Technology Infrastructure for Electronic Commerce - PowerPoint PPT Presentation

About This Presentation
Title:

Technology Infrastructure for Electronic Commerce

Description:

Technology Infrastructure for Electronic Commerce ... Before the Internet History of Commerce and Money Elements of payment systems The Start of the Internet ... – PowerPoint PPT presentation

Number of Views:67
Avg rating:3.0/5.0
Slides: 42
Provided by: seasGwuE8
Category:

less

Transcript and Presenter's Notes

Title: Technology Infrastructure for Electronic Commerce


1
Technology Infrastructure for Electronic Commerce
  • Olga Gelbart
  • rosa_at_seas.gwu.edu
  • THE GEORGE WASHINGTON UNIVERSITY
  • based on Prof. Lance Hoffmans Lecture on Network
    Infrastructure for Electronic Commerce

2
Snapshots of the Electronic Commerce World
  • Yesterday - EDI
  • Today - getting our toes wet, what this course is
    about
  • Tomorrow - Metadata, machine understandable
    information on the Web.
  • Catalog information
  • Intellectual property information
  • Endorsement Information
  • Privacy information
  • see www.w3c.org/pics and www.w3c.org/p3p

3
How Did We Get Here?
  • Before the Internet
  • History of Commerce and Money
  • Elements of payment systems
  • The Start of the Internet
  • Predecessor Networks
  • Timeline of Significant Events
  • The Internet Today
  • What is the Internet?
  • How Does the Internet Work?
  • Differences from Original Net
  • Differences from Traditional World Out There
  • The Internet in the Future

4
What is the Internet?
  • On October 24, 1995, the FNC unanimously passed a
    resolution defining the term Internet. This
    definition was developed in consultation with
    members of the internet and intellectual property
    rights communities. RESOLUTION The Federal
    Networking Council (FNC) agrees that the
    following language reflects our definition of the
    term "Internet". "Internet" refers to the global
    information system that -- (i) is logically
    linked together by a globally unique address
    space based on the Internet Protocol (IP) or its
    subsequent extensions/follow-ons (ii) is able to
    support communications using the Transmission
    Control Protocol/Internet Protocol (TCP/IP) suite
    or its subsequent extensions/follow-ons, and/or
    other IP-compatible protocols and (iii)
    provides, uses or makes accessible, either
    publicly or privately, high level services
    layered on the communications and related
    infrastructure described herein.
  • http//www.fnc.gov/Internet_res.html

5
The Internet - connections
  • Computers in the backbone connected by a (T3)
    data connection (45 megabits/second)
  • ISP hosts and other powerful computers
    connect using (T1,Broadband) lines
  • Leased lines (some businesses)
  • Modem dial-up connections
  • Cable modems
  • ADSL - Asymmetric Digital Subscriber Line

6
Internet features
  • Originally ARPAnet
  • MIT, MITRE, SRI, BBN
  • Distributed communications even with many failure
    points
  • Dissimilar computers exchange info easily
  • Route around nonfunctioning parts
  • 4 sites SRI, UCLA, UCSB, Univ of Utah
  • Hafner and Lyon, Where Wizards Stay Up Late,
    Simon Schuster 1996

7
Kahns Internet PrinciplesR. Kahn,
Communications Principles for Operating Systems.
Internal BBN memorandum, Jan. 1972.
  • Each network must stand on its own and no
    internal changes could be required to connect it
    to the Internet
  • If a transmission failed, try again
  • Simple black boxes (later called gateways and
    routers would connect the networks
  • No global control at operations level

8
The Internet - development
1962 Licklider, J.C.R., Galactic Network
memos Licklider - MIT to ARPA ARPANET and
successors open architecture networking 1970s
universities and other DoD contractors connect
packets rather than circuits (note many of the
names in the articles were graduate students
then) 1975 100 sites and e-mail is changing how
people collaborate Late 1970s New Packet
Switching Protocol Transfer Control
Protocol/Internet Protocol (TCP/IP) 1980 MILNET
takes over military traffic 1980s NSFNet links
together NSF researcgers, Internet protocols
incorporated into (BSD) Unix, a widespread
operating system Late 1980s NSFNet absorbs
original ARPANET (for a US university to get NSF
funding for an Internet connection, that
connection had to be made available to all
qualified users on campus, regardless of
discipline 1995 Commercial backbones replace
NSFNet backbone Usenet BITNET Commercial
Networks AOL, Compuserve, etc.
9
Federal Decisions that Shaped the Internet
  • Agencies shared cost of common infrastructure,
    e.g., trans-oceanic circuits
  • CSNET/NSF (Farber) and ARPA (Kahn) shared
    infrastructure without metering
  • Acceptable Use Policy - no commercialization.
    Privately funded augmentation for commercial uses
    (PSI, UUNET, etc.), thought about as early as
    1988 KSG conferences sponsored by NSF
  • NSF defunded NSF backbone in 1995,
    redistributing funds to regional networks to buy
    from now-numerous, private, long-haul networks
  • NSFNet 200M from 1986-1995

