e commerce

assinment part 2  due 25 th January

Page 1

Electronic Commerce Systems (ISY10058)
Assignment 2

Title Development of an e-commerce website

Weight 30% of overall unit assessment

Due time 12 Jan 2018 11:00 PM for Assignment 2-1
25 Jan 2018 11:00 PM for Assignment 2-2

Length Maximum 1500 words for Assignment 2-1

Task description

You will develop a prototype (front end) of e-commerce website for a real or fictional
business.

This assignment includes 2 parts:

 Assignment2-1 is a system analysis and front-end website design document.

 Assignment2-2 is a prototype of an e-commerce website which is built according
to Asignment2-1. (The prototype may not fully operate, and you don’t need to
write programs.)

Objectives

Assignment2-1

 You should outline the business background and its customers/visitors, and the
aim of developing the website.

 You should analyse the business by utilizing at least 2 of the following

tools

o SWOT analysis
o Audience analysis
o Environment analysis
o Risk analysis
o Scope analysis
o Structure chart

 You should determine the objectives to develop the website according to the
above business analysis. The objectives include
o Online marketing – You should determine and discuss a marketing

strategy in the context of the website.

o Online sale/purchase – The website should have at least 10 products
within at least 4 categories. Visitors can complete purchase from viewing a
catalogue through to receiving order confirmation.

o Customer centric design – You should analyse the targeted visitors, and
develop solutions for usability, accessibility, interactivity, personalization,
etc.

o Trust creation and maintenance – You should outline and explain types of
trust that are relevant to the website.

o Other objectives, such as implementation of security, recruitment, special
e-commerce environment, new e-payment system, etc.

 You should develop your solutions (functions, features and/or components of the
site) for the above objectives. For example, catalogue, shopping cart and
transaction processing are the basic functions for online sale. Business
information, customer support/help, security statement, privacy policy, virtual
community, etc. are examples for one or more objectives. Relating current
technologies, such as Web 2.0, mobile technology and artificial Intelligence, will
be a bonus. You should try to avoid functions, components or features that annoy
the visitors.

 You should utilise a concept map to summarise the relationship among the
above aim, objectives and solutions.

 You should design the website according to the above analysis, where o

You should ustilise a navigation map hyperlink structure design, and o

You should utilise story boards for web page design.

You should organise document contents logically.

You can revise or update the analysis/design document after it is submitted initially, and
submit the updated version of Assignment2-1 together with Assignment2-2. In the
updated version, changes must be highlighted or indicated clearly. Significant changes
to the original analysis/design indicate a poor original analysis/design, and therefore you
can’t get additional marks from the revision work.

Assignment2-2

You are required to build an e-commerce website by utilizing an authoring tool.
Microsoft Expression Web 4 is recommended. Your website must be assessable
without installing it to a server.

 Your website should completely and accurately implement the design in
Assignment2-1.

 Your website should be user-friendly according to customer centered design.

 Hyperlinks in your website should be intuitive and functional. While programs for
the back-end processing are not required, the site should explain the back-end
processes, where appropriate. For example, you designed to include a search
function, which allows a visitor to enter keywords and click a button or use the
Enter key to activate a search. Although the search function may not actually
operate, the site should respond with a dummy search result, or provide an
explanation about what happens.

Page 2

Page 3

Marking criteria

Maximum
Category Specific criteria marks

Understanding of issues Concise and relevant description of the

business and customers (5)

Appropriate marketing strategy (5) 15

Logical analysis of technical and social issues

(customer centric design, trust, etc.) (5)

Requirement analysis Complete and logical e-commerce solutions 10

(10)

Accurate and complete concept map (5)

Use of analysis/design

tools

Accurate and complete story boards (10)
25

Intuitive navigation map (5)

Appropriate other 2 tools (5)

Complete and accurate implementation of

design (20)

Effective components (Quality and number of

Website elements for e-commerce) (15) 45

Friendly and workable website (5)

Appealing presentation (layout and

components) (5)

Authoring skill Capable in using authoring tool (5) 5

Total mark 100

Document Format
 Assignment2-1 must be word-processed using MS-Word.
 Assignment2-1 must contain an assignment cover sheet.
 Filename = YourLastNameFirstInitial_ISY10058_Ass2-1 x

e.g. SmithJ_ISY10058_Ass2-1 x.

An analysis and design document is not a traditional report. In Assignment2-1, abstract,
conclusions and recommendations are not necessary.

Assignment submission

You should submit Assignment2-1 in the Turnitin assignment box for your location at the
Blackboard of this unit.

For Assignment2-2, you should classify the files (including revised version of
Assignment2-1), organize them in different folders according to the classification, and
include them in a zip file. The file name should be
YourLastNameFirstInitial_ISY10058_Ass2-2.zip, e.g. SmithJ_ISY10058_Ass2-1.zip.
You should make sure you have deleted all the files that are not used for your website
before submission. You should submit the single zip file by email to your
lecturer/tutor/maker.

