2. IT TAKES MORE THAN
TECHNOLOGY
Regardless of their basic purpose-B2C or
B2B-virtually all EC sites rest on the same
network structure,communication protocols,
web standards, and security systems. This
chapter focuses on the basic hardware and
software infrastructure underlying the millions
of sites used to, sell to service,and chat with
both customers and business partners.
01/27/14
2
3. Tracking United Parcel
Service Shipments
The Problem
Since 1907 United Parcel Service (UPS) has been in the
package distribution business
It is the world’s largest package distribution company,
transporting over 3 billion parcels and documents each
year in over 200 countries.
UPS provides the means for customers to track their
shipments to determine the status and whereabouts of a
particular package
01/27/14
3
4. Tracking United Parcel
Service Shipments (cont.)
In the past, this was done primarily over the telephone
Customers would call UPS with the tracking number of
their shipment
An operator would look up the status of the shipment in
the UPS database and relay the information to the
customer
Servicing these calls cost an estimated $2 per call
01/27/14
4
5. Tracking United Parcel
Service Shipments (cont.)
The Solution
UPS created a Web site (ups.com) that enabled
customers to:
track their shipments online
determine the cost and transit time for delivery of a package
schedule a package for pickup
locate the nearest drop-off facility
01/27/14
5
6. Tracking United Parcel
Service Shipments (cont.)
These online facilities are accessed from the UPS
homepage
The customer clicks the “Tracking” tab at the top of the
homepage
This takes the customer to an online form where the customer
simply enters the tracking number and then hits the “Track”
button
The customer receives precise information about the location
of the designated shipment
01/27/14
6
7. Tracking United Parcel
Service Shipments (cont.)
The front end of the UPS Web site is simple, but the
back-end processing used to handle a tracking
request is more complicated
Requests are handed off to one of a handful of Web
servers
This server passes the request to the appropriate
application serve
01/27/14
7
8. Tracking United Parcel
Service Shipments (cont.)
The application server passes the request to an IBM
AS/400 computer attached to the UPS tracking database
(the largest transaction database in the world—20
terabytes of data
The mainframe performs the database search for the
status information
Then it is passed back up the line through the various
servers to the customer’s browser
01/27/14
8
9. Tracking United Parcel
Service Shipments (cont.)
The Results
The UPS site services over 4 million online tracking
requests per day
It keeps UPS competitive with other shipping companies
that also offer online tracking services and customer
information (FedEx)
01/27/14
9
10. Tracking United Parcel
Service Shipments (cont.)
UPS now offers customers the option of tracking their
packages through wireless devices (cell phones, PDAs,
and Web-enabled pagers )
Web pages have been modified to support the particular
wireless device being used
Specialized servers are used to deliver the pages over
the wireless communication networks
01/27/14
10
11. Tracking United Parcel
Service Shipments (cont.)
UPS (ec.ups.com) offers a set of e-commerce solutions
and a technology infrastructure that enables other
companies to incorporate UPS’ online:
order entry
Shipping
tracking capabilities
Example: Amazon.com
01/27/14
11
12. Tracking United Parcel
Service Shipments (cont.)
The company also offers e-commerce tools and services
for managing an enterprises’ overall supply chain
01/27/14
12
13. Tracking United Parcel
Service Shipments (cont.)
What we can learn …
There is more to an EC Web site than meets the eye
Behind the scenes of virtually every e-commerce site, a
number of hardware and software components are
supporting these applications
01/27/14
13
14. A Network of Network
The internet is a network of thousands of inter connected
networks .Included among the interconnected networks are:
The interconnected backbones that have international reach.
A multitude of access/delivery subnetworks are provided by
the local and regional Internet service providers(ISPs).
Infact, the request and response are each broken into
packets, and the packets can follow different paths.
The paths traversed by the packets are determined by
special computers called routers. The routers have
updateable maps of the networks on the internet that enable
them to determine the paths for the packets.
01/27/14
14
16. INTERNET PROTOCOL
A protocol is a set of rules that determines how
two computers communicate with one another over
a network.The protocols around which the internet
was designed embody a series of design principles.
Interoperable
Layered
Simple
End –to-End
01/27/14
16
17. TCP/IP
The protocol that solves the global internetworking
problem is the Transmission Control Protocol/Internet
Protocol(TCP/IP).
The TCP ensures that two computers can communicate
with one another in a reliable fashion.Each TCP
communication must be acknowledged in a reasonable
time, then the sending computer must transmit the
data. In order for one computer to send a request or a
response to another computer on the internet, the
request or response must be divided into packets that
are labeled with the addresses of the sending and
receiving computers.This is where IP comes into play.
