CHAPTER 12
ELECTRONIC COMMERCE SYSTEMS
1. REVIEW QUESTIONS
Chapter 1 Page 2
1. Packet switching refers to a communication technology whereby messages are first
3. The Internet uses three types of addresses for communications: (1) email
4. The format for an email address is USER NAME @ DOMAIN NAME. For example,
the address of the author of this textbook is jah0@lehigh.edu There are no spaces
5. Network protocols are the rules and standards governing the design of hardware
and software that permit users of networks manufactured by different vendors to
communicate and share data. Without protocols, data transmission between two
6. TCP (Transfer Control Protocol) ensures that the total number of bytes transmitted is
7. HTTP (Hypertext Transfer Protocol) controls Web browsers that access the Web.
8. HTTP-NG is the new generation of the Hypertext Transfer Protocol. It is an
9. Virtualization is the technology that has unleashed cloud computing. Virtualization
multiplies the effectiveness of the physical system by creating virtual (software)
versions of the computer with separate operating systems that reside in the same
Chapter 1 Page 3
10. IP spoofing is a form of masquerading by which the disguises his or her identity by
11. Cookies are files that contain information about a visitor of a company’s Web site.
The cookie is stored on the visitor’s computer. When a visitor returns to the
12. Network virtualization increases effective network bandwidth by dividing it into
independent channels, which are then assigned to separate virtual computers.
13. A smurf attack involves the perpetrator, the intermediary, and the victim. In a smurf
14. A ping is an internet maintenance tool that is used to test the state of network
congestion and determine whether a particular host computer is connected and
15. A seal of assurance is a certificate stating the legitimacy of Web sites. It is offered
by third-party organizations that are charged with determining whether the company
21. Cloud computing offers three primary classes of computing services:
22. Software-as-a-Service (SaaS) is a software distribution model in which service
Chapter 1 Page 4
23. One advantage to the client is that the Infrastructure-as-a-Service (IaaS) provider
24. The Open System Interface (OSI) Network Protocol model provides standards by
2. DISCUSSION QUESTIONS
1. Protocols serve network functions in several ways. First, they facilitate the physical
connection between the network devices. Through protocols, devices are able to
Second, protocols synchronize the transfer of data between physical devices. This
Third, protocols provide a basis for error checking and measuring network
performance. This is done by comparing measured results against expectations. For
Fourth, protocols promote compatibility among network devices. To successfully
transmit and receive data, the various devices involved in a particular session must
Finally, protocols promote network designs that are flexible, expandable, and
Chapter 1 Page 5
2. The TCP portion of the TCP/IP protocol supports the transport function of the OSI
model. This ensures that the total number of data bytes transmitted was received.
The IP component provides the routing mechanism. Every server and computer in a
3. FTP (File Transfer Protocol) is used to transfer text files, programs, spreadsheets,
and databases across the Internet. TELNET is a terminal emulation protocol used on
4. Information Level: At this level of activity an organization uses the Internet to
display information about the company, such as its products, services, and business
policies. This level involves little more than creating a Web site. This is the first step
are maintained by an ISP. To be successful at this level the organization must ensure
that:
Transaction Level: Organizations involved at the transaction level use the Internet to
accept orders from customers and/or to place them with their suppliers. This involves
e-commerce. Success in this domain involves creating an environment of trust to
resolve some key concerns. These include:
Distribution Level: Organizations operating on this level are using the Internet to sell and
deliver digital products to customers. These include subscriptions to online news
Chapter 1 Page 7
5. A dynamic business alliance with other organizations to fill unique market niches as
the opportunities arise. These may be long-lasting partnerships or one-time
6. A key difference between ASP and Saas is the nature of the software product being
hosted. ASPs typically host the software of third-party software vendors, which is
configured to the unique needs of the client organization and requires installation of
7. The information needs of large companies are often in conflict with the cloud solution
for the following three reasons. First, large firms have typically already incurred
massive investments in equipment, proprietary software, and human resources.
8. Cookies are files containing user information that are created by the Web server of
the site being visited and are then stored on the visitor’s own computer hard drive.
