SULLIVAN UNIVERSITY GRADUATE SCHOOL

COURSE SYLLABUS

CSC 580 

ELECTRONIC PAYMENT SYSTEMS

 

 

         INSTRUCTOR: WJ Patterson                               OFFICE HOURS: Friday 8am – 12 noon

         EMAIL:wjpatterson@sullivan.edu

         PHONE: (502) 456-6504                                         http://www.iluv2teach.com  

 

 

I.       COURSE DESCRIPTION

 

This course discusses extensions to notions of traditional computer security to include current advancements and issues related to commerce and business conducted over nonproprietary networks. We will specifically concentrate on the Internet as the medium of choice. We will discuss issues of secrecy, integrity and availability; threats, vulnerability, control and attacks; hypertext transfer protocols; encryption and decryption; digital certificates and signatures; non-repudiation; and legal differences between e-commerce and traditional commerce. This course will address e-commerce as well as the architectural differences that determine particular security solutions.

 

         Prerequisites – None

 

II.     STUDENT OUTCOMES

 

         Upon successful completion of this course, the student will be able to:

 

·        Understand specific security risks associated with E-commerce,

·        Understand the use of cryptography on the internet,

·        Understand the use of digital certificates and signature,

·        Understand electronic payment systems,

·        Understand the legal aspects of electronic commerce,

·        Describe the basic components of web security,

·        Understand the use of security measures for server, and

·        Understand the special concerns of e-business security.

Requirements

 

III.    REQUIRED TEXT

 

Electronic Payment Systems, , 2^nd  Edition, O'Mahony, Pierce, Tewari, Artech House, 2001, ISBN 1-58053-268-3

Bibliography/Webliography

 

            Secure Electronic Commerce:Building the Infrastructure for Digital Signatures and Encryption, 2^nd

                Edition, Ford & Baum,   Prentice Hall, 2000, ISBN 0-130-27276-0

            Digital Certificates: Applied Internet Security, Feghhi, Williams, Feghhi,  Addison Wesley, 1998,

                 ISBN 0-201-30980-7

            PKI: Implementing & Managing E-Security, Nash, Duane, Brink, Joseph, McGraw Hill, 2001,

                 ISBN 0-072-13123-3

            SSL & TLS Essentials: Securing the Web, Thomas, John Wiley and Sons, 2000, ISBN

                 0-471-38354-6

         General Information

• IETF Security Area: Keep up to date on Internet security standardization efforts.
• IEEE Technical Committee on Security and Privacy: An excellent list of pointers to cryptography and network security web sites.
• Security Focus: Computer security information clearinghouse. Includes a calendar, free tools, forums, industry news, and a library.
• FIRST: Forum of Incident Response and Security Teams. The main focus is on crisis response information; information on computer security-related threats, vulnerabilities, and solutions.
• Computer Security Information: It features general information about computer security.
• COAST: Comprehensive set of links to sites related to cryptography and network security.
• Computer Security Products Buyers Guide: Complied and published annually by Computer Security Institute.
• SANS/FBI Twenty Most Critical Internet Security Vulnerabilities: It is a living document, which summarize the Twenty Most Critical Internet Security Vulnerabilities.
• Baker & McKenzie's Global E-Commerce Law: Resources of E-commerce law, draft, articles maintained by Baker & McKenzie. 
• Bert-Jaap Koops' Crypto Law Survey: a survey of existing and proposed laws and regulations on cryptography.
• The Cryptography FAQ: Lengthy and worthwhile FAQ covering all aspects of cryptography.
• Tom Dunigan's Security Page: An excellent list of pointers to cryptography and network security web sites.
• WebTrends Security Analyzer: A free security test software.
• Java Cryptography Extension: a set of packages that provide a framework and implementations for encryption, key generation and key agreement, and Message Authentication Code (MAC) algorithms.

Authentication

• Web user authentication: Apache's User Authentication tutorial.
• MIT Kerberos Site: Information about Kerberos, including the FAQ, papers and documents, and pointers to commercial product sites.
• USC/ISI Kerberos Page: Another good source of Kerberos material.
• ASP Authentication Using IP Address: An article explains how to control application access by validating the user’s login and password against a database.

Electronic Mail Security

• S/MIME Charter: Latest RFCs and internet drafts for S/MIME.
• S/MIME Central: RSA Inc.'s Web site for S/MIME. Includes FAQ and other useful information.
• PGP Home Page: PGP Web site by Network Associates, the leading PGP commercial vendor.
• MIT Distribution Site for PGP: Leading distributer of freeware PGP. Contains FAQ, other information, and links to other PGP sites.

IP Security

• IPSEC Charter: Latest RFCs and internet drafts for IPsec.
• IPSEC Working Group News: Working group documents, mail archives, related technical papers, and other useful material.
• IPSEC Resources: List of companies implementing IPSec, implementation survey, and other useful material.

