Electronic Commerce Lecture 5
Jan 27, 2016
Electronic Commerce
Lecture 5
Get Started: PlanningQuestions to Ask: How is EC going to change our business or create
new channel for new business? How do we uncover new types of business
opportunities? How can we take advantage of new electronic
linkages with customers and trading partners? (Extended Enterprise)
Do we become intermediaries ourselves? (Shrink and Specialize; Expand and Capture)
Planning How do we bring more buyers together
electronically (and keep them there)? How do we change the nature of our products and
services or create new ones? Why is the Internet affecting other companies
more than ours? How do we manage and measure the evolution of
our strategy? How to assess the success of EC?
What to do?Mougayar (1998, Opening Digital Markets)
1. Conduct Necessary Education and Training2. Review Current/New Distribution and Supply
Chain Models3. Understand What Your Customers and Partners
Expect from the Web4. Re-evaluate the Nature of Your Products and
Services5. Give a New Role to Your Human Resources
Department
What to do?6. Extend Your Current Systems to the
Outside7. Track New Competitors and Market
Shares8. Develop a Web-Centric Marketing
Strategy9. Participate in the Creation and
Development of Virtual Marketplaces10. Instill EC Management Style
Four System Architechure (Hsu)
Document Connectivity HTML, …
Applications Connectivity CGI, Javascript, …
Database Connectivity ODBC/JDBC, databases
Enterprise Connectivity Java, CORBA
Five Elements of an EC System(Hsu)
Web Server Applications Server Database Server Internal Networking Internet Connection
Web-based Enterprise Computing (article 20)
DB
db engine
ODBC/JDBC compliant
WebServer-received request-Invoked applications
APIWeb-based
Applications
WebBrowser
Web-based Enterprise Computing Client-server computing ODBC- & JDBC- compliant DBMS Static vs Dynamic HTML
pages Java COM CORBA Drumbeaat 2000 X/Open Informix, Sybase, Oracle
CGI programs (Unix shell scripts, C and/or Perl programs)
HTTP Applets vs Servlets API ASP vs JSP Lotus Domino, Netscape
Enterprise, IIS, … SQL ColdFusion/CFML XML
Infrastructure for EC
E-business Plan and Design
e-Consumers/e-Customers
Technology Infrastructure
E-business Plan and Design
Technology InfrastructureWeb ServerApplications ServerDatabase ServerInternal NetworkingInternet Connection
e-Consumers/e-Customers
Document Connectivity (HTML, …
Applications Connectivity (CGI, Javascript…Database Connectivity (Oracle, ODBC/JDBC,..Enterprise Connectivity (Java, CORBA, EDI, …
Network Connectivity (Protocols, Transmission Media, ..
Network InfrastructureComputer networks originally built on top of
existing phone network, which in terms was built from the demand of telegraphs
Exchange of information from the chosen few that could afford telegraphs to the widespread of the use of phone for voice and data transmission within a given country. Now with computer networking, the boundaries between countries melt away as yet governmental and political issues remain to be resolved.
Network InfrastructureThe circuit-switched public telephone networking is
challenged by the TCP/IP-based packet-switched networking of the Internet. This switch could be a must to support the fast growing needs for Internet access but it disturbs the many international and domestic regulatory agencies in how to handle this surge of demand. There simply does not exist the infrastructure for the ease of installing the new technology and scrap the old and it is done.
Data Traffic Exceeds Voice Traffic Folklore? 30,000 bits for a single-spaced typed sheet 5-minutes of phone conversation = 640 typed pages speech is not optimized for digital transmission maybe: talk less type more? More use of internet (e-
business) and Video on demand piped via the same internet links
Source Destination
Internetworking…
ARPANET to Internet DOD initiated in 1960 to establish a
communication network that was robust and reliable even with link and/or node failure
Store-and-forward packet switched network ARPANET and other networks became what we
now know as the Internet, propelled by the availability of browsers like Mosaic
ARPANET to Internet Other similar networks (70’s)
IBM’s SNA (Systems Networks Architecture) in 1974
DEC’s DECnet in 1975 Sperry-Univac’s Data Communications
Architecture in 1976 Siemens’ Transdata in 1978 CII-Honeywell-Bull’s Distributed Systems
Architecture in 1979
Historical Events of Internet ‘69 DOD ARPA funded research on packet
switched networks ‘74 Vint Cerf & Bob Kahn published TCP, its
basic mechanism ‘82 ARPA defined the TCP/IP protocol suite ‘84 Domain name system introduced ‘86 NSFNET became the backbone (56kbps) ‘92 WWW by Tim Berners-Lee, CERN, the
European Organization for Nuclear Research
Standards Organization ITU (International Telecommunications
Union), previously known as CCITT (Consultative Committee for International Telegraphy and Telephony
RFC’s Published only with the approval of IESG
(Internet Engineering Steering Group) of the IETF (Internet Engineering Task Force)
All Internet standards originated as RFC’s Not all RFC’s are Internet standards http://rs.interic.net/
ISO 7-Layer Reference Model
Application
Presentation
Session
Network
Data Link
Physical
Transport
Basic network hardware
Organize data
Network addresses
Classes of IP Address Space Primary Classes
Class A : 0 + 7-bit prefix/128 networks (24-bit suffix - 16,777,216 hosts) [0 thru 127]
Class B : 10 + 14-bit prefix/16384 networks (16-bit suffix - 65536 hosts) [128 thru 191]
Class C : 110 + 21-bit prefix/2,097,152 networks (8-bit suffix - 256 hosts) [192 thru 223]
IPv4: 32 bits (232 ~= 4 billions) Ipng (IPv6): 128 bits (1015)
TCPTCP (Transmission Control Protocol)
Connection-Oriented Transport vs Connectionless-Oriented Transport (User Datagram Protocol or UDP)
To make sure a message arrives at the destination (from source) successfully
Source Destination
Internetworking…
TCP/IP
IP addresses (137.198.34.10)
Domain Name: www.ComeGetMe.com
Hong Kong Internet Connections
The HK Internet Exchange
Security Why? What are the problems that we are facing in
EC? Discussion…..
