A Presentation on E-Commerce

BY: N. Badal, KNIT, Sultanpur

Introduction To the Course
 Course gives a survey of the key technological elements of e-commerce.  Focus on the technical aspects : it discusses how to build different parts of an e-commerce system and integrate into a full system.  Covers key underlying technologies of e-commerce including web system and web protocol web programming using java servlets.  Also covers some business strategies essential to e-commerce.

Topic to be Covered
• • • • • • • • • • • Introduction to electronic commerce The Internet and the Web : Infrastructure for electronic commerce Web-based tools for electronic commerce Electronic commerce Software Security threats to electronic commerce , Implementing security for electronic commerce Electronic payment systems Strategies for marketing, sales and promotion Strategies for purchasing and support activities Strategies for web auctions, virtual communities and web portals The environment of electronic commerce: international, legal, ethical and tax issues Business plans for implementing electronic commerce Practical implementation of an electronic commerce site. E.g. 3 VBS

A Quick Survey
 Which of the following have you done? • Used e-mail • Browsed the Web • Bought a product on the Web (what?) • Created a web page using an authoring tool • Written some HTML  NOT teach you HTML ASP,JAVA SCRIPT, JAVA SERVLETS.

Electronic Commerce
• To many people the term electronic commerce, often shortened to e-commerce, is equivalent to shopping on the web. • The term electronic business is sometimes used to capture the broader notion of e-commerce. • In this course, we will use e-commerce in its broadest sense. It encompasses both web shopping and other business conducted electronically.

E-commerce is not New
• Banks have used electronic funds transfers (EFTs), also called wire transfers, for decades. • Businesses have been engaging in electronic data interchange for years. EDI occurs when one business transmits computer readable data in a standard format to another business.


and re-entry of data. • By sending the information electronically in a standard format. • Electronic transfer of data also introduces fewer errors than manual transfer. mailing. 7 . the businesses could save money on printing.Electronic Data Interchange • In the 1960s businesses realized that many of the documents they exchanged related to the shipping of goods and contained the same set of information for each transaction.

8 . we can consider how technology can improve them. • Note that technology does not always improve commerce.Technology and Commerce • In order to understand how technology can aid commerce we need to understand traditional commerce. • Once we have identified what activities are involved in traditional commerce.

people rely on each other for the goods and services they need.Origins of Commerce • The origins of traditional commerce predate recorded history. • Commerce is based on the specialization of skills. • Example: Customer enters a bookshop …. Instead of performing all services and producing all goods independently. 9 . • Commerce Is a basic economic activity involving trading or buying and selling of goods.

Commerce E.Commerce Traditional Commerce Internet Commerce Mobile Commerce Business Focused E-Commerce Consumer focused E-Commerce 10 .

11 . • Commerce is a negotiated exchange of valuable objects or services between at least two parties and includes all activities that each of the parties undertakes the complete the transaction. the basic mechanics of commerce remain the same: one member of society creates something of value that another member of society desires.Traditional Commerce • Although money has replaced bartering.

The buyer’s viewpoint 2. The seller’s viewpoint Both perspectives will illustrate that commerce involves a number of distinct activities. called business processes.Views of Commerce Commerce can be viewed from at least two different perspectives: 1. 12 .

Make payment 13 8. testing. and acceptance 7. Search for products or services that will satisfy the specific need 5. Select a vendor 6. commerce involves the following activities: 3. inspection.The Buyer’s Perspective From the buyer’s perspective. Identify a specific need 4. Perform/obtain maintenance if necessary . Negotiate a purchase transaction including delivery logistics.

Advertise and promote the product or service 6. inspection. and acceptance 7. Ship goods and invoice the customer 8. Provide after sales support and maintenance 14 . Negotiate a sales transaction including delivery logistics. commerce involves the following activities: 3. Conduct market research to identify customer needs 4. Create a product or service to meet those needs 5.The Seller’s Perspective From the sellers’ perspective. Receive and process customer payments 9. testing.

Business Processes Business processes are the activities involved in conducting commerce. Examples include: • Transferring funds • Placing orders • Sending invoices • Shipping goods to customers 15 .

Example : A buyer sends an electronic purchase order to a seller. The seller then sends an electronic invoice back to the buyer.E-Commerce We will define e-commerce as the use of electronic data transmission to implement or enhance any business activity. When used appropriately. 16 . electronic transmission can save both time and money.

Or E-commerce is about the sale and purchase of goods or services by electronic means over the internet. sound and visual images. that are based upon the processing and transmission of digitized data.E-Commerce • Electronic commerce "refers generally to all forms of transactions relating to commercial activities. including text. 17 . including both organizations and individuals.

negotiating. and support. 18 . selecting. searching. delivery.Impact of E-Commerce E-commerce is changing the way traditional commerce is conducted: • Technology can help throughout the process including promotion.

D> Commercial Products . services and systems( E-Retailing) E> Electronic Marketplace ( On Line auction) 19 . A Products / Structures Layer Further divided into Functional layer. A service Layer 3.Layer Model 1.Three. An Infrastructure Layer 2. A> Technical Infrastructure ( Internet and WWW) B> Secure messaging service ( EDI) C> Supporting Services.

a product or service that has become standardized.Well-suited for E-Commerce Business processes that are well-suited for electronic commerce: • Sale/purchase of new books and CDs • Online delivery of software • Advertising and promotion of travel services • Online tracking of shipments The business processes that are especially well-suited to e-commerce include commodity items. 20 . that is.

smell.Best for traditional commerce Business processes that are well-suited to traditional commerce: • Sale/purchase of high fashion clothing (Any possible exceptions?) • Sale/purchase of perishable food products • Small-denomination transactions (Future?) • Sale of expensive jewelry and antiques In general. products that buyers prefer to touch. . or otherwise closely examine are difficult to sell using 21 e-commerce.

etc.Questionable cases Would e-commerce or traditional commerce work best for the following activities? • • • • Sale/purchase of rare books Browsing through new books Sale/purchase of shoes Sale/purchase of collectibles (trading cards. plates.) 22 .

Let’s consider a few examples now.Combinations of both Some business processes can be handled well using a combination of electronic and traditional methods: • Sale/purchase of automobiles • Online banking • Roommate-matching services • Sale/purchase of investment/insurance products In this course we will discuss the issue of evaluating the advantages and disadvantages of e-commerce. 23 .

g Priceline B2C e. Amazon C2C e.g eBay 24 .Different Type of E-Commerce Business (Organization) Consumer (Individual) Business (Organization) Consumer (Individual) B2B e.g.g TPN C2B e.

Advantages of E-Commerce For the seller: • Increases sales/decreases cost • Makes promotion easier for smaller firms • Can be used to reach narrow market segments For the buyer: • Makes it easier to obtain competitive bids • Provides a wider range of choices • Provides an easy way to customize the level of detail in the information obtained 25 .

paychecks. etc.Advantages of E-Commerce II In general: • Increases the speed and accuracy with which businesses can exchange information • Electronic payments (tax refunds. providing scheduling flexibility 26 .) cost less to issue and are more secure • Can make products and services available in remote areas • Enables people to work from home.

27 .Cost Hence E-Commerce is attractive because it can raise profit by increasing revenue while decreasing cost.Advantages of E-Commerce III Profit = Revenue .

even with improvements in technology • Many products and services require a critical mass of potential buyers (e. online grocers) • Costs and returns on e-commerce can be difficult to quantify and estimate • Cultural impediments: People are reluctant to change in order to integrate new technology • The legal environment is uncertain: Courts and 28 legislators are trying to catch up .g.Disadvantages of E-Commerce • Some business processes are not suited to e-commerce.

• Myth 2: The successful implementation of an ecommerce system relies on web Programmers • Myth 3 : E-commerce is about translating the traditional business model into an electronic business model .MYTHS About E-Commerce • Myth 1 : E-Commerce is about developing web pages. 29 .

Technical Model for An ECommerce System Client Side Service System Backend system 1. Client side :. Backend System : provides the necessary information to complete a transaction. 30 . Service system : Handle the business Logic 3.Customer interface. 2.

Questions • Identify the business that are not suitable for Ecommerce. • Check out the difference between different type of E-commence sites on the Internet. 31 .

Note : Business drives the specification of the product and customer chooses whether or not to buy a product.com is one of the most well known e-commerce site and an example of B2C e-commerce. choose book  put in shopping cart  after shopping-> check out the books and pay by the credits cards 32 . e.Different Type of E-Commerce • Business to Consumer (B2C) : The seller is business organization whereas buyer is a consumer . Books are listed under different sections for ease of searching. E.g Electronic stores are set up on internet to sell goods to the consumer.g Amazon.

33 . Note : It is buyer driven rather than seller driven.tpn.com is an internet based trading network for buyers and sellers to carry out B2B e-Commerce on the Internet. www. i.e buyer submits a request to the system and then respective sellers respond to the request. -> Interested suppliers bid for the request buyer and suppliers negotiate the bids  finally buyer selects the best bid and completes the purchase.geis.Different Type of E-Commerce • Business to Business ( B2B) : Both the buyer and seller are the business organization .

34 .com provides the world’s largest online trading service by means of online auctions. etc. • E.Different Type of E-Commerce • Consumer to Consumer (C2C) : In this case both the seller and buyer are consumers.g. www. books . • > 29 Millions members. On line auctions provide an effective means for supporting C2C e-commerce.eBay. stamps. • Buying and selling of a wide ranges of items .

• Also known as demand collection system. which provides a product that meets these requirements.priceline.Different Type of E-Commerce • Consumer to Business (C2B) : In this consumer specifies the requirements to a business . • www.com 35 .

Day 2 36 .

The Internet and the WWW 37 .

What is the Internet? • A loosely configured global wide-area network. through e-mail and the World Wide Web.yahoo. • Includes more than 31.000 different networks in over 100 different countries. • For detailed information about the history of the Internet. • Began as a Department of Defense project. • Millions of people visit and contribute to the Internet.com/Computers_and_internet/Internet/History/ 38 . see: http://dir.

• By 1969 the Advanced Research Projects Agency Network (ARPANet) had been constructed.Early history of the Internet • In the 1950s the U. the University of California at Santa Barbara. • The first computers to be connected were ones at the University of California at Los Angeles. SRI International. Department of Defense became concerned that a nuclear attack could disable its computing (and thus planning and coordinating) capabilities. and the University of Utah.S. 39 .

