Скачать презентацию 4 B 2 C B 2 E Concepts
b8e67010f90b1cd7a422a868eb1ac41f.ppt
- Количество слайдов: 39
Скачать презентацию 4 B 2 C B 2 E Concepts
Скачать презентацию 4 B 2 C B 2 E Concepts
4. B 2 C, B 2 E: Concepts and Architectures 4. 1 Business-to-Consumer Systems Architectures and Components Shop Functionalities, Selected Components 4. 2 Electronic Fulfillment & Payment Secure Communication, Security and Trust Encryption: Standards, Authentication: Digital Signatures, Certification Authorities Electronic Payment Models, Standards and Systems 4. 3 Mobile E-Commerce and Location-Based Services Electronic Commerce (WS-05/06) 4 -1
ECommerce Reference Model Applications for horizontal and vertical sectors Organizational Virtual issues Organizations Kinds of Electronic Trading Systems (Shop Systems) Cooperation Political and Legal Aspects Business Process Reengineering (BPR) Tools of Forms of Payment Security, Trust Transact. Control Agent Technlgy Mediation, Negotiation EDI EC Technical issues Base Technologies (Internet-, Communication-, Security-, DB-, Software-Technology) [Me. Tu. La 99] Electronic Commerce (WS-05/06) 4 -2
Online Shops Definition An Online Shop System defines the buyer / seller interface using Internet technology. It supports mainly the Business-to-Consumer (B 2 C) business model. Shop system vendors have established knowledge about online shops (e. g. , Intershop exists since 1994). Shop vendors can be classified as o specialized shop providers (Intershop, Open. Shop, . . . ) o standard software providers (Microsoft, Oracle, . . . ) which integrate shops into their software suites. An online shop is more complex than it seems to be at first glance. Electronic Commerce (WS-05/06) 4 -3
Online Shops: Core Functionality o Product Catalog Management maintains a (flat, hierarchical, …) directory of • Hard (tangible) goods (examples: books, cars, clothing) • Soft (intangible) goods (example: software product, license, news) o Search Engine o Shopping Basket Management links customers & products o Customer Identification (example: visitor vs. buyer vs. preferred customer, …) o Billing & Payment • Taxation • Shipping fees Electronic Commerce (WS-05/06) 4 -4
Online Shops: Desirable Functionality o Banner Management o Statistics Report, Data Mining o Integration of Customer Relationship Management (CRM) functionality • Customer Profiling • Customer Classification • Call Center Integration • Campaign Management o Bridge to Enterprise Resource Planning (ERP) Backend System • Controlling • Inventory management (“are there sufficient hard goods on stock? ”) • Accounts payable (German: Kreditoren) o Legal issues: Electronic Contracts • Exchange for binding legal statements / electronic contracts between customer & merchant Electronic Commerce (WS-05/06) 4 -5
Online-Shop: Reference Architecture Shop Editor Shop Users Banner Manager Internet Editorial System Unstruct. Catalog Content Structure Core Shop System Product Inform. TX Data Exchange Interfaces ERP Electronic Commerce (WS-05/06) Banner-Mgmt User Download Profiles Area OLAP Tools P G Banner Pool Recommendation Engine Data Warehouse Pay. Inter- ment / net Billing Provider PG = Payment Gateway [Merz 99] 4 -6
Selected Shop System Components: Editorial System Shop Editor Shop Users Banner Manager Internet Editorial System Shop System Unstruct. Catalog Product Content Structure Inform. TX Data Exchange Interfaces ERP Electronic Commerce (WS-05/06) Banner-Mgmt User Download Profiles Area OLAP Tools P G Banner Pool Payment Inter- ment/ / Billing net Billing Provider Recommendation Engine Data Warehouse [Merz 99] 4 -7
Selected Shop System Components: Editorial System An Editorial system is used to manage and administrate a shop: o Manage • product information • product catalog structure • unstructured content (examples: logos, headline, footer, copyright notice) o Import product information from ERP systems NOTE: Sample online shop for starting is usually provided by shop system vendor Electronic Commerce (WS-05/06) 4 -8
Selected Shop System Components: Product DB The Product Information Database contains o Product classification information (categorization) and o Product information, e. g. : • Product attributes (name, price in different currencies, . . . ) • Image / 3 D model • Descriptions • Discounts, Advertising intensity • Links to related products Product information databases may support staging process (see later). Required: Adaptability and extensibility of o Categorizations o Product specifications (attributes) Electronic Commerce (WS-05/06) 4 -9
Selected Shop System Components: Core Shop System Shop Editor Shop Users Banner Manager Internet Editorial System Unstruct. Catalog Content Structure Core Shop System Shop Software Product Inform. TX Data Exchange Interfaces ERP Electronic Commerce (WS-05/06) Banner-Mgmt User Download Profiles Area OLAP Tools P G Banner Pool Payment Inter- ment/ / Billing net Billing Provider Recommendation Engine Data Warehouse [Merz 99] 4 -10
