information architecture to discuss digital certificates e ...cbothma.co.za/ecsam/chap7.pdf ·...
TRANSCRIPT
E-COMMERCE ARCHITECTURE
173
C H A P T E R
7
E-COMMERCE
ARCHITECTURE
nnnnn To briefly discuss
selected topics such as
TCP/IP, packet-switching,
clients and servers,
firewalls, proxy servers
and related technology
matters
nnnnn To examine the
information architecture
underlying e-commerce
Web sites
nnnnn To discuss digital
certificates
nnnnn To look at various
security issues, including
SSL and SET
nnnnn To briefly discuss the
question of digital cash
nnnnn To understand the virus
threat on the Net
Chapter Objectives
http://www.
eco
mm
erc
eb
oo
k.c
o.z
a
CHAPTER SEVEN
174
1. Architecture? Are we building houses now?
One of the frustrations managers face when building an e-commerce site isunderstanding the technology that must underpin it. Too often, managers allow the localIT or Web specialist to dominate or control the building of the e-commerce Web sitebecause they feel at a disadvantage when it comes to the terminology and technologiesinvolved. And so it is that the IT/Web guru finds him- or herself in a position of powerbecause e-commerce Web sites are to some extent technological tools, and they are theonly ones in the company that understand this technology.
Unfortunately, it is seldom the case that the IT or Web specialist understands thestrategic functioning of the company and it is not uncommon, therefore, for the emphasisto shift to the underlying technology rather than to the business case for the site inquestion. This can be fatal for the firm’s venture into e-business. Every e-commerce sitemust be backed by a solid business case and the technology should only be used toachieve business objectives.
A basic understanding of the architecture underlying Web sites is therefore very usefulfor managers responsible for their organisation’s Web site. It will allow you to becomemore confident when discussing technical issues with your ‘techies’.
What this chapter attempts to do is to address the some of the technology issuesinvolved in building a Web or e-commerce site.
2. TCP/IP
Perhaps the first aspect of the Web that managers need to understand, is that theeffective operation of the Internet, as well as of Intranets and Extranets, is based on aset of global standards or protocols known as TCP/IP, standing for Transmission ControlProtocol/Internet Protocol. This is actually two communications protocols put togetherwhich allow computers from different manufacturers with completely differentspecifications and with different operating systems such as DOS, Windows, Macintoshand UNIX, to coexist peacefully with one another on the Internet.
This protocol incorporates an open set of standards that govern communicationsbetween all computers connected to the Internet (indeed, TCP/IP is even today beingused in local area networks - LANs). TCP/IP is an agreed-upon set of rules that dictatehow information should be broken down into tiny packets of information or data, as wellas how they should be sent (or routed) across the multiple networks found on theInternet. Part of this set of instructions involves a built-in error-checking capability. OtherInternet protocols, such as FTP, Gopher and HTTP, sit on top of TCP/IP. To communicateusing TCP/IP, a PC needs a set of software components called a ‘TCP/IP stack’ (a stackis built into Windows 95/98 and other popular operating systems).
E-COMMERCE ARCHITECTURE
175
3. Packet-switching
Packet-switching technology is one of the reasons why the Internet has proved to be sosuccessful and robust. The principle of operation is as follows; the information that is to be sentalong the Internet is divided by the sending computer into many small packets of information.Certain additional information is then added to each packet to define the beginning and end,and how it must be reassembled by the receiving computer. The information added to eachpacket includes the Internet address of the target computer and instructions on how thatparticular piece of information fits in with all the others.
Each packet of information is then sent onto the Internet and gets relayed or routed fromcomputer to computer until it eventually reaches the target computer. The computers along theway act as relay stations or routers. When they receive the packet, they immediately search outthe next best route along which to send it on its way. Each packet of information may travel acompletely different path over the Internet until it eventually reaches the target computer.
If a particular packet of information either does not reach the receiving computer, or is corruptedalong the way, the receiving computer simply sends an instruction back to the sendingcomputer to retransmit that particular packet. In the ‘old days’ wheninformation was sent from one computer to another, it had to be sentas one long data stream; if the transmission was interrupted orcorrupted in any way, the information was lost and the transmissionwould have to start all over again. This new packet-switching system isvery reliable and robust, adding to the Internet’s overall attractivenessas a communication and information exchange.
Figure 7.1: Packet-switching technology
Packets
of data
Data stream
to be sent
Data stream
received
Data Target
computer
addressDescription of how
this data packet fits
together with the rest
of the data stream
Information to be
sent is broken down
into small packets of
data onto which are
added the target
computer’s address
and instructions on
how the data fits
together
Data packetsreceived are put
together usingthe instructions
that are sentwith each
respectivepacket of data
SENDING
COMPUTER
RECEIVING
COMPUTER
A single
packet of
data
THE INTERNET
“TCP/IP – The rules
that rule the net.”
Mayur Kamat
7
CHAPTER SEVEN
176
4. Clients and servers
This is the basis upon which many Internet applications operate.
A client is a technical term for a software program (or application) that resides on yourcomputer. Its function is to provide a user-friendly, graphic interface which allows you tointeract with software programs on remote servers on a network. If you requireinformation from a computer somewhere else on a network that you are part of, youinteract or interface with the server using the client program. The client requests theserver to supply you with the information or data you require.
The server program is usually written in unfriendly programming code but is designed todo the ‘donkey-work’ quickly and effectively. The server then returns the requestedinformation to the client software.
Figure 7.2: Clients and servers
5. Web servers, Web clients and browsers
All Web sites around the world are hosted on (i.e. located on) Web servers. A Webserver is a computer that has Web server software installed on it and which ‘serves up’Web pages. In fact, what the Web server does is to transmit the underlying HTML codeto a Web client. A Web client is a software program - more commonly called a Webbrowser - that is installed on a user’s machine. The most commonly used Web browserstoday are Netscape Communicator and Microsoft’s Internet Explorer.
The Web browser then translates the HTML code into the text, graphics and otherelements of a Web page that you see on your computer screen. The Web serversoftware also acts as intermediary between Web clients/browsers and the back-endsystems that exist in your company, such as databases, proprietary applications, andenterprise resource planning and decision management systems, etc.
Network
serverNetwork
user
Server
application
Client
program
Does the ‘donkey work’
and serves up software,
data and peripherals
Provides a user-friendly
graphic interface for
individuals to interact with
E-COMMERCE ARCHITECTURE
177
Figure 7.3: Companies, ISPs and getting Web pages onto the Net
6. Intranets/Extranets/Internet
A useful way of describing the difference between the Internet, Extranets and Intranets,is to look at the people that have access to them. The public uses the Internet, businesspartners and selected staff (e.g. sales staff) have access to Extranets, while the Intranetis for internal staff only. Intranets do not have to be physically restricted to a singlegeographic location. It is quite feasible to have an Intranet that spans the globe, as in thecase of a multinational company for example, as long as it is only accessible to staff -see figure 7.4.
Figure 7.4: Intranets/Extranets/Intranets
Business Benefits:
• Reduce time to market• Lower costs
• Enhance quality• Gain competitive advantage
Technology Drivers:• Electronic messaging
• Workgroup collaboration
• Process automation• Browser-based paradigm
Your Electronic
Marketplace
Internet
Your Business
Partners
ExtranetIntranet
Your Company
Business Benefits:• Better manage supply chain
• Tighten partner integration• React quickly to changing
• Market conditions
Technology Drivers:
• Internet-based EDI• Secure network access
• Legacy system integration
Business Benefits:• Increase revenue
• Expand market share• Develop new markets
• Improve customer service
Technology Drivers:
• Electronic catalogs• Content management
• Secure payments• Robust servers / databases
7INTERNET
Company
networkDiginet
ISDN
Modem
Satellite
Internet
Service
Provider
Web site
hosted with
ISP
Internet
Service
Provider
AND/OR
Internet
user
Internet
user
Internet
userInternet
userInternet
user
Internet
user
Individual
users
Company
network
Diginet
Web pages served up by server
to users’ browsers
Modem
ISDN
Satellite
CHAPTER SEVEN
178
Intranets
An Intranet refers to the use of Internet technology within a closed environment, forexample within a company. It can be defined1 as a “set of content shared by a well-defined group within a single organization.” With an Intranet, a company can make all ofits information available to company employees and to its branches around the countryand even overseas. With its ability to store vast amounts of multimedia information andwith all the other benefits inherent in the Internet and the World Wide Web, an Intranetcan be used to share sales material, price lists and other company documents; shareproduct presentation material; create a searchable database of customer, market,competitor or industry information; conduct marketing strategy meetings; and providepolicy and other guidelines, for employees to use.
The power that such an Intranet offers a company, especially a small firm, istremendous. While a company with only two employees may not need an Intranet, assoon as a number of people are working together sharing information and data, anIntranet can bring about a competitive advantage. Information, databases anddocumentation are updated centrally, and immediately made available to all employeesand branches. They, in turn, can interact with the system, either adding to the databasesthemselves or sending information to a central point to be updated. The total size andvalue of Intranets is eventually expected to be many times bigger than that of the Internetand represents enormous business opportunities for the astute entrepreneur.
Extranets
Extranets enable companies to take their private networks or Intranets to their businesspartners. An Extranet can be defined2 as a “set of content shared by a well-definedgroup, but one that crosses enterprise boundaries.” Like Intranets, Extranets arerestricted networks but the focus is outward rather than inward. Instead of shuttling dataamong employees, Extranets facilitate secure business-to-business collaborationbetween independent but related entities, such as between a company and itscustomers, suppliers and business partners, via the Internet. This is generally achievedby creating a secure communications ‘tunnel’ within the framework of the Internet thatenables these external business partners to access selected information on a firm’sIntranet - see figure 7.5.
Figure 7.5: Extranets – enabling secure business-to-business communications
INTERNET
Extranet
Your
firm
Secure virtual
environment
within the
Internet space
• Suppliers
• Customers
• Business partners
E-COMMERCE ARCHITECTURE
179
Extranets have begun to overtake proprietary systems like EDI as a way of expandingthe firm’s business systems to include those of its close partners and selectedcustomers. Companies build Extranets to save money, and estimates suggest that anExtranet can cut as much as 60% off traditional communication costs such as telephone,fax or snail mail.
Extranets need to be flexible and scalable both in terms of their adaptation to businessneeds and their speed of deployment. At the same time they need to be secure and mustbe focused on meeting user needs, providing mission-critical resources to partners andcustomers, and driving essential information to both internal and external users anddecision-makers. Extranets save time and manpower because customers can servethemselves by placing orders, checking stock levels or troubleshooting problems.Extranets also pay off by fostering relationships and collaboration between companiesand their customers via the interchange of information and the development of products.
