1 chapter 12 electronic commerce systems copyright © 2007 thomson south-western, a part of the...
TRANSCRIPT
1
Chapter 12
Electronic Commerce Systems
COPYRIGHT © 2007 Thomson South-Western, a part of The Thomson Corporation. Thomson, the Star logo, and South-
Western are trademarks used herein under license
Objectives for Chapter 12 Topologies that are employed to achieve connectivity
across the Internet Protocols and understand the specific purposes
served by several Internet protocols Business benefits associated with Internet commerce
and be aware of several Internet business models Risks associated with intranet and Internet electronic
commerce Issues of security, assurance, and trust pertaining to
electronic commerce Electronic commerce implications for the accounting
profession
Internet Technologies Packet switching
messages are divided into small packets each packet of message takes different route
Virtual private network (VPN) a private network within a public network you may connect to UTEP via a VPN
Extranets password controlled network for private users – often
outside the company, but includes trading partners (vendors & customers)
World Wide Web an Internet facility that links users locally and globally
Internet addresses e-mail address URL address IP address
What is E-Commerce? The electronic processing and
transmission of business dataelectronic buying and selling of goods and
serviceson-line delivery of digital productselectronic funds transfer (EFT)electronic trading of stocksdirect consumer marketing electronic data interchange (EDI) the Internet revolution
5
Benefits of E-CommerceAccess to worldwide customer and/or
supplier baseReductions in inventory investment
and carrying costsReductions in procurement costsBetter customer service Rapid creation of business partnerships to
fill emerging market niches Reductions in retail prices through lower
marketing costs
7
General Concerns
Data Security: Are stored and transmitted data adequately protected?
Business Policies: Are policies publicly stated and consistently followed?
Privacy: How confidential are customer and trading partner data?
Business Process Integrity: How accurately, completely, and consistently does company process its transactions?
8
Intranet Risks Intercepting Network Messages
sniffing: interception of user IDs, passwords, confidential e-mails, and financial data files
Accessing Corporate Databases connections to central corporate databases
increase risk that data will be viewed, corrupted, changed, or copied by employees
Uncontrolled Expansion ill-conceived network decisions create serious
threat
9
Internet Risks to Businesses
IP Spoofing: masquerading to gain access to Web server and/or to perpetrate unlawful act without revealing one’s identity
Technology Failures: disruption caused by hardware failure causes e-business to lose customer credibility and sales revenues
Malicious Programs: viruses, worms, logic bombs, and Trojan horses pose threats to both Internet and Intranet users
DOS Attack
Sender Receiver
Step 1: SYN messages
Step 2: SYN/ACK
Step 3: ACK packet code
In a DOS Attack, the sender sends hundreds of messages, receives the SYN/ACK packet, but does not response with an ACK packet. This leaves thereceiver with clogged transmission ports, and legitimate messages cannot be received.
12
Network Control Objectives
establish communications session between sender and receiver
manage flow of data across network
detect errors in data caused by line failure or signal degeneration (static)
detect and resolve data collisions between competing nodes
POLLING METHOD OF CONTROLLING DATA COLLISIONS
MASTERLocked Locked
Locked
Polling Signal
Data Transmission
The “master” polls “slave” sites to determine if they have data to transmit.If a slave responds in affirmative, Master locks network while data are transmitted.
Allows priorities to be set for data communications across the network
SLAVE
SLAVE
SLAVE
SLAVE
WAN
Server
Token Ring
Node
Node
Node
Central Files
Local Files
Local Files
Local Files
Contains data
Empty token
15
Carrier Sensing Random access technique that detects
collisions when they occur (stepping out in traffic)
Widely used--found on Ethernets. Node wishing to transmit “listens” to line to
determine if it is in use. If line is busy, it waits a pre-specified amount of time (seconds) to transmit.
Collisions occur when two nodes listen, hear no messages transmitting, and then simultaneously begin transmitting. Data collides and two nodes are instructed to hang up and try again.
Disadvantage: Becomes a problem as network traffic increases. Line may not be used optimally when multiple nodes are trying to transmit simultaneously.
17
EncryptionProgram
EncryptionProgram
CommunicationSystem
CommunicationSystem
CleartextMessage
CleartextMessage
Data Encryption
Ciphertext
Ciphertext
Company A
Company B
Private Key
18
Public Key Encryption
Two keys Sender encodes message with Public
key Recipient decrypts with Private key After encryption, Sender cannot decrypt
Company A Company B
E-Commerce Security: Digital AuthenticationDigital signature: electronic
authentication technique that ensures that transmitted message originated with authorized sender and that it was not tampered with after the signature was applied
Digital certificate: like an electronic identification card that is used in conjunction with a public key encryption system to verify authenticity of the message sender
20
E-Commerce Security: FirewallsFirewalls - software and hardware that
provide focal point for security by channeling all network connections through controlled gateway
Network level firewalls - low cost/low security access control. Uses screening router to its destination. This method does not explicitly authenticate outside users. Hackers may penetrate system using an IP spoofing technique.
Application level firewalls - high level/high cost customizable network security. Allows routine services and e-mail to pass through, but can perform sophisticated functions such as logging or user authentication for specific tasks.
