Intranets are used not merely to streamline businesses and makethem more effective, but as a place to do business as well-totake orders for goods and services and to fill orders for goodsand services. In order for this to happen, though, a secure waymust be designed for credit card information to be sent over thenotoriously unsecured Internet. There are many methods for doingthis, but one standard, called the Secure Electronic Transactionprotocol (SET), will probably be the primary method used. It hasbeen endorsed by VISA, MasterCard, America Express, Microsoftand Netscape, among other companies. It is a system that willallow people with bank cards to do secure business over intranets.This illustration shows how a transaction using SET might work.<OL><LI>Mia visits a Web site that contains an electronic catalog.After browsing through the catalog, she decides that she wantsto buy a camcorder. In order to use SET to pay for it, she willhave to have a credit card from a participating bank and havebeen issued a unique &quot;electronic signature&quot; for hercomputer that will be used to verify that it is she, and not animpostor, that is making the purchase. In SET, everyone involvedin the transaction, including the merchant, needs to have electronicsignatures identifying them and software that supports the SETprotocol. SET also uses public-key encryption technology to encryptall the information sent among everyone involved in the transaction.See <A HREF="ch17.htm" >Chapter 17</A> for details on encryption.<LI>Mia fills out an order form detailing what she wants to buy,its price, and any shipping, handling, and taxes. She then selectsthe method she wants to use to pay. In this case, she decidesto pay electronically over the Internet, with her SET bank card.At this point, she doesn't send her precise credit card number,but instead the name of which credit card she wants to use. Theinformation she sends includes her electronic signature, so thatthe merchant can verify it is really Mia who wants to do the ordering.<LI>The merchant receives the order form from Mia. A unique transactionidentifier is created by the merchant's software, so that thetransaction can be identified and tracked. The merchant's SETsoftware sends back to Mia's computer this identifier along withtwo &quot;electronic certificates&quot; which are required tocomplete the transaction for her specific bank card. One certificateidentifies the merchant, and the other certificate identifiesa specific <I>payment gateway</I>-an electronic gateway to thebanking system that processes online payments.<LI>Mia's software receives the electronic certificates and usingthem creates Order Information (OI) and Payment Instructions (PI).It encrypts these messages and includes Mia's electronic signaturein them. The OI and the PI are sent back to the merchant.<LI>The merchant's software decrypts Mia's Order Information and,using the electronic signature that Mia sent, verifies that theorder is from her. The merchant sends verification to Mia thatthe order has been made.<LI>The merchant's software creates an authorization request forpayment, and includes with the merchant's digital signature, thetransaction identifier and the Payment Instructions received fromMia's software. The software encrypts all of it and sends theencrypted request to the Payment Gateway.<LI>The Payment Gateway decrypts the messages, and using the merchant'sdigital signature verifies that the message is from the merchant.By examining the Payment Instructions, it verifies that they havecome from Mia. The Payment Gateway then uses a bank card paymentsystem to send an authorization request to the bank which issuedMia her bank card, asking if the purchase can be made.<LI>When the bank responds that the payment can be made, the PaymentGateway creates, digitally signs, and encrypts an authorizationmessage, which is sent to the merchant. The merchant's softwaredecrypts the message, and uses the digital signature to verifythat it comes from the Payment Gateway. Assured of payment, themerchant now ships the camcorder to Mia.<LI>Some time after the transaction has been completed, the merchantrequests payment from the bank. The merchant's software createsa &quot;capture request,&quot; which includes the amount of thetransaction, the transaction identifier, a digital signature,and other information about the transaction. The information isencrypted and sent to the Payment Gateway.<LI>The Payment Gateway decrypts the capture request and usesthe digital signature to verify it is from the merchant. It sendsa request for payment to the bank, using the bank card paymentsystem. It receives a message authorizing payment, encrypts themessage, and then sends the authorization to the merchant.<LI>The merchant software decrypts the authorization, verifiesthat it is from the Payment Gateway, and then stores the authorizationwhich will be used to reconcile the payment when it is receivedas it normally is in credit card transactions from the bank.</OL><H2><A NAME="DoingBusinesswithCustomersUsinganIntranet"><FONT SIZE=5 COLOR=#FF0000>Doing Business with Customers Using an Intranet</FONT></A></H2><P>Intranets may revolutionize the way that businesses sell goodsand services. Using an intranet, a company can inexpensively marketits goods and services, take orders for them, and then fulfillthe order. This illustration shows how a record company calledCyberMusic could do business using an intranet.