A Presentation on E-Commerce
BY: N. Badal, KNIT, Sultanpur
Introduction To the Course
Course gives a survey of the key technological elements of e-commerce. Focus on the technical aspects : it discusses how to build different parts of an e-commerce system and integrate into a full system. Covers key underlying technologies of e-commerce including web system and web protocol web programming using java servlets. Also covers some business strategies essential to e-commerce.
Topic to be Covered
• • • • • • • • • • • Introduction to electronic commerce The Internet and the Web : Infrastructure for electronic commerce Web-based tools for electronic commerce Electronic commerce Software Security threats to electronic commerce , Implementing security for electronic commerce Electronic payment systems Strategies for marketing, sales and promotion Strategies for purchasing and support activities Strategies for web auctions, virtual communities and web portals The environment of electronic commerce: international, legal, ethical and tax issues Business plans for implementing electronic commerce Practical implementation of an electronic commerce site. E.g. 3 VBS
A Quick Survey
Which of the following have you done? • Used e-mail • Browsed the Web • Bought a product on the Web (what?) • Created a web page using an authoring tool • Written some HTML NOT teach you HTML ASP,JAVA SCRIPT, JAVA SERVLETS.
• To many people the term electronic commerce, often shortened to e-commerce, is equivalent to shopping on the web. • The term electronic business is sometimes used to capture the broader notion of e-commerce. • In this course, we will use e-commerce in its broadest sense. It encompasses both web shopping and other business conducted electronically.
E-commerce is not New
• Banks have used electronic funds transfers (EFTs), also called wire transfers, for decades. • Businesses have been engaging in electronic data interchange for years. EDI occurs when one business transmits computer readable data in a standard format to another business.
mailing. the businesses could save money on printing. • By sending the information electronically in a standard format.
. and re-entry of data.Electronic Data Interchange
• In the 1960s businesses realized that many of the documents they exchanged related to the shipping of goods and contained the same set of information for each transaction. • Electronic transfer of data also introduces fewer errors than manual transfer.
we can consider how technology can improve them.
. • Once we have identified what activities are involved in traditional commerce.Technology and Commerce
• In order to understand how technology can aid commerce we need to understand traditional commerce. • Note that technology does not always improve commerce.
. Instead of performing all services and producing all goods independently. • Commerce is based on the specialization of skills. • Commerce Is a basic economic activity involving trading or buying and selling of goods. • Example: Customer enters a bookshop …. people rely on each other for the goods and services they need.Origins of Commerce
• The origins of traditional commerce predate recorded history.
Business Focused E-Commerce
Consumer focused E-Commerce
• Although money has replaced bartering. the basic mechanics of commerce remain the same: one member of society creates something of value that another member of society desires. • Commerce is a negotiated exchange of valuable objects or services between at least two parties and includes all activities that each of the parties undertakes the complete the transaction.
.Views of Commerce
Commerce can be viewed from at least two different perspectives: 1. The buyer’s viewpoint 2. called business processes. The seller’s viewpoint Both perspectives will illustrate that commerce involves a number of distinct activities.
inspection. Negotiate a purchase transaction including delivery logistics. commerce involves the following activities: 3. Identify a specific need 4. Search for products or services that will satisfy the specific need 5. Perform/obtain maintenance if necessary
. and acceptance 7. Make payment 13 8. testing. Select a vendor 6.The Buyer’s Perspective
From the buyer’s perspective.
The Seller’s Perspective
From the sellers’ perspective. testing. Create a product or service to meet those needs 5. Provide after sales support and maintenance 14
. and acceptance 7. commerce involves the following activities: 3. Advertise and promote the product or service 6. Conduct market research to identify customer needs 4. Receive and process customer payments 9. Negotiate a sales transaction including delivery logistics. Ship goods and invoice the customer 8. inspection.
Examples include: • Transferring funds • Placing orders • Sending invoices • Shipping goods to customers
Business processes are the activities involved in conducting commerce.
We will define e-commerce as the use of electronic data transmission to implement or enhance any business activity. Example : A buyer sends an electronic purchase order to a seller. electronic transmission can save both time and money. When used appropriately.
. The seller then sends an electronic invoice back to the buyer.
Or E-commerce is about the sale and purchase of goods or services by electronic means over the internet. including text.
. sound and visual images. including both organizations and individuals.E-Commerce
• Electronic commerce "refers generally to all forms of transactions relating to commercial activities. that are based upon the processing and transmission of digitized data.
. searching.Impact of E-Commerce
E-commerce is changing the way traditional commerce is conducted: • Technology can help throughout the process including promotion. selecting. negotiating. and support.
A> Technical Infrastructure ( Internet and WWW) B> Secure messaging service ( EDI) C> Supporting Services. services and systems( E-Retailing) E> Electronic Marketplace ( On Line auction)
. An Infrastructure Layer 2. D> Commercial Products .Layer Model
1. A Products / Structures Layer Further divided into Functional layer.Three. A service Layer 3.
. a product or service that has become standardized. that is.Well-suited for E-Commerce
Business processes that are well-suited for electronic commerce: • Sale/purchase of new books and CDs • Online delivery of software • Advertising and promotion of travel services • Online tracking of shipments The business processes that are especially well-suited to e-commerce include commodity items.
Best for traditional commerce
Business processes that are well-suited to traditional commerce: • Sale/purchase of high fashion clothing (Any possible exceptions?) • Sale/purchase of perishable food products • Small-denomination transactions (Future?) • Sale of expensive jewelry and antiques In general. or otherwise closely examine are difficult to sell using 21 e-commerce.
. products that buyers prefer to touch. smell.
etc. plates.Questionable cases
Would e-commerce or traditional commerce work best for the following activities? • • • • Sale/purchase of rare books Browsing through new books Sale/purchase of shoes Sale/purchase of collectibles (trading cards.)
Combinations of both
Some business processes can be handled well using a combination of electronic and traditional methods: • Sale/purchase of automobiles • Online banking • Roommate-matching services • Sale/purchase of investment/insurance products In this course we will discuss the issue of evaluating the advantages and disadvantages of e-commerce. Let’s consider a few examples now.
B2C e.g eBay
.g TPN C2B e. Amazon C2C e.Different Type of E-Commerce
Business (Organization) Consumer (Individual)
Business (Organization) Consumer (Individual)
Advantages of E-Commerce
For the seller: • Increases sales/decreases cost • Makes promotion easier for smaller firms • Can be used to reach narrow market segments For the buyer: • Makes it easier to obtain competitive bids • Provides a wider range of choices • Provides an easy way to customize the level of detail in the information obtained
etc. paychecks.) cost less to issue and are more secure • Can make products and services available in remote areas • Enables people to work from home.Advantages of E-Commerce II
In general: • Increases the speed and accuracy with which businesses can exchange information • Electronic payments (tax refunds. providing scheduling flexibility
.Advantages of E-Commerce III
Profit = Revenue .Cost
Hence E-Commerce is attractive because it can raise profit by increasing revenue while decreasing cost.
Disadvantages of E-Commerce
• Some business processes are not suited to e-commerce.g. online grocers) • Costs and returns on e-commerce can be difficult to quantify and estimate • Cultural impediments: People are reluctant to change in order to integrate new technology • The legal environment is uncertain: Courts and 28 legislators are trying to catch up
. even with improvements in technology • Many products and services require a critical mass of potential buyers (e.
. • Myth 2: The successful implementation of an ecommerce system relies on web Programmers • Myth 3 : E-commerce is about translating the traditional business model into an electronic business model .MYTHS About E-Commerce
• Myth 1 : E-Commerce is about developing web pages.
Backend System : provides the necessary information to complete a transaction. Client side :.Technical Model for An ECommerce System
1.Customer interface. 2.
. Service system : Handle the business Logic 3.
• Check out the difference between different type of E-commence sites on the Internet.Questions
• Identify the business that are not suitable for Ecommerce.
g Amazon. Books are listed under different sections for ease of searching.Different Type of E-Commerce
• Business to Consumer (B2C) : The seller is business organization whereas buyer is a consumer .g Electronic stores are set up on internet to sell goods to the consumer. choose book put in shopping cart after shopping-> check out the books and pay by the credits cards
. E. Note : Business drives the specification of the product and customer chooses whether or not to buy a product.com is one of the most well known e-commerce site and an example of B2C e-commerce. e.
-> Interested suppliers bid for the request buyer and suppliers negotiate the bids finally buyer selects the best bid and completes the purchase. www.Different Type of E-Commerce
• Business to Business ( B2B) : Both the buyer and seller are the business organization .com is an internet based trading network for buyers and sellers to carry out B2B e-Commerce on the Internet.e buyer submits a request to the system and then respective sellers respond to the request.
.tpn. i.geis. Note : It is buyer driven rather than seller driven.
. books .eBay.com provides the world’s largest online trading service by means of online auctions. etc. www.g.Different Type of E-Commerce
• Consumer to Consumer (C2C) : In this case both the seller and buyer are consumers. • Buying and selling of a wide ranges of items . On line auctions provide an effective means for supporting C2C e-commerce. • > 29 Millions members. • E. stamps.
Different Type of E-Commerce
• Consumer to Business (C2B) : In this consumer specifies the requirements to a business . • Also known as demand collection system. which provides a product that meets these requirements. • www.com
The Internet and the WWW
• For detailed information about the history of the Internet. through e-mail and the World Wide Web. • Millions of people visit and contribute to the Internet. • Began as a Department of Defense project. • Includes more than 31. see:
http://dir.What is the Internet?
• A loosely configured global wide-area network.000 different networks in over 100 different countries.yahoo.com/Computers_and_internet/Internet/History/
SRI International.Early history of the Internet
• In the 1950s the U. and the University of Utah.S. the University of California at Santa Barbara.
