1 chapter 3 infrastructure for electronic commerce feb: ebs 2053 facilitator: puan asleena helmi...
TRANSCRIPT
1
Chapter 3Infrastructure for
Electronic Commerce
FEB: EBS 2053
Facilitator: Puan Asleena Helmi(06/07/01)
2
Learning Objectives
• Describe the protocols underlying Internet client/server applications
• Compare the functions and structures of Web browsers and servers
• Discuss the security requirements of Internet and e-commerce applications, and how are these requirements fulfilled by various hardware and software systems
• Describe the functional requirements for online selling and what are the specialized services and servers that perform these functions
3
Describe the business functions that Web chat can fulfill and list some of the commercially available systems that support chat
Understand the ways in which audio, video and other multimedia content are being delivered over the Internet and to what business uses this content is being applied
Learning Objectives (cont.)
4
A Network of Networks = Internet
• Internet is a network of hundreds of thousands interconnected networks
• Network Service Providers (NSPs)– runs the backbones
• Internet Service Providers (ISPs)– provide the delivery subnetworks
5
Internet Network Architecture
NAP
NAPNAP
NAP
ISP
ISPISP
ISP
ISP ISP
ISP
ISP
ISP
ISP
0
6
Internet Protocols• Protocols - A set of rules that determine how two computers communicate with
one another over a network– The protocols embody a series of design principles
• Interoperable— the system supports computers and software from different vendors. For e-commerce this means that the customers or businesses are not required to buy specific systems in order to conduct business.
• Layered— the collection of Internet protocols work in layers with each layer building on the layers at lower levels.
• Simple— each of the layers in the architecture provides only a few functions or operations. This means that application programmers are hidden from the complexities of the underlying hardware.
• End-to-End— the Internet is based on “end-to-end” protocols. This means that the interpretation of the data happens at the application layer and not at the network layers. It’s much like the post office.
7
TCP/IP Architecture (Protocol Stacks)
Application LayerFTP, HTTP, Telnet, NNTP
Transport Layer
TransmissionControl Protocol
(TCP)
UserDatagram Protocol
(UDP)Internet Protocol
(IP)
Network Interface Layer
Physical Layer
© Prentice Hall, 2000
8
TCP/IP• Solves the global internetworking problem
• Transmission Control Protocol (TCP)– Ensures that 2 computers can communicate with one
another in a reliable fashion
• Internet Protocol (IP)– Formats the packets and assigns addresses
• packets are labeled with the addresses of the sending and receiving computers
– 1999 version is version 4 (IPv4)– Version 6 (IPv6) has just begun to be adopted
9
Domain Names
• Reference particular computers on the Internet• Divided into segments separated by periods
– For example, in the case of “www.microsoft.com”• “www” is the specific computer• “com” is the top level domain• “microsoft” is the subdomain
– Internet Assigned Numbers Authority (IANA)• controls the domain name system
– Network Solutions, Inc. (NSI)• issues and administers domain names for most of the top level
domains
10
Internet Client/Server ApplicationsApplication Protocol PurposeE-mail Allows the transmission of text
messages and binary attachments across the Internet.
Simple Mail Transport Protocol (SMTP)Post Office Protocol version 3 (POP3)Multipurpose Internet Mail Extensions (MIME)
File Transfer
File Transfer Protocol (TP) Enables files to be uploaded and downloaded across the Internet.
Chat Internet Relay Chat Protocol (IRC) Provides a way for users to talk to one another in real-time over the Internet. The real-time chat groups are called channels.
UseNet Newsgroups
Network News Transfer Protocol (NNTP) Discussion forums where users can asynchronously post messages and read messages posted by others.
World Wide Web (Web)
Hypertext Transport Protocol (HTTP) Offers access to hypertext documents, executable programs, and other Internet resources.
11
Web-based Client/Server• Web browsers servers need as way to:
– Locate each other so they can send requests and responses back and forth
– Communicate with one another• Uniform Resource Locators (URLs)
– A new addressing scheme– Ubiquitous, appearing on the web, in print, on
billboards, on TV and anywhere else a company can advertise
– Default syntax - www.Anywhere.Com – Complete syntax -
access-method://server-name[:port]/directory/file
12
Web-based Client/Server (cont.)