An Extranet can be little more than a Web site with password protection or it can be partof a virtual private network (VPN) where encryption tools are used to keep intruders outof a ‘private’ section of the Internet.
Internet
When we speak about the Internet, we refer to the public Internet. This is the virtualrealm that everyone has access to.
7. Routers
A router is a networking or traffic-managing device3 that is connected to a network andwhich determines the next point on the network to which a packet of data should betransmitted on the road to the target computer - its final destination. A router must beconnected to at least two further network pathways in order to route the data packetalong the most reliable of the two or more routes. In this context, the Internet is simplyviewed as a very large network and routers work exactly the same way on the Net asthey would in a traditional networking environment.
A router maintains a table of available routes and their conditions (whether they areoperational, their reliability, etc.) and it then combines this information with distance andcost algorithms to determine the most cost-effective and fastest route between twonetwork points.
7
CHAPTER SEVEN
180
Figure 7.6a: Routers
Figure 7.6b: Routing information across the Internet
8. Firewalls
Firewalls are perhaps one of the most important ways of protecting your private localarea network (LAN) from outside attack. A firewall is commonly a hardware/softwaresolution to prevent outside persons penetrating your secure areas, although a firewallcan also be a software-only solution.
How a firewall works is that when a message is received from outside (off the Internet), itis received first by one communication system or device - this could be a separatecomputer, a TCP/IP networking card within a server or a software-driven solution. This
Internet
user
Internet
userWeb
server
THE
INTERNET
ROUTER - THE LINK BETWEEN THE
WEB SERVER AND THE INTERNET
Web pages
‘served up’
to users
Internet
user
Router
Router
Router
Router
Router
Router
Router
Router
Router
RouterRouter
Router
Web
serverWeb
server
ROUTING INFORMATION
ACROSS THE INTERNET
E-COMMERCE ARCHITECTURE
181
system/device then checks the message or incoming information for viruses and otherpredetermined factors (for example, is the incoming message/file/data attempting toaccess certain sensitive files on the server or is the incoming file of a particularundesirable type?).
If everything is OK, then the message is ‘passed on’ to a second server or internal TCP/IP networking card and only then does it become accessible to internal network users.Where exactly a firewall is positioned, depends on the company. Some firewalls arelocated between the Web server and the public Internet. Such firms usually only allowrestricted use of their Web site. Other companies may position a firewall behind theirWeb server, but before their LAN. Their Web site is seen as public domain, while thefirewall is mainly used to protect the internal network. Figure 7.7 highlights this ‘passingon’ feature of a firewall.
Figure 7.7: Firewalls
9. Proxy servers
A proxy server, also known as a proxy gateway or application layer gateway, is a type offirewall and is represented by a computer that sits between a network user and theInternet. Its task is to provide security, administrative control and a caching service tospeed up the information exchange and to ensure that network users only access certainpermissible information on the Net.
7
Internet
userInternet
user
Internet
user
Internet
user
Internet
userInternet
user
Network
user
Network
user
Network
user
Network
user
Network
user
Network
user
Local
Area
Network
LAN
THE
INTERNET
Web
server
Firewall
server
Secure Public
Two separate TCP/IPnetwork cards
Firewallsoftware
To/fromInternet
To/fromNetwork
CHAPTER SEVEN
182
The proxy server is essentially a Web server with a control, caching and filtering function.When a proxy receives a request to download a Web page from a network user, theproxy will first determine whether the page may be accessed or not. If so, the proxy thenexamines its cache - a storage area of previously accessed Web pages - to see whetherthe page in question hasn’t already been downloaded. If it has, the proxy server thenserves up the cached (saved) page, rather than downloading the page again from theInternet. This speeds up the whole Web-interaction process by delivering commonlyaccessed pages from its hard-drive rather than downloading the pages off the Internet.
Not only are response times reduced, but the proxy can also log transactions between itand network users, providing a degree of management control over what network usersare doing on the Internet.
Proxy servers also provide a filtering and validity-checking service on requests receivedfrom outside users. In some cases, they may be programmed not to allow certain Webpages to be transmitted out onto the public Internet. These pages may only be forinternal use or may be available for selected external users and will only be permitted tobe transmitted if a request is received from an authorised external user. In addition,some proxies run virus detection programs on incoming packets of data.
Figure 7.8: Proxy servers
10. Internet infrastructure
Before we delve into the architecture that underpins most e-commerce Web sites, it isworth briefly looking at the various layers of infrastructure that support the Internet4 - seefigure 7.9. These are outlined on the following pages:
Internet
userInternet
user
Internet
user
Internet
user
Internet
userInternet
user
Network
user
Network
user
Network
user
Network
user
Network
user
Network
user
Local
Area
Network
LAN
THE
INTERNET
Web
server
Proxy
server
Secure Public
Typical proxy tasks
• Virus checking
• Limiting access from inside to particular Web
sites
• Limiting access from outside to particular files
on the network
• Caching commonly accessed Web pages
E-COMMERCE ARCHITECTURE
183
Figure 7.9: Layers of Internet infrastructure
Layer 1 – The Internet infrastructure layer
This layer includes those companies and the products and services they represent thatare necessary to make the Internet work. They include:
n Internet backbone providersn Internet service providersn Networking hardware/software companiesn PC and server manufacturersn Security vendorsn Telecommunications companies
Layer 2 – The Internet applications infrastructure layer
This layer includes the companies and individuals, as well as the software and services,that are necessary to enable e-commerce to take place. It includes:
n Internet consultantsn Internet commerce applicationsn Multimedia applicationsn Web development softwaren Search engine softwaren Online trainingn Web-enabled databases
7
Layer 4:
E-commerce applications
Layer 3:
Cybermediaries
Layer 2:
Applications
Layer 1:
Internet infrastructure
CHAPTER SEVEN
184
Layer 3 – The Internet intermediary layer
These are the third-party companies - the cybermediaries - that bring other companies orinformation together within a single online environment or community. This layerincludes:
n Vertical market makersn Online brokeragesn Cybermediariesn Content aggregatorsn Portals and content providersn Internet banner brokersn Online advertisers
Layer 4 – the Internet e-commerce layer
This layer includes all the other companies that are involved one way or the other inconducting Web-based commerce, be it simply advertising products or transacting sales.
11. E-commerce architecture
E-commerce architecture can take many different forms. Every company differssomewhat from the next and the way they implement their e-commerce solutions willdiffer as well. In most cases, however, there is some commonality in the broad structureof most e-commerce architecture models. If we refer to figure 7.10, we can see thate-commerce solutions generally consist of five basic tiers.5
1. Client front-end
The first (depending where you start) is the client front-end. In the e-commerceenvironment this will almost always be Web browser-based. The front-end could berepresented by either (or both) internal users (in the case of an Intranet) or (and) externalusers (in the case of an Internet or Extranet e-commerce solution).
2. Web gateway
The second tier in the architecture is the Web gateway usually consisting of one or moreWeb servers. These servers serve up the Web pages, information and data that arerequested on the client side. Where a company is running a transaction e-commercesite, storefront and shopping cart programs, as well as a transaction facility, form part ofthe Web site structure (we discuss this in more detail below).
E-COMMERCE ARCHITECTURE
185
3. Server layer
The third tier in the architecture is the workgroup and application server layer. Theseservers interface with the legacy systems* , organising, collecting and synchronising userrequests for legacy database information or requests to run legacy-based applicationprograms.
4. Legacy systems
The fourth tier in the architecture is the actual back-end legacy* systems. These fall intotwo categories. The one comprises legacy databases such as product catalogues, pricelists, inventory databases, customer profiles, financial records, etc. The other has to dowith the procedural business programs - the applications that you use to run your firm,including order processing, invoicing, account payments, financial information andmanagement systems, decision support systems, etc.
5. Security
A fifth tier might be considered to be the security layer, consisting of firewalls and proxyservers that lie between the Web gateway and company’s internal networks.
Figure 7.10: Basic e-commerce architecture
What we have sketched above, is a very broad, general e-commerce architecture, withinwhich many variations exist. However, there are two e-commerce solutions that need tobe expanded upon. The first is the example of a fully integrated business-to-businesse-commerce solution, while the second deals with the architecture facilitating onlinetransactions.
Web
browser
Web
server
Application
servers
Database
servers
Legacy
databases
Legacy
applications
Firewalls &
Proxies
THE
INTERNET
Legacy
back-end
Server
layer
Web
gateway
Security
layer
Client
front-end
LAN
* The term “legacy” is somewhat ambiguous and context sensitive. It generally refers to older types of IT systems andapplications that are mainframe-based and written in Cobol. However, it also sometimes refers to more recent server-basedtechnologies and applications whch may already have been displaced by newer systems.
7
CHAPTER SEVEN
186
Internet
Business-to-business e-commerce
In this scenario, we have a situation where a company works together with its customers,suppliers and business partners to integrate, automate and synchronise their respectiveback-end business systems using the Internet infrastructure and protocols to achieve thisobjective. Figure 7.11 provides an example where two companies work together to gettheir respective order generating, order processing, inventory control, manufacturing andpayment systems to interface with each other.
The end result will generally be a seamless system, without any client interface beingnecessary (a client interface, after all, suggests a manual process). This automation andintegration is no different from the EDI model we mentioned in Chapter 6, except that ituses Internet-based technologies rather than proprietary means, to achieve thisintegration.
How companies go about integrating their information systems with those of theirbusiness partners will vary dramatically. Companies use vastly different combinations ofoperating systems, applications and databases, and these must be made to ‘talk’ to eachother. Outlining a specific route to follow is therefore not possible. It is important,however, that such integrated systems include the following key attributes6 :
n Scalability - they need to grow seamlessly with the businessn Reliability - they need to be able to auto-detect malfunctions or non-responses
and to allow appropriate steps to be taken.n Flexibility and dynamism - solutions must be able to change as the organisation’s
requirements changen Inter-enterprise capability - this is clearly important in a business-to-business
solutionn Easy accessibility - solutions must be able to communicate with multiple systems
of differing architecture such as PDAs, Internet telephones, cell phones, etc.n Modularity - this allows for reusability and easier maintenance of solutions in an
already complex worldn Systems should also be able to leverage native Web technologies
Figure 7.11: A basic business-to-business e-commerce architecture
Extranet
Your firm
Desktop computers
LAN
TCP/IP
Web
gatewayDatabase
servers
Application
servers
Suppliers/Customers/Business partners
Desktop computers
LAN
TCP/IP
Database
servers
Application
servers
Web
gateway
Databases
Customer
Inventory
Financial
Product
Price lists
Procedural
Order entry
Account payments
Decision support
system
Reservation systems
Databases
Customer
Inventory
Financial
Product
Price lists
Procedural
Order entry
Account payments
Decision support
system
Reservation systems
Back-end legacy systems Back-end legacy systems
Integrated
Automated
Synchronised
E-COMMERCE ARCHITECTURE
187
Transactional e-commerce
The second type of e-commerce solution is a transactional one. Here the architecture isaimed at facilitating shopping, selecting goods and enabling payment for goods chosen.It is commonly found in business-to-consumer e-commerce sites, although it is quitepossible that this type of transactional architecture also forms an integral part of thebusiness-to-business model described above.
