1 / 34

LYU9901 Travel-Net

Travel-Net is an e-commerce application that provides travel-related services, including flight search and reservation, a travel accessories shop, and travel guides. This system overview discusses its features, security issues, and future works.

whittenm
Download Presentation

LYU9901 Travel-Net

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. LYU9901 Travel-Net Supervisor: Prof. Michael R. Lyu Members: Ho Chi Ho Malcolm Lau Chi Ho Arthur

  2. Outline • Introduction • Travel-Net features • System overview • Security issues • Future works • Q&A

  3. Introduction • Nowadays e-commerce: A new way to do business and earn money. (Amazon, CDNow) • Due to its great potential and popularity among the internet, it is worthy for us to practice it. • Travel-Net is an e-commerce application providing travel related services.

  4. E-commerce model Middle-Ware/ Application server (application logic) Service Servers (Database/Payment) Clients (user interface) Client: Web browser, PDA or any device supported by the application Serve Middle-Ware: handle all application operations between the base computer and company back-end business application and database. Service servers: provide data or information according to request from middle-ware. Process some requests (update database, payment transaction) 3-Tier client/server: A special type of client/server architecture consisting of three well-defined and separate processes, each running on a different platform

  5. Travel-Net Features • To provide travel related service • Flight Search & Reservation • Travel Accessories Shop • Travel Guides

  6. Flight Search & Reservation • One way flight • Round trip • Multi-cities route • Type of Search

  7. Flight Search & Reservation(2) • Basic Search Criteria based on • Departure City • Destination • Class(first class, business, economy) • Departure date and time

  8. Flight Search & Reservation(3) • Additional Search Criteria based on • Airline • Result(all possible result, lowest price)

  9. Flight Search & Reservation(4)

  10. Flight Search & Reservation(5) • Database coverage: • Each Airline has its own database for its flight • To minimize the complexity and the large size of data, the DB only covers for some major Asian cities

  11. Flight Search & Reservation(6) • Difficulties encountered: • Simulation of airline databases • unable to obtain the actual database of airlines • construct the structure of the database by hypothesis on the data from some travel web site • get flight data from these travel web site manually • Tedious work!!!

  12. Travel Accessories Shop • selling of travel accessories: • different types of luggages • travel maps • travel guide books • other stuffs that is convenient & portable for travel

  13. Travel Accessories Shop(2) • provides pictures and description of products • users add the item they want to buy in a shopping basket • system keep the content of basket until they pay for it • on-site delivery after paying the bill

  14. Travel Accessories Shop(3)

  15. Travel Guides • provides information on Cities that covered by Travel-Net • Information includes: • City map • Famous spot • Currency • Necessary equipment and procedure on visit the city • other information

  16. System Overview • Architecture Overview • Server System • Software tools • Client requirement

  17. System Architecture Host Machine: Java enable web Server HTTP Req/Resp User Profile Database Inventory Stock Database Servlets Foreign Inventory Database Company DB Mngr Payment Manager Bank Account Database Authorized companies providing their inventory data Bank handling payments Foreign Inventory Database Company DB Mngr Web Browser

  18. Server System Server machine: PIII 500Mhz, 128MB Memory Operating system: NT workstation/ Server Web Server: Internet Information Server 4.0(IIS) Servlet Engine: ServletExec 2.2 DBMS: Oracle 8i (CSE Dept.)

  19. Server System(2) • Reasons that not using UNIX Apache in the department • Unable to use security feature (SSL) • Unable to install a Sevrlet Engine • Reasons on choosing Microsoft IIS • Free of charge • Easy to install and configure • Support of SSL • Can plug-in Servlet Engine

  20. Server System(3) Database System: • Reasons that not using Sybase • JConnect (a JDBC product) is not a free extension of Sybase • JConnect is unavailable in our department • Reason for using Oracle • Oracle JDBC driver is shipped with Oracle, which is free for us to use .

  21. Server System(4) • The choice on Servlet Engine • ServletExec: light weight, easy installation, FREE for trial and relatively less restriction on trial version • Drawbacks of other trial vesions of Servlet Engine • E.g. JRUN and WebSphere: Large in size, difficult to install and configure and too many unnecessary features

  22. Software Tools • What is Java Servlet and Servlet Engine? • Servlet • Written in pure Java • Handle any request/response protocol. (mainly HTTP) • Run on Server side (Server side applet w/o GUI) • Servlet Engine • It is a Java VM running as background job • Allow the invocation of Java Servlet

  23. Advantages: Servlet over CGI • Performance: • Servlets start a new thread (rather than a new process) with each request. • Security: • Cannot execute commands on server by tricks. • Portability: • Java is platform independent. • Development & Growth • Object Oriented approach can obtain higher scalability • Much easier to detect error

  24. Route of Servlets • Servlets take the role of CGI • To handle the HTTP resquests (HTTP POST, HTTP GET, HTTP SERVICE) • Process order, query and generating dynamic pages • It behaves like the middle-ware in a 3-tier client/server system. • It will corporate with CORBA.

  25. Client Software Requirement • A web browser with no additional add-on. E.g. I.E 4+ or Netscape 3.0+ compatible • Security protocol (SSL) supported web browser is advised.

  26. Security • A major concern on every e-commerce system • Useful feature especially on transferring confidential data like credit card details during payment • Common solution: Encryption

  27. Client (browser) Travel Agent Server Payment Gateway : credit card detail / user password : transaction reference Security(2) • Parts that require encryption in the system:

  28. Security(3) • Our concern: • Encryption/Decryption of data requires computation power at both clients & servers • No problem for servers communication • But difficult to control the computation at client • Solution: use of Java Applet • Drawbacks on Applet: Increase download time, extra Java plug-in needed, inefficient to develop just for security.

  29. Security(4) • Our approach: • Use of browser build-in capability for security • Advantage: do not require user to install extra plug-in • Disadvantage: need the browser to support • Use of SSL which is supported by major browsers(Netscape / Internet Explorer)

  30. Security(5) - SSL • Brief introduction of SSL: • developed by Netscape • support of different encryption algorithm(e.g. RSA) • use of symmetric key called session key for data encryption & decryption • session key is generated using information of server certificate which should be signed by a trusted CA • common key length used is 40bits, 56bits and 128bits(US only)

  31. Security(6) - SSL • Brief procedures of SSL connection: • Authenticate the server to the client. • Allow the client and server to select the cryptographic algorithms, or ciphers, that they both support. • Optionally authenticate the client to the server. • Use public-key encryption techniques to generate shared secrets. • Establish an encrypted SSL connection.

  32. Security(7) • What do we need to do? • Get a server certificate & install it (a free server cert is available for CUHK hosts at: http://www.cuhk.edu.hk/ca) • Use https in browser for SSL connection • More detail of SSL is available here - http://developer.netscape.com/docs/manuals/security/sslin/contents.htm - http://developer.netscape.com/tech/security/ssl/howitworks.html

  33. Future Works • implement the payment method suggested by a post-graduate • implement CORBA in our system • add the part Hotel Reservation for features • evaluate the possibility of using Agent techniques in database negotiation • add other interesting stuffs if time allows

  34. Q & A • You are welcome to raise questions on our project

More Related