Electronic Commerce
Yong Choi
School of Business
CSU, Bakersfield
Definition of EC
• Electronic commerce (EC) is an emerging concept that describes the buying and selling of products, services and information via and the Internet and computer networks (EDI).
• E-Business?
History of EC
• 1970s: Electronic Funds Transfer (EFT)– Used by the banking industry to exchange account information over
secured networks
• Late 1970s and early 1980s: Electronic Data Interchange (EDI) for e-commerce within companies– Used by businesses to transmit data from one business to another
• 1990s: the World Wide Web on the Internet provides easy-to-use technology for information publishing and dissemination– Cheaper to do business (economies of scale)
– Enable diverse business activities (economies of scope)
Why business is interested in EC?
• Not just save cost and increase productivity– Paper check Vs. E-check
• Change the nature of competition– Etrade.com / Amazon.com
• Create new businesses– Citrix.com / Priceline.com
Ecommerce infrastructure
• Information superhighway infrastructure– Internet, LAN, WAN, routers, etc.
– telecom, cable TV, wireless, etc.
• Messaging and information distribution infrastructure– HTML, XML, e-mail, HTTP, etc.
• Common business infrastructure– Security, authentication, electronic payment,
directories, catalogs, etc.
E-COMMERCE BUSINESS MODELS
5-6
Some examples
• B2B: GM and suppliers (SCM)
• B2C: Amazon
• C2B: Priceline
• C2C: ebay
• G2C: Paying tax, Vehicle registration
• B2G: Lockheed (prodcuts/services to DoD)
8
Intranet
• A private version of the Internet
• Use TCP/IP
• A network that uses a Web Browser as a universal applications client and that is accessible only by individuals within a particular enterprise
Public/ExternalInternet Users
Intranet
Clients
ServersERP
Legacy systems
E-mail servers
Web servers
Databases
Firewalls
9
The Intranet (cont.)
10
Extranet
• A collection of Intranets (known as extended Intranet)
• Also use TCP/IP
• A network that links business partners to one another over the Internet by tying together their corporate intranet
11
Enterprise
ConsumersSuppliers
Clients
Business Partners
Distributors
VPN
Internet
Intranet
Extranet
IntranetIntranet
Intranet
Intranet
VPN VPN
VPN
VPN
RemoteEmployees
The Extranet (cont.)
12
E-Commerce Security
• Cryptography– Encryption and decryption of
information
• Secret Key (symmetric) Cryptography
• Public Key (asymmetric) Cryptography
• Digital Signature
Cryptography• Any information (such as order) in cyberspace
must be delivered securely using cryptography technology.
• History of Cryptography
• Rewrite contents (encryption) so that they cannot be read without key
– Encrypting function: Produces encrypted message – Decrypting function: Extracts original message
• Method– Secret key Cryptography– Public key Cryptography– Digital signature
14
Secret Key Cryptography
• Use a single key– Key: a set of random numbers to encrypt/decrypt
information
• Known as symmetric encryption or private key encryption
• The same key is used by sender and receiver• Easy to use, suitable when only two distinctive
parties are involved• Less secure (than public key cryptography),
when many parties are involved
15
Secret Key Cryptography (symmetric)
Scrambled Message
Original Message
Sender
InternetScrambled Message
Keysender (= Keyreceiver)
Encryption
Original Message
Receiver
Keyreceiver
Decryption
16
Public Key Cryptography
• Use a pair of key (public and private)• Known as asymmetric encryption • The public key
– Known to all authorized users
• The private key– Known only to key’s owner
• Easy to use, more secure (than secret key cryptography), suitable when many parties are involved
• Requires sharing of both keys
17
Sender
Original Message
Scrambled Message
Scrambled Message
Public Keyreceiver
Original Message
Receiver
Private Keyreceiver
Internet
Public Key Cryptography Mechanism
Message
18
Digital Signature
• Public key cryptography problem
– Receiver cannot ensure that a message is actually coming from sender. • Hussein’s subordinate can send a fake
message using Hussein’s email system - which looks originated from real Hussein - to Bush.
19
Digital Signature
• Goal
– Guarantee that message must have originated with a certain entity (increase security)
• Idea
– Encrypt digital signature with private key– Decrypt digital signature with public key
• Only owner of private key could have generated original signature
Sender
Original Message
Scrambled Message
Scrambled Message
Private Keysender
Original Message
Receiver
Public Keysender
Internet
Digital Signature
DigitalSignature