Chapter 3 • THE INTERNET, INTRANETS, AND ELECTRONIC COMMERCE
The Internet • electronic highway, consisting of various standards and protocols • The Internet has no central command and control structure.
TCP (Transmission Control Protocol) • a protocol for dividing electronic messages into "packets" of information and then reassembling these packets at the receiving end
Internet Protocol (IP) Addresses • specific location of a computer on the Internet--a unique identifier (e.g., 408.78.230.2) • domain name is an alias that can be used in place of the IP number (www.ibm.com) • Domain names and their corresponding IP addresses are kept in the domain name servers (DNSs).
Intranets • in-house networks that use Internet-type protocols. • recently Cisco has announced joint ventures with TCI and others to bring intranet-type technology to homes
Intranet Security • Firewalls limit access to information on company servers from the rest of the world. • Proxy servers filter all outgoing requests for information. Ethical and moral issues emerge from proxy server filters.
Client-Server Technology • A server is program that constantly runs and exchanges information with users who request it. • Clients are programs that access and exchange information with servers. • Examples include mail servers, file servers (File Transfer Protocol--FTP sites), web servers.
World Wide Web • A web server is a server that allows a user (client) to access documents and run computer that reside on remote computers.
Electronic Payment Systems • electronic bill payment systems: payment instructions sent to a bank • credit card systems: credit card information supplied to secure commerce server
Electronic Payment Systems • Secure Electronic Transaction (SET) systems: special type of credit card payment system established by Visa and MasterCard • Secure Sockets Layer (SSL) is another industry-wide protocol for enhancing security and integrity of transactions on the internet.
Security for Electronic Transactions • Encryption involves using a password or digital key to scramble a readable (plaintext) message into an unreadable (ciphertext) message.
Types of Encryption Systems • Secret Key • Public Key • Hybrid
Secret key Encryption • the same key is used for both encrypting and decrypting a message
Public Key Encryption • two keys are used in association with each encrypted message, one key to encrypt the message and another key to decrypt it
Hybrid Systems and Digital Envelopes • A random key generated by sender encrypts message. • Using the recipient’s public key, the random key is encrypted, and both the encrypted message and the random key is sent to the recipient in a digital envelope. • The recipient then uses his/her private key to decrypt the random key and then decrypt the message.
Digital Signatures • What is a digital signature? • There are significant implications for accountants. For example, Impact on how transactions will be authorized Impact on how authenticity of transactions will be verified by auditors
Cryptanalysis • various techniques for analyzing encrypted messages for purposes of decoding them without legitimate access to the keys
factoring attack • the private key can be deduced by factoring the public key into to prime numbers
key attacks • most attacks against public key systems are likely to be made at the key management level
Digital Certificates • digital documents that attest to the fact that a particular public key belongs to a particular individual or organization • Digital certificates are issued by some certifying authority (CA). • Examples of Digital Certificates Fidelity NetBenefits Discover Dean Witter
Certification • The CA creates a digital certificate by digitally signing a document that includes the name of the person being certified, that person s public key, the name of the CA, the expiration date of the key being certified, and the expiration date of the certificate.
Certificate Revocation Lists (CRLs) • a list of public keys that have been revoked before their expiration dates. • Certificate Chains: certificates can be linked together in chains. • Certificate Signing Units: protect private keys.
Virtual Cash Systems • Digital Cash: a bank digitally signs an electronic bank note • Blinded Digital Cash: a bank to issues digital cash so that it is unable to link the payer to the payee.
Virtual Cash in Electronic Cards • Smart cards are hand-held electronic cards that are used for payments.