sábado, 29 de octubre de 2011

Deficiencies in the Internet Mass Media: Visualization of U.S. Election Results

The Internet news media is an important source of information for many people in the information age.
Information visualization is not in widespread use in the news media, whether in print or on the web. One notable exception is the reporting of election results in the United States. Not only is visualization shown by the media during the coverage of the elections, it is also widely noted and
studied by consumers of the mass media. The image of blue and red states after the 2000 Bush-Gore elections and the 2004 Bush-Kerry elections has significantly influenced the way Americans view politics and society in their country.
In the 2000 U.S. presidential elections, for the first time, all major media outlets used blue to represent Democrats and red to represent Republicans, and the terms `blue states' and `red states' gained ubiquitous status after the 2004 presidential elections'' in mainstream political discussions, indicating the tremendous power and influence of this visualization.
Another major reason for the popularity of election visualization on the Internet is because of the real-time coverage it provides. People cannot wait till morning to read the print news, which by that time is outdated by
several hours. Because races in recent years have been decided by razor-thin margins, people want to get the latest results.
Visualization of election results is very challenging because of the complexity of the data. The data types need to be visualized include: candidate (name, party affiliation, and state), electorate (party affiliation and vote), geographical distribution, balance of power, change in balance of power, margin of victory.
The effectiveness of the visualization of election results is therefore very important, since it is the one visualization that people pay strong attention to. On one hand, rather than have users pore through tables of data, an effective visualization of the election results will quickly
give users a clear understanding of the situation. On the other hand, a poorly-designed visualization may add more confusion than clarity, and force users to turn to competitor's websites for information. Even worse, some visualizations may potentially lead users to draw incorrect conclusions.
We conducted a study on the effectiveness of two of the most popular online visualizations of the November 2006 mid-term elections in the United States from Internet news sources. In these elections, the electorate chose governors, and representatives of the House and the Senate
in many but not all the states. We study how easy or difficult it is for the users to get information from the visualizations. We also study whether the users were able to obtain accurate information. Furthermore, we created our own alternative visualizations, and tested whether our visualization is more effective than the two Internet mass media visualizations we studied.
The results show that these visualizations are alarmingly misleading and difficult to interpret. A large proportion of users were unable to obtain basic and pertinent information from the visualizations. In contrast,
users performed much better on the alternative visualizations that we designed. Such severe deficiency of the Internet mass media is of grave concern because of the widespread dependency of the population on the Internet for checking election results, and the financial impact on the various players in this competitive business.

Related Works
There are multiple ways of mapping the information in the election results to visual properties. A good mapping is able to convey facts to the user. However, a poorlydesigned visualization may confuse the user, obscure data, or even cause the user to draw false conclusions about the data. As Van Wijk [5] points out, visualization is often subjective, warning of the danger the visualizations can cause the user to gain negative knowledge.
Sutcliffe et al. [4] performed user tests on an integrated visual thesaurus and results browser system.
They found that although users liked using the system, the system did not actually improve performance. Their work shows an actual instance of the limitations of visualization, as the study found that users were confused by a visual metaphor used in the system. In our study, we are also interested in investigating whether the visual metaphor used in election visualization leads to positive knowledge.
Plaisant [3] points out that information visualization techniques are being adopted in mainstream applications but users sometimes still struggle in using them, and stresses the need for studies to guide the more effective deployment of visualization functions. The goal of this paper is to study users' experience of using visualization in mainstream media, with the hope that it will lead to improvements.
The effectiveness of using red and blue states of the U.S. map to show election results have been studied. For example, Gastner et al. [2] show alternatives by distorting the map based on population.

User Studies on Election Visualization
We conduct two between-subjects studies comparing the performance of users using Internet mass media election visualization with the alternative visualization that we designed. We selected webpages from and, since they are the top and third most popular online news sites (excluding the Weather Channel) according to a HitWise study in May 2005.
The subjects in our studies were all undergraduate students in Anonymous University majoring in Computer Science. They were of ages ranging from 19 to 35.
They also had varying familiarity with the American political system. All subjects were asked if they knew beforehand the number of seats in the U.S. Senate and whether they knew beforehand which color represented which party. This is because their knowledge directly impacts their ability to answer some of the questions. The same users participated in both studies.

Study I
In Study I, we investigate the effectiveness of Internet mass media visualizations in conveying information about the overall Senate election. There are a total of 100 seats in the U.S. Senate. Democrats need to control 51 seats to get a majority, while Republicans need to control 50 seat (because the Vice-President, not a member of the Senate, who can cast the deciding tie-breaker vote, was Republican at the time of the elections). Not all the seats are up for the elections in November 2006 because they have to serve out the rest of their term. The preceding facts are potentially confusing to people unfamiliar with U.S. politics, and make the visualization challenging. There are a few major issues that people reading the election coverage are concerned about: (1) Who will gain control of the Senate, (2) How many seats switched hands between the parties, and (3) Among the seats that are contested in November 2006, how many did each party win?

In this study, subjects were divided into three groups, 9 subjects in Group A, 9 in Group B, and 10 in Group C.
Group A viewed the display taken from showing the Senate balance, Group B viewed table from of the same data, while Group C were shown a bar chart visualization that we created. These three difference images are shown in Figures 1 through 3. Image A does not show how many of the seats were up for elections, nor how many seats changed hands. Image C does not show how many seats changed hands. Only Image B has all the information. In our test questions, we want to test how informative the visualizations are.
We asked each subject the following questions: 1. How many Senate seats are there altogether? 2. At this time, how many have been decided? 3. Among those decided, how many are in Democrats' hands? 4. At this time, is it conclusive who will have majority in the Senate? We selected these questions based on what we believe is the intention of the Internet visualizations tested in Study I; their intention is to convey to the user the status of the Senate race. These visualizations were meant to tell readers whether the Senate race has been decided, if so who won, and if not what the status is.

Figure 1: Study I: Visualization of overall Senate race
(Group A - Users were told to look at the
area marked ``look here'', which is intended to inform the
users of the status of the Senate race (Has anyone won? If
so, who won? If not, who is ahead, and by how much?).
Because the bar chart lacks vital information, users had
difficulty interpreting it.

Figure 2: Study I: Visualization of overall Senate race
(Group B - Users were told to look at the area
marked ``look here'', which is intended to inform the users
of the status of the Senate race (Has anyone won? If so, who
won? If not, who is ahead, and by how much?). Users had
difficulty locating relevant data to make conclusions about
the Senate race.

Figure 3: Study I: Visualization of overall Senate race
(Group C - Our alternate visualization). This visualization
is proposed as an alternate to the visualizations marked
``look here'' in Figures 1 and 2. Users were better able to
obtain important information about the status of the Senate
race than users of those two Internet media visualizations.

The average score over all questions for Group A (, B ( and C (our alternate) are 0.7 , 0.22 and 0.98 respectively. The average time taken by were 160, 189 and 93 respectively. The Chi Square analysis
results are shown in Table 1. Group C users performed significantly better than Group B on Q1, Q2 and Q3, and better than Group A on Q1. Group A users performed significantly better than Group B on Q2 and Q3.
Table 1: Chi Square Statistical Analysis of Study I. The
threshold at p=0.01 is 6.63.

Users of the (Figure 1 for Group A) visualization had difficulty answering Question 1: only 30% of them answered that question correctly. Otherwise, the users of the visualization were able to accurately obtain the other important information asked in the other questions.
The (Figure 2 for Group B) visualization fared much more poorly. Although all the information is present in the display, users were unable to understand it.
90% of the subjects failed to answer the first three questions correctly. In other words, they were unable to tell the total number of Senate seats, how many have been decided, and how many the Democrats have won. They did better in the last question, but still, only 60% of the subjects were able to answer the last question correctly.
Every subject also answered a survey where they were asked if they had known beforehand the total number of seats in the U.S. Senate. Among those who did not know the answer or got the wrong answer, none of the users of
the or visualizations answered Question 1 correctly, while all the users of our alternative visualization got that question right. This result is expected for the visualization because it failed to present this important piece of information. But it is even more alarming that users of also failed to answer this question, because this information is actually available in the visualization. This just shows that the visualization is too confusing for users to obtain this basic information.
In contrast, the new alternative visualization that we came up with (Figure 3 for Group C) was much more effective. Every subject answered questions 1 through 3 correctly, and only one subject did not answer Question 4 correctly. On average, subjects also answered the questions
significantly faster than users of the other two visualizations, taking about two-thirds the time of, and half the time of
Note that we did not test the number of seats that changed hands, which is shown in the visualization, but not in the other two. The
visualization would probably have performed better on this question, but we did not test it, because we believed that this is not such crucial information compared to the questions that we asked.

4.2 Statistical Analysis
We performed Chi Square Test of significance for each pair of Groups for each of the Questions 1 through 4.
The results are shown in Figure 2. The results show that users of our alternative visualization performed significantly better (p<0.01) than the users of the visualization on Questions 1, 2 and 3, and significantly better than the users of on Question 1. The users of performed significantly better than the users of on Questions 2 and 3. Performing ANOVA (Analysis of Variance) on the time taken by users of different groups to answer the questions, we found that the difference observed is statistically significant (p<0.001). Users of our alternative visualization took the shortest time to answer the questions, followed by, and users were the slowest.

