The Role of Cryptography in Security for Electronic Commerce

Many businesses and consumers are wary of conducting business over the Internet due to a perceived lack of security. Electronic business is subject to a variety of threats such as unauthorised access, misappropriation, alteration and destruction of both data and systems. This paper explores the major security concerns of businesses and users and describes the cryptographic techniques used to reduce such risks

POTENSI MANFAAT DAN PROBLEM DI E-COMMERCE

The advanced technology of internet has brought the new way of business by introduction of the e-commerce. Nevertheless, it has potential impact on both ways, positive and negative. From the positive side, it can be utilised to enhance overall company’s performance. However, it has a lot of potential problems as well, such as cybertax, security and audit trail. Therefore, everyone who involves in the e-commerce should account for those issues to reduce or mitigate its impact

A Secure electronic document management system using public key encryption: a case of Strathmore University

Thesis submitted in partial fulfillment of the requirements for the Degree of Master of Science in Information Technology (MSIT) at Strathmore UniversityThe need to safeguard and ensure the authenticity of academic records is paramount for any reputable educational institution. As institutions are moving into the digital era, more and more documents are being stored in digital form. This comes with its own challenges and is compounded by the fact that computer files can be modified without leaving any trace, and one cannot tell the difference between the copy and the original. Hence, the need to employ security measures, such as cryptographic techniques to ensure the integrity of digital documents. Paper documents have been used as backups of academic information store in academic management systems, these are difficult to manage and entail a great deal of manpower to maintain. Besides, they also require large storage facilities. The volumes of the paper documents have increased over the years and this has necessitated the search for a better way of managing them. A lot of effort has gone into research of verification of academic certificates, while little has been done ensuring that accurate grade information maintained in academic management systems. Strict procedures must be put in place to ensure there is not tampering of the grade information in the academic management systems. In this regard, a secure document management system using public key encryption can provide a solution for storage and security of digital documents. In this research, we explored how these systems can be used to protect the integrity of digital documents. This research proposes the use of a secure document management system using public key encryption that will facilitate the digital signing and storage of the digital documents. To implement the model, we developed a system that manages user rights and enables authorized users to use a public certificate to embed a digital signature on digital documents. The system was implemented using a document management system with an additional module for digital signing. Private keys and digital certificates were generated for each of the authorized user and uploaded to the system using each user’s credentials. To apply their digital signatures, the users’ must input a password to complete the process, thereby providing an addition layer of security. The system was tested for functionality, usability and effectiveness in managing digital documents and from the test results it shows that the system can be relied upon to securely and efficiently manage digital documents

Privacy on the internet : Investigation into corporate privacy policy of Australian large private sector organisations on the internet

The popularity of the Internet has been dramatically increased over recent years. The rapid growth of this technology and its international use has made it almost impossible to regulate the internet. As a result, the Internet has certainly provided freedoms to people and it has led to some abusing systems. Privacy is one of the major issues in the development of Electronic Commerce using the Internet. As an enormous amount of personal information is transmitted to several hosts connecting to the Internet, the information can be accessed by both authorised and unauthorised people. Although it is certain that there are several existing problems of using the Internet for business activities, many organisations have already started using it. It is believed that the Internet provides efficiency and effectiveness for various activities Although much research has been described the business use of the Internet in many countries, these studies have not specifically investigated Australian organisations. Therefore, this research investigates the current use of the Internet by Australian organisations and their associated privacy policies, as a means of seeking their privacy concerns. Using a benchmark provided by Australian privacy commissioners, it evaluates their privacy policies to see how well they are established to protect privacy of users. The study utilises the top 100 Australian large private sector organisations as the sample. The current practice of the sample organisations on the Internet was observed by exploring their Web sites. Privacy policies were also collected from their Web sites. Moreover, a letter requesting corporate privacy policy was sent to each organisation that collects personal information on the Internet. The result showed that the majority of Australian organisations were using the Internet today, but a surprisingly few organisations showed their privacy policy on the Internet. Also, this research showed that many organisations did not actually have a corporate privacy policy. Many organisations are using the Internet without apparent concern for customers\u27 privacy. The organisations proactively involved in the Internet Commerce are more concerned about security side of the Internet. Hence, they appear to believe that the technology itself protects information sent on the Internet. It has become clear that technology by itself does not provide the security needed for users of the Internet as unethical act of authorised parties could harm privacy of individuals. There is an argument that the Internet needs to be regulated. However, the process of international regulation on the Internet has not been started. Thus, it is ideal that organisations proactively protect clients\u27 personal information accessible by the use of the Internet technology. This study looks at the methods of obtaining privacy of individuals and suggests the ideal conduct of organisations