The IP formats the packets and assign addresses.
17
01/27/14
19. DOMAIN NAMES
Names like www.microsoft.com, which reference
particular computers on the internet, are called
Domain Names. Domain Names are divided into
segments separated by periods.
When users wishes to access a particular
computer, they usually do so either explicitly or
implicitly through the domain name not the
numerical address.
The domain name is converted to the associated
numerical address by a special server called the
domain name server.
01/27/14
19
20. INTERNET CLIENT/SERVER
APPLICATION
As the name suggests, in a client/server application there
are two major classes of software:
Client software, usually residing on an end user’s desktop
and providing navigation and display.
Server software, usually residing on a workstation or
server-class machine and providing back-end data access
services (where the data can be something simple like a
file or complex like a relational database.
01/27/14
20
21. NEW WORLD NETWORK: INTERNET2 AND
NEXT GENERATION INTERNET (NGI)
The current data infra structure and protocols – the
intranet – are capable of handling today’s internet
traffic but not for so long. Two consortiums, as well
as various telecoms and commercial companies like
Cisco, are in the process of constructing the new
world network. It will be capable of dealing with the
next generation of internet applications, which will
be multimedia laden.
01/27/14
21
22. NEW WORLD NETWORK: INTERNET2 AND
NEXT GENERATION INTERNET (NGI)
Just as the original internet came from efforts
sponsored by NSF and DARPA ,it is assumed
that the research being done to create both
Internet 2 and the NGI will ultimately benefit the
public internet. While they will certainly impact
the bandwidth among the ISPs,IAPs, and
NAPs,it still does not eliminate the barriers
across the last mile to business and homes.
01/27/14
22
23. WEB-BASED CLIENT/SERVER
The vast majority of EC applications are web based. In
such applications, the clients are called web browsers
and the servers are simply called web servers, like other
client/server application s,web browsers and servers
need a way
To locate each other so they can send requests and
responses back and forth and
To communicate with one another . To fulfill these needs,
a new addressing scheme –the URL – and a new
protocol – the HyperText Transport Protocol (HTTP) –
were introduced.
01/27/14
23
24. WEB-BASED CLIENT/SERVER (cont.)
HYPERTEXT TRANSPORT PROTOCOL
When users navigate from one page to the another by clicking on
hypertext links within a page.when a user does this, a series of
actions takes place behind the scenes.First, a connection is made
to the web server specified in the URL associated with the link.
Next, the browser issues a request to the server, say to “GET” the
web page located in the directory specified by the associated
URL. The structure of the GET request is simply “GET url”(e.g.,
“GET www.ge.com”). The server retrieves the specified page
and returns it to the browser .
01/27/14
24
25. WEB BROWSER
The earliest versions of the web browsers-Mosaic,
Netscape1.0,and Internet Explorer 1.0 – were truly
“thin” clients. Their primary function was to display
web documents containing text and simple graphics.
Today, the two major browsers in the market –
Netscape communicator4.0 and Microsoft’s Internet
Explorer 5.0 (IE 5.0) – are anything but thin , both
offering a suite of functions and features.
01/27/14
25
26. WEB SERVER
A web server is not a hardware platform;it is a software
program. In the UNIX world this program is called an http
daemon. In the windows NT world the program is known as an
http service. The primary function of all of these programs is to
service HTTP requests. In addition, they also perform the
following functions :
Provide access control on the web server.
Providing real time access to databases and other dynamic
data.This is done through various application programming
interfaces . Enable management and administration of both the
server functions and the contents of the website .
Log transactions that the users make.
01/27/14
26
27. COMMERCIAL WEB SERVER
While there are dozens of web servers on the
market, three servers predominate;
Apache server
Microsoft’s internet Information Server (IIS)
Netscape’s Enterprise Server.
01/27/14
27
28. WEB SERVER USAGE SERVEY
Since late 1995, a company called Netcraft (
www.netcraft.com) has been conducting monthly
surveys to determine the market share of the
various servers (by numbers connected to the
internet). This is done by polling known web sites
with an HTTP request for the name of the server
software.
Table shows the survey results for selected months
beginning in January 1996 and ending in January
1999.