If we refer to figure 7.12, we see that the architecture comprises several parts. Theseinclude a Web server, storefront software, a product catalogue, a shopping cart program,management tools which track user preferences, activities and transactions, and atransaction facility. Some of these elements may reside on separate servers or they mayall be packaged into a single e-commerce solution. Whichever option you choose willdepend on the size of your business and your resources. For small companies, manyISPs offer e-commerce services that you can simply plug into.
The likely development route for a company is to have its own Web server and topossibly plug into the e-commerce services supplied by their ISP. As their onlineactivities grow, the firm may install their own e-commerce solution which may initially behosted on the same machine as the Web server. As online business increases, the firmmay install a second server just to handle the e-commerce tasks (the shop front, theshopping basket, transactions, etc.). Finally, as online sales hopefully continue to grow,they may install additional servers each to undertake a specific e-commerce task, or theymay install a second e-commerce and/or Web server that duplicates all of theinformation; requests are then shared between these two (or more) servers.
Figure 7.12: A basic transactional e-commerce architecture
In the following sections, we briefly discuss each of the above-mentioned e-commercecomponents.
7
MULTI-NODAL
E-COMMERCE
TRANSACTION
SOLUTION
Transaction
server
Inventory
database
Customer
database
Accounting
system
BACK-END
LEGACY
SYSTEMS
Product
catalogue
Integration
with
back-end
systems
Storefront &
shopping cart
Web
server
THE
INTERNET
CHAPTER SEVEN
188
Storefront software
This is a software solution comprising a variety of templates and wizards which walk youthrough the construction of your online store. It helps you build a shopping interface foryour customers. All storefront software will allow you some flexibility in the design of yourshopping interface. The more flexibility they allow, the easier they will be to use. Theirability to integrate with other Web development software is also important.
Customer registration
For most companies it will be necessary to create an online form that allows thecustomer to register with them. In this process, the customer’s details are recorded andadded to a database. It is quite possible that at this early stage, the customer’s creditcard details are also recorded in order to facilitate the subsequent processing of orders.The storefront software should allow for the easy creation of the registration form and theediting of this information at some later date. The customer’s personal information willalso be displayed at the time an order is confirmed by the customer to ensure that thecorrect details are used.
A customer registration facility implies a customer database. This may be a separatedatabase which is maintained only to facilitate online registration and login by customers,but it could serve as a valuable marketing tool and it therefore makes sense to integratethis registration/login database with your back-end customer profile database.
Personalisation of interface
It is becoming common to allow the customer to personalise the storefront interface.After all, if the customer wants to be kept informed of specials on cool drinks orchocolates, then this should be permissible. Some virtual storekeepers prefer not toallow personalisation because they will not have control over what information ispresented to the customer. As more and more sites compete in the same marketspace,so you will increasingly see personalisation becoming available. Whatever route youchoose, the storefront software should allow the customer some degree ofpersonalisation.
Customer access authorisation
Once the customer has registered, there needs to be a mechanism for them to logineach time they want to access the virtual store. Their login details will be comparedagainst their registration details and if in order, they can continue. This represents anadded form of security both for the vendor and customer.
Product catalogue
The next step is for the customer to either browse certain categories of products or tosearch for a specific product. This is a dynamic part of the storefront commonly called
E-COMMERCE ARCHITECTURE
189
the product catalogue and should be database driven and searchable. The merchant canadd new products to the database and can edit information filed about a particularproduct. The editing and presentation facilities of the product catalogue are veryimportant.
The product catalogue should allow for multimedia elements, such as graphics, picturesand in some cases, even for audio and video segments, to be included. In addition, itshould be possible to view a whole list of products in a table format, as well as to viewmore detailed information on each individual product. Such information might include aproduct name, a detailed description, prices, discounts, pictures and an option topurchase the product(s) in question. The product catalogue may stand on its own, or inthe case of larger companies with business-to-business e-commerce sites, will probablybe integrated with the firm’s back-end inventory management systems.
Associated with the product catalogue, is a shopping cart program that enables thecustomer to select one or more items from the catalogue.
Shopping cart
As customers search through the product catalogue and find something they like, it isimportant to make it easy for them to select a product to buy, to change the number ofitems of each product they wish to purchase, to see individual and cumulative pricing, andto delete a product they have decided not to buy. This is where shopping cart softwarecomes in.
This is software that basically keeps track of what your customers select from your productcatalogue, at the end of which they complete an order by submitting their contactinformation and credit card details.7 At all times, the shopping cart software should allowcustomers to add multiple items to their cart, to view what they have selected and to makechanges to their selection if they so wish. Up to this point no security is necessary, as nopersonal information is required as yet.
In the case, where a merchant is running a real-time credit card authorisation service, theshopping cart software passes the customer over to a secure electronic transactionservice, where the authorisation takes place. When authorisation or credit card informationhas been obtained, the customer is passed back to the shopping cart software which thengenerates a receipt for the customer and supplies the customer with whatever informationis still required to fulfil the order. The software should at least keep track of all transactionsin a text file (but not the credit card details, of course).8 In this regard, it serves as avaluable marketing tool and audit trail.
The passing of information between the shopping cart software and the transaction serveris a common point of failure and it may be useful if your shopping cart generates an e-mailwhich is sent to you, letting you know that an order is pending. If the process is notcompleted, you can follow up with the problem. You also need to concern yourself withwhat happens if the customer logs off in the middle of a transaction, or the connectionbetween the customer and your server fails. It might be that the product(s) that thecustomer has selected have already been marked off on the inventory list, but notransaction has taken place. This would result in a mismatch between sales and inventory.
7
CHAPTER SEVEN
190
The transaction process
When the customer has decided that they have what they want, they then push a‘Purchase’ or ‘Buy’ button that passes them over to a transaction service. This is asecure part of the Web site. There are different ways of dealing with the transactionprocess. It may be handled entirely manually or it may be automated. Secure ElectronicTransaction (or SET) is another way of handling payments using credit cards, although ithasn’t yet taken off in South Africa (or in the rest of the world for that matter) - SET isdiscussed later in this chapter.
In the case of manual credit card processing, the merchant would require the credit carddetails from the customer. The customer submits this information to the merchant usingSSL encryption (essentially the information being sent to the merchant by the customeris encrypted - more about SSL later in this chapter). When the information reaches themerchant, it is automatically decrypted. The merchant then manually processes thepurchase order and credit card information, either by calling the credit card company toobtain authorisation, or by means of an electronic Point-of-Sale (POS) machine like theones you see in a restaurant.
Alternatively, the merchant’s transaction server handles the authorisation automatically.In this instance, as soon as the merchant’s transaction server receives the credit carddetails from the customer, it automatically dials up the payment authorising and settlingnetwork to obtain authorisation. This is the same network that sits on the other side ofthe POS machine, run by the major credit card companies. The only difference betweenthe manual and automated process is that the latter requires additional programming andintegration between the merchant’s transaction server and traditional payment network.
Once the payment has been authorised, the transaction server passes the informationback to the shopping cart program, which then issues a receipt to the customer.Alternatively, if the payment is not authorised, a message to this effect is sent to thecustomer.
Integration
Considerable programming may be necessary to get the shopping cart software, productcatalogue, back-end inventory systems and transaction processes to communicate witheach other. If you are using different products for each of these tasks, expect a lot ofwork to be required on the integration side. In fact, one of the biggest tasks facingdevelopers of e-business solutions, is the integration of the e-commerce front-end withlegacy systems, such as the inventory-, customer-, payment- and financial databases, inplace within the firm. You will need to give these issues a lot of thought if you intendbuilding your own e-business solution. There are companies that sell bundled products,however, although some tweaking may still be necessary.
E-COMMERCE ARCHITECTURE
191
Shared solution?
Many hosting companies today offer shopping cart software and a transaction service aspart of their hosting package. This represents an affordable solution for smaller firms andmay be as simple as embedding some scripting into the HTML of your online productcatalogue. In this instance, you may not have full control over how the shopping cartinterface looks, nor may all the features be available to you.
Reliability
If you are running your own e-commerce server, or even if you use the services of anoutside hosting organisation, one of the major concerns you will have is the faulttolerance of your machines. Ensuring that your Web and e-commerce servers are rocksolid in reliability is a costly matter and there are several ways of tackling the problem.The solution can be found in fast back-up, fault tolerant servers and server clusters.9
Back-up
Fast back-up involves backing up data to a tape, CD or externaldisk-array on a very regular basis so that information can quicklybe retrieved when things go wrong - this needs to be in place inall instances.
Fault tolerance
A fault tolerant server is a single machine that comprises severalredundant parts, including dual processors, disk arrays, Rambanks, power supplies, etc. This allows the server to continuefunctioning if any one of its components fails.
Server clusters and redundancy
A server cluster is a small network of two or more identical machines that share all dataand transactions in a way that if one dies, the other takes over while alerting a technicianof the problem - this is called redundancy. Most clusters also employ load-balancing sothat traffic is shared between the various servers or, alternatively, each of these serversmay fulfil a particular task in order to share out the workload. Server clusters may benecessary as the demand on your e-commerce servers increases.
Tuning and load balancing
Most e-commerce Web sites will probably perform adequately for some time. Hopefully,however, a time will come when the demand on the system exceeds the capacity for thesite to handle all the enquiries and transactions. Indeed, it has happened in the past thata site, which has just been launched, falls over because of the unexpected demand onthe system by customers.
“If you take bad
management and
strategic concepts
and stick them
online, they’re still
bad. But now they’re
electronic.”
Glenn Rifkin, Author
- Radical Marketing
7
CHAPTER SEVEN
192
Recently, Sony launched its PlayStation II. Their plan was tosell this machine over the Internet and they created ane-commerce Web site to handle enquiries and transactions.What they didn’t foresee was the tremendous demand for thisproduct and within the first few hours as many as 600 000potential customers visited the Web site, many of themwanting to buy the new machine. The site was not built tohandle this volume of traffic and it simply crashed, sending thered-faced Sony back to the drawing board.