. Department of Defense became concerned that a nuclear attack could disable its computing (and thus planning and coordinating) capabilities. • By 1969 the Advanced Research Projects Agency Network (ARPANet) had been constructed. • The first computers to be connected were ones at the University of California at Los Angeles.
These new applications included the following: • Electronic mail • File transfer protocol • Telnet • User’s News Network (Usenet)
. beyond its original purpose of controlling weapons systems.The changing Internet
Early on researchers began to find new uses for the Internet.
E-mail was quickly adopted by Internet users.The new uses
• In 1972 a researcher wrote a program that could send and receive messages over the Internet. We will discuss them again later. • All three of these applications are still widely used. • Telnet allows users of the Internet to log into their computer accounts from remote sites.
. • File transfer protocol (FTP) allowed researchers using the Internet to transfer files easily across great distances.
. • Usenet survives today in what are called newsgroups.Usenet
• In 1979 a group of students and programmers at Duke and the University of North Carolina started Usenet. short for User News Network. • Usenet allows anyone who connects to the network to read and post articles on a variety of subjects.
cats – comp.penpals The first part of the name of each group tells you what type of group it is and the remaining parts indicate the subject matter.climbing – soc. Examples: – alt.databases – rec.
There are several thousand newsgroups covering a highly varied groups of subjects.
rn. As an example. etc.Accessing newsgroups
Newsgroups can be accessed in two ways: 2.com/usenet/
. Using a browser on the Web.deja. Using special software (trn. DejaNews is a web site that allows access to a variety of newsgroups as well as providing an archive of old postings to the group. See http://www.) 3.
.Early use of the Internet
• From 1969 until the 1980s the Internet was used primarily by government and university researchers. and affordable in the 1980s. companies created their own networks. These users wanted to be able to communicate outside the network. • As personal computers became more powerful. • The development of the Internet was funded in part by the National Science Foundation (NSF) and commercial network traffic was prohibited.
• These connections allowed an exchange of e-mail between users of the commercial services and users of the Internet. • In 1991 the NSF further eased its restrictions on Internet commercial activity and began planning for the privatization of the Internet.Commercial use of the Internet
• In 1989 the NSF allowed two commercial e-mail services (MCI Mail and CompuServe) to establish limited connections to the Internet.
At that point the NSF decommissioned its backbone. each operated by a separate company.Privatization
• The privatization of the Internet was substantially completed in 1995.
. • The network access providers sell Internet access rights directly to larger customers and indirectly to smaller customers through other companies called Internet service providers (ISPs). • The new structure of the Internet was based on four network access points (NAPs).
• As the 1990s began. a larger variety of people thought of the Internet as a useful resource.
. • The Internet grew significantly in 20 years. Year # of computers 1969 4 1990 313.000 • The largest growth in the Internet was yet to come.A growing Internet
• Researchers had long considered the Internet a valuable tool.
and research results on microfilm.
. Vannevar Bush wrote an article that proposed a machine (called the Memex) to store a person’s books.A prehistory of the Web
• In 1945. • In the 1960s. Ted Nelson described a similar system in which text on one page would have links to text on other pages. The Memex would have an index to help locate documents. records. • Douglas Englebart (inventor of the mouse) created 49 the first experimental hypertext system. letters. Nelson called this page linking system hypertext.
CERN and hypertext
• In 1990. Tim Berners-Lee and Robert Calliau were working on overhauling the document handling procedures at CERN. but its scientists wanted to find better ways to circulate their scientific papers and data. Switzerland. a laboratory for particle particle physics in Geneva.
. Berners-Lee and Calliau proposed a hypertext development project. • Independently. • CERN had been connected to the Internet for two years.
. • He envisioned the set of links between computers as a spider web. • The CERN site is considered the birthplace of the World Wide Web. The CERN site: http://cern. hence the name Web.The birth of the Web
• Over the next two years Berners-Lee developed the code for a hypertext server program and made it available on the Internet.web.cern.
• A hyperlink is a special tag that contains a pointer to another location in the same or in a different HTML document.
. It is now called a Web server.Terminology
• A hypertext server is a computer that stores files written in hypertext markup language (HTML) and lets other computers connect to it and read those files. which organizations have used for many years to manage large document 52 filing systems. • HTML is based on Standard Generalized Markup Language (SGML).
broader acceptance was slow to materialize. • Early web browsers were text based. • Part of the problem was that the early browsers were difficult to use.
. • Although the Web caught on quickly in the research community.Early Web browsers
• A Web browser is a software interface that lets users read (or browse) HTML documents.
. • This first GUI browser was named Mosaic.GUI Web browsers
• In 1993. Marc Andressen led a team of researchers and developed the first software with a graphical user interface for viewing pages over the Web. • Andressen later went on to develop the Netscape Navigator browser. • Mosaic widened the appeal of the Web by making access easier and adding multimedia capabilities.
866 56.000 07/2005 38.819.000 12/1999 9.The growth of the Internet
The Internet has grown.000 12/1996 603.560.785 55 till date is growing
. Date WWW Servers Internet Hosts 12/1969 N/A 4 12/1979 N/A 188 12/1989 N/A 159.000 12/1993 623 2.93.367 21.056.169. and continues to grow.047.498 2.218. at a phenomenal rate.
• The ease of use provided by the browsers’ graphical user interface.Factors behind growth
There are four main factors that led to the surge in popularity of the Internet: • The web-like ability to link from site to site.
. • The growth of personal computers and local area networks that could be connected to the Internet. • The TCP/IP standard.
. – Internet Engineering Task Force (IETF)
Oversees the evolution of Internet protocols
– Internet Registries (InterNIC)
Maintain and allocate Internet domains
– World Wide Web Consortium (W3C)
Develops standards for the WWW • See the Internet Standardization Organizations. • Several groups oversee aspects of the development of the Internet.Control of the Internet
• No one organization currently controls the Internet.
A project to develop another Internet. is is being led by over 170 U.internet2.edu/
. universities working in partnership with industry and government.S. For more information see: http://www. This new network is designed to allow development and deployment of advanced network applications and technologies. Internet2.
.A model for networking
• The world’s telephone companies were the early models for networked computers because the networks used leased telephone company lines. • Once a connection was established. data traveled along that path. • Telephone companies at the time established a single connection between sender and receiver for each telephone call.
single connection model is known as circuit switching. • Using circuit switching does not work well for sending data across a large network. or circuits. • Point-to-point connections for each sender/ receiver pair is expensive and hard to manage.
• Telephone company switching equipment (both mechanical and computerized) selected the phone lines. • This centrally controlled. to connect in order to create the path between caller and receiver.
A different approach
• The Internet uses a less expensive and more easily managed technique than circuit switching. • Files and messages are broken down into packets that are labeled with codes that indicate their origin and destination. • Packets travel from computer to computer along the network until they reach their destination. • The destination computer reassembles the data from the packets it receives. • This is called a packet switching network.
• In a packet-switched network, (some of) the computers that an individual packet encounters determine the best way to move the packet to its destination. • Computers performing this determination are called routers. • The programs that the computers use to determine the path are called routing algorithms.
Benefits of packet switching
There are benefits to packing switching: • Long streams of data can be broken down into small manageable data chunks, allowing the small packets to be distributed over a wide number of possible paths to balance traffic. • It is relatively inexpensive to replace damaged data packets after they arrive, since if a data packet is altered in transit only a single packet must be retransmitted.
When it was being developed, the people working on ARPANet adhered to the following principles: 3. Independent networks should not require any internal changes in order to be connected. 4. The router computers do not retain information about the packets that they handle. 5. Packets that do not arrive at their destinations must be retransmitted from their source network. 6. No global control exists over the network.
Most popular Internet protocols
The most popular Internet protocols include: • TCP/IP • HTTP (Hypertext transfer protocol) • E-mail protocols (SMTP, POP, IMAP) • FTP (File transfer protocol) Each protocol is used for a different purpose, but all of them are important.
• The protocols that underlie the basic operation of the Internet are TCP (transmission control protocol) and IP (Internet protocol). • Developed by Internet pioneers Vinton Cerf and and Robert Kahn, these protocols establish rules about how data are moved across networks and how network connections are established and broken. • Four layer architecture
• The IP protocol includes rules for routing individual data packets from their source to their destination. It also controls the reassembly of packets once they reach their destination. It also handles all addressing details for each packet.
.Purposes of each protocol
• TCP controls the assembly of a message into smaller packets before it is transmitted over the network.
Each layer is responsible for a specific set of tasks and works as one unit with the other layers when delivering information over the Internet.
The work done by communications software is broken into multiple layers. Each layer provides services for the layer above it. each of which handles a different set of tasks.
Hardware The lowest layer is the hardware layer that handles the individual pieces of equipment attached to the network. The highest layer is the application layer where various network applications run.TCP/IP architecture
There are five layers in the Internet model: 1.
. Application 2. Network interface 5. Transport 3. Internet 4.
Some of the application layer protocols include HTTP. It is. IMAP. useful to know where each protocol resides. TCP operates in the transport layer and IP in the Internet layer. See Figure 2-2 on page 38. POP.
. and FTP. however. SMTP. (Telnet also operates in the application layer).Positioning within the layers
A full discussion of the Internet model is beyond the scope of this class.
Web System Architecture
Web Server and Application Server
Web Server : it is one of the main components of the service system. Application Server : It hosts the e-commerce application software. It interacts with the web clients as well as backend system.
..Web System Architecture
Web Browser : It is client interface.
. to understand how HTTP works.0 HTTP/1. we need to first discuss the client/server model. • It has continued to evolve since being introduced.HTTP
• HTTP (hypertext transfer protocol) is the protocol responsible for transferring and displaying Web pages. HTTP uses the client/ server model of computing. • Like other Internet protocols. HTTP/1. Thus.
Request Method in HTML • Get • Head • Post
It usually has access to a resource. • The server satisfies the requests of the client. that the client wants. it sends a message to the client. such as data. • This model simplifies communication.Client/server model
• In the client/server model there are two roles: the client and the server. When the resource that the client wants becomes available. • The client process makes requests of the server.
