Electronic Commerce

Electronic Commerce

Lecture 5

Get Started: PlanningQuestions to Ask: How is EC going to change our business or create

new channel for new business? How do we uncover new types of business

opportunities? How can we take advantage of new electronic

linkages with customers and trading partners? (Extended Enterprise)

Do we become intermediaries ourselves? (Shrink and Specialize; Expand and Capture)

Planning How do we bring more buyers together

electronically (and keep them there)? How do we change the nature of our products and

services or create new ones? Why is the Internet affecting other companies

more than ours? How do we manage and measure the evolution of

our strategy? How to assess the success of EC?

What to do?Mougayar (1998, Opening Digital Markets)

1. Conduct Necessary Education and Training2. Review Current/New Distribution and Supply

Chain Models3. Understand What Your Customers and Partners

Expect from the Web4. Re-evaluate the Nature of Your Products and

Services5. Give a New Role to Your Human Resources

Department

What to do?6. Extend Your Current Systems to the

Outside7. Track New Competitors and Market

Shares8. Develop a Web-Centric Marketing

Strategy9. Participate in the Creation and

Development of Virtual Marketplaces10. Instill EC Management Style

Four System Architechure (Hsu)

Document Connectivity HTML, …

Applications Connectivity CGI, Javascript, …

Database Connectivity ODBC/JDBC, databases

Enterprise Connectivity Java, CORBA

Five Elements of an EC System(Hsu)

Web Server Applications Server Database Server Internal Networking Internet Connection

Web-based Enterprise Computing (article 20)

DB

db engine

ODBC/JDBC compliant

WebServer-received request-Invoked applications

APIWeb-based

Applications

WebBrowser

Web-based Enterprise Computing Client-server computing ODBC- & JDBC- compliant DBMS Static vs Dynamic HTML

pages Java COM CORBA Drumbeaat 2000 X/Open Informix, Sybase, Oracle

CGI programs (Unix shell scripts, C and/or Perl programs)

HTTP Applets vs Servlets API ASP vs JSP Lotus Domino, Netscape

Enterprise, IIS, … SQL ColdFusion/CFML XML

Infrastructure for EC

E-business Plan and Design

e-Consumers/e-Customers

Technology Infrastructure

E-business Plan and Design

Technology InfrastructureWeb ServerApplications ServerDatabase ServerInternal NetworkingInternet Connection

e-Consumers/e-Customers

Document Connectivity (HTML, …

Applications Connectivity (CGI, Javascript…Database Connectivity (Oracle, ODBC/JDBC,..Enterprise Connectivity (Java, CORBA, EDI, …

Network Connectivity (Protocols, Transmission Media, ..

Network InfrastructureComputer networks originally built on top of

existing phone network, which in terms was built from the demand of telegraphs

Exchange of information from the chosen few that could afford telegraphs to the widespread of the use of phone for voice and data transmission within a given country. Now with computer networking, the boundaries between countries melt away as yet governmental and political issues remain to be resolved.

Network InfrastructureThe circuit-switched public telephone networking is

challenged by the TCP/IP-based packet-switched networking of the Internet. This switch could be a must to support the fast growing needs for Internet access but it disturbs the many international and domestic regulatory agencies in how to handle this surge of demand. There simply does not exist the infrastructure for the ease of installing the new technology and scrap the old and it is done.

Data Traffic Exceeds Voice Traffic Folklore? 30,000 bits for a single-spaced typed sheet 5-minutes of phone conversation = 640 typed pages speech is not optimized for digital transmission maybe: talk less type more? More use of internet (e-

business) and Video on demand piped via the same internet links

Source Destination

Internetworking…

ARPANET to Internet DOD initiated in 1960 to establish a

communication network that was robust and reliable even with link and/or node failure

Store-and-forward packet switched network ARPANET and other networks became what we

now know as the Internet, propelled by the availability of browsers like Mosaic

ARPANET to Internet Other similar networks (70’s)

IBM’s SNA (Systems Networks Architecture) in 1974

DEC’s DECnet in 1975 Sperry-Univac’s Data Communications

Architecture in 1976 Siemens’ Transdata in 1978 CII-Honeywell-Bull’s Distributed Systems

Architecture in 1979

Historical Events of Internet ‘69 DOD ARPA funded research on packet

switched networks ‘74 Vint Cerf & Bob Kahn published TCP, its

basic mechanism ‘82 ARPA defined the TCP/IP protocol suite ‘84 Domain name system introduced ‘86 NSFNET became the backbone (56kbps) ‘92 WWW by Tim Berners-Lee, CERN, the

European Organization for Nuclear Research

Standards Organization ITU (International Telecommunications

Union), previously known as CCITT (Consultative Committee for International Telegraphy and Telephony

RFC’s Published only with the approval of IESG

(Internet Engineering Steering Group) of the IETF (Internet Engineering Task Force)

