Ecommerce Chap 11
-
Upload
pimsat-university -
Category
Education
-
view
788 -
download
0
description
Transcript of Ecommerce Chap 11
1© Prentice Hall, 2000
Chapter 11Infrastructure for
Electronic Commerce
2© Prentice Hall, 2000
Learning Objectives
Describe the protocols underlying Internet client/server applications
Compare the functions and structures of Web browsers and servers
Discuss the security requirements of Internet and e-commerce applications, and how are these requirements fulfilled by various hardware and software systems
Describe the functional requirements for online selling and what are the specialized services and servers that perform these functions
3© Prentice Hall, 2000
Describe the business functions that Web chat can fulfill and list some of the commercially available systems that support chat
Understand the ways in which audio, video and other multimedia content are being delivered over the Internet and to what business uses this content is being applied
Learning Objectives (cont.)
4© Prentice Hall, 2000
A Network of Networks = Internet
Internet is a network of hundreds of thousands interconnected networks
Network Service Providers (NSPs) runs the backbones
Internet Service Providers (ISPs) provide the delivery subnetworks
5© Prentice Hall, 2000
Internet Network Architecture
NAP
NAPNAP
NAP
ISP
ISPISP
ISP
ISP ISP
ISP
ISP
ISP
ISP
0
Backbone5
© Prentice Hall, 2000
6© Prentice Hall, 2000
Internet ProtocolsProtocols - A set of rules that determine how two
computers communicate with one another over a network The protocols embody a series of design principles
Interoperable— the system supports computers and software from different vendors. For e-commerce this means that the customers or businesses are not required to buy specific systems in order to conduct business.
Layered— the collection of Internet protocols work in layers with each layer building on the layers at lower levels.
Simple— each of the layers in the architecture provides only a few functions or operations. This means that application programmers are hidden from the complexities of the underlying hardware.
End-to-End— the Internet is based on “end-to-end” protocols. This means that the interpretation of the data happens at the application layer and not at the network layers. It’s much like the post office.
7© Prentice Hall, 2000
TCP/IP Architecture
Application LayerFTP, HTTP, Telnet, NNTP
Transport Layer
TransmissionControl Protocol
(TCP)
UserDatagram Protocol
(UDP)
Internet Protocol(IP)
Network Interface Layer
Physical Layer
© Prentice Hall, 2000
8© Prentice Hall, 2000
TCP/IP
Solves the global internetworking problemTransmission Control Protocol (TCP)
Ensures that 2 computers can communicate with one another in a reliable fashion
Internet Protocol (IP) Formats the packets and assigns addresses
packets are labeled with the addresses of the sending and receiving computers
1999 version is version 4 (IPv4) Version 6 (IPv6) has just begun to be adopted
9© Prentice Hall, 2000
Domain Names
Reference particular computers on the InternetDivided into segments separated by periods
For example, in the case of “www.microsoft.com”“www” is the specific computer“com” is the top level domain“microsoft” is the subdomain
Internet Assigned Numbers Authority (IANA)controls the domain name system
Network Solutions, Inc. (NSI)issues and administers domain names for most of the top
level domains
10© Prentice Hall, 2000
Internet Client/Server Applications
Application Protocol PurposeE-mail Allows the transmission of text
messages and binary attachments across the Internet.
Simple Mail Transport Protocol (SMTP)Post Office Protocol version 3 (POP3)Multipurpose Internet Mail Extensions (MIME)
File Transfer
File Transfer Protocol (TP) Enables files to be uploaded and downloaded across the Internet.
Chat Internet Relay Chat Protocol (IRC) Provides a way for users to talk to one another in real-time over the Internet. The real-time chat groups are called channels.
UseNet Newsgroups
Network News Transfer Protocol (NNTP) Discussion forums where users can asynchronously post messages and read messages posted by others.
World Wide Web (Web)
Hypertext Transport Protocol (HTTP) Offers access to hypertext documents, executable programs, and other Internet resources.
11© Prentice Hall, 2000
New World Network: Internet2
Two consortiums are in the process of constructing the ‘new world network’ The University Corporation for Advanced Internet
Development (UCAID) www.ucaid.eduBuilding a leading edge research network called Internet2Based on a series of interconnected gigapops
• interconnected by the National Science Foundation’s very high performance Backbone Network (vBNS) infrastructure
Goals of Internet2• to connect universities so that a 30 volume encyclopedia
could be transmitted in less than second• to support applications like distance learning, digital
libraries, video teleconferencing, teleimmersion and collaborative tools, and virtual laboratories
12© Prentice Hall, 2000
New World Network: Next Generation Internet
Next Generation Internet (NGI)Government initiated and sponsoredStarted by the Clinton Administration, this initiative includes
government research agencies, such as: • the Defense Advanced Research Projects Agency (DARPA)• the Department of Energy• the National Science Foundation (NSF)• the National Aeronautics and Space Administration (NASA)• the National Institute of Standards and Technology
Aim of the NGI• to support next generation applications like health care, national
security, energy research, biomedical research, and environmental monitoring
13© Prentice Hall, 2000
Web-based Client/ServerWeb browsers servers need as way to:
Locate each other so they can send requests and responses back and forth
Communicate with one another
Uniform Resource Locators (URLs) A new addressing scheme Ubiquitous, appearing on the web, in print, on billboards,
on TV and anywhere else a company can advertise Default syntax - www.Anywhere.Com Complete syntax - access-method://server-name[:port]/directory/file
14© Prentice Hall, 2000
Web-based Client/Server (cont.)