• Hypertext Transport Protocol (HTTP)– A new protocol– Lightweight, stateless protocol that browsers and
servers use to converse with one another– Statelessness - every request that a browser makes
opens a new connection that is immediately closed after the document is returned• represents a substantial problem for e-commerce
applications• an individual user is likely to have a series of
interactions with the application– MIME (Multipurpose Internet Mail Extension)
• describes the contents of the document• in the case of an HTML page the header is “Content-
type: text/html”
13
Web Browsers (1999 Generation)IE 4.6 suite of components consists of the
browser along with the following tools:•Outlook Express for e-mail reading•FrontPage Express for authoring of HTML
Web pages•Net Meeting for collaboration
– Netscape Navigator 4.6 suite consists of the browser plus the following components:•Messenger for e-mail reading•Composer for authoring HTML Web pages•Collabora for news offerings•Calendar for personal and group scheduling•Netcaster for push delivery of Web pages
14
Web Servers: A Software Program– http daemon in Unix; http service in Windows NT– Functions:
• service HTTP requests• provide access control, determining who can access
particular directories or files on the Web server• run scripts and external programs to either add
functionality to the Web documents or provide real-time access to database and other dynamic data
• enable management and administration of both the server functions and the contents of the Web site
• log transactions that the user makes
– Distinguished by :• platforms, performance, security, and commerce
15
Internet Security• Cornerstones of Security
– Authenticity• the sender (either client or server) of a message is who he, she or it
claims to be
– Privacy• the contents of a message are secret and only known to the sender and
receiver
– Integrity• the contents of a message are not modified (intentionally or
accidentally) during transmission
– Non-repudiation• the sender of a message cannot deny that he, she or it actually sent the
message
16
MessageText
CipheredText
MessageText
Sender Receiver
Encryption Decryption
Private Key Private Key
Encryption
Private Key Encryption (Symmetrical Key Encryption)Data Encryption Standard (DES) is the most widely used symmetrical encryption algorithm
17
MessageText
CipheredText
MessageText
Sender Receiver
Encryption Decryption
Public Key of Recipient
Private Key ofRecipient
Public Key Encryption (Asymmetrical Key Encryption)
Encryption (cont.)
18
Encryption (cont.)
– Digital Envelope — combination of symmetrical and public key encryption
MessageText
CipheredText
MessageText
Sender Receiver
Encryption Decryption
Session Key Session Key
Public key of Recipient
Public key of RecipientSession Key Session Key
Digital Envelop
19
MessageText
MessageText
Sender Receiver
Encryption Decryption
Public Key of Recipient
Private Key ofRecipient
Digital Signatures : Authenticity and Non-Denial
Signature Signature
Private Key of Sender
Public Key of Sender
CipheredText
Encryption (cont.)
20
Digital Certificates andCertifying Authorities
• Digital Certificates– Verify the holder of a public and private key is who he,
she or it claims to be
• Certifying Authorities (CA)– Issue digital certificates– Verify the information and creates a certificate that
contains the applicant’s public key along with identifying information
– Uses their private key to encrypt the certificate and sends the signed certificate to the applicant
21
Secure Socket Layer (SSL)
• A protocol that operates at the TCP/IP layer• Encrypts communications between browsers
and servers• Supports a variety of encryption algorithms
and authentication methods• Encrypts credit card numbers that are sent from
a consumer’s browser to a merchants’ Web site
22
Secure Electronic Transactions (SET)• A cryptographic protocol to handle the
complete transaction• Provides authentication, confidentiality,
message integrity, and linkage• Supporting features
– Cardholder registration– Merchant registration– Purchase requests– Payment authorizations– Payment capture
ChargebacksCreditsCredit reversalDebit card transactions
23
Access Control
• Password Protection– Passwords are notoriously susceptible to compromise
• Users have a habit of sharing their passwords with others, writing them down where others can see them, and choosing passwords that are easily guessed.
• Browser transmits the passwords in a form that is easily intercepted and decoded. By making sure that even if the passwords are compromised the intruder only has restricted access to the rest of the network; which is one of the roles of a firewall.
24
Firewalls
• A network node consisting of both hardware and software that isolates a private network from a public network
• Make sure that even if the passwords are compromised the intruder only has restricted access to the rest of the network
• Two types – Dual-homed gateway
• bastion gateway connects a private internal network to outside Internet• proxies (software programs) run on the gateway server and pass
repackaged packets from one network to the other
– Screen-host gateway• screened subnet gateway in which the bastion gateway offers access to a
small segment of the internal network• demilitarized zone is the open subnet
25
Screened Subnet Firewall
InternetRouter Local
Network
BastionHost
Proxies:FTP, HTTP,
NNTP,Telnet
Router
FTP Server
Web Server
© Prentice Hall, 2000
Note: A router is a special-purpose computer (or software package) that handles the connection between 2 or more networks.
26
Selling on the Web• Function Requirements for an Electronic Storefront
– Search for, discover, and compare products for purchase– Select a product to be purchased and negotiate or determine
its total price– Place an order for desired products– Have their order confirmed, ensuring that the desired
product is available– Pay for the ordered products (usually through some form of
credit)– Verify their credit and approve their purchase– Have orders processed– Verify that the product has been shipped– Request post-sales support or provide feedback to the seller
27
Selling on the Web (cont.)