These new applications included the following: • Electronic mail • File transfer protocol • Telnet • User’s News Network (Usenet) 40 .The changing Internet Early on researchers began to find new uses for the Internet. beyond its original purpose of controlling weapons systems.

• File transfer protocol (FTP) allowed researchers using the Internet to transfer files easily across great distances. E-mail was quickly adopted by Internet users.The new uses • In 1972 a researcher wrote a program that could send and receive messages over the Internet. We will discuss them again later. • Telnet allows users of the Internet to log into their computer accounts from remote sites. 41 . • All three of these applications are still widely used.

42 .Usenet • In 1979 a group of students and programmers at Duke and the University of North Carolina started Usenet. • Usenet survives today in what are called newsgroups. • Usenet allows anyone who connects to the network to read and post articles on a variety of subjects. short for User News Network.

Newsgroups There are several thousand newsgroups covering a highly varied groups of subjects.penpals  The first part of the name of each group tells you what type of group it is and the remaining parts indicate the subject matter.climbing  – soc.databases  – rec. Examples: – alt. 43 .cats  – comp.

etc.) 3.deja. Using special software (trn.com/usenet/ 44 . See http://www. rn.Accessing newsgroups Newsgroups can be accessed in two ways: 2. As an example. DejaNews is a web site that allows access to a variety of newsgroups as well as providing an archive of old postings to the group. Using a browser on the Web.

• As personal computers became more powerful. • The development of the Internet was funded in part by the National Science Foundation (NSF) and commercial network traffic was prohibited.Early use of the Internet • From 1969 until the 1980s the Internet was used primarily by government and university researchers. companies created their own networks. These users wanted to be able to communicate outside the network. 45 . and affordable in the 1980s.

• These connections allowed an exchange of e-mail between users of the commercial services and users of the Internet. 46 . • In 1991 the NSF further eased its restrictions on Internet commercial activity and began planning for the privatization of the Internet.Commercial use of the Internet • In 1989 the NSF allowed two commercial e-mail services (MCI Mail and CompuServe) to establish limited connections to the Internet.

• The new structure of the Internet was based on four network access points (NAPs). At that point the NSF decommissioned its backbone. 47 . • The network access providers sell Internet access rights directly to larger customers and indirectly to smaller customers through other companies called Internet service providers (ISPs). each operated by a separate company.Privatization • The privatization of the Internet was substantially completed in 1995.

A growing Internet • Researchers had long considered the Internet a valuable tool. 48 .000 • The largest growth in the Internet was yet to come. • As the 1990s began. • The Internet grew significantly in 20 years. Year # of computers 1969 4 1990 313. a larger variety of people thought of the Internet as a useful resource.

and research results on microfilm. The Memex would have an index to help locate documents.A prehistory of the Web • In 1945. Vannevar Bush wrote an article that proposed a machine (called the Memex) to store a person’s books. • Douglas Englebart (inventor of the mouse) created 49 the first experimental hypertext system. records. Nelson called this page linking system hypertext. Ted Nelson described a similar system in which text on one page would have links to text on other pages. letters. . • In the 1960s.

but its scientists wanted to find better ways to circulate their scientific papers and data. Tim Berners-Lee and Robert Calliau were working on overhauling the document handling procedures at CERN. Berners-Lee and Calliau proposed a hypertext development project. Switzerland. a laboratory for particle particle physics in Geneva.CERN and hypertext • In 1990. 50 . • Independently. • CERN had been connected to the Internet for two years.

web. • The CERN site is considered the birthplace of the World Wide Web. The CERN site: http://cern. hence the name Web.ch/CERN/ 51 .The birth of the Web • Over the next two years Berners-Lee developed the code for a hypertext server program and made it available on the Internet.cern. • He envisioned the set of links between computers as a spider web.

• A hyperlink is a special tag that contains a pointer to another location in the same or in a different HTML document.Terminology • A hypertext server is a computer that stores files written in hypertext markup language (HTML) and lets other computers connect to it and read those files. It is now called a Web server. which organizations have used for many years to manage large document 52 filing systems. • HTML is based on Standard Generalized Markup Language (SGML). .

• Early web browsers were text based. • Part of the problem was that the early browsers were difficult to use. broader acceptance was slow to materialize. • Although the Web caught on quickly in the research community.Early Web browsers • A Web browser is a software interface that lets users read (or browse) HTML documents. 53 .

GUI Web browsers • In 1993. Marc Andressen led a team of researchers and developed the first software with a graphical user interface for viewing pages over the Web. 54 . • Mosaic widened the appeal of the Web by making access easier and adding multimedia capabilities. • Andressen later went on to develop the Netscape Navigator browser. • This first GUI browser was named Mosaic.

at a phenomenal rate.The growth of the Internet The Internet has grown.000 12/1999 9. Date WWW Servers Internet Hosts 12/1969 N/A 4 12/1979 N/A 188 12/1989 N/A 159.000 07/2005 38.367 12/1996 603.560.819.000 12/1993 623 2. and continues to grow.056.498 55 till date is growing .866 56.

56 .Factors behind growth There are four main factors that led to the surge in popularity of the Internet: • The web-like ability to link from site to site. • The TCP/IP standard. • The ease of use provided by the browsers’ graphical user interface. • The growth of personal computers and local area networks that could be connected to the Internet.

– Internet Engineering Task Force (IETF) Oversees the evolution of Internet protocols – Internet Registries (InterNIC) Maintain and allocate Internet domains – World Wide Web Consortium (W3C) Develops standards for the WWW • See the Internet Standardization Organizations. 57 . • Several groups oversee aspects of the development of the Internet.Control of the Internet • No one organization currently controls the Internet.

This new network is designed to allow development and deployment of advanced network applications and technologies.edu/ 58 .Internet 2 A project to develop another Internet. universities working in partnership with industry and government. For more information see: http://www. is is being led by over 170 U.internet2.S. Internet2.

data traveled along that path. 59 . • Once a connection was established.A model for networking • The world’s telephone companies were the early models for networked computers because the networks used leased telephone company lines. • Telephone companies at the time established a single connection between sender and receiver for each telephone call.

60 . to connect in order to create the path between caller and receiver. or circuits. single connection model is known as circuit switching. • This centrally controlled. • Using circuit switching does not work well for sending data across a large network. • Point-to-point connections for each sender/ receiver pair is expensive and hard to manage.Circuit switching • Telephone company switching equipment (both mechanical and computerized) selected the phone lines.

A different approach
• The Internet uses a less expensive and more easily managed technique than circuit switching. • Files and messages are broken down into packets that are labeled with codes that indicate their origin and destination. • Packets travel from computer to computer along the network until they reach their destination. • The destination computer reassembles the data from the packets it receives. • This is called a packet switching network.

Packet switching
• In a packet-switched network, (some of) the computers that an individual packet encounters determine the best way to move the packet to its destination. • Computers performing this determination are called routers. • The programs that the computers use to determine the path are called routing algorithms.


Benefits of packet switching
There are benefits to packing switching: • Long streams of data can be broken down into small manageable data chunks, allowing the small packets to be distributed over a wide number of possible paths to balance traffic. • It is relatively inexpensive to replace damaged data packets after they arrive, since if a data packet is altered in transit only a single packet must be retransmitted.


Open architecture
When it was being developed, the people working on ARPANet adhered to the following principles: 3. Independent networks should not require any internal changes in order to be connected. 4. The router computers do not retain information about the packets that they handle. 5. Packets that do not arrive at their destinations must be retransmitted from their source network. 6. No global control exists over the network.


Most popular Internet protocols
The most popular Internet protocols include: • TCP/IP • HTTP (Hypertext transfer protocol) • E-mail protocols (SMTP, POP, IMAP) • FTP (File transfer protocol) Each protocol is used for a different purpose, but all of them are important.


• The protocols that underlie the basic operation of the Internet are TCP (transmission control protocol) and IP (Internet protocol). • Developed by Internet pioneers Vinton Cerf and and Robert Kahn, these protocols establish rules about how data are moved across networks and how network connections are established and broken. • Four layer architecture


• The IP protocol includes rules for routing individual data packets from their source to their destination.Purposes of each protocol • TCP controls the assembly of a message into smaller packets before it is transmitted over the network. 67 . It also handles all addressing details for each packet. It also controls the reassembly of packets once they reach their destination.

each of which handles a different set of tasks. Each layer is responsible for a specific set of tasks and works as one unit with the other layers when delivering information over the Internet.Network layers The work done by communications software is broken into multiple layers. 68 . Each layer provides services for the layer above it.

Application 2.TCP/IP architecture There are five layers in the Internet model: 1. 69 . Internet 4. Hardware The lowest layer is the hardware layer that handles the individual pieces of equipment attached to the network. Network interface 5. Transport 3. The highest layer is the application layer where various network applications run.

IMAP. however.Positioning within the layers A full discussion of the Internet model is beyond the scope of this class. and FTP. See Figure 2-2 on page 38. 70 . useful to know where each protocol resides. Some of the application layer protocols include HTTP. SMTP. It is. POP. TCP operates in the transport layer and IP in the Internet layer. (Telnet also operates in the application layer).

Web System Architecture Web Clients Internet Web Server and Application Server Database 71 .

Web System Architecture Web Browser : It is client interface. It interacts with the web clients as well as backend system. Web Server : it is one of the main components of the service system.. 72 . Application Server : It hosts the e-commerce application software.

to understand how HTTP works. HTTP/1.0 HTTP/1.HTTP • HTTP (hypertext transfer protocol) is the protocol responsible for transferring and displaying Web pages.1 73 . we need to first discuss the client/server model. • It has continued to evolve since being introduced. HTTP uses the client/ server model of computing. Thus. • Like other Internet protocols.

HTTP Request Method in HTML • Get • Head • Post 74 .

such as data.Client/server model • In the client/server model there are two roles: the client and the server. • The client process makes requests of the server. that the client wants. It usually has access to a resource. 75 . • The server satisfies the requests of the client. The client is only capable of sending a request to the server and then waiting for the reply. it sends a message to the client. When the resource that the client wants becomes available. • This model simplifies communication.

• To open a session. • The server replies by sending back the page or an error message if the page could not be found.HTTP and client/server • With HTTP the client is the user’s Web browser and the server is the Web server. the browser sends a request to the server that holds the desired web page. • Each new page that is desired will result in a new HTTP session and another TCP/IP connection. 76 . • After the client verifies that the response sent was correct. the TCP/IP connection is closed and the HTTP session ends.