10
The Internet - Four AspectsLeiner, et al., A
Brief History of the Internet,
http//info.isoc.org/internet/history/brief.html
  • Technological Evolution
  • Packet Switching
  • Scale, Performance, Functionality
  • Operations and management of a global and complex
    infrastructure
  • Social Aspect - Internauts
  • Commercialization

11
Internet Development Timeline
From A Brief History of the Internet by B.
Leiner, et al., http//info.isoc.org/internet/hist
ory/brief.html
12
Excerpts from Hobbes Internet Timelineby
Robert H. Zakonhttp//www.info.isoc.org/guest/zak
on/Internet/History/HIT.html
  • 1957 Sputnik US forms ARPA
  • 1962 P Baran, Rand, On Distributed
    Communications Networks, packet switched
    networks
  • 1967 Larry Roberts first design paper on ARPAnet
  • 1969 ARPANet commissioned. First RFC.
  • 1970 ALOHANet (radio) connected to ARPANet in
    1972
  • 1971 Ray Tomlinson E-mail, BBN
  • 1972 Telnet specification (RFC 318)
  • 1973 File transfer specification (RFC 454)
  • 1977 Mail specification (RFC 733)
  • 1979 USENet newsgroups. First MUD.
  • 1981 CSNet
  • 1982 DoD standardizes on TCP/IP
  • 1983 Name server developed at University of
    Wisconsin users no longer need to remember exact
    path to other systems
  • 1983 Berkeley releases 4.2BSD including TCP/IP
  • 1984 DNS introduced. Now over 1,000 hosts
  • 1984 Moderated newsgroups on USENET
  • 1988 Internet worm affects 6,000 of the 60,000
    Internet hosts
  • 1990 EFF founded by Mitch Kapor
  • 1991 WWW released by CERN (Tim Berners-Lee,
    developer)

13
Growth of the Internet
From Hobbes Internet Timeline at
http//info.isoc.org. ...
14
How Internet Manages Change?
  • RFC process
  • W3C process
  • Now a proliferation of stakeholders
  • Debates over control of name space
  • Profits to be made and lost
  • Commercial vs. Other interests

15
Trends in Internet Applications
  • Internet TV (Web TV VIATV Videophone)
  • Voice over IP (VoIP)
  • Internet telephone
  • Internet dashboard (Alpine GPS, Windows CE in
    cars)
  • Wireless (WAP)

16
Needed in Electronic Commerce
  • Authentication
  • Privacy
  • Message Integrity
  • Non-repudiation

Adapted from Gail Grant
17
Authentication
  • Proving identity
  • Passports
  • Drivers licenses
  • Credit Cards
  • Doctors diplomas

Gail Grant
18
Privacy
  • Locks
  • Doors
  • Perimeter security
  • Castles

Gail Grant
19
M Y T H
20
R E A L I T Y
21
Message Integrity
  • Wax seals
  • Tylenol seals
  • Custom seals
  • US Mail

Gail Grant
22
Non-Repudiation
  • Handshake
  • Notary Public
  • Signatures
  • Contacts

Gail Grant
23
Electronic cash policy issues
  • anonymity
  • can lead to perfect crime
  • traceability (accountability)
  • security (no electronic muggings)

24
Certification Authority Functions
  • Accept applications for certificates
  • Verify the identity of the person or organization
    applying for the certificate
  • Issue certificates
  • Revoke/Expire certificates
  • Provide status information about the certificates
    that it has issued
  • But what do the certificates mean?

Adapted from Gail Grant
25
Who Will Be CAs?
  • Specialty firms (VeriSign)
  • Government agencies
  • Corporations (for employees)
  • Telecommunication companies
  • Banks
  • Internet Service Providers
  • Value-Added Networks (VANs)
  • Whom to trust?
  • Hierarchy vs web of trust

Gail Grant
26
Who Sells CA Products and Services?
  • Atalla Corporation
  • BBN Corporation
  • CertCo
  • Cylink Corporation
  • Entrust Technologies Inc.
  • GTE Corporation
  • IBM
  • Netscape Communications
  • VeriSign
  • Xcert Software Inc.