Selected Shop System Components: Core Shop System A shop software presentation system is part of the core shop system. It controls the visualization aspects of an online shop. Two main objectives: o Aggregation of content to be displayed as a whole. A page contains, e. g. , • product information • ads from banner pool • news feed • personalized content • download links, . . . o Rendering of content • format request • resolution HTML template User Pro duct Ads response HTML Electronic Commerce (WS-05/06) 4 -11
Selected Shop System Components: Payment Gateway Shop Editor Shop Users Banner Manager Internet Editorial System Unstruct. Catalog Content Structure Shop Software Product Inform. TX Data Exchange Interfaces ERP Electronic Commerce (WS-05/06) Banner-Mgmt User Download Profiles Area OLAP Tools P G Banner Pool Payment Inter- ment / / net Billing Provider Recommendation Engine Data Warehouse [Merz 99] 4 -12
Selected Shop System Components: Payment Gateway A Payment gateway is the interface from the shop system to a banks‘ clearing server. o Not developed by shop system providers, but by electronic payment system vendor. o Separately bought as plug-in / cartridge o Usually integrated as a shell script or component Payment Gateway vendors usually provide credit-card payment clearing service only. Electronic Commerce (WS-05/06) 4 -13
4. Shop Systems: Concepts and Architectures 4. 1 Business-to-Consumer Systems Architectures and Components Shop Functionalities, Architectures, Selected Components 4. 2 Electronic Fulfillment & Payment Secure Communication, Security and Trust Encryption: Standards, Authentication: Digital Signatures, Certification Authorities Electronic Payment Models, Standards and Systems Electronic Commerce (WS-05/06) 4 -14
ECommerce Reference Model Applications for horizontal and vertical sectors Organizational Virtual issues Organizations Kinds of Electronic Trading Systems (Shop Systems) Cooperation Political and Legal Aspects Business Process Reengineering (BPR) Tools of Forms of Payment Security, Trust Transact. Control Agent Technlgy Mediation, Negotiation EDI EC Technical issues Base Technologies (Internet-, Communication-, Security-, DB-, Software-Technology) [Me. Tu. La 99] Electronic Commerce (WS-05/06) 4 -15
Security and Trust (1) Security and trust are important factors for ECommerce: o In commerce the security of money and goods is most important. o Buyers will only trade with sellers whom they trust. Security can be achieved technically (e. g. , by encryption, authentication, access control to resources). Trust cannot be achieved technically, can be gained by o being certified by a trusted organization (e. g. , Trust-E) o number of customers (increases confidence) o word of mouth (tell your friend) Electronic Commerce (WS-05/06) 4 -16
Security (1) First step: Secure communication: Business partners send authentication information, digital cash, contracts over the Internet. For this secure communication is needed. Secure transmission of web documents is achieved, e. g. , via Secure HTTP (see chapter 3). But this is not enough for secure commerce. Questions concerning secure commerce: o Customer view: • Ensure that the merchant is who he claims to be (merchant authentication) • Ensure merchant is not selling customer profile information (see profiling standards) o Merchant view: Problems with “interrupted” business processes: Customer denies having • placed an order • signed a digital contract (repudiation). Electronic Commerce (WS-05/06) 4 -17
Security (2) Problems and proposed solutions (details on following slides): PROBLEM SOLUTION Eavesdropping: Third parties (man in the middle) read exchanged documents (orders) Privacy (Encryption) Modification of documents (e. g. , orders) Integrity (Digital Signatures), Privacy (Encryption) Erasure of documents Backups, Multiple Transmissions, Mirrors Spoofing (simulate an identity) Certificates, Certification Authorities, Public Key Infrastructure (PKI) Repudiation Non-repudiation (Sign contract with digital signature) Trade off between effort and risk (when to apply security measures). Example: Securing documents against eavesdropping / modification: o Irrelevant for information browsing o Relevant when credit-card numbers, amounts of money are sent across the Internet Electronic Commerce (WS-05/06) 4 -18
Cryptography in E-Commerce Based on: Electronic Commerce (WS-05/06) 4 -19