. The client is only capable of sending a request to the server and then waiting for the reply.
• After the client verifies that the response sent was correct. the browser sends a request to the server that holds the desired web page. • Each new page that is desired will result in a new HTTP session and another TCP/IP connection.HTTP and client/server
• With HTTP the client is the user’s Web browser and the server is the Web server. • To open a session.
. the TCP/IP connection is closed and the HTTP session ends. • The server replies by sending back the page or an error message if the page could not be found.
sound. a Web page containing a background sound and three graphics will result in five separate server request messages to retrieve the four objects plus the page itself. • For example.One page. or graphics.
. multiple requests
• If a Web page contains objects such as movies. a client must make a request for each object.
How does increasing the number of bits in the address help with increasing demand?
Internet addresses are represented in several ways. and they will be replaced with 128-bit addresses in the near future. but all the formats are translated to a 32-bit number called an IP address. The increased demand for IP addresses will soon make 32-bit addresses too small. See the links page for more information.
255.depaul. so the possible IP addresses range from 0.6 facweb.6 • Each of the four numbers can range from 0 to 255.edu: 140.depaul.cs.depaul.22.214.171.124
.0 to 255.edu: 140.1. • Examples: students.Dotted quads
• IP numbers appear as a series of up to 4 separate numbers delineated by a period.edu: 126.96.36.199.100 condor.1.192.
edu: 140.33.1.depaul.100 facweb.192. • Examples: students. domain names are associated with each IP address.edu: 140.Domain names
• Since IP numbers can be difficult for humans to remember.depaul.
.6 • A domain name server is responsible for the mapping between domain names and IP addresses.192.cs.
edu/ • A more complex URL may have a file name and a path where the file can be found.
.depaul. Example: http://www.cs. • A URL consists of at least two and as many as four parts.Uniform resource locator
• People on the Web use a naming convention called the uniform resource locator (URL). • A simple two part URL contains the protocol used to access the resource followed by the location of the resource.
A URL deconstructed
hypertext transfer protocol
path that indicates the location of the document in the host’s file system
Host/Server Others: • students • hawk • condor
. depaul .Anatomy of an e-mail address
asettle @ cs .
name. museum. coop. government • ja.S. de.
. • New additions: info. … : Nations other than the U. uk.S.Domain types
• edu: educational • com: commercial • net: originally for telecommunications • org: organizations (non-profit) • gov: U. biz. pro. tv. aero. See links page for a related news story.
Internet utility programs
TCP/IP supports a variety of utility programs that allow people to use the Internet more efficiently. These utility programs include: • Finger • Ping
The information that can be obtained includes: • Which users are currently logged on • Where each user logged onto the network from • How long the user has been on the network • When the user last logged onto the system Finger is sometimes disabled for security reasons.Finger
Finger is a program that allows a user to obtain limited information about other network users.
Example: ping students.depaul. • It works by sending a packet to the specified address and waiting for a reply. • Ping is typically used to troubleshoot connections. you simply type ping followed by the IP address or domain name of the machine you are interested in. • To run ping.edu
• Ping (Packet InterNet Groper) tests the connectivity between two Internet hosts and determines if a host is active on the network.
e . I. But in E-commerce applications .t.g. knowing the user’s state is very important. shopping cart application. Solution : COOLKIES for a web sever was proposed to save state data at web client. Web user will not keep user’s state or information . in shopping cart application .
. e. it is very impartment for server to keep track of user’ content w.COOKIES
HTTP is a Stateless Protocol.r.
• A maximum of 20 Cookies are allowed to each domain •Each cookies is limited to 4kb to prevent overloading the memory of the client computer. •Set cookie header : Set_Cookie : Name = value •Where name and Value of the cookie •Whenever required . the client will include the cookie in the http request herder as •cookie : Name = value. •Finally user’s information is passed to the server.
• Set-Cookie: Item1=1111 •Set-Cookie: Item2=2222 •
•Cookie: Item1=1111 •Cookie: Item2=2222 •Cookie: Item3=3333
•Comment •Domain •Expires •Max-age •Path •Secure
Architecture of A Web Based E-Commerce System
Form Object :For providing information on the form.Java Script
Java script is scripting language proposed by Netscape to enhance the functions of HTML ( form Validation. A java script code is embedded between <script> and </script> . Location Object : For providing location related information for
current web page such as URL . There are three main object: • • • Document Object : For providing information on the documents.
.. host name etc.) It can be used to make a web page more interactive and dynamic.
E-Commerce hardware and Software
Revisiting the Three Tier Model
First Tier – Web Client
It provides a web based GUI displayed through a web browser in the client computer .
Second Tier – Server side Applications
It consists of server side applications that run on a web server or a dedicated application server . These application implement the business logic of the web system. Major Factors : Efficiency , Security , cost effectiveness and Compatibility CGI : Common Gateway Interface ASP : Active Server Page Java Servlet
Third Tier – Database Management System
It provides data storage / retrieval services for the second tier so that dynamic web pages can be created. It may consist of one database or group of databases. For this we need database connectivity. One of the most popular method is by means of JDBC – ODBC bridge . Others are Proprietary Network Protocol Drivers and Native API drivers. To communicate with a database , we used SQL.
Servlet is invoked by using HTML form
there are basically two technique. Servlet enabled web server 3. 2. 104
To run servlets . Nonservlet enabled web server
we use Tomcat for developing an e-commerce application.
servlet and javax.SERVLET
Two main package in the servlet API .servlet. javax.
commercial site.Web servers
• The components of a web server are: – Hardware – Software • When determining what sort of server hardware and software to use you have to consider: – Size of the site – Purpose of the site – Traffic on the site • A small. noncommercial Web site will require less resources than a large.
This is particularly true for purely online (“click and mortar”) companies.The role of a web server
• Facilitates business – Business to business transactions – Business to customer transactions • Hosts company applications • Part of the communications infrastructure Poor decisions about web server platforms can have a negative impact on a company.
can the provider still handle it? • Personnel requirements or restraints • Budget and cost effectiveness of the solution • Target audience: Business-to-customer (B2C) or business-to-business (B2B)
. and sales of the site • Scalability: If the Web site needs to grow or has a sudden increase in traffic. traffic.Hosting considerations
Will the site be hosted in-house or by a provider? Factors to consider: • The bandwidth and availability needed for the expected size.
and incurs varying costs. requires different hardware and software. low-cost • Intranets: Available internally only • B2B and B2C commerce sites • Content delivery site Each type of site has a different purpose.
.Types of Web sites
• Development sites: A test site.
Requirements include: • Reliable servers • Backup servers for high availability • Efficient and easily upgraded software • Security software • Database connectivity B2B sites also require certificate servers to issue and analyze electronic authentication information. 7 days a week.Commerce sites
Commerce sites must be available 24 hours a day.
histories. summaries.Content delivery site
• Examples: USA Today New York Times ZDNet • Sell and deliver content: news. • Hardware requirements are similar to the commerce sites. • Database access must be efficient.
. other digital information.
What is Web hosting?
Web hosts are Internet service providers who also allow access to: • E-commerce software • Storage space • E-commerce expertise You can choose: • Managed hosting: the service provider manages the operation and oversight of all servers • Unmanaged hosting: the customer must maintain and oversee all servers
. • Can eliminate the need to hire and oversee technical personnel.Benefits
• Cost effective for small companies or those without in-house technical staff. • Make sure that the site is scalable. • May require less investment in hardware/software.
movies) • Secure credit card processing
. software. animation. personnel • Domain name.Services provided
• Access to hardware. IP address • Disk storage • Template pages to use for designing the site • E-mail service • Use of FTP to upload and download information • Shopping cart software • Multimedia extensions (sound.
• With the exception of large companies with large Web sites and in-house computer experts. • Creating and maintaining a Web site using an existing network can be difficult.
. it is almost always cheaper to use outside Web hosting services.Summary
• ISPs have Web hosting expertise that small or medium-sized companies may not.
• EZ Webhost • Interland • HostPro • HostIndex Managed hosting Other hosting options • TopHosts.
Requirements: • A catalog display • Shopping cart capabilities • Transaction processing • Tools to populate the store catalog and to facilitate storefront display choices Any e-commerce software must be integrated with existing systems: – Database – Transaction processing software
• Small storefront (fewer than 35 items) – Simple listing of products – No particular organization – Example: Quebec maple syrup • Larger catalog – Store product information in database – More sophisticated navigation aids – Better product organization – Search engine – Example: LL Bean
. • A shopping cart: – Keeps track of items selected – Allows you to view the items in a cart – Allows you to change quantities of items • Because the Web is stateless. bits of information stored on the client’s computer.Shopping carts
• Early e-commerce shopping used forms-based check out methods. Required writing down product codes.
. sales reports.Transaction processing
• Usually performed with a secure connection. • May require the calculation of: – Sales tax – Shipping costs – Volume discounts – Tax-free sales – Special promotions – Time sensitive offers • Details about transactions must be tracked for accounting.
ERP integrates all facets of a business including planning. sales.B2B e-commerce
Business-to-business e-commerce requires tools and capabilities different from those required for businessto-customer systems. and marketing. • Encryption • Authentication • Digital signatures • Signed receipt notices • The ability to connect to existing legacy systems. including Enterprise Resource Planning (ERP) software.
Requires hardware purchase and some skills. and can take from one day to several days to set up. Can connect with a database server. Hardware and in-house specialists needed.Levels of packages
Three levels of e-commerce packages: • Basic: Requires a few hundred dollars in fees and less than an hour to set up.
. Typically hosted by an ISP. • Enterprise-class: For large companies with high traffic and transaction volumes. • Middle-tier: Ranges in price from $1K to $5K+.
