From the buyer’s perspective. testing. inspection. Select a vendor 6. Negotiate a purchase transaction including delivery logistics. commerce involves the following activities: 3. Identify a specific need 4. Perform/obtain maintenance if necessary . Search for products or services that will satisfy the specific need 5. Make payment 13 8. and acceptance 7.
and acceptance 7. testing. commerce involves the following activities: 3. Create a product or service to meet those needs 5. Ship goods and invoice the customer 8.The Seller’s Perspective From the sellers’ perspective. Receive and process customer payments 9. Negotiate a sales transaction including delivery logistics. Advertise and promote the product or service 6. Provide after sales support and maintenance 14 . Conduct market research to identify customer needs 4. inspection.
Examples include: • Transferring funds • Placing orders • Sending invoices • Shipping goods to customers 15 .Business Processes Business processes are the activities involved in conducting commerce.
electronic transmission can save both time and money. 16 . The seller then sends an electronic invoice back to the buyer.E-Commerce We will define e-commerce as the use of electronic data transmission to implement or enhance any business activity. When used appropriately. Example : A buyer sends an electronic purchase order to a seller.
including text. sound and visual images. including both organizations and individuals. that are based upon the processing and transmission of digitized data.E-Commerce • Electronic commerce "refers generally to all forms of transactions relating to commercial activities. 17 . Or E-commerce is about the sale and purchase of goods or services by electronic means over the internet.
delivery. searching. negotiating. 18 .Impact of E-Commerce E-commerce is changing the way traditional commerce is conducted: • Technology can help throughout the process including promotion. and support. selecting.
Three. D> Commercial Products . An Infrastructure Layer 2. A> Technical Infrastructure ( Internet and WWW) B> Secure messaging service ( EDI) C> Supporting Services. A Products / Structures Layer Further divided into Functional layer. services and systems( E-Retailing) E> Electronic Marketplace ( On Line auction) 19 .Layer Model 1. A service Layer 3.
a product or service that has become standardized. that is. 20 .Well-suited for E-Commerce Business processes that are well-suited for electronic commerce: • Sale/purchase of new books and CDs • Online delivery of software • Advertising and promotion of travel services • Online tracking of shipments The business processes that are especially well-suited to e-commerce include commodity items.
Best for traditional commerce Business processes that are well-suited to traditional commerce: • Sale/purchase of high fashion clothing (Any possible exceptions?) • Sale/purchase of perishable food products • Small-denomination transactions (Future?) • Sale of expensive jewelry and antiques In general. or otherwise closely examine are difficult to sell using 21 e-commerce. products that buyers prefer to touch. . smell.
) 22 .Questionable cases Would e-commerce or traditional commerce work best for the following activities? • • • • Sale/purchase of rare books Browsing through new books Sale/purchase of shoes Sale/purchase of collectibles (trading cards. plates. etc.
23 .Combinations of both Some business processes can be handled well using a combination of electronic and traditional methods: • Sale/purchase of automobiles • Online banking • Roommate-matching services • Sale/purchase of investment/insurance products In this course we will discuss the issue of evaluating the advantages and disadvantages of e-commerce. Let’s consider a few examples now.
g.g TPN C2B e.g eBay 24 . Amazon C2C e.Different Type of E-Commerce Business (Organization) Consumer (Individual) Business (Organization) Consumer (Individual) B2B e.g Priceline B2C e.
Advantages of E-Commerce For the seller: • Increases sales/decreases cost • Makes promotion easier for smaller firms • Can be used to reach narrow market segments For the buyer: • Makes it easier to obtain competitive bids • Provides a wider range of choices • Provides an easy way to customize the level of detail in the information obtained 25 .
paychecks. providing scheduling flexibility 26 .) cost less to issue and are more secure • Can make products and services available in remote areas • Enables people to work from home. etc.Advantages of E-Commerce II In general: • Increases the speed and accuracy with which businesses can exchange information • Electronic payments (tax refunds.
Cost Hence E-Commerce is attractive because it can raise profit by increasing revenue while decreasing cost.Advantages of E-Commerce III Profit = Revenue . 27 .
g. even with improvements in technology • Many products and services require a critical mass of potential buyers (e.Disadvantages of E-Commerce • Some business processes are not suited to e-commerce. online grocers) • Costs and returns on e-commerce can be difficult to quantify and estimate • Cultural impediments: People are reluctant to change in order to integrate new technology • The legal environment is uncertain: Courts and 28 legislators are trying to catch up .
MYTHS About E-Commerce • Myth 1 : E-Commerce is about developing web pages. 29 . • Myth 2: The successful implementation of an ecommerce system relies on web Programmers • Myth 3 : E-commerce is about translating the traditional business model into an electronic business model .
Service system : Handle the business Logic 3.Customer interface. Client side :. 30 . 2.Technical Model for An ECommerce System Client Side Service System Backend system 1. Backend System : provides the necessary information to complete a transaction.
Questions • Identify the business that are not suitable for Ecommerce. 31 . • Check out the difference between different type of E-commence sites on the Internet.
g Amazon.com is one of the most well known e-commerce site and an example of B2C e-commerce. choose book put in shopping cart after shopping-> check out the books and pay by the credits cards 32 . E. e.Different Type of E-Commerce • Business to Consumer (B2C) : The seller is business organization whereas buyer is a consumer . Books are listed under different sections for ease of searching. Note : Business drives the specification of the product and customer chooses whether or not to buy a product.g Electronic stores are set up on internet to sell goods to the consumer.
geis. 33 .e buyer submits a request to the system and then respective sellers respond to the request.Different Type of E-Commerce • Business to Business ( B2B) : Both the buyer and seller are the business organization . -> Interested suppliers bid for the request buyer and suppliers negotiate the bids finally buyer selects the best bid and completes the purchase.tpn.com is an internet based trading network for buyers and sellers to carry out B2B e-Commerce on the Internet. www. Note : It is buyer driven rather than seller driven. i.
books .g. • > 29 Millions members.eBay.com provides the world’s largest online trading service by means of online auctions. etc.Different Type of E-Commerce • Consumer to Consumer (C2C) : In this case both the seller and buyer are consumers. On line auctions provide an effective means for supporting C2C e-commerce. • E. • Buying and selling of a wide ranges of items . stamps. 34 . www.
priceline. • Also known as demand collection system. which provides a product that meets these requirements. • www.Different Type of E-Commerce • Consumer to Business (C2B) : In this consumer specifies the requirements to a business .com 35 .
Day 2 36 .
The Internet and the WWW 37 .
through e-mail and the World Wide Web.yahoo. see: http://dir.com/Computers_and_internet/Internet/History/ 38 .000 different networks in over 100 different countries. • Millions of people visit and contribute to the Internet.What is the Internet? • A loosely configured global wide-area network. • For detailed information about the history of the Internet. • Began as a Department of Defense project. • Includes more than 31.
• By 1969 the Advanced Research Projects Agency Network (ARPANet) had been constructed.Early history of the Internet • In the 1950s the U. SRI International. 39 . Department of Defense became concerned that a nuclear attack could disable its computing (and thus planning and coordinating) capabilities. and the University of Utah. • The first computers to be connected were ones at the University of California at Los Angeles. the University of California at Santa Barbara.S.
These new applications included the following: • Electronic mail • File transfer protocol • Telnet • User’s News Network (Usenet) 40 .The changing Internet Early on researchers began to find new uses for the Internet. beyond its original purpose of controlling weapons systems.
• Telnet allows users of the Internet to log into their computer accounts from remote sites. We will discuss them again later. 41 . • All three of these applications are still widely used. • File transfer protocol (FTP) allowed researchers using the Internet to transfer files easily across great distances.The new uses • In 1972 a researcher wrote a program that could send and receive messages over the Internet. E-mail was quickly adopted by Internet users.
• Usenet survives today in what are called newsgroups. • Usenet allows anyone who connects to the network to read and post articles on a variety of subjects. short for User News Network.Usenet • In 1979 a group of students and programmers at Duke and the University of North Carolina started Usenet. 42 .
climbing – soc.penpals The first part of the name of each group tells you what type of group it is and the remaining parts indicate the subject matter.Newsgroups There are several thousand newsgroups covering a highly varied groups of subjects.databases – rec. Examples: – alt. 43 .cats – comp.
As an example.Accessing newsgroups Newsgroups can be accessed in two ways: 2. rn. Using a browser on the Web. etc. DejaNews is a web site that allows access to a variety of newsgroups as well as providing an archive of old postings to the group. See http://www.) 3.com/usenet/ 44 .deja. Using special software (trn.
• As personal computers became more powerful. 45 .Early use of the Internet • From 1969 until the 1980s the Internet was used primarily by government and university researchers. companies created their own networks. and affordable in the 1980s. These users wanted to be able to communicate outside the network. • The development of the Internet was funded in part by the National Science Foundation (NSF) and commercial network traffic was prohibited.
Commercial use of the Internet • In 1989 the NSF allowed two commercial e-mail services (MCI Mail and CompuServe) to establish limited connections to the Internet. • These connections allowed an exchange of e-mail between users of the commercial services and users of the Internet. 46 . • In 1991 the NSF further eased its restrictions on Internet commercial activity and began planning for the privatization of the Internet.
each operated by a separate company. • The network access providers sell Internet access rights directly to larger customers and indirectly to smaller customers through other companies called Internet service providers (ISPs). 47 . At that point the NSF decommissioned its backbone. • The new structure of the Internet was based on four network access points (NAPs).Privatization • The privatization of the Internet was substantially completed in 1995.
A growing Internet • Researchers had long considered the Internet a valuable tool.000 • The largest growth in the Internet was yet to come. Year # of computers 1969 4 1990 313. • As the 1990s began. a larger variety of people thought of the Internet as a useful resource. 48 . • The Internet grew significantly in 20 years.