77 . a Web page containing a background sound and three graphics will result in five separate server request messages to retrieve the four objects plus the page itself. sound. • For example.One page. multiple requests • If a Web page contains objects such as movies. or graphics. a client must make a request for each object.

See the links page for more information.Internet addresses Internet addresses are represented in several ways. How does increasing the number of bits in the address help with increasing demand? 78 . and they will be replaced with 128-bit addresses in the near future. but all the formats are translated to a 32-bit number called an IP address. The increased demand for IP addresses will soon make 32-bit addresses too small.

cs.edu: 140.255 79 .33.edu: 140.Dotted quads • IP numbers appear as a series of up to 4 separate numbers delineated by a period.255.6 • Each of the four numbers can range from 0 to 255. so the possible IP addresses range from 0.0 to 140.depaul. • Examples: students.6 facweb.100 condor.0.255.1.depaul.1.192.

Domain names • Since IP numbers can be difficult for humans to remember.33.1.edu: 140.depaul.192. 80 . domain names are associated with each IP address.100 facweb.cs.edu: 140. • Examples: students.6 • A domain name server is responsible for the mapping between domain names and IP addresses.depaul.192.

Example: http://www.edu/ • A more complex URL may have a file name and a path where the file can be found. 81 .Uniform resource locator • People on the Web use a naming convention called the uniform resource locator (URL). • A simple two part URL contains the protocol used to access the resource followed by the location of the resource.depaul. • A URL consists of at least two and as many as four parts.cs.

htm hypertext transfer protocol domain path that indicates the location of the document in the host’s file system document name 82 .depaul.edu/asettle/ect250/section602/hw/assign2.cs.A URL deconstructed http://facweb.

Anatomy of an e-mail address asettle @ cs . edu Domain Type Handle Host/Server Others: • students • hawk • condor Domain 83 . depaul .

See links page for a related news story. • New additions: info. government • ja. 84 . pro. museum.S.Domain types • edu: educational • com: commercial • net: originally for telecommunications • org: organizations (non-profit) • gov: U. tv. name. de.S. uk. … : Nations other than the U. aero. coop. biz.

Internet utility programs TCP/IP supports a variety of utility programs that allow people to use the Internet more efficiently. These utility programs include: • Finger • Ping 85 .

The information that can be obtained includes: • Which users are currently logged on • Where each user logged onto the network from • How long the user has been on the network • When the user last logged onto the system Finger is sometimes disabled for security reasons.Finger Finger is a program that allows a user to obtain limited information about other network users. 86 .

• It works by sending a packet to the specified address and waiting for a reply. you simply type ping followed by the IP address or domain name of the machine you are interested in. Example: ping students.Ping • Ping (Packet InterNet Groper) tests the connectivity between two Internet hosts and determines if a host is active on the network. • Ping is typically used to troubleshoot connections.edu 87 .depaul. • To run ping.

e.e . But in E-commerce applications . Web user will not keep user’s state or information . in shopping cart application . Solution : COOLKIES for a web sever was proposed to save state data at web client.COOKIES HTTP is a Stateless Protocol. knowing the user’s state is very important.r.g. it is very impartment for server to keep track of user’ content w.t. shopping cart application. I. 88 .

the client will include the cookie in the http request herder as •cookie : Name = value. •Set cookie header : Set_Cookie : Name = value •Where name and Value of the cookie •Whenever required . •Finally user’s information is passed to the server. 89 .COOKIES • A maximum of 20 Cookies are allowed to each domain •Each cookies is limited to 4kb to prevent overloading the memory of the client computer.

COOKIES • Set-Cookie: Item1=1111 •Set-Cookie: Item2=2222 • •Set-Cookie: Item3=3333 •Cookie: Item1=1111 •Cookie: Item2=2222 •Cookie: Item3=3333 90 .

COOKIES •Comment •Domain •Expires •Max-age •Path •Secure 91 .

Architecture of A Web Based E-Commerce System 92 .

Form Object :For providing information on the form. 93 .Java Script Java script is scripting language proposed by Netscape to enhance the functions of HTML ( form Validation. A java script code is embedded between <script> and </script> .. Location Object : For providing location related information for current web page such as URL .) It can be used to make a web page more interactive and dynamic. host name etc. There are three main object: • • • Document Object : For providing information on the documents.

DAY 3 94 .

E-Commerce hardware and Software

Revisiting the Three Tier Model


First Tier – Web Client
It provides a web based GUI displayed through a web browser in the client computer .


Second Tier – Server side Applications
It consists of server side applications that run on a web server or a dedicated application server . These application implement the business logic of the web system. Major Factors : Efficiency , Security , cost effectiveness and Compatibility CGI : Common Gateway Interface ASP : Active Server Page Java Servlet

Third Tier – Database Management System
It provides data storage / retrieval services for the second tier so that dynamic web pages can be created. It may consist of one database or group of databases. For this we need database connectivity. One of the most popular method is by means of JDBC – ODBC bridge . Others are Proprietary Network Protocol Drivers and Native API drivers. To communicate with a database , we used SQL.




CGI 101 .

ASP 102 .

SERVLET Servlet is invoked by using HTML form 103 .

SERVLET To run servlets . there are basically two technique. Nonservlet enabled web server we use Tomcat for developing an e-commerce application. 2. Servlet enabled web server 3. 104 .

105 .SERVLET Two main package in the servlet API .servlet and javax.http.servlet. javax.


Web servers • The components of a web server are: – Hardware – Software • When determining what sort of server hardware and software to use you have to consider: – Size of the site – Purpose of the site – Traffic on the site • A small. 107 . commercial site. noncommercial Web site will require less resources than a large.

This is particularly true for purely online (“click and mortar”) companies.The role of a web server • Facilitates business – Business to business transactions – Business to customer transactions • Hosts company applications • Part of the communications infrastructure Poor decisions about web server platforms can have a negative impact on a company. 108 .

and sales of the site • Scalability: If the Web site needs to grow or has a sudden increase in traffic.Hosting considerations Will the site be hosted in-house or by a provider? Factors to consider: • The bandwidth and availability needed for the expected size. can the provider still handle it? • Personnel requirements or restraints • Budget and cost effectiveness of the solution • Target audience: Business-to-customer (B2C) or business-to-business (B2B) 109 . traffic.

Types of Web sites • Development sites: A test site. 110 . low-cost • Intranets: Available internally only • B2B and B2C commerce sites • Content delivery site Each type of site has a different purpose. requires different hardware and software. and incurs varying costs.

Requirements include: • Reliable servers • Backup servers for high availability • Efficient and easily upgraded software • Security software • Database connectivity B2B sites also require certificate servers to issue and analyze electronic authentication information. 7 days a week.Commerce sites Commerce sites must be available 24 hours a day. 111 .

summaries. histories. other digital information. 112 . • Hardware requirements are similar to the commerce sites. • Database access must be efficient.Content delivery site • Examples:  USA Today  New York Times  ZDNet • Sell and deliver content: news.

What is Web hosting? Web hosts are Internet service providers who also allow access to: • E-commerce software • Storage space • E-commerce expertise You can choose: • Managed hosting: the service provider manages the operation and oversight of all servers • Unmanaged hosting: the customer must maintain and oversee all servers 113 .

114 . • Make sure that the site is scalable. • May require less investment in hardware/software.Benefits • Cost effective for small companies or those without in-house technical staff. • Can eliminate the need to hire and oversee technical personnel.

IP address • Disk storage • Template pages to use for designing the site • E-mail service • Use of FTP to upload and download information • Shopping cart software • Multimedia extensions (sound. animation. personnel • Domain name.Services provided • Access to hardware. movies) • Secure credit card processing 115 . software.

• With the exception of large companies with large Web sites and in-house computer experts. 116 . • Creating and maintaining a Web site using an existing network can be difficult.Summary • ISPs have Web hosting expertise that small or medium-sized companies may not. it is almost always cheaper to use outside Web hosting services.

Examples • EZ Webhost • Interland • HostPro • HostIndex  Managed hosting  Other hosting options • TopHosts.com 117 .

B2C e-commerce Requirements: • A catalog display • Shopping cart capabilities • Transaction processing • Tools to populate the store catalog and to facilitate storefront display choices Any e-commerce software must be integrated with existing systems: – Database – Transaction processing software 118 .

Catalog display • Small storefront (fewer than 35 items) – Simple listing of products – No particular organization – Example: Quebec maple syrup • Larger catalog – Store product information in database – More sophisticated navigation aids – Better product organization – Search engine – Example: LL Bean 119 .

One way to do this is to use cookies. etc. 120 . Required writing down product codes. bits of information stored on the client’s computer.Shopping carts • Early e-commerce shopping used forms-based check out methods. • A shopping cart: – Keeps track of items selected – Allows you to view the items in a cart – Allows you to change quantities of items • Because the Web is stateless. unit prices. information must be stored for retrieval.

• May require the calculation of: – Sales tax – Shipping costs – Volume discounts – Tax-free sales – Special promotions – Time sensitive offers • Details about transactions must be tracked for accounting.Transaction processing • Usually performed with a secure connection. 121 . sales reports.

122 . including Enterprise Resource Planning (ERP) software. ERP integrates all facets of a business including planning. and marketing. • Encryption • Authentication • Digital signatures • Signed receipt notices • The ability to connect to existing legacy systems.B2B e-commerce Business-to-business e-commerce requires tools and capabilities different from those required for businessto-customer systems. sales.

Levels of packages Three levels of e-commerce packages: • Basic: Requires a few hundred dollars in fees and less than an hour to set up. Typically hosted by an ISP. Requires hardware purchase and some skills. and can take from one day to several days to set up. 123 . • Middle-tier: Ranges in price from $1K to $5K+. Hardware and in-house specialists needed. Can connect with a database server. • Enterprise-class: For large companies with high traffic and transaction volumes.

Basic packages Basic packages are free or low-cost e-commerce software supplied by a Web host for building sites to be placed on the Web host’s system. • Fundamental services • Banner advertising exchanges • Full-service mall-style hosting 124 .

125 . banners. • Examples: Bizland.com. HyperMart • Drawbacks: E-mail transaction processing. • These services offer: – Space for the store – Forms-based shopping • The Web host makes money from advertising banners placed on the site. Each business has some control over which banners are placed on its site.Fundamental services Available for businesses selling less than 50 items with a low rate of transactions.

