OHT 11.1 © Marketing Insights Limited 2004 Chapter 9 Analysis and Design EC Security.

Slides:



Advertisements
Similar presentations
09/04/2015Unit 2 (b) Back-Office processes Unit 2 Assessment Criteria (b) 10 marks.
Advertisements

CP3397 ECommerce.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Chaffey: Internet Marketing, 2nd edition © Pearson Education Limited 2003 OHT 3.1 Chapter 3 The Internet macro-environment.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Electronic Transaction Security (E-Commerce)
Introduction To System Analysis and Design
Practical Object-Oriented Design with UML 2e Slide 1/1 ©The McGraw-Hill Companies, 2004 PRACTICAL OBJECT-ORIENTED DESIGN WITH UML 2e Chapter 5: Restaurant.
Chapter 3 Database Management
Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Chapter 7 Storing Organizational Information - Databases.
BUSINESS DRIVEN TECHNOLOGY
Chapter 8 Web Security.
Mgt 20600: IT Management & Applications Databases Tuesday April 4, 2006.
Ecommerce Applications 2009/10 Session 31 E-Commerce Applications E-payment.
Software Development Unit 2 Databases What is a database? A collection of data organised in a manner that allows access, retrieval and use of that data.
Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.
Chapter 11 Analysis and Design
Chapter 11 Analysis and Design
CIS 1310 – HTML & CSS 12 E-Commerce Overview. CIS 1310 – HTML & CSS Learning Outcomes  Define E-commerce  Identify Benefits & Risks of E-Commerce 
PART THREE E-commerce in Action Norton University E-commerce in Action.
Secure Electronic Transaction (SET)
OHT 11.1 © Marketing Insights Limited 2004 Chapter 11 Analysis and Design.
Chaffey: Internet Marketing, 2nd edition © Pearson Education Limited 2003 OHT 3.1 Chapter 3 The Internet macro-environment.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
E-commerce Vocabulary Terms. E-commerce Buying and selling of goods, services, or information via World Wide Web, , or other pathways on the Internet.
E-commerce Vocabulary Terms By: Laura Kinchen. Buying and selling of goods, services, or information via World Wide Web, , or other pathways on the.
1 12 Systems Analysis and Design in a Changing World, 2 nd Edition, Satzinger, Jackson, & Burd Chapter 12 Designing Systems Interfaces, Controls, and Security.
Securing Electronic Transactions University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Cryptography, Authentication and Digital Signatures
Chapter 4 Getting Paid. Objectives Understand electronic payment systems Know why you need a merchant account Know how to get a merchant account Explain.
E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.
Dimensions of E – Commerce Security
Web Security : Secure Socket Layer Secure Electronic Transaction.
Copyright 2002 Prentice-Hall, Inc. Chapter 2 Object-Oriented Analysis and Design Modern Systems Analysis and Design Third Edition Jeffrey A. Hoffer Joey.
Storing Organizational Information - Databases
Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.
ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Slide 11.1 Dave Chaffey, E-Business and E-Commerce Management, 4 th Edition, © Marketing Insights Limited 2009 Chapter 11 Analysis and design.
OBJECTIVES  To understand the concept of Electronic Payment System and its security services.  To bring out solution in the form of applications to.
IAD 2263: System Analysis and Design Chapter 7: Designing System Databases, Interfaces and Security.
© 2003 Prentice Hall, Inc.3-1 Chapter 3 Database Management Information Systems Today Leonard Jessup and Joseph Valacich.
Networking E-commerce. E-commerce ► A general term used to describe the buying and selling of products or services over the Internet. ► This covers a.
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Chapter 7 Storing Organizational Information - Databases.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
Slide 11.1 CHAPTER 11 ANALYSIS AND DESIGN. Slide 11.2 Learning outcomes  Summarize approaches for analyzing requirements for e-business systems  Identify.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
E-Business – Technology and Networks Barani institute of Management sciences Fazal Rehman Shamil
Electronic Banking & Security Electronic Banking & Security.
Copyright © Terry Felke-Morris Web Development & Design Foundations with HTML5 8 th Edition CHAPTER 12 KEY CONCEPTS 1 Copyright.
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Chapter 7 Storing Organizational Information - Databases.
E- Tour VIII : Analysis & design E. Widodo. 2 e- Objectives Understand some approaches to analyze requirements of e-Business solution.Understand some.
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
Chapter 3 The Internet macro-environment
PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471
Chapter 5 Electronic Commerce | Security
Chapter 11 Analysis and design
Presentation transcript:

OHT 11.1 © Marketing Insights Limited 2004 Chapter 9 Analysis and Design EC Security

OHT 11.2 © Marketing Insights Limited 2004 Workflow management Workflow is ‘the automation of a business process, in whole or part during which documents, information or tasks are passed from one participant to another for action, according to a set of procedural rules.’ Examples: Booking a holiday Handling a customer complaint Receiving a customer order

OHT 11.3 © Marketing Insights Limited 2004 Process modelling Often use a hierarchical method of establishing –the processes and their constituent sub- processes –the dependencies between processes –the inputs (resources) needed by the processes and the outputs Complete activity 11.2 using Figure 11.2 and Table 11.2 for how to improve processes

OHT 11.4 © Marketing Insights Limited 2004 Symbols used for flow process charts Figure 11.2 Symbols used for flow process charts

OHT 11.5 © Marketing Insights Limited 2004 Flow process chart showing the main operations performed by users when working using workflow software Figure 11.3 Flow process chart showing the main operations performed by users when working using workflow software

OHT 11.6 © Marketing Insights Limited 2004 Data modelling Uses well established techniques used for relational database design Stages: 1.Identify entities 2.Identify attributes of entities 3.Identify relationships

OHT 11.7 © Marketing Insights Limited Identify entities Entities define the broad groupings of information such as information about different people, transactions or products. Examples include customer, employee, sales orders, purchase orders. When the design is implemented each design will form a database table. Entity A grouping of related data, example customer entity. Implementation as table. Database table Each database comprises several tables.