• Douglas Englebart (inventor of the mouse) created 49 the first experimental hypertext system. Ted Nelson described a similar system in which text on one page would have links to text on other pages. Vannevar Bush wrote an article that proposed a machine (called the Memex) to store a person’s books. • In the 1960s. Nelson called this page linking system hypertext. letters. The Memex would have an index to help locate documents. . records.A prehistory of the Web • In 1945. and research results on microfilm.
but its scientists wanted to find better ways to circulate their scientific papers and data. a laboratory for particle particle physics in Geneva. Berners-Lee and Calliau proposed a hypertext development project. • Independently. Tim Berners-Lee and Robert Calliau were working on overhauling the document handling procedures at CERN.CERN and hypertext • In 1990. 50 . Switzerland. • CERN had been connected to the Internet for two years.
hence the name Web. • The CERN site is considered the birthplace of the World Wide Web.web.ch/CERN/ 51 .The birth of the Web • Over the next two years Berners-Lee developed the code for a hypertext server program and made it available on the Internet. The CERN site: http://cern. • He envisioned the set of links between computers as a spider web.cern.
It is now called a Web server. • A hyperlink is a special tag that contains a pointer to another location in the same or in a different HTML document. which organizations have used for many years to manage large document 52 filing systems.Terminology • A hypertext server is a computer that stores files written in hypertext markup language (HTML) and lets other computers connect to it and read those files. • HTML is based on Standard Generalized Markup Language (SGML). .
• Although the Web caught on quickly in the research community. • Early web browsers were text based. • Part of the problem was that the early browsers were difficult to use. 53 . broader acceptance was slow to materialize.Early Web browsers • A Web browser is a software interface that lets users read (or browse) HTML documents.
• This first GUI browser was named Mosaic. Marc Andressen led a team of researchers and developed the first software with a graphical user interface for viewing pages over the Web. 54 .GUI Web browsers • In 1993. • Mosaic widened the appeal of the Web by making access easier and adding multimedia capabilities. • Andressen later went on to develop the Netscape Navigator browser.
560.000 12/1996 603. and continues to grow.367 21.000 07/2005 38.056. Date WWW Servers Internet Hosts 12/1969 N/A 4 12/1979 N/A 188 12/1989 N/A 159.000 12/1999 9.819.866 56. at a phenomenal rate.047.The growth of the Internet The Internet has grown.93.785 55 till date is growing .218.169.498 2.000 12/1993 623 2.
Factors behind growth There are four main factors that led to the surge in popularity of the Internet: • The web-like ability to link from site to site. • The ease of use provided by the browsers’ graphical user interface. • The growth of personal computers and local area networks that could be connected to the Internet. 56 . • The TCP/IP standard.
– Internet Engineering Task Force (IETF) Oversees the evolution of Internet protocols – Internet Registries (InterNIC) Maintain and allocate Internet domains – World Wide Web Consortium (W3C) Develops standards for the WWW • See the Internet Standardization Organizations. 57 . • Several groups oversee aspects of the development of the Internet.Control of the Internet • No one organization currently controls the Internet.
S. This new network is designed to allow development and deployment of advanced network applications and technologies. For more information see: http://www. universities working in partnership with industry and government. Internet2.internet2. is is being led by over 170 U.Internet 2 A project to develop another Internet.edu/ 58 .
• Once a connection was established. data traveled along that path.A model for networking • The world’s telephone companies were the early models for networked computers because the networks used leased telephone company lines. 59 . • Telephone companies at the time established a single connection between sender and receiver for each telephone call.
• Point-to-point connections for each sender/ receiver pair is expensive and hard to manage. • Using circuit switching does not work well for sending data across a large network. to connect in order to create the path between caller and receiver.Circuit switching • Telephone company switching equipment (both mechanical and computerized) selected the phone lines. or circuits. 60 . • This centrally controlled. single connection model is known as circuit switching.
A different approach
• The Internet uses a less expensive and more easily managed technique than circuit switching. • Files and messages are broken down into packets that are labeled with codes that indicate their origin and destination. • Packets travel from computer to computer along the network until they reach their destination. • The destination computer reassembles the data from the packets it receives. • This is called a packet switching network.
• In a packet-switched network, (some of) the computers that an individual packet encounters determine the best way to move the packet to its destination. • Computers performing this determination are called routers. • The programs that the computers use to determine the path are called routing algorithms.
Benefits of packet switching
There are benefits to packing switching: • Long streams of data can be broken down into small manageable data chunks, allowing the small packets to be distributed over a wide number of possible paths to balance traffic. • It is relatively inexpensive to replace damaged data packets after they arrive, since if a data packet is altered in transit only a single packet must be retransmitted.
When it was being developed, the people working on ARPANet adhered to the following principles: 3. Independent networks should not require any internal changes in order to be connected. 4. The router computers do not retain information about the packets that they handle. 5. Packets that do not arrive at their destinations must be retransmitted from their source network. 6. No global control exists over the network.
Most popular Internet protocols
The most popular Internet protocols include: • TCP/IP • HTTP (Hypertext transfer protocol) • E-mail protocols (SMTP, POP, IMAP) • FTP (File transfer protocol) Each protocol is used for a different purpose, but all of them are important.
• The protocols that underlie the basic operation of the Internet are TCP (transmission control protocol) and IP (Internet protocol). • Developed by Internet pioneers Vinton Cerf and and Robert Kahn, these protocols establish rules about how data are moved across networks and how network connections are established and broken. • Four layer architecture
67 . It also controls the reassembly of packets once they reach their destination. It also handles all addressing details for each packet.Purposes of each protocol • TCP controls the assembly of a message into smaller packets before it is transmitted over the network. • The IP protocol includes rules for routing individual data packets from their source to their destination.
68 . Each layer is responsible for a specific set of tasks and works as one unit with the other layers when delivering information over the Internet.Network layers The work done by communications software is broken into multiple layers. Each layer provides services for the layer above it. each of which handles a different set of tasks.
Hardware The lowest layer is the hardware layer that handles the individual pieces of equipment attached to the network. Application 2. 69 .TCP/IP architecture There are five layers in the Internet model: 1. The highest layer is the application layer where various network applications run. Transport 3. Internet 4. Network interface 5.
and FTP. however. See Figure 2-2 on page 38. POP. Some of the application layer protocols include HTTP. 70 .Positioning within the layers A full discussion of the Internet model is beyond the scope of this class. TCP operates in the transport layer and IP in the Internet layer. SMTP. It is. IMAP. useful to know where each protocol resides. (Telnet also operates in the application layer).
Web System Architecture Web Clients Internet Web Server and Application Server Database 71 .
Web Server : it is one of the main components of the service system. It interacts with the web clients as well as backend system. Application Server : It hosts the e-commerce application software..Web System Architecture Web Browser : It is client interface. 72 .
1 73 .HTTP • HTTP (hypertext transfer protocol) is the protocol responsible for transferring and displaying Web pages. • Like other Internet protocols.0 HTTP/1. we need to first discuss the client/server model. • It has continued to evolve since being introduced. to understand how HTTP works. HTTP/1. Thus. HTTP uses the client/ server model of computing.
HTTP Request Method in HTML • Get • Head • Post 74 .
• The server satisfies the requests of the client. 75 . The client is only capable of sending a request to the server and then waiting for the reply. such as data. • The client process makes requests of the server. it sends a message to the client. • This model simplifies communication. It usually has access to a resource.Client/server model • In the client/server model there are two roles: the client and the server. When the resource that the client wants becomes available. that the client wants.
the TCP/IP connection is closed and the HTTP session ends. • The server replies by sending back the page or an error message if the page could not be found. • Each new page that is desired will result in a new HTTP session and another TCP/IP connection. the browser sends a request to the server that holds the desired web page.HTTP and client/server • With HTTP the client is the user’s Web browser and the server is the Web server. 76 . • To open a session. • After the client verifies that the response sent was correct.
a client must make a request for each object. multiple requests • If a Web page contains objects such as movies. • For example. a Web page containing a background sound and three graphics will result in five separate server request messages to retrieve the four objects plus the page itself. sound. or graphics.One page. 77 .
Internet addresses Internet addresses are represented in several ways. and they will be replaced with 128-bit addresses in the near future. See the links page for more information. The increased demand for IP addresses will soon make 32-bit addresses too small. but all the formats are translated to a 32-bit number called an IP address. How does increasing the number of bits in the address help with increasing demand? 78 .
depaul. • Examples: students.192.6 • Each of the four numbers can range from 0 to 255.1.edu: 140.0.depaul.0 to 255.192.100 condor.edu: 140.255.255 79 . so the possible IP addresses range from 0.depaul.255.Dotted quads • IP numbers appear as a series of up to 4 separate numbers delineated by a period.1.33.cs.edu: 188.8.131.52 facweb.
cs.Domain names • Since IP numbers can be difficult for humans to remember.depaul.33.edu: 140. • Examples: students.192. domain names are associated with each IP address.100 facweb. 80 .192.edu: 140.depaul.1.6 • A domain name server is responsible for the mapping between domain names and IP addresses.
Example: http://www.edu/ • A more complex URL may have a file name and a path where the file can be found.cs. • A simple two part URL contains the protocol used to access the resource followed by the location of the resource. 81 . • A URL consists of at least two and as many as four parts.depaul.Uniform resource locator • People on the Web use a naming convention called the uniform resource locator (URL).
depaul.cs.A URL deconstructed http://facweb.htm hypertext transfer protocol domain path that indicates the location of the document in the host’s file system document name 82 .edu/asettle/ect250/section602/hw/assign2.