Hypertext Transport Protocol (HTTP) A new protocol Lightweight, stateless protocol that browsers and
servers use to converse with one another Statelessness - every request that a browser makes opens a
new connection that is immediately closed after the document is returnedrepresents a substantial problem for e-commerce applicationsan individual user is likely to have a series of interactions with the
application
MIME (Multipurpose Internet Mail Extension)describes the contents of the documentin the case of an HTML page the header is “Content-type: text/html”
15© Prentice Hall, 2000
Web Browsers (1999 Generation)
IE 4.6 suite of components consists of the browser along with the following tools:
Outlook Express for e-mail readingFrontPage Express for authoring of HTML Web pagesNet Meeting for collaboration
Netscape Navigator 4.6 suite consists of the browser plus the following components:Messenger for e-mail readingComposer for authoring HTML Web pagesCollabora for news offeringsCalendar for personal and group schedulingNetcaster for push delivery of Web pages
16© Prentice Hall, 2000
Web Servers: A Software Program
http daemon in Unix; http service in Windows NT Functions:
service HTTP requestsprovide access control, determining who can access
particular directories or files on the Web serverrun scripts and external programs to either add
functionality to the Web documents or provide real-time access to database and other dynamic data
enable management and administration of both the server functions and the contents of the Web site
log transactions that the user makes
Distinguished by :platforms, performance, security, and commerce
17© Prentice Hall, 2000
Internet Security
Cornerstones of Security Authenticity
the sender (either client or server) of a message is who he, she or it claims to be
Privacythe contents of a message are secret and only known to the
sender and receiver Integrity
the contents of a message are not modified (intentionally or accidentally) during transmission
Non-repudiationthe sender of a message cannot deny that he, she or it actually
sent the message
18© Prentice Hall, 2000
MessageText
CipheredText
MessageText
Sender Receiver
Encryption Decryption
Private Key Private Key
Encryption
Private Key Encryption (Symmetrical Key Encryption)Data Encryption Standard (DES) is the most widely used
symmetrical encryption algorithm
19© Prentice Hall, 2000
MessageText
CipheredText
MessageText
Sender Receiver
Encryption Decryption
Public Key of Recipient
Private Key ofRecipient
Public Key Encryption (Asymmetrical Key Encryption)
Encryption (cont.)
20© Prentice Hall, 2000
Encryption (cont.)
Digital Envelope — combination of symmetrical and public key encryption
MessageText
CipheredText
MessageText
Sender Receiver
Encryption Decryption
Session Key Session Key
Public key of Recipient
Public key of RecipientSession Key Session Key
Digital Envelop
21© Prentice Hall, 2000
MessageText
MessageText
Sender Receiver
Encryption Decryption
Public Key of Recipient
Private Key ofRecipient
Digital Signatures : Authenticity and Non-Denial
Signature Signature
Private Key of Sender
Public Key of Sender
CipheredText
Encryption (cont.)
22© Prentice Hall, 2000
Digital Certificates andCertifying Authorities
Digital Certificates Verify the holder of a public and private key is who
he, she or it claims to be
Certifying Authorities (CA) Issue digital certificates Verify the information and creates a certificate that
contains the applicant’s public key along with identifying information
Uses their private key to encrypt the certificate and sends the signed certificate to the applicant
23© Prentice Hall, 2000
Secure Socket Layer (SSL)
A protocol that operates at the TCP/IP layerEncrypts communications between browsers
and serversSupports a variety of encryption algorithms
and authentication methodsEncrypts credit card numbers that are sent
from a consumer’s browser to a merchants’ Web site
24© Prentice Hall, 2000
Secure Electronic Transactions (SET)
A cryptographic protocol to handle the complete transaction
Provides authentication, confidentiality, message integrity, and linkage
Supporting features Cardholder registration Merchant registration Purchase requests Payment authorizations Payment capture
Chargebacks Credits Credit reversal Debit card transactions
25© Prentice Hall, 2000
Access Control
Password Protection Passwords are notoriously susceptible to
compromiseUsers have a habit of sharing their passwords with
others, writing them down where others can see them, and choosing passwords that are easily guessed.
