Chapter 11

Slide 1:Chapter 11Infrastructure forElectronic Commerce

Slide 2:Learning Objectives Describe the protocols underlying Internet client/server applications Compare the functions and structures of Web browsers and servers Discuss the security requirements of Internet and e-commerce applications, and how are these requirements fulfilled by various hardware and software systems Describe the functional requirements for online selling and what are the specialized services and servers that perform these functions

Slide 3:Learning Objectives (cont.)

Slide 4:A Network of Networks = Internet Internet is a network of hundreds of thousands interconnected networks Network Service Providers (NSPs) runs the backbones Internet Service Providers (ISPs) provide the delivery subnetworks

Slide 5:Internet Network Architecture

Slide 6:Internet Protocols Protocols - A set of rules that determine how two computers communicate with one another over a network The protocols embody a series of design principles Interoperable� the system supports computers and software from different vendors. For e-commerce this means that the customers or businesses are not required to buy specific systems in order to conduct business. Layered� the collection of Internet protocols work in layers with each layer building on the layers at lower levels. Simple� each of the layers in the architecture provides only a few functions or operations. This means that application programmers are hidden from the complexities of the underlying hardware. End-to-End� the Internet is based on �end-to-end� protocols. This means that the interpretation of the data happens at the application layer and not at the network layers. It�s much like the post office.

Slide 7:TCP/IP Architecture

Slide 8:TCP/IP Solves the global internetworking problem Transmission Control Protocol (TCP) Ensures that 2 computers can communicate with one another in a reliable fashion Internet Protocol (IP) Formats the packets and assigns addresses packets are labeled with the addresses of the sending and receiving computers 1999 version is version 4 (IPv4) Version 6 (IPv6) has just begun to be adopted

Slide 9:Domain Names Reference particular computers on the Internet Divided into segments separated by periods For example, in the case of �www.microsoft.com� �www� is the specific computer �com� is the top level domain �microsoft� is the subdomain Internet Assigned Numbers Authority (IANA) controls the domain name system Network Solutions, Inc. (NSI) issues and administers domain names for most of the top level domains

Slide 10:Internet Client/Server Applications

Slide 11:New World Network: Internet2 Two consortiums are in the process of constructing the �new world network� The University Corporation for Advanced Internet Development (UCAID) www.ucaid.edu Building a leading edge research network called Internet2 Based on a series of interconnected gigapops interconnected by the National Science Foundation�s very high performance Backbone Network (vBNS) infrastructure Goals of Internet2 to connect universities so that a 30 volume encyclopedia could be transmitted in less than second to support applications like distance learning, digital libraries, video teleconferencing, teleimmersion and collaborative tools, and virtual laboratories

Slide 12:New World Network: Next Generation Internet Next Generation Internet (NGI) Government initiated and sponsored Started by the Clinton Administration, this initiative includes government research agencies, such as: the Defense Advanced Research Projects Agency (DARPA) the Department of Energy the National Science Foundation (NSF) the National Aeronautics and Space Administration (NASA) the National Institute of Standards and Technology Aim of the NGI to support next generation applications like health care, national security, energy research, biomedical research, and environmental monitoring

Slide 13:Web-based Client/Server Web browsers servers need as way to: Locate each other so they can send requests and responses back and forth Communicate with one another Uniform Resource Locators (URLs) A new addressing scheme Ubiquitous, appearing on the web, in print, on billboards, on TV and anywhere else a company can advertise Default syntax - www.Anywhere.Com Complete syntax - access-method://server-name[:port]/directory/file

Slide 14:Web-based Client/Server (cont.) Hypertext Transport Protocol (HTTP) A new protocol Lightweight, stateless protocol that browsers and servers use to converse with one another Statelessness - every request that a browser makes opens a new connection that is immediately closed after the document is returned represents a substantial problem for e-commerce applications an individual user is likely to have a series of interactions with the application MIME (Multipurpose Internet Mail Extension) describes the contents of the document in the case of an HTML page the header is �Content-type: text/html�

Slide 15:Web Browsers (1999 Generation) IE 4.6 suite of components consists of the browser along with the following tools: Outlook Express for e-mail reading FrontPage Express for authoring of HTML Web pages Net Meeting for collaboration Netscape Navigator 4.6 suite consists of the browser plus the following components: Messenger for e-mail reading Composer for authoring HTML Web pages Collabora for news offerings Calendar for personal and group scheduling Netcaster for push delivery of Web pages

Slide 16:Web Servers: A Software Program http daemon in Unix; http service in Windows NT Functions: service HTTP requests provide access control, determining who can access particular directories or files on the Web server run scripts and external programs to either add functionality to the Web documents or provide real-time access to database and other dynamic data enable management and administration of both the server functions and the contents of the Web site log transactions that the user makes Distinguished by : platforms, performance, security, and commerce

