IS3037 5

1
IS3037 - 5

• Technologies for eGovernment
• Facilitating Transactions Participation

2
Transactions for What?

• Bill payments
• Online shopping / procuring
• Facility bookings
• Appointment reservations
• Voting
• Searching
• Complaints/feedback
• Updating personal information

3
What Kind of Information is Involved?

• Financial
• Account details (including balance)
• Personal information (including passwords)
• Amounts
• Shopping
• Lists of products, prices, charges
• Bookings
• Location, time/date, restrictions

4
Interface Issues

• Drop down boxes.
• Check boxes and radio buttons.
• Language choices.
• Text boxes.
• Colours.
• Assumptions about software configuration, screen
  resolution, access speed and browser.
• Win95 and Netscape 7.1 not supported
• Assumptions about access speed.

5
Interface Issues

• Look and feel
• Do all egov websites look feel the same?
• Do they look feel comfortable?
• Is there a consistent navigation experience?
• Does the search function provide useful results?
• Can users access websites through their preferred
  channel web, phone, pda
• What about accessibility for the blind, deaf, ?

6
Input Devices

• Text
• PC/Notebook Keyboard
• Phone/PDA (SMS)
• Smart ID Card
• ID
• Digital Certificate
• Chinese
• Supplementary character sets

7
Information Processing

• Interactive Processing
• As soon as you submit the data, it is processed
  and databases are updated.
• Batch Processing
• The data is collected together from many users,
  then processed at the end of the day/week/month
• Which processing type is appropriate? Why?

8
Application Issues 1

• What technology is used to programme the
  applications?
• There are many languages, e.g.
• html, xml/xsl, php
• Developing the applications is not easy but it
  is also not the focus of this course.
• Analysing the application context and designing
  the system is in many ways more critical.

9
Application Issues 2

• How should we build a system?
• We need requirements
• From users?
• From existing systems?
• From designers?
• How do we test if the system is OK?
• Technical testing (for bugs, functionality, etc.)
• User testing
• Do the users like it?
• Do they use it?!

10
eGovernment on a Shoestring?

• Costs
• Depend on
• The technology used
• The sophistication of the applications
• The frequency of updates
• Maintenance
• Human costs
• Can be as high as you like, or as low.

11
Examples of Technology Applications/Systems

• www.ets.com.hk E-Tendering System
• www.esdlife.com G2C Portal
• E-Forms (200 online 1500 download/print)
• www.info.gov.hk/forms
• www.business.gov.hk G2B Portal
• www.urbtix.gov.hk Ticketing Portal
• www.gets.gov.hk G2B Gov eTrading Services

12
More examples

• wedding.esd.gov.hk
• www.hkedcity.net
• Online tax return form
• Booking sports facilities
• Smart ID Card Appointment booking
• Checking exam results

• Online chats/forums
• E.g. on the wedding channel
• eVoting
• But not yet in Hong Kong
• Change of address to different govt departments

13
Security (www.infosec.gov.hk)

• Authentication - proof of identity of the parties
  in an electronic transaction
• Integrity - proof that the message contents have
  not been altered, deliberately or accidentally,
  during transmission
• Non-Repudiation - proof of agreement of the terms
  of transactions and prevention of denial of
  commitment and
• Confidentiality - protection that the content and
  information of a transaction is kept private and
  secret from unauthorised third parties.

14
Digital Certificates (e-cert)

• E-certs and m-certs
• Digital signature has the same legal status as a
  hand-written signature
• Can be used to authenticate the online identity
  of subscribers and provide a secure and trusted
  environment for the conduct of online
  transactions

15
Security Single Key Encryption

• One key used by sender and receiver to encrypt
  and decrypt information.
• Security problems
• If the key is lost or stolen
• Keys need to be exchanged frequently
• Single key is fast, but not good for secure
  transactions

16
Security Two-Key Encryption PKI Public Key
Infrastructure)

• PKI uses two keys public and private
• Each sender receiver has both.
• Public key available for anyone online.
• Private key only held by the owner.
• Encryption with either, but decryption with the
  other one.

17
For Example

• I want to send a message to my friend Gary and I
  want to be sure that only Gary can read it. I
  encrypt the message with Garys public key Gary
  must use his private key to decrypt it.
• Gary wants to be sure that I sent the message. He
  encrypts a message to me with his private key I
  must open it with his public key.
• Using a private key to encrypt a message is
  called using a digital signature.

18
Authentication

• I have to be sure that you are who you say you
  are.
• If I am a merchant, I want to be sure that the
  customer is who s/he says s/he is.
• Can I trust the sender?
• Who else could I trust?

19
Certification Authorities

• All public keys can be verified by a
  certification authority (CA). The verification
  could involve information from an ID card,
  driving licence, etc.
• The CA may in turn need to be certified,
  particularly if the CA is not well known, is
  based in a foreign country, etc.
• Certificates usually have an expiration date.

20
CAs

• In Hong Kong, the Post Office is the main CA.
• There are two others.
• Internationally, VeriSign is a major CA.
• Can you trust the CA?

21
Protocols

• Rules and procedures that govern the way a
  process occurs
• SSL and SET are two major EC protocols
• Secure Sockets Layer
• Secure Electronic Transactions

22
SSL

• Mostly commonly used protocol in EC
• Used for message encryption
• Netscape and IE both support SSL
• Credit card numbers, text, addresses, names, etc.
• SSL uses single key encryption so not very
  secure
• https// - indicates SSL.

23
SET

• This is a more complex protocol that incorporates
  digital signatures, certification, encryption and
  a payment gateway with banks
• First set up in 1996 by Visa and MC.
• Until recently not used much as few people had
  e-certs, but should become more popular.

24
Resources

• PHP
• http//www.php.net/docs.php
• XML/XSL
• http//www.xml.com
• HTML
• http//www.w3.org/markup