Security’s main challenges
Confidentiality: only the parties know Integrity: only what is sent is received
Authentication: only the right parties are talking
Encryption(Turban, p 396)
Plaintext Ciphertext: use a set of rules (known
between communicating parties) to transform Plaintext to Ciphertext
Encryption algorithm Keys
Length of a Key
Some Interesting Numbers(Bruce Schneier, “Appliced Cryptography”)
With money, what could you do to break the key?
Cost 40 56 64 80 128
$100 thousand
2 secs 35 hrs 1 yr 70,000 yrs
1019 yrs
$100 billion
2 microsecs
.1 sec 32 secs 24 days 1013 yrs
Ciphers Two Types of Ciphers
Symmetric encryption or secret-key encrpytion
Asymmetric : a pair of matching keys
Symmetric Encryption Using the same key at the sending and
receiving ends Keys can be Keys can be private keyprivate key or secret keysecret key
Encrypt Internet Decrypt
Plaintext Ciphertext
Symmetric Encryption
Problems: Has to be secret Need to communicate a new secret key
if a third party obtains the key Authenticity Discussion?
Asymmetric Encryption Involves a
public key private key
Public-key Cryptography – 1976, Whitfield Diffie & Martin Hellman
Data encryption is possible with public key and decryption is done with only the matching private key (or the opposite)
Encrypt Internet Decrypt
Plaintext Ciphertext
Encrypt Internet Decrypt
Asymmetric Encryption
No one can decrypt the message without your private key if the message is intended for you
Don’t know who else is reading… Discussion…
Encrypt
Internet
Decrypt
Hash FunctionMessageDigest
signature
signature
Hash Function
Same or Different
Who is Tim?
Public Key Infrastructure (PKI) Baltimore Technologies (www.baltimore.com)
Wireless e-Security
Entrust Technologies CyberTrust RSA Security VeriSign Xcert International
PKI www.uncitral.org/en-index.htm (United
Nations Office of Legal Affairs servicing the United Nations Commission on the International Trade Law
X.509 Certificates
PKI Duplicate names Revocation PKI-enabled applications
Digital Certificates (DCs) & Certificate Authorities (CAs)
Public Key (I am snoopy)
Person Information(Beagle; spotted ears)
Public Key (I am snoopy)
Beagle; spotted ears
CA’sPrivate Key
EncryptionAlgorithm
DC
Verification“Your Dinner is Served”
1. Request DC
2. Send DC
3. Get CA’s Public Key4. Take Snoopy’s Public Key and encrypt “Your Dinner is Served”
5. Send Encrypted Message
6. Snoopy decrypts message with his own private key
X.509 Certificates Serial Number: assigned by the entity (in
this case, HKPO); will be used in the CRL Signature Algorithm Identifier: CA uses
this to encrypt (sign the certificate) Validity Period Subject Name: CN, OU, O, and CVersion 3 (1996) is the most recent with
extensions
PKIX X.509 Version 3 Certificates (RFC 2459) OCSP – Online Certificate Status Protocol
(RFC 2560) Certificate Management Request Format
(CRMF) (RFC 2511) Certificate Revocation List LDAP: Lightweight Directory Access
Protocol (RFC 2251) : V3 Dec 1997
Web Server
WebServer
WebClient Internet
HttpHttp: HHyper TText TTransport PProtocol
Requests
Responses
MIME Multipurpose Internet Mail Extensions Open standard for sending information in
various forms through Internet email Supports almost a hundred predefined
types of content Content types are classified as a type and a
subtype