Of course, this type of situation arises very seldom. Indeed, many of us would like thisproblem to befall us. Nevertheless, it is good practise to plan for the situation where thedemand on a system increases to the point where the system can no longer cope.
As demand increases, so server performance begins to decrease. Web pages aredelivered with an increasing amount of delay and often pages are not available at all.Customers become frustrated with the poor performance and they stop visiting the site andso traffic eventually disappears. Clearly, this is not good news for any online company.
1. Recently, a U.S. company - a firm solidly entrenchedin the online e-commerce world, experienced morethan ten hours of downtime. The market reacted sonegatively to this situation, that the company’s shareprice fell by more than 15%.
2. Dell Computer Corporation estimates that a one-hour glitch in service can cost the companyUS$ 580 000.10
Are you going to sell products or services or deliver digital content?
How are you going to advertise products?
Will you use auction software or a type of storefront?
How many products will you make available to customers?
How much detail on each product will you provide?
What back-end systems do you need to integrate into the e-commerce site?
What databases will you be integrating with?
What skill-sets are available in-house?
What services will you outsource?
E X A M P L E
E X A M P L E
C H E C K L I S T
E-COMMERCE ARCHITECTURE
193
12. Digital certificates
A digital certificate (also known as a cert or Digital ID) is essentially an electronic file thatcan be installed on a Web server or incorporated into an individual user’s Web browser.Similar to an ‘online passport’, a digital certificate is a credential, issued by a trustedauthority, that individuals or organisations can present electronically to prove theiridentity or their right to access information.
When a user attempts to access a secure Web site, their Web browser will verify theInternet address of the Web site as it is stored in the digital certificate accompanying thesite in question. It also verifies that the current date precedes the expiry date. If not, theywill receive a warning message. Once a Web site recognises you through yourcertificate, it can customise Web pages and merchandise according to your interests.And you don’t have to do a thing - it all happens in seconds, automatically. It also takesonly a few minutes to obtain a digital certificate.
Digital certificates are issued by a number of recognised international verificationorganisations, called Certificate Authorities (CAs) such as VeriSign Inc. or RSA DataSecurity Inc. and, in South Africa, the South Africa Certification Authority (SACA). Thesetrusted third-party organisations will verify a company’s identification and then issue adigital certificate to a particular company in respect of their Web server (or Web site), orto an individual user for use in conjunction with their respective Web browser. Thecertificate is usually valid only for a fixed period of time and needs to be renewedregularly. This digital certificate can be verified by other user’s browsers, and basicallyconfirms that Web sites (or rather the companies running Web sites) or particularindividuals, are who they appear to be.
Digital certificates employ an advanced public key cryptography system - known aspublic key infrastructure (PKI) - which does not involve the more traditional use of sharedsecret keys. Rather than using the same key to both encrypt and decrypt data, a digitalcertificate uses a matched pair of keys that uniquely complement each other. When amessage is encrypted by one key, only the complementary key can decrypt it.11
Technically, digital certificates bind an identity to a pair of electronic encryption keys - aprivate key and a public key - that can be used to encrypt and sign digital information. Inpublic key cryptography systems, when your key-pair is generated, you keep one keyprivate. This key is called the ‘private key’ and nobody other than you, as the rightfulowner, should ever have access to it. However, the matching ‘public key’ can be freelydistributed as part of a digital certificate. You can share your digital certificate withanyone and can even publish your certificate in directories. If someone wants tocommunicate with you privately, they use the public key in your digital certificate toencrypt information before sending it to you. Only you can decrypt the information,because only you have your private key.12
7
CHAPTER SEVEN
194
Conversely, you can use your key pair to digitally sign a message. To sign a message,you simply encrypt the message with your private key. The message can be decryptedusing the public key contained within your certificate. While many people have access toyour certificate, only you could have signed the message, because only you have accessto your private key.
A digital certificate makes it possible to verify someone’s claim that they have the right touse a given key, helping to prevent people from using fake keys to impersonate others.Used in conjunction with encryption technology, digital certificates provide a completetamper-proof, security solution, confirming the identity of one or all parties involved in atransaction, and cannot be forged.
There are basically two types of digital certificates that are important when buildingsecure Web sites; namely server certificates (also know as Secure Server IDs) andpersonal certificates.
Server certificates are normally issued to Web servers that run e-commerce applications,but can be issued to any type of Web server. Server certificates let visitors to your Website authenticate your identity so they can feel secure that they are communicating withyou and not some rogue site impersonating you. Server certificates are a must foranyone building an e-commerce site or a site designed to exchange confidentialinformation with clients, customers, or vendors. Most server certificates incorporate new,powerful 128-bit encryption technology, secure enough to make it acceptable for banksto use.
Personal certificates are issued to individual Web users or to smaller Web sites/serversrequiring a lower level of security. They authenticate a user’s or Web site’s identity toothers (including to merchants) and may restrict access to specified content to particularvisitors. You can also use personal certificates to send secure e-mail or private accountinformation - this is a common reason for individuals to purchase personal certificates.Personal certificates are perfect for business-to-business communications such asoffering your suppliers and partners controlled access to sensitive parts of your Web siteto update or access information.
Digital certificates are based on common Internet standards and satisfy the followingsecurity issues:
n They authenticate that their holders - people, Web sites, and even networkresources such as routers - are truly who or what they claim to be
n They provide integrity by keeping the communication intact once it’s created andensuring that data exchanged online is free from theft or tampering
n They ensure confidentiality by keeping the content of an online communicationsecret from unauthorised readers
n They provide proof of all parties approval after a transaction ensuring that norepudiation of a transaction can take place
n They eliminate the need for multiple passwords and user certificates for you toremember
n When you use a digital certificate, Web sites set up to accept digital certificatescan authenticate your identity and log you in automatically in one step, withoutleading you through the registration process again
E-COMMERCE ARCHITECTURE
195
n They enhance your security - your certificate can’t be guessed, forgotten,intercepted, or forged
n They enable you to send and receive secure e-mail using most popular e-mailprograms, including Netscape’s Messenger and Microsoft’s Outlook
Bear in mind, though, that a digital certificate does not guarantee that a Web siterepresents a reputable firm, only that they are who they say that they are. In the case ofbusiness-to-business e-commerce, it is likely that the Web servers or Web sites of all theorganisations involved will have digital certificates that identify themselves to the othercompanies.
13. E-commerce security issues
Security is clearly a major concern for most companies embracing e-commerce on theInternet. For some companies such as banks, insurance companies, stock brokers andcompanies with extensive online payment systems, security may be of even moreconcern. Big companies can expect to spend large amounts of money in ‘safe-proofing’their e-commerce sites. But all companies will at least want to know who is accessingtheir data and when, and will also want to have some form ofaudit trail, particularly in the case of online transactions.
Who’s likely to attack you?
Although attacks on computer systems don’t occur often, they remainissues that e-commerce managers must concern themselves with. The problem is thatwhen they occur, such attacks can be very harmful. They can destroy valuable data, costtens of thousands of rands in time and effort to rectify, and they might even put yourmission critical information in the hands of your competitors.
Unfortunately, the tremendous reach of the Internet has also placed your systems asclose as the computer screen of nearest malicious hacker, bored computer geek anddetermined business spy. In other words, the intruder does not have to be physicallyclose to your system. At the same time, it is important to be aware that an intruder couldbe an employee or an employee of one of your business partners. For this reason, ascompanies move into the realm of fully integrated e-business operations, they need to beequally concerned with the security and integrity of their staff and partners.
Besides for business malice where someone is intent on penetrating your system to stealyour competitive information, there are other threats that you face. These include:
n General malice - someone is intent on penetrating your system to do your firm, ora person in your firm, harm
n Ignorance - someone unwittingly downloads a virus or leaves a password foranyone to see
n Acts of God - the water overflows on the floor above onto your computers
“Web Security: How
much is enough?”
Vance McCarthy
7
CHAPTER SEVEN
196
What harm can they do you?
Assuming an individual or competitor gains access to your e-commerce site, thequestion is “what harm can they do you?” Well, the nine basic threats to Web sites asoutlined by the Open Users Recommended Solutions (OURS) consortium13 , are asfollows:
n Data destruction - loss of data on a Web site (through accident or malice) and theinterception of traffic (unencrypted or encrypted) going to or coming from the Website (using special sniffer programs, hackers can tap the telecommunications linebetween your internal systems and the Internet and between the Internet andyour partners)
n Interference - the intentional re-routing of traffic or the flooding of a local Webserver with inappropriate traffic in an attempt to cripple or crash the server
n Modification/replacement - altering of data on either the send or receive side of aWeb transmission; such changes, whether they are accidental or not, can bedifficult to detect in large transmissions
n Misrepresentation/false use of data - entering false credentials, passwords, orother data when completing e-forms, for example, or alternatively, the creation ofa bogus or counterfeit home page to intercept or attract traffic away from theintended destination (not only can people pretend to be legitimate users, butcomputers can pretend to be your computer system - called spoofing)
n Repudiation - an after-the-fact denial that an online order or transaction tookplace, resulting in lost revenues for your firm
n Inadvertent misuse - accidental but inappropriate actions by approved usersn Unauthorised altering/downloading - any writing updating, copying, etc.,
performed by a person that has not been granted permission to conduct suchactivity
n Unauthorised transactions - any use by a non-approved partyn Unauthorised disclosure - viewing of Web information by an individual not given
explicit permission to have access to this information
What needs protecting?
The following six areas of your computer networkingactivities require protection:
n The hardwaren The softwaren The datan The peoplen The procedures you usen Your communications with the outside world
What should you do?
Internet security is always a trade-off between free use of computers on the network,versus the protection of the network against abuse from outside. After all, the only safecomputer is a disconnected computer. For this reason, the time and money spent on
E-COMMERCE ARCHITECTURE
197
securing your network must be weighed against the likelihood of penetration and thevalue of any data if it were to be stolen - what do you stand to loose and how eagerwould your competition be to steal your information
It is important for e-managers to think through what-if scenarios and to map threats toappropriate protection technologies. You should consider both technical and non-technical solutions. Often, it is the secure procedure that offers the best protectionagainst outside attack. Being aware of threats and acting responsibly is the best counter-measure. Whatever action you take, it is essential to evaluate the cost-benefit trade-offs.
When operating on the Internet, your firm’s efforts should be focused on three mainareas:
n The security of your internal network (Intranet) from outside attack, including fromviruses
n The security of information and data that is shared between two or morecomputers via the Internet
n The security of any transactions undertaken on the Internet
The Open Users Recommended Solutions (OURS) consortium14 suggests a number ofactions to take to protect your firm against security threats and these are discussed onthe following pages.