<UL><LI>CyberMusic creates a public Web site on a bastion host inthe firewall of the intranet that it uses as a way to draw customers.To get people to visit, it features interviews with musicians,music news, concert calendars, music clips, and contests.<LI>To further draw people to the site, CyberMusic advertisesits site on the Internet. When anyone clicks on an ad for CyberMusic,they are immediately sent to the CyberMusic Web site.<LI>When the person is done browsing, they go to the electroniccheckout counter to pay for the items they've selected. The CGIshopping cart program sends a list of the cart's contents to thecheckout counter.  The buyer fills out a form that includes informationsuch as their name and address and method of payment. This informationis encrypted and sent from the Internet to the intranet throughthe firewall. The transaction is a secure one because it usesthe SET protocol.  The orderer, merchant, and credit card companythen complete the payment following the illustration on the previouspage.<LI>Information about the order is automatically transferred overthe intranet to CyberMusic's fulfillment department, which shipsout the records ordered.<LI>The site features an electronic catalog that promotes therecords that CyberMusic sells. The catalog features music clipsso that people can sample records, and has information about thealbum and its artist. To select an item from the catalog, someonemerely needs to click on a link or a button. When this is done,the item is placed in their electronic shopping cart.  As theybrowse through the catalog they can place more items in theirelectronic shopping cart.  A CGI program on the CyberMusic Website keeps track of the contents of each individual's shoppingcart.<LI>Instead of browsing through a catalog, people can do a focusedsearch on the kind of music they're interested in. They can searchby type of music, particular artist, date of release and otherterms. The search can be done via a variety of database searchingtechniques, including CGI scripting and SQL technology, both coveredin earlier chapters. When they find the album they want to buy,they need to click on a link or a button to drop the item in theirelectronic shopping cart.</UL><H2><A NAME="BusinesstoBusinessTransactionsUsingIntranets"><FONT SIZE=5 COLOR=#FF0000>Business-to-Business Transactions Using Intranets</FONT></A></H2><P>Intranets can communicate with one another through the publicInternet, instead of by using private leased lines. Leasing privatelines can be very expensive, while using the Internet is inexpensive.However, of vital importance when companies do business with oneanother using in-tranets is that any transactions be kept privateand secure. Virtual Secure Private Networks (VSPNs) allow intranetsto communicate with one another over the Internet, while keepingall data secure, by using &quot;tunneling&quot; technology. See<A HREF="ch20.htm" >Chapter 20</A> for details on how VSPNs work.<OL><LI>When a business wants to order goods from CyberMusic-suchas a music store called The Music Box-it contacts the CyberMusicintranet using a VSPN. It can search through the database of CyberMusicrecords to find the records it wants to order. A CGI program givesthem a special retailer's view of the data shown to regular customers.<LI>As a further way to en-sure that the transaction is kept secure,and that it is really The Music Box doing the ordering, a specialelectronic &quot;token&quot; (like the digital signatures describedearlier in the chapter) may be required that proves that the purchaseris indeed The Music Box. The token is sent over the VSPN.<LI>When The Music Box finds the records it wants to order, itfills out a form. This form may be customized specifically forThe Music Box, and will be different from the form used by thegeneral public, and by other companies that do business with CyberMusic.<LI>Once it is verified that The Music Box is doing the ordering,the transaction is put through using a secure payment system.There are a variety of secure payment systems that can be usedfor business-to-business transactions. One is de-scribed in &quot;HowFinancial Transactions Work on an Intranet.&quot;<LI>Information about the order is automatically transferred overthe intranet to CyberMusic's fulfillment department, which shipsout the records ordered.<LI>CyberMusic can also do business with its suppliers and contractorsusing an intranet. For example, it can post on its public InternetWeb server the fact that it is looking to buy raw, uncut CDs thatit will use in the manufacturing process, and have new supplierssubmit bids over the Internet. Established suppliers can connectvia a VSPN, and submit their bids which are then routed to theappropriate people within the intranet.</OL><HR><CENTER><P><A HREF="ch30.htm"><IMG SRC="PC.GIF" BORDER=0 HEIGHT=88 WIDTH=140></A><A HREF="#CONTENTS"><IMG SRC="CC.GIF" BORDER=0 HEIGHT=88 WIDTH=140></A><A HREF="contents.htm"><IMG SRC="HB.GIF" BORDER=0 HEIGHT=88 WIDTH=140></A><A HREF="ch32.htm"><IMG SRC="NC.GIF" BORDER=0 HEIGHT=88 WIDTH=140></A><HR WIDTH="100%"></P></CENTER></BODY></HTML>