Exchange-it. • Banner exchange agreements are made between sites that sign up for the service. • A click through count is the number of visitors that a banner produces at a site.Banner exchange sites • Banner exchange sites aid online store promotion. SmartClicks 126 . and rotates ads on the sites. enforces banner exchange rules. • Examples: Banner Exchange. collects statistics about customers. • The BES organizes the exchanges.

Full-service mall-style hosting
Full-service hosting sites provide: • High-quality tools • Storefront templates • An easy-to-use interface • Quick Web page creation and maintenance • No required banner advertising In exchange these sites may charge: • One-time set up fees • Monthly fees • A percentage of each transaction • A fixed amount per each transaction

Differences from basic services
• Shopping cart software • Comprehensive customer transaction processing – Choice of purchase options (credit card, electronic cash or other forms) – Acceptance and authorization of credit cards • No required (and distracting) Web banner ads • Higher quality Web store building/maintenance tools (saving time and energy) • Examples: Yahoo!Store, BigStep.com


Midrange packages
Distinction from basic e-commerce packages: • The merchant has explicit control over – Merchandising choices – Site layout – Internal architecture – Remote and local management options • Other differences include price, capability, database connectivity, software portability, software customization tools, computer expertise required of the merchant.

• Prices range from $2000 to $9000. • Hosted on the merchant’s server. • Typically has connectivity with complex database systems and stores catalog information. • Several provide connections (“hooks”) into existing inventory and ERP systems. • Highly customizable • Requires part-time or full-time programming talent. • Examples: INTERSHOP efinity, WebSphere Commerce

Enterprise solutions
Distinguishing features: • Price ($25,000 - $1 million) • Extensive support for B2B e-commerce • Interacts with a variety of back office systems, such as database, accounting, and ERP. • Requires one or more dedicated computers, a Web front-end, firewall(s), a DNS server, an SMTP system, an HTTP server, an FTP server, and a database server.


• Good tools for linking supply and purchasing. • Can interact with the inventory system to make the proper adjustments to stock, issue purchase orders, and generate accounting entries. • Example: Wal-Mart – Allows several suppliers to make decisions about resupplying – Results in cost savings in inventory • Examples: WebSphere Commerce Suite, Netscape

• Other needs. Database products have large processing needs. and application server software must be considered together since each affects the other. 133 . • Whatever your choice you must ensure that the server hardware is scalable.Web Platform Choices • Hardware. meaning that it can be upgraded or a new server added as necessary. such as a database server. should be handled by separate hardware. operating system.

• The mix and type of Web pages – Static pages – Dynamic pages: Shaped in response to users. 134 .Factors in performance • Hardware and operating system choice • Speed of connection to the Internet • User capacity – Throughput: The number of HTTP requests that can be processed in a given time period. – Response time: The amount of time a server requires to process one request.

CPU speed. • Anyone considering buying a server for a heavy traffic situation or wanting to make changes to an existing system should consider benchmarks. 135 . For examples see Figure 3-4 on page 87.Benchmarking • Benchmarking is testing used to compare the performance of hardware and software. • Results measure the performance of aspects such as the OS. network speed. • There are several Web benchmarking programs. software.

Web server features • Web server features range from basic to extensive depending on the software package being used. • Web server features fall into groups based on their purpose: – Core capabilities – Site management – Application construction – Dynamic content – Electronic commerce 136 .

how long? May involve the use of Web log analysis software. domain name translation. indexing • Data analysis Who. • Security Name/passwords. what. Gopher • Searching. processing certificates and public/private key pairs.Core capabilities • Process and respond to Web client requests Static pages. when. 137 . dynamic pages. • FTP.

Site management Features found in site management tools: • Link checking • Script checking • HTML validation • Web server log file analysis • Remote server administration 138 .

both static and dynamic. • Also detects HTML code that differs from the standard or is browser specific.Application construction • Uses Web editors and extensions to produce Web pages. • Like HTML editors. application editors allow the creation dynamic features without knowledge of CGI (Common Gateway Interface) or API (Application Program Interface) programming. 139 .

a successful dynamic page is tailored to the query that generated it. • Assembled from backend databases and internal data on the Web site. It uses a variety of languages such as VBScript. Jscript. More information? Take ECT 353! 140 . • Active Server Pages (ASP) is a server-side scripting mechanism to build dynamic sites and Web applications.Dynamic content • Non-static information constructed in response to to a Web client’s request. and Perl.

product information. credit card processing. • A Web server should handle e-commerce software since this simplifies adding e-commerce features to existing sites. addition of new products. • Features: Creation of graphics.Electronic commerce • An Web server handles Web pages whereas an e-commerce server deals with the buying and selling of goods and services. sales report generation. shopping carts. Web ad rotation and weighting. 141 .

Web server software • There is no best package for all cases. • Three of the most popular Web server programs: – Apache Tomcat Server – Microsoft Internet Information Server – Netscape Enterprise Server 142 . • The market is divided into intranet servers and public Web servers.

• For a discussion of its features see the Apache Software Foundation page. • The software is available free of charge and is quite efficient. it is now available for many operating systems. • Can be used for intranets and public Web sites. • Originally written for Unix. 143 .Apache Server • Developed by Rob McCool while at UI in the NCSA in 1994.

• It is suitable for everything from small sites to large enterprise-class sites with high volumes.Microsoft IIS • Microsoft’s Internet Information Server comes bundled with Microsoft’s Windows NT/2000. 144 . • Can be used for intranets and public Web sites. • See Microsoft’s Web Services page. • Currently only runs on Windows NT/2000.

145 . • Some of the busiest sites on the Internet use NES including E*Trade. • See Netscape Server Products. Excite. and Lycos.Netscape Enterprise Server • Costs several thousand dollars and has a 60-day trial period. • Can be run on the Internet. • Runs on many different operating systems. intranets and extranets.

Further information • What Web software is running on a site? • Web server side-by-side comparisons 146 .

Web server tools Other Web server tools include: • Web portals • Search engines • Push technologies • Intelligent agents 147 .

Web portals • Provides a “cyber door” on the Web • Serves as a customizable home base • Successful portals include: – Excite – Yahoo! – My Netscape – Microsoft Passport 148 .

Push technologies • An automated delivery of specific and current information from a Web server to the user’s hard drive • May be used to provide information on: – Health benefit updates – Employee awards – Changes in corporate policies 149 .

Intelligent agents • A program that performs functions such as information gathering. information filtering. or mediation on behalf of a person or entity • Examples: – AuctionBot – BargainFinder – MySimon – Kasbah 150 .

when. purchase 100 shares if the price is below $60 a share. 151 . and how much to purchase • Stock alert: Monitors stock and notifies when certain conditions are met.g. e.Example uses Example uses for intelligent agents: • Search for the best price and characteristics of various products • Procurement: Deciding what.

2. Design some simple program. CGI . ASP etc. 4. Hardware and Software required. Have a idea about HTML and Java Script. 152 .using servlet. 3. Server Side Component : Servlets . JDBC –ODBC Connectivity . how to communicate with backend database system. Database Connectivity.We Learned 1.

Day 4 153 .

Session Tracking 154 .

We define a hidden field element called the username in an HTML form .Four Methods 1. This can be used to keep track of user and shopping cart. 2. Hidden from field :. URL rewriting 3. Cookies 155 . HTTP USER Authentication 4.

xyz. URL rewriting : the basic concept is to modify and more precisely rewrite URL to a specific URL for each user.g http://www. I.e each user is given a specific URL for talking to the web server.xyz.com/servlets/welcome/hello?session_no007 156 .com/servelts/welcome/007/hello Or http://www.2.com/servelts/welcome/hello http:// www.xyz. A> To add extra directory to the original URL B> To add additional parameters at the end of URL e.

HTTP User Authentication : it can be done by asking the user to provide his username and password. Each one have its own advantage and disadvantages. Can not be used in e-commerce scenario 157 . 4.3. Cookies : are a small piece of information stored in the client browser.

Handling the life cycle of a session object. It can be used with other java components such as CORBA . 2.Servlet Session Tracking API It can be used in any servlet program. It can be easily integrated with java security API. RMI etc. 3. 158 . Setting up of session object. 1. Management of different Session.

159 .

Security .

alteration. use. or eliminates a threat. – Logical security is non-physical protection. fireproof doors.Terminology • Computer security is the protection of assets from unauthorized access. • A countermeasure is a procedure. or destruction. reduces. • A threat is an act or object that poses a danger to computer assets. 161 . either physical or logical that recognizes. security fences. • There are two types of security: – Physical security including such devices as alarms. vaults.

Risk analysis The countermeasure will depend both on the cost associated with the threat and the likelihood that the threat will occur. • High probability. (4) theft 162 . low impact: Ignore • Low probability. high impact: Prevent • Low probability. low impact: Contain and control • High probability. high impact: Insurance or backup Example: CTI computer systems under threat from (1) virus. (2) fire. (3) earthquake.

sabotage • Logical threats – Impostors – Eavesdroppers – Thieves 163 .Types of threats • Physical threats – Natural phenomena: Earthquake. power surge – Theft. tornado – Arson. storm. electrical shutdown.

Example: Delaying a purchase order for stock 164 . Example: Changing of an e-mail message • Necessity Preventing data delays or denials. and ensuring the authenticity of the data source.Security terminology • Secrecy Protecting against unauthorized data disclosure. Example: Use of stolen credit card numbers • Integrity Preventing unauthorized data modification.

and disaster recovery. access authorizations. network security. • A security policy is a written statement describing what assets are to be protected. 165 .Security policy • Any organization concerned about protecting its e-commerce assets should have a security policy. virus protection. • The policy should address physical security. who is responsible for that protection. why they are to be protected. and which behaviors are acceptable and not.

History • Early computer security measures: – Computers were kept in locked central rooms – Access was granted only to select individuals – No one could remotely access the machine • Modern systems are more complex: – Remote processing – Electronic transmission of information – Widespread use of the Internet 166 .

we will consider issues surrounding copyright and intellectual property. This analysis produces a three part structure: 1. 167 . Server security First.E-commerce threats E-commerce security is best studied by examining the overall process. however. Communication channel security 3. Client security 2. beginning with the consumer and ending with the commerce server.

music. Each work is protected when it is created. Copyright Act of 1976 protects items for a fixed period of time. graphics. 168 . sculptures. essays. pictures. A copyright notice is not necessary. architectural works.Copyright and IP • Copyright is the protection of expression and it typically covers items such as books.S. • Intellectual property is the ownership of ideas and control over the representation of those ideas. • The U. motion pictures. recordings.