Basic packages are free or low-cost e-commerce software supplied by a Web host for building sites to be placed on the Web host’s system. • Fundamental services • Banner advertising exchanges • Full-service mall-style hosting
Each business has some control over which banners are placed on its site.Fundamental services
Available for businesses selling less than 50 items with a low rate of transactions. • Examples: Bizland. • These services offer: – Space for the store – Forms-based shopping • The Web host makes money from advertising banners placed on the site.com. HyperMart • Drawbacks: E-mail transaction processing. banners.
• A click through count is the number of visitors that a banner produces at a site. • Examples: Banner Exchange. Exchange-it. collects statistics about customers.Banner exchange sites
• Banner exchange sites aid online store promotion. enforces banner exchange rules. • The BES organizes the exchanges. and rotates ads on the sites. • Banner exchange agreements are made between sites that sign up for the service. SmartClicks
Full-service mall-style hosting
Full-service hosting sites provide: • High-quality tools • Storefront templates • An easy-to-use interface • Quick Web page creation and maintenance • No required banner advertising In exchange these sites may charge: • One-time set up fees • Monthly fees • A percentage of each transaction • A fixed amount per each transaction
Differences from basic services
• Shopping cart software • Comprehensive customer transaction processing – Choice of purchase options (credit card, electronic cash or other forms) – Acceptance and authorization of credit cards • No required (and distracting) Web banner ads • Higher quality Web store building/maintenance tools (saving time and energy) • Examples: Yahoo!Store, BigStep.com
Distinction from basic e-commerce packages: • The merchant has explicit control over – Merchandising choices – Site layout – Internal architecture – Remote and local management options • Other differences include price, capability, database connectivity, software portability, software customization tools, computer expertise required of the merchant.
• Prices range from $2000 to $9000. • Hosted on the merchant’s server. • Typically has connectivity with complex database systems and stores catalog information. • Several provide connections (“hooks”) into existing inventory and ERP systems. • Highly customizable • Requires part-time or full-time programming talent. • Examples: INTERSHOP efinity, WebSphere Commerce
Distinguishing features: • Price ($25,000 - $1 million) • Extensive support for B2B e-commerce • Interacts with a variety of back office systems, such as database, accounting, and ERP. • Requires one or more dedicated computers, a Web front-end, firewall(s), a DNS server, an SMTP system, an HTTP server, an FTP server, and a database server.
• Good tools for linking supply and purchasing. • Can interact with the inventory system to make the proper adjustments to stock, issue purchase orders, and generate accounting entries. • Example: Wal-Mart – Allows several suppliers to make decisions about resupplying – Results in cost savings in inventory • Examples: WebSphere Commerce Suite, Netscape
such as a database server. meaning that it can be upgraded or a new server added as necessary. should be handled by separate hardware. • Whatever your choice you must ensure that the server hardware is scalable. operating system.
. Database products have large processing needs.Web Platform Choices
• Hardware. and application server software must be considered together since each affects the other. • Other needs.
. – Response time: The amount of time a server requires to process one request. • The mix and type of Web pages – Static pages – Dynamic pages: Shaped in response to users.Factors in performance
• Hardware and operating system choice • Speed of connection to the Internet • User capacity – Throughput: The number of HTTP requests that can be processed in a given time period.
• Anyone considering buying a server for a heavy traffic situation or wanting to make changes to an existing system should consider benchmarks.
• Benchmarking is testing used to compare the performance of hardware and software. software. network speed. For examples see Figure 3-4 on page 87. • Results measure the performance of aspects such as the OS. • There are several Web benchmarking programs. CPU speed.
• Web server features fall into groups based on their purpose: – Core capabilities – Site management – Application construction – Dynamic content – Electronic commerce
.Web server features
• Web server features range from basic to extensive depending on the software package being used.
what. when. processing certificates and public/private key pairs. domain name translation. Gopher • Searching.Core capabilities
• Process and respond to Web client requests Static pages. dynamic pages. • Security Name/passwords.
. how long? May involve the use of Web log analysis software. • FTP. indexing • Data analysis Who.
Features found in site management tools: • Link checking • Script checking • HTML validation • Web server log file analysis • Remote server administration
• Uses Web editors and extensions to produce Web pages. • Also detects HTML code that differs from the standard or is browser specific. both static and dynamic. • Like HTML editors. application editors allow the creation dynamic features without knowledge of CGI (Common Gateway Interface) or API (Application Program Interface) programming.
It uses a variety of languages such as VBScript.Dynamic content
• Non-static information constructed in response to to a Web client’s request. a successful dynamic page is tailored to the query that generated it. Jscript. • Active Server Pages (ASP) is a server-side scripting mechanism to build dynamic sites and Web applications. and Perl. More information? Take ECT 353!
. • Assembled from backend databases and internal data on the Web site.
• An Web server handles Web pages whereas an e-commerce server deals with the buying and selling of goods and services. product information. • A Web server should handle e-commerce software since this simplifies adding e-commerce features to existing sites.
. Web ad rotation and weighting. shopping carts. sales report generation. credit card processing. • Features: Creation of graphics. addition of new products.
• The market is divided into intranet servers and public Web servers.Web server software
• There is no best package for all cases. • Three of the most popular Web server programs: – Apache Tomcat Server – Microsoft Internet Information Server – Netscape Enterprise Server
• Developed by Rob McCool while at UI in the NCSA in 1994. • Can be used for intranets and public Web sites. • The software is available free of charge and is quite efficient. • For a discussion of its features see the Apache Software Foundation page. • Originally written for Unix. it is now available for many operating systems.
. • Currently only runs on Windows NT/2000.Microsoft IIS
• Microsoft’s Internet Information Server comes bundled with Microsoft’s Windows NT/2000. • See Microsoft’s Web Services page. • It is suitable for everything from small sites to large enterprise-class sites with high volumes. • Can be used for intranets and public Web sites.
• Can be run on the Internet.Netscape Enterprise Server
• Costs several thousand dollars and has a 60-day trial period.
. • Some of the busiest sites on the Internet use NES including E*Trade. • Runs on many different operating systems. and Lycos. intranets and extranets. Excite. • See Netscape Server Products.
• What Web software is running on a site? • Web server side-by-side comparisons
Web server tools
Other Web server tools include: • Web portals • Search engines • Push technologies • Intelligent agents
• Provides a “cyber door” on the Web • Serves as a customizable home base • Successful portals include: – Excite – Yahoo! – My Netscape – Microsoft Passport
• An automated delivery of specific and current information from a Web server to the user’s hard drive • May be used to provide information on: – Health benefit updates – Employee awards – Changes in corporate policies
or mediation on behalf of a person or entity • Examples: – AuctionBot – BargainFinder – MySimon – Kasbah
. information filtering.Intelligent agents
• A program that performs functions such as information gathering.
g. when. e.
. purchase 100 shares if the price is below $60 a share.Example uses
Example uses for intelligent agents: • Search for the best price and characteristics of various products • Procurement: Deciding what. and how much to purchase • Stock alert: Monitors stock and notifies when certain conditions are met.
Hardware and Software required. CGI . how to communicate with backend database system. Design some simple program. JDBC –ODBC Connectivity . Database Connectivity.using servlet.We Learned
1. Have a idea about HTML and Java Script. 3. ASP etc. 4. 2.
. Server Side Component : Servlets .
This can be used to keep track of user and shopping cart. 2. HTTP USER Authentication 4. Cookies
.We define a hidden field element called the username in an HTML form . URL rewriting 3. Hidden from field :.Four Methods
.g http://www.com/servelts/welcome/007/hello Or http://www.com/servelts/welcome/hello http:// www.xyz. A> To add extra directory to the original URL B> To add additional parameters at the end of URL e.xyz. URL rewriting : the basic concept is to modify and more precisely rewrite URL to a specific URL for each user. I.e each user is given a specific URL for talking to the web server.2.xyz.
Each one have its own advantage and disadvantages. HTTP User Authentication : it can be done by asking the user to provide his username and password. Can not be used in e-commerce scenario
.3. Cookies : are a small piece of information stored in the client browser. 4.
It can be used with other java components such as CORBA . 1. 2. Handling the life cycle of a session object. 3.
.Servlet Session Tracking API
It can be used in any servlet program. Setting up of session object. RMI etc. It can be easily integrated with java security API. Management of different Session.
• There are two types of security: – Physical security including such devices as alarms. reduces. • A threat is an act or object that poses a danger to computer assets.
. fireproof doors. security fences. use. alteration. or eliminates a threat. vaults. or destruction. – Logical security is non-physical protection. either physical or logical that recognizes.Terminology
• Computer security is the protection of assets from unauthorized access. • A countermeasure is a procedure.
high impact: Prevent • Low probability.Risk analysis
The countermeasure will depend both on the cost associated with the threat and the likelihood that the threat will occur. • High probability. low impact: Contain and control • High probability. (4) theft
. high impact: Insurance or backup Example: CTI computer systems under threat from (1) virus. (3) earthquake. (2) fire. low impact: Ignore • Low probability.
Types of threats
• Physical threats – Natural phenomena: Earthquake. electrical shutdown. storm. power surge – Theft. sabotage • Logical threats – Impostors – Eavesdroppers – Thieves
. tornado – Arson.
and ensuring the authenticity of the data source. Example: Changing of an e-mail message • Necessity Preventing data delays or denials.Security terminology
• Secrecy Protecting against unauthorized data disclosure. Example: Delaying a purchase order for stock
. Example: Use of stolen credit card numbers • Integrity Preventing unauthorized data modification.
and disaster recovery.Security policy
• Any organization concerned about protecting its e-commerce assets should have a security policy.
. • The policy should address physical security. who is responsible for that protection. network security. and which behaviors are acceptable and not. virus protection. why they are to be protected. access authorizations. • A security policy is a written statement describing what assets are to be protected.
