What is E-Commerce? A general definition for E-Commerce is the act of conducting business on-line. This includes both buying and selling products. It also includes paying for products via digital cash and a variety of other methods. Electronic Data Interchange (EDI) is the transfer of data between different companies using networks, such as the Internet. EDI has gained in popularity as E-Commerce continues to develop. According to President Clinton and Vice President Gore in their paper "A Framework For Global Electronic Commerce", E-Commerce offers "…entrepreneurs the ability to start new businesses more easily, with smaller up-front investment requirements, by accessing the Internet's worldwide network of customers …" [3].

Electronic commerce over the Internet is only about four years old. In fact it was only back in 1995 that Dell, Cisco and Amazon began to use the Internet aggressively for commercial transactions. However, it has already impacted commerce profoundly. In fact, figures show that nearly 40% of organizations already have e-business operations in place. For example, 52.9% of the banking and finance sector have e-business implemented [2]. What were once considered barriers to small-midsize companies, such as the extended geographical coverage of large companies and large sales force, no longer pose a limitation to smaller sized companies. E-Commerce allows smaller companies to reach a global audience. This benefits both the buyer and seller.

Electronic commerce can be broken into the categories business-to-business and business-to-consumer. Business-to-business E-Commerce deals with buying and selling within and among businesses themselves. Auction markets and EDI (mentioned above) are examples of business-to-business E-Commerce transactions. The best examples of business-to-consumer transactions are retailing and electronic stock brokerages. Business-to-business is by far, where the majority of E-Commerce today takes place. In fact, though business-to-consumer transactions have increased, especially within retailing, there are still serious concerns and problems which must be addressed in order for this to be an attractive alternative to traditional retailing for a large consumer population. An example of this is seen, as research shows, in the fact that 2/3rds of electronic retail shoppers abandon their purchases prior to "checking out" and completing the sale. While some similarities exist between business-to-business and business-to-consumer E-Commerce, it is essential for a business to determine early into which category it will fall. Both need to support multiple languages, currencies, payment methods etc., however, fundamental differences exist between the two types of sites. For example, to sell to other businesses, a business must support purchase orders - something not needed if dealing with a business-to-consumer plan. While this may seem like a trivial and perhaps obvious issue, businesses have made the costly mistake of choosing the wrong plan. Take for example, Ingram's case, where it is natural to imagine its service as a business-to-business application. However, Ingram really targets its customers' customers, hence being seen as more service-oriented [11]. Perhaps Ingram is best suited to a less obvious business-to-consumer plan. It is, as mentioned above, extremely important to address such redefinition early in the process.

The future is bright, according to President Clinton and Vice-president Gore, for electronic retailing as "…the Internet will also revolutionize retail and direct marketing. Consumers will be able to shop in their homes for a wide variety of products from manufacturers and retailers all over the world. They will be able to view these products on their computers or televisions, access information about the products, visualize the way the products may fit together …" [3].

Researchers have attempted to organize the vast and ever-growing area of electronic commerce. A framework for understanding electronic commerce is based upon the Open Systems Interconnection (OSI) model for network architectures [4], and is exemplified by the following illustration:

Each of the ten layers are under continual research and encompass many different academic areas - from Computer Science, to Law to Business. The topic of Electronic Commerce is a truly interdisciplinary field as discussed later in the paper.

List of supporting papers on this topic (valid links as of November 1999):

1. Electronic Commerce FAQ

http://cism.bus.utexas.edu/resources/ecfaq/ecfaqa1.html

2. EDI (Electronic Data Interchange) Is But One Element of Electronic Commerce

http://www.anu.edu.au/people/Roger.Clarke/EC/Bled93.html

3. Electronic Commerce Definitions

http://www.anu.edu.au/people/Roger.Clarke/EC/ECDefns.html

4. Nuts and Bolts of Business-to-Business E-Commerce

http://www.nwc.com/904/904f23.html

5. Interesting statistics all relating to E-Commerce

http://www.iw.com/daily/stats/index.html

Understanding Digital Communication - basics of data communication:

Data communication involves the transmission of data to and from computers and components of computer systems. Data communications may be traced back to 1837 with the invention of the telegraph. Its history also includes the inception and evolution of the Internet. The Internet began in 1969 as Arpanet, funded by the US Defense Department. Its primary use was to provide communication among scientists and researchers. Since 1990, the use of the Internet has changed extensively. In 1992, the Internet was comprised of 1 million host computers. By 1995, that number had grown to over 4 million. As of 1998, the Internet had more than 100 million users worldwide, and that number continues to grow as we enter the new millennium. The Internet contains a wealth of information (some accurate and some inaccurate) and links together more than 100 countries.

One of the most recent milestones in data communications occurred in 1996 with the passing of the Telecommunications Reform Act. This act allowed:

® Competition among communication services

® Local telephone companies to provide long-distance services

® Deregulation of cable television rates

Data communications encompasses several important features. It requires a message, a sender, a receiver and a medium. The sender and receiver could consist of a person or perhaps even a computer. The medium over which the message is sent could consist of wires, radio waves or even light pulses. Transmitted data (or the message) is represented by one of several different codes, such as ASCII and EBCDIC. In order for successful transmission of a message, both sender and receiver must be using, or be able to translate into, the same code.

Data communication applications can be separated into several different classes, including batch, data entry, distributed, and inquiry/response. Large data transfers in one or both directions characterize batch applications. Data entry applications consist of lengthy inputs such as credit card number, merchant number etc. and short responses such as a prompt to begin inputting the next batch of entries. Distributed applications are characterized by whether data or processing or both are distributed among several processing units. Client/server computing is an example of a distributed processing application, as the client will request the processing services from the server. Lastly, inputs with generally few characters and output responses with many characterize inquiry/response applications. Often data communication applications must be combined in order to support more than one type of activity.

Data communication applications must strive to meet and continually improve upon basic requirements regarding performance, flexibility, reliability, security etc.

