Electronic Commerce Systems

uptightexampleΔίκτυα και Επικοινωνίες

24 Οκτ 2013 (πριν από 3 χρόνια και 11 μήνες)

89 εμφανίσεις

1

Chapter 12


Electronic
Commerce
Systems

COPYRIGHT © 2007 Thomson South
-
Western, a part of The Thomson Corporation. Thomson, the Star logo, and South
-
Western are trademarks used herein under license


Objectives for Chapter 12


Topologies that are employed to achieve connectivity across
the Internet


Protocols and understand the specific purposes served by
several Internet protocols


Business benefits associated with Internet commerce and be
aware of several Internet business models


Risks associated with intranet and Internet electronic
commerce


Issues of security, assurance, and trust pertaining to
electronic commerce


Electronic commerce implications for the accounting
profession

Internet Technologies


Packet switching


messages are divided into small packets


each packet of
message
takes
different route


Virtual private network (VPN)


a private network within a public
network


you may connect to UTEP via a VPN


Extranets


password
controlled network for private
users


often outside
the company, but includes trading partners (vendors &
customers)


World Wide Web


an Internet facility that links users locally and globally


Internet addresses


e
-
mail address


URL address


IP address

What is E
-
Commerce?


The electronic processing and
transmission of business data


electronic buying and selling of goods and
services


on
-
line delivery of digital products


electronic funds transfer (EFT)


electronic trading of stocks


direct consumer marketing


electronic data interchange (EDI)


the Internet revolution

5

Benefits of E
-
Commerce


Access to worldwide customer and/or
supplier base


Reductions in inventory investment and
carrying costs


Reductions in procurement costs


Better customer service



Rapid creation of business partnerships to fill
emerging market niches


Reductions in retail prices through lower
marketing costs

6

Risks Associated with

E
-
commerce

7

General
Concerns


Data Security:

Are stored and transmitted data
adequately protected?


Business Policies:
Are policies publicly stated
and consistently followed?


Privacy
: How confidential are customer and
trading partner data?


Business Process Integrity
: How accurately,
completely, and consistently does company
process its transactions?

8

Intranet

Risks


Intercepting Network Messages


sniffing: interception of user IDs, passwords,
confidential e
-
mails, and financial data files


Accessing Corporate Databases


connections to central corporate databases increase
risk that data will be viewed, corrupted, changed, or
copied by employees


Uncontrolled Expansion


ill
-
conceived network decisions create serious threat

9

Internet

Risks to Businesses


IP Spoofing:
masquerading to gain access to
Web server and/or to perpetrate unlawful act
without revealing one’s identity


Technology Failures:
disruption caused by
hardware failure causes e
-
business to lose
customer credibility and sales revenues


Malicious Programs:
viruses, worms, logic
bombs, and Trojan horses pose
threats
to both
Internet and Intranet users

DOS Attack

Sender

Receiver

Step 1: SYN messages

Step 2: SYN/ACK

Step 3: ACK packet code

In a DOS Attack, the sender sends hundreds of messages, receives the

SYN/ACK packet, but does not response with an ACK packet. This leaves the

receiver with clogged transmission ports, and legitimate messages cannot be

received.

11

Controls

12

Network Control
Objectives


establish communications session

between sender and receiver


manage flow of data

across network


detect errors

in data caused by line
failure or signal degeneration (static)


detect and resolve
data collisions

between
competing nodes


POLLING

METHOD OF CONTROLLING DATA COLLISIONS

MASTER

Locked

Locked

Locked

Polling Signal

Data Transmission

The “master” polls “slave” sites to determine if they have data to transmit.

If a slave responds in affirmative, Master locks network while data are transmitted.


Allows priorities to be set for data communications across the network

SLAVE

SLAVE

SLAVE

SLAVE

WAN

Server

Token
Ring

Node

Node

Node

Central Files

Local Files

Local Files

Local Files

Contains data

Empty token

15

Carrier Sensing


Random access technique that detects collisions
when they occur (stepping out in traffic)


Widely used
--
found on
Ethernets.


Node wishing to transmit “listens” to line to determine if it is
in use. If line is busy, it waits a pre
-
specified amount of time
(seconds) to transmit.


