Electronic Commerce

Yong Choi

School of Business

CSU, Bakersfield

Definition of EC

• Electronic commerce (EC) is an emerging concept that describes the buying and selling of products, services and information via and the Internet and computer networks (EDI).

• E-Business?

History of EC

• 1970s: Electronic Funds Transfer (EFT)– Used by the banking industry to exchange account information over

secured networks

• Late 1970s and early 1980s: Electronic Data Interchange (EDI) for e-commerce within companies– Used by businesses to transmit data from one business to another

• 1990s: the World Wide Web on the Internet provides easy-to-use technology for information publishing and dissemination– Cheaper to do business (economies of scale)

– Enable diverse business activities (economies of scope)

Why business is interested in EC?

• Not just save cost and increase productivity– Paper check Vs. E-check

• Change the nature of competition– Etrade.com / Amazon.com

• Create new businesses– Citrix.com / Priceline.com

Ecommerce infrastructure

• Information superhighway infrastructure– Internet, LAN, WAN, routers, etc.

– telecom, cable TV, wireless, etc.

• Messaging and information distribution infrastructure– HTML, XML, e-mail, HTTP, etc.

• Common business infrastructure– Security, authentication, electronic payment,

directories, catalogs, etc.

E-COMMERCE BUSINESS MODELS

5-6

Some examples

• B2B: GM and suppliers (SCM)

• B2C: Amazon

• C2B: Priceline

• C2C: ebay

• G2C: Paying tax, Vehicle registration

• B2G: Lockheed (prodcuts/services to DoD)

8

Intranet

• A private version of the Internet

• Use TCP/IP

• A network that uses a Web Browser as a universal applications client and that is accessible only by individuals within a particular enterprise

Public/ExternalInternet Users

Intranet

Clients

ServersERP

Legacy systems

E-mail servers

Web servers

Databases

Firewalls

9

The Intranet (cont.)

10

Extranet

• A collection of Intranets (known as extended Intranet)

• Also use TCP/IP

• A network that links business partners to one another over the Internet by tying together their corporate intranet

11

Enterprise

ConsumersSuppliers

Clients

Business Partners

Distributors

VPN

Internet

Intranet

Extranet

IntranetIntranet

Intranet

Intranet

VPN VPN

VPN

VPN

RemoteEmployees

The Extranet (cont.)

12

E-Commerce Security

• Cryptography– Encryption and decryption of

information

• Secret Key (symmetric) Cryptography

• Public Key (asymmetric) Cryptography

• Digital Signature

Cryptography• Any information (such as order) in cyberspace

must be delivered securely using cryptography technology.

• History of Cryptography

• Rewrite contents (encryption) so that they cannot be read without key

– Encrypting function: Produces encrypted message – Decrypting function: Extracts original message

• Method– Secret key Cryptography– Public key Cryptography– Digital signature

14

Secret Key Cryptography

• Use a single key– Key: a set of random numbers to encrypt/decrypt

information

• Known as symmetric encryption or private key encryption

• The same key is used by sender and receiver• Easy to use, suitable when only two distinctive

parties are involved• Less secure (than public key cryptography),

when many parties are involved

15

Secret Key Cryptography (symmetric)

Scrambled Message

Original Message

Sender

InternetScrambled Message

Keysender (= Keyreceiver)

Encryption

Original Message

Receiver

Keyreceiver

Decryption

16

Public Key Cryptography

• Use a pair of key (public and private)• Known as asymmetric encryption • The public key

– Known to all authorized users

• The private key– Known only to key’s owner

• Easy to use, more secure (than secret key cryptography), suitable when many parties are involved

• Requires sharing of both keys

17

Sender

Original Message

Scrambled Message

Scrambled Message

Public Keyreceiver

Original Message

Receiver

Private Keyreceiver

Internet

Public Key Cryptography Mechanism

Message

18

Digital Signature

• Public key cryptography problem

– Receiver cannot ensure that a message is actually coming from sender. • Hussein’s subordinate can send a fake

message using Hussein’s email system - which looks originated from real Hussein - to Bush.

19

Digital Signature

• Goal

– Guarantee that message must have originated with a certain entity (increase security)

• Idea

– Encrypt digital signature with private key– Decrypt digital signature with public key

• Only owner of private key could have generated original signature

Sender

Original Message

Scrambled Message

Scrambled Message

Private Keysender

Original Message

Receiver

Public Keysender

Internet

Digital Signature

DigitalSignature