An analysis of the barriers to UK small business web infrastructure development

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University, 05/12/2006.This thesis analyses the Web infrastructure development process experienced by UK Small Businesses and considers the nature and impact of the barriers and problems that affect it. In doing so the thesis combines three previously disparate streams of research; research that considers the infrastructure development process, research that considers the benefits that become available via the use of an infrastructure and research that considers the barriers to benefit realisation. Analysis reveals that while the organisational advantages and benefits are well documented, Small Businesses routinely encounter problems to their realisation. Likewise, current developmental methodologies appear ill suited for use by Small Business. This thesis addresses those gaps within current knowledge and understanding. The study utilises a multiple case study research strategy. The research design utilises multiple data collection methods to triangulate the study data thereby corroborating the accuracy, veracity and parsimony of the study findings. The study findings reveal that the development process encompasses three stages, initial development, corrective development and long-term development. The findings also reveal that as the sophistication of an infrastructure is enhanced, increasingly sophisticated benefits become available. At the same time however, barriers to development will be encountered. Each can curtail benefit realisation or can block ongoing development entirely. Within the development process, the business's owner/manager is the driving force behind development and is motivated to undertake development because of the benefits that will bring to their organisation. The thesis makes a demonstrable contribution to knowledge because its combined analysis of three previously disparate streams of research is novel as is its depiction of a three stage Web infrastructure development process. Future work can build upon this study's findings by testing the theories developed within this thesis so that they can be generalised more widely

A method for creating digital signature policies.

Increased political pressures towards a more efficient public sector have resulted in the increased proliferation of electronic documents and associated technologies such as Digital Signatures. Whilst Digital Signatures provide electronic document security functions, they do not confer legal meaning of a signature which captures the conditions under which a signature can be deemed to be legally valid. Whilst in the paper-world this information is often communicated implicitly, verbally or through notes within the document itself, in the electronic world a technological tool is required to communicate this meaning; one such technological aid is the Digital Signature Policy. In a transaction where the legality of a signature must be established, a Digital Signature Policy can confer the necessary contextual information that is required to make such a judgment. The Digital Signature Policy captures information such as the terms to which a signatory wishes to bind himself, the actual legal clauses and acts being invoked by the process of signing, the conditions under which a signatory's signature is deemed legally valid and other such information. As this is a relatively new technology, little literature exists on this topic. This research was conducted in an Action Research collaboration with a Spanish Public Sector organisation that sought to introduce Digital Signature Policy technology; their specific research problem was that the production of Digital Signature Policies was time consuming, resource intensive, arduous and suffered from lack of quality. The research therefore sought to develop a new and improved method for creating Digital Signature Policies. The researcher collaborated with the problem owner, as is typical of Participative Action Research. The research resulted in the development of a number of Information Systems artefacts, the development of a method for creating Digital Signature Policies and finally led to a stage where the problem owner could successfully develop the research further without the researcher's further input

E-Business assimilation in the context of Saudi Arabia : utilising Habermas' lifeworld and system theory