Anatomy of an e-mail address asettle @ cs . edu Domain Type Handle Host/Server Others: • students • hawk • condor Domain 83 . depaul .
name. … : Nations other than the U. biz. government • ja. coop. uk.S. tv. • New additions: info. aero.S. See links page for a related news story. museum. pro. de.Domain types • edu: educational • com: commercial • net: originally for telecommunications • org: organizations (non-profit) • gov: U. 84 .
These utility programs include: • Finger • Ping 85 .Internet utility programs TCP/IP supports a variety of utility programs that allow people to use the Internet more efficiently.
The information that can be obtained includes: • Which users are currently logged on • Where each user logged onto the network from • How long the user has been on the network • When the user last logged onto the system Finger is sometimes disabled for security reasons. 86 .Finger Finger is a program that allows a user to obtain limited information about other network users.
edu 87 . • It works by sending a packet to the specified address and waiting for a reply. Example: ping students.Ping • Ping (Packet InterNet Groper) tests the connectivity between two Internet hosts and determines if a host is active on the network. • Ping is typically used to troubleshoot connections. you simply type ping followed by the IP address or domain name of the machine you are interested in.depaul. • To run ping.
COOKIES HTTP is a Stateless Protocol. I.e . in shopping cart application . it is very impartment for server to keep track of user’ content w. But in E-commerce applications .t. shopping cart application. Solution : COOLKIES for a web sever was proposed to save state data at web client. e.g. 88 . knowing the user’s state is very important.r. Web user will not keep user’s state or information .
89 . •Finally user’s information is passed to the server.COOKIES • A maximum of 20 Cookies are allowed to each domain •Each cookies is limited to 4kb to prevent overloading the memory of the client computer. •Set cookie header : Set_Cookie : Name = value •Where name and Value of the cookie •Whenever required . the client will include the cookie in the http request herder as •cookie : Name = value.
COOKIES • Set-Cookie: Item1=1111 •Set-Cookie: Item2=2222 • •Set-Cookie: Item3=3333 •Cookie: Item1=1111 •Cookie: Item2=2222 •Cookie: Item3=3333 90 .
COOKIES •Comment •Domain •Expires •Max-age •Path •Secure 91 .
Architecture of A Web Based E-Commerce System 92 .
) It can be used to make a web page more interactive and dynamic. A java script code is embedded between <script> and </script> . host name etc. There are three main object: • • • Document Object : For providing information on the documents.Java Script Java script is scripting language proposed by Netscape to enhance the functions of HTML ( form Validation. Form Object :For providing information on the form. Location Object : For providing location related information for current web page such as URL .. 93 .
DAY 3 94 .
E-Commerce hardware and Software
Revisiting the Three Tier Model
First Tier – Web Client
It provides a web based GUI displayed through a web browser in the client computer .
Second Tier – Server side Applications
It consists of server side applications that run on a web server or a dedicated application server . These application implement the business logic of the web system. Major Factors : Efficiency , Security , cost effectiveness and Compatibility CGI : Common Gateway Interface ASP : Active Server Page Java Servlet
Third Tier – Database Management System
It provides data storage / retrieval services for the second tier so that dynamic web pages can be created. It may consist of one database or group of databases. For this we need database connectivity. One of the most popular method is by means of JDBC – ODBC bridge . Others are Proprietary Network Protocol Drivers and Native API drivers. To communicate with a database , we used SQL.
CGI 101 .
ASP 102 .
SERVLET Servlet is invoked by using HTML form 103 .
there are basically two technique. Nonservlet enabled web server we use Tomcat for developing an e-commerce application. 104 . 2. Servlet enabled web server 3.SERVLET To run servlets .
SERVLET Two main package in the servlet API . javax.http.servlet and javax.servlet. 105 .
SERVLET 106 .
commercial site.Web servers • The components of a web server are: – Hardware – Software • When determining what sort of server hardware and software to use you have to consider: – Size of the site – Purpose of the site – Traffic on the site • A small. noncommercial Web site will require less resources than a large. 107 .
The role of a web server • Facilitates business – Business to business transactions – Business to customer transactions • Hosts company applications • Part of the communications infrastructure Poor decisions about web server platforms can have a negative impact on a company. This is particularly true for purely online (“click and mortar”) companies. 108 .
Hosting considerations Will the site be hosted in-house or by a provider? Factors to consider: • The bandwidth and availability needed for the expected size. can the provider still handle it? • Personnel requirements or restraints • Budget and cost effectiveness of the solution • Target audience: Business-to-customer (B2C) or business-to-business (B2B) 109 . and sales of the site • Scalability: If the Web site needs to grow or has a sudden increase in traffic. traffic.
requires different hardware and software. and incurs varying costs. 110 .Types of Web sites • Development sites: A test site. low-cost • Intranets: Available internally only • B2B and B2C commerce sites • Content delivery site Each type of site has a different purpose.
7 days a week.Commerce sites Commerce sites must be available 24 hours a day. 111 . Requirements include: • Reliable servers • Backup servers for high availability • Efficient and easily upgraded software • Security software • Database connectivity B2B sites also require certificate servers to issue and analyze electronic authentication information.
Content delivery site • Examples: USA Today New York Times ZDNet • Sell and deliver content: news. summaries. 112 . • Database access must be efficient. other digital information. • Hardware requirements are similar to the commerce sites. histories.
What is Web hosting? Web hosts are Internet service providers who also allow access to: • E-commerce software • Storage space • E-commerce expertise You can choose: • Managed hosting: the service provider manages the operation and oversight of all servers • Unmanaged hosting: the customer must maintain and oversee all servers 113 .
• May require less investment in hardware/software.Benefits • Cost effective for small companies or those without in-house technical staff. • Make sure that the site is scalable. • Can eliminate the need to hire and oversee technical personnel. 114 .
Services provided • Access to hardware. software. personnel • Domain name. IP address • Disk storage • Template pages to use for designing the site • E-mail service • Use of FTP to upload and download information • Shopping cart software • Multimedia extensions (sound. movies) • Secure credit card processing 115 . animation.
it is almost always cheaper to use outside Web hosting services. • With the exception of large companies with large Web sites and in-house computer experts. • Creating and maintaining a Web site using an existing network can be difficult. 116 .Summary • ISPs have Web hosting expertise that small or medium-sized companies may not.
Examples • EZ Webhost • Interland • HostPro • HostIndex Managed hosting Other hosting options • TopHosts.com 117 .
B2C e-commerce Requirements: • A catalog display • Shopping cart capabilities • Transaction processing • Tools to populate the store catalog and to facilitate storefront display choices Any e-commerce software must be integrated with existing systems: – Database – Transaction processing software 118 .
Catalog display • Small storefront (fewer than 35 items) – Simple listing of products – No particular organization – Example: Quebec maple syrup • Larger catalog – Store product information in database – More sophisticated navigation aids – Better product organization – Search engine – Example: LL Bean 119 .
sales reports.Transaction processing • Usually performed with a secure connection. 121 . • May require the calculation of: – Sales tax – Shipping costs – Volume discounts – Tax-free sales – Special promotions – Time sensitive offers • Details about transactions must be tracked for accounting.
ERP integrates all facets of a business including planning. and marketing. • Encryption • Authentication • Digital signatures • Signed receipt notices • The ability to connect to existing legacy systems.B2B e-commerce Business-to-business e-commerce requires tools and capabilities different from those required for businessto-customer systems. sales. including Enterprise Resource Planning (ERP) software. 122 .
• Enterprise-class: For large companies with high traffic and transaction volumes. and can take from one day to several days to set up.Levels of packages Three levels of e-commerce packages: • Basic: Requires a few hundred dollars in fees and less than an hour to set up. Requires hardware purchase and some skills. • Middle-tier: Ranges in price from $1K to $5K+. 123 . Hardware and in-house specialists needed. Typically hosted by an ISP. Can connect with a database server.
Basic packages Basic packages are free or low-cost e-commerce software supplied by a Web host for building sites to be placed on the Web host’s system. • Fundamental services • Banner advertising exchanges • Full-service mall-style hosting 124 .
Each business has some control over which banners are placed on its site. • These services offer: – Space for the store – Forms-based shopping • The Web host makes money from advertising banners placed on the site.Fundamental services Available for businesses selling less than 50 items with a low rate of transactions. • Examples: Bizland. banners. 125 .com. HyperMart • Drawbacks: E-mail transaction processing.
enforces banner exchange rules. • The BES organizes the exchanges. • Banner exchange agreements are made between sites that sign up for the service. and rotates ads on the sites. • Examples: Banner Exchange. SmartClicks 126 . Exchange-it. collects statistics about customers. • A click through count is the number of visitors that a banner produces at a site.Banner exchange sites • Banner exchange sites aid online store promotion.
Full-service mall-style hosting
Full-service hosting sites provide: • High-quality tools • Storefront templates • An easy-to-use interface • Quick Web page creation and maintenance • No required banner advertising In exchange these sites may charge: • One-time set up fees • Monthly fees • A percentage of each transaction • A fixed amount per each transaction
Differences from basic services
• Shopping cart software • Comprehensive customer transaction processing – Choice of purchase options (credit card, electronic cash or other forms) – Acceptance and authorization of credit cards • No required (and distracting) Web banner ads • Higher quality Web store building/maintenance tools (saving time and energy) • Examples: Yahoo!Store, BigStep.com
Distinction from basic e-commerce packages: • The merchant has explicit control over – Merchandising choices – Site layout – Internal architecture – Remote and local management options • Other differences include price, capability, database connectivity, software portability, software customization tools, computer expertise required of the merchant.
• Prices range from $2000 to $9000. • Hosted on the merchant’s server. • Typically has connectivity with complex database systems and stores catalog information. • Several provide connections (“hooks”) into existing inventory and ERP systems. • Highly customizable • Requires part-time or full-time programming talent. • Examples: INTERSHOP efinity, WebSphere Commerce
Distinguishing features: • Price ($25,000 - $1 million) • Extensive support for B2B e-commerce • Interacts with a variety of back office systems, such as database, accounting, and ERP. • Requires one or more dedicated computers, a Web front-end, firewall(s), a DNS server, an SMTP system, an HTTP server, an FTP server, and a database server.
