The Internet, Intranets, and Electronic Commerce

1
The Internet, Intranets, and Electronic
Commerce

• Chapter 3

2
Overview

• Electronic networks are groups of computers that
  are connected together electronically.
• They make it possible for companies to
  conveniently assemble transaction data and
  distribute information across multiple physical
  locations.

3
Overview

• Networks are sometimes classified according to
  the distance they span.
• Local area networks (LANs) are networks that span
  a single site, such as a building or a group of
  buildings that are in close proximity to one
  another.
• Metropolitan area networks (MANs) span a single
  city or metropolitan area.

4
Overview

• Wide area networks (WANs) are networks of
  computers that span at least two metropolitan
  areas.

5
Learning Objectives

• Explain the history of the Internet and how it
  works.
• Describe intranets and explain how they are made
  secure.

6
Learning Objectives

• Explain client-server technology and how it
  applies to electronic financial transactions.
• Describe various approaches to securing
  electronic financial transactions.

7
Learning Objective 1

• Explain the history of the Internet and how it
  works.

8
The Internet

• What is the Internet?
• It is an electronic highway, consisting of
  various standards and protocols, that allows
  computers to communicate with each other.
• During the 1960s the U.S. government was in
  search of a means of maintaining military
  communications in the event of a nuclear war.

9
The Internet

• The RAND Corporation came up with two
  suggestions
• The network should have no central
  command-and-control center.
• The network should be able to operate in tatters
  from the very beginning.

10
The Internet

• The earliest practical version of the Internet
  was created in the early 1970s by the Pentagons
  Advanced Research Projects Agency (ARPA).
• It was called ARPANET.
• Other networks such as Bitnet, MILnet, and NSFnet
  sprang up.

11
The Internet

• They adopted a common set of communications
  protocols called TCP/IP (Transmission Control
  Protocol/Internet Protocol).
• Transmission Control Protocol (TCP) is a protocol
  for dividing electronic messages into packets
  of information and then reassembling these
  packets at the end.

12
The Internet

• Internet Protocol (IP) is an addressing protocol
  that assigns a unique address to each computer on
  the Internet.
• Every computer or user on the Internet needs an
  IP address to communicate with other computers.
• What is a fixed IP address?

13
The Internet

• It is an IP address that is permanently assigned
  to an individual, client, or server.
• What is a dynamic IP address?
• It is an IP address that is temporarily assigned
  to a user while he or she is accessing the
  Internet.
• What is a domain name?

14
The Internet

• It is an alias that can be used in place of the
  IP address.
• What are domain name servers?
• They are electronic phone books that associate
  domain names with IP addresses.

15
Learning Objective 2

• Describe intranets and explain how they are
  made secure.

16
Intranets

• What is an intranet?
• It is a self-contained, in-house internet.
• The entire intranet may be completely invisible
  or unavailable to outsiders.
• The intranet may be available to outsiders only
  after they are properly authenticated.
• Extranets exist when the intranets of two or more
  companies are linked together.

17
Intranet Security Issues

• What is a firewall?
• It is a combination of hardware and software that
  limits access to information on the companys
  servers from the rest of the world.
• Firewalls can also filter packets based on their
  content or destination.

18
Intranet Security Issues
The Internet
Corporate Intranet
Network Computers
Firewall
19
Intranet Security Issues

• What is a spoof?
• It is a type of hacker attack in which the
  attacker assumes a false identify such as a
  false IP address.
• What are additional layers of defense?
• encryption
• access limits through password control

20
Intranet Security Issues

• What is an encryption?
• An encryption uses a password or digital key to
  scramble a readable message into an unreadable
  message.
• What are proxy servers?
• They serve as filters for all outgoing requests
  for information.
• They are used on the inside of the firewall.

21
Learning Objective 3

• Explain client-server technology and how it
  applies to electronic financial transactions.

22
Commerce on the Internet

• The Internet can be used to transmit almost any
  kind of information between two points.
• What is a server?
• It is a robot-type program that constantly runs
  on some computers and exchanges information with
  clients.

23
Commerce on the Internet

• What is a client?
• It is a program that accesses and exchanges
  information with a server.
• A great many of the business transactions that
  occur on the Internet take place in
  client-server environments.
• Why?

24
Commerce on the Internet

• Being robots, servers dont get paid by the hour
  and dont require fringe benefits.
• Servers can deal with hundreds of users (clients)
  at one time.
• Servers can be accessed at any time of day,
  anywhere in the world, with no per-minute
  communication charges.

25
Types of Servers

• There are many kinds of servers on the Internet
• mail servers
• file servers
• Web servers
• commerce servers

26
Types of Servers

• What are mail servers?
• They act as electronic mailboxes that hold
  incoming electronic mail until the users client
  program requests it.
• Electronic mail (e-mail) messages are normally
  addressed according to the following form
• username_at_domain_name

27
Types of Servers
Mail Server
Receivers Mail Client
Senders Mail Client
Message Receiver
Message Sender
Receivers Mail Server
Senders Mail Server
The Internet
28
Types of Servers

• What are file servers?
• They allow authorized clients to retrieve files
  from libraries of files that exist on remote
  computers.
• The most common protocol for file serves is
  called FTP.
• A file server that uses this protocol is called
  an FTP server.

29
Types of Servers

• What is a Web server?
• It is a server that allows a user (client) to
  access documents and run computer programs that
  reside on remote computers.
• All Web clients automatically read and interpret
  HTML (hypertext markup language).