Threats The widespread use of the Internet has resulted in an increase in intellectual property threats. • See Intellectual Property Resources on the Internet. 169 . • It is very easy to reproduce an exact copy of anything found on the Internet. • Many people are unaware of copyright restrictions protecting intellectual property. • A related issue is cybersquatting which is the practice of registering a trademark of another company as a domain name.

Protecting copyrights and IP • Enforcing existing copyright laws can be difficult. • Some methods for protecting digital IP include: – Digital copyright laws – Electronically locking files – Digital watermarks 170 .

Digital watermarks • Steganography is the practice of hiding information within other information. Example: “See everyone? Lucky Larry!” What does it mean? •A digital watermark is a digital code or stream embedded into a file. They do not affect the quality of the file and may be undetectable. • The presence of a watermark can indicate that the file was stolen. 171 .

This analysis produces a three part structure: • Client security • Communication channel security • Server security 172 .Outline E-commerce security is best studied by examining the overall process. beginning with the consumer and ending with the commerce server.

• Example: Employers reading employees’ e-mail. Privacy • The protection of individual rights to non-disclosure.Secrecy vs. See: E-lessons in the Chicago Tribune 173 . • The law enforces privacy protection. privacy Secrecy • The prevention of unauthorized information disclosure. • Example: Encryption of e-mail. • A technical issue involving physical and logical mechanisms.

and Cookie Pal. See Cookie Crusher. but it is wise to learn about them. display. manage. and eliminate cookies. Many sites do not store sensitive data in cookies.Cookies • Cookies are files that store identifying information about clients for the purposes of personalization. See The Cookie FAQ for more information. 174 . • Malicious programs can read cookies to gain private information. Software exists that enables you to identify. • Cookies are not inherently bad.

Anonymous browsing • Since many Web sites gather information about visitors to their sites. preventing any leaks in information. • Example: Anonymizer. you are constantly giving away information such as your IP address.com 175 . • There are portals that allow you to surf the Web anonymously by visiting their portal first. • Their site acts as a firewall.

Client threats • Malicious code is a program that causes damage to a system. Typically servers engage in much more thorough detection and disinfection. • Malicious code can affect both the server and the client. • Examples:  Virus or worm  Trojan horses  Malicious mobile code in active content 176 .

com.Viruses • Macro virus (Anna Kournikova) – 75-80% of all viruses – Application specific – Spread through e-mail attachments • File-infecting virus – Infects executable files (.exe. . JavaScript) – Activated by clicking a .vbs or .dll) – Spread through e-mail and file transfer • Script viruses (ILOVEYOU) – Written in scripting languages (VBScript. .js file 177 .drv. .

178 .Worms • Viruses are often combined with a worm. • A worm is designed to spread from computer to computer rather than from file to file. • Example: ILOVEYOU virus was both a script virus and a worm that propagated by sending itself to the first 50 people in a user’s Microsoft Outlook address book. • A worm does not necessarily need to be activated by a user or program for it to replicate.

• A Trojan horse is a program hidden inside another program or Web page that masks its true purpose.Trojan horse programs • Malicious active content may be embedded into a seemingly innocuous Web page. • Origin of the name? 179 .

downloads and plays audio. programs embedded in Web pages. etc.Active content • Active content. • Active content displays moving graphics. • Active content can be implemented in a variety of ways: – Java – JavaScript – ActiveX 180 . places items into shopping carts. computes the total invoice amount. can be a threat to clients.

Java • Java is a high-level. but its most popular use has been in Web pages where applets implement client-side applications. • It was created for embedded systems. object-oriented programming language developed by Sun Microsystems. 181 . • It reduces the load on servers by downloading work onto the client’s machine. • Java is platform independent.

• The sandbox prevents applets from performing file input or output and from deleting files. those that have not been proven to be secure. 182 . • All applets from a local file system are trusted and have full access to system resources.Java sandbox • To counter security problems. a special security model called the Java sandbox was created. • The Java sandbox confines Java applet actions to a set of rules defined by a security model. • These rules apply to all untrusted Java applets.

copying credit card numbers. • JavaScript programs must be explicitly run. recording the URLs of pages you visit. etc. Secure connections do not help. • For this reason it can invoke privacy and integrity attacks by destroying your disk. It does not operate under the sandbox model. 183 . • When you download embedded JavaScript code it executes on your machine.JavaScript • JavaScript is a scripting language developed by Netscape to enable Web page designers to build active content.

Shockwave • Once downloaded. • When embedded ActiveX controls are downloaded.ActiveX controls • ActiveX is an object that contains programs and properties that Web designers place on pages to perform certain tasks. they are run on the client machine. • ActiveX controls only run on Windows machines. ActiveX controls have access to system resources. 184 . • Examples: Flash. including the operating system.

185 . • Many plug-ins work by executing commands buried within the media they are displaying. Plug-ins: • A browser plug-in is a program that enhances the capabilities of the browser. They handle things like playing audio clips and displaying movies. • Code embedded into the graphic is a potential threat.Graphics and plug-ins Graphics: • Some graphics file formats have been designed to contain instructions on how the graphic is to be rendered.

Each browser handles this in a different way. One way to improve trust is through the use of digital certificates. The primary issue is trust of the site providing the active content. 186 .Protecting client computers The primary task in protecting a client machine is the monitoring of active content.

is an attachment to a Web page or e-mail message verifying the identity of the creator of the page/message. or digital ID. not of the validity of the page/code. Example: VeriSign • Identification requirements vary. • It identifies the author and has an expiration date. • A page or message with a certificate is signed. • Certificates are obtained from a Certificate Authority (CA) that issues them to an individual or an organization.Digital certificates • A digital certificate. • The certificate is only a guarantee of the identity of the author. 187 .

Security in Internet Explorer
• Provides content warnings • Reacts to ActiveX and Java-based content • Uses Microsoft Authenticode technology that: – Verifies who signed the code – Checks if the code has been modified since it was signed • If a publisher has not attached a code you can set the browser to not download the page. • It is up to you to designate which companies you trust using “zones”.

• When a page with a certificate is downloaded: – The certificate is detached – The identity of the CA is verified – The integrity of the program is checked • A list of trusted CAs is built into the browser along with their public keys. • Both the certificate and the key must match.


Security zones
• You can specify different security settings based on the origin of the information being downloaded. • There are four zones: – Internet: Anything not classified in another way – Local intranet: The internal network – Trusted sites – Restricted sites: Web sites you do not trust


Security levels
• High: Safer but less functional; less secure features are disabled; cookies are disabled. • Medium: Safe but functional browsing; prompts before downloading potentially unsafe content; unsigned ActiveX will not be downloaded. • Medium-low: Downloads everything with prompts; most content will be run without prompts; unsigned ActiveX will not be downloaded. • Low: Minimal safeguards; most content will be downloaded and run without prompts; all active content can be run.

Security settings
• The Custom Level button allows you to alter the defaults provided by a specific level. • All protections are a choice between running and not running active content. • No monitoring of code occurs during execution.


Netscape Navigator
• You can control whether active content (Java or Javascript) will be downloaded. • This is done using the Preferences dialog box. • On the Advanced tab you can specify what should be done for images, Java, JavaScript, style sheets, and cookies. • A message will be sent when Java or JavaScript is downloaded indicating whether the content is signed. A risk assessment is given.


Outline E-commerce security is best studied by examining the overall process. This analysis produces a three part structure: • Client security • Communication channel security • Server security 194 . beginning with the consumer and ending with the commerce server.

The DOD intended to encrypt all information moving in the network. • It is impossible to guarantee that every computer through which information passes is safe. integrity. and necessity threats. • The Internet remains in its insecure state. not secure communications. secure. and non-hostile. 195 .Communication channel threats • The Internet was designed for redundancy. • The possible security violations include secrecy.

Sniffer programs • E-mail transmissions can be compromised by the theft of sensitive or personal information. • This can capture: – Passwords – Credit card numbers – Proprietary corporate product information 196 . • Sniffer programs record information as it passes through a particular router.

• Cyber vandalism is the electronic defacing of an existing Web site’s page. • This occurs when an unauthorized party alters a message in a stream of information. 197 . • Masquerading or spoofing occurs when perpetrators substitute the address of their site for a legitimate site and then alter an order or other information before passing it along. This occurs when an individual replaces content on the site.Integrity threats • An integrity threat is also called active wiretapping.

• The most famous example of a denial attack is the Robert Morris Internet Worm attack. perpetrated in 1988. 198 .Necessity threats • Also known as delay or denial threats. the purpose is to disrupt or deny normal processing. • Slowing processing can render a service unusable.

• The study of encryption is called cryptography. The name comes from krupto (secret) and grafh (writing). 199 .Encryption • Since the Internet is inherently insecure. any secret information must be encrypted. • Encryption is the coding of information using a program and a key to produce a string of unintelligible characters. • Cryptography is not related to steganography.

• Cryptographic ciphers have a long history. • A cipher or cryptosystem is a technique or algorithm for encrypting messages. • Only the intended receivers should have the key that transforms the ciphertext into plaintext. 200 .Terminology • Unencrypted data is called plaintext. • Encrypted data is called ciphertext. • A key is a string of digits that acts as a password.

etc. “b” by “c”. • The two main types of ciphers were used: – Substitution cipher: Every occurrence of a given letter is replaced by a different one. uftujoh” – Transposition cipher: The ordering of the letters is shifted to form new words. Example: “a” by “b”. “Uftujoh. Example: Plaintext = example Ciphertext = eape xml 201 .Early cipher systems • Ciphers were used as far back as the ancient Egyptians. Text was encrypted by hand.

• Computer information is stored as binary strings. Example: 128-bit encryption systems. • Encryption and decryption keys are binary strings of a given key length.Modern cipher systems • Modern cryptosystems are digital. the algorithms are based on the individual bits of a message rather than letters of the alphabet. sequences of 0’s and 1’s. 202 .

203 . of the key used in the encryption procedure. The longer the key. in terms of bits. • The resistance of the encrypted message depends on the size. the more computing power and time it takes to break the code. Example: 128-bit encryption systems.Knowledge needed • Someone can know the details of an encryption algorithm and yet not be able to decipher an encrypted message without the key.