Figure 4: Bar chart comparing the performance on subjects
in Study I. On average, users of our alternative
visualization performed the best and most quickly, while
users of the visualization performed the worst
and took the longest time. ANOVA analysis shows that the
difference in time taken is statistically significant, at p =

4.3 Problems with the Visualization
The flaws of the visualization (Figure 1 for Group A) are obvious. It doesn't tell the total number of seats in the Senate. Therefore, users performed poorly on Question 1, which asks, “How many Senate seats are there altogether?” That is a crucial question because that
determines the outcome of who will have control over the Senate, which is the question on top of many readers' minds. The visualization only shows the balance, and a cryptic number “98.” It is not clear whether 98 represents the number of seats in the Senate or the number of seats that have been decided. Without knowing this, readers do not know the aggregate outcome of the elections, or whether the outcome is already known.

4.4 Problems with the Visualization
The table shown in the visualization actually contains a lot more information. However, the information is presented in a confusing and misleading manner. One column is labeled “Total.” It is unclear what “total” means; it could refer to (1) the total number of seats won by the party in this election, or (2) the total number of seats controlled by the party (including those not contested in this election). Furthermore, it is not clear how many seats are still undecided. For that, the reader would have to read the fine print above the table, and find out that actually 2 seats were still undecided at that time. Consequently, 90% of users answered Questions 1, 2 and 3 wrongly, which is an unacceptably poor result. Not only that, but users also had to try a lot harder to understand the table, taking twice as much time as those using our alternative visualization.

5. Study II
In Study II, we investigate the map of the United States showing which states voted for which party. This is an important visualization because it shows the geographic distribution of the support for each party. The color-coded map visualization used to depict the results of the 2000 presidential elections was very influential in shaping the understanding of the U.S. socio-political landscape because it showed a clear divide between the “blue” states (those who voted for the Democratic candidate) on the west coast and northeastern states, and the “red” states (those who voted for the Republican candidate) in the rest of the country

Figure 5: Study II Group A were shown this image:
Visualization of Senate election results from
Misleading and ambiguous legend led to some
misunderstanding and misinterpretation of results among

In the November 2006 elections, the color-coded map was once again used to show the results of the elections.
However, the information to be shown is much more complex. In these elections, the terms of the Senate seats of some states were not over, and so those seats were not contested. Therefore, they had to be shown in a different color. In addition, there were some Independent candidates who won seats, whereas in the presidential elections, no states voted for any Independent candidate. Consequently, another color had to be used to show Independent candidates. Thirdly, the media would like to show which
states switched parties; in other words, which states voted for a candidate from a different party from the incumbent.
Finally, at the time of reporting, the results of some states were still unknown, and that had to be conveyed in the map.
The visualization provided by is shown in Figure 5 and our alternative visualization is shown in Figure 6. Each subject was asked the following sequence of questions: 1. Was the Senate seat of Indiana (IN) contested? 2. If yes, which party won? 3. Was the Senate seat of Montana (MT) contested? 4. If yes, which party won? 5. Was the Senate seat of Ohio (OH) contested? 6. If yes, which party won? 7. Was the Senate seat of Oregon (OR) contested? 8. If yes, which party won? 9. Was the Senate seat of Connecticut (CT) contested? 10. If yes, which party won? 11. Was the Senate seat of Hawaii (HI) contested? 12. If yes, which party won? 13. Which states switched parties?

Figure 6: Study II Group B was shown this image: Our
alternative visualization of Senate election results. We use a
yellow star symbol to represent states which changed
parties, and we made the legend more informative.

The above questions all test basic information that users should be able to obtain from the figure. The states mentioned in the questions were all located for all the users so that the time taken by users unfamiliar with the geography of the United States to locate the states would not be a variable in the test. We selected the above six states to question the users because they represent the different categories: Republican (IN), Processing (MT), Democrat/party switch (OH), not contested (OR), Independent (CT) and Democrat (HI). Finally, since this visualization attempts to convey the information about which states switched parties, we test this in Question 13.
5.1 Results
The results of Study II are given in Figure 7. For each question, a wrong answer receives 0, and a correct answer receives 1. Questions 1 through 12 can only either be correct or wrong. For question 13, getting all the states correct receives 1, getting none of the states receives 0, while getting some of the states receives the corresponding fraction of the points.
Users of our alternative visualization answered the questions more accurately than users of the visualization, except for Question 2 (users of both visualizations performed equally) and Question 9 (users of performed slightly better). Users of our alternative visualization also took a shorter time answering the questions.

5.2 Statistical Analysis
We performed the Chi Square Test of significance on Questions 1 through 12, since the answers are correct/incorrect and therefore nominal. We performed ANOVA on Question 13 since each participant's answer is given a numerical value of correctly. We found that Questions 6 and 13 shows significant differences (at the p<0.02 and p<0.01 levels respectively) in the performance of the users between the two groups.

Figure 7: Bar chart comparing the performance on subjects
in Study II. Users of our alternative visualization performed
significantly better on Questions 6 and 13. Although the
average time spent on our alternative visualization was less
than for, the difference is not statistically

In Question 6, many users of the map were confused about the bright blue color. They did not interpret the bright blue color to mean that Ohio was contested, and the Democrats won it from the incumbent Republicans. As for Question 13, many users of once again did
not understand the bright blue and yellow colors to mean change of control.
Although the average time spent on our alternative visualization was less than for, ANOVA shows that the difference is not statistically significant.

5.3 Problems with the Visualization
The visualization is confusing because of its lack of a clear legend and its poor choice of color scheme. In the legend, the Democrat (DEM) and Republican (GOP) colors are shown as a lighted blue and red sphere respectively. The problem with lighting the sphere is that the color is non-uniform, and therefore does not match with the actual color in the map. The next problem with the legend is that the symbol for states that are still ``processing'' the votes is shown as a saturated dark green circle with double circular arrows. However, this does not match with the actual color of the states shown on the map (MT and VA), which is a faded light green.
Furthermore, on the map of the actual states still processing the results, no symbol containing the double circular arrows is shown: the legend does not match the actual visual image used, which is a very serious error.
The decision of to indicate party switch with brighter colors causes even more confusion. In this visualization, the states of MO, OH, PA and RI are shown in brighter blue because they are states that have switched from Republican to Democrat in these elections. However, this is confusing because this bright blue color matches with the color of “Voting” shown in the legend. This can mislead users into thinking that these states are actually still voting.
The results of our user study indicate that this choice of a misleading visual mapping indeed causes a significant problem. In Question 13 asking which states switched parties, subjects using the visualization on
average scored 0.43. On our alternative visualization, which is to indicate party switch with a star symbol, users on average scored 0.98. (Note: the star symbol was also used by other mainstream print media to show states that switched parties.)
There is also no entry in the legend for Independent candidates. VT and CT were both won by Independent candidates. Because CT was also a party switch, it is shown in a brighter color. has chosen to use Yellow to be a brighter version of Beige. This is not an intuitive choice of colors, and it is not universally accepted that Yellow is a brighter version of Beige. Once again, this leads to confusion.
There is also no entry in the legend for the states whose Senate seats are not contested. On the map, they are shown in grey, which is a sensible choice. However, because of the poor legend, grey could represent many
different things besides being uncontested; for example, they could mean “processing,” “too close to call,” or “voting.”

6. Questionnaire
All subjects filled out a questionnaire with questions that correct for any variables in the tests. Subjects were asked if they knew before-hand what the total number of seats in the Senate was. If they claimed that they knew it, they were told to write down that number. This knowledge
would enable a subject to answer Question 1 of Study I correctly regardless of the visualization used. The responses of the subjects were recorded and reported in Section 4.1, where we report the results of Study I. Subjects were also tested on their familiarity with U.S. politics, for example, the conventional use of Red to represent the Republicans and Blue to represent the Democrats. All visualizations implicitly assume such knowledge. Also, subjects were asked if they were affiliated in any way to and, since such affiliation may bias their answers. All subjects were sufficiently familiar with U.S. government to know about
Republicans, Democrats and their respective colors, and also none of the subjects were affiliated with the companies whose visualizations we tested.

7. Conclusions
Through our user studies, we conclude that the two examples we studied of Internet mass media visualizations of the 2006 elections were ineffective and misleading. We showed subjects screenshots of visualizations provided by and, two of the most widely-used Internet news sites. The subjects performed poorly on many of the questions asking about basic information. We have provided a detailed analysis of the users' performance on each question and discussion on why the users did not perform well. In summary, we found that users were unable to answer basic questions about the data because of (1) poor choice of visual cues (colors, symbols) in the visualization, (2) lack of a proper legend to explain the colors and symbols used, (3) misleading, ambiguous or wrong legend, and (4) lack of crucial information (such as total number of seats contested). The users thus performed poorly on the two visualizations tested. Users of the Internet visualizations took a longer time and were less accurate in their responses compared to users of our alternative
Our study also thus shows that it is possible for a welldesigned visualization to convey the same information, and this means that the failure of the Internet mass media visualization is due to poor design, and not because the intrinsic complexity of the underlying data or any intrinsic limitations [1] of using a 2D display to present the data.
We believe that Internet visualization of election results is very important because many people depend on the Internet for real-time updates of the election results.
Many people check the results frequently on the Internet while the various states report their returns and exit polls.Unlike most news stories, where readers prefer to read textual descriptions, view videos and images, for elections, users like to look at tables, charts, maps and other visualizations to analyze the results. It is therefore very crucial that the Internet mass media provide visualizations that are accurate, user-friendly, and clear. This makes the results of our study particularly alarming, because our study shows that users experience great difficulty in using the visualizations, often drawing wrong conclusions. Furthermore, we have also designed some simple alternative visualizations that are able to convey the same information much more clearly. We hope that the Internet
mass media will improve on their election visualizations.