• Electronic storefront must contain:– A merchant system or storefront that provides
the merchant’s catalog with products, prices and promotions
– A transaction system for processing orders and payments and other aspects of the transaction
– A payment gateway that routes payments through existing financial systems primarily for the purpose of credit card authorization and settlement
28
Electronic Commerce Suites
– Offer merchants greater flexibility, specialization, customization and integration in supporting complete front and back-office functionality
Internet
CatalogApplication
CustomerManagement,Registration,
Profiles, Service
Order Capture,Completion Fulfillment
SystemsPayment
Processing(SET & Purchase
Order)
CatalogDatabase
CustomerDatabase
OrderDatabase
PaymentDatabase
FinancialNetwork
WebBrowser Web
Server
Open Market E-Commerce Server Architecture
29
Outsourcing Vs. Insourcing– Insourcing— build and run the electronic storefront inhouse
• Large companies wanting: – to “experiment” with e-commerce without a great investment– to protect their own internal networks– to rely on experts to establish their sites
– Outsourcing— contract with an outside firm• Smaller or medium sized companies with few IT staff and smaller
budgets• Three types of providers
– Internet Malls— offers cross-selling from one store to another and provides a common payment structure
– Internet Service Providers— focused on operating a secure transaction environment; not on store content
– Telecommunication Companies— includes the full range of e-commerce solutions
30
Electronic Catalogs and Merchant Servers
– The virtual equivalents of traditional product catalogs– Commonly include:
•Templates or wizards for creating a storefront and catalog pages with pictures describing products for sale
•Electronic shopping carts that enable consumers to gather items of interest until they are ready for checkout
•Web-based order forms for making secure purchases (either through a SSL or a SET)
•Database for maintaining product descriptions and pricing, as well as customer orders
• Integration with third party software for calculating taxes and shipping costs and for handling distribution and fulfillment
31
Electronic Catalogs and MerchantServers (cont.)
Internet
WebServer
FinancialNetwork
Merchant Server Architecture
3rd PartyApplications
WebBrowser
StoreHTML Pages
MerchantServer
DatabaseCatalogOrder
32
Electronic Catalogs and MerchantServers (cont.)
– Microsoft’s Site Server Commerce Edition• Features of this product are:
– Commerce Sample Sites providing templates for complete applications– Microsoft’s Wallet supporting a variety of digital currencies– Site Builder Wizard for stores with multi-level departments– Commerce Server Software Development Kit (SDK) for developing custom-order
processing– Order processing pipeline for managing orders according to specified business
rules– Microsoft’s Wallet Software Development Kit (SDK) for supporting a variety of
digital payment schemes– Promotion and Cross-selling Manager for administering a range of specialized
promotions, discounts,cross-selling opportunities– Integration with Microsoft’s Web site development (e.g. Visual InterDev) and
administrative tools (e.g. NT Security Support)
33
Chatting on the Web• Varied uses of the forums and chat groups
– Communication Centers• a virtual meeting place where communications can take place
among the participants
– Customer Service• offer online support where customers can converse with help-
line staff and receive advice
– Community Discussion• provide forums and chat services with a marketing eye toward
developing a community of loyal users, followers and advocates
34
Multimedia Delivery• Webcasting— describes Internet-based
broadcasting of audio and video content– Types of Webcasts
• Text Streams— Text-only wordcasts and datacasts– to deliver constant news and stock price updates
• Ambient Webcasts— Video content– is captured from a Webcam and delivered as single-frame
updates that are transmitted at periodic intervals
• Streaming Audio— Web equivalent of radio– to deliver everything from talk radio to sports broadcasts to
music previews to archived music and radio shows
• Streaming Video– to deliver videoconferences where high quality images are not
required and there is not much movement among participants
35
Bandwidth Requirements for Streaming Audio and Video
– Bandwidth [1 mbps = 1 million kbps]• the speed with which content can be delivered• 14.4 kbps to 56 kbps for connecting to the Internet
over the telephone through modems• 128 kbps for connecting to the Internet over ISDN
telephone lines• 1 - 1.5 mbps for connecting to the Internet over digital
subscriber line (DSL)• 10 mbps for downloading over cable wires
To download a standard Web page, say around 400,000 kilobits;
56 kbps modem takes about 7 secondsCable modem takes about 0.04 seconds
36
Internet Telephones
– Internet phones• programs that let you talk with other people using the
Internet• the added cost to the end user is at best zero and at worst a
substantially lower total charge than a standard telephone call
• PC-to-PC; PC-to-phone; and phone-to-phone• vendors who dominate the Internet telephone market space
– VocalTec ( www.vocaltec.com )– IDT ( www.met2phone.com )– Delta Three ( www.deltathree.com )
37
Managerial Issues• Now or later— the question is no longer “Will” but
“When”• It’s the business issues that count— to succeed, a
business must understand how to meet the needs of their online customers
• In-house or outsource ?— mainly depends on the company size
• Analyzing the data— automatic record of everyone who visits your Web site
• Security— management takes every precaution to ensure the security of their sites and their communications with site visitors
• Evolving Web— rapid change of the underlying standards, protocols and governance