Collisions occur when two nodes listen, hear no messages
transmitting, and then simultaneously begin transmitting.
Data collides and two nodes are instructed to hang up and
try again.


Disadvantage: Becomes a problem as network traffic
increases. Line may not be used optimally when multiple
nodes are trying to transmit simultaneously.

16

Encryption Techniques


In general
---



Private
Key
(less secure
)


Public
Key (more secure)


17

Encryption

Program

Encryption

Program

Communication

System

Communication

System

Cleartext

Message

Cleartext

Message

Data Encryption

Ciphertext

Ciphertext

Company A

Company B

Private

Key

18

Public

Key Encryption


Two keys


Sender encodes message with
Public

key


Recipient decrypts with
Private

key


After encryption, Sender cannot decrypt

Company A

Company B

E
-
Commerce Security:

Digital Authentication


Digital signature:

electronic authentication
technique that ensures that
transmitted
message
originated with
authorized
sender and that it was
not tampered with after the signature was applied


Digital certificate:
like an electronic
identification card that is used in conjunction with
a public key encryption system to verify
authenticity
of the message sender


20

E
-
Commerce Security:
Firewalls


Firewalls

-

software and hardware

that provide
focal point for security by channeling all network
connections through controlled gateway


Network level firewalls

-

low cost/low security access
control. Uses
screening router

to its destination. This
method does not explicitly authenticate outside users.
Hackers may penetrate system using an
IP spoofing

technique.


Application level firewalls

-

high level/high cost
customizable network security. Allows routine services
and e
-
mail to pass through, but can perform
sophisticated functions such as logging or user
authentication for specific tasks.

Assurance


“Trusted” third
-
party organizations offer
seals of assurance

that businesses can
display on their Web site home pages:


BBB


TRUSTe


Veri
-
Sign, Inc


ICSA


AICPA/CICA WebTrust


AICPA/CICA SysTrust

Implications for Accounting


Privacy violation


major issues:


a stated privacy policy


consistent application of stated privacy policies


what information is the company capturing


sharing or selling of information


ability of individuals and businesses to verify and
update information on them


1995 Safe Harbor Agreement


establishes standards for information transmittal
between US and European companies


Implications for Accounting


Audit implication for XBRL



taxonomy creation:
incorrect taxonomy
results in invalid mapping that may cause
material misrepresentation of financial data


validation of instance documents:
ensure that appropriate taxonomy and tags
have been applied


audit scope and timeframe:
impact on
auditor responsibility as a consequence of
real
-
time distribution of financial statements

Implications for Accounting


Continuous process auditing



auditors review transactions at frequent
intervals or as they occur


intelligent

control agents:

heuristics that
search electronic transactions for anomalies


Electronic audit trails


electronic transactions generated without
human intervention


no paper audit trail

Implications for Accounting


Confidentiality of data


open system designs allow mission
-
critical
information to be at the risk to intruders


Authentication


in e
-
commerce systems, determining the
identity of the customer is not a simple task


Nonrepudiation



repudiation can lead to uncollected revenues
or legal action


use digital signatures and digital certificates

Implications for Accounting


Certification authority (CA) licensing


trusted 3
rd

party vouches for identity


Data integrity


determine whether data has been
intercepted and altered


Access controls



prevent unauthorized access to data


Changing legal environment


provide client with estimate of legal exposure

27

Protocols

28

Protocol Functions


Facilitate physical connection

between
network devices.


Synchronize transfer of data

between
physical devices.


Provide
basis for error checking

and
measuring network performance
.


Promote compatibility

among network
devices.


Promote
network designs that are
flexible, expandable, cost
-
effective
.

29

Internet Protocols


Transfer Control Protocol/Internet Protocol
(
TCP/IP
)

-

controls how individual packets of data
are formatted, transmitted, received


Hypertext Transfer Protocol (
HTTP
)

-

controls
web
browsers


not the same as HTML


File Transfer Protocol (
FTP
)

-

used to transfer
files across Internet


Simple Network Mail Protocol (
SNMP
)
-

e
-
mail


Secure Sockets Layer (
SSL
)

and
Secure
Electronic Transmission (
SET
)

-

encryption
schemes

HTML: Hyper Text Markup
Language



Format used to produce Web pages


Defines page
layout, fonts, and graphic elements


used to lay out information for display in an appealing
manner like one sees in magazines and newspapers


using both text and graphics (including pictures)
appeals to users


Hypertext links to other documents on the
Web


Even more pertinent is HTML’s support for hypertext
links in text and graphics that enable the reader to
‘jump’ to another document located anywhere on
World
Wide Web.