Browser transmits the passwords in a form that is easily intercepted and decoded. By making sure that even if the passwords are compromised the intruder only has restricted access to the rest of the network; which is one of the roles of a firewall.
26© Prentice Hall, 2000
Firewalls A network node consisting of both hardware and software that
isolates a private network from a public network Make sure that even if the passwords are compromised the intruder
only has restricted access to the rest of the network Two types
Dual-homed gatewaybastion gateway connects a private internal network to outside Internetproxies (software programs) run on the gateway server and pass
repackaged packets from one network to the other Screen-host gateway
screened subnet gateway in which the bastion gateway offers access to a small segment of the internal network
demilitarized zone is the open subnet
27© Prentice Hall, 2000
Screened Subnet Firewall
InternetRouter Local
Network
BastionHost
Proxies:FTP, HTTP,
NNTP,Telnet
Router
FTP Server
Web Server
© Prentice Hall, 2000
28© Prentice Hall, 2000
Virtual Private Networks (VPN)
A VPN combines encryption, authentication, and protocol tunneling to provide secure transport of private communications over the public Internet. It’s as if the Internet becomes part of a larger enterprise wide area network (WAN). In this way, transmission costs are drastically reduced because workers can access enterprise data by making a local call into an ISP rather than using a long distance phone call.
29© Prentice Hall, 2000
Virtual Private Networks (VPN) (cont.)
Real challenge of a VPN To ensure the confidentiality and integrity of the data transmitted
over the Internet
Protocol tunneling Support multi-protocol networking To encrypt and encapsulate the data being transmitted Types of protocol — being used to carry out protocol tunneling
protocols are aimed primarily at site-to-site VPNs (e.g. IPV6)protocols are used to support VPNs that provide employees,
customers, and others with dial-up access via an ISP (e.g. Microsoft’s Point-to-Point Tunneling Protocol (PPTP))
30© Prentice Hall, 2000
Selling on the Web
Function Requirements for an Electronic Storefront Search for, discover, and compare products for purchase Select a product to be purchased and negotiate or determine its
total price Place an order for desired products Have their order confirmed, ensuring that the desired product is
available Pay for the ordered products (usually through some form of credit) Verify their credit and approve their purchase Have orders processed Verify that the product has been shipped Request post-sales support or provide feedback to the seller
31© Prentice Hall, 2000
Selling on the Web (cont.)
Electronic storefront must contain: A merchant system or storefront that provides the
merchant’s catalog with products, prices and promotions
A transaction system for processing orders and payments and other aspects of the transaction
A payment gateway that routes payments through existing financial systems primarily for the purpose of credit card authorization and settlement
32© Prentice Hall, 2000
Outsourcing Vs. Insourcing Insourcing— build and run the electronic storefront inhouse
Large companies wanting: • to “experiment” with e-commerce without a great investment• to protect their own internal networks• to rely on experts to establish their sites
Outsourcing— contract with an outside firmSmaller or medium sized companies with few IT staff and smaller
budgetsThree types of providers
• Internet Malls— offers cross-selling from one store to another and provides a common payment structure
• Internet Service Providers— focused on operating a secure transaction environment; not on store content
• Telecommunication Companies— includes the full range of e-commerce solutions
33© Prentice Hall, 2000
Electronic Catalogs and Merchant Servers
The virtual equivalents of traditional product catalogs Commonly include:
Templates or wizards for creating a storefront and catalog pages with pictures describing products for sale
Electronic shopping carts that enable consumers to gather items of interest until they are ready for checkout
Web-based order forms for making secure purchases (either through a SSL or a SET)
Database for maintaining product descriptions and pricing, as well as customer orders
Integration with third party software for calculating taxes and shipping costs and for handling distribution and fulfillment
34© Prentice Hall, 2000
Electronic Catalogs and MerchantServers (cont.)
Internet
WebServer
FinancialNetwork
Merchant Server Architecture
3rd PartyApplications
WebBrowser
StoreHTML Pages
MerchantServer
DatabaseCatalogOrder
© Prentice Hall, 2000
35© Prentice Hall, 2000
Electronic Catalogs and MerchantServers (cont.)
Two of the best known products in this category iCat Electronic Commerce Suite
Standard edition includes:• Catalog templates• Shopping carts• Product searching
Professional edition provides support for:• High-end databases• Integration with ISAPI and Netscape's NSAPI• Options for third-party plug-ins for searching, user tracking,
sale pricing, discounting, etc.
• Cross selling• Secure payment processing
36© Prentice Hall, 2000
Electronic Catalogs and MerchantServers (cont.)
