From a dynamic and developmental perspective, e-commerce can be considered a revolution in the business field that transcends time and space boundaries with modern information technology, especially network technology, as a booster. It is not only a method of online sales, but more importantly, it marks the realization of digital processing of information exchange among transaction parties (enterprises, consumers, governments, etc.), and this will definitely trigger a great change in the entire society. change. E-commerce is not only an "electronic" technology, nor is it only a "business" activity. E-commerce is a large system that includes IT, commerce, finance, logistics, law, credit and other fields. With the rapid development of e-commerce, various e-commerce solutions have emerged according to different environments and requirements.
The composition of e-commerce
In the operation process of e-commerce, it involves corporate or individual consumers, online business institutions, CA certification centers, Logistics distribution system and banks. They are connected together through the Internet network. The form is shown in Figure 1.
Figure 1: The composition of e-commerce
Security in e-commerce
The Internet is an open public network based on the Internet E-commerce has brought new opportunities to merchants, enterprises and individuals, while also leaving a broad space for those with ulterior motives. In the new trading environment, security is the basis of all trading behaviors. The so-called security refers to the combination of security strategies, security standards, security systems and security processes.
We believe that "security = management + technology", security is a complete system, and no single point of security prevention technology can solve the problem well. Effective management and the use of sound technical means combine to form a safe system. The level of safety of the system depends on the weakest link in the system. Our commonly used security prevention technologies include firewall technology, CA certification technology, data encryption technology and account password technology.
1. Firewall technology
For external malicious attacks and "hacker" intrusions, firewall (Fire Wall) technology is used to protect. For firewall technology to be effective, all information received and sent to the Internet must pass through the firewall and be inspected by the firewall. The firewall must only allow authorized communication services to pass through, and the firewall itself must be impermeable, that is, the system itself must be immune to intrusion.
(1) Packet filtering technology
Routers are necessary ports for communication inside and outside the network. Therefore, we use packet filtering routers when connecting. It is a router that inspects packets passing through it, limiting packets from external users. Its principle is to monitor and filter incoming and outgoing IP packets on the network and refuse to send suspicious packets. The way it is implemented is to use IP addresses and port numbers for restriction processing.
(2) Application gateway technology
It is a protocol filtering and forwarding function built on the network application layer. Its specific gateway application service protocol specifies data filtering logic and can be based on the application. While the service protocol specifies data filtering logic for filtering, the results of data packet analysis and the measures taken are logged and statistically generated to form a report.
(3) Proxy service technology
The proxy server is a dedicated application-level code set at the Internet firewall gateway. This kind of proxy server allows or denies a specific application or specific functionality at the discretion of the network administrator. A proxy server acts like a boundary checkpoint between the internal network and the outside world. Applications on both sides can communicate with each other through the proxy server, and the proxy server checks and confirms whether the communication is authorized.
2. CA (Certificate Authority) authentication technology
In order to ensure that secret information cannot be illegally obtained, and at the same time ensure that the information transmission process cannot be tampered with, transaction non-repudiation, identity recognition, and websites are not subject to illegal attacks, usually CA certification and information encryption technology must also be used. Commonly used ones include SET protocol and PKI authentication system.
(1) SET: Secure Electronic Transaction (Secure Electronic Transaction)
The SET protocol is a specification jointly launched by VISA and MasterCard in May 1997.
SET is mainly designed to solve credit card payment transactions between users, merchants and banks to ensure the confidentiality of payment information, the integrity of the payment process, the legal identity of merchants and cardholders, and operability. The core technologies in SET mainly include public key encryption, electronic digital signatures, electronic envelopes, electronic security certificates, etc.
(2) PKI: Public Key Infrastructure (Pubic Key Infrastructure)
PKI (Pubic Key Infrastructure) is an easy-to-manage, centralized network security plan. It can support various forms of digital authentication: data encryption, digital signature, non-repudiation, identity authentication, key management and cross-certification, etc. PKI handles all data encryption and data signing through a certification-based framework. PKI must have basic components such as certification authority (CA), certificate library, key backup and recovery system, certificate invalidation processing system, and client certificate processing system.
(3) SSL: Secure Socket Layer
The SSL protocol is a secure communication protocol launched by Netscape. It can handle credit cards and Personal information is provided with strong protection. SSL is a protocol that encrypts the entire session between computers. In SSL, two encryption methods, public key and private key, are used. The SET protocol is more complex than the SSL protocol because the former not only encrypts a single session between two endpoints, it can also encrypt and authenticate multiple messages between three parties.
3. E-commerce business model and solutions
1. Business-to-Customer e-commerce (B2C)
Business-to-Customer e-commerce refers to e-commerce activities between businesses and consumers. This type of e-commerce is mainly an online sales activity carried out with the help of the Internet. In recent years, with the development of the international Internet, the development of this type of e-commerce has suddenly emerged. For example, many large supermarkets have appeared on the Internet, selling a wide range of products, from food and beverages to computers, cars, etc., including almost all consumer goods.