• Early computer security measures: – Computers were kept in locked central rooms – Access was granted only to select individuals – No one could remotely access the machine • Modern systems are more complex: – Remote processing – Electronic transmission of information – Widespread use of the Internet
however. Client security 2.
. we will consider issues surrounding copyright and intellectual property. beginning with the consumer and ending with the commerce server. Communication channel security 3.E-commerce threats
E-commerce security is best studied by examining the overall process. This analysis produces a three part structure: 1. Server security First.
A copyright notice is not necessary. recordings. graphics. Each work is protected when it is created. motion pictures. sculptures. music.Copyright and IP
• Copyright is the protection of expression and it typically covers items such as books. pictures.S. • Intellectual property is the ownership of ideas and control over the representation of those ideas. • The U. architectural works. essays.
. Copyright Act of 1976 protects items for a fixed period of time.
• See Intellectual Property Resources on the Internet.Threats
The widespread use of the Internet has resulted in an increase in intellectual property threats. • It is very easy to reproduce an exact copy of anything found on the Internet. • Many people are unaware of copyright restrictions protecting intellectual property.
. • A related issue is cybersquatting which is the practice of registering a trademark of another company as a domain name.
• Some methods for protecting digital IP include: – Digital copyright laws – Electronically locking files – Digital watermarks
.Protecting copyrights and IP
• Enforcing existing copyright laws can be difficult.
Example: “See everyone? Lucky Larry!” What does it mean? •A digital watermark is a digital code or stream embedded into a file. They do not affect the quality of the file and may be undetectable. • The presence of a watermark can indicate that the file was stolen.
• Steganography is the practice of hiding information within other information.
This analysis produces a three part structure: • Client security • Communication channel security • Server security
. beginning with the consumer and ending with the commerce server.Outline
E-commerce security is best studied by examining the overall process.
• Example: Employers reading employees’ e-mail. Privacy • The protection of individual rights to non-disclosure. See: E-lessons in the Chicago Tribune
Secrecy • The prevention of unauthorized information disclosure.Secrecy vs. • Example: Encryption of e-mail. • A technical issue involving physical and logical mechanisms. • The law enforces privacy protection.
manage. display. but it is wise to learn about them. Many sites do not store sensitive data in cookies. • Malicious programs can read cookies to gain private information. and eliminate cookies.
• Cookies are files that store identifying information about clients for the purposes of personalization. See Cookie Crusher. and Cookie Pal. Software exists that enables you to identify. See The Cookie FAQ for more information. • Cookies are not inherently bad.
• There are portals that allow you to surf the Web anonymously by visiting their portal first. preventing any leaks in information.Anonymous browsing
• Since many Web sites gather information about visitors to their sites. • Example: Anonymizer. you are constantly giving away information such as your IP address. • Their site acts as a firewall.com
• Examples: Virus or worm Trojan horses Malicious mobile code in active content
. Typically servers engage in much more thorough detection and disinfection.Client threats
• Malicious code is a program that causes damage to a system. • Malicious code can affect both the server and the client.
.exe.vbs or .dll) – Spread through e-mail and file transfer • Script viruses (ILOVEYOU) – Written in scripting languages (VBScript. . . .Viruses
. • Example: ILOVEYOU virus was both a script virus and a worm that propagated by sending itself to the first 50 people in a user’s Microsoft Outlook address book. • A worm does not necessarily need to be activated by a user or program for it to replicate. • A worm is designed to spread from computer to computer rather than from file to file.Worms
• Viruses are often combined with a worm.
• Origin of the name?
.Trojan horse programs
• Malicious active content may be embedded into a seemingly innocuous Web page. • A Trojan horse is a program hidden inside another program or Web page that masks its true purpose.
. places items into shopping carts.Active content
• Active content. • Active content displays moving graphics. etc.
• Java is a high-level. object-oriented programming language developed by Sun Microsystems. but its most popular use has been in Web pages where applets implement client-side applications. • It reduces the load on servers by downloading work onto the client’s machine. • Java is platform independent. • It was created for embedded systems.
a special security model called the Java sandbox was created. • The Java sandbox confines Java applet actions to a set of rules defined by a security model.
. those that have not been proven to be secure. • The sandbox prevents applets from performing file input or output and from deleting files. • These rules apply to all untrusted Java applets.Java sandbox
• To counter security problems. • All applets from a local file system are trusted and have full access to system resources.
including the operating system. Shockwave • Once downloaded.ActiveX controls
• ActiveX is an object that contains programs and properties that Web designers place on pages to perform certain tasks. • ActiveX controls only run on Windows machines.
. • Examples: Flash. • When embedded ActiveX controls are downloaded. ActiveX controls have access to system resources. they are run on the client machine.
Graphics and plug-ins
Graphics: • Some graphics file formats have been designed to contain instructions on how the graphic is to be rendered. Plug-ins: • A browser plug-in is a program that enhances the capabilities of the browser. • Many plug-ins work by executing commands buried within the media they are displaying. • Code embedded into the graphic is a potential threat. They handle things like playing audio clips and displaying movies.
The primary issue is trust of the site providing the active content. Each browser handles this in a different way.Protecting client computers
The primary task in protecting a client machine is the monitoring of active content.
. One way to improve trust is through the use of digital certificates.
is an attachment to a Web page or e-mail message verifying the identity of the creator of the page/message. • It identifies the author and has an expiration date. Example: VeriSign • Identification requirements vary. • Certificates are obtained from a Certificate Authority (CA) that issues them to an individual or an organization. • The certificate is only a guarantee of the identity of the author.Digital certificates
• A digital certificate.
. or digital ID. not of the validity of the page/code. • A page or message with a certificate is signed.
Security in Internet Explorer
• Provides content warnings • Reacts to ActiveX and Java-based content • Uses Microsoft Authenticode technology that: – Verifies who signed the code – Checks if the code has been modified since it was signed • If a publisher has not attached a code you can set the browser to not download the page. • It is up to you to designate which companies you trust using “zones”.
• When a page with a certificate is downloaded: – The certificate is detached – The identity of the CA is verified – The integrity of the program is checked • A list of trusted CAs is built into the browser along with their public keys. • Both the certificate and the key must match.
• You can specify different security settings based on the origin of the information being downloaded. • There are four zones: – Internet: Anything not classified in another way – Local intranet: The internal network – Trusted sites – Restricted sites: Web sites you do not trust
• High: Safer but less functional; less secure features are disabled; cookies are disabled. • Medium: Safe but functional browsing; prompts before downloading potentially unsafe content; unsigned ActiveX will not be downloaded. • Medium-low: Downloads everything with prompts; most content will be run without prompts; unsigned ActiveX will not be downloaded. • Low: Minimal safeguards; most content will be downloaded and run without prompts; all active content can be run.
• The Custom Level button allows you to alter the defaults provided by a specific level. • All protections are a choice between running and not running active content. • No monitoring of code occurs during execution.
E-commerce security is best studied by examining the overall process. beginning with the consumer and ending with the commerce server. This analysis produces a three part structure: • Client security • Communication channel security • Server security
Communication channel threats
• The Internet was designed for redundancy. • The Internet remains in its insecure state. • The possible security violations include secrecy. and non-hostile. integrity.
. • It is impossible to guarantee that every computer through which information passes is safe. and necessity threats. secure. The DOD intended to encrypt all information moving in the network. not secure communications.
• Sniffer programs record information as it passes through a particular router.Sniffer programs
• E-mail transmissions can be compromised by the theft of sensitive or personal information. • This can capture: – Passwords – Credit card numbers – Proprietary corporate product information
. • This occurs when an unauthorized party alters a message in a stream of information. • Cyber vandalism is the electronic defacing of an existing Web site’s page. This occurs when an individual replaces content on the site.Integrity threats
• An integrity threat is also called active wiretapping. • Masquerading or spoofing occurs when perpetrators substitute the address of their site for a legitimate site and then alter an order or other information before passing it along.
• The most famous example of a denial attack is the Robert Morris Internet Worm attack. • Slowing processing can render a service unusable.
• Also known as delay or denial threats. the purpose is to disrupt or deny normal processing. perpetrated in 1988.
• Since the Internet is inherently insecure. any secret information must be encrypted. • The study of encryption is called cryptography.
. The name comes from krupto (secret) and grafh (writing). • Encryption is the coding of information using a program and a key to produce a string of unintelligible characters. • Cryptography is not related to steganography.
. • Only the intended receivers should have the key that transforms the ciphertext into plaintext. • Encrypted data is called ciphertext. • A key is a string of digits that acts as a password. • A cipher or cryptosystem is a technique or algorithm for encrypting messages. • Cryptographic ciphers have a long history.Terminology
• Unencrypted data is called plaintext.
etc. “b” by “c”. • The two main types of ciphers were used: – Substitution cipher: Every occurrence of a given letter is replaced by a different one. uftujoh” – Transposition cipher: The ordering of the letters is shifted to form new words. “Uftujoh. Example: Plaintext = example Ciphertext = eape xml
.Early cipher systems
• Ciphers were used as far back as the ancient Egyptians. Example: “a” by “b”. Text was encrypted by hand.
• Computer information is stored as binary strings.Modern cipher systems
• Modern cryptosystems are digital. Example: 128-bit encryption systems. sequences of 0’s and 1’s. the algorithms are based on the individual bits of a message rather than letters of the alphabet. • Encryption and decryption keys are binary strings of a given key length.
• Someone can know the details of an encryption algorithm and yet not be able to decipher an encrypted message without the key. The longer the key. in terms of bits. of the key used in the encryption procedure. • The resistance of the encrypted message depends on the size. the more computing power and time it takes to break the code. Example: 128-bit encryption systems.
• Public-key cryptography Also known as asymmetric encryption. it uses a single key to both encrypt and decipher the message. it uses a public key to encrypt messages and a private key to decipher messages.
.Types of cryptosystems
There are two main types of cryptosystems: • Private-key cryptography Also known as symmetric or secret-key encryption.