Web Security

• Site Security Handbook: A guide to developing computer security policies and procedures for Web sites.
• SANS Security Policy Resource page: an useful resource for security policy.
• BSI's IT Baseline Protection Manual: It helps modeling the IT assets under consideration with the aid of the existing modules of the Manual.
• Lincoln D. Stein's Web Security FAQ: A well-known web security FAQ.
• Netscape's SSL Page: Contains the SSL specification.
• TLS Charter: Latest RFCs and internet drafts for TLS.
• Microsoft Security Bulletin: Security patches for Microsoft products.
• Netscape Security: Security patches and alert for Netscape products.
• MasterCard SET Site: Latest SET documents, glossary of terms, and application information.
• SETCo LLC: Organization that promotes SET.

Certificate

• Thawte Consulting: Thawte offers free personal certificates for SSL, S/MIME, and Netscape code signing.
• Verisign: A leading commercial vendor of X.509-related products; white papers and other worthwhile material at this site.
• ValiCert Validation Authority delivers a software for validating digital certificates, issued by any certificate authority, in real time.
• Public-Key Infrastructure Working Group: IETF group developing standards based on X.509v3.
• Online Certificate Status Protocol (OCSP): An Internet standards track protocol which enables applications to determine the (revocation) state of an identified certificate.
• Electronic commerce and digital signatures: a comprehensive summary of the most current legal initiatives regarding electronic commerce and digital signatures offered by McBride Baker & Coles.
• Electronic Signature Legislation: This article explores some of the questions on using electronic signature legislation for advancing e-commerce.

 

 

IV.    ACADEMIC DISHONESTY

 

Sullivan University's policy on cheating and plagiarism is consistent with the definition of plagiarism provided by Webster's Ninth New Collegiate Dictionary:

to plagiarize is to;

w        steal and pass off (the ideas or words of another) as one's own;

w        use (a created production) without crediting the source;

w        to commit literary theft;

w        present as new and original an idea or product derived from an existing source.

 

Sullivan University also considers a student to be guilty of plagiarism if the student allows their original work to be used by another student for academic credit.

 

Note: Refer to the Student Handbook for complete details of the Sullivan University policy.

 

V.         COMPUTER LAB POLICY / HOURS

 

 

Computer Science Tutors are available for all students
 Monday - Thursday afternoon between 2:00 and 6:00 and at other times by appointment.
Consult the Student Scene or Night Scene Newsletter for daily schedules,
or ask your instructor for more information.

 

 

Computer labs will be available daily to students during the following hours:

 

                           Monday - Thursday............ 7:00 a.m. to 10:00 p.m.

                           Friday & Saturday.............. 8:00 a.m. to 5:00 p.m.

                           Sunday.............................. 12:00 p.m. to 5:00 p.m.

 

 

Students are encouraged to use the computer labs when classes are not in session during the day, and at the following times:

 

                           Monday - Thursday..................... 2:45 p.m. - 6:00 p.m.

                           Friday, Saturday & Sunday.......... some labs available all day

 

 

When a class is in session, students may use any computer not used by a student in the class, as long as the scheduled class is not disrupted.  The following rules apply during these times:

 

Ø      Do not enter a computer lab while an instructor is lecturing to the class.

Ø      Do not ask the instructor for assistance with an assignment or project.

Ø      Sit in the back of the room, if possible.

Ø      Allow students in the scheduled class to use their choice of computer.

Ø      Notify the instructor if you are having a computer hardware problem.

 

 

** Food and drinks are NOT allowed in any carpeted area of the building**

 

 

*********************************

 

It is a Class C felony in the State of Kentucky to alter computer files without authorization.  At Sullivan University, the following actions are considered a Class C felony and are subject to both criminal action and instant dismissal from school:

 

        *    Changing the "Welcome to Sullivan University" banner on a computer

        *    Changing any desktop setting or windows setting unless part of a class assignment

        *    Loading personal programs or games on a computer

        *    Intentionally modifying files not specifically assigned as part of a class assignment

        *    Using any computer for personal reasons

 

 

*********************************

VI.       EVALUATION

 

         Quarter grades will be based on the schedule shown below.

 

                                                      GRADING SCALE:

                                                            A =  90 - 100

                                                            B =  80 - 89

                                                            C =  70 - 79

                                                            D =  60 - 69

                                                            F =  below 60

 

 

Evaluation :           20% Weekly Discussion / Participation / Assignments   

20% Individual Research Paper  

30% Case Studies (Individual)

30%  Group Project

 

 

 

                                    Total                                        100%

 

 

Research Paper :        You are to choose one of the topics below, or choose one of your choice approved by the instructor

·         SET, Why it is THE most secure transaction?

·         Public Key , Private Key – How these keys unlock a sercure door?