Carrying out e-commerce from commercial organizations to consumers has the fewest obstacles and huge application potential. Judging from the current development, this type of e-commerce will continue to develop and is one of the main driving forces for other types of e-commerce activities.
The basic components of business-to-consumer (B2C) e-commerce solutions are: (1) Dynamic HTML pages; (2) Store member (customer) information and use it for member authentication and provide other management tools;
(3) Realize the "shopping basket" function; (4) Server and management security; (5) Customer information security management; (6) Manage and process orders, applications Business rules to complete transactions with customers; (7) Promote other products and services, and control the process; (8) Support direct sales functions; (9) Provide mechanisms and rules for Cross-Selling sales and Up-Selling;
(10) Conveniently store data (classification, orders, inventory, logs, etc.) and enable dynamic access;
(11) Management of commodities, transactions and business systems;
(12) Price promotion tools;
(13) Analyze traffic and purchase data, obtain business intelligence and establish customer behavior models.
2. E-commerce between business organizations (B2B)
Business-to-Business e-commerce refers to e-commerce activities between enterprises. For example, industrial and commercial enterprises use computer networks to purchase from their suppliers, or use computer networks to make payments. This type of e-commerce has been around for many years. Especially the business activities conducted by enterprises through private or value-added computer networks (Value-Added Network, VAN) using EDI (Electronic Data Interchange).
E-commerce from commercial institutions to commercial institutions will remain the mainstream of e-commerce in the future.
Transactions and business cooperation between commercial institutions are the main aspects of commercial activities. The fierce competition currently faced by enterprises also requires e-commerce to improve competitive conditions and establish competitive advantages. While enterprises are seeking their own development, they have to gradually improve the application environment of e-commerce.
Supply chain integration, also called value chain integration, takes advantage of the low cost of the Internet to achieve closer integration between suppliers, manufacturers and publishers. Many of the basic requirements and operations for setting up a website, processing orders and connecting to the original system can be included in the direct sales and sales solutions, while some new requirements arise in the supply chain solution, such as confirmed logins, generated data for key users User class, which takes the form of pricing and payment according to the user agreement.
The core platform of business-to-business e-commerce solutions is very similar to business-to-consumer solutions. In e-commerce solutions between business establishments, merchants are selling to merchants and not to individuals.
The basic components of e-commerce solutions between business organizations are:
(1) Dynamic HTML page;
(2) Storing a member (Customer) information is used for member authentication and management tools;
(3) Implementing the “shopping basket” function;
(4) Server and management security;
(5) Customer information security;
(6) Manage and process orders;
(7) Promote other products and services, and The process is controlled;
(8) Support direct sales function;
(9) Provide mechanisms and rules for Cross-Selling sales and Up-Selling;
( 10) Conveniently store data (categories, orders, inventory, logs, etc.) and enable dynamic access;
(11) Management of commodities, transactions and business systems;
( 12) Price promotion tools.
3. Enterprise Procurement Merchants hope to use the leverage of intranet and Internet to make existing business more effective. At the core of this business model are business solutions that make it easier to purchase low-cost, high-volume goods and ensure the maintenance, repair and operations (MRO) of a business.
Basic components of enterprise procurement solutions
(1) Enterprise procurement solutions are designed into the cost structure of a commercial organization, while supply chain integration solutions are directly oriented towards the goods. Efforts in the direction of trade and production;
(2) Enterprise procurement solutions are generally designed as an intranet-based solution, while supply chain integration solutions can include intranet-based components, but most applications Either Internet-based or Extranet-based;
(3) Applicants can be standardized on browsers;
(4) Technologies such as ActiveX controls and DHTML can Used to implement graphical and functional delivery-rich Web applications;
(5) Integrate procurement into the company's existing security and email infrastructure, which helps eliminate additional management Expenses and accelerated Routing/Basic workflows;
(6) Companies of all sizes, regardless of size and location, can exchange purchase order information, make transaction payments, and deliver products;
(7) The output form of purchase orders can be diversified, so that participating merchants can choose a different form that can work together with their existing systems;
(8) Enterprise procurement applications The program can support multiple suppliers in one site;
(9) Rationalize the structure of the company's suppliers to obtain greater discount rates.
4. Technical solutions
Different host platforms and development technologies can be selected according to the different needs of users.
(1) Technical solution 1 Operating system: Windows NT 4.0 (Service Pack 4) Database platform: MS SQL Server 7.O WEB server: MS Internet Information Server 4.0 Web Site Server 3.0 Development technology: ASP, DHTML, COM component technology, etc. (2) Technical Solution 2 Operating System: SUN SOLARIS Database Platform: ORACLE 8.0
WEB Server: Netscape Enterprise Server4.0
Development Technology: JAVA, DHTML , EJB component technology, etc.