Escolar Documentos
Profissional Documentos
Cultura Documentos
Infrastructure for
Electronic Commerce
Learning Objectives
Describe the protocols underlying Internet client/server
applications
Compare the functions and structures of Web browsers and
servers
Discuss the security requirements of Internet and ecommerce applications, and how are these requirements
fulfilled by various hardware and software systems
Describe the functional requirements for online selling and
what are the specialized services and servers that perform
these functions
Prentice Hall, 2000
ISP
ISP
ISP
NAP
NAP
ISP
ISP
NAP
NAP
ISP
ISP
ISP
ISP
5
Backbone5
Internet Protocols
Protocols - A set of rules that determine how two
computers communicate with one another over a network
The protocols embody a series of design principles
Interoperable the system supports computers and software from
different vendors. For e-commerce this means that the customers or
businesses are not required to buy specific systems in order to conduct
business.
Layered the collection of Internet protocols work in layers with each
layer building on the layers at lower levels.
Simple each of the layers in the architecture provides only a few
functions or operations. This means that application programmers are
hidden from the complexities of the underlying hardware.
End-to-End the Internet is based on end-to-end protocols. This
means that the interpretation of the data happens at the application
layer and not at the network layers. Its much like the post office.
Prentice Hall, 2000
TCP/IP Architecture
Application Layer
FTP, HTTP, Telnet, NNTP
Transport Layer
Transmission
User
Control Protocol
Datagram Protocol
(TCP)
(UDP)
Internet Protocol
(IP)
Network Interface Layer
Physical Layer
Prentice Hall, 2000
TCP/IP
Solves the global internetworking problem
Transmission Control Protocol (TCP)
Ensures that 2 computers can communicate with
one another in a reliable fashion
Domain Names
Reference particular computers on the
Internet
Divided into segments separated by periods
For example, in the case of www.microsoft.com
www is the specific computer
com is the top level domain
microsoft is the subdomain
Protocol
Simple Mail Transport Protocol (SMTP)
Post Office Protocol version 3 (POP3)
Multipurpose Internet Mail Extensions (MIME)
File Transfer Protocol (TP)
Purpose
Allows the transmission of text
messages and binary
attachments across the Internet.
Enables files to be
uploaded and downloaded
across the Internet.
Provides a way for users to
talk to one another in realtime over the Internet. The
real-time chat groups are
called channels.
Chat
UseNet
Newsgroups
World Wide
Web (Web)
10
Goals of Internet2
to connect universities so that a 30 volume encyclopedia
could be transmitted in less than second
to support applications like distance learning, digital
libraries, video teleconferencing, teleimmersion and
collaborative tools,
andHall,
virtual
Prentice
2000 laboratories
11
12
Web-based Client/Server
Web browsers servers need as way to:
Locate each other so they can send requests
and responses back and forth
Communicate with one another
13
14
15
Distinguished by :
platforms, performance, security, and commerce
Prentice Hall, 2000
16
Internet Security
Cornerstones of Security
Authenticity
the sender (either client or server) of a message is
who he, she or it claims to be
Privacy
the contents of a message are secret and only known
to the sender and receiver
Integrity
the contents of a message are not modified
(intentionally or accidentally) during transmission
Non-repudiation
the sender of a message cannot deny that he, she or
it actually sent the message
Prentice Hall, 2000
17
Encryption
Private Key Encryption (Symmetrical Key Encryption)
Data Encryption Standard (DES) is the most widely
used symmetrical encryption algorithm
Private Key
Message
Text
Ciphered
Text
Encryption
Sender
Private Key
Message
Text
Decryption
Receiver
18
Encryption (cont.)
Public Key Encryption (Asymmetrical Key
Encryption
Public)Key of
Private Key of
Recipient
Message
Text
Encryption
Recipient
Ciphered
Text
Sender
Decryption
Message
Text
Receiver
Prentice Hall, 2000
19
Encryption (cont.)