·         State vs Stateless, How State ensures Security of a Web Site

·         How cookies are used in securing a Web Site

·         Identification vs Authentication

·         Legal Liabilities and Risks in Securing E-Commerce Sites

 

 

Online Discussion Forum:

Group discussion for this course will take place through a discussion forum offered online. You are expected to participate in the discussion to the extent of contributing a brief paper of 150 - 200 words about EACH question and at least ONE response to someone else’ s contribution on EACH question. There is, of course, no upper limit on the amount of your participation in the discussion. I recommend that you

print a copy of your postings to keep as a log of your participation in the discussion forum.  I also recommend that you write your answer in a word processor, save the file on your disk, then copy and paste the text in the discussion area.  That way you have an archive of your responses.

 

Discussion Forum Etiquette

Sullivan University is committed to open, frank, and insightful dialogue in all of its courses. Diversity has many manifestations including diversity of thought, opinion and values. We encourage all learners to be respectful of that diversity and to refrain from inappropriate commentary. Should such inappropriate comments occur, the instructor will intervene as they monitor the dialogue in each of their courses.

                                   

Conduct within this course should be guided by common sense and basic etiquette. The following are good guidelines to follow:

·          Never post, transmit, promote, or distribute content that is known to be illegal.

·         Avoid overtly harassing, threatening, or embarrassing fellow learners. If you disagree with someone, respond to the subject, not the person.

·         Refrain from transmitting or distributing content that is harmful, abusive, racially or ethnically offensive, vulgar, sexually explicit, or otherwise. Class/section norms of conduct may vary, but there is no place where hate speech is tolerated.

 

In summation: Be polite.

 

Participation:

                                    Your contribution to the class will be graded based on your thoroughness in our online discussions.  For each assignment, you are expected to draw some key points, identify relevant material outside of the text and then present your ideas based on solid knowledge and research. Since there are no exams for this class, the online discussion area is one of the methods used for you to demonstrate your mastery of the course material. Since this is a graduate level class, the expectation from the instructor is for a very high level of discussion. You are not only required to thoroughly complete the assignments, but you are also required to respond to other students replys as well.

 

                                   

Case Study (Individual)

This assignment requires you to analyze each of the following HBS cases and present your analysis, findings and recommendations in  a written report. 

·         TradeCard: Building a Global Trading Electronic Payment System (HKU105)

·         Pay-EZ: International Digital Enterprise's Solution to On-line Microbusiness  

HKU053

·         Preventing the Premature Death of Relationship Marketing (7974)

Analysis. You can follow the guidelines and form a discussion group with classmates in reviewing the selected case. If you are having trouble finding a discussion group, the instructor will assit you.  However, the written report must be prepared by yourself.  

Report. Each case presents a different story about the impact of Internet on a specific industry and the target company's  strategies to leverage the Internet channel.  Since each case covers different issues, the following guidelines may not be applicable for every case.  Your written report should be 6-8 pages (single spaced) in length and cover these elements:  

1.       Synopsis.  Start the report with a synopsis (1 or 2 paragraphs) to provide a high level overview of the case. (required)

2.       Key Issues.  Identify 2 to 5 key issues that this case is intended to explore.  Each issue should be phrased in the form of questions or a short paragraph.(required)

3.       Background.  Use this section to highlight the unique environment of this case, such as history, major event, leadership, key players, or market condition.

4.       Analysis. 

o        Motivations for going online

o        Strategies for implementation

o        Barriers, challenges for online strategies

o        Business model -- revenues, costs, and other consideration

o        Value propositions -- especially customer related

o        Organization factors

o        Technology solutions

o        Critical success factors

5.       Your Response to Key Issues:  Provide your answers to the questions that you identified in #2

6.       Next Steps: What challenges to be addressed? Your recommendations

7.       Summary: Include one or two paragraphs to discuss what you have learned from this case analysis.

References.  This assignment will be graded based on the depth and comprehensiveness of your report.  Your analysis and recommendation should reflect your understanding of the reading materials and lecture notes.  You should also look up information about what took place during 2000 till now to address point #6.  All references should be noted in the paper.  Be mindful about citing sources (including the case itself).

 

 

Group Project:      

This assignment provides you an opportunity to apply your knowledge about CRM, project management, and organization transformation in a real business case.  Each group (two to four students assigned by the instructor) will conduct an in-depth study of an Internet company or a traditional company about how they implement CRM strategies.   The case study will involve interviews, background research, and website analysis. The company to be studied will be of the choosing of the group, with the approval of the instructor.; 

Your study should examine: a) Some Facit of Electronic Payment Systems, b) supporting strategies and development of these strategies, c) organization models, d) technology and application architecture, e) development teams and implementation approach,  and f) transformation strategies

                             

Note: This course schedule is subject to change at the discretion of the instructor due to time constraints or other extenuating circumstances.