Authentication
Authentication is about checking whether the person or company you are dealing withactually is who they say they are. Firstly, make sure you institute user-ID authentication,be it passwords, call-back systems or challenge/response tokens (either hardware cardsor PC-resident software versions). This is particularly important for e-commerce siteswhere update and write privileges can be obtained from a remote PC through a browser.
Another form of authentication is represented by digital certificates. We said earlier that adigital certificate is issued by a number of recognised international verificationorganisations (CAs). These digital certificates can be verified by your browser and theyessentially confirm that the companies running the Web site they are associated with,are who they say they are and are secure.
Password protection
Password protection is an important preventative measure that is often ignored, not onlyfor the system as a whole, but on an individual level as well. Make sure your staff usepasswords and that they are secure, hard to break and kept safe. Passwords are oftenthe first and most critical line of defence. Security education is something that very fewcompanies do and yet costs very little and could save your company a lot of hassle downthe line. Implement a security policy and publish it on the Intranet. Make sure thateveryone reads the document (make them sign for it). What is more, ensure that yourWeb server has its own digital certificate and only deal with other online organisationsthat have valid certificates themselves.
7
CHAPTER SEVEN
198
Authorisation
The next level in the security process is to put into place procedures that will enable youto authorise users of your Web site. This is where the network makes sure that peopleare who they say they are and then grants special access privileges. Typical approachesinclude access control lists, authorisation certificates, and directory services. It helpsprotect having your Web content modified without your knowledge/permission, as well asagainst unauthorised access to sensitive Intranet documents or legacy data. Ensure thatthere are various levels of access and that only a selected few people be granted thehighest level access (to system files). Remember, however, it is often the most lowlyemployee that wittingly or unwittingly lets in the intruder.
Data integrity control
Integrity control helps you ensure the integrity of the data itself, rather than the user. It isabout ensuring that the message received is the same as the one originally sent (or hasit been altered or corrupted along the way?). The two main methods used are encryptionand message authentication which can ensure that a message has not been altered onits way to the recipient, but cannot ensure that it may not move been read by someoneelse.
Assigning responsibility and ownership
As e-commerce managers you need to embrace technologies that will establishresponsibility and ownership of Web actions and/or changes. Popular techniques includeaudit trails, Web server logs, and receipts. Server logs, in particular, allow you to keeptrack of what is happening on your system - they will reveal when sensitive files arebeing accessed and by whom. Accountability is the backbone of enforceable (andtrackable) security policies and practices. On it’s own, accountability provides little or noprotection against most threats to your Web site, but it’s valuable in determining whatwent wrong when there is a security failure.
Confidentiality
Confidentiality is another keystone of most Web security policies - is the informationbeing transmitted, secure from prying eyes? Procedures and technologies need to beimplemented that are aimed at preventing unauthorised disclosure, or interception, ofdata. Encryption is a major category here, but so is key-escrow (where encryption keysare stored with and managed by independent third parties15 ), which is how companiesgo beyond encrypting data. Another option is to obtain a virtual private network extensionfor your Internet/Intranet to provide an end-to-end encrypted link that for the most part isshielded from the public Internet. These techniques are geared toward data content thatmust be held strictly off-limits to certain users.
E-COMMERCE ARCHITECTURE
199
Non-repudiation
Non-repudiation relates to the issue of ensuring that a person or company cannot denyevery having given an instruction. Clearly, with the move to electronic and statelessinformation, the ability to confirm that a person gave an instruction is more difficult thancompared with the physical world of contracts and signatures. Technologies exist, suchas SET and digital certificates, that will ensure non-repudiation in online agreements andcontracts, but (a) these technologies are either not always extensively used or not yetavailable, and (b), our courts also need to keep up with the technology.
Presently, repudiation of online agreements remains a potential problem and withoutclear proof, nothing stops a customer from denying that (s)he ever made an onlinepurchase. It will require some effort on the part of firms to counter such claims and theywill require sure-fire technologies and procedures in place to convince a court of law. Theexisting security technology being used by most online companies, namely securesocket layers (SSL) - which we discuss in more detail later - does not ensure non-repudiation and therefore cannot justify a bank guarantee.
Site integrity
One hazard often overlooked by security professionals concerns the integrity of the Website itself. Can people always get to it? Is the data safe in the case of a catastrophicfailure? Solutions for the Web include availability controls that are similar to privatenetwork solutions, and include fault tolerance, backup/recovery and capacitymanagement systems. Such systems are becoming increasingly important to protectdata from destruction, but they offer only basic protection. Among the strongest solutionnow available is a combination of full redundancy of the entire Web site and strong virus-protection software.
Physical protection
Another security issue is the physical protection of your server environment. ProtectingWeb servers from physical access is an important issue. It doesn’t help protecting yourvaluable data from unauthorised access over the Internet, when someone can walk intoyour office and simply steal the server. You also want to protect your servers from fireand other similar interventions. For this reason, companies, particularly those that runtheir own Web servers, should create secure, protected areas - called demilitarised
zones (DMZs) - where their servers are located. DMZs might include all or any of thefollowing:
n Physically secure premisesn Perimeter alarm systemsn Motion sensorsn Video surveillancen Access control systemsn On-premises security officersn Fire-alarm systems
7
CHAPTER SEVEN
200
n Gas-based fire suppression systemsn Humidity and temperature control systemsn Seismically-braced server racksn UPS back-upn Generatorsn Operations monitoring on a 24x7x365 basis
Of course, such physical protection is very expensive and so want often happens is thatcompanies institute a variety of software-driven security measures, as well as safeprocedures, while leaving their servers open to attack in an unlocked room in thebuilding. To overcome this problem, there are third-party firms that offer secure hostingenvironments where companies can locate their servers. Such firms may even offerdisaster recovery systems, should your data inadvertently get lost or corrupted. If youhost your Web servers with your ISP, make sure that they have a DMZ in place.
Virus protection
Virus protection software is another must. Ensure that the software you use is the latestavailable and always download the newest version. Also keep yourself and your staffinformed about the latest Internet virus threat (such as the recent “I love u” virus).Viruses are discussed in more detail later in this chapter.
Secure communications
Security is not only about the possible penetration of your Web site and internal securitysystems, it is also about the secure exchange of information. To begin with, you will wantto know that you are communicating over a secure connection. One of the first thingsyou should confirm is that a secure connection is in place between you and the Web siteyou are dealing with. You will know that you are dealing with a secure connection when aclosed padlock appears in the information bar at the bottom right-hand side of your Webbrowser. This means that you are now using a SSL connection which is one of the mostwidely used Internet security standards and is discussed in more detail in the nextsection.
Fortunately, existing security systems on the Internet are quite safe. With high levels ofencryption, and ever-increasing security models being developed, there is little reason tobe worried about security as long as your company embraces these new technologiesand follows some simple procedures.
14. Secure Socket Layers (SSL)
By using special encryption techniques, it is possible to ensure that data being sharedbetween a browser and a remote Web server cannot be snooped in transit. This isachieved using digital certificates in conjunction with SSL-enabled Web servers. Whatthis means, is that although the transmission can be intercepted, it is encrypted andcannot therefore be understood unless a lot of effort is put into decrypting the message.
E-COMMERCE ARCHITECTURE
201
How SSL works16
When a customer attempts to access a secure Web page located on your Web server,your server hosting the secure site sends a “hello request” to the customer’s browser.The browser replies with a “client hello”. Exchanging these “hellos” lets the browser andyour secure Web page determine the encryption and compression standards they bothsupport. They also exchange a ‘session ID’, a unique identifier for that specificinteraction. Once they have greeted each other, the user’s browser asks for your server’sdigital certificate - it’s like asking for some ID! We discussed digital certificates in anearlier section.
Sharing the Key
After the browser and the server have shaken hands and the browser has checked yourserver’s digital certificate, it uses information in your digital certificate to encrypt amessage back to you that only your server can understand. Using this information, thebrowser and the server create a ‘master key’. This master key is like a codebook thatboth sides can use to encode and decode transmissions. Only your customer’s browserand your Web server share that master key and it’s only good for that session. Using theunique shared key, your server and the browser can exchange sensitive information,such as the customer’s credit card number, in a way third parties can’t understand.
When the customer leaves your secure Web page, the master keys you once sharedbecome useless since they are good for one session only. Should the customer return toyour secure site, your server and their computer will go through the whole process againand create another master key.
Depending on the organisation involved, the encryption keys used to encode themessage may be a 40-bit key (representing a lower degree of security), or a 128-bit key,representing the highest level of security presently available on the Net. All banks usethe 128-bit key.
To learn more about the public and private encryption keys used inSSL authentication, visit the following Web site -http://developer.netscape.com/tech/security/ssl/howitworks.html
Knowing when you are on a secure site
The customer can tell when they’re on a secure site when they see a small icon of apadlock or key somewhere in the bottom information bar of their browser’s browserwindow, but only if it is a SSL-enabled browser (which all of the later versions ofNetscape or Explorer are). If the key is unbroken or the lock is closed and golden orglowing, this means that they are now involved in a secure transaction.
E X E R C I S E
7
CHAPTER SEVEN
202
By double-clicking on the lock enables the user to confirm that they’re connected to asecure site and to view the site’s certificate in order to make sure for themselves that thename on the certificate your server has supplied them matches your company name.Most browsers can also be set to alert the user when they enter and leave a secure site.
Is it safe?
If a customer wanted to buy something from your e-commerce Web site or sharesensitive information with you, they could do so quite safely using SSL - SSL makesonline purchasing extremely safe for customers. The only real way to break an SSLencryption is with brute force by intercepting the encrypted message containing thecredit card number, recording it and then use a computer to try every possiblecombination until the master key is cracked. To combat even that approach, most keysrange from 40 to 1,024 digits long (each digit is either a 1 or a 0). As the number of digitsin the key gets longer, the number of possible combinations grows into the trillions.Therefore, the longer the key is the more secure it is.
As an added means of security, some customers use debit cards instead of credit cards,with spending limits equal to the amount on deposit.
The problem with SSL
The problem with SSL is the fact that when the customer’s details reach the merchant,the merchant must now capture these details and then re-send them to their bank orpayment network. During this capturing process your credit card details are vulnerable tobeing compromised possibly by a staff member or some other person. Thus SSL onlypartially secures transactions.
If you are dealing with a reputable merchant, this may be OK, but if the merchant iscompletely unknown to you, this could be a problem. Best therefore always to deal withreputable companies. Of course, when the merchant contacts their local bank to confirma customer’s credit card details and ability to incur the cost of a purchase, they wouldalso do so using an SSL-protected connection.