8. References
[1] C. Freitas, P. Luzzaerdi, R. Cava, M. Wincker, M. Pimenta, and L. Nedel. “Evaluating usability of information visualization techniques.” In Proceedings of the 5th Symposium on Human Factors in Computer Systems (IHC
2002), 2002.
[2] M. Gastner, C. Shalizi, and M. Newman. “Maps and cartograms of the 2004 US presidential election results.” Advances in Complex Systems, 8:117-123, 2005.
[3] C. Plaisant. “The challenge of information visualization evalution.” In Proceedings of the Working Conference on Advanced Visual Interfaces (AVI’04), pages 109-116, 2004.
[4] A. Sutcliffe, M. Ennis, and J. Hu. “Evaluating the effectiveness of visual user interfaces for information retrieval.” International Journal on Human-Computer Studies, 53(5):741-763, 2000.
[5] J.J. van Wijk. “The value of visualization.” In Proceedings of IEEE Visualization (VIS ’05), pages 78-86, 2005.

The Covered Bazaar on the Internet

Over the past decade, the Internet has evolved from an exotic “place” populated with academics and scientists to a common marketplace for the general populace. The global network of electronic infrastructure has played a significant role in this expansion but the technology itself is not the factor driving the business revolution. The changes are driven by the interaction of information technology and customer demand [1]. Gone are those days in the early 1990s when the Internet was populated mainly with research papers, scanned texts and some downloadable software from university research laboratories. The Internet has become the medium of what Vernadsky [2] calls “noosphere” - the next step in the evolution of the biosphere of the Earth. The developments in the latter half of the 1990s illustrate that the common information environment that supported the development of a common scientific approach to the world (the basis of the “noosphere”) has had an effect of homogenising the networked global population.
A contribution to the weakening of both economic and cultural diversity in the epoch of transition into the 21st century is the push towards globalisation at any cost. The latest advances in information and communication technologies (ICTs) have been touted by Internet
enthusiasts as the catalysts that lead to greater world democracy and prosperity. Little thought has been given to the possibility that the values and communication preferences inherent in these technologies may not be universal. In fact, the consequences of new communication
technologies could be a homogenous “McWorld” [3, 4]. The alternative to such global homogeneity is what Barber refers to as “Jihad” – the reaction that occurs when diverse cultures try to preserve their identity. However, the apparent dilemma between Jihad and McWorld may not be so intractable [5]. Indeed, there are examples that demonstrate points between Barber’s dichotomy. Thailand’s use of CMC technologies, for example, allows for
both global connectivity (but in a “thin” culture) and the preservation and enhancement of local cultural values and communicative preferences (a “thick” culture) [6].
Another contribution to the weakening of both economic and cultural diversity in the epoch of transition into the 21st century is the two processes of discontinuity and rapid change.
Even the most basic of human activities have lost much of their idiosyncratic individuality as these activities, of necessity, conform to standard protocols and operating procedures.
An example of such a basic human activity is the common task of shopping. The rapid expansion of e-commerce on the Internet, and the speed with which societies are adapting to the notion of doing business and shopping electronically, creates the perception that ecommerce is a natural evolution in this information age. Although scholars are cautious about
issues such as security [7-9], trust [10], health and lifestyle [11, 12], very little research has been carried out to evaluate the effect of global e-commerce on indigenous and local cultures.
The current environments, metaphors and processes of Internet commerce have perhaps the most potential to adversely impact on cultural identities. While new technologies are capable of creating and archiving user and product profiles, developers and researchers in the field are
only beginning to consider how cultural profiles can assist in the global marketplace.
In this paper, we describe the development of e-commerce in the context of the various metaphors currently used for online shopping. We explore the metaphor of a 3D marketplace and the implementation of such a model in e-commerce systems. Finally we discuss the efficacy of culturally diverse e-marketplaces for maintaining the integrity of languages and cultures along with global economic communities.


The evolution of the media and underlying technology for e-commerce on the Internet can be divided into several distinct phases. During the first phase, in the early 1990s, the Internet was used primarily for information dissemination via e-mail and static Web pages. The Internet was a complementary information channel to magazines, radio and TV for distributing product information. The transfer of information lacked security and integrity.
The second phase, from the mid to late 1990s, saw security and privacy protocols being added to a variety of transaction processing services. This addition opened the Internet to a variety of commercial and corporate uses. The development of dynamic Web pages and database-driven Web sites added a spin of interactivity. E-commerce also borrowed some ideas
from research in computer supported collaborative work (CSCW) [13, 14].
The current phase of e-commerce is connected with the development of intelligent technologies like data mining, online analytical processing (OLAP) and sophisticated search engines. These technologies are used for creating both product and user profiles, and for adapting the behaviour of the e-commerce system to individual combinations of these profiles.
They require the development of new interfaces and business models.
This dramatically changed computing universe – the networked microcomputer and advanced communication networks, deregulation of telephone services, expansion of Internet


Perhaps the most popular and visible B2C model on the Web is the web mart (or digital storefront). The model is a result of the creative merger of two shopping metaphors: the mailorder (catalogue) business6 and the shopping mall/supermarket.
The mail-order business has survived more than a century. The first catalogue sales began in the United States at the end of 19th century, when two major mail-order companies, Montgomery Ward and Sears Roebuck, were established. The obvious advantage of this model
was a decrease in the amount of time needed for shopping. The disadvantage was the
limitations of the media (paper) to represent the qualities of the goods.
The shopping mall model flourished with the growth in the popularity of automobiles and the expansion of road systems. The automobiles and road systems provided the underlying technology, and efficient large chain stores lured the customers. Customers were willing to travel relatively long distances to reach a large store that offered a variety of products at
relatively lower prices. The key factor for a chain to compete effectively and achieve profitability at low prices was purchasing in volume. Not surprisingly, the same principle worked for the customers – the volume at low prices compensated for travel time and expenses.
As customers were now purchasing in volume, families found it useful to have a shopping list (usually a cumulative list on which a household places it needs) as they negotiated massive supermarket isles with their shopping cart (in which the needed items are placed). The shopping cart is the vehicle for transporting needed items from the supermarket shelves to the cash register and subsequently to their automobile.
The combination of the catalogue and the supermarket metaphors formed the underlying metaphor of the popular Web-Marts. Figure 1 shows a typical example. Variations across Web-Marts are very small – where they do occur they are mainly in the layout. Consistent with its composite counterpart, Web-Marts feature a link to browse catalogue items and a link to
view the contents of the shopping cart as items are placed in. For full-scale shopping, a user generally enters the mall with a login name and a password.
Figure 1. The “front” Web view of a typical “Web-Mart”.

Figure 2 illustrates what a customer finds inside a “Web-Mart” – a typical catalogue page which is usually equipped with a search engine. To some extent, search engines change the shopping strategy from browsing (through the catalogue) to selective searching (for a specific product). However, the selective searching strategy will work if the customer not only knows
the language (English in most cases), but also the specific term used to label that product.
Figure 2. Inside the Web-Mart

Similar to the procedure in the physical supermarket, the virtual shopping cart metaphor allows customers to accumulate and store lists of items they wish to buy as they continue to shop. The underlying technology that supports the shopping cart metaphor is a database of catalogue information. Formalised in a database form and interfaced with web stylesheets, the product catalogue on the merchant server supplies the information that is displayed when the product is retrieved. The database that is used is a collection of product specifications, availability, shipping information, stock levels, on-order information and other data. Figure 3 illustrates an enhanced shopping cart metaphor. In this example, the shopping cart technology is enhanced with a facility for “chatting” (talking online) with a shop assistant.

Figure 3. Shopping cart technology enhanced with chat assistance.

The data model and the content of the database depends on the type of product. A music
CD store, for example, may include a downloadable sample file with a music segment from the CD, as illustrated in Figure 4.

Figure 4. Music Web-shop

Perhaps, with its range of products that include books, videos, music, CDs, DVDs, electronic cards, consumer electronics and toys, remains the most widely recognised example of a database-driven Web-Mart. The online catalogue handles millions of product offerings, providing sophisticated data analysis of sales histories, product reviews, in-depth
descriptions and cross-references, to guide customers according to some expectation about individual interests.
Personalisation is part of the strategy of This feature suggests that the database keeps a record of all previous transactions, including items purchased, shipping and credit-card information. Combined with information from the customer database, it builds a user profile “on the fly”. Based on previous purchases and cross-referencing with customers
who bought similar products, it presents a list of recommended titles to the customer (Figure 5). This suggests that the site employs OLAP technologies which, by some criteria, identify similar products. By building and analysing customer profile data, such computing systems
provide a customised (but fairly uniform) service, driving sales of additional items without human participation.
For the purpose of this paper, we can state that the man-machine system has the property of symmetry, which perhaps is reflected in the structure of the database – a symmetry between the product and the human sections. This symmetry points to dehumanisation of the commercial environment.
It is difficult if almost impossible to establish a contact with a physical person behind the fabulous walls of the Web-Marts. Some modern sites, as illustrated in Figure 3, offer an access to a life channel, similar to the customer telephone lines. The attempt to connect on the live
chat, shown in Figure 6, demonstrates the analogy with a telephone scenario.

Figure 5. Sales history and cross-reference to customers with similar preferences are features of’s site.

Figure 6. Chat service in a “Web-Mart”, simulating a telephone service.