Types of cryptosystems There are two main types of cryptosystems: • Private-key cryptography Also known as symmetric or secret-key encryption. • Public-key cryptography Also known as asymmetric encryption. it uses a single key to both encrypt and decipher the message. it uses a public key to encrypt messages and a private key to decipher messages. 204 .

Private-key cryptography Suppose that Alice wishes to send Bob a message: • They exchange a secret key. • Alice encodes the message using the secret key. • What if both wish to communicate with Chris? 205 . Problems with this approach: • How do Alice and Bob exchange the secret key? • There is no authentication of the sender. • The ciphertext is sent to the Bob. • Bob decodes the message using the secret key.

206 .Key distribution center • A key distribution center shares a different key with each user in the network. the security of the entire network is at risk. • If Chris wants to communicate with Alice. improving security. they obtain a new session key. • They communicate using the session key. • When Alice and Bob want to communicate. • If the KDC is compromised. they obtain a session key from the KDC.

DES • Data Encryption Standard (DES) is a 56-bit private-key encryption algorithm developed by the NSA and IBM in the 1950s. • Cryptoanalysts no longer believe that 56-bit keys are secure. The current standard is to use Triple DES. three DES systems in a row. 207 . •Advanced Encryption Standard (AES). each with its own key.

• When someone wishes to communicate with Alice they use Alice’s public key to encode their message. it would require enormous computing power to deduce the private key from the public one. 208 . • Although the two keys are mathematically related.Public-key cryptography • Public-key cryptography uses two related keys. • The private key is kept secret by its owner. • The public key is freely distributed. Alice then uses her private key to decode the message.

the customer knows that only the merchant can decipher the message. Example: Merchant to customer – First encode using the customer’s public key. • Similarly if the customer sends a message using the customer’s private key. 209 . • Both together give two way authentication.Authentication • If a customer sends a message to a merchant using the merchant’s public key. the merchant can decipher it using the customer’s public key thus identifying the customer. – Use the merchant’s private key on the result.

and e-mail systems.RSA • The mostly commonly used public-key system is RSA (named for its inventors: Ron Rivest. • Invented in 1977 at MIT. Netscape Communicator. and Leonard Adleman). Apache Web Server. Adi Shamir. • Most secure e-commerce transactions on the Internet use RSA products. See the RSA security page. 210 . • RSA is built into many Web browsers. Examples: Internet Explorer. commerce servers.

See the MIT Distribution Center. • PGP is freely available for non-commercial use. • Used to encrypt e-mail messages and files.PGP • Another common public-key system is PGP (Pretty Good Privacy). 211 .

212 .Key agreement protocols • A drawback of public-key algorithms is that they are not efficient for sending large amounts of information. • Public-key algorithms can be used to exchange private keys. • The process by which two parties exchange keys over an insecure medium is a key agreement protocol. • The most common key agreement protocol is a digital envelope.

• Alice encrypts the secret key using Bob’s public key. • The secret key is encrypted using a public key. • He then uses that key to decipher the message. • Alice sends both to Bob. Example: • Alice encrypts a message using a secret key. • Bob decrypts the secret key using his private key. • Only the receiver can decipher the secret key.Digital envelopes The basic idea: • A message is encrypted using a secret key. 213 .

• A key generation algorithm that is unintentionally constructed to select keys from a small subset of all possible keys may allow a third party to crack the encryption. e. • Key generation algorithms must be random. the mishandling of private keys resulting in key theft. • An important part of management is the generation of keys.Key management • Most compromises in security result from poor key management. • The key length must be sufficiently long.g. 214 .

215 .509 • A digital Certificate is an identification document.Digital Certificate and X.

Digital Certificate and X.509 X.509 contains the following fields: 216 .

Digital Certificate System 217 .

Secure protocols • Secure sockets layer (SSL) The purpose is to secure connections between two computers. 218 . Developed by Netscape communications. Developed by CommerceNet. • Secure Hypertext Transfer Protocol (S-HTTP) The purpose is to send individual messages securely.

219 . • The server responds by sending its digital certificate to the client for authentication. • See Figure 6-17 on page 221. • Once the keys are established. • Using public-key cryptography.SSL • To begin. • All information exchanged is encoded. the client and server negotiate session keys to continue. the transaction proceeds using the session keys and digital certificates. a client sends a message to a server.

As a result it can secure many different types of communications: • FTP sessions • Telnet sessions • HTTP sessions: S-HTTP 220 .Types of communication SSL resides on top of TCP/IP in the Internet protocol suite.

market.SSL key length Secure Sockets Layer comes in two strengths: 2. 40-bit 3. The 40-bit version is available for export.S. 221 .S. 128-bit Both refer to the length of the session key generated by every encrypted transaction. but U. firms may only use the 128-bit version in products intended for the U.

Secure protocols • Secure sockets layer (SSL) The purpose is to secure connections between two computers. Developed by Netscape communications. 222 . Developed by CommerceNet. • Secure Hypertext Transfer Protocol (S-HTTP) The purpose is to send individual messages securely.

it does not protect information once it is stored in the merchant’s database. The data needs to be encrypted and/or the server secured to protect information that was previously transmitted. 223 .Limitation Although SSL protects information as it is being transmitted.

Example: The client may use private keys and the server may use public keys.Secure HTTP • Secure HTTP (S-HTTP) is an extension of HTTP. • Works at the application level. • Security features: – Client and server authentication (using RSA) – Symmetric encryption for communication – Message digests – The client and server may use separate S-HTTP techniques simultaneously. 224 . • It is concerned with securing individual messages.

Establishing contact • The details of S-HTTP security are conducted during the initial negotiation session. 225 . all subsequent messages are wrapped in a secure envelope. • Once the client and server have agreed to the security implementations that will be enforced between them. • Security details are specified in special packet headers that are exchanged.

or refused. • When a feature is required it must be used or the connection will be terminated. • Features: – Use of private-key encryption – Server authentication – Client authentication – Message integrity 226 .Security techniques • The client and server can specify that a security feature is required. optional.

but techniques can enable integrity violations to be detected. – The message digest is encrypted to produce a digital signature. • The basic idea: – A hashing algorithm is applied to produce a message digest. 227 .Transaction integrity • It is difficult to prevent integrity violations. information can then be re-sent.

integrity is violated. Problem: What if an adversary changes both the message and the message digest? 228 . • This produces a number that is based on the length and content of the message. • The message digest is appended to the message.Message digest • A hashing function is applied to the message. Good hash algorithms have few collisions. • The receiver recalculates the message digest. • If they two do not match.

229 . • For added security. and then appends the encrypted digest onto the message. • Only the sender could have created the digital signature. computes his own digest. If they match the integrity of the message was preserved. the digital signature and the message can be encrypted.Digital signature • The sender computes the digest. and compares the two. • The merchant deciphers the digest. encrypts it using her private key.

beginning with the consumer and ending with the commerce server.E-commerce security E-commerce security is best studied by examining the overall process. This analysis produces a three part structure: • Client security • Communication channel security • Server security 230 .

Server threats Server threats can be classified by the means used to obtain unauthorized access into the server: • The Web server and its software • Back-end programs and servers such as ones for a database • Common Gateway Interface (CGI) programs • Other utility programs residing on the server 231 .

including sensitive areas. – The highest one allows access to any part of the system. 232 .Security levels • Web servers running on most machines can be set to run at various privilege levels. – The lowest level provides a logical fence that prevents access to sensitive areas. • Setting up a Web server to run in high privilege mode can cause potential threats. – The rule is to use the lowest level needed to complete a given task.

• Because the Web server needs the information as it moves from page to page. it may place that in a cookie on the client’s machine. 233 . • The server must be careful not to request that the cookie be transmitted unprotected.Entering passwords • Web servers that require usernames and passwords can compromise security by revealing them.

234 . • Administrators often run programs that attempt to guess users’ passwords as a preventative measure. • Users who choose passwords badly also pose a threat to Web server security. are poor choices. child or pet names. • If these files are compromised then the system can be attacked by people masquerading as others. such as birth dates. Passwords that are easily guessed.Username/password pairs • Web servers may keep files with username/password pairs to use for authentication.

• During an attack. information may be moved to a less protected level of the database.Database threats • Because databases hold valuable information. • Databases that fail to store usernames/passwords in a secure manner or fail to enforce privileges can be compromised. 235 . • Security features rely on usernames/passwords. giving full access. attacks on them are particularly troubling. • Security is enforced using privileges.

• CGI scripts can reside anywhere and are difficult to track.CGI threats • CGI implements the transfer of information from a Web server to another program. • Defective or malicious CGI scripts can access or destroy sensitive information. 236 . CGI scripts can be set to run unconstrained (with high privilege). • Like Web servers. • Old CGI scripts that have been replaced can be loopholes for access into the system.

can result in: – A computer crash – Instructions for an attacking program being written into the return address save area causing it to be run by the Web server CPU 237 . • Buffer overflows. either from a buggy program or as part of a deliberate attack.Buffer overflows • A buffer is an area of memory set aside to hold data read from a file or database. • Buffers are necessary because I/O operations are much slower than CPU operations.

includes both users and other servers. • Firewalls Inside: Network and machines protected by the firewall. 238 .Securing the server • Access control and authentication Controlling who and what has access to the server. Outside: All other networks.

• Usernames/passwords – Usernames are stored as clear text – Passwords are stored as encrypted text – A password entered is encrypted and compared against the encrypted password. 239 . • An access control list gives the users that can access certain files and folders in the system. and execute permissions may be set separately. write.Access control • Authentication via digital certificates and signatures. Read.

• Unnecessary software should be stripped off. • Trusted networks are inside.Firewalls • All traffic from the outside must pass through it. 240 . • Only authorized traffic is allowed to pass. • Operates at the application layer. untrusted ones outside. • The firewall should be immune to attack. • The same policies should apply to all firewalls. • Can be used to separate divisions of a company.

Also used as a cache for Web pages. Example: Incoming FTP requests granted but outgoing requests denied. • Proxy servers Communicate with the Internet on behalf of the private network. • Gateway servers Filter traffic according to the application requested. 241 .Types of firewalls • Packet filters Filters traffic according to source and destination (IP address) based on a set of rules.

DAY 5 242 .