Bear in mind, though, that there are no commonly available security methods to securereal-time access to back-end legacy systems.17
Secure HTTP
Another protocol for transmitting data securely over the World Wide Web is secure HTTP(or S-HTTP). Whereas SSL creates a secure connection between a client and a server,over which any amount of data can be sent securely, S-HTTP is designed to transmitindividual messages securely. SSL and S-HTTP, therefore, can be seen ascomplementary rather than competing technologies. An extension to the HTTP protocolto support sending data securely over the World Wide Web. Not all Web browsers andservers support S-HTTP.18
E-COMMERCE ARCHITECTURE
203
Figure 7.13: Secure Socket Layers
Check those digital certificates!
How do you know if a merchant is who they say they are? Well, check their digitalcertificate. Reputable merchants will normally be registered with a known CA such asVerisign. They will have been issued with a digital certificate in respect of their Webserver. A digital certificate is encrypted information that confirms a server’s authenticity.When you check for a digital certificate it is quickly confirmed (or rejected) online with theissuing body. To view a certificate for a particular Web server, check under File >Properties to see whether a digital certificate exists for the server in question. It is alsopossible for you to purchase a personal certificate from these companies that confirmsthat you are who you say you are.
15. Secure Electronic Transactions (SET)
The reluctance of online shoppers to part with their credit card information over theInternet - only 5% of Net users trust giving their credit card details over the Internetaccording to a 1997 Yahoo survey19 - has spurred the development of a new, moresecure payment mechanism called Secure Electronic Transaction (or SET for short).SET, which uses a system of locks and keys combined with certified account IDs for bothconsumers and merchants, is an open, multi-party security standard being introduced byMastercard, Visa and others. It is primarily aimed at securing financial transactions, inparticular credit card payments, on the Internet.
Somewhat more complicated than SSL, the global take-on of SET has been very slow sofar, probably because most firms and individuals are fairly happy with the security beingoffered by SSL. In South Africa, only a few larger organisations, including banks, are
7
MERCHANTACQUIRING
BANK
Online
customer
Secure Web server
with SSL technology
Customer
browses and
interacts with
merchant over
open Internet line
Browser is SSL
enabled e.g. Netscape
4.0 & 4.5 and Intrnet
Explorer 4.0 & 5.0
• Customer decides to buy
• Merchant switches to
secure part of Web server
• Customer’s browser
acknowledges secure link
with closed padlock in
bottom right-hand corner of
browser
• Customer supplies
merchant with credit card
details
Traditional
Payment
Gateway
Merchant confirms credit card
details and ability to pay with bank
or credit card institution over
traditional payment network
=SECURE SSL CHANNEL
1
2
3
CHAPTER SEVEN
204
exploring the possibilities of SET - Setcom is one local company promoting the use ofSET. It does offer a higher level of security, however, and in a virtual world where firmsand individuals are sensitive to the issues of fraud and security, it is likely that SET willeventually take hold as the volume of online business increases. Even when it does takeroot, though, it may take some time for the general public to accept the technology andto get comfortable with it. The concept of digital signatures and key pairs is still foreign tomost people, and not easily understood.20
The major advantages of SET are that it:21
n Establishes industry standards to keep the customer’s order and paymentinformation confidential
n Increases integrity for all transmitted data through encryptionn Provides authentication that a cardholder is a legitimate user of a branded
payment card accountn Provides authentication that a merchant can accept branded payment card
transactions through its relationship with an acquiring financial institutionn Allows the use of the best security practices and system design techniques to
protect all legitimate parties in an electronic commerce transactionn It removes the bank from having to verify the purchaser since the cardholder uses
a secure electronic certificate issued by the credit card issuing company
How SET works
Figure 7.14: Secure Electronic Transactions
Customer decides to
buy and passes digitalcertificate to merchantover secure SSL linkand digital certificate
‘handshakes’ areexchanged
Customer registers with
credit card company viatheir local bank (issuing
bank) and receives adigital certificate
Acquiring bank
may confirmdigital certificate
and ability to paywith issuing bank
Secure webserver with
SSL technology
Browser is SSL enabled e.g.
Netscape 4.0 & 4.5 andInternet Explorer 4.0 & 5.0
ONLINECUSTOMER
1
2
3
CREDITCARD
COMPANY
Customerbrowses and
interacts withmerchant over
open internet line
Merchant presentscustomer’s digital certificate
to acquiring bank who
authorises transaction
4
5
=DIGITAL CERTIFICATE
ACQUIRING
BANKMERCHANT
6
ISSUING BANK
Credit card
companyauthorises
issuing bank toissue digital
certificate tocustomer
Traditional paymentnetwork
System
integration withtraditional credit card
payment network
Credit card companyor bank or other thirdparty issues Digital
Wallet to customer
=SECURE SSL CHANNEL
Digital SET
certificate issuedby credit card via
acquiring bankpresented to
merchant
Credit cardcompany
authorisesacquiring bank to
issue digitalcertificate to
merchant
7
8
9
Digital
Walletsoftware
loaded ontocomputer
!
MERCHANTACQUIRING
BANK
ISSUING
BANK
CREDIT
CARD
COMPANY
E-COMMERCE ARCHITECTURE
205
The cardholder and digital certificates
With reference to figure 7.14, the SET process begins with a cardholder opening a creditcard account with his/her bank, in conjunction with Mastercard, Visa or similar cardissuing authority. Although the cardholder works through his/her personal bank and notdirectly with the credit card company, the latter remains the ultimate card issuingauthority. The cardholder’s bank is generally referred to as the issuing bank or issuer andserves as the agent of the credit card company. The same relationship exists whenissuing conventional credit cards.
The next step in the process involves the issuing bank issuing a digital certificate to thecardholder. Associated with this certificate are the public encryption keys (essentially the‘electronic signatures’) of both the cardholder and of the issuing bank. This digitalcertificate is an electronic file that plays much the same role as the signature on aconventional credit card, and can be used to ‘sign for’ online purchases or othertransactions. In order to ensure its validity, the issuing bank digitally signs the certificateby embedding its public encryption key in it.
The issuing bank will have obtained permission from the credit card company concernedto issue this digital certificate. The credit card company thus functions as the primary CA.When a cardholder requests a digital certificate, the issuing bank passes this request onto the credit card company in question which subsequently grants the bank the authorityto furnish the cardholder with a digital certificate, which the bank then does. Obtaining adigital certificate is only required for the first transaction. The certificate is reusable for aperiod of time - much like a traditional credit card. When the period is over, thecardholder will need to renew the certificate. When a cardholder has a valid cert, the nextstep is to obtain a digital wallet.
Digital wallets
A digital wallet is basically a freely available encryption software program that bindstogether certain information on the cardholder’s PC. This information might include thedigital certificate that has been issued to cardholders in order to identify them, theirpersonal details required to complete an order form, their payment information that willbe required to process a payment, and their shipping information that will enable themerchant to send the goods bought by customers to them.22
Not only does the digital wallet keep this information safe and encrypted on thecustomer’s computer, but the software can be used to store digital representations ofmultiple credit cards (Mastercard, Visa, etc.) on the cardholder’s computer, enabling thecardholder to make purchases with any one of them. As the information in the wallet isalways encrypted, it requires a user ID and password to access the wallet’s information.
Furthermore, the digital wallet implements security protocols on behalf of the cardholder.It can request and manage digital certificates for each of the credit cards, it automaticallycompletes online order forms on behalf of customers when they place an order, savingthem the hassle of having to key in the same detailed information each time and it candisplay virtual sales slips. In fact, today many wallets are now being programmed toperform the role of fledgling shopping assistants and generally offer additional featuressuch as:23
7
CHAPTER SEVEN
206
n Storing passwords for multiple Web sitesn Recording a wallet transaction historyn Storing multiple shipping addressesn Maintaining merchant directoriesn Enabling the automatic notification of special deals and discounts
The more features a wallet offers, the more space it takes up on the customer’scomputer. In fact, some of the multifunction wallets are so big they need to reside onthe far more powerful e-commerce servers of banks and large retailers where thecustomer can access their features via an Internet connection and a relatively small bitof software loaded on the cardholder’s computer. These are called ‘server-side’ wallets.As many people are uncomfortable storing their information on an outside computer,‘client-side’ wallets also exist. These are the wallets we have been describing aboveand reside entirely on the customer’s machine. These client-based wallets tend to offerfewer features, are easier to download and install, and are primarily focused on orderform completion.
A digital wallet requires an initial one-time entry of all relevant information. Whencustomers shop online, they will need to activate the wallet for their shopping sessionby entering their user IDs and passwords. The customers then browse through amerchant’s site and find what they’re looking for. They add these items to theirelectronic shopping cart and click the ‘Buy’ button. As soon as the merchant’s orderform appears on their screens, they can then use their wallets to pass on theinformation required by the merchant and to authorise payment.
In fact, the digital wallet is often activated automatically by the merchant’s transactionsoftware. After confirming all the purchase details, customers follow the specificinstructions for their specific type of wallet. Some wallets have an ‘auto-fill’ feature thatautomatically fills in the order form. Other wallets will create and fill their own orderform, while with others the user needs to drag-and-drop the information from thewallet’s window into the form.24
After double-checking the order, pricing, and shipping information, the customer clicksthe ‘Submit’ button at the bottom of the form. The information is then passed on to themerchant who, in turn, passes the information on to their particular bank - the acquiringbank. The customer is basically finished with the order. Verification is possible as mostwallets have a transaction history feature built in and, in addition, most merchants willsend the customer an e-mail confirming their order.25
As SET becomes more prevalent, wallets will be available from a variety of companies,ranging from financial institutions to specialised retail shopping portals. Many peoplewill feel more comfortable, however, downloading a wallet sponsored by their creditcard issuer or local bank since they have already established a secure financialrelationship with the institution concerned.