Assurance
“Trusted” third-party organizations offer seals of assurance that businesses can display on their Web site home pages: BBB TRUSTe Veri-Sign, Inc ICSA AICPA/CICA WebTrust AICPA/CICA SysTrust
Implications for AccountingPrivacy violation
major issues:a stated privacy policyconsistent application of stated privacy
policieswhat information is the company capturingsharing or selling of informationability of individuals and businesses to
verify and update information on them 1995 Safe Harbor Agreement
establishes standards for information transmittal between US and European companies
Implications for Accounting
Audit implication for XBRL taxonomy creation: incorrect
taxonomy results in invalid mapping that may cause material misrepresentation of financial data
validation of instance documents: ensure that appropriate taxonomy and tags have been applied
audit scope and timeframe: impact on auditor responsibility as a consequence of real-time distribution of financial statements
Implications for Accounting
Continuous process auditing auditors review transactions at frequent
intervals or as they occur intelligent control agents: heuristics
that search electronic transactions for anomalies
Electronic audit trails electronic transactions generated
without human intervention no paper audit trail
Implications for AccountingConfidentiality of data
open system designs allow mission-critical information to be at the risk to intruders
Authentication in e-commerce systems, determining the
identity of the customer is not a simple task
Nonrepudiation repudiation can lead to uncollected
revenues or legal action use digital signatures and digital
certificates
Implications for Accounting
Certification authority (CA) licensing trusted 3rd party vouches for identity
Data integrity determine whether data has been
intercepted and alteredAccess controls
prevent unauthorized access to data Changing legal environment
provide client with estimate of legal exposure
28
Protocol FunctionsFacilitate physical connection
between network devices.Synchronize transfer of data
between physical devices.Provide basis for error checking
and measuring network performance.
Promote compatibility among network devices.
Promote network designs that are flexible, expandable, cost-effective.
29
Internet ProtocolsTransfer Control Protocol/Internet
Protocol (TCP/IP) - controls how individual packets of data are formatted, transmitted, received
Hypertext Transfer Protocol (HTTP) - controls web browsers – not the same as HTML
File Transfer Protocol (FTP) - used to transfer files across Internet
Simple Network Mail Protocol (SNMP) - e-mail
Secure Sockets Layer (SSL) and Secure Electronic Transmission (SET) - encryption schemes
HTML: Hyper Text Markup Language
Format used to produce Web pages Defines page layout, fonts, and graphic elements used to lay out information for display in an
appealing manner like one sees in magazines and newspapers
using both text and graphics (including pictures) appeals to users
Hypertext links to other documents on the Web Even more pertinent is HTML’s support for
hypertext links in text and graphics that enable the reader to ‘jump’ to another document located anywhere on World Wide Web.
XML: eXtensible Markup Language
XML is meta-language for describing markup languages.
Extensible means that any markup language can be created using XML. Includes creation of markup languages capable
of storing data in relational form, where tags (formatting commands) are mapped to data values
can be used to model the data structure of an organization’s internal database
XBRL: eXtensible Business Reporting Language
XBRL is an XML-based language for standardizing methods for preparing, publishing, and exchanging financial information, e.g., financial statements.
XBRL taxonomies are classification schemes. Advantages:
Business offer expanded financial information to all interested parties virtually instantaneously.
Companies that use XBRL database technology can further speed the process of reporting.
Consumers import XBRL documents into internal databases and analysis tools to greatly facilitate their decision-making processes.
35
Local Area Network (LAN)
Computers located close together (in same building/campus) linked together to share data/software/hardware
Physical connection of workstations to LAN is achieved through network interface card (NIC)
Server stores network operating system, application programs, and data to be shared.
37
Star Topology
Network of workstations with large central computer (host)
Host computer has direct connections to workstations
All communications must go through host computer. Can do local processing even if host is down.
Local Data Local Data
Local Data
Local Data
Central Data
Topeka St. Louis
KansasCity
DallasTulsa
Star Network
39
Ring Topology
Configuration eliminates central site. All nodes are of equal status (peers).
Responsibility for managing communications is distributed among nodes.
Common resources shared by all nodes can be centralized/managed by file server that is also node.
41
Bus Topology
Nodes are all connected to common cable - the bus.
Communications and file transfers between workstations are controlled by server.
Generally less costly to install than ring topology.
Server
Bus Topology
Node
Node
Node
Node
Local Files
Local FilesLocal Files
Local Files
Local FilesNode
Central Files
Print Server
Client-Server TopologyThis configuration distributes the
processing between user’s (client’s) computer and central file server.
Both types of computers are part of network, but each is assigned functions that it best performs.
This approach reduces data communications traffic, thus reducing queues and increasing response time.
Server
Client-Server Topology
Client
Client
Client
Client
RecordSearchingCapabilities
Data ManipulationCapabilities
ClientData ManipulationCapabilities
Data ManipulationCapabilities
Data ManipulationCapabilities
Data ManipulationCapabilities
Common Files
45
Wide Area Network (WAN)
WAN is network dispersed over wider geographic area than LAN. Typically requires use of: gateways to connect different types
LANs bridges to connect same type LANs
WANs may use common carrier facilities telephone lines or Value Added
Network (VAN).
47
Electronic Data Interchange (EDI)
Exchange of business transaction information: between companies in standard format via computerized information system
In “pure” EDI systems, human involvement is not necessary to approve transactions. (Very few pure EDI systems.)
EDI System
PurchasesSystem
EDI TranslationSoftware
EDI TranslationSoftware
CommunicationsSoftware
CommunicationsSoftware
OtherMailbox
OtherMailbox
Wal-Mart’smailbox
Our Company’smailbox
Sales OrderSystem
ApplicationSoftware
ApplicationSoftware
Direct Connection
VAN
Wal-Mart Our Company
Direct Connection for
Many Transactions
VAN for FewTransactions
49
Advantages of EDI
Reduction or elimination of data entry
Reduction (not elimination) of errors paper paper processing and postage inventories (via JIT systems)