• What if both wish to communicate with Chris?
. Problems with this approach: • How do Alice and Bob exchange the secret key? • There is no authentication of the sender. • The ciphertext is sent to the Bob. • Alice encodes the message using the secret key.Private-key cryptography
Suppose that Alice wishes to send Bob a message: • They exchange a secret key. • Bob decodes the message using the secret key.
they obtain a session key from the KDC. • When Alice and Bob want to communicate.
. • If the KDC is compromised.Key distribution center
• A key distribution center shares a different key with each user in the network. improving security. • If Chris wants to communicate with Alice. • They communicate using the session key. the security of the entire network is at risk. they obtain a new session key.
The current standard is to use Triple DES. • Cryptoanalysts no longer believe that 56-bit keys are secure.DES
• Data Encryption Standard (DES) is a 56-bit private-key encryption algorithm developed by the NSA and IBM in the 1950s.
. each with its own key. •Advanced Encryption Standard (AES). three DES systems in a row.
. Alice then uses her private key to decode the message. • Although the two keys are mathematically related. • When someone wishes to communicate with Alice they use Alice’s public key to encode their message. • The private key is kept secret by its owner. • The public key is freely distributed.Public-key cryptography
• Public-key cryptography uses two related keys. it would require enormous computing power to deduce the private key from the public one.
Example: Merchant to customer – First encode using the customer’s public key. • Both together give two way authentication. • Similarly if the customer sends a message using the customer’s private key.Authentication
• If a customer sends a message to a merchant using the merchant’s public key. the customer knows that only the merchant can decipher the message.
. the merchant can decipher it using the customer’s public key thus identifying the customer. – Use the merchant’s private key on the result.
• The mostly commonly used public-key system is RSA (named for its inventors: Ron Rivest. • RSA is built into many Web browsers. • Invented in 1977 at MIT. Adi Shamir. Examples: Internet Explorer. • Most secure e-commerce transactions on the Internet use RSA products. and Leonard Adleman). commerce servers. Apache Web Server. Netscape Communicator. See the RSA security page.
. and e-mail systems.
. • PGP is freely available for non-commercial use. • Used to encrypt e-mail messages and files.PGP
• Another common public-key system is PGP (Pretty Good Privacy). See the MIT Distribution Center.
. • The most common key agreement protocol is a digital envelope. • The process by which two parties exchange keys over an insecure medium is a key agreement protocol. • Public-key algorithms can be used to exchange private keys.Key agreement protocols
• A drawback of public-key algorithms is that they are not efficient for sending large amounts of information.
Example: • Alice encrypts a message using a secret key.Digital envelopes
The basic idea: • A message is encrypted using a secret key. • The secret key is encrypted using a public key. • Only the receiver can decipher the secret key. • He then uses that key to decipher the message.
. • Alice encrypts the secret key using Bob’s public key. • Bob decrypts the secret key using his private key. • Alice sends both to Bob.
• Most compromises in security result from poor key management. • An important part of management is the generation of keys. e. the mishandling of private keys resulting in key theft. • The key length must be sufficiently long. • Key generation algorithms must be random.g. • A key generation algorithm that is unintentionally constructed to select keys from a small subset of all possible keys may allow a third party to crack the encryption.
• A digital Certificate is an identification document.
.Digital Certificate and X.
X.Digital Certificate and X.509 contains the following fields:
Digital Certificate System
Developed by CommerceNet.Secure protocols
• Secure sockets layer (SSL) The purpose is to secure connections between two computers. Developed by Netscape communications.
. • Secure Hypertext Transfer Protocol (S-HTTP) The purpose is to send individual messages securely.
• Once the keys are established.
. the client and server negotiate session keys to continue. the transaction proceeds using the session keys and digital certificates. • See Figure 6-17 on page 221.SSL
• To begin. • Using public-key cryptography. • The server responds by sending its digital certificate to the client for authentication. a client sends a message to a server. • All information exchanged is encoded.
As a result it can secure many different types of communications: • FTP sessions • Telnet sessions • HTTP sessions: S-HTTP
.Types of communication
SSL resides on top of TCP/IP in the Internet protocol suite.
128-bit Both refer to the length of the session key generated by every encrypted transaction. market. The 40-bit version is available for export.S. 40-bit 3.
. but U.SSL key length
Secure Sockets Layer comes in two strengths: 2.S. firms may only use the 128-bit version in products intended for the U.
. • Secure Hypertext Transfer Protocol (S-HTTP) The purpose is to send individual messages securely. Developed by Netscape communications.Secure protocols
• Secure sockets layer (SSL) The purpose is to secure connections between two computers. Developed by CommerceNet.
it does not protect information once it is stored in the merchant’s database. The data needs to be encrypted and/or the server secured to protect information that was previously transmitted.Limitation
Although SSL protects information as it is being transmitted.
• Security features: – Client and server authentication (using RSA) – Symmetric encryption for communication – Message digests – The client and server may use separate S-HTTP techniques simultaneously.
• Secure HTTP (S-HTTP) is an extension of HTTP. Example: The client may use private keys and the server may use public keys. • Works at the application level. • It is concerned with securing individual messages.
• Security details are specified in special packet headers that are exchanged.Establishing contact
• The details of S-HTTP security are conducted during the initial negotiation session.
. all subsequent messages are wrapped in a secure envelope. • Once the client and server have agreed to the security implementations that will be enforced between them.
• When a feature is required it must be used or the connection will be terminated. optional. • Features: – Use of private-key encryption – Server authentication – Client authentication – Message integrity
. or refused.Security techniques
• The client and server can specify that a security feature is required.
• The basic idea: – A hashing algorithm is applied to produce a message digest. – The message digest is encrypted to produce a digital signature. information can then be re-sent.Transaction integrity
• It is difficult to prevent integrity violations.
. but techniques can enable integrity violations to be detected.
Good hash algorithms have few collisions. Problem: What if an adversary changes both the message and the message digest?
. • The message digest is appended to the message. • The receiver recalculates the message digest. • This produces a number that is based on the length and content of the message. • If they two do not match.Message digest
• A hashing function is applied to the message. integrity is violated.
computes his own digest.Digital signature
• The sender computes the digest. and then appends the encrypted digest onto the message. • For added security. • The merchant deciphers the digest.
. the digital signature and the message can be encrypted. If they match the integrity of the message was preserved. and compares the two. encrypts it using her private key. • Only the sender could have created the digital signature.
This analysis produces a three part structure: • Client security • Communication channel security • Server security
E-commerce security is best studied by examining the overall process. beginning with the consumer and ending with the commerce server.
Server threats can be classified by the means used to obtain unauthorized access into the server: • The Web server and its software • Back-end programs and servers such as ones for a database • Common Gateway Interface (CGI) programs • Other utility programs residing on the server
including sensitive areas. – The rule is to use the lowest level needed to complete a given task.Security levels
• Web servers running on most machines can be set to run at various privilege levels. – The lowest level provides a logical fence that prevents access to sensitive areas. • Setting up a Web server to run in high privilege mode can cause potential threats. – The highest one allows access to any part of the system.
it may place that in a cookie on the client’s machine.
. • The server must be careful not to request that the cookie be transmitted unprotected.Entering passwords
• Web servers that require usernames and passwords can compromise security by revealing them. • Because the Web server needs the information as it moves from page to page.
• Users who choose passwords badly also pose a threat to Web server security. such as birth dates. Passwords that are easily guessed.Username/password pairs
• Web servers may keep files with username/password pairs to use for authentication. child or pet names. are poor choices. • If these files are compromised then the system can be attacked by people masquerading as others. • Administrators often run programs that attempt to guess users’ passwords as a preventative measure.
. • Security is enforced using privileges. • Security features rely on usernames/passwords. information may be moved to a less protected level of the database. attacks on them are particularly troubling.Database threats
• Because databases hold valuable information. giving full access. • During an attack. • Databases that fail to store usernames/passwords in a secure manner or fail to enforce privileges can be compromised.
• Old CGI scripts that have been replaced can be loopholes for access into the system. • CGI scripts can reside anywhere and are difficult to track. CGI scripts can be set to run unconstrained (with high privilege). • Defective or malicious CGI scripts can access or destroy sensitive information. • Like Web servers.
• CGI implements the transfer of information from a Web server to another program.
• A buffer is an area of memory set aside to hold data read from a file or database. either from a buggy program or as part of a deliberate attack. • Buffers are necessary because I/O operations are much slower than CPU operations. can result in: – A computer crash – Instructions for an attacking program being written into the return address save area causing it to be run by the Web server CPU
. • Buffer overflows.
includes both users and other servers. • Firewalls Inside: Network and machines protected by the firewall.Securing the server
• Access control and authentication Controlling who and what has access to the server.
. Outside: All other networks.
and execute permissions may be set separately. Read. • Usernames/passwords – Usernames are stored as clear text – Passwords are stored as encrypted text – A password entered is encrypted and compared against the encrypted password.Access control
• Authentication via digital certificates and signatures. • An access control list gives the users that can access certain files and folders in the system. write.
• All traffic from the outside must pass through it.
. • Trusted networks are inside. untrusted ones outside. • Only authorized traffic is allowed to pass. • Can be used to separate divisions of a company. • Operates at the application layer. • The firewall should be immune to attack. • Unnecessary software should be stripped off. • The same policies should apply to all firewalls.
Example: Incoming FTP requests granted but outgoing requests denied. • Gateway servers Filter traffic according to the application requested.Types of firewalls
• Packet filters Filters traffic according to source and destination (IP address) based on a set of rules. • Proxy servers Communicate with the Internet on behalf of the private network. Also used as a cache for Web pages.
An electronic check system for supporting check payment 5.Electronic Payment System
Four Types of Payment Methods: Cash . Check and Credit/Debit ( Fund transfer) 3. 4. An electronic funds transfer system 6. Credit Card . Secure Electronic Transaction (SET) Protocol for implementing Credit card. An Electronic cash system
Security 3. Anonymity 2.Features of Payment Methods
1. Transferability 5. Acceptability 4C Payments Methods
. Divisibility 6. Overhead Cost 4.