July 1997
Gail Grant
27
Legal Issues
  • Legislation
  • Responsibilities
  • Liability
  • International Usage
  • Certification Practice Statements

28
Business Issues for CAs
  • Business Models
  • Risks
  • Costs
  • In-House vs Out-Sourcing
  • Operational Considerations
  • Liability

29
Some Problems
  • Untrusted computer systems
  • Not all persons are trustable
  • Law not clear
  • Policy not clear
  • Sovereignty challenged
  • Cryptography policy
  • Anonymity
  • Confidentiality

30
Untrusted Computer Systems (then)Malware
Example The Internet WormShut down 6,000
machines, Nov 1988
25300
  • Tried three techniques in parallel to spread
  • Guess passwords
  • Exploit a bug in the finger program
  • Use a trapdoor in the sendmail program
  • Effects
  • serious degradation in performance of affected
    machines
  • affected machines had to be shut down or
    disconnected from the internet
  • Criminal justice
  • Perpetrator convicted January 1990 under
    1986Computer Fraud and Abuse Act sentenced to3
    years probation, 10,000 fine, and 400 hours of
    community service

31
Web-Based Computer Systems SURPRISE DISCLOSURES
OF PERSONAL INFORMATION, AND PROGRAM LAUNCHES
  • Cookies
  • JAVA (Applet security issues)
  • Microsoft
  • Word macro viruses
  • ACTIVE-X
  • QUICKEN surprise bank transfer
  • Web-based viruses
  • Browser vulnerabilities (recent Netscape 4.x --
    have to disable Java!)
  • A final surprise monitoring tools (e.g.,
  • SATAN) also used by the enemy

32
Who are trustworthy persons?
  • With everyone connected by networks, how do you
    know who to trust?
  • Trusted Third Parties
  • Certifying Authorities
  • Digital Signatures
  • Strong, Trustable Encryption
  • Distributed Architecture Smart Cards

33
LAW OF THE NET
  • Whose Law? Internet is not a monarchy,
    democracy, republic, or dictatorship rules and
    formalities are nonexistent
  • Jurisdiction, treaties, harmonization of
    definitions
  • CDA Example, Tennessee
  • Enforcement
  • Elected officials and their designees?
  • Internet Service Providers?
  • Vigilantes?
  • Anti-spam page http//www.dgl.com/docs/antispam.h
    tml
  • Agents Launched by Any of the Above?
  • Cancelbots
  • Netiquette?

34
Sovereignty Case study Cryptography Policy
18071
  • Government stalling, an impediment to
  • progress, or cautious reasoning to avoid chaos?
  • Constitutional issues- Law Enforcement-
    National Security
  • Privacy issues
  • Export policies
  • Jurisdictional "turf" issues

35
Issues in Cryptography PolicyPrivacy Issues
  • When should government have right tomonitor
    telecommunications?
  • What safeguards prevent abuse ofinformation
    obtained with taps?
  • Can a free society toleratehidden data with no
    accountability?

36
Clipper Chip Solution (Clipper I)
(adapted from White House briefing)
provides successor for DES provides law
enforcement solution
WARRANT
2
Key Escrow Holders
1
Law Enforcement Agency
Court
Commerce Dept., NISTTreasury Dept., Automated
Systems Div
Clipper Chip
Encryption device
37
THE FOUR HORSEMEN OF THE APOCALYPSE (CYPHERPUNKS
VERSION)
  • nuclear terrorists
  • child pornographers
  • money launderers
  • drug dealers

APPLICATION OF BLIND SIGNATURE TO A REAL CRIMEB.
von Solms and D. Naccache, Computers and Security
11, 6 (1992)reprinted in Hoffman, L. (Ed.),
Building in Big Brother, Springer-Verlag, 1995
38
WHAT IF UNBREAKABLE ENCRYPTION LEADS TO THIS?How
many times per year is acceptable?
19111
39
NAS/NRC CRYPTO POLICY REPORT HIGHLIGHTS
19892
  • Commercial use Should promote
    widespreadcommercial use of technologies that
    canprevent unauthorized access to electronic
    info
  • Exportation Should allow export of DES
    toprovide an acceptable level of security
  • Escrow Premature (Key recovery current
    proposal)
  • Classified material The debate on cryptopolicy
    should be open and does not requireknowledge of
    classified material

Total preliminary report at http//www.nap.edu/nap
/online/titleindex.htmlc
Cryptography's Role in Securing the Information
Society, 1996,National Academy Press, 2101
Constitution Ave. NW, Box 285, Washington DC
20055, (800) 624-6242
40
CURRENT ENCRYPTION LEGISLATION Highlights Full
Text at http//www.cdt.org/crypto/
19870
  • SAFE (HR 695)
  • Reps. Goodlatte (R-VA), Eshoo (D-CA)
  • Pro-CODE (S 377)
  • Sen. Leahy (D-VT), Burns (R-CO), Wyden (D-OR)
  • Audio and photo transcript and lots of
    information
  • from 3/19/97 hearing at
  • www.democracy.net/archive/03191997
  • Commonalities between SAFE and Pro-CODE
  • Prohibit government from imposing mandatory key
    escrow
  • No export license required for public domain or
  • generally available encryption software
  • (Draft Clinton administration legislation no
    warrant)

41
Building a Home Page to Sell Something
  • Just Building a Home Page
  • Now Making It Sell Something
  • What to Sell?
Write a Comment
User Comments (0)
About PowerShow.com