• Performance can be measured by response time, which is the interval between entering a message and receiving a response. In the context of E-Commerce, for example, a short response time between placing an on-line order and receiving a confirmation of that order is critical. Often if the wait time is too long, a consumer may get frustrated and abandon the on-line order.
• Flexibility is the ability to accommodate different standards and protocols, with minimal impact on existing applications and users. Since E-Commerce is such a quickly changing field, it is difficult to anticipate when standards will ever be set. Therefore, it is essential to develop systems flexible enough to support multiple standards.
• Reliability measures the frequency of system failure, which includes any event that prohibits users from processing transactions [17]. On-line businesses continually face the challenge of dealing with this issue. Lack of reliability is inherent in the Internet as there is no way to avoid an occasional lost packet, a link that goes down, or anticipate heavy network traffic load.
• Security continues to grow in importance, especially concerning the transmission of sensitive information over the Internet. A later topic will deal with the research currently underway concerning secure transmission of sensitive data. Regarding data communications, however, security exhibits another facet. Within a business, as the number of computer systems continues to grow, more sensitive business information is available. Safeguards must be implemented to ensure only authorized users have access to privileged information. Additionally, those users must have access only to company information pertinent to there job duties.

A network can be defined as two or more computers connected by way of a communication medium and associated links and equipment. There are three basic types of networks. The oldest, WAN (Wide Area Network) spans a wide geographical area. It is also characterized by the use of data link protocols different form those of LANs or MANs. A MAN (Metropolitan Area Network) serves an area about the size of a city, a distance of approximately 125 miles. MANs are similar to LANs in that they both work at a quicker transmission speed than wide area networks. The major difference between LANs and MANs is distance that they cover. A LAN (Local Area Networks) generally serves an area of less than several miles in distance. Often the business or company supporting the LAN privately owns the medium connecting the LAN. WANs, MANs and LANs can all be interconnected, thus forming an "internetwork" of computers, today known as the Internet.

List of supporting papers on this topic (valid links as of November 1999):

1. Foundations of Electronic Commerce: Computer Science at Work

http://www.acm.org/crossroads/xrds4-1/commerce.html

2. Index of Internet facts

http://new-website.openmarket.com/intindex/index.cfm

3. Data Communications On the Web

http://www.data.com/

4. Current research on Telecommunications issues

http://www.ati.stevens-tech.edu/

In order to successfully conduct business on the Internet and support an electronic commerce site, good hardware and software capable of handling Web services is crucial. This section begins with a definition of client-sever and distributed computing. Concluding this section will be a look at server platforms on the market today.

Client-server architecture involves each computer in a network being either a client or a server. The server is a powerful computer dedicated to managing certain tasks. A file server, for example, manages and stores files. A print server handles printer services and one or more printers. A web server handles Internet and web related processes. Under certain situations, such as a small business environment, a single computer could manage more than one resource. In that case, a server would refer to the specific program managing that resource, rather than a separate computer dedicated to that resource [16].

The client refers to the application that runs on a workstation (and can also apply to the network computer itself) and makes requests to the server to perform some operations. A fat client performs a large part of the processing operation locally, whereas a thin client handles very little with the bulk of the processing occurring on the server.

Client-server architecture is also referred to as a two-tier architecture, meaning the client talks directly to a server, with no intervening server or middleware. Typically, this type of architecture is sufficient for use in small environments of around 50 users. A three-tier architecture addresses the limitations of a two-tier by introducing a server at the middle tier, between the client and the end server. This middle server can serve many purposes, such as provide translation services, metering services (such as monitoring an intranet against entry by unauthorized users), or intelligent agent services [18].

The Institute of Electrical Engineers defines Distributed Computing as a computer system in which several interconnected computers share the computing tasks assigned to the system. Hence processing will occur on more than one processor in order to complete a transaction. The processing is distributed across two or more machines that may not be running at the same time [19]. Distributed computing requires a set of standards indicating how objects communicate with one another. The main distributed computing standards currently consist of COBRA, DCOM and RMI. COBRA(Common Object Request Broker Architecture) enables portions of programs to communicate with one another regardless of language they were programmed in or operating system they are running on. DCOM (Distributed Component Object Model) serves the same purpose as COBRA but is currently implemented only on Windows, unlike COBRA which runs on many operating systems. RMI (Remote Method Invocation), created by Sun Microsystems, is a set of protocols which work only with objects created in Java. COBRA and DCOM, on the other hand, support objects created in any programming language [16].

Cooperative Processing is worth a brief mention, as it is related to client/server and distributed processing. To understand cooperative processing, therefore, helps to clarify the differences in the other two types of processing. Computing via cooperative processing requires two or more distinct processors to complete a single transaction. It therefore fulfills the definition of distributed computing since more than one distinct processor is required to complete a single transaction. On the other hand, this type of processing is considered similar to client/server processing if communication between processors is performed through a message-passing (three-tier) architecture [19].

In order for an application such as a web server to work at its maximum, one needs an optimum performing operating system and platform. A platform is the underlying hardware or software for a system defining a standard around which a system can be developed. For example, if a company has a very fast Web server running on a slow operating system, the web server will only partially be able to make up for the slow operating system. The system as a whole, therefore, will run less efficiently. There is a variety of server platforms on the market today. They include Mac OSX, Novell NetWare, Sun Solaris, and Windows NT Server. Many have been developed and refined with E-Commerce in mind, and are able to handle the volume associated with a successful E-Commerce site.

ServerWatch - a guide to Internet servers and platforms, features extensive reviews and ratings on the most popular servers. For example, they have compiled the following analysis on Sun Microsystems’s operating system Sun Solaris. They report that this operating system can serve the needs of almost any Web site, ranging from smaller departmental intranet servers to a large-scale commercial installation working with secure transactions on an E-Commerce level. Solaris is generally run on Sun's SPARC servers for maximum performance. Specific analysis of other platforms and servers are available to help businesses choose a system adequate for their needs.