Secure Electronic Transaction
Must satisfying the following security requirements in context of credit card payment: Confidentiality Integrity Authentication
Acquirer 5. Issuer 4.Network Architecture of SET System
1. Payment Gateway
. Cardholder 3. Merchant 2.
Set Digital Certificate System
Dual Signature Generation and Verification
OI – Order Information .Payment system
. PI .
Purchase Request 3. Payment Capture
. Payment Authorization 4.SET Protocol
1. Purchase Initiation 2.
sales. and promotion
• The stakeholders include customers.
. neighbors. warehouse or office building and/or engage in advertising. and/or engage in advertising.Building a presence
• An organization’s presence is the public image it conveys to its stakeholders. • Physical world: Create a store. and the general public. which may be the only point of contact for stakeholders. • On the Web: Create a site. factory. employees. stockholders. suppliers.
Web presence goals
• Attracting visitors to the site • Making the site sticky so that visitors stay • Convincing visitors to follow the site’s links to obtain information • Creating an image consistent with the desired image of the organization • Reinforcing positive images that the visitor may already have about the organization
• Commercial organizations – Toyota – Metra • Museums – Art Institute – Field Museum – Museum of Science and Industry
Elements of a Web site
• History. statement of objectives. mission statement • Information about products or services • Financial information • A way to communicate with the organization + Usability matters + Communication should be two-way + Failure will result in a loss of competitiveness How can the design of the site be done effectively?
Purposes for visiting a site
• Learning about products and services • Buying products and services • Obtaining information about warranties or service for previously purchased products • Gaining general information about the organization • Obtaining information for the purposes of investing or granting credit • Identifying the people who manage the organization • Obtaining contact information for an individual
Difficulties in delivering content
• Varying visitor needs • Differing experience levels • Technological issues – Data transmission speeds – Web browsers – Plug-in software
• Convey an integrated image • Provide easily accessible facts both about the firm and any products or services it may offer • Allow visitors to experience the site in a variety of ways and at different levels • Provide meaningful. twoway communication • Sustain visitor attention without detracting from the purpose and image of the site • Find ways to encourage return visits
. responsive. reliable.
not around the organization’s structure • Allow quick access to the site’s information • Avoid using inflated marketing statements • Avoid using business jargon • Allow visitors with older browsers and slower connections to access the site -.Usability
• Design the site around how visitors will navigate the site.this may mean building several versions of the site • Be consistent in the use of design features and colors
• Make sure that navigation controls are clearly labeled or otherwise recognizable • Test text visibility on smaller monitors • Check that color combinations do not impair viewing clarity for the colorblind Positive examples: Webby Awards (See the Monterey Bay Aquarium) Negative examples: Mud Brick Awards
• Mass media approach Advertising and promotional material is created and then distributed via: – Television or radio – Newspapers or magazines – Highway billboards – Mailings
.Finding and reaching customers
• Personal contact/prospecting Employees individually search for. qualify. and contact potential customers.
– Both seller and buyer participate actively. buyer is passive. • One-to-one – Personal contact – Salesperson interacts with customer directly. – Seller is active.
.Types of interactions
• One-to-many – Mass media – Seller sends out carefully produced messages to a large audience. – Trust building is important.
• Many-to-one Many active potential customers seek out information from resources produced by the seller. and scope of the search. Example: Book review sites.
. fan sites • One-to-one E-mail contact with a seller • Many-to-many Newsgroups and interactive Web sites • Primary characteristic: The buyer is active and controls the length.
• Money spent on mass media is in dollars per each thousand people in the estimated audience. or number of addresses.Effectiveness of mass media
• Mass media efforts are measured by estimates of audience size. circulation.
. • This pricing metric is called cost per thousand and is often abbreviated CPM.
one approach was to divide a pool of potential customers into segments.
. but more cost effective on the Web. This is called market segmentation. Targeting very small market segments is called micromarketing. Micromarketing is expensive using traditional means.Micromarketing
As mass media lost its effectiveness (new and improved!).
• Each page loaded is a page view. • A trial visit is the first one. • Charges range from $1 to $100 CPM. • If the page contains an ad it is an ad view. subsequent ones are called repeat visits. it is a click-through. • One CPM for banner ads is 1000 impressions. • An impression refers to each banner ad load. Immediate downloads of new pages are often counted as part of the same visit. • If a visitor clicks a banner.
• A visit occurs when a visitor requests a page.
• Increase the trust level • Increase the personalization
The Web has: • Better effectiveness than mass media • More trust than mass media • Lower cost than personal contact • Less trust than personal contact It is believed that a move toward the side of personal contact is more effective.
needs. behavior and buying patterns and uses that information to: • set prices • negotiate terms • tailor promotions • add product features • customize its relationship with the customer.Technology and marketing
Technology-enabled relationship management is when a firm obtains detailed information about customer preferences.
• Branded elements are easier to promote. value.
. • The key elements of branding are: – Differentiation – Relevance – Perceived value • This makes branding for commodity products like salt or plywood more difficult.Branding
• A known and respected brand presents a powerful statement about quality. and other desired qualities to potential customers.
A characteristic that sets the product apart from similar products. Examples: • Ivory soap: “It floats” • Dove soap: “1/4 moisturizing creme” • Palmolive dish soap: “Mild on your hands” • Dawn dish soap: “Takes grease out of your way” • Antibacterial soaps
The degree to which the product offer utility to a potential customer. The customer must be able to see themselves purchasing and using the product. Examples: • Cadillac • Hyundai • Minivans
The product must have some identified value. but it may not have values that they desire.
. Products can be different than others and people can see themselves using it. Example: Subway sandwich ads comparing fat values of their product to those found in BigMacs.
. and print media since the viewer is a passive recipient of information.Emotional branding
Ted Leonhardt: “Brand is an emotional shortcut between a company and its customer” Emotional appeals work well on television. On the Web it is easy to click away from emotional appeals. radio.
Functional assistance replaces emotional appeals. Examples: • Free e-mail services such as HotMail • Free Web hosting such as HyperMart • ShopSmart! program from Mastercard
Rational branding offers to help Web users in some way in exchange for their viewing an ad.
Example: Amazon.com • Serving as a market intermediary between buyers and sellers.Other branding strategies
• Leverage success in one area into another area. Example: Yahoo! • Affiliate marketing: Descriptions. reviews or other information about a product on one site are linked to pages on another site allowing you to purchase that item. Example: Wedding Channel
Costs of branding
• Transferring existing brands to the Web or using the Web to maintain an existing brand is easier and less expensive than creating a new brand. much of it on traditional advertising. and radio.
. Example: Catalog sales companies • Attempting to create a brand on the Web may involve spending on traditional mass media such as television.com spent $133 million and BarnesandNoble.com spent $70 million. print. Example: In 1998 Amazon.
Business models for the Web
• Selling goods and services Based on the mail order catalog business • Selling information or other digital content Can be used to expand markets and cut costs • Advertising supported Used by American network television • Advertising-subscription mixed Supported via both fees and advertising • Fee-for-transaction The use of information filtering for profit
and gifts. electronics. • The printed catalog is replaced or supplemented by information on the Web site. computers.com: Discounting
.Selling goods and services
• Used for apparel. (Why?) • Fabric swatches are usually available. (Why?) • Examples: – Dell computers: Flexibility – Lands’ End: Overstocks – FTD Florists: Traditional advertising – Buy. • Customers may purchase via phone.
Selling digital content
The Web is an efficient means for selling information. • Legal research: Lexis Publishing • Digital copies of documents: ProQuest • Electronic versions of journals: ACM Digital Library • Adult entertainment • Reference materials: Encyclopedia Britannica
The success of Web advertising has been hampered by two major problems: • There is no consensus on how to measure and charge for site visitor views. a sensitive privacy issue. One success: Employment advertising
. Examples: Number of visitors. number of unique visitors. • Very few Web sites have sufficient number of hits to interest large advertisers. number of click-throughs. Targeted advertising requires that demographics be collected.
• Examples – The New York Times – The Wall Street Journal – Reuters – ESPN
. • Popular with online newspapers.Advertising-subscription mixed
• Subscribers are subject to less advertising and have greater access to the resources of the site.
• Value-added services are sold in exchange for a commission. • Travel agencies – Travelocity – Expedia • Automobile sales – Autobytel: An example of disintermediation • Stockbrokers • Insurance companies
ethical.International. and legal issues
• International issues
– Language – Culture – Infrastructure
• Ethical issues
– Defamation – Privacy rights
• Legal issues
– Borders and jurisdiction – Jurisdiction on the Internet – Taxation and e-commerce – Contracting – Web site content
• Trust can be built by sharing a culture. that is.International e-commerce
• E-commerce is by its nature international. • International companies must work to build trust with customers. a combination of language and customs. • The barriers to international e-commerce include: – Language – Culture – Infrastructure
60% of Web use and 40% of e-commerce sales will involve at least one party outside the U.
. even if they understand English. • Estimates are that by the end of this year.S.Language issues
• A first step in reaching international customers is to conduct business in their native language. • Customers are more likely to buy products and services from Web sites in their own language.
• Second tier of languages: Italian. • Some dialect differences are in spoken inflection. companies: Spanish. • Word meanings and spellings can vary between dialects. French. • Many languages involve different dialects such as Spanish in Mexico vs. Chinese. Spain vs. Russian. German.S.
• Most common non-English languages for U. Portuguese. Example: Gray in U. Japanese.S. and Swedish. Korean.K. grey in U. Argentina..
• Pages that may be kept in multiple languages: – Home page – Marketing and branding pages – Product information pages • Pages that may be kept in a single language: – Local news – Employment opportunities
.Multiple language sites
• Not every page on a site will be translated into multiple languages.