Page 4

Lecture 10
Chapter 10
Implementing
E-commerce Security

Implementing E-commerce Security

A tool to manage e-commerce security

*

Implementing E-commerce Security

Tools for Assignment2-1
SWOT (business analysis)
Competitive environment (commerce/society)
Technology
Audience analysis (market segmentation)
Needs of potential customers
Marketing strategy
Risk analysis (revision of Assignment2-1)
Security risks & decisions to manage risks
Concept map
Aim-objective-solution for system analysis
Story board
Customer-centric design (web pages)

*

Implementing E-commerce Security

1. Security of Communication Channel
Cryptography
Cryptography is the science to create a message that only the sender and designated receiver can interpret.
Encryption is a ‘locking’ process of coding data to produce an unintelligible string of characters (cipher text) with
a program that implement an encryption algorithm
a secret key (a parameter)
Decryption is the unlocking process.

*

Implementing E-commerce Security

1. Security of Communication Channel
Metaphor
Cryptography
technology of a safe
Algorithm
design of a safe
Program
safe product
Keys
keys

*

Implementing E-commerce Security

1. Security of Communication Channel (Ctd)

symmetric key
asymmetric keys

Red dot indicates private key

*

Implementing E-commerce Security

1. Security of Communication Channel (Ctd)
Cryptography (Ctd)
Symmetric key
Message sender encodes data and the receiver decodes the data with the same key.
1-to-1 interactive data transmission
A symmetric key has 2 copies.
1234 5678 S
1234 5678 S
$^@$#^$&+*

*

Implementing E-commerce Security

1. Security of Communication Channel (Ctd)
Cryptography (Ctd)
Asymmetric keys
Key owner distributes the public keys to its partners, but keeps the only private key with itself.
Public key encryption for secrecy
A partner encrypts a message with a public key and sends it to the key owner.
M->1 data transmission
Key owner decrypts the message with the private key.
Private key encryption for identity (digital signature)
Key owner encrypts a message with the private key and sends it to its partners.
1->M data transmission
A partner decrypts the message with a public key.

*

Implementing E-commerce Security

1. Security of Communication Channel (Ctd)
Cryptography (Ctd)
Comparison of the 3 methods
Symmetric key encryption/decryption
1-to-1 interactive data transmission
As the owner, you should keep 1 copy and send 1 copy to only one partner. You should have N different symmetric keys for N partners.
The owner and the user should authenticate each other. (how to send a key?)

Implementing E-commerce Security

1. Security of Communication Channel (Ctd)
Cryptography (Ctd)
Comparison of the 3 methods
Public key encryption & private key decryption
M->1 data transmission. Many people send you (owner) cipher texts with your public key and only you can decrypt them with the private key.
It is a kind of digital envelop to ensure secrecy.
As the owner, you should keep the only private key and distribute the M copies of the public key.
The public key or the owner should be authenticated or verified (how to send public keys?).

Implementing E-commerce Security

1. Security of Communication Channel (Ctd)
Cryptography (Ctd)
Comparison of the 3 methods
Private key encryption & public key decryption
1->M data transmission. You (only you) send a cipher text with private key to M people, who can decrypt it with the public key.
It is a method for digital signature (integrity).
As the owner, you should keep the only private key and distribute the M copies of the public key.
The public key or the owner should be authenticated (how to send public keys?).

Implementing E-commerce Security

1. Security of Communication Channel (Ctd)
Digital signature for integrity
Sam uses a hash algorithm to calculate a hash value (digest) from a message (hash coding)
A unique digest is calculated from a message.
The message can’t be recovered from the digest (1 1).
Sam encrypts the digest with his private key (signature) to produce a cipher text, and sends the message, cipher text and algorithm to Ruth.
Ruth decrypts the cipher text with Sam’s public key to produce the sent digest, and calculate a digest from the message with the algorithm.
If the calculated digest = the sent digest, the message has not been altered;
Otherwise, the message has been altered.

Implementing E-commerce Security

1. Security of Communication Channel (Ctd)
As a website, you may need to sign for data or active content
A digital signature indicates
the message is from authenticated sender; and
the message has not been changed in communication channel.
active content
owner
website
security program with browser

Implementing E-commerce Security

1. Security of Communication Channel (Ctd)
public

Implementing E-commerce Security

1. Security of Communication Channel (Ctd)
Digital signature for integrity
Discussion
Can hash coding alone ensure integrity?
Can hash coding alone be used for password protection on a server?
Can private key encryption ensure integrity?
Why is hash coding used for digital signature?
Can private key encryption ensure secrecy?
Can digital signature be used to authenticate the sender?

*

Implementing E-commerce Security

1. Security of Communication Channel (Ctd)
CA
A
B

A distributes its public key to B
Certificate Authority

*

Implementing E-commerce Security

1. Security of Communication Channel (Ctd)
Digital Certificate for authentication
Company A (A) applies for a digital certificate from Certificate Authority (CA).
CA issues a digital certificate containing A’s public key and ID encrypted with CA’s private key.
A sends the digital certificate (containing A’s public key) to Company B (B).
B decrypts the digital certificate with CA’s public key to verify A (A’s public key).