The merchant and digital certificates
In order to accept SET payments, the merchant must be certified by the CertificateAuthority, thereby assuring cardholders that the merchant is legitimate. Merchants,therefore, also have to apply for and receive digital certificates from the credit card
E-COMMERCE ARCHITECTURE
207
company - the Certificate Authority in this case - via their respective banks, also knownas the acquiring bank. The credit card company authorises the acquiring bank to issuethe merchant with a digital certificate. The certificate includes the merchant’s and thebank’s digital signatures (i.e. their respective public encryption keys) and identifies themerchant as a firm able to accept SET payments. Set-enabled merchants will display aSET logo that certifies that the merchant can handle SET transaction. It also confirmsthat merchants are who they say they are. As with the cardholder’s digital certificate, themerchant’s certificate is valid for a specific period of time, after which it needs to berenewed.26 ,27
The SET verification process
When a customer decides to buy something from a SET-enabled merchant, thecustomer visits the merchant’s Web site and browses through the product catalogue,selecting some items to buy. When the customer has gathered together a few items tobuy in an electronic shopping basket, the customer clicks on the ‘Buy’ button. The firstthing that the customer’s browser does is to request a digital certificate from themerchant’s server. The merchant’s digital certificate information is passed on to thecustomer’s browser that confirms with the issuing bank (and they, in turn, with theacquiring bank) that the certificate held by the merchant is valid. In other words, thebrowser has confirmed that the merchant is a legitimate SET-enabled merchant.Similarly, the merchant requests the cardholder’s digital certificate in order to confirm thecardholder’s status.28
Once this ‘handshake’ has taken place, the merchant’s storefrontsoftware - also known as its point-of-sale (POS) system -presents an electronic order form on the screen for the cardholderto complete. At the same time, the merchant’s POS systemactivates the cardholder’s digital wallet in order for it to handle thepurchase. The cardholder reviews the purchase order (PO) and ifsatisfied, follows the instructions applicable to the particular type of digital wallet softwarebeing used by the cardholder. The wallet then passes on the required information to themerchant’s POS system and when this has been done, the cardholder clicks on the‘Submit’ or ‘Confirm Purchase’ button. The wallet then sends a final message to themerchant’s server authorising the purchase.
The browser forwards the purchase order information to the merchant. This messageauthorising the purchase is encrypted with the cardholder’s public key, while the actualpayment information is encrypted with the issuing bank’s public key (which can’t be readby the merchant). The message also contains certain information that ensures thepayment can only be used with this particular order.
When the merchant’s POS system gets a message that the cardholder has requestedpayment for an order, the merchant must request authorisation for this payment.Authorisation is required for any online credit purchase, just as it is for a credit cardpurchase made in a regular store.29, 30
“On your mark, get
SET, wait!”
Bill Roberts
7
CHAPTER SEVEN
208
Table 7.1: SSL SSL vs. SET: Private lives and public keys
Secure Sockets LayerWhat it does:
Authenticate: Lets Web-enabled browsers andservers authenticate each other;Limits access: Permits controlled access toservers, directories, files, and services;Shares information: Lets information be sharedby browsers and servers while remaininginaccessible to third parties; andProtects data: Ensures that exchanged datacannot be corrupted without detection.
Secure Electronic TransactionWhat it does:
Digital certificate: Requires parties-cardholder,merchant, bank, and anyone else involved-toobtain a digital certificate;Authenticate: Requires a Certificate Authority toauthenticate all parties in the transaction;Electronic wallet: Lets customers keep credit cardinformation in software called an “electronic wallet”on their computers;Limits merchant’s access: Gives merchants noaccess to credit card information, making SETsafer than in-person or phone transactions;Limits access: Gives the credit card issuer noaccess to order information, maintaining thecustomer’s privacy;Immediate verification: Gives a merchantimmediate verification of credit availability andcustomer authenticity, allowing it to fulfil orderswithout the risk that the transaction will becomeinvalid;Stronger encryption: Encrypts order and creditcard information separately. The card informationis of fixed length, so this lets SET use strongerencryption for the card information.
Secure Sockets LayerHow it works:
SSL uses public-key encryption and digitalcertificates to set up the interaction and verify thatthe parties are who they say they are. Then it usesspecial session keys to encrypt the data beingtransmitted. Public-key cryptography uses a pair ofasymmetric keys, public and private, for encryptionand decryption. The digital certificates (issued by aCertificate Authority) are used to verify that the keypairs belong to a particular entity. Session keysperform the cryptographic work for the data
Secure Electronic TransactionHow it works:
When a customer wishes to make a purchase, theorder information is encrypted via the customer’sprivate encryption key and sent to the merchant,while the credit card information is also encryptedand sent to the card issuer, all accompanied by aunique digital signature. The merchant and cardissuer decrypt the information using the customer’spublic key, allowing them to verify its authenticity
Secure sockets layerThe downside:
Only point-to-point transactions: SSL handlesonly point-to-point interaction. Credit cardtransactions involve at least three parties: theconsumer, the merchant, and the card issuer.Risks: With SSL, consumers run the risk that amerchant may expose their credit card numbers onhis server and merchants run the risk that aconsumer’s card number is fraudulent or that the
Secure Electronic TransactionThe downside:
Rollout: Rollout has been slow.Lack of testing: Interoperability among SETimplementations is only now being tested.Slow adoption: Consumers may be slow to
credit card won’t be approved.
exchange.
and complete the transaction.
implement electronic wallets.
Source: BRG Research31
E-COMMERCE ARCHITECTURE
209
The merchant requests verification of the customer by submitting the cardholder’scertificate to the merchant’s acquiring bank or to a third-party verifier, using a paymentgateway.
The payment gateway mechanism
The payment gateway receives SET messages from the merchant’s POS system andtranslates these messages into the format used by the existing payment settlementnetwork.32 This is the main function of the payment gateway - it is a type of switchingservice or interface. Once within the existing network, the transaction is handled as withany other conventional credit card transaction
The acquiring bank receives the request for authorisation from the merchant via thepayment gateway. This includes the issuing bank’s public key, the customer’s paymentinformation (which the merchant can’t decode), and the merchant’s certificate. Theacquiring bank will, in turn, refer the certificate to the issuing bank for authorisation. Theissuing bank then checks the digital signature on the customer’s certificate and ifeverything is in order, authorises payment. The bank uses the digital signature on thecertificate sent with the message and verifies the payment part of the message.33
The issuing bank digitally signs and sends authorisation via the acquiring bank to themerchant, who can then fill the order. When the payment gateway receives informationfrom the payment settlement network about a transaction, thegateway translates these messages back into a SET format andsends the information to the merchant’s POS system. Themerchant receives information from the gateway about thesuccess or failure of the transaction and sends the informationon to the cardholder, along with an explanation if the transactionwas unsuccessful.
In the above scenario, the process described parallels aconventional credit card transaction. However, SET introducesan additional layer of security in the form of dual signatures.34
The message sent from the cardholder’s wallet to the merchant’ssite encapsulates two sets of data; the first contains the detailsof the order itself, while the second holds the credit card details.The use of dual signatures means that while the order detailscan be decrypted by the merchant, the sensitive credit card information can only bedecrypted by the issuing bank. All the merchant needs to know is that the customer canpay and this confirmation the merchant receives from the bank or credit card company;the merchant is not able to view the customer’s credit card details - this is allencrypted.35 In this way the customer’s security is upheld. It is important to note that inthe communication between all the parties involved, SSL encryption technologies stillapplies. So SET in effect rides on top of SSL.
Give away
something free and
then try to sell
something additional
to those who come
Ralph Wilson,
Wilson Internet
7
CHAPTER SEVEN
210
16 Digital cash
Digital cash (sometimes also called digi-cash or e-cash) allows a user to purchase smallamounts of cash credits from a digital cash supplier, usually a bank or credit cardcompany. These cash credits - which are in a digital format - are then stored on theuser’s computer and can be used to purchase goods or services from a participatingvendor. To this end, the user will also need to obtain special software that is installed onhis/her computer. The software - called ‘purse’ software - allows you to download‘electronic coins’ to your hard disk. The purse also manages your coins.
The digital format used for e-cash comprises a unique serial number, issued by a bank,that is transmitted from one computer to another. Encrypted in the serial number isinformation that guarantees the value of the digital cash being tendered online. Eachnumber is anonymous and vendors can therefore not obtain information about thepurchaser without their permission.
The customer must own a bank account at the bank that will issue the digital money (atpresent there are no banks that handle digital cash in South Africa, and very fewelsewhere in the world). Once this account has been set up and is activated, a customerwill make a request to the bank over the Internet for digital cash certificates. The bankthen issues the customer serial numbers embedded in the e-cash certificates thatrepresent a particular cash value. The purchase of the digi-cash is charged against thecustomer’s bank account or credit card. When the holder of this digital money wants tomake a purchase, (s)he must transfer the number(s) representing the cash value inquestion to the vendor so it may be deposited in a bank account or transferred to anothervendor for subsequent purchases.
When a customer agrees to make a purchase online using e-cash, the purse softwaresubtracts the payment amount from the customer’s purse, and creates a payment that issent to the bank, verified, and which is finally then deposited to the merchant’s account,all within a few seconds. The merchant is notified and ships the goods.
Although digital cash is slowly becoming more popular on the Internet - the two bestknow e-cash organisations are eCash Technologies and CyberCash - the concept stillhasn’t taken off completely. In South Africa, the first real venture into digital cash is beingdriven by the FirstRand Group who are investing some R300 million into theireBucks.com venture - their site is worth a visit - see figure 7.15.
Digital cash can also be bought and used by way of ‘smart cards’ - these are cards thathave a small micro-chip embedded in them. Instead of transferring the digital moneyfrom computer to computer over the Internet, a user can now walk into a vendor andrather than pay in physical money, can instead use his/her smart card to pay for thetransaction. What happens is exactly the same as on the Internet and a certain monetaryvalue is deducted from the micro-chip on the user’s smart card which is transferredelectronically to the vendor’s bank account via a small device much like the credit cardmachines one finds in restaurants today. Other types of payment methods include
E-COMMERCE ARCHITECTURE
211
e-cheques (which allow customers to digitally ’sign’ and electronic cheque),micropayments (which incorporates small payments for smaller tranactions such as forusing online content). All of these payment methods are still in their infancy in SouthAfrica.
Figure 7.15: eBucks - South Africa’s first major digital cash venture
17. Internet viruses
There are a number of virus threats that you are likely to encounter from the Internet.These include:
n Virusesn Vandalsn Hoaxesn Chain letters
Viruses
A virus is a person-made software program or piece of code deliberately written to attachitself, unknowingly, to other programs or to the boot sectors of your hard drive. Virusesreplicate themselves whenever the programs they have attached themselves to are usedor when the affected sector of a hard drive is accessed. They have a malicious intent andcontain destructive code that will inflict damage to the host computer such as erasing files,formatting hard drives, scrambling partition tables, etc. Viruses often exploit weaknesses orfeatures within the program they have attached themselves to, in order to inflict thisdamage or to replicate themselves. Generally, the destructive part of a virus isprogrammed to execute when certain conditions are met, usually a certain day, time, date,or number of infections.
7
CHAPTER SEVEN
212
The proliferation of the Internet has also made the task of protecting a network moredifficult than ever before. Notwithstanding security measures such as firewalls and proxiesbeing implemented by network managers, the interaction with the Internet generally occursat individual desktop-level. Users within networks send and receive e-mail and downloadWeb pages and other programs. As a result of this desktop-level interaction with theInternet, it has become a gateway for hostile programs to attack your computer systems.
