Chapter 11: Infrastructure for Electronic Commerce ppsx

Simple Mail Transport Protocol SMTP Post Office Protocol version 3 POP3 Multipurpose Internet Mail Extensions MIME File Transfer File Transfer Protocol TP Enables files to be uploaded

Chapter 11 Infrastructure for

Electronic Commerce

Discuss the security requirements of Internet and

e-commerce applications, and how are these requirements fulfilled by various hardware and software systems

Describe the functional requirements for online selling and what are the specialized services and servers that perform these functions

Describe the business functions that Web chat can fulfill and list some of the commercially available systems that support chat

Understand the ways in which audio, video and other

multimedia content are being delivered over the Internet and to what business uses this content is being applied

Learning Objectives (cont.)

A Network of Networks = Internet

Internet is a network of hundreds of thousands interconnected networks

Network Service Providers (NSPs)

runs the backbones

Internet Service Providers (ISPs)

provide the delivery subnetworks

Internet Network Architecture

NAP

NAP NAP

NAP ISP

ISP

0

Backbone5

Internet Protocols

Protocols - A set of rules that determine how two

computers communicate with one another over a network

The protocols embody a series of design principles

Interoperable— the system supports computers and software from different vendors For e-commerce this means that the customers or businesses are not required to buy specific systems in order to conduct business.

Layered— the collection of Internet protocols work in layers with each layer building on the layers at lower levels.

Simple— each of the layers in the architecture provides only a few

functions or operations This means that application programmers are hidden from the complexities of the underlying hardware.

End-to-End— the Internet is based on “end-to-end” protocols This means that the interpretation of the data happens at the application

layer and not at the network layers It’s much like the post office.

Control Protocol

(TCP)

User Datagram Protocol

TCP/IP

Solves the global internetworking problem

Transmission Control Protocol (TCP)

Ensures that 2 computers can communicate with one another in a reliable fashion

Internet Protocol (IP)

Formats the packets and assigns addresses

packets are labeled with the addresses of the sending and receiving computers

1999 version is version 4 (IPv4)

Version 6 (IPv6) has just begun to be adopted

Domain Names

Reference particular computers on the

Internet

Divided into segments separated by periods

For example, in the case of “ www.microsoft.com ”

“www” is the specific computer

“com” is the top level domain

“microsoft” is the subdomain

Internet Assigned Numbers Authority (IANA)

controls the domain name system

Network Solutions, Inc (NSI)

issues and administers domain names for most of the top level domains

Internet Client/Server Applications

messages and binary attachments across the Internet.

Simple Mail Transport Protocol (SMTP) Post Office Protocol version 3 (POP3) Multipurpose Internet Mail Extensions (MIME)

File

Transfer

File Transfer Protocol (TP) Enables files to be

uploaded and downloaded across the Internet.

Chat Internet Relay Chat Protocol (IRC) Provides a way for users to

talk to one another in time over the Internet The real-time chat groups are

real-called channels.

UseNet

Newsgroups

Network News Transfer Protocol (NNTP) Discussion forums where users

can asynchronously post messages and read messages posted by others.

World Wide

Web (Web)

Hypertext Transport Protocol (HTTP) Offers access to hypertext

documents, executable programs, and other

New World Network: Internet2

Two consortiums are in the process of

constructing the ‘new world network’

The University Corporation for Advanced Internet

Development (UCAID) www.ucaid.edu

Building a leading edge research network called Internet2Based on a series of interconnected gigapops

• interconnected by the National Science Foundation’s very high performance Backbone Network (vBNS) infrastructure

Goals of Internet2

• to connect universities so that a 30 volume encyclopedia

could be transmitted in less than second

• to support applications like distance learning, digital

libraries, video teleconferencing, teleimmersion and collaborative tools, and virtual laboratories

New World Network: Next

Generation Internet

Next Generation Internet (NGI)

Government initiated and sponsored

Started by the Clinton Administration, this initiative includes government research agencies, such as:

• the Defense Advanced Research Projects Agency (DARPA)

• the Department of Energy

• the National Science Foundation (NSF)

• the National Aeronautics and Space Administration (NASA)

• the National Institute of Standards and Technology

Aim of the NGI

• to support next generation applications like health care,

national security, energy research, biomedical research, and environmental monitoring

Web-based Client/Server

Web browsers servers need as way to:

Locate each other so they can send requests and responses back and forth

Communicate with one another

Uniform Resource Locators (URLs)

A new addressing scheme

Ubiquitous, appearing on the web, in print, on

billboards, on TV and anywhere else a company can advertise

Default syntax - www.Anywhere.Com

Complete syntax - access-method://server-name[:port]/directory/file

Web-based Client/Server (cont.)