• Good tools for linking supply and purchasing. • Can interact with the inventory system to make the proper adjustments to stock, issue purchase orders, and generate accounting entries. • Example: Wal-Mart – Allows several suppliers to make decisions about resupplying – Results in cost savings in inventory • Examples: WebSphere Commerce Suite, Netscape
meaning that it can be upgraded or a new server added as necessary. operating system. and application server software must be considered together since each affects the other. • Other needs. Database products have large processing needs. 133 . should be handled by separate hardware. such as a database server. • Whatever your choice you must ensure that the server hardware is scalable.Web Platform Choices • Hardware.
• The mix and type of Web pages – Static pages – Dynamic pages: Shaped in response to users.Factors in performance • Hardware and operating system choice • Speed of connection to the Internet • User capacity – Throughput: The number of HTTP requests that can be processed in a given time period. 134 . – Response time: The amount of time a server requires to process one request.
• There are several Web benchmarking programs. software. For examples see Figure 3-4 on page 87. 135 .Benchmarking • Benchmarking is testing used to compare the performance of hardware and software. CPU speed. • Anyone considering buying a server for a heavy traffic situation or wanting to make changes to an existing system should consider benchmarks. • Results measure the performance of aspects such as the OS. network speed.
Web server features • Web server features range from basic to extensive depending on the software package being used. • Web server features fall into groups based on their purpose: – Core capabilities – Site management – Application construction – Dynamic content – Electronic commerce 136 .
Gopher • Searching. processing certificates and public/private key pairs. • Security Name/passwords. how long? May involve the use of Web log analysis software. what. when. • FTP. indexing • Data analysis Who. dynamic pages. domain name translation.Core capabilities • Process and respond to Web client requests Static pages. 137 .
Site management Features found in site management tools: • Link checking • Script checking • HTML validation • Web server log file analysis • Remote server administration 138 .
• Also detects HTML code that differs from the standard or is browser specific. application editors allow the creation dynamic features without knowledge of CGI (Common Gateway Interface) or API (Application Program Interface) programming. both static and dynamic. 139 . • Like HTML editors.Application construction • Uses Web editors and extensions to produce Web pages.
More information? Take ECT 353! 140 . • Active Server Pages (ASP) is a server-side scripting mechanism to build dynamic sites and Web applications. • Assembled from backend databases and internal data on the Web site. a successful dynamic page is tailored to the query that generated it. Jscript. and Perl. It uses a variety of languages such as VBScript.Dynamic content • Non-static information constructed in response to to a Web client’s request.
credit card processing. shopping carts. • A Web server should handle e-commerce software since this simplifies adding e-commerce features to existing sites. addition of new products.Electronic commerce • An Web server handles Web pages whereas an e-commerce server deals with the buying and selling of goods and services. • Features: Creation of graphics. 141 . sales report generation. Web ad rotation and weighting. product information.
Web server software • There is no best package for all cases. • The market is divided into intranet servers and public Web servers. • Three of the most popular Web server programs: – Apache Tomcat Server – Microsoft Internet Information Server – Netscape Enterprise Server 142 .
• For a discussion of its features see the Apache Software Foundation page. • Can be used for intranets and public Web sites. • Originally written for Unix.Apache Server • Developed by Rob McCool while at UI in the NCSA in 1994. • The software is available free of charge and is quite efficient. it is now available for many operating systems. 143 .
• It is suitable for everything from small sites to large enterprise-class sites with high volumes. • Can be used for intranets and public Web sites. • Currently only runs on Windows NT/2000. 144 .Microsoft IIS • Microsoft’s Internet Information Server comes bundled with Microsoft’s Windows NT/2000. • See Microsoft’s Web Services page.
and Lycos. • Some of the busiest sites on the Internet use NES including E*Trade. Excite. • Runs on many different operating systems. • Can be run on the Internet. 145 . • See Netscape Server Products.Netscape Enterprise Server • Costs several thousand dollars and has a 60-day trial period. intranets and extranets.
Further information • What Web software is running on a site? • Web server side-by-side comparisons 146 .
Web server tools Other Web server tools include: • Web portals • Search engines • Push technologies • Intelligent agents 147 .
Web portals • Provides a “cyber door” on the Web • Serves as a customizable home base • Successful portals include: – Excite – Yahoo! – My Netscape – Microsoft Passport 148 .
Push technologies • An automated delivery of specific and current information from a Web server to the user’s hard drive • May be used to provide information on: – Health benefit updates – Employee awards – Changes in corporate policies 149 .
Intelligent agents • A program that performs functions such as information gathering. information filtering. or mediation on behalf of a person or entity • Examples: – AuctionBot – BargainFinder – MySimon – Kasbah 150 .
when.Example uses Example uses for intelligent agents: • Search for the best price and characteristics of various products • Procurement: Deciding what. e. 151 . and how much to purchase • Stock alert: Monitors stock and notifies when certain conditions are met.g. purchase 100 shares if the price is below $60 a share.
Have a idea about HTML and Java Script. Server Side Component : Servlets . JDBC –ODBC Connectivity .using servlet. 2. Design some simple program.We Learned 1. 3. ASP etc. Database Connectivity. Hardware and Software required. 152 . 4. CGI . how to communicate with backend database system.
Day 4 153 .
Session Tracking 154 .
HTTP USER Authentication 4. 2. Cookies 155 . URL rewriting 3. This can be used to keep track of user and shopping cart.Four Methods 1. Hidden from field :.We define a hidden field element called the username in an HTML form .
xyz. I.2.com/servelts/welcome/hello http:// www.com/servlets/welcome/hello?session_no007 156 .e each user is given a specific URL for talking to the web server.com/servelts/welcome/007/hello Or http://www. A> To add extra directory to the original URL B> To add additional parameters at the end of URL e.xyz.g http://www. URL rewriting : the basic concept is to modify and more precisely rewrite URL to a specific URL for each user.xyz.
Cookies : are a small piece of information stored in the client browser. 4. HTTP User Authentication : it can be done by asking the user to provide his username and password. Can not be used in e-commerce scenario 157 .3. Each one have its own advantage and disadvantages.
3. Handling the life cycle of a session object.Servlet Session Tracking API It can be used in any servlet program. It can be easily integrated with java security API. RMI etc. Setting up of session object. Management of different Session. 158 . It can be used with other java components such as CORBA . 1. 2.
fireproof doors. or eliminates a threat.Terminology • Computer security is the protection of assets from unauthorized access. either physical or logical that recognizes. • A threat is an act or object that poses a danger to computer assets. alteration. vaults. use. or destruction. reduces. – Logical security is non-physical protection. security fences. • A countermeasure is a procedure. 161 . • There are two types of security: – Physical security including such devices as alarms.
Risk analysis The countermeasure will depend both on the cost associated with the threat and the likelihood that the threat will occur. (3) earthquake. high impact: Prevent • Low probability. low impact: Ignore • Low probability. low impact: Contain and control • High probability. high impact: Insurance or backup Example: CTI computer systems under threat from (1) virus. (2) fire. (4) theft 162 . • High probability.
storm. power surge – Theft. electrical shutdown. tornado – Arson.Types of threats • Physical threats – Natural phenomena: Earthquake. sabotage • Logical threats – Impostors – Eavesdroppers – Thieves 163 .
Example: Delaying a purchase order for stock 164 . and ensuring the authenticity of the data source. Example: Use of stolen credit card numbers • Integrity Preventing unauthorized data modification. Example: Changing of an e-mail message • Necessity Preventing data delays or denials.Security terminology • Secrecy Protecting against unauthorized data disclosure.
who is responsible for that protection. • The policy should address physical security.Security policy • Any organization concerned about protecting its e-commerce assets should have a security policy. • A security policy is a written statement describing what assets are to be protected. 165 . and disaster recovery. and which behaviors are acceptable and not. access authorizations. why they are to be protected. network security. virus protection.
History • Early computer security measures: – Computers were kept in locked central rooms – Access was granted only to select individuals – No one could remotely access the machine • Modern systems are more complex: – Remote processing – Electronic transmission of information – Widespread use of the Internet 166 .
Server security First. however. 167 . we will consider issues surrounding copyright and intellectual property. beginning with the consumer and ending with the commerce server.E-commerce threats E-commerce security is best studied by examining the overall process. Communication channel security 3. Client security 2. This analysis produces a three part structure: 1.
essays.S. architectural works. pictures. • The U. 168 . music. motion pictures. A copyright notice is not necessary. Copyright Act of 1976 protects items for a fixed period of time. Each work is protected when it is created. • Intellectual property is the ownership of ideas and control over the representation of those ideas.Copyright and IP • Copyright is the protection of expression and it typically covers items such as books. recordings. sculptures. graphics.
• It is very easy to reproduce an exact copy of anything found on the Internet.Threats The widespread use of the Internet has resulted in an increase in intellectual property threats. • A related issue is cybersquatting which is the practice of registering a trademark of another company as a domain name. 169 . • Many people are unaware of copyright restrictions protecting intellectual property. • See Intellectual Property Resources on the Internet.
• Some methods for protecting digital IP include: – Digital copyright laws – Electronically locking files – Digital watermarks 170 .Protecting copyrights and IP • Enforcing existing copyright laws can be difficult.
Example: “See everyone? Lucky Larry!” What does it mean? •A digital watermark is a digital code or stream embedded into a file. 171 . • The presence of a watermark can indicate that the file was stolen. They do not affect the quality of the file and may be undetectable.Digital watermarks • Steganography is the practice of hiding information within other information.