An electronic funds transfer system 6. Secure Electronic Transaction (SET) Protocol for implementing Credit card. An Electronic cash system 243 . Check and Credit/Debit ( Fund transfer) 3. An electronic check system for supporting check payment 5.Electronic Payment System Four Types of Payment Methods: Cash . 4. Credit Card .

Features of Payment Methods 1. Security 3. Overhead Cost 4. Transferability 5. Acceptability 4C Payments Methods 244 . Anonymity 2. Divisibility 6.

Secure Electronic Transaction Must satisfying the following security requirements in context of credit card payment: Confidentiality Integrity Authentication 245 .

Network Architecture of SET System 1. Acquirer 5. Cardholder 3. Merchant 2. Payment Gateway 246 . Issuer 4.

Set Digital Certificate System 247 .

PI .Dual Signature Generation and Verification OI – Order Information .Payment system 248 .

Digital Envelope 249 .

Purchase Request 3.SET Protocol 1. Purchase Initiation 2. Payment Capture 250 . Payment Authorization 4.

SET Protocol 251 .

and promotion . sales.Marketing.

neighbors. • Physical world: Create a store. 253 . suppliers. warehouse or office building and/or engage in advertising.Building a presence • An organization’s presence is the public image it conveys to its stakeholders. and/or engage in advertising. factory. stockholders. and the general public. employees. • On the Web: Create a site. which may be the only point of contact for stakeholders. • The stakeholders include customers.

Web presence goals • Attracting visitors to the site • Making the site sticky so that visitors stay • Convincing visitors to follow the site’s links to obtain information • Creating an image consistent with the desired image of the organization • Reinforcing positive images that the visitor may already have about the organization 254 .

Examples • Commercial organizations – Toyota – Metra • Museums – Art Institute – Field Museum – Museum of Science and Industry 255 .

Elements of a Web site • History. mission statement • Information about products or services • Financial information • A way to communicate with the organization + Usability matters + Communication should be two-way + Failure will result in a loss of competitiveness How can the design of the site be done effectively? 256 . statement of objectives.

Purposes for visiting a site • Learning about products and services • Buying products and services • Obtaining information about warranties or service for previously purchased products • Gaining general information about the organization • Obtaining information for the purposes of investing or granting credit • Identifying the people who manage the organization • Obtaining contact information for an individual 257 .

Difficulties in delivering content • Varying visitor needs • Differing experience levels • Technological issues – Data transmission speeds – Web browsers – Plug-in software 258 .

twoway communication • Sustain visitor attention without detracting from the purpose and image of the site • Find ways to encourage return visits 259 . responsive.Strategies • Convey an integrated image • Provide easily accessible facts both about the firm and any products or services it may offer • Allow visitors to experience the site in a variety of ways and at different levels • Provide meaningful. reliable.

Usability • Design the site around how visitors will navigate the site. not around the organization’s structure • Allow quick access to the site’s information • Avoid using inflated marketing statements • Avoid using business jargon • Allow visitors with older browsers and slower connections to access the site -.this may mean building several versions of the site • Be consistent in the use of design features and colors 260 .

Usability • Make sure that navigation controls are clearly labeled or otherwise recognizable • Test text visibility on smaller monitors • Check that color combinations do not impair viewing clarity for the colorblind Positive examples: Webby Awards (See the Monterey Bay Aquarium) Negative examples: Mud Brick Awards 261 .

Finding and reaching customers • Personal contact/prospecting Employees individually search for. • Mass media approach Advertising and promotional material is created and then distributed via: – Television or radio – Newspapers or magazines – Highway billboards – Mailings 262 . qualify. and contact potential customers.

– Trust building is important.Types of interactions • One-to-many – Mass media – Seller sends out carefully produced messages to a large audience. buyer is passive. • One-to-one – Personal contact – Salesperson interacts with customer directly. 263 . – Seller is active. – Both seller and buyer participate actively.

The Web • Many-to-one Many active potential customers seek out information from resources produced by the seller. fan sites • One-to-one E-mail contact with a seller • Many-to-many Newsgroups and interactive Web sites • Primary characteristic: The buyer is active and controls the length. depth. and scope of the search. Example: Book review sites. 264 .

• Money spent on mass media is in dollars per each thousand people in the estimated audience. • This pricing metric is called cost per thousand and is often abbreviated CPM. circulation. or number of addresses. 265 .Effectiveness of mass media • Mass media efforts are measured by estimates of audience size.

one approach was to divide a pool of potential customers into segments. but more cost effective on the Web.Micromarketing As mass media lost its effectiveness (new and improved!). Targeting very small market segments is called micromarketing. 266 . Micromarketing is expensive using traditional means. This is called market segmentation.

• One CPM for banner ads is 1000 impressions. • A trial visit is the first one. 267 . • If a visitor clicks a banner. it is a click-through. • An impression refers to each banner ad load. • Each page loaded is a page view. • If the page contains an ad it is an ad view.Web-specific measures • A visit occurs when a visitor requests a page. Immediate downloads of new pages are often counted as part of the same visit. subsequent ones are called repeat visits. • Charges range from $1 to $100 CPM.

Comparisons The Web has: • Better effectiveness than mass media • More trust than mass media • Lower cost than personal contact • Less trust than personal contact It is believed that a move toward the side of personal contact is more effective. • Increase the trust level • Increase the personalization 268 .

behavior and buying patterns and uses that information to: • set prices • negotiate terms • tailor promotions • add product features • customize its relationship with the customer.Technology and marketing Technology-enabled relationship management is when a firm obtains detailed information about customer preferences. needs. 269 .

and other desired qualities to potential customers. • The key elements of branding are: – Differentiation – Relevance – Perceived value • This makes branding for commodity products like salt or plywood more difficult.Branding • A known and respected brand presents a powerful statement about quality. value. 270 . • Branded elements are easier to promote.

Differentiation A characteristic that sets the product apart from similar products. Examples: • Ivory soap: “It floats” • Dove soap: “1/4 moisturizing creme” • Palmolive dish soap: “Mild on your hands” • Dawn dish soap: “Takes grease out of your way” • Antibacterial soaps 271 .

The customer must be able to see themselves purchasing and using the product. Examples: • Cadillac • Hyundai • Minivans 272 .Relevance The degree to which the product offer utility to a potential customer.

Example: Subway sandwich ads comparing fat values of their product to those found in BigMacs. Products can be different than others and people can see themselves using it.Perceived value The product must have some identified value. 273 . but it may not have values that they desire.

On the Web it is easy to click away from emotional appeals. and print media since the viewer is a passive recipient of information.Emotional branding Ted Leonhardt: “Brand is an emotional shortcut between a company and its customer” Emotional appeals work well on television. billboards. 274 . radio.

Examples: • Free e-mail services such as HotMail • Free Web hosting such as HyperMart • ShopSmart! program from Mastercard 275 . Functional assistance replaces emotional appeals.Rational branding Rational branding offers to help Web users in some way in exchange for their viewing an ad.

Other branding strategies • Leverage success in one area into another area. Example: Amazon. reviews or other information about a product on one site are linked to pages on another site allowing you to purchase that item.com • Serving as a market intermediary between buyers and sellers. Example: Wedding Channel 276 . Example: Yahoo! • Affiliate marketing: Descriptions.

much of it on traditional advertising.Costs of branding • Transferring existing brands to the Web or using the Web to maintain an existing brand is easier and less expensive than creating a new brand. Example: In 1998 Amazon. 277 .com spent $70 million. Example: Catalog sales companies • Attempting to create a brand on the Web may involve spending on traditional mass media such as television. and radio. print.com spent $133 million and BarnesandNoble.

Business models for the Web • Selling goods and services Based on the mail order catalog business • Selling information or other digital content Can be used to expand markets and cut costs • Advertising supported Used by American network television • Advertising-subscription mixed Supported via both fees and advertising • Fee-for-transaction The use of information filtering for profit 278 .

(Why?) • Fabric swatches are usually available. • Customers may purchase via phone. computers. electronics. (Why?) • Examples: – Dell computers: Flexibility – Lands’ End: Overstocks – FTD Florists: Traditional advertising – Buy. • The printed catalog is replaced or supplemented by information on the Web site. and gifts.com: Discounting 279 .Selling goods and services • Used for apparel.

Selling digital content The Web is an efficient means for selling information. • Legal research: Lexis Publishing • Digital copies of documents: ProQuest • Electronic versions of journals: ACM Digital Library • Adult entertainment • Reference materials: Encyclopedia Britannica 280 .

number of unique visitors. One success: Employment advertising 281 .Advertising supported The success of Web advertising has been hampered by two major problems: • There is no consensus on how to measure and charge for site visitor views. number of click-throughs. Examples: Number of visitors. • Very few Web sites have sufficient number of hits to interest large advertisers. Targeted advertising requires that demographics be collected. a sensitive privacy issue.

Advertising-subscription mixed • Subscribers are subject to less advertising and have greater access to the resources of the site. • Examples – The New York Times – The Wall Street Journal – Reuters – ESPN 282 . • Popular with online newspapers.

Fee-for-transaction • Value-added services are sold in exchange for a commission. • Travel agencies – Travelocity – Expedia • Automobile sales – Autobytel: An example of disintermediation • Stockbrokers • Insurance companies 283 .

284 .

ethical.International. and legal issues .

Outline • International issues – Language – Culture – Infrastructure • Ethical issues – Defamation – Privacy rights • Legal issues – Borders and jurisdiction – Jurisdiction on the Internet – Taxation and e-commerce – Contracting – Web site content 286 .

• International companies must work to build trust with customers.International e-commerce • E-commerce is by its nature international. that is. • Trust can be built by sharing a culture. a combination of language and customs. • The barriers to international e-commerce include: – Language – Culture – Infrastructure 287 .

even if they understand English. 60% of Web use and 40% of e-commerce sales will involve at least one party outside the U.S. • Estimates are that by the end of this year. • Customers are more likely to buy products and services from Web sites in their own language.Language issues • A first step in reaching international customers is to conduct business in their native language. 288 .

.S. • Some dialect differences are in spoken inflection. grey in U. French.Common languages • Most common non-English languages for U.K. Japanese. and Swedish. • Many languages involve different dialects such as Spanish in Mexico vs. • Word meanings and spellings can vary between dialects. 289 . Russian. German. Example: Gray in U. • Second tier of languages: Italian. companies: Spanish. Spain vs. Portuguese. Argentina. Korean. Chinese.S.

