Electronic Commerce

скачати

Electronic Commerce Essay, Research Paper

Electronic Commerce

Initially, the Internet was designed to be used by government and academic users,

but now it is rapidly becoming commercialized. It has on-line “shops”, even

electronic “shopping malls”. Customers, browsing at their computers, can view

products, read descriptions, and sometimes even try samples. What they lack is

the means to buy from their keyboard, on impulse. They could pay by credit card,

transmitting the necessary data by modem; but intercepting messages on the

Internet is trivially easy for a smart hacker, so sending a credit-card number

in an unscrambled message is inviting trouble. It would be relatively safe to

send a credit card number encrypted with a hard-to-break code. That would

require either a general adoption across the internet of standard encoding

protocols, or the making of prior arrangements between buyers and sellers. Both

consumers and merchants could see a windfall if these problems are solved. For

merchants, a secure and easily divisible supply of electronic money will

motivate more Internet surfers to become on-line shoppers. Electronic money

will also make it easier for smaller businesses to achieve a level of automation

already enjoyed by many large corporations whose Electronic Data Interchange

heritage means streams of electronic bits now flow instead of cash in back-end

financial processes. We need to resolve four key technology issues before

consumers and merchants anoint electric money with the same real and perceived

values as our tangible bills and coins. These four key areas are: Security,

Authentication, Anonymity, and Divisibility.

Commercial R&D departments and university labs are developing measures to

address security for both Internet and private-network transactions. The

venerable answer to securing sensitive information, like credit-card numbers, is

to encrypt the data before you send it out. MIT’s Kerberos, which is named

after the three-headed watchdog of Greek mythology, is one of the best-known-

private-key encryption technologies. It creates an encrypted data packet,

called a ticket, which securely identifies the user. To make a purchase, you

generate the ticket during a series of coded messages you exchange with a

Kerberos server, which sits between your computer system and the one you are

communicating with. These latter two systems share a secret key with the

Kerberos server to protect information from prying eyes and to assure that your

data has not been altered during the transmission. But this technology has a

potentially weak link: Breach the server, and the watchdog rolls over and plays

dead. An alternative to private-key cryptography is a public-key system that

directly connects consumers and merchants. Businesses need two keys in public-

key encryption: one to encrypt, the other to decrypt the message. Everyone who

expects to receive a message publishes a key. To send digital cash to someone,

you look up the public key and use the algorithm to encrypt the payment. The

recipient then uses the private half of the key pair for decryption. Although

encryption fortifies our electronic transaction against thieves, there is a

cost: The processing overhead of encryption/decryption makes high-volume, low-

volume payments prohibitively expensive. Processing time for a reasonably safe

digital signature conspires against keeping costs per transaction low.

Depending on key length, an average machine can only sign between twenty and

fifty messages per second. Decryption is faster. One way to factor out the

overhead is to use a trustee organization, one that collects batches of small

transaction before passing them on to the credit-card organization for

processing. First Virtual, an Internet-based banking organization, relies on

this approach. Consumers register their credit cards with First Virtual over

the phone to eliminate security risks, and from then on, they uses personal

identification numbers (PINs) to make purchases.

Encryption may help make the electric money more secure, but we also need

guarantees that no one alters the data–most notably the denomination of the

currency–at either end of the transaction. One form of verification is secure

hash algorithms, which represent a large file of multiple megabytes with a

relatively short number consisting of a few hundred bits. We use the surrogate

file–whose smaller size saves computing time–to verify the integrity of a

larger block of data. Hash algorithms work similarly to the checksums used in

communications protocols: The sender adds up all the bytes in a data packet and

appends the sum to the packet. The recipient performs the same calculation and

compares the two sums to make sure everything arrived correctly. One possible

implementation of secure hash functions is in a zero-knowledge-proof system,

which relies on challenge/response protocols. The server poses a question, and

the system seeking access offers an answer. If the answer checks out, access is

granted.In practice, developers could incorporate the common knowledge into

software or a hardware encryption device, and the challenge could then consist

of a random-number string. The device might, for example, submit the number to a

secure hash function to generate the response.

The third component of the electronic-currency infrastructure is anonymity–the

ability to buy and sell as we please without threatening our fundamental freedom

of privacy. If unchecked, all our transactions, as well as analyses of our

spending habits, could eventually reside on the corporate databases of

individual companies or in central clearinghouses, like those that now track our

credit histories. Serial numbers offer the greatest opportunity for broadcasting

our spending habits to the outside world. Today’s paper money floats so freely

throughout the economy that serial numbers reveal nothing about our spending

habits. But a company that mints an electric dollar could keep a database of

serial numbers that records who spent the currency and what the dollars

purchased. It is then important to build a degree of anonymity into electric

money. Blind signatures are one answer. Devised by a company named DigiCash,

it lets consumers scramble serial numbers. When a consumer makes an E-cash

withdrawal, the PC calculates the number of digital coins needed and generates

random serial numbers for the coins. The PC specifies a blinding factor, a

random number that it uses to multiply the coin serial numbers. A bank encodes

the blinded numbers using its own secret key and debits the consumer’s account.

The bank then sends the authenticated coins back to the consumer, who removes

the blinding factor. The consumer can spend bank-validated coins, but the bank

itself has no record of how the coins were spent.

The fourth technical component in the evolution of electric money is flexibility.

Everything may work fine if transactions use nice round dollar amounts, but that

changes when a company sells information for a few cents or even fractions of

cents per page, a business model that’s evolving on the Internet. Electric-money

systems must be able to handle high volume at a marginal cost per transaction.

Millicent, a division of Digital Equipment, may achieve this goal. Millicent

uses a variation on the digital-check model with decentralized validation at the

vendor’s server. Millicent relies on third-party organizations that take care of

account management, billing, and other administrative duties. Millicent

transactions use scrip, digital money that is valid only for Millicent. Scrip

consists of a digital signature, a serial number, and a stated value (typically

a cent or less). To authenticate transactions, Millicent uses a variation of the

zero-knowledge-proof system. Consumers receive a secret code when they obtain a

scrip. This proves ownership of the currency when it’s being spent. The vendor

that issues the scrip value uses a master-customer secret to verify the

consumer’s secret. The system hasn’t yet been launched commercially, but Digital

says internal tests of transactions across TCP/IP networks indicate the system

can validate approximately 1000 requests per second, with TCP connection

handling taking up most of the processing time. Digital sees the system as a way

for companies to charge for information that Internet users obtain from Web

sites.

Security, authentication, anonymity, and divisibility all have developers

working to produce the collective answers that may open the floodgates to

electronic commerce in the near future. The fact is that the electric-money

genie is already out of the bottle. The market will demand electric money

because of the accompanying new efficiencies that will shave costs in both

consumer and supplier transactions. Consumers everywhere will want the bounty of

a global marketplace, not one that’s tied to bankers’ hours. These efficiencies

will push developers to overcome today’s technical hurdles, allowing bits to

replace paper as our most trusted medium of exchange.

Додати в блог або на сайт

Цей текст може містити помилки.

A Free essays | Essay
13.6кб. | download | скачати


Related works:
E Commerce
What is E-Commerce
Commerce
© Усі права захищені
написати до нас