Slide 17:Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to the sender and receiver Integrity the contents of a message are not modified (intentionally or accidentally) during transmission Non-repudiation the sender of a message cannot deny that he, she or it actually sent the message

Slide 20:Encryption (cont.) Digital Envelope � combination of symmetrical and public key encryption

Slide 22:Digital Certificates andCertifying Authorities Digital Certificates Verify the holder of a public and private key is who he, she or it claims to be Certifying Authorities (CA) Issue digital certificates Verify the information and creates a certificate that contains the applicant�s public key along with identifying information Uses their private key to encrypt the certificate and sends the signed certificate to the applicant

Slide 23:Secure Socket Layer (SSL) A protocol that operates at the TCP/IP layer Encrypts communications between browsers and servers Supports a variety of encryption algorithms and authentication methods Encrypts credit card numbers that are sent from a consumer�s browser to a merchants� Web site

Slide 24:Secure Electronic Transactions (SET) A cryptographic protocol to handle the complete transaction Provides authentication, confidentiality, message integrity, and linkage Supporting features Cardholder registration Merchant registration Purchase requests Payment authorizations Payment capture

Slide 25:Access Control Password Protection Passwords are notoriously susceptible to compromise Users have a habit of sharing their passwords with others, writing them down where others can see them, and choosing passwords that are easily guessed. Browser transmits the passwords in a form that is easily intercepted and decoded. By making sure that even if the passwords are compromised the intruder only has restricted access to the rest of the network; which is one of the roles of a firewall.

Slide 26:Firewalls A network node consisting of both hardware and software that isolates a private network from a public network Make sure that even if the passwords are compromised the intruder only has restricted access to the rest of the network Two types Dual-homed gateway bastion gateway connects a private internal network to outside Internet proxies (software programs) run on the gateway server and pass repackaged packets from one network to the other Screen-host gateway screened subnet gateway in which the bastion gateway offers access to a small segment of the internal network demilitarized zone is the open subnet

Slide 27:Screened Subnet Firewall

Slide 28:Virtual Private Networks (VPN) A VPN combines encryption, authentication, and protocol tunneling to provide secure transport of private communications over the public Internet. It�s as if the Internet becomes part of a larger enterprise wide area network (WAN). In this way, transmission costs are drastically reduced because workers can access enterprise data by making a local call into an ISP rather than using a long distance phone call.

Slide 29:Virtual Private Networks (VPN) (cont.) Real challenge of a VPN To ensure the confidentiality and integrity of the data transmitted over the Internet Protocol tunneling Support multi-protocol networking To encrypt and encapsulate the data being transmitted Types of protocol � being used to carry out protocol tunneling protocols are aimed primarily at site-to-site VPNs (e.g. IPV6) protocols are used to support VPNs that provide employees, customers, and others with dial-up access via an ISP (e.g. Microsoft�s Point-to-Point Tunneling Protocol (PPTP))

Slide 30:Selling on the Web Function Requirements for an Electronic Storefront Search for, discover, and compare products for purchase Select a product to be purchased and negotiate or determine its total price Place an order for desired products Have their order confirmed, ensuring that the desired product is available Pay for the ordered products (usually through some form of credit) Verify their credit and approve their purchase Have orders processed Verify that the product has been shipped Request post-sales support or provide feedback to the seller

Slide 31:Selling on the Web (cont.) Electronic storefront must contain: A merchant system or storefront that provides the merchant�s catalog with products, prices and promotions A transaction system for processing orders and payments and other aspects of the transaction A payment gateway that routes payments through existing financial systems primarily for the purpose of credit card authorization and settlement

Slide 32:Outsourcing Vs. Insourcing Insourcing� build and run the electronic storefront inhouse Large companies wanting: to �experiment� with e-commerce without a great investment to protect their own internal networks to rely on experts to establish their sites Outsourcing� contract with an outside firm Smaller or medium sized companies with few IT staff and smaller budgets Three types of providers Internet Malls� offers cross-selling from one store to another and provides a common payment structure Internet Service Providers� focused on operating a secure transaction environment; not on store content Telecommunication Companies� includes the full range of e-commerce solutions

Slide 33:Electronic Catalogs and Merchant Servers The virtual equivalents of traditional product catalogs Commonly include: Templates or wizards for creating a storefront and catalog pages with pictures describing products for sale Electronic shopping carts that enable consumers to gather items of interest until they are ready for checkout Web-based order forms for making secure purchases (either through a SSL or a SET) Database for maintaining product descriptions and pricing, as well as customer orders Integration with third party software for calculating taxes and shipping costs and for handling distribution and fulfillment

Slide 34:Electronic Catalogs and MerchantServers (cont.)