The auction is another metaphor that provided a successful model for the e-business environment. With this model, information about the prices of a large number of potential buyers in the market for a particular product can be obtained at a relatively low cost. The auction model provides some assurance in effective matching of buyers and sellers. Vickrey [20] offered four models of simple auctions, assuming that buyers hold independent, private evaluation of the product value. Vickrey’s auction models established the de facto standard for the auctions of consumer goods in B2C e-commerce., the company which was a pioneer in Web-based auctions, attempted to bring in ideas from networked communities to ecommerce (note the “Community” section in Figure 7). There are also two additional operations compared with the Web-Mart: (i) announcing the product, and (ii) bidding for a product.
Figure 7. - the entrance to the auction.

The attractiveness of e-auctions is that the customer is not only a buyer – the customer is able to offer his/her own goods for sale. Thus, the second generation e-commerce sites combine both models, as illustrated in Figure 8.

Although the models presented here have some variations on the Internet, the look, feel and functionality of the e-commerce sites are very similar. More importantly, the advantages of these types of e-commerce sites are convenience and lower prices. Consequently, there has been an expectation that online merchants will slowly overtake physical shopping malls.
However, even the most ardent fans of Cyberspace agree that present Web commerce cannot replace the variety of emotion, social and cultural experience of shopping in the hustle and bustle of the physical world. One of the reasons for the cultural flatness of e-commerce is “bandwidth colonialism” [21], or US dominance. The structure of the Internet and bandwidth costs give the US an overwhelming advantage for dominating global e-commerce. As Flynn [22]claims, “Julius Caesar conquered Gaul with Roman legions, but the US is doing it with Mickey Mouse, and the Internet”.

The dominant Western culture is certainly evident in the models discussed. These models have basically eliminated the notion of the “marketplace”. Westland and Clark [18] refer to this phenomenon as a “placeless marketplace that we call a marketspace – one that is nowhere yet everywhere”.


The e-commerce landscape today, therefore, features three major trends away from the models of a decade ago.

  1. Products are changing from mass produced to custom made.
    As and other similar major B2C e-commerce sites have demonstrated, customisation has become the key to success on the Internet. The product is not just “for the consumer” but for a specific individual who has a name, a title, an address and a history as well as emotions such as hopes and fears. The product needs to be made available in a way more innovative and cost effective than a competitor company can offer.
  2. Production is changing from mass production to job specific.
    While automation enhanced mechanisation and the drive toward more mass production, knowledge engineering and data mining have increased flexibility and make customisation possible at an affordable cost.
  3. The market itself is changing from a mass market to a niche market.
    The shift to unique products for a specialised customer base is becoming the very essence of e-commerce.
However, current e-commerce models are still dominated by the shopping
mall/supermarket metaphor. This metaphor and its associated functionality correspond to Western lifestyle and shopping habits and thus continue to foster a homogenous McWorld. The success of such models in many countries, where shopping traditionally includes a social element along with bargaining and negotiations, is tenuous. The authors’ experiences in
Turkey, for example, demonstrated that the social element is an essential part of a commercial transaction. The pre-purchase activities vary from a few minutes talk over a cup of tea (çay) to a half-day excursion to show the cultural history of the product. To demonstrate how cultural integrity can be preserved in online shopping, we use the metaphor of a bazaar as an ecommerce model.

When engaging in commercial activities across cultures, one must be sensitive to the multidimensions of culture, which include language, religion and artifacts as well as values, cognitive style, and time and space orientations. Culture encompasses a set of norms that a group of people consciously or unconsciously agree to in order to facilitate a homogenous and harmonious coexistence.
Initially, the Internet was an open forum, an Internet “bazaar”, in which the diverse cultures could participate freely. However, with the commercialisation of the Internet generally, and the popular supermarket metaphor in particular, globalisation has resulted in homogenisation and a flattening of cultural diversity. An enormous export market exists in
addressing foreign markets – going global is no longer an alternative but a necessity for today’s business.
While the Web has helped to remove – or dilute – national borders, there are many issues that still need to be resolved. There are just seven countries where English is the primary language spoken and these seven countries represent 30% of the world’s economy and 8% of the world’s population [23]. Obviously there is a large potential market that is not catered for by parochially-minded businesses. Global e-commerce is most often limited by a narrow worldview that sees all countries at all times the same. Obviously cross-cultural e-commerce has its costs. Developing web sites specific to just the major national languages of the world
can be a barrier to embarking on an e-commerce venture. However, companies cannot hope to participate in a true global e-commerce environment without being concerned about cultural sensitivity.
We propose that a major step in embracing cultural diversity in e-commerce is the use of metaphors that have cultural and social meaning; metaphors to which customers can relate. The example we give here is the bazaar metaphor for online shopping. For Islamic countries, the most common mode of shopping is the bazaar, in which prices are negotiated and transactions
are accompanied by specific cultural experiences and emotions.

One of the most notable ways in which a bazaar differs from a supermarket as a marketplace is price flexibility. The prices for each product in a bazaar depends on a variety of factors, including the season (peak or off-peak), the bargaining experience of the seller, the tenacity and culture of the buyer, and the manner in which the buyer handles the preliminary social etiquette. Most bazaars open early in the morning and continue until sunset.
The word bazaar, originating from the language of Uygur, means marketplace on the Silk Road. The word conjures up images of bustling and prosperous trading activities. In the marketplace, all types of fine items are carefully selected to cater for the need and taste of different customers. The markets of Islamic cities are one of the greatest achievements of the
Islamic peoples. Economy and religion are the two principal pillars of the Islamic bazaars, which symbolise their difference from other markets. Two famous bazaars illustrate the atmosphere and power that could be infused into an online metaphor.
The Kapalõ Çarşõ (‘Covered Market’ or Grand Bazaar) in Istanbul, Turkey, houses thousands of shops and stalls where merchants display a variety of goods. Starting from a small bedesten (warehouse) built in the time of Mehmet the Conqueror, the bazaar grew to cover a vast area. The foundations of the Covered Grand Bazaar were built after the conquest of
Istanbul by the Ottomans.
The bazaar grew in time with additional shops and halls. The arcades and halls were covered with arches (Figure 9) to form a series of covered streets leading to a central avenue.
Streets are named according to the trades, such as gold and silver sellers, carpet sellers, slipper sellers, bootsellers, booksellers, etc. Shoppers can buy colourful carpets, clothing, copperware, jewellery and many other items. Consisting of more than 4,000 shops, the Grand Bazaar is a maze of narrow streets where you can buy a bangle, a carpet, or just browse. This great covered bazaar is not simply a complex of buildings but a city covered by hemispheric domes with 18 entrances.
Figure 9. The arches of the Grand Bazaar, Istanbul, Turkey

The Souq al-Hamadiyyeh bazaar in Damascus, Syria (Figure 10), is the city’s main market. It features long streets covered with high canopies, lined with booths and shops and bustling crowds. The shops are narrow and shallow, filled with goods of every kind, and shopkeepers sit in front of the shop ready to haggle with with the passing crowds. It is noisy as
men bargain back and forth. Barbers invite passers-by to have their hair cut. Their shops are always full. A crowded as numerous as that in the galleries of the Palais-Royal throngs the bazaar all day long.

Figure 10. The Souq al-Hamadiyyeh bazaar in Damascus, Syria.

As in the Grand Bazaar in Istanbul, each type of product has a street or part of a street and is known by the product name. For example, there is the Street of the Saddlers, Street of the Slipper Merchants, Street of the Spice Men, and many others. The longest and busiest thoroughfare is the famous Street Which Is Called Straight.


We envisage that a bazaar universe (a “world” in Active Worlds) would appeal to cultures to whom the marketplace is a rich environment, such as the bazaars described in Section 6. Virtual worlds have the potential to provide commercial environments that transcend time and space. The development of virtual worlds has emerged from computer-mediated social spaces [24] that supported the needs of large, loosely-knit virtual communities. Unlike the 2D desktop interface, 3D interfaces can create an experience of immersion.
Under the right circumstances, users are able to mentally project themselves into a virtual space. One way this has been accomplished has been with 3D graphics. Another demonstration of immersion has been with MUDs, which are based purely on textual description. MUDs show that a rich, consistent presentation of a virtual space, even without sophisticated display technology, can be vividly experienced in the imagination of the user. The development of virtual worlds is inherently about creating places that mimic the physical world, but not necessarily restricted by 3D geometry [25]. This gives the person a feeling of being at some place, even though they have not physically moved from their home or office. An example of an environment that creates a sense of place is Active Worlds. Active Worlds is a 3D modelling environment that includes avatars of the people in the virtual world.
This environment provides a sense of place by presenting a 3D world in which the person can walk, talk, teleport, and look around. Although it is object-oriented, Active Worlds emphasises the 3D models of the contents of the world. It is used primarily for social interaction and as access to documents on the WWW. Because other users are present in these spaces, social interaction is facilitated.
The bazaar universe is, of course, developed in a local language. Within the bazaar universe, there are spaces for different types of goods – for example a “gold room”, a “carpet room”, a “slipper room”, and so forth. Waiting at the entrance of each space are animated avatars with whom potential customers can converse. The avatars are the counterparts of the
shop assistant in the shopping mall, as shown in Figure 3.
The avatars’ behaviours correspond to particular cultures. Non-verbal behaviour, in particular, is highly culturally specific and constitutes 60% of interactive messages. For example, an Indonesian would use the right thumb rather than an index finger when pointing to a person; a Japanese smile can mean appreciation but it can also mean feeling embarrassed or sorry for another person. Transactions are carried out by negotiating prices with avatars.
Using culturally specific shopping bots, customer profiling can be developed. Bots have a great potential in data mining, finding patterns in enormous amounts of data. A customer profile may include information about negotiation skills, level of risk taking, and the ratio between an initial offer and the settlement price.


The bazaar e-commerce model (or any other metaphor for a specific culture) can be represented as in Figure 11.