Microsoft’s Site Server Commerce EditionFeatures of this product are:
• Commerce Sample Sites providing templates for complete applications• Microsoft’s Wallet supporting a variety of digital currencies• Site Builder Wizard for stores with multi-level departments• Commerce Server Software Development Kit (SDK) for developing
custom-order processing• Order processing pipeline for managing orders according to specified
business rules• Microsoft’s Wallet Software Development Kit (SDK) for supporting a
variety of digital payment schemes• Promotion and Cross-selling Manager for administering a range of
specialized promotions, discounts,cross-selling opportunities• Integration with Microsoft’s Web site development (e.g. Visual InterDev)
and administrative tools (e.g. NT Security Support)
37© Prentice Hall, 2000
Electronic Commerce Suites
Offer merchants greater flexibility, specialization, customization and integration in supporting complete front and back-office functionality
Internet
CatalogApplication
CustomerManagement,Registration,
Profiles, Service
Order Capture,Completion Fulfillment
SystemsPayment
Processing(SET & Purchase
Order)
CatalogDatabase
CustomerDatabase
OrderDatabase
PaymentDatabase
FinancialNetwork
WebBrowser Web
Server
Open Market E-Commerce Server Architecture
38© Prentice Hall, 2000
Open Market (www.openmarket.com)
One of the market leaders in the electronic commerce software segment
Provides a compete set of end-to-end transaction services including:Analysis and ProfilingDemand GenerationOrder ManagementFulfillmentPaymentSelf-ServiceCustomer ServiceReporting
39© Prentice Hall, 2000
Chatting on the Web
Varied uses of the forums and chat groups Communication Centers
a virtual meeting place where communications can take place among the participants
Customer Serviceoffer online support where customers can converse with
help-line staff and receive advice
Community Discussionprovide forums and chat services with a marketing eye
toward developing a community of loyal users, followers and advocates
40© Prentice Hall, 2000
Multimedia DeliveryWebcasting— describes Internet-based broadcasting of audio and
video content Types of Webcasts
Text Streams— Text-only wordcasts and datacasts• to deliver constant news and stock price updates
Ambient Webcasts— Video content• is captured from a Webcam and delivered as single-frame updates that are
transmitted at periodic intervalsStreaming Audio— Web equivalent of radio
• to deliver everything from talk radio to sports broadcasts to music previews to archived music and radio shows
Streaming Video• to deliver videoconferences where high quality images are not required and
there is not much movement among participants
41© Prentice Hall, 2000
Webcasting
Works in a straightforward way Examples of companies offering both Webcast servers and players
RealNetworks ( www.real.com )Liquid Audio ( www.liquidaudio.com )Xingtech with its streamworks technology ( www.xingtech.com )Apple with its QuickTime system ( quicktime.apple.com )Microsoft with its Netshow software (www.microsoft.com/windows/windowsmedia )
Multicastingstream a Webcast from a central server to other media servers which are distributed to
different locationswhen a listener or viewer clicks on a Webcast link they are automatically routed to the
closest server
42© Prentice Hall, 2000
Bandwidth Requirements for Streaming Audio and Video
Bandwidth [1 mbps = 1 million kbps]the speed with which content can be delivered14.4 kbps to 56 kbps for connecting to the Internet over
the telephone through modems128 kbps for connecting to the Internet over ISDN
telephone lines1 - 1.5 mbps for connecting to the Internet over digital
subscriber line (DSL)10 mbps for downloading over cable wires
To download a standard Web page, say around 400,000 kilobits;
56 kbps modem takes about 7 secondsCable modem takes about 0.04 seconds
43© Prentice Hall, 2000
Internet Telephones
Internet phonesprograms that let you talk with other people using the
Internetthe added cost to the end user is at best zero and at
worst a substantially lower total charge than a standard telephone call
PC-to-PC; PC-to-phone; and phone-to-phonevendors who dominate the Internet telephone market
space• VocalTec ( www.vocaltec.com )• IDT ( www.met2phone.com )• Delta Three ( www.deltathree.com )
44© Prentice Hall, 2000
Analyzing Web Visits Access logs file
Text file, example :www.somewhere.com - [18/Aug/1998:12:00:00 +0000] “Get /a htm HTTP/1.0” 200 15000
Telling you which pages are most popular, which times are most popular, which geographical regions make the most requests, and other interesting tidbits that help site administrators maintain and refine their sites
Software for analyzing access log files (FREE) net.Analysis form net.Genesis ( www.netgen.com ) Insight form Accrue ( www.accrue.com ) Web Trends Log Analyzer from Web Trends Corporation (
www.egsoftware.com )
45© Prentice Hall, 2000
Managerial Issues
Now or later— the question is no longer “Will” but “When”It’s the business issues that count— to succeed, a
business must understand how to meet the needs of their online customers
In-house or outsource— mainly depends on the company size
Analyzing the data— automatic record of everyone who visits your Web site
Security— management takes every precaution to ensure the security of their sites and their communications with site visitors
Evolving Web— rapid change of the underlying standards, protocols and governance