Outline E-commerce security is best studied by examining the overall process. This analysis produces a three part structure: • Client security • Communication channel security • Server security 172 . beginning with the consumer and ending with the commerce server.
• A technical issue involving physical and logical mechanisms.Secrecy vs. • Example: Employers reading employees’ e-mail. See: E-lessons in the Chicago Tribune 173 . • Example: Encryption of e-mail. • The law enforces privacy protection. Privacy • The protection of individual rights to non-disclosure. privacy Secrecy • The prevention of unauthorized information disclosure.
• Malicious programs can read cookies to gain private information. manage. Software exists that enables you to identify.Cookies • Cookies are files that store identifying information about clients for the purposes of personalization. 174 . display. See Cookie Crusher. and eliminate cookies. and Cookie Pal. • Cookies are not inherently bad. Many sites do not store sensitive data in cookies. See The Cookie FAQ for more information. but it is wise to learn about them.
• Their site acts as a firewall. • Example: Anonymizer. • There are portals that allow you to surf the Web anonymously by visiting their portal first.com 175 . preventing any leaks in information.Anonymous browsing • Since many Web sites gather information about visitors to their sites. you are constantly giving away information such as your IP address.
Typically servers engage in much more thorough detection and disinfection. • Malicious code can affect both the server and the client. • Examples: Virus or worm Trojan horses Malicious mobile code in active content 176 .Client threats • Malicious code is a program that causes damage to a system.
Worms • Viruses are often combined with a worm. 178 . • A worm does not necessarily need to be activated by a user or program for it to replicate. • Example: ILOVEYOU virus was both a script virus and a worm that propagated by sending itself to the first 50 people in a user’s Microsoft Outlook address book. • A worm is designed to spread from computer to computer rather than from file to file.
• Origin of the name? 179 .Trojan horse programs • Malicious active content may be embedded into a seemingly innocuous Web page. • A Trojan horse is a program hidden inside another program or Web page that masks its true purpose.
Java • Java is a high-level. • It was created for embedded systems. • Java is platform independent. 181 . • It reduces the load on servers by downloading work onto the client’s machine. object-oriented programming language developed by Sun Microsystems. but its most popular use has been in Web pages where applets implement client-side applications.
• All applets from a local file system are trusted and have full access to system resources. • The Java sandbox confines Java applet actions to a set of rules defined by a security model. 182 . those that have not been proven to be secure. a special security model called the Java sandbox was created. • The sandbox prevents applets from performing file input or output and from deleting files. • These rules apply to all untrusted Java applets.Java sandbox • To counter security problems.
• ActiveX controls only run on Windows machines.ActiveX controls • ActiveX is an object that contains programs and properties that Web designers place on pages to perform certain tasks. 184 . they are run on the client machine. Shockwave • Once downloaded. • When embedded ActiveX controls are downloaded. • Examples: Flash. including the operating system. ActiveX controls have access to system resources.
• Many plug-ins work by executing commands buried within the media they are displaying. 185 .Graphics and plug-ins Graphics: • Some graphics file formats have been designed to contain instructions on how the graphic is to be rendered. • Code embedded into the graphic is a potential threat. They handle things like playing audio clips and displaying movies. Plug-ins: • A browser plug-in is a program that enhances the capabilities of the browser.
186 . Each browser handles this in a different way. One way to improve trust is through the use of digital certificates.Protecting client computers The primary task in protecting a client machine is the monitoring of active content. The primary issue is trust of the site providing the active content.
Digital certificates • A digital certificate. • It identifies the author and has an expiration date. 187 . • Certificates are obtained from a Certificate Authority (CA) that issues them to an individual or an organization. • A page or message with a certificate is signed. • The certificate is only a guarantee of the identity of the author. or digital ID. Example: VeriSign • Identification requirements vary. is an attachment to a Web page or e-mail message verifying the identity of the creator of the page/message. not of the validity of the page/code.
Security in Internet Explorer
• Provides content warnings • Reacts to ActiveX and Java-based content • Uses Microsoft Authenticode technology that: – Verifies who signed the code – Checks if the code has been modified since it was signed • If a publisher has not attached a code you can set the browser to not download the page. • It is up to you to designate which companies you trust using “zones”.
• When a page with a certificate is downloaded: – The certificate is detached – The identity of the CA is verified – The integrity of the program is checked • A list of trusted CAs is built into the browser along with their public keys. • Both the certificate and the key must match.
• You can specify different security settings based on the origin of the information being downloaded. • There are four zones: – Internet: Anything not classified in another way – Local intranet: The internal network – Trusted sites – Restricted sites: Web sites you do not trust
• High: Safer but less functional; less secure features are disabled; cookies are disabled. • Medium: Safe but functional browsing; prompts before downloading potentially unsafe content; unsigned ActiveX will not be downloaded. • Medium-low: Downloads everything with prompts; most content will be run without prompts; unsigned ActiveX will not be downloaded. • Low: Minimal safeguards; most content will be downloaded and run without prompts; all active content can be run.
• The Custom Level button allows you to alter the defaults provided by a specific level. • All protections are a choice between running and not running active content. • No monitoring of code occurs during execution.
This analysis produces a three part structure: • Client security • Communication channel security • Server security 194 . beginning with the consumer and ending with the commerce server.Outline E-commerce security is best studied by examining the overall process.
and non-hostile.Communication channel threats • The Internet was designed for redundancy. secure. The DOD intended to encrypt all information moving in the network. and necessity threats. integrity. • The Internet remains in its insecure state. • The possible security violations include secrecy. 195 . • It is impossible to guarantee that every computer through which information passes is safe. not secure communications.
• This can capture: – Passwords – Credit card numbers – Proprietary corporate product information 196 .Sniffer programs • E-mail transmissions can be compromised by the theft of sensitive or personal information. • Sniffer programs record information as it passes through a particular router.
This occurs when an individual replaces content on the site. • Cyber vandalism is the electronic defacing of an existing Web site’s page. • This occurs when an unauthorized party alters a message in a stream of information. 197 . • Masquerading or spoofing occurs when perpetrators substitute the address of their site for a legitimate site and then alter an order or other information before passing it along.Integrity threats • An integrity threat is also called active wiretapping.
• The most famous example of a denial attack is the Robert Morris Internet Worm attack. 198 .Necessity threats • Also known as delay or denial threats. perpetrated in 1988. • Slowing processing can render a service unusable. the purpose is to disrupt or deny normal processing.
The name comes from krupto (secret) and grafh (writing). • The study of encryption is called cryptography. 199 .Encryption • Since the Internet is inherently insecure. any secret information must be encrypted. • Cryptography is not related to steganography. • Encryption is the coding of information using a program and a key to produce a string of unintelligible characters.
• A key is a string of digits that acts as a password. • Encrypted data is called ciphertext. • Only the intended receivers should have the key that transforms the ciphertext into plaintext. • A cipher or cryptosystem is a technique or algorithm for encrypting messages. • Cryptographic ciphers have a long history. 200 .Terminology • Unencrypted data is called plaintext.
Example: “a” by “b”. Example: Plaintext = example Ciphertext = eape xml 201 . uftujoh” – Transposition cipher: The ordering of the letters is shifted to form new words. “Uftujoh. Text was encrypted by hand. etc. “b” by “c”. • The two main types of ciphers were used: – Substitution cipher: Every occurrence of a given letter is replaced by a different one.Early cipher systems • Ciphers were used as far back as the ancient Egyptians.
Example: 128-bit encryption systems. the algorithms are based on the individual bits of a message rather than letters of the alphabet. • Encryption and decryption keys are binary strings of a given key length.Modern cipher systems • Modern cryptosystems are digital. 202 . sequences of 0’s and 1’s. • Computer information is stored as binary strings.
the more computing power and time it takes to break the code. in terms of bits. 203 . of the key used in the encryption procedure. The longer the key.Knowledge needed • Someone can know the details of an encryption algorithm and yet not be able to decipher an encrypted message without the key. Example: 128-bit encryption systems. • The resistance of the encrypted message depends on the size.
it uses a public key to encrypt messages and a private key to decipher messages. • Public-key cryptography Also known as asymmetric encryption. 204 .Types of cryptosystems There are two main types of cryptosystems: • Private-key cryptography Also known as symmetric or secret-key encryption. it uses a single key to both encrypt and decipher the message.
Private-key cryptography Suppose that Alice wishes to send Bob a message: • They exchange a secret key. Problems with this approach: • How do Alice and Bob exchange the secret key? • There is no authentication of the sender. • Bob decodes the message using the secret key. • Alice encodes the message using the secret key. • The ciphertext is sent to the Bob. • What if both wish to communicate with Chris? 205 .
• If Chris wants to communicate with Alice. they obtain a session key from the KDC. improving security.Key distribution center • A key distribution center shares a different key with each user in the network. the security of the entire network is at risk. they obtain a new session key. • If the KDC is compromised. • When Alice and Bob want to communicate. 206 . • They communicate using the session key.
207 . The current standard is to use Triple DES.DES • Data Encryption Standard (DES) is a 56-bit private-key encryption algorithm developed by the NSA and IBM in the 1950s. •Advanced Encryption Standard (AES). • Cryptoanalysts no longer believe that 56-bit keys are secure. three DES systems in a row. each with its own key.
Alice then uses her private key to decode the message. it would require enormous computing power to deduce the private key from the public one.Public-key cryptography • Public-key cryptography uses two related keys. 208 . • The private key is kept secret by its owner. • The public key is freely distributed. • When someone wishes to communicate with Alice they use Alice’s public key to encode their message. • Although the two keys are mathematically related.