Figure 11. A culturally-specific e-commerce model.

The four key components for developing and sustaining e-commerce in the global marketplace are consumers’ attitudes towards e-commerce as well as the cultural appeal, the economic appeal, and the usability of the site. These key components must be consistent with product integrity, a strong organisational culture, communication that facilitates frequent and
personalised seller-buyer interactions, and ongoing profiling of consumers.
It is not sufficient to have a multilingual or national e-commerce sites. E-commerce sites must provides “zones” for customers who are unified by a common culture. Culture zones are markets that share not only resource needs but also cultural mores.

[1] F. Sudweeks and C. Romm, Doing Business on the Internet: Opportunities and Pitfalls.
London: Springer, 1999.
[2] V. I. Vernadsky, Scientific thought as a planetary phenomenon. Moscow: Science, 1991.
[3] B. Barber, "Jihad vs McWorld," The Atlantic Monthly, vol. March, pp. 53-63, 1992.
[4] B. Barber, Jihad versus McWorld. New York: Times Books, 1995.
[5] C. Ess, "We are the Borg: The Web as agent of assimilation or cultural Renaissance?," ePhilosopher, 2000.
[6] S. Hongladarom, "Global culture, local cultures, and the Internet: The Thai example," in
Cultural Attitudes towards Technology and Communication, C. Ess and F. Sudweeks, Eds.
Sydney: University of Sydney, 1998, pp. 187-201.
[7] B.-C. Lee, "Paying for goods and services in the information age," in Doing Business Electronically: A Global Perspective of Electronic Commerce, C. T. Romm and F. Sudweeks, Eds. London: Springer, 1998, pp. 163-173.
[8] N. Adam, A. Gangopadhyay, and R. Holowczak, "A survey on research on database protection," presented at Proceedings of the Conference on Statistical Data Protection, 1998.
[9] A. Gangopadhyay and M. Adya, "Protecting sensitive information in electronic commerce," in Doing Business on the Internet: Opportunities and Pitfalls, F. Sudweeks and C. Romm, Eds. London: Springer, 1999, pp. 77-86.
[10] T. F. Rebel and W. Koenig, "Ensuring security and trust in electronic commerce," in Doing Business on the Internet: Opportunities and Pitfalls, F. Sudweeks and C. T. Romm, Eds. London: Springer, 1999, pp. 101-112.
[11] K. Subrahmanyam, R. E. Kraut, P. M. Greenfield, and E. F. Gross, "The impact of home computer use on children's development," The Future of children: Children and Computer Technology, vol. 10, 2000.
[12] S. Kiesler, V. Lundmark, B. Zdaniuk, and R. E. Kraut, "Troubles with the Internet: The Dynamics of Help at Home," Human Computer Interaction, vol. 15, pp. 323-351, 2000.
[13] S. Viller, "The group facilitator: A CSCW perspective," in Readings in Groupware and Computer-Supported Cooperative Work: Assisting Human-Human Collaboration, R. M. Baecker, Ed. San Francisco: Morgan Kaufmann, 1993, pp. 145-152.
[14] H. Ishii, M. Kobayashi, and J. Grudin, "Integration of interpersonal space and shared workspace: Clearboard design and experiments," in Groupware for Real-Time Drawing: A Designer’s Guide, S. Greenberg, S. Hayne, and R. Rada, Eds. Berkshire, England: McGraw-Hill, 1995, pp. 96-125.
[15] AcivMedia, "Real Numbers Behind 'Net Profits 2000," ActivMedia June 2000.
[16] L. Leung, "Business-to-business ecommerce will explode, says Gartner,", vol. 2001:, 2000.
[17] A. Swardson, "French groups sue to bar English-only Internet sites," Washington Post, pp. A01, 1996.
[18] J. C. Westland and T. H. K. Clark, Global Electronic Commerce: Theory and Case Studies. Cambridge, MA: MIT Press, 1999.
[19] L. Wise, "Internet Business Models,", vol. 2000, 1998.
[20] W. Vickrey, "Counterspeculation, auctions and competitive sealed tenders," Journal of Finance, vol. 16, pp. 8-37, 1961.
[21] K. N. Cuckier, "Bandwidth colonialism? The implications of Internet infrastructure on international e-commerce," presented at INET'99, San Jose, CA, 1999.
[22] M. K. Flynn, "Nations fear English language dominance on Net,", vol. 2001:, 2000.
[23] B. Dunlap, "Reasons for Success in International E-Commerce: Speaking the Customer's Language,", vol. 2000: Euro-Marketing Associates, 1999.
[24] M. Abel, "Experiences in an exploratory distributed organisation," in Intellectual Teamwork: Social Foundations of Cooperative Work, J. Galegher, R. E. Kraut, and C. Edigo, Eds. Hillsdale, NJ: Lawrence Erlbaum Associates, 1990, pp. 489-510.
[25] S. J. Simoff and M. L. Maher, "Analysing participation in collaborative design environments," Design Studies, vol. 21, pp. 119-144, 2000. [This paper is to appear in P. Lowry, J. O. Cherrington and R. J. Watson (eds), (2001), Handbook of Electronic Commerce in Business and Society, CRC Press.]

viernes, 28 de octubre de 2011

¿Porque 2+2=5928 en C?

este ejemplo lo consegui del libro Practical C Programming y aqui les traigo este curioso ejemplo el cual puede variar dependiendo del compilador que utilicen, yo use el Dev C++ y aunque no me salio 5928 como el libro :( si me salio otro resultado distinto, pueden probar este codigo que ven a continuacion:
using namespace std;
int answer;
int main()
    answer=2 + 2;
    printf("The answer is %d\n");
    return 0;           
aunque este ejemplo lo pusieron como pregunta prouesta, la explicacion que dieron es que la declaracion printf
printf("The answer is %d\n");
le dice al programa que imprima un un numero decimal, pero como ven la variable answer no esta especificada. C no comprueba si printf recibe el numero correcto de parametros. Y como no hay valor especificado, C crea uno. para que imprima correctamente se debe cambiar asi:
printf("The answer is %d\n");
y tendremos esto:

Computación Forense: Un reto técnico-legal para el próximo milenio

  • Evidencia digital:
    • Es un tipo de evidencia física. Esta construida de campos magnéticos y pulsos electrónicos que pueden ser recolectados y analizados con herramientas y técnicas especiales.(Casey 2000, pág.4)
  • Computación forense
    • Es la aplicación legal de métodos, protocolos y técnicas para obtener, analizar y preservar evidencia digital relevante a una situación en investigación. (Kovacich 2000, pag.243)
  • Esta presentación se concentrará en revisar los retos de la ciencias computacionales en el contexto de las ciencias forenses y el derecho.
  • Provee principios y técnicas que facilitan la investigación y persecución de ofensas catalogadas como criminales.
    • Implica la aplicación de la ciencia al campo legal
    • Cualquier principio científico o técnica puede ser aplicada para:
      • Identificar,
      • Recuperar,
      • Reconstruir y
      • Analizar evidencia durante un investigación de un crimen.
  • Aplicando métodos científicos los especialistas forenses pueden analizar la evidencia para:
    • Crear hipótesis, efectuar pruebas para verificar dichas hipótesis, generando posibilidades claras sobre lo que ocurrió.

Ciencia Forense

Evidencia Digital Vs Evidencia Física
  • Evidencia Digital
    • Es un tipo de evidencia física, menos tangible que otras formas de evidencia (DNA, huellas digitales, componentes de computadores)
    • Ventajas
      • Puede ser duplicada de manera exacta y copiada tal como si fuese el original.
      • Con herramientas adecuadas es relativamente fácil identificar si la evidencia ha sido alterarda, comparada con la original.
      • Aún si es borrada, es posible, en la mayoría de los casos, recuperar la información.
      • Cuando los criminales o sospechosos tratan de destruir la evidencia, existen copias que permanecen en otros sitios
Computer Crime, Cybercrime o Delito Informático?
  • De acuerdo con CASEY.2000. Pág.8:
    • Cualquier actividad criminal que involucra computadores y redes. En particular esta definición está orientada a revisar situaciones donde el computador de una red no fue usado para el crimen, sino que contiene evidencia digital relacionada con el crimen. - ORIENTADA A LA EVIDENCIA
  • De acuerdo con PARKER.1998. Pág.57:
    • Toda actividad que conlleva un abuso (atentado contra la información, causando pérdida de utilidad, integridad y autenticidad) y mala utilización (atentado con la información, causando pérdida de disponibilidad, posesión y confidencialidad) de la información, asociada con el uso del conocimiento de sistemas de información o tecnologías informáticas. - ORIENTADA AL DISCURSO LEGAL
Computer Crime
  • De acuerdo con ICOVE et al. 1995. Pág.17:
    • Son un conjunto de actividades que pretenden destruir o robar equipos de computación, a través de sabotaje electrónico o apropiación no autorizada de datos o sistemas con el fin claro de obtener un beneficio económico.
  • De acuerdo con CASEY.2000. Pág. 9:
    • Es un tipo especial de cybercrime, que merece una revisión por separado.
  • De acuerdo con la ley del Reino Unido:
    • Los computer crimes hacen relación a actividades como: robo de servicios computacionales, acceso no autorizado a computadore protegidos, software pirata, alteración o robo de información almecenada en medios electrónicos, extosión vía medios electrónicos, robo de contraseñas y transmisión de comandos o virus destructivos.
Delito Informático
  • Cualquier comportamiento criminógeno en el cual la computadora ha estado involucrada como material o como objeto de la acción criminal o como mero símbolo. (Carlos Sarzana, Mx)
  • Se conceptualiza en forma típica y atípica, entendiendo la primera como las conductas típicas, antijurídicas y culpables en que se tienen las computadoras como instrumento o fin, y por la segunda actitudes ilícitas en que se tienen a las computadoras como instrumento o fin. (Julio Tellez Valdés, Mx)
  • Toda acción dolosa que cause un perjuicio a personas naturales o jurídicas que puede producir o no un beneficio material para su autor, pudiendo o no perjudicar de manera directa o indirecta a la víctima, caracterizando dicha acción dolosa por la utilización de actividades o medios informáticos. (Orlando Solano B. Col.)
Elementos Comunes a las definiciones
  • Revisando las definiciones se identifican elementos comunes:
    • Sujeto actor o actores de la conducta dañosa que produce el hecho
      • No es clara en todas las definiciones presentadas
      • Algunas veces se deja por fuera de la definición o se asume implícita
    • Un medio adecuado para comenter el acto ilícito, o sea el dispositivo informático por medio del cual se lleva a cabo la acción.
      • Se encuentra referenciado en todas las definiciones
      • Se hace particular énfasis a medios informáticos
      • En pocas definiciones se hace claridad sobre el lugar de la evidencias, dado el medio utilizado.
    • Un objeto, o sea, el bien que produce el beneficio ilícito para el o los autores
      • Se consideran generalmente los objetos resultado de procesamiento de datos, los datos, la información resultado.