List of supporting papers on this topic (valid links as of November 1999):

1. Client/Server Software Architectures--An Overview

http://www.sei.cmu.edu/str/descriptions/clientserver_body.html

2. Comprehensive collection of Client/Server frequently asked questions

http://www.cis.ohio-state.edu/hypertext/faq/usenet/client-server-faq/faq.html

3. Summary reports on Web application servers

http://ipw.internet.com/clients_servers/web_application_servers/index.html

A protocol can be described as being an agreed-upon format for transmitting data between two devices. One of the major challenges facing the advancement of Electronic Commerce today is the lack of standardization in different protocols. Various companies back different standards, for example Microsoft vs. Netscape. Often this forces a company to alienate a large pool of the customers that adhere to different standards. Since E-Commerce is an evolving area, it is impossible to anticipate if and when standards will ever be set. Therefore, it is essential to develop systems capable of supporting multiple standards [4]. Protocols exist at many different levels of Electronic Commerce. For example, topic 10 will describe three different protocols, SSL, S-HTTP and IPsec, all involving security transmission of data over the internet. SET is another protocol, which will be mentioned in topic 11, and involves ensuring message integrity, and authentication. There are several different electronic payment protocols which will be discussed in topic 11- among them are Digicash, Netcash, PayMe and Mondex .

This section will expand upon still different protocol types. They will include SGML, HTML, and XML. These markup languages enable the creation of web pages. In addition, there are several versions of these markup languages and variations such as Dynamic HTML, cXML and XHTML™ 1.0, which is a reformulation of HTML 4.0 in XML 1.0.

SGML is an abbreviation for Standard Generalized Markup Language. This language, a "parent" to HTML and XML, was developed and standardized by the International Organization for Standards (ISO) in 1986. SGML is a system for organizing and tagging elements of a simple text document. Markup languages were created as a method for displaying documents on the World Wide Web, via a Web browser. These documents differ from other Internet resources in that they allow the user to jump from web page to web page with just a click of a hyperlink or by typing in an address. SGML specifies the rules for tagging elements. Each SGML document has an associated document type definition (DTD), which defines rules for document contents and allows for interpretation of tags according to SGML rules [13]. One of the features of SGML is that it ignores page or screen layout and concentrates solely on the structure of the document. SGML is a powerful and successful standard, not limited to textual applications. It has also been used successfully in EDI (Electronic Data Interchange) and other forms of structured electronic data exchange [14].

HTML is collection of platform-independent markup tags that define the various components of a Web document. HTML documents are written in plain-text and the tags (commands) are added to allow one of several things to happen:

® change the typeface or front size of the encased text

® enhance with boldface, italics, or underlines

® insert links to other sections of the current document or to other sites

® construct fill-out forms

® create tables, etc.

For example, one can create bolding by encasing the words intended to be bolded with the tags <B> and </B>. HTML also supports the inclusion of graphics, animation, audio and video into the documents [13]. Available on the market today, are HTML editors such as Microsoft FrontPage and Adobe PageMill. They allow users to create web pages without the need to know how to code. For a variety of reasons however, it is still advisable to understand the basics of HTML, as occasions arise when it is necessary (and perhaps even easier) to leave the editor and code directly in HTML.

XML stands for eXtensible Markup Language. It is a fairly new markup language being developed by the World Wide Web Consortium. It is extremely flexible, allowing web page designers to create their own customized tags. It also provides functionality not available with HTML. For example, XML supports links that point to multiple documents, where as HTML links can only reference one destination. Another powerful feature of XML is that it does not define standard tags. The creator of the web page declares the tags he needs in his document. HTML, on the other hand, has a set number of tags from which the designer much choose. XML also lends itself nicely to E-Commerce web sites, with applications such as Web catalogs benefiting from XML. Specific tags could be created for pricing and description enabling software agents to search Web catalogs for the best buy [15]. Though XML is much more flexible than the current HTML version, it my not become the standard markup language unless it is supported by future Web browsers. In fact, Microsoft Internet Explorer is the only major web browser at this time, whose future versions will support XML.

CXML (Commerce XML) whose original version launched mid-May 1999, is a new set of document type definitions for the XML specification. CXML is most useful in the realm of Electronic Commerce. It is "used to standardize the exchange of catalog content and to define request/response processes for secure electronic transactions over the Internet. The processes include purchase orders, change orders, acknowledgments, status updates, ship notifications and payment transactions" [16].

List of supporting papers on this topic (valid links as of November 1999):

1. General Information and many links to SGML resources

http://www.w3.org/MarkUp/SGML/

2. A beginner’s guide to HTML

http://www.ncsa.uiuc.edu/General/Internet/WWW/HTMLPrimerAll.html#GS

3. Frequently Asked Questions about XML

http://www.ucc.ie/xml/

4. XML Here to Stay

http://www.datamation.com/apdev/9907xml1.html

A search mechanism, such as a search engine or search directory, is software which is run on a dedicated server or servers. It examines documents for specified keywords then returns a list of the documents where the keywords were found.

A search directory contains a general list of descriptive subject indexes of web sites or may lead to another more specific directory listing. This list narrows as the users clicks on a more specific topic. A final search yields web sites with the keyword relating only to that particular subject matter. For example, going to the search directory Yahoo!, I clicked on "Autos". I then did a search of the word BUG, in "just this category". As intended, I obtained a manageable 32 sites on the car the Volkswagen Beetle. Starting out the search by entering the descriptive keyword BUG in the search engine Infoseek, resulted in 10 matching topics and 425,773 Web sites (as of the time of this writing) on everything from the insect, to the millennium bug.

A search engine differs from a search directory in that it searches web sites and other Internet resources to find matches to the descriptor keywords entered by the user. Search engines also have advanced search options to refine the search. As noted in the example above, search engines may produce a high level of irrelevant information.

There is very little distinction between search directories and search engines. In fact most search mechanisms contain both to some degree and often the term search engine is used to apply to both.