Introduction Cryptography: encode message data so that it can only be understood by intended recipient. Romans used it in military communication Given knowledge of encryption algorithm, brute force attempt: try every possible decoding until valid message is produced. Computers are good at this! Modern schemes must be computationally hard to solve to remain secure. Electronic Commerce (WS-05/06) 4 -20
Cryptographic Terminology Plain text: the message before encoding. Cipher text: the message after encoding. Key: information needed to convert from plain text to cipher text (or vice-versa). Function: the encryption or decryption algorithm used, in conjunction with key, to encode or decode message. Key distribution service: trusted service which hands out keys. Electronic Commerce (WS-05/06) 4 -21
Encryption Encrypting data prevents unauthorised access and modification to the data (i. e. prevents eavesdropping and tampering). If encrypted data can only be decrypted with a matching key, this can be used to prove sender’s identity (i. e prevents masquerading). Likewise, it can be used to ensure that only intended recipients can use the data. Two main ways: secret key & public key. Electronic Commerce (WS-05/06) 4 -22
Secret Keys One key is used to both encrypt and decrypt data Encryption and decryption functions are often chosen to be the same Security should not be compromised by making function wellknown as security comes from secret keys Text Encryption Secret Key 4 e%$ Decryption Electronic Commerce (WS-05/06) 4 -23
Using Secret Keys Sender and recipient exchange keys through some secure, trusted, non-network based means Sender encodes message using function and sends, knowing that only the holder of key (the intended recipient) can use it Recipient decodes message and knows that only sender could have generated it Message can be captured but is of no use Electronic Commerce (WS-05/06) 4 -24
Brute force approach for determining KAB Given Message M‘ = {M}KAB For all k o. For all M • If Mk= M‘ then return k Electronic Commerce (WS-05/06) 4 -25
Public Keys Diffie and Hellman 1976 Gives 'one-way' security. Two keys generated, one used with decryption algorithm (private key) and one with encryption algorithm (public key). Generation of private key, given public key, is computationally hard. Do not need secure key transmission mechanism for key distribution. Electronic Commerce (WS-05/06) 4 -26
Using Public Keys Recipient generates key pair. Public key is published by trusted service. Sender gets public key, and uses this to encode message. Receiver decodes message. Replies can be encoded using sender’s public key from the trusted distribution service. Message can be captured but is of no use. Electronic Commerce (WS-05/06) 4 -27
Block Ciphers Simple block cipher: Each block of ciphertext does not depend upon preceding blocks Problem: Attacker can recognize repeated patterns and infer their relationship to plaintext Problem: Integrity not guaranteed. Parts of previously intercepted messages could be inserted Solution: Cipher block chaining Idea: Combine each block with preceding ciphertext block using xor function before encryption (xor is idempotent) Requirement: Insert a different piece of text as initialization vector for each message (e. g. , timestamp) -> different ciphertext even for the same message Requirement: Reliable connection (why? ) Electronic Commerce (WS-05/06) 4 -28
Cipher Block Chaining plaintext blocks ciphertext blocks n+3 n+2 n+1 XOR E(K, M) n-3 n-2 n-1 n Initialization vector required (e. g. , timestamp) Electronic Commerce (WS-05/06) 4 -29
Stream Ciphers Problem: For some applications, encryption in blocks in inappropriate because of sparse data (padding every block would be too wasteful) Solution: Encryption algorithms that can perform encryption incrementally (stream ciphers), converting plaintext to ciphertext one bit at a time Idea: Construct a keystream generator (keystream is an arbitrary-length sequence of bits) Keystream used to obscure contents of data stream by bit-wise xor-ing the keystream with the data stream. If keystream is secure, then so is the resulting encrypted data stream. Usually a random number generator is used to produce a keystream (with seed agreed between partners) Additional measures: Disguise keystream with cipher block chaining. Fool eavesdroppers by inserting white noise. Electronic Commerce (WS-05/06) 4 -30
Stream Ciphers number generator keystream n+3 n+2 n+1 E(K, M) buffer XOR plaintext stream ciphertext stream Number generator: E. g. random number with seed value on which both parties agree Electronic Commerce (WS-05/06) 4 -31
Cryptography: Secret Keys Main Ideas o Confusion (XOR, circular shifting, . . . ) o Diffusion (transposition of plaintext block portions) Cryptographic Algorithms o DES (Data Encryption Standard, 1981, 56 bit) • Encryption and decryption function identical o TEA (Tiny Encryption Algorithm, 128 bit) • Wheeler and Needham 94 o IDEA (Intern. Data Encryption Algorithm, 128 bit) o Blowfish Electronic Commerce (WS-05/06) 4 -32