Today, there are some 13 000 viruses in existence, but most of these are contained in virusresearch labs; only a small percentage of known viruses are in general distribution. Aresearcher named Joe Wells maintains the Wildlist36 which is considered the industrystandard of virus in general distribution.
Having said all this, an e-mail message itself cannot contain avirus and there is no record of e-mail viruses of any kind. Anywarning that you read about an e-mail virus is a hoax. E-mailattachments, however, can contain viruses, especially if they areexecutable files (with a .exe extension). Just downloading thee-mail and attachment cannot infect your computer; you mustopen the attached file before it can do any harm.
What is more, Web pages in themselves cannot infect your computer with viruses,although the Java Applets and ActiveX controls that are commonly embedded in a Webpage can affect your system. Cookies and graphics on their own also cannot containviruses and viruses won’t affect your computer hardware. Viruses are software programsand can only affect other software programs. Bear in mind that while viruses do exist,they are relatively rare for the average user.
Vandals
A vandal is a malicious program that Web browsers automatically download from Websites (like ActiveX, Java applets or scripts)
A form of virus, a vandal is also a program that was designed with a malicious intent. Thedifference between a virus and a vandal is that a vandal is auto-executable, whereas avirus must be activated by the user (by starting an application program, for example, towhich the virus is attached). Today, vandals are more likely to be distributed over theInternet as part of Java applets, ActiveX controls, push clients, or some form of plug-inthat start running the moment they are downloaded.
As they are auto-executable, the victim has no control over their execution and willgenerally not be recognised as hostile until they actually begin executing, by which timeit is too late to stop them. A vandal can destroy or steal mission-critical files, stealnetwork passwords, modify data on databases, re-route modem connections, alterdirectories and data, or initiate a denial-of-service attack (thereby crashing or disablingthe machine) - all remotely and automatically, leaving the PC user without any chance tointervene. Vandals cannot be scanned and are difficult to find. Clearly vandals representa greater threat to your Web activities than viruses.
T I P
E-COMMERCE ARCHITECTURE
213
Hoaxes
The Internet is constantly being flooded with information about computer viruses andtrojans. However, interspersed among real virus notices are computer virus hoaxes.While these hoaxes do not infect systems, they remain time consuming and costly tohandle. Especially large companies will find that they will spend much more time dealingwith hoaxes than handling real virus incidents.
Chain letters
In the context of the Internet, a chain letter is an e-mail message sent to a number ofrecipients, coercing them to send out multiple copies of the e-mail so that its circulationincreases in a geometric progression as long as the instructions are carried out.
Chain letters occur in the physical world as well and have been used to solicit money,damage a person or company’s reputation, for fun, or to kill another chain letter. While achain letter could be a hoax, in the sense that it falsely warns of a virus threat, it couldjust as easily deal with issues that have nothing to do with viruses (such as a money-making pyramid scheme). The harm in a chain letter is that it clogs the e-mail systemand wastes valuable time reading and deleting the e-mail. Re-sending a chain letter toten persons and they to ten other persons means that by the ninth ‘re-sending’, morethan a billion e-mails will have been generated if everyone participates faithfully. Chainletters can cause a large organisation a huge amount of lost time.
Generally, it is advisable to delete a chain letter immediately; if unsure, it should bepassed on to the system administrator or security advisor for their advice.
An action plan against viruses
The following actions are suggested to protect yourself against viruses:
n Run up-to-date anti-virus software and make sure that thesoftware can function in ‘the background’, especially whenyou are online.
n Make sure that your anti-virus software automatically scanseverything that you download off the Internet (during theaction, not afterwards)
n Set your e-mail software’s security to high and ensure thatyour e-mail (and attachments) are scanned as well
n Regularly scan your computer systemn Scan every floppy/stiffy before using it (especially those received from other
persons)n Make sure that you regularly update (say monthly or every second month) your
anti-virus software - new viruses are coming out every dayn Use extreme caution when viewing e-mail messages and especially do not open
files attached to e-mails unless you know the person who sent it to you and whythey sent it
7
“All SET, with no
place to go.”
David Strom, CEO –
David Strom Inc.
CHAPTER SEVEN
214
n Do not open any executable (.exe and .com) files attached to e-mails regardlessof who sent them to you
n Regularly back up your datan Download software only from reliable sources (such as Microsoft, Adobe,
Macromedia or Tucows) or if you must download from a suspect site, take extraprecautions
18. E-commerce standards
In addition to the alphabet soup of standards that govern the Internet, e-commerceemploys several of its own standards most of which apply to business-to-businesstransactions. Some of these are listed below:
Electronic Data Interchange (EDI)
The traditional form of e-commerce, EDI was discussed in an earlier chapter.
Open Buying on the Internet (OBI)
This standard, created by the Internet Purchasing Roundtable, is supposed to ensurethat all the different e-commerce systems can talk to one another. Leading technologycompanies such as InteliSys, Microsoft and Oracle back OBI.
The Open Trading Protocol (OTP)
OTP is intended to standardise a variety of payment-related activities, includingpurchase agreements, receipts for purchases, and payments. It was created as acompeting standard to OBI by a group of companies, including AT&T, Hitachi, IBM,Oracle, Sun Microsystems, and British Telecom.
The Open Profiling Standard (OPS)
A standard backed by Microsoft and Firefly, OPS lets users create a personal profile ofpreferences and interests that they want to share with merchants. The idea behind it is tohelp consumers protect their privacy without banning online collection of marketinginformation.
E-COMMERCE ARCHITECTURE
215
19. Summary
In this chapter we’ve examined the technologies and architectures that underpin theInternet. From TCP/IP through the e-commerce architecture that you will encounter whenbuilding your e-business, to Internet viruses. In particular, we’ve also looked at some ofthe security issues such as SSL and SET that you will encounter when managing yourcompany’s Web site. It is important for managers to understand this architecture as thetechnology often obscures or hinders effective implementation of online strategies.
7
CHAPTER SEVEN
216
1. Internet.com, Telleen, S.L., Oct. 1998: The Difference Between Internet, Intranet and Extranet
http://www.Internetworld.com/print/1998/10/19/Intranet/19981019-advisor.html2. Internet.com, Telleen, S.L., Oct. 1998: The Difference Between Internet, Intranet and Extranet
http://www.Internetworld.com/print/1998/10/19/Intranet/19981019-advisor.html3. Internet.com, Merkow, M., Dec. 1999: E-Commerce Security Technologies
http://e-commerce.Internet.com/outlook/print/0,1282,7761_253601,00.html4 .University of Texas, Whinston, A. et el Oct. 1999: Measuring the Internet Economy
5. Ent, Cin, A., Apr. 1998: Integrating and Migrating Legacy Systems
http://www.entmag.com/archive/1998/apr08/040834.asp6. Aberdeen Group, White Paper, Apr, 2000: Large Scale Internet Applications Demand a New Approach
http://www.aberdeen.com/cgi-bin/rf.cgi?doc_id=040017637. ClickZ, Hoy, R., May. 2000: Shopping Cart Options for Small Business
http://www.clickz.com/cgi-bin/gf/cz/cz.print.me.html?article=17148. ClickZ, Hoy, R., May. 2000: Shopping Cart Options for Small Business
http://www.clickz.com/cgi-bin/gf/cz/cz.print.me.html?article=17149. Network Computing, Rist, O., Dec. 1998: The Customer is Always Right
http://www.networkcomputing.com/netdesign/ecom9.html10. Fusion, 1999: Building The Right Infrastructure for E-Commerce
http://www.nwfusion.com/whitepapers/f5/f5_wp.html?nf11. Network Security Library, 1998:Guide to Securing Intranet and Extranet Servers
http://secinf.net/info/misc/verisign/intro.html12. Network Security Library, 1998:Guide to Securing Intranet and Extranet Servers
http://secinf.net/info/misc/verisign/intro.html13. Datamation, McCarthy, V. Jun. 1999: Web security: How much is enough?
http://www.datamation.com/PlugIn/workbench/ecom/stories/secure.htm14. Datamation, McCarthy, V. Jun. 1999: Web security: How much is enough?
http://www.datamation.com/PlugIn/workbench/ecom/stories/secure.htm15. Zeuos, 2000: The Future of Security http://www.zeuos.co.uk/generic/articles/futureofsecurity/foz_p2.htm16. Gateway, 2000: How SSL encryption works http://www.gateway.com/footer/ssl.shtml17. E-commerce Times, Rothman, M., Feb. 2000: Is SSL Enough For B2B Transactions?
http://www.ecommercetimes.com/news/special_reports/shym.shtml18. Webopedia, Aug. 1999: SSL http:Webopedia.Internet.com/TERM/SSL.html19. IDG, Liu, D. (Visa International): Securing Transactions on the Internet
http://www.idg.com.tw/ice/ice0726-5-1/sld001.htm20. Strom, D., 1997: All SET, With No Place To Go http://strom.com/awards.html21. MasterCard International, 2000: SET promises a safe future for this new era in commerce
http://www.mastercard.com/shoppingonline/set/set.html22. Webopedia, Sept. 1998: digital wallet
http://Webopedia.Internet.com/TERM/d/digital_wallet.html23. MasterCard International, 2000: New “Digital Wallets”
http://www.mastercard.com/shoppingonline/wallet24. MasterCard International, 2000: New “Digital Wallets”
http://www.mastercard.com/shoppingonline/wallet25. GlobeSet http://www.globeset.com/setdemo1.htm26. IDG, Liu, D. (Visa International): Securing Transactions on the Internet
http://www.idg.com.tw/ice/ice0726-5-1/sld001.htm27. GlobeSet http://www.globeset.com/setdemo1.htm28. GlobeSet http://www.globeset.com/setdemo1.htm29. IDG, Liu, D. (Visa International): Securing Transactions on the Internet
http://www.idg.com.tw/ice/ice0726-5-1/sld001.htm30. GlobeSet http://www.globeset.com/setdemo1.htm31. DNJ Online, 2000: Join the party: How SET works
http://www.dnjonline.com/articles/issues/iss11_issues3.html32. IDG, Liu, D. (Visa International): Securing Transactions on the Internet
http://www.idg.com.tw/ice/ice0726-5-1/sld001.htm33. SET Secure Electronic Transaction LLC, 2000: What is SET
http://www.setco.org/how_set_works.html34. DNJ Online, 2000: Join the party: How SET works
http://www.dnjonline.com/articles/issues/iss11_issues3.html
35. Datamation, BRG Research, Apr. 1998: SSL vs. SET: Private lives and public keys
http://www.brgresearch.com36. Wildlist http://www.wildlist.org
CHAPTER REFERENCES