Computer Crime, Cybercrime o Delito Informático?
Propuesta de Análisis












Principios de la Seguridad Informatica
Verbos RectoresConfidencialidadIntegridadDisponibilidad
Objetos Afectados
Hardware, software, datos, documentación, comunicaciones, personal






Ciencias Forenses Vs. Ciencias de la Computación
  • Comprender la existencia de la evidencia en formato digital.
  • Asegurar la integridad de la evidencia recolectada
  • Comprensión de los computadores y su operación
  • Reconocimiento de la evidencia digital
    • Dónde se encuentra
    • Cómo se encuentra almacenada
    • Cómo se modifica, quién la modifica, quién es su dueño
  • Cantidad de evidencia recolectada
  • Habilidades técnicas y procedimientos forenses
  • El manejo y control de los documentos electrónicos.
La prueba en informática
  • Cuál es el fin de la prueba?
    • La Corte Constitucional al respecto comenta:
  • “El fin de la prueba es, entonces, llevar a la inteligencia del juzgador la convicción suficiente para que pueda decidir con certeza sobre el asunto del proceso.”
  • Al igual que un documento normal, la evidencia electrónica debe cumplir las sgtes condiciones:
    • Compuesto por un texto, tenor o contenido
      • Contenido relevante al ámbito jurídico: Construido para ser usado
    • Un autor
      • Claramente identificado
      • Origen y originalidad
    • Inteligible
    • Carácter de durabilidad o permanencia superior al objeto que representa
    • Transportable
  • Problemas en informática
    • Falta de conocimiento y habilidades del legislador para identificar, valorar y revisar evidencia digital.
    • Facilidad de la duplicación y dificultad en la verificación del original
      • Dónde está el original de la evidencia digital?
    • Almacenamiento y durabilidad de la información en medios electrónicos. Reconocimiento legal del mismo
    • Identificación problemática del autor de los documentos
    • El transporte inadecuado puede llevar a modificar el contenido de la evidencia digital recolectada.
    • La evidencia recolectada puede estar cifrada, lo cual hace que no se pueda identificar con facilidad su contenido.
    • Desconocimiento de las técnicas de intrusión de sistemas.
  • Seguridad Informática: Una posible solución
    • Principios
      • Confidencialidad
      • Integridad
      • Disponibilidad
    • Servicios
      • Autenticación
      • Autorización
      • No-repudiación
      • Auditabilidad
  • Mecanismos de Seguridad Informática
    • Firmas digitales
    • Certificados digitales
    • Algoritmos de encripción simétrica y asimétrica
    • Intrusion detection systems, Control de intregridad de archivos
    • Logs de auditoría
    • Mecanismos de control de estampillas de tiempo.

Retos legales y técnicos
  • Retos Legales
    • Comprender de manera cercana el fenómeno informático y sus implicaciones en las conductas criminales.
    • Buscar elementos probatorios, apoyados en mecanismos informáticos que, permitan ofrecer validez y originalidad a un documento electrónico.
    • Desarrollar habilidades técnico-forenses para intregrar la investigación criminal con las técnicas computacionales de protección.
    • Establecer un conjunto de directrices generales que vinculen acciones sobre objetos y principios de seguridad informática, a los bienes jurídicamente tutelados que el estado busca proteger, con el fin de desarrollar un discurso penal sobre la delicuencia informática.
    • Desarrollar alianzas internacionales para apoyar y desarrollar iniciativas de legislación en el área informática.
  • Retos Técnicos
    • Desarrollar prácticas y procedimientos de programación que busquen disminuir los problemas de seguridad en los productos de software y hardware.
    • Promover una cultura formal de pruebas, con el fin de asegurar la calidad de los productos entregados.
    • Conciencitizar sobre las responsabilidades jurídicas de los ingenieros:
    • Previsibilidad, debido cuidado y diligencia
    • Definir prácticas y políticas de seguridad informática, como pruebas preconstituidas para la organización.
    • Establecer un programa interdisciplinario que incorpore en la formación técnica, las consideraciones legales.
  • La computación forense como un puente para comprender las pruebas judiciales y su impacto en el mundo informático.