![TEA encryption function void encrypt(unsigned long k[], unsigned long text[]) { unsigned long y](https://present5.com/presentation/b8e67010f90b1cd7a422a868eb1ac41f/image-33.jpg "TEA encryption function void encrypt(unsigned long k[], unsigned long text[]) { unsigned long y")
TEA encryption function void encrypt(unsigned long k[], unsigned long text[]) { unsigned long y = text[0], z = text[1]; unsigned long delta = 0 x 9 e 3779 b 9, sum = 0; int n; for (n= 0; n < 32; n++) { sum += delta; y += ((z << 4) + k[0]) ^ (z+sum) ^ ((z >> 5) + k[1]); z += ((y << 4) + k[2]) ^ (y+sum) ^ ((y >> 5) + k[3]); } text[0] = y; text[1] = z; } Electronic Commerce (WS-05/06) 1 2 3 4 5 6 7 4 -33
![TEA decryption function void decrypt(unsigned long k[], unsigned long text[]) { unsigned long y](https://present5.com/presentation/b8e67010f90b1cd7a422a868eb1ac41f/image-34.jpg "TEA decryption function void decrypt(unsigned long k[], unsigned long text[]) { unsigned long y")
TEA decryption function void decrypt(unsigned long k[], unsigned long text[]) { unsigned long y = text[0], z = text[1]; unsigned long delta = 0 x 9 e 3779 b 9, sum = delta << 5; int n; for (n= 0; n < 32; n++) { z -= ((y << 4) + k[2]) ^ (y + sum) ^ ((y >> 5) + k[3]); y -= ((z << 4) + k[0]) ^ (z + sum) ^ ((z >> 5) + k[1]); sum -= delta; } text[0] = y; text[1] = z; } Electronic Commerce (WS-05/06) 4 -34
![TEA in use void tea(char mode, FILE *infile, FILE *outfile, unsigned long k[]) {](https://present5.com/presentation/b8e67010f90b1cd7a422a868eb1ac41f/image-35.jpg "TEA in use void tea(char mode, FILE *infile, FILE *outfile, unsigned long k[]) {")
TEA in use void tea(char mode, FILE *infile, FILE *outfile, unsigned long k[]) { /* mode is ’e’ for encrypt, ’d’ for decrypt, k[] is the key. */ char ch, Text[8]; int i; while(!feof(infile)) { i = fread(Text, 1, 8, infile); /* read 8 bytes from infile into Text */ if (i <= 0) break; while (i < 8) { Text[i++] = ' '; } /* pad last block with spaces */ switch (mode) { case 'e': encrypt(k, (unsigned long*) Text); break; case 'd': decrypt(k, (unsigned long*) Text); break; } fwrite(Text, 1, 8, outfile); /* write 8 bytes from Text to outfile */ } } Electronic Commerce (WS-05/06) 4 -35
Cryptography: Public Keys D(Kd(E(Ke, M)) = M Decryption key Kd must be a secret Encryption key Ke is public Electronic Commerce (WS-05/06) 4 -36
RSA Encryption - 1 To find a key pair e, d: 1. Choose two large prime numbers, P and Q (each greater than 10100), and form: N=Px. Q Z = (P– 1) x (Q– 1) 2. For d choose any number that is relatively prime with Z (that is, such that d has no common factors with Z). We illustrate the computations involved using small integer values for P and Q: P = 13, Q = 17 –> N = 221, Z = 192 d=5 3. To find e solve the equation: e x d = 1 mod Z That is, e x d is the smallest element divisible by d in the series Z+1, 2 Z+1, 3 Z+1, . . e x d = 1 mod 192 = 1, 193, 385, . . . 385 is divisible by d e = 385/5 = 77 Electronic Commerce (WS-05/06) 4 -37
RSA Encryption - 2 To encrypt text using the RSA method, the plaintext is divided into equal blocks of length k bits where 2 k < N (that is, such that the numerical value of a block is always less than N; in practical applications, k is usually in the range 512 to 1024). k = 7, since 27 = 128 The function for encrypting a single block of plaintext M is: E'(e, N, M) = Me mod N for a message M, the ciphertext is M 77 mod 221 The function for decrypting a block of encrypted text c to produce the original plaintext block is: D'(d, N, c) = cd mod N Rivest, Shamir and Adelman proved that E' and D' are mutual inverses (that is, E'(D'(x)) = D'(E'(x)) = x) for all values of P in the range 0 ≤ P ≤ N. The two parameters e, N can be regarded as a key for the encryption function, and similarly d, N represent a key for the decryption function. So we can write Ke = <e, N> and Kd = <d, N>, and we get the encryption function: E(Ke, M) ={M}K (the notation here indicating that the encrypted message can be decrypted only by the holder of the private key Kd) and D(Kd, {M}K ) = M. Electronic Commerce (WS-05/06) 4 -38
Blowfish Symmetric block cipher encryption/decryption algorithm Can be used as a drop-in replacement for DES or IDEA. Takes a variable-length key, from 32 bits to 448 bits, . . . making it ideal for both domestic and exportable use. Blowfish was designed in 1993 by Bruce Schneier as a fast, free alternative to existing encryption algorithms. Since then it has been analyzed considerably, and it is slowly gaining acceptance as a strong encryption algorithm. Blowfish is unpatented and license-free, and is available free for all uses. Electronic Commerce (WS-05/06) 4 -39
Скачать презентацию 4 B 2 C B 2 E Concepts
b8e67010f90b1cd7a422a868eb1ac41f.ppt