Multiple language sites • Not every page on a site will be translated into multiple languages. • Pages that may be kept in multiple languages: – Home page – Marketing and branding pages – Product information pages • Pages that may be kept in a single language: – Local news – Employment opportunities 290 .

Handling language displays There are several ways to ensure that customers will see the language appropriate for them. (Why?) 291 . • Create different versions of the site and place links on the page directing visitors. • Use the information about the default language of the browser to direct visitors to pages. Examples: Dell Computers. Hyundai The links need to be clearly labeled. Country flags are not a good choice.

Example: Idiom Technologies • Completely automated translation software.50/word) • Use software that automates the translation and maintenance of the pages.25 – 0. Human translators do 400-600 words an hour.000 words an hour. Can translate up to 40.Translation/localization • Hire a Web page translation service – Translate the pages – Maintain them for a fee ($0. 292 .

“Come alive” became “Brings your ancestors back from their graves”.Culture issues Errors can stem from language and culture standards. Packaging is important part of a quality product. • Baby food with a picture of a baby did not sell well in parts of Africa where food containers always carry a picture of their contents. • Complaints from Japanese customers to wine. • Pepsi’s campaign in China failed.com. 293 . • Chevrolet Nova did not sell in Latin America.

• A Web page divided into four parts or that uses the color white in Japan. 294 .Labeling issues Labeling issues are particularly troublesome: • Inappropriate use of the image of a cow in India. • Uncovered legs or arms in a Muslim country. where the number 4 and white represents death.

Yahoo! Japan. and Tohan to sell books and CDs on the Web. adding an intermediary helped gain customers.Ways of doing business • Japanese customers prefer to pay using cash or cash transfer instead of credit cards. – Order items on Internet – Pick them up and pay at 7-Eleven • In this case. • Softbank created a joint venture with 7-Eleven. 295 .

• Denial of access to citizens • Restriction of citizens’ access • Addition of taxes that place it out of reach The information provided on the Internet may be seen as objectionable or threatening to the culture or traditions of the country.Internet access Some parts of the world have environments that are inhospitable to e-commerce. 296 .

A U. in English only are not allowed. Web pages marketed at the U. • In France all advertisements for products must be in French. and advertising created by Quebec businesses to be in French.S. 297 .S. directories. billboards. • Quebec provincial law requires street signs. company that ships to France must provide pages in French.Culture and the law Some countries have strong cultural requirements that have found their way into the legal codes.

• Local connection costs may be much higher than in the U. resulting in different behavior by Internet users. • The paperwork needed for international transactions can be prohibitive. 298 . the telecommunication systems are government-owned or heavily regulated. page 347.Infrastructure issues • In many countries.S. See Figure 11-2.. • Regulations in some places have restricted the development to a point that Internet data packet traffic cannot be handled reliably.

Defamation 9.Ethical issues Not adhering to common ethical standards can result in a degradation of trust on the part of customers. Example: Amazon. Privacy rights 299 .com and publishers Two areas of concern: 8.

A statement injuring the reputation of a product or service is called product disparagement. The line between justifiable criticism and defamation can be hard to determine. 300 .Defamation A defamatory statement is one that is false and injures the reputation of another person or company.

• The FTC issued a report that concluded Web sites were developing privacy practices with sufficient speed. 301 . • Privacy assumptions vary between cultures.Privacy rights • Privacy issues remain unsettled and are hotly debated in many forums. • Responses from privacy advocacy groups were in sharp disagreement.

• Give customers the right to delete any of the data collected about them. • Do not share customer data with outsiders without the customer’s permission.Some principles • Use the data collected to improve service. • Tell customers what data is being collected and what you are doing with it. 302 .

Categories of issues: • Borders and jurisdiction • Jurisdiction on the Internet • Contracting and contract enforcement • Web site content 303 .The legal environment Legal issues regarding e-commerce have only begun to be addressed.

Effects 3.  Territorial borders in the physical world serve as notice that culture and laws may be changing.Borders and jurisdiction  Culture affects both laws and ethical standards. Notice 304 . Power 2. Legitimacy 4.  The relationship between geographic boundaries and legal boundaries deals with four elements: 1.

305 .Power • Some of the defining characteristics of a sovereign government are control over: – A physical space – Objects that reside in that space – People who reside in that space • The ability of a government to exert control over a person or corporation is called jurisdiction. • Laws in the physical world do not apply to people who are not located in or own assets in the area that created those laws.

• Example: Trademark enforcement Two restaurants with the same name.Effects • Laws in the physical world are based on the relationship between physical proximity and the effects of a person’s behavior. one in Chicago and one in France. • Actions have a stronger hold on things nearby. 306 .

• Some cultures allow their governments a high degree of autonomy and authority. Example: Scandinavian countries 307 . Example: China and Singapore • Other cultures place severe restrictions on the authority of the government.Legitimacy • The right to create laws and enforce laws derives from the mandate of those who will be subject to those laws.

Notice • Physical boundaries are an effective way to announce the ending of one legal or cultural system and the beginning of another. • The perception that the laws and norms have changed is needed to allow people to adjust. • Borders provide this notice. 308 .

money). 309 .Jurisdiction on the Internet • Determining who has jurisdiction can be difficult. • A tort is an action taken by a legal entity that causes harm to another legal entity. hosted by a Canadian site. Example: Mexican customer dealing with a firm from Sweden. services. • A contract is an agreement between two or more legal entities that provides for an exchange of value (goods. and maintained by a programmer from India.

• A court has sufficient jurisdiction in a matter if it has both: – Subject matter jurisdiction – Personal jurisdiction.Sufficient jurisdiction • If a person or organization wants to enforce their rights under contracts or seek tort damages. 310 . they must find courts that have sufficient jurisdiction.

copyright.Subject-matter jurisdiction Subject-matter jurisdiction is a court’s authority to decide the type of dispute. state taxes) The rules are easy to apply for subject-matter. patent. 311 . federal taxes) • State courts deal with issues governed by states (Professional licensing. In the United States: • Federal courts preside over federal law (Bankruptcy.

• A court has jurisdiction if the defendant resides in the state in which the court is located. • An out-of-state person can submit to a court’s jurisdiction by signing a contract that includes a statement that the contract will be enforced according to the laws of a particular state.Personal jurisdiction • Personal jurisdiction is. 312 . in general. determined by the residence of the parties in question.

the more likely a court will be to use a long-arm statute. these laws are not clear with respect to e-commerce. • The more business conducted.Long-arm statutes • States can enact statutes that create personal jurisdiction over nonresidents conducting business or committing tortious acts in the state. • Courts are also assert jurisdiction when a crime or intentional tort has occurred. • In many cases. 313 .

S. • Jurisdictional issues are complex and changing. courts in the same way as long-arm statues. personal jurisdiction for foreign firms and persons is determined by U. • Businesses should consult an attorney for advice. 314 . • In general.International issues • The exercise of jurisdiction across national borders is governed by treaties between the countries.

315 . • Nexus is similar to personal jurisdiction. • Online companies may be subject to multiple tax laws from day one.Taxation and e-commerce • A government acquires the power to tax a business when the business establishes a connection with the area controlled by the government. This connection is called nexus. • Determining nexus can be difficult when a company conducts only a few activities in a state.

Types of taxes A online business is potentially subject to several types of taxes: • Income taxes: Levied by national. 316 . • Property taxes: Levied on the personal property and real estate used in the business. state. use taxes. and customs duties. Income and transaction taxes are most important. • Transaction taxes: Includes sales taxes. and local governments on the net income generated by business activities.

company must also pay federal income tax on income generated outside the U. federal income tax.S. • A Web site maintained by a U.S. 317 .S.S.Federal income taxes • In the U.S. any increase in a company’s wealth is subject to federal taxation.-based Web site generates income is subject to U. (The law provides a tax credit for taxes paid to foreign countries). • Any company whose U..

318 .State and local income taxes • Companies that do business in multiple local jurisdictions must apportion their income and file tax returns in each locality that levies an income tax. • Companies can accept orders and ship from one state to many other states and avoid nexus by using a contract carrier such as FedEx or UPS to deliver goods to customers. • The number of taxing authorities is over 30.000 in the United States.

Sales taxes • Businesses that establish nexus with a state must file sales tax returns and remit the sales tax they collect from their customers. • There are 7500 U. . Example: In NY large marshmallows are taxable since they are snacks but small ones are not since 319 they are food. it is not required to collect sales tax from those customers unless the business has established nexus with the customer’s state. • If a business ships to customers in other states.S. sales tax jurisdictions and the rules about which items are taxable differ.

• An offer is a declaration of willingness to buy or sell a product or service with enough details to be firm.Contracting • Any contract includes an offer and an acceptance. • An acceptance is the expression of willingness to take an offer. • When one party makes an offer that is accepted. and unambiguous. 320 . a contract is created. including all of its stated terms. precise.

• Some examples of legally binding acceptances in the physical world: – Mailing a check – Shipping goods – Shaking hands – Taking an item off a shelf – Opening a wrapped package 321 .Contracting on the Web • A seller advertising on the Web is not making an offer but inviting offers from potential buyers. the seller accepts and a contract is made. • When the buyer submits an order.

S. written contracts must be used for goods worth more than $500 and contracts requiring actions that cannot be completed with a year.Written contracts • In the U. • Things that constitute a signature: – Faxes – Typed names – Printed names – Digital signatures 322 .

323 . • Sellers can use a warranty disclaimer to avoid some implied warranties. • Statements in promotional material may create an implied warranty. • Sellers can create explicit warranties.Warranties • Any contract for sale includes implied warranties. It must be clearly displayed.

These include: • Trademark infringement • Deceptive trade practices • Regulation of advertising claims • Defamation 324 .Web site content Legal issues can arise relating to the Web page content of an e-commerce site.

• Example: A picture of a company (other than Pepsi) president holding a can of Pepsi.Trademark infringement • Web designers must be careful not to use any trademarked name. 325 . • Manipulating trademarked images and placing them on a site can cause problems. logo. or other identifying mark without the written consent of the trademark owner.

logo. or other identifying characteristic that causes confusion in the customer’s mind. 326 . • Trademark dilution is the reduction of the distinctive quality of a trademark by alternate uses.Deceptive trade practices • Web sites that include links to other sites must be careful not to imply a relationship with the company if there is none. • A firm cannot use a similar name.

Thanks and Good Bye 327 .

Sign up to vote on this title
UsefulNot useful