. • Use the information about the default language of the browser to direct visitors to pages. Hyundai The links need to be clearly labeled.Handling language displays
There are several ways to ensure that customers will see the language appropriate for them. Examples: Dell Computers. • Create different versions of the site and place links on the page directing visitors. Country flags are not a good choice.
• Hire a Web page translation service – Translate the pages – Maintain them for a fee ($0.000 words an hour. Human translators do 400-600 words an hour.25 – 0.
. Can translate up to 40.50/word) • Use software that automates the translation and maintenance of the pages. Example: Idiom Technologies • Completely automated translation software.
Packaging is important part of a quality product.Culture issues
Errors can stem from language and culture standards. • Pepsi’s campaign in China failed. • Chevrolet Nova did not sell in Latin America.
. • Complaints from Japanese customers to wine. “Come alive” became “Brings your ancestors back from their graves”. • Baby food with a picture of a baby did not sell well in parts of Africa where food containers always carry a picture of their contents.com.
• Uncovered legs or arms in a Muslim country. • A Web page divided into four parts or that uses the color white in Japan.
. where the number 4 and white represents death.Labeling issues
Labeling issues are particularly troublesome: • Inappropriate use of the image of a cow in India.
Yahoo! Japan. – Order items on Internet – Pick them up and pay at 7-Eleven • In this case. • Softbank created a joint venture with 7-Eleven. and Tohan to sell books and CDs on the Web.
.Ways of doing business
• Japanese customers prefer to pay using cash or cash transfer instead of credit cards. adding an intermediary helped gain customers.
. • Denial of access to citizens • Restriction of citizens’ access • Addition of taxes that place it out of reach The information provided on the Internet may be seen as objectionable or threatening to the culture or traditions of the country.Internet access
Some parts of the world have environments that are inhospitable to e-commerce.
Web pages marketed at the U. • Quebec provincial law requires street signs.
. A U. in English only are not allowed.Culture and the law
Some countries have strong cultural requirements that have found their way into the legal codes.S. directories. company that ships to France must provide pages in French. • In France all advertisements for products must be in French. billboards.S. and advertising created by Quebec businesses to be in French.
. • Regulations in some places have restricted the development to a point that Internet data packet traffic cannot be handled reliably. the telecommunication systems are government-owned or heavily regulated. page 347. • The paperwork needed for international transactions can be prohibitive.. resulting in different behavior by Internet users. See Figure 11-2. • Local connection costs may be much higher than in the U.Infrastructure issues
• In many countries.
Example: Amazon.com and publishers Two areas of concern: 8. Privacy rights
Not adhering to common ethical standards can result in a degradation of trust on the part of customers. Defamation 9.
A statement injuring the reputation of a product or service is called product disparagement. The line between justifiable criticism and defamation can be hard to determine.
A defamatory statement is one that is false and injures the reputation of another person or company.
. • The FTC issued a report that concluded Web sites were developing privacy practices with sufficient speed. • Privacy assumptions vary between cultures.Privacy rights
• Privacy issues remain unsettled and are hotly debated in many forums. • Responses from privacy advocacy groups were in sharp disagreement.
• Use the data collected to improve service. • Give customers the right to delete any of the data collected about them. • Tell customers what data is being collected and what you are doing with it.
. • Do not share customer data with outsiders without the customer’s permission.
Categories of issues: • Borders and jurisdiction • Jurisdiction on the Internet • Contracting and contract enforcement • Web site content
.The legal environment
Legal issues regarding e-commerce have only begun to be addressed.
Power 2. Effects 3. Legitimacy 4. Territorial borders in the physical world serve as notice that culture and laws may be changing.Borders and jurisdiction
Culture affects both laws and ethical standards. Notice
. The relationship between geographic boundaries and legal boundaries deals with four elements: 1.
• Laws in the physical world do not apply to people who are not located in or own assets in the area that created those laws.Power
• Some of the defining characteristics of a sovereign government are control over: – A physical space – Objects that reside in that space – People who reside in that space • The ability of a government to exert control over a person or corporation is called jurisdiction.
• Example: Trademark enforcement Two restaurants with the same name.Effects
• Laws in the physical world are based on the relationship between physical proximity and the effects of a person’s behavior. • Actions have a stronger hold on things nearby.
. one in Chicago and one in France.
• The right to create laws and enforce laws derives from the mandate of those who will be subject to those laws. Example: China and Singapore • Other cultures place severe restrictions on the authority of the government. • Some cultures allow their governments a high degree of autonomy and authority. Example: Scandinavian countries
• Borders provide this notice. • The perception that the laws and norms have changed is needed to allow people to adjust.
• Physical boundaries are an effective way to announce the ending of one legal or cultural system and the beginning of another.
and maintained by a programmer from India. services.Jurisdiction on the Internet
• Determining who has jurisdiction can be difficult. Example: Mexican customer dealing with a firm from Sweden. • A tort is an action taken by a legal entity that causes harm to another legal entity. hosted by a Canadian site.
. money). • A contract is an agreement between two or more legal entities that provides for an exchange of value (goods.
• If a person or organization wants to enforce their rights under contracts or seek tort damages. • A court has sufficient jurisdiction in a matter if it has both: – Subject matter jurisdiction – Personal jurisdiction. they must find courts that have sufficient jurisdiction.
federal taxes) • State courts deal with issues governed by states (Professional licensing. patent. copyright. state taxes) The rules are easy to apply for subject-matter.
. In the United States: • Federal courts preside over federal law (Bankruptcy.Subject-matter jurisdiction
Subject-matter jurisdiction is a court’s authority to decide the type of dispute.
• Personal jurisdiction is. • A court has jurisdiction if the defendant resides in the state in which the court is located. in general. determined by the residence of the parties in question. • An out-of-state person can submit to a court’s jurisdiction by signing a contract that includes a statement that the contract will be enforced according to the laws of a particular state.
• States can enact statutes that create personal jurisdiction over nonresidents conducting business or committing tortious acts in the state. • In many cases. the more likely a court will be to use a long-arm statute. • The more business conducted. • Courts are also assert jurisdiction when a crime or intentional tort has occurred. these laws are not clear with respect to e-commerce.
courts in the same way as long-arm statues. • In general.S. personal jurisdiction for foreign firms and persons is determined by U. • Businesses should consult an attorney for advice.
• The exercise of jurisdiction across national borders is governed by treaties between the countries. • Jurisdictional issues are complex and changing.
• Determining nexus can be difficult when a company conducts only a few activities in a state. • Nexus is similar to personal jurisdiction.Taxation and e-commerce
• A government acquires the power to tax a business when the business establishes a connection with the area controlled by the government. • Online companies may be subject to multiple tax laws from day one. This connection is called nexus.
• Transaction taxes: Includes sales taxes.Types of taxes
A online business is potentially subject to several types of taxes: • Income taxes: Levied by national. use taxes. and customs duties. Income and transaction taxes are most important.
. • Property taxes: Levied on the personal property and real estate used in the business. state. and local governments on the net income generated by business activities.
Federal income taxes
• In the U.S.S.. • A Web site maintained by a U.
.S. company must also pay federal income tax on income generated outside the U. (The law provides a tax credit for taxes paid to foreign countries).-based Web site generates income is subject to U. any increase in a company’s wealth is subject to federal taxation.S.S. • Any company whose U. federal income tax.
• Companies can accept orders and ship from one state to many other states and avoid nexus by using a contract carrier such as FedEx or UPS to deliver goods to customers.000 in the United States. • The number of taxing authorities is over 30.
.State and local income taxes
• Companies that do business in multiple local jurisdictions must apportion their income and file tax returns in each locality that levies an income tax.
S. Example: In NY large marshmallows are taxable since they are snacks but small ones are not since 319 they are food. • If a business ships to customers in other states. • There are 7500 U. it is not required to collect sales tax from those customers unless the business has established nexus with the customer’s state.
. sales tax jurisdictions and the rules about which items are taxable differ.Sales taxes
• Businesses that establish nexus with a state must file sales tax returns and remit the sales tax they collect from their customers.
and unambiguous. • An acceptance is the expression of willingness to take an offer. • An offer is a declaration of willingness to buy or sell a product or service with enough details to be firm. including all of its stated terms. a contract is created.
. precise. • When one party makes an offer that is accepted.Contracting
• Any contract includes an offer and an acceptance.
the seller accepts and a contract is made. • When the buyer submits an order. • Some examples of legally binding acceptances in the physical world: – Mailing a check – Shipping goods – Shaking hands – Taking an item off a shelf – Opening a wrapped package
.Contracting on the Web
• A seller advertising on the Web is not making an offer but inviting offers from potential buyers.
written contracts must be used for goods worth more than $500 and contracts requiring actions that cannot be completed with a year.Written contracts
• In the U.S. • Things that constitute a signature: – Faxes – Typed names – Printed names – Digital signatures
It must be clearly displayed. • Sellers can use a warranty disclaimer to avoid some implied warranties. • Sellers can create explicit warranties. • Statements in promotional material may create an implied warranty.Warranties
• Any contract for sale includes implied warranties.
Web site content
Legal issues can arise relating to the Web page content of an e-commerce site. These include: • Trademark infringement • Deceptive trade practices • Regulation of advertising claims • Defamation
• Example: A picture of a company (other than Pepsi) president holding a can of Pepsi. logo.
• Web designers must be careful not to use any trademarked name. • Manipulating trademarked images and placing them on a site can cause problems. or other identifying mark without the written consent of the trademark owner.
• Trademark dilution is the reduction of the distinctive quality of a trademark by alternate uses. • A firm cannot use a similar name. logo. or other identifying characteristic that causes confusion in the customer’s mind.Deceptive trade practices
• Web sites that include links to other sites must be careful not to imply a relationship with the company if there is none.
Thanks and Good Bye