30
Types of Servers
World Wide Web Document on Server in Chicago
Hyperlink
World Wide Web Document on Server in San Diego
World Wide Web Document on Server in Tokyo
Hyperlinked Documents
31
Types of Servers

• What are Commerce servers?
• They are specialized types of Web servers with
  various commerce-related features.
• What are some of these features?
• support for the secure electronic transaction
  (SET) protocol
• support for specialized types of client and
  server authentication

32
Types of Servers

• support for interfacing with external programs
• enhanced security features
• on-line credit card or bank verification

33
Types of Servers
Encrypted Communication Link
Bank
Order/Payment Information
Commerce Server
Consumers Client
Verify Payment
Internet
Product Information and Order Verification
34
Types of Servers
Commerce Server
Corporate Accounting System
Order File
Shipping
Goods Shipped to Customer
35
Electronic Payment Systems

• The Internet has created demand for specialized
  types of payment systems.
• What are some of these systems?
• traditional electronic bill payment systems
• traditional credit card systems
• secure electronic transaction (SET) systems
• virtual cash systems

36
Learning Objective 4

• Describe various approaches to securing
  electronic financial transactions.

37
Security for Electronic Transaction

• Encryption technology is essential for electronic
  commerce.
• What are three types of encryption systems?
• Secret-key encryption
• Public-key encryption
• Digital envelopes

38
Security for Electronic Transaction

• What is a secret-key encryption?
• It is an encryption method in which the same key
  is used for both encryption and decrypting a
  message.

39
Security for Electronic Transaction

• What is a public-key encryption?
• It is an encryption method that uses two keys in
  association with each encrypted message, one key
  to encrypt the message and another key to decrypt
  it.

40
Security for Electronic Transaction

• What is a digital envelope?
• It is an encryption method in which the message
  is encrypted with a secret key, and the secret
  key is encrypted with the recipients public key.
• This method is sometimes referred to as
  double-key encryption.

41
Double-Key Encryption
Recipients Public Key
Random Message Key
Encrypted Message Key
Public-Key Encryption
Private-Key Encryption
Message
Ciphertext
42
Double-Key Encryption
Recipients Private Key
Encrypted Message Key
Message Key
Public-Key Decryption
Private-Key Decryption
Ciphertext
Message
43
Digital Signatures

• A digital signature occurs when someone encrypts
  a message with his or her own private key.
• Anyone can then use that persons public key to
  verify that it was in fact encrypted by that
  person.

44
Digital Signatures

• What is a hashing function?
• A hashing function takes a long variable-length
  string of characters and converts it into a short
  fixed-length string.
• There are many standard hashing functions
  available.

45
Digital Signature Creation
Senders Private Key
Hashing Algorithm
Digital Signature
Public-Key Decryption
Hash of Message
Message
46
Verification of Digital Signature
Hashing Algorithm
Hash of Message
Verify Signature
Message
Digital Signature
Public-Key Decryption
Senders Public Key
47
Digital Time-Stamping

• In order to ensure the validity of electronic
  documents over time, there needs to be some way
  to attach trusted dates to them.
• What is a digital time-stamping service (DTS)?
• It is an organization that adds digital
  time-stamps to documents.

48
Digital Time-Stamp Procedure
Attach date and time, then digital signature
Message
Digital Time Stamp Service
Date and Time
Digital Signature
Message
49
Verification of Digital Time-Stamp
Verify Match
Message
Hash Message and Date and Time
Hashed Message and Date and Time
Date and Time
Digital Signature
Decrypt DTSs Signature with DTSs Public Key
Decrypted Digital Signature
50
Security Issues for Public-Key Encryption Systems

• What is cryptanalysis attack?
• It involves various techniques for analyzing
  encrypted messages for purposes of decoding them
  without legitimate access to the keys.
• The simplest possible attack on a message is the
  guessed plaintext attack.

51
Security Issues for Public-Key Encryption Systems

• The whole security of public-key encryption
  depends on the assumption that an attacker cannot
  factor the product of two large prime numbers
  (factoring attack).
• The best way to prevent cryptanalysis and
  factoring attacks is to use very long keys.

52
Security Issues for Public-Key Encryption Systems

• In practice, public-key encryption systems are
  most likely to be attacked at the key-management
  level.
• A well-designed control system must place
  considerable emphasis on protecting private keys.
• What are some ways of protecting private keys?

53
Security Issues for Public-Key Encryption Systems

• creating and distributing keys
• digital certificates
• certificate revocation list (CRLS)
• certificate chains
• certificate-signing units
• key expirations

54
Electronic Commerce and Encryption Technology

• What is digital cash?
• It is money created when a bank attaches its
  digital signature to a note promising to pay the
  bearer some amount of money.
• What is blinding?
• It is a technique in which a bank issues digital
  cash in such a way the it is unable to link the
  payer to the payee.

55
Electronic Commerce and Encryption Technology

• What is a blinded digital signature?
• It is a digital signature and related digital
  cash that have been issued with blinding.

56
Computer Software and Computer Card Systems

• What is an electronic wallet?
• It is a computer program that keeps track of the
  various keys and items of information associated
  with digital money.
• What are smart cards?
• They are hand-held electronic cards that are used
  for payments.

57
Computer Software and Computer Card Systems

• What are the four types of smart cards?
• Memory cards
• Shared-key cards
• Signature-transporting cards
• Signature-creating cards

58
End of Chapter 3