All Internet standards originated as RFC’s Not all RFC’s are Internet standards http://rs.interic.net/

ISO 7-Layer Reference Model

Application

Presentation

Session

Network

Data Link

Physical

Transport

Basic network hardware

Organize data

Network addresses

Classes of IP Address Space Primary Classes

Class A : 0 + 7-bit prefix/128 networks (24-bit suffix - 16,777,216 hosts) [0 thru 127]

Class B : 10 + 14-bit prefix/16384 networks (16-bit suffix - 65536 hosts) [128 thru 191]

Class C : 110 + 21-bit prefix/2,097,152 networks (8-bit suffix - 256 hosts) [192 thru 223]

IPv4: 32 bits (232 ~= 4 billions) Ipng (IPv6): 128 bits (1015)

TCPTCP (Transmission Control Protocol)

Connection-Oriented Transport vs Connectionless-Oriented Transport (User Datagram Protocol or UDP)

To make sure a message arrives at the destination (from source) successfully

Source Destination

Internetworking…

TCP/IP

IP addresses (137.198.34.10)

Domain Name: www.ComeGetMe.com

Hong Kong Internet Connections

The HK Internet Exchange

Security Why? What are the problems that we are facing in

EC? Discussion…..

Security’s main challenges

Confidentiality: only the parties know Integrity: only what is sent is received

Authentication: only the right parties are talking

Encryption(Turban, p 396)

Plaintext Ciphertext: use a set of rules (known

between communicating parties) to transform Plaintext to Ciphertext

Encryption algorithm Keys

Length of a Key

Some Interesting Numbers(Bruce Schneier, “Appliced Cryptography”)

With money, what could you do to break the key?

Cost 40 56 64 80 128

$100 thousand

2 secs 35 hrs 1 yr 70,000 yrs

1019 yrs

$100 billion

2 microsecs

.1 sec 32 secs 24 days 1013 yrs

Ciphers Two Types of Ciphers

Symmetric encryption or secret-key encrpytion

Asymmetric : a pair of matching keys

Symmetric Encryption Using the same key at the sending and

receiving ends Keys can be Keys can be private keyprivate key or secret keysecret key

Encrypt Internet Decrypt

Plaintext Ciphertext

Symmetric Encryption

Problems: Has to be secret Need to communicate a new secret key

if a third party obtains the key Authenticity Discussion?

Asymmetric Encryption Involves a

public key private key

Public-key Cryptography – 1976, Whitfield Diffie & Martin Hellman

Data encryption is possible with public key and decryption is done with only the matching private key (or the opposite)

Encrypt Internet Decrypt

Plaintext Ciphertext

Encrypt Internet Decrypt

Asymmetric Encryption

No one can decrypt the message without your private key if the message is intended for you

Don’t know who else is reading… Discussion…

Encrypt

Internet

Decrypt

Hash FunctionMessageDigest

signature

signature

Hash Function

Same or Different

Who is Tim?

Public Key Infrastructure (PKI) Baltimore Technologies (www.baltimore.com)

Wireless e-Security

Entrust Technologies CyberTrust RSA Security VeriSign Xcert International

PKI www.uncitral.org/en-index.htm (United

Nations Office of Legal Affairs servicing the United Nations Commission on the International Trade Law

X.509 Certificates

PKI Duplicate names Revocation PKI-enabled applications

Digital Certificates (DCs) & Certificate Authorities (CAs)

Public Key (I am snoopy)

Person Information(Beagle; spotted ears)

Public Key (I am snoopy)

Beagle; spotted ears

CA’sPrivate Key

EncryptionAlgorithm

DC

Verification“Your Dinner is Served”

1. Request DC

2. Send DC

3. Get CA’s Public Key4. Take Snoopy’s Public Key and encrypt “Your Dinner is Served”

5. Send Encrypted Message

6. Snoopy decrypts message with his own private key

X.509 Certificates Serial Number: assigned by the entity (in

this case, HKPO); will be used in the CRL Signature Algorithm Identifier: CA uses

this to encrypt (sign the certificate) Validity Period Subject Name: CN, OU, O, and CVersion 3 (1996) is the most recent with

extensions

PKIX X.509 Version 3 Certificates (RFC 2459) OCSP – Online Certificate Status Protocol

(RFC 2560) Certificate Management Request Format

(CRMF) (RFC 2511) Certificate Revocation List LDAP: Lightweight Directory Access

Protocol (RFC 2251) : V3 Dec 1997

Web Server

WebServer

WebClient Internet

HttpHttp: HHyper TText TTransport PProtocol

Requests

Responses

MIME Multipurpose Internet Mail Extensions Open standard for sending information in

various forms through Internet email Supports almost a hundred predefined

types of content Content types are classified as a type and a

subtype