Slide 35:Electronic Catalogs and MerchantServers (cont.) Two of the best known products in this category iCat Electronic Commerce Suite Standard edition includes: Catalog templates Shopping carts Product searching Professional edition provides support for: High-end databases Integration with ISAPI and Netscape's NSAPI Options for third-party plug-ins for searching, user tracking, sale pricing, discounting, etc.

Slide 36:Electronic Catalogs and MerchantServers (cont.) Microsoft�s Site Server Commerce Edition Features of this product are: Commerce Sample Sites providing templates for complete applications Microsoft�s Wallet supporting a variety of digital currencies Site Builder Wizard for stores with multi-level departments Commerce Server Software Development Kit (SDK) for developing custom-order processing Order processing pipeline for managing orders according to specified business rules Microsoft�s Wallet Software Development Kit (SDK) for supporting a variety of digital payment schemes Promotion and Cross-selling Manager for administering a range of specialized promotions, discounts,cross-selling opportunities Integration with Microsoft�s Web site development (e.g. Visual InterDev) and administrative tools (e.g. NT Security Support)

Slide 37:Electronic Commerce Suites Offer merchants greater flexibility, specialization, customization and integration in supporting complete front and back-office functionality

Slide 38:Open Market (www.openmarket.com) One of the market leaders in the electronic commerce software segment Provides a compete set of end-to-end transaction services including: Analysis and Profiling Demand Generation Order Management Fulfillment Payment Self-Service Customer Service Reporting

Slide 39:Chatting on the Web Varied uses of the forums and chat groups Communication Centers a virtual meeting place where communications can take place among the participants Customer Service offer online support where customers can converse with help-line staff and receive advice Community Discussion provide forums and chat services with a marketing eye toward developing a community of loyal users, followers and advocates

Slide 40:Multimedia Delivery Webcasting� describes Internet-based broadcasting of audio and video content Types of Webcasts Text Streams� Text-only wordcasts and datacasts to deliver constant news and stock price updates Ambient Webcasts� Video content is captured from a Webcam and delivered as single-frame updates that are transmitted at periodic intervals Streaming Audio� Web equivalent of radio to deliver everything from talk radio to sports broadcasts to music previews to archived music and radio shows Streaming Video to deliver videoconferences where high quality images are not required and there is not much movement among participants

Slide 41:Webcasting Works in a straightforward way Examples of companies offering both Webcast servers and players RealNetworks ( www.real.com ) Liquid Audio ( www.liquidaudio.com ) Xingtech with its streamworks technology ( www.xingtech.com ) Apple with its QuickTime system ( quicktime.apple.com ) Microsoft with its Netshow software (www.microsoft.com/windows/windowsmedia ) Multicasting stream a Webcast from a central server to other media servers which are distributed to different locations when a listener or viewer clicks on a Webcast link they are automatically routed to the closest server

Slide 42:Bandwidth Requirements for Streaming Audio and Video Bandwidth [1 mbps = 1 million kbps] the speed with which content can be delivered 14.4 kbps to 56 kbps for connecting to the Internet over the telephone through modems 128 kbps for connecting to the Internet over ISDN telephone lines 1 - 1.5 mbps for connecting to the Internet over digital subscriber line (DSL) 10 mbps for downloading over cable wires

Slide 43:Internet Telephones Internet phones programs that let you talk with other people using the Internet the added cost to the end user is at best zero and at worst a substantially lower total charge than a standard telephone call PC-to-PC; PC-to-phone; and phone-to-phone vendors who dominate the Internet telephone market space VocalTec ( www.vocaltec.com ) IDT ( www.met2phone.com ) Delta Three ( www.deltathree.com )

Slide 44:Analyzing Web Visits Access logs file Text file, example : www.somewhere.com - [18/Aug/1998:12:00:00 +0000] �Get /a htm HTTP/1.0� 200 15000 Telling you which pages are most popular, which times are most popular, which geographical regions make the most requests, and other interesting tidbits that help site administrators maintain and refine their sites Software for analyzing access log files (FREE) net.Analysis form net.Genesis ( www.netgen.com ) Insight form Accrue ( www.accrue.com ) Web Trends Log Analyzer from Web Trends Corporation ( www.egsoftware.com )

Slide 45:Managerial Issues Now or later� the question is no longer �Will� but �When� It�s the business issues that count� to succeed, a business must understand how to meet the needs of their online customers In-house or outsource� mainly depends on the company size Analyzing the data� automatic record of everyone who visits your Web site Security� management takes every precaution to ensure the security of their sites and their communications with site visitors Evolving Web� rapid change of the underlying standards, protocols and governance