• Similarly if the customer sends a message using the customer’s private key. the merchant can decipher it using the customer’s public key thus identifying the customer. – Use the merchant’s private key on the result. the customer knows that only the merchant can decipher the message. Example: Merchant to customer – First encode using the customer’s public key.Authentication • If a customer sends a message to a merchant using the merchant’s public key. 209 . • Both together give two way authentication.
• RSA is built into many Web browsers. See the RSA security page. Netscape Communicator. Apache Web Server. commerce servers. Examples: Internet Explorer. 210 . and e-mail systems. • Most secure e-commerce transactions on the Internet use RSA products. and Leonard Adleman). • Invented in 1977 at MIT. Adi Shamir.RSA • The mostly commonly used public-key system is RSA (named for its inventors: Ron Rivest.
• Used to encrypt e-mail messages and files. 211 .PGP • Another common public-key system is PGP (Pretty Good Privacy). See the MIT Distribution Center. • PGP is freely available for non-commercial use.
• The most common key agreement protocol is a digital envelope. • Public-key algorithms can be used to exchange private keys.Key agreement protocols • A drawback of public-key algorithms is that they are not efficient for sending large amounts of information. 212 . • The process by which two parties exchange keys over an insecure medium is a key agreement protocol.
213 . • Only the receiver can decipher the secret key.Digital envelopes The basic idea: • A message is encrypted using a secret key. • Bob decrypts the secret key using his private key. • Alice sends both to Bob. Example: • Alice encrypts a message using a secret key. • He then uses that key to decipher the message. • The secret key is encrypted using a public key. • Alice encrypts the secret key using Bob’s public key.
• Key generation algorithms must be random. • An important part of management is the generation of keys. 214 .Key management • Most compromises in security result from poor key management. • A key generation algorithm that is unintentionally constructed to select keys from a small subset of all possible keys may allow a third party to crack the encryption. the mishandling of private keys resulting in key theft. e. • The key length must be sufficiently long.g.
215 .Digital Certificate and X.509 • A digital Certificate is an identification document.
Digital Certificate and X.509 contains the following fields: 216 .509 X.
Digital Certificate System 217 .
• Secure Hypertext Transfer Protocol (S-HTTP) The purpose is to send individual messages securely. 218 . Developed by CommerceNet.Secure protocols • Secure sockets layer (SSL) The purpose is to secure connections between two computers. Developed by Netscape communications.
• See Figure 6-17 on page 221.SSL • To begin. 219 . • Once the keys are established. the transaction proceeds using the session keys and digital certificates. the client and server negotiate session keys to continue. • Using public-key cryptography. a client sends a message to a server. • All information exchanged is encoded. • The server responds by sending its digital certificate to the client for authentication.
Types of communication SSL resides on top of TCP/IP in the Internet protocol suite. As a result it can secure many different types of communications: • FTP sessions • Telnet sessions • HTTP sessions: S-HTTP 220 .
S.SSL key length Secure Sockets Layer comes in two strengths: 2. 40-bit 3. firms may only use the 128-bit version in products intended for the U. 221 . but U. The 40-bit version is available for export. 128-bit Both refer to the length of the session key generated by every encrypted transaction. market.S.
Developed by CommerceNet.Secure protocols • Secure sockets layer (SSL) The purpose is to secure connections between two computers. • Secure Hypertext Transfer Protocol (S-HTTP) The purpose is to send individual messages securely. 222 . Developed by Netscape communications.
it does not protect information once it is stored in the merchant’s database. 223 . The data needs to be encrypted and/or the server secured to protect information that was previously transmitted.Limitation Although SSL protects information as it is being transmitted.
Example: The client may use private keys and the server may use public keys. • Works at the application level. • Security features: – Client and server authentication (using RSA) – Symmetric encryption for communication – Message digests – The client and server may use separate S-HTTP techniques simultaneously. 224 . • It is concerned with securing individual messages.Secure HTTP • Secure HTTP (S-HTTP) is an extension of HTTP.
Establishing contact • The details of S-HTTP security are conducted during the initial negotiation session. all subsequent messages are wrapped in a secure envelope. 225 . • Security details are specified in special packet headers that are exchanged. • Once the client and server have agreed to the security implementations that will be enforced between them.
Security techniques • The client and server can specify that a security feature is required. • When a feature is required it must be used or the connection will be terminated. or refused. • Features: – Use of private-key encryption – Server authentication – Client authentication – Message integrity 226 . optional.
– The message digest is encrypted to produce a digital signature. 227 . • The basic idea: – A hashing algorithm is applied to produce a message digest.Transaction integrity • It is difficult to prevent integrity violations. but techniques can enable integrity violations to be detected. information can then be re-sent.
integrity is violated.Message digest • A hashing function is applied to the message. • The message digest is appended to the message. • This produces a number that is based on the length and content of the message. • The receiver recalculates the message digest. Good hash algorithms have few collisions. Problem: What if an adversary changes both the message and the message digest? 228 . • If they two do not match.
If they match the integrity of the message was preserved. computes his own digest. the digital signature and the message can be encrypted. • For added security. and then appends the encrypted digest onto the message. encrypts it using her private key. and compares the two. • The merchant deciphers the digest. • Only the sender could have created the digital signature. 229 .Digital signature • The sender computes the digest.
This analysis produces a three part structure: • Client security • Communication channel security • Server security 230 .E-commerce security E-commerce security is best studied by examining the overall process. beginning with the consumer and ending with the commerce server.
Server threats Server threats can be classified by the means used to obtain unauthorized access into the server: • The Web server and its software • Back-end programs and servers such as ones for a database • Common Gateway Interface (CGI) programs • Other utility programs residing on the server 231 .
including sensitive areas. • Setting up a Web server to run in high privilege mode can cause potential threats. 232 . – The rule is to use the lowest level needed to complete a given task. – The highest one allows access to any part of the system.Security levels • Web servers running on most machines can be set to run at various privilege levels. – The lowest level provides a logical fence that prevents access to sensitive areas.
Entering passwords • Web servers that require usernames and passwords can compromise security by revealing them. • Because the Web server needs the information as it moves from page to page. it may place that in a cookie on the client’s machine. 233 . • The server must be careful not to request that the cookie be transmitted unprotected.
Passwords that are easily guessed.Username/password pairs • Web servers may keep files with username/password pairs to use for authentication. • If these files are compromised then the system can be attacked by people masquerading as others. child or pet names. are poor choices. such as birth dates. • Users who choose passwords badly also pose a threat to Web server security. • Administrators often run programs that attempt to guess users’ passwords as a preventative measure. 234 .
• Databases that fail to store usernames/passwords in a secure manner or fail to enforce privileges can be compromised. attacks on them are particularly troubling.Database threats • Because databases hold valuable information. • Security is enforced using privileges. giving full access. 235 . • During an attack. • Security features rely on usernames/passwords. information may be moved to a less protected level of the database.
• Like Web servers. • Old CGI scripts that have been replaced can be loopholes for access into the system. CGI scripts can be set to run unconstrained (with high privilege). • Defective or malicious CGI scripts can access or destroy sensitive information. 236 . • CGI scripts can reside anywhere and are difficult to track.CGI threats • CGI implements the transfer of information from a Web server to another program.
Buffer overflows • A buffer is an area of memory set aside to hold data read from a file or database. can result in: – A computer crash – Instructions for an attacking program being written into the return address save area causing it to be run by the Web server CPU 237 . • Buffers are necessary because I/O operations are much slower than CPU operations. either from a buggy program or as part of a deliberate attack. • Buffer overflows.
Securing the server • Access control and authentication Controlling who and what has access to the server. Outside: All other networks. includes both users and other servers. • Firewalls Inside: Network and machines protected by the firewall. 238 .
• Usernames/passwords – Usernames are stored as clear text – Passwords are stored as encrypted text – A password entered is encrypted and compared against the encrypted password. • An access control list gives the users that can access certain files and folders in the system. and execute permissions may be set separately. write. 239 .Access control • Authentication via digital certificates and signatures. Read.
• Operates at the application layer. untrusted ones outside. • Only authorized traffic is allowed to pass. • Unnecessary software should be stripped off. • Can be used to separate divisions of a company. • The firewall should be immune to attack.Firewalls • All traffic from the outside must pass through it. • The same policies should apply to all firewalls. 240 . • Trusted networks are inside.
241 . • Gateway servers Filter traffic according to the application requested. • Proxy servers Communicate with the Internet on behalf of the private network. Also used as a cache for Web pages. Example: Incoming FTP requests granted but outgoing requests denied.Types of firewalls • Packet filters Filters traffic according to source and destination (IP address) based on a set of rules.
DAY 5 242 .
4. Credit Card .Electronic Payment System Four Types of Payment Methods: Cash . An Electronic cash system 243 . Secure Electronic Transaction (SET) Protocol for implementing Credit card. An electronic check system for supporting check payment 5. An electronic funds transfer system 6. Check and Credit/Debit ( Fund transfer) 3.
Acceptability 4C Payments Methods 244 . Divisibility 6. Overhead Cost 4. Transferability 5.Features of Payment Methods 1. Security 3. Anonymity 2.
Secure Electronic Transaction Must satisfying the following security requirements in context of credit card payment: Confidentiality Integrity Authentication 245 .
Cardholder 3. Acquirer 5.Network Architecture of SET System 1. Merchant 2. Issuer 4. Payment Gateway 246 .
Set Digital Certificate System 247 .
Payment system 248 . PI .Dual Signature Generation and Verification OI – Order Information .
Digital Envelope 249 .
Purchase Initiation 2. Payment Authorization 4. Purchase Request 3. Payment Capture 250 .SET Protocol 1.
SET Protocol 251 .
and promotion .Marketing. sales.
• The stakeholders include customers. and/or engage in advertising.Building a presence • An organization’s presence is the public image it conveys to its stakeholders. and the general public. employees. 253 . • Physical world: Create a store. stockholders. suppliers. neighbors. • On the Web: Create a site. factory. warehouse or office building and/or engage in advertising. which may be the only point of contact for stakeholders.