OHT 11.8 © Marketing Insights Limited Identify attributes Entities have different properties known as attributes that describe the characteristics of any single instance of an entity. For example, the customer entity has attributes such as name, phone number and address. When the design is implemented each attribute will form a field, and the collection of fields for one instance of the entity such as a particular customer will form a record. Attribute A property or characteristic of an entity, implementation as field. K Field Attributes of products, example date of birth. L Record A collection of fields for one instance of an entity, example Customer Smith.

OHT 11.9 © Marketing Insights Limited Identify relationships The relationships between entities requires identification of which fields are used to link the tables. For example, for each order a customer places we need to know which customer has placed the order and which product they have ordered. As is evident from Figure 11.5, the fields customer id and product id are used to relate the order information between the three tables. The fields that are used to relate tables are referred to as key fields. A primary is used to uniquely identify each instance of an entity and a secondary key is used to link to a primary key in another table. Relationship Describes how different tables are linked. Primary key The field that uniquely identifies each record in a table. Secondary key A field that is used to link tables, by linking to a primary key in another table.

OHT © Marketing Insights Limited 2004 Generic B2C ER diagram Figure 11.5 Generic B2C ER diagram

OHT © Marketing Insights Limited 2004 Client / server architecture – separation of functions Data storage. Predominantly on server. Client storage is ideally limited to cookies for identification of users and session tracking. Cookie identifiers for each system user are then related to the data for the user which is stored on a database server. Query processing. Predominntly on the server, although some validation can be performed on the client. Display. This is largely a client function. Application logic. Traditionally, in early PC applications this has been a client function, but for e-business systems the design aim is to maximize the application logic processing including the business rules on the server.

OHT © Marketing Insights Limited 2004 Three-tier client server in an e-business environment Figure 11.6 Three-tier client server in an e-business environment

OHT © Marketing Insights Limited 2004 E-business architecture for the B2C company Figure 11.7 E-business architecture for The B2C Company

OHT © Marketing Insights Limited 2004 User centred design ‘Unless a web site meets the needs of the intended users it will not meet the needs of the organization providing the web site. Web site development should be user- centred, evaluating the evolving design against user requirements.’ (Bevan, 1999a)

OHT © Marketing Insights Limited 2004 Analysis considerations (Bevan) Who are the important users? What is their purpose for accessing the site? How frequently will they visit the site? What experience and expertise do they have? What nationality are they? Can they read English? What type of information are they looking for? How will they want to use the information: read it on the screen, print it or download it? What type of browsers will they use? How fast will their communication links be? How large a screen/window will they use, with how many colours?

OHT © Marketing Insights Limited 2004 Use-case analysis The use-case method of process analysis and modelling was developed in the early 1990s as part of the development of object-oriented techniques. It is part of a methodology known as Unified Modelling Language (UML) that attempts to unify the approaches that preceded it such as the Booch, OMT and Objectory notations. Use-case modelling A user-centred approach to modelling system requirements. Unified Modelling Language (UML) A language used to specify, visualize and document the artefacts of an object-oriented system.

OHT © Marketing Insights Limited 2004 Schneider and Winters (1998) stages in Use Case Identify actors. Actors are typically application users such as customers and employers also other systems. Identify use-cases. The sequence of transactions between an actor and a system that support the activities of the actor. Relate actors to use-cases. See Figure Develop use-case scenarios. See Figure 11.9 for a detailed scenario.

OHT © Marketing Insights Limited 2004 Relationship between actors and use-cases for the B2C Company, sell-side e-commerce site Figure 11.8 Relationship between actors and use-cases for The B2C Company, sell-side e-commerce site

OHT © Marketing Insights Limited 2004 Parties involved in secure transactions Purchasers. These are the consumers buying the goods. Merchants. These are the retailers. Certification Authority (CA). This is a body that issues digital certificates that confirm the identity of purchasers and merchants. Banks. These are traditional banks. Electronic token issuer. A virtual bank that issues digital currency.

OHT © Marketing Insights Limited 2004 Main security risks (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from merchant’s server. (c) Merchant or customer is not who they claim to be.

OHT © Marketing Insights Limited 2004 Security requirements for e-commerce Authentication – are parties to the transaction who they claim to be? Privacy and confidentiality – is transaction data protected? The consumer may want to make an anonymous purchase. Are all non-essential traces of a transaction removed from the public network and all intermediary records eliminated? Integrity – checks that the message sent is complete i.e. that it isn’t corrupted. Non-repudiability – ensures sender cannot deny sending message. Availability – how can threats to the continuity and performance of the system be eliminated?

OHT © Marketing Insights Limited 2004 Public-key or asymmetric encryption Figure Public-key or asymmetric encryption

OHT © Marketing Insights Limited 2004 SET Figure An example of the Secure Electronic Transaction (SET) standard

OHT © Marketing Insights Limited 2004 The Open Buying on the Internet model for business-to-business e-commerce Figure The Open Buying on the Internet model for business-to-business e-commerce transactions