Hypertext Transport Protocol (HTTP)

A new protocol

Lightweight, stateless protocol that browsers and

servers use to converse with one another

Statelessness - every request that a browser makes opens a new connection that is immediately closed after the document is returned

represents a substantial problem for e-commerce applications

an individual user is likely to have a series of interactions with the application

MIME (Multipurpose Internet Mail Extension)

describes the contents of the document

in the case of an HTML page the header is “Content-type: text/html”

Web Browsers (1999 Generation)

IE 4.6 suite of components consists of the

browser along with the following tools:

Outlook Express for e-mail reading

FrontPage Express for authoring of HTML Web pages Net Meeting for collaboration

Netscape Navigator 4.6 suite consists of the

browser plus the following components:

Messenger for e-mail reading

Composer for authoring HTML Web pages

Collabora for news offerings

Calendar for personal and group scheduling

Netcaster for push delivery of Web pages

Web Servers: A Software Program

http daemon in Unix; http service in Windows NT

Functions:

service HTTP requestsprovide access control, determining who can access particular directories or files on the Web server

run scripts and external programs to either add functionality to the Web documents or provide real-time access to database and other dynamic data

enable management and administration of both the server functions and the contents of the Web sitelog transactions that the user makes

Distinguished by :

platforms, performance, security, and commerce

Internet Security

Cornerstones of Security

Authenticity

the sender (either client or server) of a message is who

he, she or it claims to be

Privacy

the contents of a message are secret and only known

to the sender and receiver

Integrity

the contents of a message are not modified

(intentionally or accidentally) during transmission

Non-repudiation

the sender of a message cannot deny that he, she or it actually sent the message

Message

Text

Ciphered Text

Message Text

Private Key Private Key

Encryption

Private Key Encryption (Symmetrical Key Encryption)

Data Encryption Standard (DES) is the most widely used

symmetrical encryption algorithm

Message

Text

Ciphered Text

Message Text

Public Key of Recipient

Private Key of Recipient

Public Key Encryption (Asymmetrical Key Encryption)

Encryption (cont.)

Message Text

Encryption Decryption Session Key Session Key

Public key of Recipient

Public key of Recipient

Digital Envelop

Message

Text

Message Text

Public Key of Recipient

Private Key of Recipient

Digital Signatures : Authenticity and Non-Denial

Encryption (cont.)

Digital Certificates and Certifying Authorities

Digital Certificates

Verify the holder of a public and private key is

who he, she or it claims to be

Certifying Authorities (CA)

Issue digital certificates

Verify the information and creates a certificate

that contains the applicant’s public key along with identifying information

Uses their private key to encrypt the certificate

and sends the signed certificate to the applicant

Secure Socket Layer (SSL)

A protocol that operates at the TCP/IP layer

Encrypts communications between

browsers and servers

Supports a variety of encryption

algorithms and authentication methods Encrypts credit card numbers that are sent from a consumer’s browser to a merchants’ Web site

Secure Electronic Transactions (SET)

A cryptographic protocol to handle the

complete transaction

Provides authentication, confidentiality,

message integrity, and linkage

Supporting features

Cardholder registration Merchant registration Purchase requests Payment authorizations Payment capture

Chargebacks Credits

Credit reversal Debit card transactions

Users have a habit of sharing their passwords with

others, writing them down where others can see them, and choosing passwords that are easily guessed.

Browser transmits the passwords in a form that is

easily intercepted and decoded By making sure that even if the passwords are compromised the intruder only has restricted access to the rest of the network; which is one of the roles of a firewall.

screened subnet gateway in which the bastion gateway

offers access to a small segment of the internal network

demilitarized zone is the open subnet

Screened Subnet Firewall

Bastion Host

Proxies:

FTP, HTTP, NNTP, Telnet

Router

Web Server

Virtual Private Networks (VPN)

A VPN combines encryption, authentication, and protocol tunneling to provide secure

transport of private communications over the public Internet It’s as if the Internet

becomes part of a larger enterprise wide

area network ( WAN ) In this way,

transmission costs are drastically reduced

because workers can access enterprise data

by making a local call into an ISP rather than using a long distance phone call.