Web presence goals • Attracting visitors to the site • Making the site sticky so that visitors stay • Convincing visitors to follow the site’s links to obtain information • Creating an image consistent with the desired image of the organization • Reinforcing positive images that the visitor may already have about the organization 254 .
Examples • Commercial organizations – Toyota – Metra • Museums – Art Institute – Field Museum – Museum of Science and Industry 255 .
mission statement • Information about products or services • Financial information • A way to communicate with the organization + Usability matters + Communication should be two-way + Failure will result in a loss of competitiveness How can the design of the site be done effectively? 256 . statement of objectives.Elements of a Web site • History.
Purposes for visiting a site • Learning about products and services • Buying products and services • Obtaining information about warranties or service for previously purchased products • Gaining general information about the organization • Obtaining information for the purposes of investing or granting credit • Identifying the people who manage the organization • Obtaining contact information for an individual 257 .
Difficulties in delivering content • Varying visitor needs • Differing experience levels • Technological issues – Data transmission speeds – Web browsers – Plug-in software 258 .
reliable. twoway communication • Sustain visitor attention without detracting from the purpose and image of the site • Find ways to encourage return visits 259 . responsive.Strategies • Convey an integrated image • Provide easily accessible facts both about the firm and any products or services it may offer • Allow visitors to experience the site in a variety of ways and at different levels • Provide meaningful.
this may mean building several versions of the site • Be consistent in the use of design features and colors 260 . not around the organization’s structure • Allow quick access to the site’s information • Avoid using inflated marketing statements • Avoid using business jargon • Allow visitors with older browsers and slower connections to access the site -.Usability • Design the site around how visitors will navigate the site.
Usability • Make sure that navigation controls are clearly labeled or otherwise recognizable • Test text visibility on smaller monitors • Check that color combinations do not impair viewing clarity for the colorblind Positive examples: Webby Awards (See the Monterey Bay Aquarium) Negative examples: Mud Brick Awards 261 .
qualify. and contact potential customers.Finding and reaching customers • Personal contact/prospecting Employees individually search for. • Mass media approach Advertising and promotional material is created and then distributed via: – Television or radio – Newspapers or magazines – Highway billboards – Mailings 262 .
– Both seller and buyer participate actively.Types of interactions • One-to-many – Mass media – Seller sends out carefully produced messages to a large audience. buyer is passive. 263 . – Seller is active. • One-to-one – Personal contact – Salesperson interacts with customer directly. – Trust building is important.
Example: Book review sites.The Web • Many-to-one Many active potential customers seek out information from resources produced by the seller. 264 . fan sites • One-to-one E-mail contact with a seller • Many-to-many Newsgroups and interactive Web sites • Primary characteristic: The buyer is active and controls the length. and scope of the search. depth.
• Money spent on mass media is in dollars per each thousand people in the estimated audience. 265 .Effectiveness of mass media • Mass media efforts are measured by estimates of audience size. circulation. • This pricing metric is called cost per thousand and is often abbreviated CPM. or number of addresses.
one approach was to divide a pool of potential customers into segments. but more cost effective on the Web. Micromarketing is expensive using traditional means.Micromarketing As mass media lost its effectiveness (new and improved!). Targeting very small market segments is called micromarketing. This is called market segmentation. 266 .
Web-specific measures • A visit occurs when a visitor requests a page. Immediate downloads of new pages are often counted as part of the same visit. it is a click-through. • A trial visit is the first one. 267 . • If a visitor clicks a banner. • Charges range from $1 to $100 CPM. • If the page contains an ad it is an ad view. subsequent ones are called repeat visits. • An impression refers to each banner ad load. • Each page loaded is a page view. • One CPM for banner ads is 1000 impressions.
Comparisons The Web has: • Better effectiveness than mass media • More trust than mass media • Lower cost than personal contact • Less trust than personal contact It is believed that a move toward the side of personal contact is more effective. • Increase the trust level • Increase the personalization 268 .
behavior and buying patterns and uses that information to: • set prices • negotiate terms • tailor promotions • add product features • customize its relationship with the customer.Technology and marketing Technology-enabled relationship management is when a firm obtains detailed information about customer preferences. needs. 269 .
• Branded elements are easier to promote. • The key elements of branding are: – Differentiation – Relevance – Perceived value • This makes branding for commodity products like salt or plywood more difficult. value. and other desired qualities to potential customers.Branding • A known and respected brand presents a powerful statement about quality. 270 .
Differentiation A characteristic that sets the product apart from similar products. Examples: • Ivory soap: “It floats” • Dove soap: “1/4 moisturizing creme” • Palmolive dish soap: “Mild on your hands” • Dawn dish soap: “Takes grease out of your way” • Antibacterial soaps 271 .
Examples: • Cadillac • Hyundai • Minivans 272 . The customer must be able to see themselves purchasing and using the product.Relevance The degree to which the product offer utility to a potential customer.
Products can be different than others and people can see themselves using it.Perceived value The product must have some identified value. 273 . but it may not have values that they desire. Example: Subway sandwich ads comparing fat values of their product to those found in BigMacs.
On the Web it is easy to click away from emotional appeals.Emotional branding Ted Leonhardt: “Brand is an emotional shortcut between a company and its customer” Emotional appeals work well on television. and print media since the viewer is a passive recipient of information. billboards. 274 . radio.
Rational branding Rational branding offers to help Web users in some way in exchange for their viewing an ad. Functional assistance replaces emotional appeals. Examples: • Free e-mail services such as HotMail • Free Web hosting such as HyperMart • ShopSmart! program from Mastercard 275 .
Example: Amazon. Example: Yahoo! • Affiliate marketing: Descriptions.Other branding strategies • Leverage success in one area into another area. Example: Wedding Channel 276 .com • Serving as a market intermediary between buyers and sellers. reviews or other information about a product on one site are linked to pages on another site allowing you to purchase that item.
Costs of branding • Transferring existing brands to the Web or using the Web to maintain an existing brand is easier and less expensive than creating a new brand.com spent $70 million. Example: In 1998 Amazon. print.com spent $133 million and BarnesandNoble. 277 . much of it on traditional advertising. Example: Catalog sales companies • Attempting to create a brand on the Web may involve spending on traditional mass media such as television. and radio.
Business models for the Web • Selling goods and services Based on the mail order catalog business • Selling information or other digital content Can be used to expand markets and cut costs • Advertising supported Used by American network television • Advertising-subscription mixed Supported via both fees and advertising • Fee-for-transaction The use of information filtering for profit 278 .
• Customers may purchase via phone. • The printed catalog is replaced or supplemented by information on the Web site.Selling goods and services • Used for apparel. and gifts. computers. electronics. (Why?) • Fabric swatches are usually available.com: Discounting 279 . (Why?) • Examples: – Dell computers: Flexibility – Lands’ End: Overstocks – FTD Florists: Traditional advertising – Buy.
Selling digital content The Web is an efficient means for selling information. • Legal research: Lexis Publishing • Digital copies of documents: ProQuest • Electronic versions of journals: ACM Digital Library • Adult entertainment • Reference materials: Encyclopedia Britannica 280 .
Targeted advertising requires that demographics be collected. Examples: Number of visitors. number of click-throughs.Advertising supported The success of Web advertising has been hampered by two major problems: • There is no consensus on how to measure and charge for site visitor views. One success: Employment advertising 281 . a sensitive privacy issue. • Very few Web sites have sufficient number of hits to interest large advertisers. number of unique visitors.
• Examples – The New York Times – The Wall Street Journal – Reuters – ESPN 282 . • Popular with online newspapers.Advertising-subscription mixed • Subscribers are subject to less advertising and have greater access to the resources of the site.
• Travel agencies – Travelocity – Expedia • Automobile sales – Autobytel: An example of disintermediation • Stockbrokers • Insurance companies 283 .Fee-for-transaction • Value-added services are sold in exchange for a commission.
ethical.International. and legal issues .
Outline • International issues – Language – Culture – Infrastructure • Ethical issues – Defamation – Privacy rights • Legal issues – Borders and jurisdiction – Jurisdiction on the Internet – Taxation and e-commerce – Contracting – Web site content 286 .
International e-commerce • E-commerce is by its nature international. a combination of language and customs. • Trust can be built by sharing a culture. • The barriers to international e-commerce include: – Language – Culture – Infrastructure 287 . • International companies must work to build trust with customers. that is.
Language issues • A first step in reaching international customers is to conduct business in their native language. even if they understand English. • Estimates are that by the end of this year.S. • Customers are more likely to buy products and services from Web sites in their own language. 60% of Web use and 40% of e-commerce sales will involve at least one party outside the U. 288 .
and Swedish. Chinese.S. Japanese.Common languages • Most common non-English languages for U. 289 . Argentina. Spain vs. Korean.K. • Many languages involve different dialects such as Spanish in Mexico vs. • Some dialect differences are in spoken inflection. Portuguese. Example: Gray in U. Russian.. • Second tier of languages: Italian. • Word meanings and spellings can vary between dialects.S. German. companies: Spanish. French. grey in U.
Multiple language sites • Not every page on a site will be translated into multiple languages. • Pages that may be kept in multiple languages: – Home page – Marketing and branding pages – Product information pages • Pages that may be kept in a single language: – Local news – Employment opportunities 290 .
• Create different versions of the site and place links on the page directing visitors. (Why?) 291 .Handling language displays There are several ways to ensure that customers will see the language appropriate for them. • Use the information about the default language of the browser to direct visitors to pages. Hyundai The links need to be clearly labeled. Examples: Dell Computers. Country flags are not a good choice.