A search engine generally works by sending out a spider (or many spiders) to retrieve as many documents as possible. A spider, also known as a webcrawler, is a program that automatically fetches web pages containing a keyword, and adds the pages to an index. Another program, called an indexer, contains a database of web pages that match a particular query. Search engines use a variety of algorithms to create its indices that ideally, contain only meaningful results for each query [16]. It is impossible for any search engine to spider all pages on the World Wide Web. In addition to the expansive amount of data already available, new sites are appearing at an incredible rate -approximately a million electronic pages added every day. In addition, a spider is limited to the number of web sites it will investigate on any one server. Therefore, the spider may never reach a web site that is hosted on a server with thousands of other pages. Search engines must compromise in an attempt to visit as many sites as possible. For example, they may only visit sites they are told about, visit only home pages of any one site etc. [21]

Due to the rapid and chaotic growth of the web, the information contained within the web lacks organization and structure. Creating and maintaining an index or directory of relevant sites is a daunting task. The largest challenge involves choosing the "best" sites, as this is mostly a personal decision with no precise measure. To determine if a web page is "best" based on the frequency of times the query term is mentioned in that page can result in failure. For example, a site rich in information about automobiles may not be indexed if the word "car" or "auto" is used frequently, instead of the word "automobile". Extensive research continues in an attempt to improve results of web queries.

The WordNet project by George Miller and his colleagues at Princeton University attempts to enhance search techniques with stored information about words with similar meanings. Therefore, a search for automobiles will first determine a list of the synonyms of the word automobile, then conduct a search using all words similar in meaning to the queried word. On the other hand, this method can also exacerbate the problem of obtaining irrelevant sites, since many words have multiple meanings.

Another noteworthy project is currently being examined by members of the Clever Project at IBM. They are conducting research into finding the most relevant sites, based on hyperlinks [22]. This research stands on the assumption that a web page generally consists of information similar to that of the links to which it points. Hence, the hyperlinks actually reveal relationships between pages.

The best-designed web site is of little or no value if no one visits the site. This statement raises an important issue - especially in the area of electronic commerce where the site’s success or failure may depend, initially, on how many "hits" it receives. A web page contains a special HTML tag called the Meta tag that provides information about a Web page. Meta tags do not affect how the page is displayed on the user’s browser. Instead, their purpose is to provide information about the current document. The information includes the page’s author, the expiration date, what the page is about, and perhaps most importantly, keywords which enable search engines to correctly identify the document [13]. Many search engines use this information when building their indices. Hence, it is important for web developers to carefully choose the keywords relating to the site. This will affect the site’s placement in search engine results. In addition, search engines will often scan the first few paragraphs of text, looking for the keyword(s). Therefore, it is wise for the web developer to begin the home page with a paragraph or two explaining what the site is about, using as many keywords as possible [23].

There are several ways to market a web site. Some methods are free and others incur a fee (ranging from approximately $10 - several hundred dollars). When marketing, a common misconception lies in the assumption that submitting a web site to hundreds of search engines will result in thousands of new visitors. Submitting alone is not enough. Generally, if the site is not listed within the first two or three pages of a search engine’s results, it will most likely not be visited, regardless of how many engines the web site has been submitted to. Software, on-line references, as well as industry professionals can help in obtaining a high rank for web sites. In addition, banners and ads placed on other web sites, can be purchased. This type of advertisement helps to increase the flow of visitors to a web site.

List of supporting papers on this topic (valid links as of November 1999):

1. Collection of some of the most useful search engines all in one location

http://cuiwww.unige.ch/meta-index.html

2. Search Engine Glossary

http://www.searchenginewatch.com/facts/glossary.html

3. Contains information regarding the latest progress in search engines

http://www.searchenginewatch.com/

4. Tips to successful marketing of your E-Commerce site

http://hyperbanner.com/E-Commerce.htm

Multimedia on the Web: Radio and telephone call on the web, RealAudio and RealVideo:

Multimedia refers to the integrated presentation of text, graphics, video, animation and sound on computers. Prior to the mid-90’s, multimedia applications were uncommon on personal computers due to expensive hardware and high performance demands [16]. Today, nearly all PC’s are capable of displaying video and at least a limited amount of multimedia. In fact, a group of the industry’s leading computer firms developed a software and hardware standard - Multimedia Personal Computer (MPC). This standard specifies the minimum hardware configuration for running multimedia software [16].

Streaming is a term often associated with multimedia and the WWW. This technology has become even more important with the growth of the Internet. Streaming is a technique for steadily transferring data in a way that allows the information to be processed in a continuous manner. This is helpful, since large multimedia files can not be downloaded quickly due to the current constraints of file transfers to home PC’s. Hence with streaming, the user’s web browser can start displaying the data before the entire file has been transmitted [16]. Due to the importance of streaming and the ever increasing complexity of web sites, several streaming technologies have emerged. For example, RealAudio has become the standard for transferring audio data over the Web. In order to hear a Web page that includes a RealAudio sound file, the user’s browser must include the RealAudio program, which is available at no cost at several sites. RealNetworks, the developers of RealAudio, have also developed RealVideo, a streaming technology for transmitting video over the Internet. This technology uses a variety of data compression techniques as even small video clips and images can often be very large data files.

Several protocols and standards exist for controlling streaming over the World Wide Web. RTP, which stands for Real-time Transport Protocol, is a protocol for transmitting real-time audio or video over the Internet. When a packet is transmitted, it contains an RTP header field that contains such information as sequence number, timestamp, marker bits, etc. For voice packets, the marker bits indicates the beginning of a talkspurt [29]. The RTProtocol is also used for interactive services such as Internet telephony. This is a service that enables the user to utilize the Internet as a transmission medium for telephone calls. This service has not gained in popularity, due to the lower quality of telephone service as compared to traditional telephone connections.

The standard H.323, defines how audiovisual conferencing data is transmitted across networks. In addition to applicability in videoconferencing and distance learning, this standard is also used in Interactive shopping applications [30]. It is flexible enough to allow customers to use multimedia applications without changing the existing network infrastructure. An advantage to the H.323 standard is interoperability. For example, although different videoconferencing applications may be used, this standard should enable all users to participate in the same conference [30].

Other standards that provide a foundation for audio, video, and data communications across the Internet include H.320 and H.324. Protocols exist in addition to RTP, which support multimedia and reliable data transmission. They include RTCP which works in combination with RTP, RTSP- the real-time streaming protocol, and RSVP- the resource reservation protocol [31].