Support multi-protocol networking

To encrypt and encapsulate the data being transmitted

Types of protocol — being used to carry out protocol tunneling

protocols are aimed primarily at site-to-site VPNs (e.g IPV6)

protocols are used to support VPNs that provide employees,

customers, and others with dial-up access via an ISP (e.g

Microsoft’s Point-to-Point Tunneling Protocol (PPTP))

Selling on the Web

Function Requirements for an Electronic Storefront

Search for, discover, and compare products for purchase

Select a product to be purchased and negotiate or determine its total price

Place an order for desired products

Have their order confirmed, ensuring that the desired product

is available

Pay for the ordered products (usually through some form of credit)

Verify their credit and approve their purchase

Have orders processed

Verify that the product has been shipped

Request post-sales support or provide feedback to the seller

Selling on the Web (cont.)

Electronic storefront must contain:

A merchant system or storefront that provides the merchant’s catalog with products, prices and

promotions

A transaction system for processing orders and payments and other aspects of the transaction

A payment gateway that routes payments

through existing financial systems primarily for

the purpose of credit card authorization and

settlement

Outsourcing Vs Insourcing

Insourcing— build and run the electronic storefront inhouse Large companies wanting:

• to “experiment” with e-commerce without a great investment

• to protect their own internal networks

• to rely on experts to establish their sites

Outsourcing— contract with an outside firm

Smaller or medium sized companies with few IT staff and smaller budgets

Three types of providers

• Internet Malls— offers cross-selling from one store to

another and provides a common payment structure

• Internet Service Providers— focused on operating a

secure transaction environment; not on store content

• Telecommunication Companies— includes the full range

of e-commerce solutions

Web-based order forms for making secure purchases

(either through a SSL or a SET)

Database for maintaining product descriptions and pricing,

as well as customer orders

Integration with third party software for calculating taxes and shipping costs and for handling distribution and

fulfillment

Financial Network

Merchant Server Architecture

3rd Party Applications

Web

Browser

Store HTML Pages

Merchant Server

Database Catalog Order

Electronic Catalogs and Merchant

Two of the best known products in this category

iCat Electronic Commerce Suite

Standard edition includes:

• Integration with ISAPI and Netscape's NSAPI

• Options for third-party plug-ins for searching, user tracking,

sale pricing, discounting, etc.

• Cross selling

• Secure payment processing

Electronic Catalogs and Merchant

Microsoft’s Site Server Commerce Edition

Features of this product are:

• Commerce Sample Sites providing templates for complete

applications

• Microsoft’s Wallet supporting a variety of digital currencies

• Site Builder Wizard for stores with multi-level departments

• Commerce Server Software Development Kit (SDK) for developing custom-order processing

• Order processing pipeline for managing orders according to

specified business rules

• Microsoft’s Wallet Software Development Kit (SDK) for supporting

a variety of digital payment schemes

• Promotion and Cross-selling Manager for administering a range of specialized promotions, discounts,cross-selling opportunities

• Integration with Microsoft’s Web site development (e.g Visual

InterDev) and administrative tools (e.g NT Security Support)

Electronic Commerce Suites

Offer merchants greater flexibility, specialization, customization and integration in supporting

complete front and back-office functionality

Internet

Catalog Application Customer Management, Registration, Profiles, Service Order Capture, Completion Fulfillment

Systems Payment

Processing (SET & Purchase

Order)

Catalog Database

Customer Database Order Database

Payment Database Financial Network

One of the market leaders in the electronic

commerce software segment

Provides a compete set of end-to-end transaction services including:

Analysis and ProfilingDemand GenerationOrder ManagementFulfillment

PaymentSelf-ServiceCustomer ServiceReporting

Chatting on the Web

Varied uses of the forums and chat groups

Communication Centers

a virtual meeting place where communications can

take place among the participants

Text Streams— Text-only wordcasts and datacasts

• to deliver constant news and stock price updates

Ambient Webcasts— Video content

• is captured from a Webcam and delivered as single-frame

updates that are transmitted at periodic intervals

Streaming Audio— Web equivalent of radio

• to deliver everything from talk radio to sports broadcasts to

music previews to archived music and radio shows

Streaming Video

• to deliver videoconferences where high quality images are not required and there is not much movement among participants