Translation/localization • Hire a Web page translation service – Translate the pages – Maintain them for a fee ($0.000 words an hour. Example: Idiom Technologies • Completely automated translation software. Can translate up to 40. Human translators do 400-600 words an hour. 292 .25 – 0.50/word) • Use software that automates the translation and maintenance of the pages.
• Complaints from Japanese customers to wine. • Baby food with a picture of a baby did not sell well in parts of Africa where food containers always carry a picture of their contents. • Chevrolet Nova did not sell in Latin America.com. “Come alive” became “Brings your ancestors back from their graves”. 293 .Culture issues Errors can stem from language and culture standards. • Pepsi’s campaign in China failed. Packaging is important part of a quality product.
• Uncovered legs or arms in a Muslim country. where the number 4 and white represents death. 294 . • A Web page divided into four parts or that uses the color white in Japan.Labeling issues Labeling issues are particularly troublesome: • Inappropriate use of the image of a cow in India.
• Softbank created a joint venture with 7-Eleven. adding an intermediary helped gain customers. – Order items on Internet – Pick them up and pay at 7-Eleven • In this case. Yahoo! Japan.Ways of doing business • Japanese customers prefer to pay using cash or cash transfer instead of credit cards. and Tohan to sell books and CDs on the Web. 295 .
Internet access Some parts of the world have environments that are inhospitable to e-commerce. 296 . • Denial of access to citizens • Restriction of citizens’ access • Addition of taxes that place it out of reach The information provided on the Internet may be seen as objectionable or threatening to the culture or traditions of the country.
297 . A U. directories. and advertising created by Quebec businesses to be in French. billboards. company that ships to France must provide pages in French. • Quebec provincial law requires street signs.Culture and the law Some countries have strong cultural requirements that have found their way into the legal codes. Web pages marketed at the U. • In France all advertisements for products must be in French. in English only are not allowed.S.S.
See Figure 11-2. 298 . • The paperwork needed for international transactions can be prohibitive. resulting in different behavior by Internet users. page 347. • Regulations in some places have restricted the development to a point that Internet data packet traffic cannot be handled reliably.Infrastructure issues • In many countries. • Local connection costs may be much higher than in the U.S. the telecommunication systems are government-owned or heavily regulated..
com and publishers Two areas of concern: 8.Ethical issues Not adhering to common ethical standards can result in a degradation of trust on the part of customers. Defamation 9. Example: Amazon. Privacy rights 299 .
A statement injuring the reputation of a product or service is called product disparagement. 300 .Defamation A defamatory statement is one that is false and injures the reputation of another person or company. The line between justifiable criticism and defamation can be hard to determine.
• The FTC issued a report that concluded Web sites were developing privacy practices with sufficient speed. • Privacy assumptions vary between cultures.Privacy rights • Privacy issues remain unsettled and are hotly debated in many forums. 301 . • Responses from privacy advocacy groups were in sharp disagreement.
• Give customers the right to delete any of the data collected about them.Some principles • Use the data collected to improve service. 302 . • Do not share customer data with outsiders without the customer’s permission. • Tell customers what data is being collected and what you are doing with it.
The legal environment Legal issues regarding e-commerce have only begun to be addressed. Categories of issues: • Borders and jurisdiction • Jurisdiction on the Internet • Contracting and contract enforcement • Web site content 303 .
The relationship between geographic boundaries and legal boundaries deals with four elements: 1. Notice 304 . Power 2. Territorial borders in the physical world serve as notice that culture and laws may be changing. Effects 3. Legitimacy 4.Borders and jurisdiction Culture affects both laws and ethical standards.
• Laws in the physical world do not apply to people who are not located in or own assets in the area that created those laws. 305 .Power • Some of the defining characteristics of a sovereign government are control over: – A physical space – Objects that reside in that space – People who reside in that space • The ability of a government to exert control over a person or corporation is called jurisdiction.
• Example: Trademark enforcement Two restaurants with the same name.Effects • Laws in the physical world are based on the relationship between physical proximity and the effects of a person’s behavior. one in Chicago and one in France. 306 . • Actions have a stronger hold on things nearby.
Example: China and Singapore • Other cultures place severe restrictions on the authority of the government.Legitimacy • The right to create laws and enforce laws derives from the mandate of those who will be subject to those laws. • Some cultures allow their governments a high degree of autonomy and authority. Example: Scandinavian countries 307 .
• Borders provide this notice.Notice • Physical boundaries are an effective way to announce the ending of one legal or cultural system and the beginning of another. 308 . • The perception that the laws and norms have changed is needed to allow people to adjust.
309 . • A tort is an action taken by a legal entity that causes harm to another legal entity. and maintained by a programmer from India. money). hosted by a Canadian site. • A contract is an agreement between two or more legal entities that provides for an exchange of value (goods. services.Jurisdiction on the Internet • Determining who has jurisdiction can be difficult. Example: Mexican customer dealing with a firm from Sweden.
Sufficient jurisdiction • If a person or organization wants to enforce their rights under contracts or seek tort damages. they must find courts that have sufficient jurisdiction. 310 . • A court has sufficient jurisdiction in a matter if it has both: – Subject matter jurisdiction – Personal jurisdiction.
federal taxes) • State courts deal with issues governed by states (Professional licensing. In the United States: • Federal courts preside over federal law (Bankruptcy.Subject-matter jurisdiction Subject-matter jurisdiction is a court’s authority to decide the type of dispute. copyright. 311 . state taxes) The rules are easy to apply for subject-matter. patent.
312 . • An out-of-state person can submit to a court’s jurisdiction by signing a contract that includes a statement that the contract will be enforced according to the laws of a particular state. • A court has jurisdiction if the defendant resides in the state in which the court is located. determined by the residence of the parties in question.Personal jurisdiction • Personal jurisdiction is. in general.
Long-arm statutes • States can enact statutes that create personal jurisdiction over nonresidents conducting business or committing tortious acts in the state. • In many cases. the more likely a court will be to use a long-arm statute. • Courts are also assert jurisdiction when a crime or intentional tort has occurred. • The more business conducted. 313 . these laws are not clear with respect to e-commerce.
personal jurisdiction for foreign firms and persons is determined by U.S. 314 .International issues • The exercise of jurisdiction across national borders is governed by treaties between the countries. • Businesses should consult an attorney for advice. • In general. • Jurisdictional issues are complex and changing. courts in the same way as long-arm statues.
315 . • Nexus is similar to personal jurisdiction. • Online companies may be subject to multiple tax laws from day one.Taxation and e-commerce • A government acquires the power to tax a business when the business establishes a connection with the area controlled by the government. This connection is called nexus. • Determining nexus can be difficult when a company conducts only a few activities in a state.
and local governments on the net income generated by business activities. use taxes. • Transaction taxes: Includes sales taxes. Income and transaction taxes are most important. • Property taxes: Levied on the personal property and real estate used in the business. and customs duties. state.Types of taxes A online business is potentially subject to several types of taxes: • Income taxes: Levied by national. 316 .
• A Web site maintained by a U.Federal income taxes • In the U. any increase in a company’s wealth is subject to federal taxation. federal income tax.S.S. (The law provides a tax credit for taxes paid to foreign countries).S.-based Web site generates income is subject to U. • Any company whose U.S.. 317 . company must also pay federal income tax on income generated outside the U.S.
• Companies can accept orders and ship from one state to many other states and avoid nexus by using a contract carrier such as FedEx or UPS to deliver goods to customers.State and local income taxes • Companies that do business in multiple local jurisdictions must apportion their income and file tax returns in each locality that levies an income tax. • The number of taxing authorities is over 30. 318 .000 in the United States.
Sales taxes • Businesses that establish nexus with a state must file sales tax returns and remit the sales tax they collect from their customers. it is not required to collect sales tax from those customers unless the business has established nexus with the customer’s state. Example: In NY large marshmallows are taxable since they are snacks but small ones are not since 319 they are food. • If a business ships to customers in other states. sales tax jurisdictions and the rules about which items are taxable differ.S. • There are 7500 U. .
Contracting • Any contract includes an offer and an acceptance. a contract is created. and unambiguous. • When one party makes an offer that is accepted. including all of its stated terms. 320 . • An acceptance is the expression of willingness to take an offer. precise. • An offer is a declaration of willingness to buy or sell a product or service with enough details to be firm.
Contracting on the Web • A seller advertising on the Web is not making an offer but inviting offers from potential buyers. • When the buyer submits an order. the seller accepts and a contract is made. • Some examples of legally binding acceptances in the physical world: – Mailing a check – Shipping goods – Shaking hands – Taking an item off a shelf – Opening a wrapped package 321 .
• Things that constitute a signature: – Faxes – Typed names – Printed names – Digital signatures 322 . written contracts must be used for goods worth more than $500 and contracts requiring actions that cannot be completed with a year.S.Written contracts • In the U.
• Sellers can use a warranty disclaimer to avoid some implied warranties. • Sellers can create explicit warranties. • Statements in promotional material may create an implied warranty. It must be clearly displayed. 323 .Warranties • Any contract for sale includes implied warranties.
These include: • Trademark infringement • Deceptive trade practices • Regulation of advertising claims • Defamation 324 .Web site content Legal issues can arise relating to the Web page content of an e-commerce site.
325 . • Manipulating trademarked images and placing them on a site can cause problems. • Example: A picture of a company (other than Pepsi) president holding a can of Pepsi. logo.Trademark infringement • Web designers must be careful not to use any trademarked name. or other identifying mark without the written consent of the trademark owner.
• Trademark dilution is the reduction of the distinctive quality of a trademark by alternate uses.Deceptive trade practices • Web sites that include links to other sites must be careful not to imply a relationship with the company if there is none. 326 . or other identifying characteristic that causes confusion in the customer’s mind. logo. • A firm cannot use a similar name.
Thanks and Good Bye 327 .