Certain markup languages are designed to enhance Web page creation in a given situation. For example, as discussed in topic four above, CXML (Commerce XML) is most useful in the realm of Electronic Commerce. Likewise, SMIL, which stands for Synchronized Multimedia Integration Language, is a new markup language that facilitates the creation of web pages that include multimedia. This language developed by W3C, enables Web developers to divide multimedia content into separate files and streams. The files are then sent individually to the user’s computer, then displayed together as if they had been sent as one multimedia stream. This is advantageous, as the separation will enable the file to traverse the Internet more quickly. In SMIL, the commands used specify whether the multimedia components should be played in sequence or together. Like CXML, SMIL is based on the eXtensible Markup Language. On August 3, 1999, the W3C released a working draft of a new version of SMIL code-named SMIL Boston. This new version of SMIL uses a more syntax friendly coding scheme than the earlier version.

Research into the area of multimedia continues. With the arrival of new and improved protocols, standards and web development tools, multimedia will be easier than ever to incorporate into web sites. In addition, home PC users will be able to use this new facet of computing more than ever before. Multimedia finds importance in the area of E-Commerce. An attractive on-line storefront with an integrated media presentation could help a site stand above the rest. In addition, through the availability of multimedia on home PC’s, certain businesses are finding economic opportunities on the web that before may not have been seen as practicable or possible. Realtors, for example, are now able to use the World Wide Web to help market properties by bringing video clips of the property to the home PC of a potential customer. Multimedia is also being used to broadcast live news and radio events.

List of supporting papers on this topic (valid links as of November 1999):

1. August 1999 press release by W3C -first working draft of SMIL Boston

http://www.w3.org/1999/08/smil-pressrelease

2. Excellent site exemplifying multimedia

http://www.thevtour.com/

3. Frequently Asked Questions Concerning RTP

http://www.cs.columbia.edu/~hgs/rtp/

4. Higher Level Protocols used with IP Multicast

http://www.ipmulticast.com/community/whitepapers/highprot.html#Real-time Transport Protocol (RTP)

Intranets and Extranets:

An intranet is a network based on the same protocols used by the internet (TCP/IP). The difference, however, is that an intranet belongs to an organization and is accessible only to members of that organization. Intranets, also known as internal webs, are only logically "internal" to an organization. Physically, they can span the globe, as long as access is limited to members of an organization. Another way to think of an Intranet is that it uses Internet technologies to serve the internal needs of organizations. An Intranet is protected from "outsiders" by a firewall, which denies access to unauthorized users. A firewall can be implemented with the use of special hardware, software or a combination of both. A firewall works by monitoring all messages and information entering or leaving the Intranet. It will then block those that do not meet the specified security criteria. One or more of the following types of firewall techniques are implemented in an intranet:

1. A packet filter examines each of the packets entering or leaving the network and accepts or rejects them based on rules defined by the system administrator. This is an effective technique which is transparent to the users of the intranet. It can however be difficult to configure.
2. An application gateway applies security measures to a specific application such as an FTP or Telnet server. Though it is effective, it can lead to a decrease in performance of the intranet.
3. Circuit-level gateway technique uses security mechanisms applied when the TCP connection is established. Once the connection is made, the packets are allowed to flow freely between hosts without the need for further checking.
4. Lastly, a proxy server is used to intercept all messages entering and leaving the network. In addition to filtering requests, a proxy server can also increase performance on a network since it can actually process some of the requests, instead of passing them all to the main server.

Intranets are meant to allow the sharing and exchange of information within an organization. This is facilitated by the use of groupware, which is software designed to be used by work groups. Some of the uses of groupware include document sharing, collaborative authoring, messaging, and discussion forums [9]. Intranets allow the sharing of information only among certain users. This differs from the Internet (and specifically the World Wide Web), which also allows the sharing of information but is accessible to anyone. Intranets have become a fast growing segment of the Internet for several reasons. First, they are less expensive to build and manage than private networks. In addition, an intranet can be easily implemented even with private networks. Also, they make information easy to obtain and use by everyone in the organization, with a wealth of company information only a mouse click away.

Extranets differ from internets, in that they are partially accessible to authorized outsiders. They provide various levels of accessibility to outsiders of a business such as suppliers, vendors, customers, and other businesses. An extranet can be viewed as part of a corporation’s intranet which is extended to users outside of the company. In addition to allowing access to a particular organization, the user’s identity will also determine which parts of the extranet they are authorized to view. The health care industry serves as a good example of an extranet as seen in the Health Maintenance Organization sector. Those responsible for maintenance of an extranet, must be even more vigilant concerning security and privacy, with the use of passwords, firewalls, encryption etc. Companies can use an extranet to:

®Exchange large volumes of data using Electronic Data Interchange (EDI)

®Share product catalogs exclusively with wholesalers or those "in the trade"

®Collaborate with other companies on joint development efforts

® Jointly develop and use training programs with other companies

® Share news of common interest exclusively with partner companies [10]

Large companies such as Netscape, Oracle, and Sun Microsystems have announced an alliance to standardize their extranet products to ensure compatibility. As the need for business partners to exchange information continues to grow, extranets will continue to expand to meet that need.

List of supporting papers on this topic (valid links as of November 1999):

1. What Differentiates an Extranet from an internal-Only Intranet and the Public Internet

http://www.intranetjournal.com/extranets/buildingextra.html

2. From Intranet to Extranet

http://www.intranetjournal.com/extranets/fie.html

3. Intranet Systems Integration

http://www.iorg.com/papers/bcr.html

The first part of the following topic will define and discuss software agents. The next part will deal with auctions- what they are, examples of auctions on the web and software available to create auctions.

An agent is a program that performs some processing or information-gathering task in the background [16]. For example, agents have been used successfully to perform such tasks as filter information, match people, make comparisons, etc. There are three different ways of handling the timing of an automated task. The first is to perform a task only when specifically requested to do so, as in spell checking. A second method of handling an automated task is to constantly lurk in the background, but to only act when a specific "trigger" occurs. A program alerting the arrival of new e-mail is a good example. Finally, certain tasks are performed continuously, such as a clock program. Software agents fall into this third category [24].