Aplicaciones Criptográficas en Entornos Económicos

  1. Introducción
    El tema del pago en redes abiertas ha adquirido una gran relevancia en los últimos años debido al creciente desarrollo del comercio electrónico. Los sistemas de pago electrónicos deben proporcionar la infraestructura necesaria para facilitar el pago en las transacciones realizadas a través de la red Internet. Son tan importantes y necesarios que, de no llegar a soluciones satisfactorias, el desarrollo del comercio electrónico se podría ver seriamente frenado.
    Los sistemas convencionales de pago utilizados en el mundo basado en papel no se adaptan perfectamente al mundo electrónico. Este problema debe ser abordado y solucionado desde una perspectiva pluridisciplinar (jurídica, técnica, económica, etc.). A priori puede parecer chocante el hecho de que esquemas de pago que per se son electrónicos, no encajen perfectamente y de forma inmediata como esquemas de pago para las transacciones realizadas en Internet. Nos estamos refiriendo, concretamente, a los sistemas de pago basados en tarjeta. Y es que no podemos olvidar, que el hecho de que los intercambios sean cara a cara en el comercio presencial tradicional, junto con el justificante escrito en soporte papel y con firma manuscrita, suponen elementos de seguridad que deben tener su traducción o equivalente en el mundo electrónico.
    De todas formas, algunos de los sistemas de pago del mundo real (por contraposición al mundo virtual) son más o menos aceptados como métodos de pago en Internet (como es el caso de las tarjetas de crédito). No obstante, su uso se ve frenado por las reticencias de los usuarios clientes, que no acaban de confiar en la seguridad de las transacciones realizadas exclusivamente por medios electrónicos. Para los vendedores tampoco son la solución ideal. Por ejemplo, en el caso concreto de las tarjetas de crédito, hasta fechas muy recientes, los costes por transacción eran muy elevados, hecho que las entidades financieras justificaban por el alto riesgo que suponían este tipo de operaciones. Desde el punto de vista del vendedor existe el problema de que no tiene garantía de la identidad del usuario de la tarjeta, que puede no ser su titular legítimo. Este riesgo es un motivo adicional para que los potenciales vendedores sean reacios a aceptar estos nuevos medios de pago. Las reticencias de los clientes conducen a un ritmo de ventas inferior al esperado, lo que supone un fracaso para el empresario que decide utilizar las nuevas tecnologías para desarrollar plataformas de comercio electrónico.
    La criptografía es un elemento indispensable para proporcionar seguridad a las transacciones electrónicas, y más concretamente al pago electrónico basado en tarjeta de crédito. En los siguientes apartados se describirán dos protocolos concretos (SSL y SET) que deberían servir para aumentar la confianza de los usuarios en los nuevos medios de contratación electrónicos.
  2. SSL
    Algunas implementaciones del pago con tarjeta de crédito relacionadas con transacciones electrónicas a través de Internet, obligan al comprador a enviar los datos de la tarjeta por un canal diferente a la propia red de redes (transmisión por fax o comunicación telefónica). Una alternativa a estas soluciones sería enviar los datos de la tarjeta de crédito por medio de una comunicación segura a través de Internet, y tratar la transacción en su parte de validación por medios convencionales o ligeramente modificados (el llamado TPV -Terminal Punto de Venta- virtual).
    Para que efectivamente la transferencia sea segura son necesarios dos servicios de seguridad. Por una parte deben cifrarse las comunicaciones entre comprador y vendedor para evitar que posibles atacantes puedan interceptar los detalles de la tarjeta de crédito. Por otra parte, el vendedor debe autenticarse de tal manera que no sea posible que un atacante pueda suplantarle, con el objetivo de obtener los datos de la tarjeta del cliente. También sería deseable que el comprador se autenticase, pero ni en las ventas a distancia (en el mundo real) ni en los pedidos por vía telefónica, se exige este requisito. Generalmente la autenticación del cliente suele dejarse para la etapa de entrega del producto. Este sistema sólo es útil para el comercio de bienes materiales, pues en el caso de bienes o servicios digitales no se produce la deseada personación que permita autenticar al comprador. De esta manera ya estamos estableciendo un primer límite al posible uso de un sistema sin autenticación previa del comprador, a no ser que el vendedor quiera asumir el consiguiente riesgo.
    En la red Internet, los anteriores servicios de seguridad (confidencialidad de la comunicación y autenticación del servidor) se proporcionan habitualmente con el uso del protocolo SSL (Secure Socket Layer). SSL es un protocolo de propósito genérico que permite el establecimiento de conexiones seguras entre entidades correspondientes a protocolos de nivel de aplicación (login remoto, correo electrónico, transferencia de ficheros, etc.), aunque seguramente el protocolo de aplicación que más viene utilizando SSL es el protocolo http (hypertext transfer protocol) utilizado en el web. El protocolo SSL fue desarrollado por la compañía Netscape en el año 1994, habiendo evolucionado hasta una última versión que recibe el nombre de TLS (Transport Layer Security), aunque la más utilizada en este momento es la versión 3.0 de SSL.
    En SSL antes de proteger la información que ha de ser intercambiada (entre la que se puede encontrar los datos de la tarjeta de crédito) se produce una negociación entre el programa que utiliza el comprador (típicamente un navegador) y el servidor de comercio electrónico del vendedor. La secuencia, de forma resumida, es como sigue:
    En el primer paso el navegador del comprador envía un valor aleatorio, uno de los elementos que se utilizará para generar el material criptográfico necesario, y un identificador de la sesión, que podrá ser útil para evitar renegociaciones en transacciones cercanas en el tiempo entre las mismas entidades. El último argumento es una lista ordenada, por orden de preferencia del usuario, de algoritmos criptográficos. Deben negociarse: un algoritmo de clave simétrica para conseguir el servicio de confidencialidad (por ejemplo DES, 3DES, IDEA, RC2, RC4, etc.), un algoritmo para el servicio de autenticación y de intercambio de claves (por ejemplo RSA o Diffie-Hellman), y finalmente un algoritmo para garantizar la integridad de los datos intercambiados (por ejemplo, MD5 o SHA).
    En el segundo paso el servidor del vendedor también envía un valor aleatorio, que se utilizará para generar el material criptográfico necesario, y el identificador de la sesión que envió el navegador. El último argumento es el conjunto de algoritmos criptográficos que ha escogido el servidor, de entre los propuestos por el cliente. Si entre los algoritmos propuestos por el cliente no hubiera uno de cada servicio válido para el servidor, debería abortarse la sesión.
    A continuación el servidor envía al navegador un certificado de clave pública. Se trata de un documento electrónico que vincula la clave pública del vendedor, con la identidad del mismo. De esta manera el comprador puede tener la garantía de que está dialogando con una máquina bajo el control del vendedor que posee el nombre de dominio al que se ha conectado.
    En el tercer paso, el navegador genera un parámetro secreto que deberá ser conocido por el servidor, pero sólo por el servidor. Para que así sea, cifra este valor con la clave pública del servidor, pues de esta manera sólo él, con su clave privada, podrá tener conocimiento de ese parámetro secreto. A partir de este parámetro secreto (y los valores aleatorios de los primeros pasos) ambas entidades generan claves secretas de sesión (una para cada sentido) y claves secretas de integridad (también una para cada sentido de la comunicación). Una vez que se han generado estas claves, ya puede empezar la fase de intercambio de datos. El uso de la criptografía simétrica y de las funciones de integridad con parámetro secreto, permitirá que la comunicación de los datos sea confidencial, con el servicio de integridad, y con autenticidad (aunque generalmente sólo del servidor).
  3. SET
    El ámbito del protocolo SET se ciñe a la fase de pago de las transacciones electrónicas. Las especificaciones de este protocolo aclaran que las funciones para la fase de compra, negociación del precio, selección del método de pago, etc., deben ser desarrolladas por otros protocolos. SET sólo interviene una vez que el comprador ha decidido qué va a comprar, a qué precio, y que va a utilizar una tarjeta para realizar el pago.
    En una transacción por vía telefónica, el comprador proporciona los datos de su tarjeta al comerciante, el cual contacta con su entidad financiera con el objetivo de obtener la autorización del pago. Esta entidad financiera, a su vez, puede obtener la autorización de entidad que emitió la tarjeta a través de las redes financieras operadas por la asociación de tarjetas (por ejemplo, Visa o MaterCard). Estas redes privadas hace tiempo que existen y utilizan protocolos propietarios que operan sobre enlaces dedicados con mecanismos de seguridad adecuados en operación. Por tanto, existe una infraestructura de enlaces y ordenadores para procesar las transacciones. De hecho, SET asume la existencia de estas redes y sólo especifica las reglas de diálogo entre el comprador y el vendedor, y entre el vendedor y una entidad denominada pasarela de pago. El modelo previsto en SET, con sus participantes, es el siguiente:
    El protocolo SET consiste en un conjunto de pares de mensajes petición / respuesta, como puede verse a continuación:
    Uno de los objetivos de SET es que el vendedor no tenga acceso a los datos financieros del comprador, y que la entidad financiera no tenga acceso a los datos relativos al producto o servicio adquirido, proporcionando además el servicio de no repudio de las partes implicadas en la transacción. Para conseguir los anteriores objetivos es preciso utilizar técnicas de criptografía clásica y de criptografía asimétrica.
    El proceso de SET se inicia tras la presentación al comprador de un formulario de orden de compra rellenado, cuyo contenido haya sido aceptado. Cómo se han seleccionado los productos y cómo se presenta la orden de compra al usuario queda fuera del ámbito de SET. El mensaje PInitReq sirve para indicar al vendedor que el comprador está preparado para pagar los bienes o servicios acordados, y contiene la siguiente información:
    idioma: idioma que utiliza el comprador
    • ID_TC: un identificador local de la transacción
    • retoC: un valor numérico que será utilizado en la respuesta del vendedor para garantizar que la transmisión es "en tiempo real"
    • IDmarca: la marca de la tarjeta que se utilizará para realizar el pago (por ejemplo, Visa o MasterCard)
    • IDbanco: número de identificación del banco del comprador
    • Tras la recepción del anterior mensaje. el vendedor envía el mensaje PInitRes, que contiene los siguientes datos:
    • ID_T: el vendedor genera un identificador global de la transacción que combinado con el identificador del comprador sirve par formar un identificador de transacción único, que identificará una compra específica respecto de los demás posibles mensajes de compra recibidos
    • fecha: el día y hora en el que se realiza la transacción
    • retoC: el valor numérico que envió el comprador
    • retoV: un valor numérico generado por el vendedor
    • CertF: el certificado de clave pública de la entidad financiera del vendedor
    • CertV: el certificado de clave pública del vendedor
    Los certificados de clave pública remitidos contienen las claves públicas que serán necesarias en futuros mensajes. Por otra parte, obsérvese que los cuatro primeros parámetros van firmados por el vendedor. De esta manera, y si el valor retoC coincide con el que generó el comprador, éste podrá estar seguro de que está dialogando con un vendedor concreto y autorizado a realizar transacciones SET.
    Los mensajes de orden de compra ejecutan el pedido efectivo que el comprador realiza al vendedor. Es el par de mensajes más complejo del protocolo de pago. El comprador envía dos elementos, la información del pedido (OI por Order Information) y las instrucciones de pago (PI por Payment Instructions). El elemento OI contiene los datos que identifican la descripción del pedido. El elemento PI contiene los datos de la tarjeta de crédito del comprador, y los identificadores de pedido y transacción. Este último elemento se cifra con la clave pública de la entidad financiera del vendedor, de tal manera que el vendedor no tendrá acceso a su contenido. Posteriormente se reenviará a la entidad financiera en la fase de autorización.
    El elemento OI contiene la siguiente información (mucha de ella de la fase de inicialización):

    OI = ID_T, retoC, retoV, IDbanco, IDmarca, H(pedido)

    El uso del reto generado por el vendedor sirve para garantizar que se trata de un mensaje vinculado a la transacción en curso. El último elemento es un resumen de la información relativa al pedido:

    pedido = descripción, cantidad, salt

    El valor aleatorio salt es generado por el comprador para prevenir posibles ataques por fuerza bruta (o basados en diccionario). El parámetro cantidad indica el valor económico de la transacción.
    Para construir el elemento PI son necesarios dos elementos. El primero son los datos de la tarjeta:

    datos_tarjeta = núm_tarjeta, fecha_expiración, núm_secreto, nonce

    donde núm_secreto es un número compartido entre el comprador, la pasarela de pagos y la entidad financiera del comprador; nonce es un valor aleatorio para evitar ataques de repetición y de fuerza bruta. El segundo elemento necesario es el resumen de la información relativa al pedido. Entonces, el elemento PI es de la siguiente forma:

    PI = ID_T, H(pedido), cantidad, IDV, PUF(datos_tarjeta)