XML:
eXtensible

Markup
Language


XML is
meta
-
language
for describing markup
languages.


Extensible
means that any markup language can
be created using XML.


Includes creation
of markup languages capable of
storing data in relational form, where tags
(formatting commands) are mapped to data values


can be used to model the data structure of an
organization’s internal database


Comparing HTML and XML

XBRL:
eXtensible

Business
Reporting Language


XBRL
is an XML
-
based language for standardizing
methods for preparing, publishing, and exchanging
financial information, e.g., financial statements.


XBRL taxonomies
are classification schemes.


Advantages:


Business offer expanded financial information to all
interested parties virtually instantaneously.


Companies that use XBRL database technology can
further speed the process of reporting.


Consumers import XBRL documents into internal
databases and analysis tools to greatly facilitate their
decision
-
making processes.

34

Networks

35

Local Area Network (LAN)


Computers located close together

(in
same building/campus)
linked together to
share data/software/hardware


Physical connection of workstations to LAN is
achieved through
network interface card

(NIC)



Server

stores network operating system,
application programs, and data to be shared.

36

Topologies

37

Star Topology


Network of workstations with large
central computer (host)


Host computer has direct
connections to workstations


All communications

must go
through host computer. Can do local
processing even if host is down.

Local Data

Local Data

Local Data

Local Data

Central Data

Topeka

St. Louis

Kansas

City

Dallas

Tulsa

Star Network

39

Ring Topology


Configuration
eliminates central site
.
All nodes are of equal status (
peers)
.


Responsibility for managing
communications is distributed among
nodes.


Common resources shared by all nodes
can be centralized/managed by file server
that is also node.

Server

Ring
Topology

Local


Files

Local


Files

Local


Files

Local


Files

Local


Files

Central

Files

41

Bus Topology


Nodes are all connected to common
cable

-

the bus.


Communications and file transfers
between workstations are controlled by
server
.


Generally less costly to install than
ring

topology.

Server

Bus Topology

Node

Node

Node

Node

Local Files

Local Files

Local Files

Local Files

Local Files

Node

Central

Files

Print Server

Client
-
Server Topology


This configuration distributes the
processing between
user’s
(client’s)
computer and
central
file server.


Both types of computers are part of
network
, but each is assigned functions
that it best performs.


This approach reduces data
communications traffic, thus reducing
queues and increasing response time.

Server

Client
-
Server Topology

Client

Client

Client

Client

Record

Searching

Capabilities

Data Manipulation

Capabilities

Client

Data Manipulation

Capabilities

Data Manipulation

Capabilities

Data Manipulation

Capabilities

Data Manipulation

Capabilities

Common

Files

45

Wide Area Network (WAN)


WAN is network dispersed over wider
geographic area than LAN. Typically
requires use of:


gateways

to connect
different types

LANs


bridges

to connect
same type

LANs


WANs may use common carrier facilities


telephone lines or
Value Added
Network (VAN)
.

LAN

LAN

Bridge

Gateway

Gateway

LAN

LAN

WAN

Gateway

47

Electronic Data
Interchange (EDI)


Exchange of business transaction
information:


between companies


in standard format


via computerized information system


In “
pure
” EDI systems,
human involvement is
not necessary
to approve transactions.
(Very
few pure EDI systems.)

EDI

System

Purchases

System

EDI

Translation

Software

EDI

Translation

Software

Communications

Software

Communications

Software

Other

Mailbox

Other

Mailbox

Wal
-
Mart’s

mailbox

Our Company’s

mailbox

Sales Order

System

Application

Software

Application

Software

Direct Connection

VAN

Wal
-
Mart

Our Company

Direct
Connection for
Many
Transactions

VAN for Few

Transactions

49

Advantages of EDI


Reduction or elimination of data entry


Reduction (not elimination) of


errors


paper


paper processing and postage


inventories (via JIT systems)

50