Often, a computer's CPU time is spent waiting for the user to hit the next keystroke, or signal the next task to be done. The theory behind agents is instead of spending that time simply waiting, those CPU cycles can be used constructively by performing continuous searches for information that might be of use [24]. In that way, agents can actually act as personal secretaries and fact finders. Say for example, a user is reading e-mail regarding a new product out on the market. While the user reads the e-mail, instead of sitting idle, waiting for the next instruction, the agent can be out searching the Internet for topics relating to that new product. When the user finishes reading the mail message, the agent could then unobtrusively indicate the references found on that particular topic. It is important that the agent not distract from the user’s work at hand, but only to add information that may merit further research. The agent’s purpose then, would be simply to suggest information sources that may be relevant to the user's current situation. Research is currently underway to create software agents that "know" a user’s interests and can act independently on that user’s behalf without explicit instructions. Other uses for software agents include guiding users through complex on-line transactions, teaching them about certain subjects or even monitoring specified topics for critical changes. Research is also moving in the direction of more "powerful" software agents which may be given the authority to perform transactions (such as on-line shopping) or to represent people in their absence. Software agents can change computing as known today, in the sense that rather than manipulating a keyboard and mouse, people will speak to agents regarding tasks that need to be done. Agents will appear as "living" entities on the screen- using animated facial expressions or body language rather than windows with text, graphs and figures [25].

Creating intelligent software agents presents a challenging task for programmers. Unlike regular software, agent programs must be written to stand as independent entities. An agent should be robust, adaptive, independent, and know what its goal is and strive to achieve it. Additionally, an agent should be capable of learning from experiences and responding to unforeseen situations by way of a variety of methods [25].

Software agents currently available are rather simplified and limited in the tasks they can perform. For example, some e-mail packages allows a user to create an agent to sort incoming messages by sender, subject or contents. In reference to electronic commerce, a shopping agent is one kind of intelligent software agent which specializes in helping users find information, shop, compare prices and handle secure electronic transactions. The future is bright for software agent development in the electronic commerce arena, as agents are poised to revolutionize the way we conduct transactions on-line.

An auction is a means of distributing goods and/or resources using free market techniques, to those who value the goods or resources the most. Auctions are useful when selling a commodity of undetermined quality or in circumstances where the goods do not have a predetermined market value. In that case, a seller is unsure of the price he can obtain for the good and an auction can help establish that price. Auctions are unique in that the bidders and not the seller set the price. The bidder may know more about the goods for sale, however it is the seller who sets the guidelines for the type of auction. There are many different types and classifications of auctions and the best varies based on the particular circumstance [26].

Internet auctions are one of the most rapidly growing sectors of electronic commerce, according to Epiq Technologies, a service provider of online auction software. Currently, the largest Internet auction of antique goods is eBay. EBay began operations in September 1995 and by December 1998, it was the second most popular site on the World Wide Web. The company has approximately 1.4 million items that can be bid upon everyday. One can see how immensely popular an on-line auction has become in just one area of industry. Many more sectors of industry remain open to the possibility of on-line auctions, which like traditional auctions, provide a means of distributing goods and/or resources to those who value the them the most [27]. Yahoo! Auctions and America’s Auctions and Sales are other examples of large on-line auction sites, containing a variety of items.

Many vendors exist who sell software for creation of a company’s on-line auction site. These vendors provide additional support such as helping a business integrate their software with the company’s existing web site. In addition, many vendors offer space on their server, enabling them to host on-line auctions for a customer’s convenience.

List of supporting papers on this topic (valid links as of November 1999):

1. A Perspective on Software Agents Research

http://www.cs.umbc.edu/agents/introduction/hn-dn-ker99.html

2. Research and projects currently underway in finding intelligent agents useful in the electronic commerce arena.

http://bf.cstar.ac.com/

3. Agents that Buy and Sell: Transforming Commerce as we Know It

http://ecommerce.media.mit.edu/papers/cacm98.pdf

4. VirtualAuctioneer, a sample auction development tool to create an auction web site

http://www.virtualauctioneer.com/VAhome.cfm

Generically, a channel is the communications path between two computers or devices. In that sense, the channel can refer to the physical medium such as the wires or to a set of characteristics that differentiates one channel from another. The term channel also refers to the way in which the seller communicates with and sells products to the consumer [16]. Topic 9 will be discussing the term channel as it relates to E-Commerce and the second definition mentioned above.

The term broadcast means to simultaneously send one message to many recipients. Hence web broadcasting, or webcasting uses the World Wide Web to broadcast information. To best understand the terms: webcasting, Web Channels and Web broadcasting, one must first define the terms "push systems" and "pull systems".

A push system, or push technology, refers to the sending of data from the server to the client, without the client expressly requesting it [16]. This is usually customized information, sent directly to the user’s desktop. The user is able to define the information they would like to receive, such as news, weather, stock quotes etc. Then periodically, without having to request the information or search for it, the user will automatically receive data updates. Broadcasting is an example of push technology since the information is automatically send out. BackWeb, Netcaster and PointCast are examples of products currently on the market designed to place push technology at the desktops of users. This technology is designed to increase productivity, reduce costs and ease information retrieval. Unfortunately, push technology can require large amounts of bandwidth and processing power which can bog down a network and thus lead to a degradation of performance.

Another simple and commonly used example of push technology is electronic mail, since the sender "pushes" the e-mail to the receiver, who finds the message sitting in the account without having requested it from the sender. Those with a common interest in a subject area use listserv mailing lists (also referred to as discussion groups) for sharing experiences and information. Similarly, mailing lists are used to send customers updated information about services or products [28]. More companies are using the Internet to send information under a push system. This is more of a proactive way of sending information on a particular product, to those who would be most interested and therefore more likely to purchase the product.

Web Broadcasting, or webcasting, is designed to work similarly to television or radio broadcasting. The customer chooses a "channel" and information from that channel is "broadcast" to the user. A Web Channel defines the way in which data is delivered by push technology. In addition, like radio and television, webcasting targets a certain audience based on data collected regarding customer interests [28].