Digital Envelope combination of symmetrical
and public key encryption
Public key of
Recipient
Session Key
Digital Envelop
Session Key
Public key of
Recipient
Session Key
Session Key
Message
Ciphered
Message
Text
Text
Text
Encryption
Decryption
Sender
Receiver
20
Encryption (cont.)
Digital Signatures : Authenticity and Non-Denial
Public Key of
Recipient
Message
Text
Signature
Sender
Private Key of
Recipient
Message
Text
Ciphered
Text
Encryption
Decryption
Private Key
of Sender
Public Key
of Sender
Signature
Receiver
21
22
23
Chargebacks
Credits
Credit reversal
Debit card transactions
24
Access Control
Password Protection
Passwords are notoriously susceptible to
compromise
Users have a habit of sharing their passwords with
others, writing them down where others can see them,
and choosing passwords that are easily guessed.
Browser transmits the passwords in a form that is
easily intercepted and decoded. By making sure that
even if the passwords are compromised the intruder
only has restricted access to the rest of the network;
which is one of the roles of a firewall.
Prentice Hall, 2000
25
Firewalls
A network node consisting of both hardware and software
that isolates a private network from a public network
Make sure that even if the passwords are compromised the
intruder only has restricted access to the rest of the network
Two types
Dual-homed gateway
bastion gateway connects a private internal network to
outside Internet
proxies (software programs) run on the gateway server and
pass repackaged packets from one network to the other
Screen-host gateway
screened subnet gateway in which the bastion gateway
offers access to a small segment of the internal network
demilitarized zone is the open subnet
Prentice Hall, 2000
26
Bastion
Host
Internet
Router
Local
Network
Router
Proxies:
FTP, HTTP,
NNTP,
Telnet
FTP
Server
Prentice
Hall, 2000
27
28
Protocol tunneling
Support multi-protocol networking
To encrypt and encapsulate the data being transmitted
Types of protocol being used to carry out protocol tunneling
protocols are aimed primarily at site-to-site VPNs (e.g. IPV6)
protocols are used to support VPNs that provide employees,
customers, and others with dial-up access via an ISP (e.g.
Microsofts Point-to-Point Tunneling Protocol (PPTP))
Prentice Hall, 2000
29
30
31
32
33
3rd Party
Applications
Merchant
Server
Internet
Web
Browser
Financial
Network
Web
Server
Database
Catalog
Order
Merchant
Server Architecture
Prentice Hall, 2000
34
Cross selling
Secure payment processing
35
36
Internet
Web
Browser
Order Capture,
Completion
Web
Server
Payment
Processing
(SET & Purchase
Order)
Catalog
Database
Customer
Database
Order
Database
Fulfillment
Systems
Payment
Database
Financial
Network
37
38
Customer Service
offer online support where customers can converse
with help-line staff and receive advice
Community Discussion
provide forums and chat services with a marketing eye
toward developing a community of loyal users,
followers and advocates
Prentice Hall, 2000
39
Multimedia Delivery
Webcasting describes Internet-based broadcasting of
audio and video content
Types of Webcasts
Text Streams Text-only wordcasts and datacasts
to deliver constant news and stock price updates
Streaming Video
to deliver videoconferences where high quality images are not
required and there is not much movement among participants
Prentice Hall, 2000
40
Webcasting
Works in a straightforward way
Multicasting
stream a Webcast from a central server to other media servers
which are distributed to different locations
when a listener or viewer clicks on a Webcast link they are
automatically routed to the closest server
Prentice Hall, 2000
41
42
Internet Telephones
Internet phones
programs that let you talk with other people using the
Internet
the added cost to the end user is at best zero and at
worst a substantially lower total charge than a standard
telephone call
PC-to-PC; PC-to-phone; and phone-to-phone
vendors who dominate the Internet telephone market
space
VocalTec ( www.vocaltec.com )
IDT ( www.met2phone.com )
Delta Three ( www.deltathree.com )
Prentice Hall, 2000
43
44
Managerial Issues
Now or later the question is no longer Will but
When
45