Cookies contain the URLs of sites visited by the user. When the site is revisited, the
user’s browser sends the specific cookies to the Web server. The original intent
Cookies allow Web sites to off-load the storage of routine information about
vast numbers of visitors. It is far more efficient for a Web server to retrieve this
Chapter 1 Page 8
9. Cookies are text (.txt) files that can be read with any text editor. Some Web sites
store user passwords in cookies. If the passwords are not encrypted (discussed
later) before being stored, then anyone with access to the computer can retrieve the
cookies and the passwords. Thus, when a computer in the workplace is shared by
10. A criminal may use IP spoofing to make a message appear to be coming from a
trusted or authorized source and thus slip through control systems designed to
11. A distributed denial of service (DDos) attack may take the form of a SYN flood or
Smurf attack. The distinguishing feature of the DDos is the sheer scope of the
12. Digital Envelope. RSA (Rivest-Shamir-Adleman) is a highly secure public key
cryptography method. This method is, however, computationally intensive and much
Chapter 1 Page 9
13. A digital signature is electronic authentication that cannot be forged. It ensures that
the message or document transmitted originated with the authorized sender and that
it was not tampered with after the signature was applied. The digital signature is
derived from the computed digest of the document that has been encrypted with the
sender’s private key. The sender uses a one-way hashing algorithm to calculate a
digest of the text message. The digest is a mathematical value calculated from the
14. A digital certificate is used to verify the sender’s identity. It is issued by a trusted third
party called a certification authority (CA). A digital certificate is used in conjunction
with a public key encryption system to authenticate the sender of a message. The
15. Network-level firewalls provide low-cost and low-security access control. This type of
firewall consists of a screening router that examines the source and destination
addresses that are attached to incoming message packets. The firewall accepts or
Chapter 1 Page 10
Application-level firewalls provide a high level of customizable network security,
but can be extremely expensive. These systems are configured to run security
applications called proxies that permit routine services such as email to pass
16. A certification authority is an independent and trusted third party empowered with
responsibility to vouch for the identity of organizations and individuals engaging in
Internet commerce. The question then becomes, who vouches for the CA? How
17. Better Business Bureau. The Better Business Bureau (BBB) is a non-profit
organization that has been promoting ethical business practices through
self-regulation since 1912. BBB has extended its mission to the Internet through a
wholly owned subsidiary called BBBOnline, Inc. To qualify for the BBBOnline seal an
organization must:
The assurance provided by BBBOnline relates primarily to concerns about business
policies, ethical advertising, and consumer privacy. BBBOnline does not verify
controls over transaction-processing integrity and data-security issues.
TRUSTe. Founded in 1996, TRUSTe is a non-profit organization dedicated to
improving consumer privacy practices among Internet businesses and Web sites. To
qualify to display the TRUSTe seal the organization must:
TRUSTe addresses consumer privacy concerns exclusively and provides a
mechanism for posting consumer complaints against its members. If a
Veri-Sign, Inc. Veri-Sign, Inc. was established as a for-profit organization in 1995.
Veri-Sign, Inc. provides assurance regarding the security of transmitted data. The
organization does not verify security of stored data or address concerns related to
business policies, business processes, or privacy. Its mission is to “provide digital
ICSA. The International Computer Security Association (ICSA) established its Web
Certification Program in 1996. ICSA certification addresses data security and privacy
AICPA/CICA WebTrust. The AICPA and CICA established the WebTrust program in
1997. To display the AICPA/CICA WebTrust seal the organization must undergo an
18. The primary difference between LANs and WANs is the geographic area coverage.
LANs are typically confined to a single room, floor, or building. WANs are used to
Chapter 1 Page 12
19. Physical Layer: The first and lowest level in the protocol defines standards for the
physical interconnection of devices to the electronic circuit. This level is concerned
Data Link Layer: Data link protocols are concerned with transmission of packets of
data from node to node based on the workstation address. This includes message
Network Layer: Network layer protocols deal with the routing and relaying of data to
different LANs and WANs based on the network address. They specify how to
Transport Layer: The purpose of the transport layer is to ensure delivery of the
entire file or message across individual networks and multiple networks, regardless
In addition, the transport layer seeks the connection between users that best meets
the users’ needs for message packeting and multiplexing messages. These
Session Layer: A session is a specific connection between two users or entities on
the network. The purpose of this layer is to guarantee a correct and synchronized
connection. At this level, the protocols for starting a session may require a user
Presentation Layer: Data in transit are often in a format that is very different from
that required by the user’s application. During transmission, data may be
Application Layer: The application layer provides the overall environment for the
user or the user’s application to access the network. This layer provides what are
Chapter 1 Page 13
called “common application services.” These services—common to all
communicating applications—include protocols for network management, file