A Pull system takes on a more passive approach. Data is only sent when and where it is requested. The World Wide Web is an example of the pull system (also referred to as pull technology). A page is not delivered to a user until the browser (or user) requests it.

In terms of marketing an E-Commerce site, successful advertising is one of the essential elements. Both push and pull technologies are important. Marketing experts agree that gaining a smaller pool of potential customers interested in a company’s specific product is of much more value than a greater pool of "generic" customers. An ad banner is displayed when a user clicks on a web page that hosts ads. Therefore, the web page containing the ad was delivered at the user’s request. This is more of a passive approach to advertising a site. Advertising a product via a mailing list or broadcast is more of a proactive approach. Here the site has the potential to be seen by those interested in the product or who have requested information on that type of product.

List of supporting papers on this topic (valid links as of November 1999):

1. Informative white paper on Push Publishing

http://www.nlc-bnc.ca/pubs/netnotes/notes41.htm

2. An example of push technology – an interactive edition of the Wall Street Journal

http://www.wsj.com/

3. Documents, articles and other information relating to Push Technologies

http://www.developer.com/directories/pages/dir.pushtechnologies.html

Security refers to techniques for ensuring that data stored in a computer and transmitted between computers cannot be read or compromised by unauthorized users. A password (secret word or phrase created and known only to a particular user) is a security measure often used when dealing with data transmission over the Internet. Mutual authentication protocols requires the user to provide a username and password, both of which must be passed over the network as typed by the user, to the remote server. If it is passed over a network in plain text, it is possible and easy for network eavesdroppers to obtain this sensitive information. Increased security, which is found in E-Commerce sites, involves data encryption. Data encryption is the translation of data into a form that is not decipherable without the use of a mechanism for decoding it. In addition, some authentication protocols and most E-Commerce sites allow users to establish a session key. This key which is created by use of random number generation and mathematical formulas, encrypts all messages during a session, providing security for the full transaction, beyond just security for authentication [7].

There are many protocols that exist for transmitting data securely over the World Wide Web. Among them are SSL, the Diffie-Hellman key exchange protocol, the University of Virginia Authentication Scheme, Augmented Encrypted Key Exchange (A-EKE) protocol, Mutual Authenticating Protocol (MAP) - a hybrid of the previous two schemes, Secure HTTP (S-HTTP) protocol, and IP Security protocols.

SSL, which stands for Secure Sockets Layer, is a protocol for transmitting encrypted documents privately over the Internet. SSL, developed by Netscape, first creates a secure connection between the client and server, after which any amount of data can be securely sent. SSL works more specifically as follows: located at the lowest level, layered on top of a reliable transport protocol such as TCP is the SSL Record Protocol. The SSL Record Protocol is used for encapsulation (embedding of one protocol within another) of various higher level protocols. One such encapsulated protocol, the SSL Handshake Protocol, allows the server and client to authenticate each other and to agree upon an encryption algorithm and required keys before the application protocol transmits or receives any data. At each layer of the SSL protocol, messages may include fields for length, description and content. SSL first takes messages to be transmitted and fragments the data into manageable blocks. The data then may or may not be compressed. After, the record is protected with a MAC (Message Authentication Code) that contains a sequence number for the message. Lastly the data is encrypted, and the results are transmitted. Received data is then "unpacked" by first being decrypted, verified, decompressed, and reassembled, then delivered to higher level clients [6]. Web pages requiring an SSL connection can be distinguished from those not requiring SSL by the use of "https:" at the beginning of the address, instead of simply "http:". An advantage of SSL 3.0 is that it is application protocol independent. It allows communication between applications and SSL without the need to know one another’s code. The encryption process can, however, be a highly CPU intensive activity. A second advantage to the SSL protocol is a built in caching scheme to make cryptographic operation more efficient. Lastly, SSL is supported not only by web servers but by many other internet clients and servers, such as Enterprise Web Secure/VM 1.1 by Beyond-Software Incorporated, Internet Information Server 4.0 by Microsoft Corp. and Java Server 1.1 by Sun Microsystems.

Another, less popular protocol used for secure transmission is Secure HTTP (S-HTTP). This protocol, which is an extension to the HTTP protocol, is used to transmit individual messages securely. It is similar to the Diffie-Hellman key exchange protocol in which two users can agree on a secret session key and then authenticate over an unsecured channel by encrypting the authentication information using the session key. S-HTTP differs in design and goals from SSL and so therefore, can be used in conjunction with the SSL protocol to achieve extremely secure transmissions. The difference between SSL and S-HTTP, is that S-HTTP sends individual messages securely. SSL on the other hand, is designed to establish a secure connection between two computers before any data is sent.

IPSec, short for IP Security, are a set of protocols developed to support secure exchange of packets at the IP layer. IPSec, being developed by the Internet Engineering Task Force (IETF), supports two encryption modes, transport and tunnel. Transport mode encrypts only the data portion of the packet being transported and not the header portion. Tunnel mode, on the other hand, is more secure as it encrypts both the header as well as the data portion of the packet. On the receiving end, the IPSec-compliant device then decrypts each packet. IPSec also requires the use of a public key type protocol. The main difference between IPSec and protocols such as SSL and S-HTTP, is the layer on which they are written. I was fortunate to be able to speak with Mr. Tso, chairman of IP Security Protocol project. He explained that since IPSec protects packets at the IP layer, this protocol requires support in the Operating System's networking stack. S-HTTP, SSL, etc. provide security at the application layer which is located above TCP. A consequence of this is that SSL, and similar protocols can be bundled into applications without requiring explicit support from the Operating System. He goes on to explain that this is one of the reasons why application-level security mechanisms have a much wider deployment today than IP-level schemes.