E-business assimilation in Saudi Arabia becomes critical due to the overarching social issues that the stakeholders encounter. Grounded in Habermas‘ Critical Social Theory (CST), this study applies the theory of lifeworld and system to understand the relevance of the Islamic faith as well as the Arab culture in the conduct of businesses in Saudi Arabia, which in turn, would make e-business assimilation a success. This study seeks to contribute to the IS literature‘s lack of research in which the aim is to emphasise social factors as the main determinants of e-business assimilation. We point out that inherent to the other important factors (e.g., technological, organisational, and cultural), people‘s actions (emancipated or regulated) are most critical to realising business‘ innovation and growth through utilising e-business technology. The sample of the study was composed of 1071 SAP end-users from the three leading Saudi companies, namely, Saudi Aramco, Saudi Basic Industries Corporation (SABIC), and Saudi Iron and Steel Company (Hadeed), an affiliate of SABIC. Also, seven consultants contributed their knowledge and expertise regarding e-business adoption, on which they have been working for many years. The necessary data were collected through two methods: (1) distributed survey questionnaire for the SAP end-users; and (2) face – to - face (semi-structured) interview for the consultants. The value of Habermas‘ theory of lifeworld and system is shown by the development of a business model that can be used to achieve e-business assimilation success in the context of Saudi Arabia because it has the ability to distinguish the actions in various social situations – whether the actions reflect emancipation or restriction of the actors‘ way of living; and consequently, whether the actors‘ way of living should remain as it is or should undergo necessary changes. The newly developed ―E-Business Assimilation Model‖ (EAM) includes as its constructs the most important factors relevant to e-business success as well as the concepts of lifeworld and system: that is, all factors are subject to be ―filtered‖ through both the lifeworld and the system constructs. Through EAM, it was found that it could be easy for the project team to execute an e-business project if they will give critical consideration II to the people‘s social and cultural beliefs, aspirations, perspectives and preferences. Understanding the people‘s social and cultural means allows the project team to customise the e-business systems to be installed, and to make sure that the new system really fits the organisational setting. For every challenging lifeworld and system situation, the top management can provide improved solutions to be applied. The findings show how SAP implementation in the selected companies was affected by social factors such as age and gender; cultural factors such as religion; organisational factors such as performance motivating, management support and consultancy; and technological factors. The companies‘ change management programmes had enabled resolution of problems by the adoption of measures suited to each company‘s holistic characteristics and needs. Evidence of system-lifeworld interactions was demonstrated in each of these cases. Saudi society was shown to be strongly lifeworld oriented, such that ‗system‘ comes into conflict with a member of lifeworld and there are some lifeworld elements (such as gender roles and constraints) that system cannot change but must work within. The findings demonstrate the value of a system – lifeworld perspective in analysing factors influencing a change such as e-business assimilation and result in development of an elaborated model for holistic analysis of pertinent factors

Virtual Entrepreneurship: Explicating the Antecedents of Firm Performance

Prior research has examined entrepreneurial businesses spatially located in the physical or offline context; however, recent radical information and technological breakthroughs allow entrepreneurs to launch their businesses completely online. The growth of the online business industry has been phenomenal. Predictions for worldwide online sales estimate it to reach $2 trillion in 2016. Virtual entrepreneurship refers to the pursuit and exploitation of opportunities via virtual platforms. Web 2.0 cybermediaries offer web-based platforms that function similarly to traditional intermediaries in a virtual setting and minimize barriers to entry for virtual entrepreneurial firms. The use of such cybermediaries with increasing success suggests an implicit shift in the dominant logic that typically underpins the functioning of entrepreneurial firms operating in the physical world. In this relatively uncharted territory, marked by a focus on profit, cooperation, collaboration and community, three ideal-type institutional logics i.e. Market, Corporation and Community, blend together. It is posited that a Virtual Entrepreneurial Logic guides the norms, behaviors, and practices of entrepreneurial firms operating via these virtual platforms. This raises the question whether the blending of three ideal-type logics leads to the existence of different antecedents of performance. A business model antecedent addressing the economic dimension, a community antecedent addressing the community dimension and a co-creation antecedent addressing the collaborative dimension of the Virtual Entrepreneurial Logic were therefore empirically examined in this study. Thus, three research questions were investigated to explicate the antecedents. Primary data from 1396 virtual entrepreneurial firms was collected (business model antecedent n=366, community antecedent n=732 and co-creation antecedent n= 298) to test the proposed hypotheses. Results provided support for the three antecedents. This study makes important theoretical and practical contributions to understanding the domain of virtual entrepreneurship from a blended logics perspective. Using the theoretical lens provided by institutional logics helps shed light on the pivotal role played by cybermediary platforms in the Web 2.0 context. The primary role of synergistic effects, cooperative behavior, and collaboration have important implications for virtual entrepreneurship. Findings also contribute to other related streams in entrepreneurship such as microenterprises. The study offers theoretical extensions of prior work on co-creation to virtual small entrepreneurial ventures. From a practical standpoint, insights can help entrepreneurs to better understand and leverage performance drivers in virtual contexts in general and on cybermediary platforms in particular