Implementing E-commerce Security

1. Security of Communication Channel (Ctd)
Digital envelop for secrecy & integrity
Sam and Ruth exchange their public key certificates (for 3 and 6).
Sam uses his private key to encrypt the message to produce cipher text 1 (digital signature for Ruth to authenticate Sam).
Sam uses Ruth’s public key to encrypt cipher text 1 to produce cipher text 2 (for secrecy).
Sam sends cipher text 2 to Ruth.
Ruth uses her private key to decrypt cipher text 2 to get cipher text 1 (other people can’t do this).
Ruth uses Sam’s public key to decrypt cipher text 1 to get the original message (Ruth authenticates Sam, making sure the message is from Sam).

Implementing E-commerce Security

1. Security of Communication Channel (Ctd)
Summary:
A digital certificate (or public key certificate) is a tool to send a public key to authenticate the key owner.
A digital signature is a tool to protect integrity, but not secrecy. The sender cannot deny a message that was digitally signed.
A digital envelope is a tool, using both parties’ asymmetric keys, to protect secrecy and integrity. It is also a method to send a symmetric key for a secure session.

Implementing E-commerce Security

1. Security of Communication Channel (Ctd)

symmetric
symmetric
Digital envelop Encrypt with
client private key
sever public key

Implementing E-commerce Security

1. Security of Communication Channel (Ctd)
Secure Socket Layer (SSL) Protocol
SSL Protocol allows secure interactive transmissions between the client and server during a single session.
A digital envelop is used for a transmission in one direction.
The client determines the secure session
Determine key length;
Identify the server;
Provide symmetric session key;
Allow server to identify client

Implementing E-commerce Security

1. Security of Communication Channel (Ctd)
Secure HTTP (S-HTTP) Protocol
S-HTTP a security technique competing SSL.
S-HTTP sends individual messages while SSL establishes a secure connection between 2 computers.
S-HTTP cannot be used to secure non-HTTP messages.
Not all browsers and not all Web sites support S-HTTP.
A supporting site’s URL starts with “SHTTP”.
https = HTTP over SSL – will you create an https site?

*

Implementing E-commerce Security

1. Security of Communication Channel (Ctd)
Guaranteeing Transaction Delivery
Packets in transaction can be stolen and slowed down.
Cryptography is NOT a solution
‘Incomplete’ solutions
Transmission Control Protocol (TCP) requests the sender to resend data when packets seem to be missing.
Data mining to detect anomaly (widely used by banks)
Messaging (widely used by banks)

Implementing E-commerce Security

2. Security of Computers
3 techniques to protect computers:
Operating system security enhancement
Microsoft or Apple automatically updates computer security countermeasures.
Access control and authentication
Login procedure for access control
Digital signature for authentication
Configuring browsers to determine security level or control access for client computers
Using access control list (ACL) to the control access privileges of different users for server computers.
Anti-virus software

Implementing E-commerce Security

2. Security of Computers (Ctd)
Firewalls to protect network
firewall – computer/software combination installed at the entry point of a networked system
3 types of firewalls
Packet-filter
filter packet according to its source or destination IP address;
Gateway server
filter traffic according to application (e.g. FTP, Telnet)
Proxy server
communicate with the Internet on the private network’s behalf and filter requests

Implementing E-commerce Security

Security Policy
Security of a computer system is implemented according to a security policy.
A security policy must protect a system’s secrecy, integrity and availability (necessity), and authenticate users (e-commerce requirements).
3. Organisational policies, industry standards and public laws

*

Implementing E-commerce Security

Security Policy
concerns
physical security
network security
access control and authentication
virus protection
disaster recovery
identifies
assets to be protected;
reason of the protection (risk analysis);
responsible people for the protection;
accepted and unaccepted behaviours.
3. Organisational policies, industry standards and public laws

*

Implementing E-commerce Security

Public laws raise the costs of illegal behaviour and guard against corporate abuse of information.
Current laws are temporary and immature
Specific industries have released standards or guidelines about security.
Payment Card Industry Data Security Standard – Visa, MasterCard, American Express and Discover
Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security – The Organisation for Economic Cooperation and Development
3. Organisational policies, industry standards and public laws

*

Implementing E-commerce Security

Implementing E-commerce Security
Security of Communication Channel
Security of Computers
Organisational policies, industry standards and public laws

technicalorganisationallegal
secrecy
Prevent unauthorised reading or
deriving information
integrityDetect message alteration in transit
availability
Ensure that messages cannot be lost
undetectably
Nonrepudiation
Provide undeniable, end-to-end proof
of each message’s origin and recipient.
AuthenticationIdentify clients or servers
solutions
securityexplanation
threats
impact/probability