Another noteworthy aspect of security is the digital signature. This is a digital code that can be attached to a message or document being electronically transmitted, which uniquely identifies the sender. As with a written signature, the digital signature guarantees that the individual sending the message is actually who he or she claims to be. Therefore, digital signatures must be unforgeable, and encryption techniques help to assure this. One of the technologies used by digital signatures is "public key cryptography". This algorithm uses two different but mathematically related "keys". One of the keys (known as the private key) is used to create a digital signature or transform data into an encrypted form. Another key (known as the public key) is used for verifying a digital signature or returning the message to its original form [8]. The public key must be accessible to anyone who needs to verify the signer’s digital signature. Though the public key may be known to many and is mathematically related to the private key, due to the secure design and implementation of "public key cryptography," it is nearly impossible to derive the private key from knowledge of the public key. This two key algorithm contrasts with a "conventional," or "single key" algorithm, which uses a single key to both encrypt then decrypt data from plain text and then back. There are many schemes and specifications related to digital signatures and encryption. Some are as follows:

® Digital Signature Standard/Digital Signature Algorithm (DSS/DSA)

® ISO 9796 Digital signature schemes giving message recovery

® ISO 14888 Digital signatures with appendix

® Public Key Cryptography Standards (PKCS)

®Secure Hash System/Secure Hash Algorithm (SHS/SHA).

ISO 9796 for example, defines a scheme for verifying the integrity as well as the originator of a block of data. It is primarily designed for the protection of small quantities of data and is actually inefficient for use with large quantities. The scheme does not require the use of a specific public key system or size of key to be used. This can lead to incompatibility when different algorithms and key sizes are chosen.

Security is a major issue in need of continuing research and improvement in E-Commerce. Both businesses as well as consumers are concerned with security and the vulnerability of sensitive information transmitted over the Internet.

List of supporting papers on this topic (valid links as of November 1999):

1. Web security: How much is enough?

http://www.datamation.com/secur/01secur.html

2. Information Security Standards

http://www2.echo.lu/oii/en/secure.html

3. Digital Signature Guidelines Tutorial

http://www.abanet.org/scitech/ec/isc/dsg-tutorial.html

Digital Payment and Digital Currency:

With the increase in electronic commerce, digital payment via electronic money (e-money), has become the preferred method of payment for on-line transactions. Electronic money works by using "public-key cryptography" and digital signatures (explained in detail in topic 10 above). Banks and customers use their keys to encrypt and sign blocks of data which represent money orders. There are two possible scenarios. In the first, a consumer can "obtain e-money" by having the bank "sign" money orders using its private key. The consumer (and merchant) can then verify the signed money order using the bank’s easily available public key. In the second scenario, say the customer wants to deposit or withdraw money. The consumer who signs for the deposit or withdrawal can do this, using their private key. The bank would then use the customer’s public key to verify the signed withdrawal or deposit.

There are two different types of e-money: identified and anonymous. [1]

Identified e-money contains information, such as a credit card number, which reveals the identity of the person who originated the transaction. Identified e-money also enables the bank to keep track of the flow of money. Hence electronic payment by means of identified e-money works similarly to an ordinary credit card transaction at the local grocery store. There are security concerns, as sensitive and personal information is being transferred over the public Internet. These concerns have brought about a new set of standards, SET, which enables secure credit card transactions over the Internet.

SET stands for Secure Electronic Transactions, and is endorsed by all major companies involved in electronic commerce field such as Microsoft, Netscape, Visa, and MasterCard. SET works by using digital signatures and certificates as a means of verification as well as encryption. SET focuses on ensuring message integrity, authenticating the parties involved in a transaction, and maintaining confidentiality of information. SET is advantageous, as it enables the seller to verify that buyers are who they claim to be. On the same token, it will protect buyers by providing a way for their credit card number to be transferred directly to the credit card issuer for verification and billing without the merchant being able to see the number. With the implementation of SET, developers hope consumer confidence will increase to the same level of trust as when making a credit card purchase in the physical world. In fact an advantage to SET over existing security systems is the addition of digital certificates that associate the cardholder and merchant with their financial institutions and the mode of payment such as MasterCard, Visa, etc. The use of digital certificates in SET attempts to reinforce existing trusted business relationships that consumers have adopted towards MasterCard, Visa, etc. In addition, SET protects against fraud at a level that existing systems such as SSL do not. Protocols such as SSL provides security in the transmission of sensitive data but do not guarantee the identity of the parties involved in the transaction as SET does.

The second type of e-money, anonymous e-money, is analogous to real paper cash. It can be spent or given away without leaving a transaction trail. In addition, like real money, anonymous e-money is reusable. There are several electronic payment protocols that have been and still continue to be researched. Digital cash and digital coins are examples of anonymous e-money and specific examples include Digicash (which filed for chapter 11 reorganization less than a year ago), NetCash, Mondex, and PayMe.

Digital cash consists of a unique "serial" number, which is issued by a bank, and represents a specified sum of real money. When digital cash is sent from a buyer to a seller, there is no way to obtain information about the buyer. Digital coins are a form of anonymous e-money which allows buyers to purchase items in small denominations. They are pre-authorized and therefore are available for instant transactions. Two of the major competitors in the creation of anonymous e-money are Digicash, operating out of Amsterdam, and Netcash, which originated at the University of Southern California. It is important to note that even though Digicash has filed for chapter 11 reorganization, it has still contributed greatly to research in the area of digital cash. All indications are that it will come out of chapter 11 and continue to expand in this ever-changing field.

Another phase of digital payment under research is JEPI or the Joint Electronic Payment Initiative. This is a project which researches the process that takes place after shopping and before actual payment begins. The goal of the project is to negotiate and select a single payment system (perhaps the best under the given situation) from a group of multiple payment systems installed on client and server platforms. This system allows for an automatic payment selection process, thus enhancing the user’s shopping experience.

List of supporting papers on this topic (valid links as of November 1999):

1. Frequently Asked Questions regarding SET

http://www.setco.org/faq_usr.html

2. Net-Based Payment Schemes

http://www.anu.edu.au/people/Roger.Clarke/EC/EPMEPM.html

3. Critique of Digicash and NetCash, followed by discussion of a new system, PayMe

http://www.w3.org/Conferences/WWW4/Papers/228/

4. JEPI (Joint Electronic Payment Initiative)

http://www.w3.org/Ecommerce/white-paper

Last Updated on 10/17/99 07:56 PM
By: Marina A. Cappellino
Email: mac16@acsu.buffalo.edu