    Obsérvese que para proporcionar mayor seguridad al intercambio, los datos correspondientes a la tarjeta han sido cifrados con la clave pública de la entidad financiera. Posteriormente también son cifrados con un algoritmo de criptografía simétrica (junto con otra información). También puede verse que en las instrucciones de pago no se encuentra directamente información del pedido, sino tan sólo un resumen del mismo, H(pedido).
    En el mensaje PReq se utiliza un tipo de firma especialmente importante en el protocolo SET: la firma dual. Para generar esta firma debe procederse de la siguiente manera:
    • obtener el resumen (aplicar una función hash) por separado de OI y PI
    • concatenar los dos resúmenes y aplicar la función hash al resultado
    • aplicar el cifrado de clave pública al anterior resumen ("firmar")
    • adjuntar los resúmenes, H(OI) y H(PI), para que los destinatarios puedan verificar la firma dual sin necesidad de tener acceso al contenido de la parte del mensaje que no les corresponde
    Una vez que el vendedor ha recibido la orden de compra del comprador, extrae las dos partes fundamentales (OI y PI), y verifica la firma dual (para lo que necesitará el certificado de clave pública del comprador). A continuación, habitualmente, aunque hay otras posibilidades, el vendedor pasará a la etapa de autorización antes de enviar la pareja del mensaje PReq, es decir, PRes.
    El proceso de autorización permite al vendedor verificar que el comprador tiene crédito para el pedido que ha realizado, y para obtener el permiso de cargo de la transacción a la tarjeta del comprador. En la petición de autorización el vendedor envía a su entidad financiera información relativa al pedido, firmada y cifrada. Las instrucciones de pago (PI) del comprador también se envían en esta petición. Más concretamente encontramos la siguiente información:
    Info_auth = ID_T, fecha, cantidad, PI, H(pedido), H(OI), datos_vendedor, datos_comprador, firma_dual

    Obsérvese que en la anterior información encontramos un resumen del pedido. La entidad financiera verificará que coincida con el contenido en las instrucciones de pago (PI). Si es así, la entidad financiera sabrá que el comprador y el vendedor están de acuerdo sobre los bienes o servicios y la cantidad a ser cargada. La firma dual sobre PI permite verificar que esta orden procede del comprador. El resumen de OI en la petición del vendedor demuestra el conocimiento de los datos del OI que va firmado en la firma dual, permitiendo demostrar el acuerdo en los datos del pedido sin necesidad de revelar estos datos a la entidad financiera. También se envían datos relativos al comprador, como la dirección de remisión de la factura (obtenidos por vías externas al protocolo SET), y otros relativos al vendedor.
    Tras haber recibido la petición de autorización, la entidad financiera descifra las distintas partes del mensaje, verifica las firmas, y comprueba la consistencia entre los detalles del pedido enviado por el vendedor y los que se encuentran en las instrucciones de pago, PI. A continuación la entidad financiera obtiene la autorización a través de la red bancaria existente. Si recibe una autorización positiva de la entidad emisora del comprador, la entidad financiera del vendedor prepara el mensaje de respuesta de autorización para el vendedor, que incluye el código de autorización del emisor. La información contenida en la respuesta es:
    Info_auth_res = ID_T, cantidad, código, datos_captura

    Tras recibir una autorización correcta, el vendedor puede enviar los bienes al comprador. Una autorización correcta indica que el emisor de la tarjeta ha verificado los detalles de la tarjeta y el límite del crédito, y por tanto el pedido puede ser cursado.
    La respuesta que envía el vendedor al comprador contiene el status de la transacción y los códigos de respuesta disponibles. El código indica si se han completado los pasos de autorización o captura. El campo resultado contiene los códigos de autorización o captura, si es que se han producido estos pasos. Estos códigos se generan en la red bancaria para autorizar y compensar la transacción, y pueden aparecer en el cargo mensual de la tarjeta del comprador.
  4. SET y SSLAlgunos autores han visto SSL y SET como competidores que comparten un mismo objetivo. De hecho no tiene porqué ser así, pudiendo llegar a ser complementarios. SSL, tal como se ha visto, puede servir para proteger información en tránsito, y para dar autenticidad del servidor al cliente. Los servicios de seguridad que proporciona SSL son limitados. Por su parte, SET se centra exclusivamente en la fase de pago, y por tanto quedan fuera de su ámbito las fases de negociación y de entrega (esta última especialmente a ser considerada en el caso de bienes y servicios digitales). Por tanto, parece claro que podría utilizarse SSL para las fase previas y posteriores a la fase de pago, y utilizar el protocolo SET para esta fase concreta.
    SSL no proporciona no repudio en origen, y por tanto esto significa que comprador y vendedor pueden negar a posteriori haber intervenido en una determinada transacción electrónica. En estas primeras etapas del comercio electrónico, y en las transacciones de bajo coste (por ejemplo, la compra de un libro por medios electrónicos), el vendedor estará dispuesto a asumir que el comprador niegue a posteriori haber realizado el pedido, con los consiguientes costes que le pueda suponer. También a la inversa, el comprador está dispuesto a asumir que el vendedor no envíe el producto supuestamente encargado (siempre asumiendo que su entidad financiera deberá devolverle el importe de la transacción de la operación no realizada). Pero pensemos en transacciones de un nivel más elevado, y llegaremos al convencimiento de que el modelo basado exclusivamente en SSL no es estrictamente adecuado.
    También hay que indicar que el hecho de comunicar los datos de la tarjeta al vendedor, supone asumir un riesgo no siempre deseado. Esto no es estrictamente nuevo, y de hecho este riesgo se asume también en las transacciones presenciales. Nos estamos refiriendo al uso fraudulento de esos datos en poder del vendedor, por parte del propio vendedor o de terceros. Periódicamente pueden leerse noticias de desarticulaciones de redes que se dedican a obtener esos datos, a través de terminales legítimos o no (restaurantes, tiendas, terminales bancarios falsos, etc.). La única novedad que introduce la no presencialidad es el hecho de no saber realmente con quién se está dialogando.
    La conclusión es que SSL no es la vía más adecuada para realizar pagos con tarjeta de crédito a través de Internet, siendo recomendable el uso del protocolo SET. La siguiente cuestión sería por qué SET, que corrige esas deficiencias, no es más utilizado. La respuesta más clara la encontramos en la complejidad de la especificación. El esfuerzo para desarrollar y verificar los programas asociados a SET es considerable.
    Otro motivo que explica el retraso en la implantación efectiva de SET la encontramos en la incorporación de la firma electrónica. En SET, y ese es precisamente uno de sus puntos fuertes, comprador y vendedor deben disponer de su firma digital, y de sus correspondientes certificados digitales. En el caso de SSL, es opcional que el cliente disponga de un certificado de clave pública. Obviamente el hecho de que sea más restrictivo SET, es decir, que obligue a los compradores a disponer de un certificado de clave pública, frena su implantación. En un futuro cercano cuando todos los usuarios dispongan de esa posibilidad, será más viable el uso de SET.
  5. Conclusiones
    Las tarjetas de crédito son un medio de pago que está demostrando con su relativo éxito su adecuación para los pagos en las transacciones de comercio electrónico de Internet. Por una parte disponemos de una amplia base de usuarios a lo largo del mundo que disponen y utilizan tarjetas de crédito en el comercio convencional, y que desean (con reticencias por la falta de seguridad apreciada) utilizarlas en los pedidos electrónicos. Por otra parte tenemos un colectivo de marcas de tarjeta de crédito, que prácticamente son aceptadas en todo el mundo, y que de forma inherente proporcionan la posibilidad de utilizar múltiples divisas en las operaciones.
    Como parte negativa hay que reconocer que las transacciones no presenciales, que es el caso de Internet, son inseguras y susceptibles de padecer cierto nivel de fraude (como de hecho así sucede). Esto es debido, en general, a que no hay identificación del usuario de la tarjeta, ni justificante escrito y firmado de la operación y ni, en última instancia, utilización de la tarjeta en sentido estricto, que puede seguir en poder del titular legítimo. Por tanto hay que protegerse frente a los posibles ataques que pueden padecerse.
    En esta ponencia se ha revisado el protocolo SSL, que proporciona dos funciones básicas de seguridad. En primer lugar, permite tener la seguridad de que el vendedor con el que se está tratando es efectivamente quien dice ser. En segundo lugar, se produce un cifrado del enlace, de tal manera que los detalles de la tarjeta de crédito no pueden ser interceptados en tránsito. Así se resuelven dos problemas, que aunque se pueda alegar que no son los que provocan mayores problemas en las transacciones electrónicas, pueden servir para dar mayor confianza a los compradores, y por tanto mayor posibilidad de negocio a los empresarios.
    SET aparece como un protocolo que puede resolver todos los problemas de seguridad ligados a los pagos con tarjeta de crédito en Internet. Por desgracia su aceptación no ha sido la deseada, pero en un futuro no muy lejano debe aparecer alguna alternativa que sí tenga la aceptación del mercado.
[1] D. Abrazhevich: "Classification and Characteristics of Electronic Payment Systems"; EC-Web 2001, LNCS 2115, pp. 81-90, Springer Verlag, 2001.
[2] N. Asokan, P.A. Janson, M. Steiner y M. Waidner: "The State of the Art in Electronic Payment Systems"; IEEE Computer, pp. 28-35, 1997.
[3] G. Drew: "Using SET for Secure Electronic Commerce"; ed. Prentice-Hall, 1998.
[4] A. Freier, P. Karlton y P. Kocher: "The SSL Protocol: Version 3.0"; Netscape Communication Corp., noviembre de 1996.
[5] MasterCard y Visa: "Secure Electronic Transaction (SET) Specification - Book 1: Business Description Version 1.0"; mayo de 1997.
[6] MasterCard y Visa: "Secure Electronic Transaction (SET) Specification - Book 2: Programmer's Guide Version 1.0"; mayo de 1997.
[7] MasterCard y Visa: "Secure Electronic Transaction (SET) Specification - Book 3: Formal Protocol Definition Version 1.0"; mayo de 1997.
[8] D. O'Mahony, M. Pierce y H. Tewari: "Electronic Payment Systems for E-Commerce"; ed. Artech House, segunda edición, 2001.
[9] E. Rescorla: "SSL and TLS: Designing and Building Secure Systems"; ed. Addison-Wesley, 2001.