01/27/14
28
30. INTERNET SECURITY
CORNERSTONES OF SECURITY:
Security is often cited as a major barrier to EC, prospective
buyers, for example, are leery of sending credit card
information over the Web. Prospective sellers worry that
hackers will compromise their systems.while the need for
security breaches. The National Computer Security
Association (NCSA) has identified four cornerstones of secure
EC, Included are:
Authenticity
Privacy.
Integrity.
Non repudiation.
01/27/14
30
31. ENCRYPTION
One way to ensure the confidentiality and privacy of
messages is to make sure that even if they fall into the
wrong hands they cannot be read. This is where
cryptography comes into play. All cryptography has four
basic parts:
Plaintext- the original message in human-readable.
Cipher text- the plaintext message after it has been
encrypted into unreadable form.
Encryption algorithm- the mathematical formula used to
encrypt the plaintext into cipher text and vice versa.
Key- The secret key used to encrypt and decrypt a message.
Different keys produce different cipher text when used with
the same algorithm.
01/27/14
31
32. ENCRYPTION
Cryptography enables not only text but also binary
information - video, sound,and executable software
modules- to be encrypted for secure transmission across
the internet.
Synchronous Private Key Encryption
01/27/14
32
33. ENCRYPTION
Public key of recipient
Message
text
Private key of recipient
Ciphered
text
encryption
decryption
Receiver
Sender
Public key Encryption
01/27/14
Message
text
33
34. ENCRYPTION
Session Public Key
Key
of Recipient
Private Key
of Recipient
Session
Key
Digital Envelope
Session Key
Message
Text
01/27/14
Sender
Session Key
Ciphered
Text
Decryption
Encryption
34
Message
Text
Receiver
35. DIGITAL SIGNATURES: AUTHENTICITY
01/27/14
Digital signatures are based on public key encryption. The
use of a digital signature is illustrated in figure. The basic
idea is that messages encrypted with a private key can only
be decrypted with a public key.
This phrase is then attached to the message and the
combined message is encrypted with the recipient’s public
key. Upon recipient, the message is first decrypted with the
recipient’s private key. The signature phrase is decrypted
with the sender’s public key. If the phrase is successfully
decrypted, then the recipient knows that the message could
have only been sent by the holder of the sender’s private
key. Of course, at this point there is no guarantee that the
sender is actually the sender. It could be someone who has
stolen the private key. This is where digital certificates come
into play.
35
36. Private Key
Public Key
of Recipient
MESSAGE
TEXT
Signature
Encryption
of Recipient
CIPHER
TEXT
MESSAGE
TEXT
Decryption
Sender
Receiver
Private Key
of Sender
01/27/14
Signature
Public Key
of Sender
Digital Signature
36
37. DIGITAL CERTIFICATES AND CERTIFICATE
AUTHORITIES (CAs)
Digital certificates verify that the holder of a public and private
key is who they claim to be. The structure of a digital certificate
is governed by the IETF’s X .509 standard.
Digital certificates are issued by third parties called certificate
authorities (CAs).
Individuals or companies apply for digital certificates by
sending the CA their public key and identifying information.
The CA uses their private key to encrypt the certificate and
sends the signed certificate to the applicant.
The sender uses the CA’S public key to decrypt the certificate.
In this way the sender can be more confident of the true identity
of the recipient .
01/27/14
37
38. DIGITAL CERTIFICATES AND CERTIFICATE
AUTHORITIES (CAs)
After decrypting the certificate, the sender uses the embedded
public key to encrypt the message. In this way, the only public
key that the sender really has to know ahead of time is the CA
public key.
01/27/14
38
39. SECURE SOCKET LAYER
Secure socket layer is a protocol that operates at the TCP/IP
layer. This means that any application that relies on TCP/ IP
SUCH AS THE Web (HTTP) , Use Net newsgroups (NNTP), and email (SMTP) can be secured by SSL. Secure socket layer
supports a variety of encryption algorithms and authentication
methods . The combination of algorithms and methods is called
a cipher suite. When a client contacts a server, the two negotiate
a cipher suite, selecting the strongest suite the two have in
common.
01/27/14
39
40. SECURE ELECTRONIC TRANSACTION
A Cryptographic protocol that is designed to handle the
complete transaction is secure electronic transaction (SET),
which was jointly developed by visa.
The SET protocol provides authentication,confidentiality, message
integrity, and linkage, and it relies on public and private keys for the
consumer and the merchant and supports the following features.
Cardholder registration.
Debit card transactions.
Credit reversal.
Merchant registration.
Purchase requests.
Payment authorizations.
Payment capture.
Charge backs.
Credits.
01/27/14
40
41. Firewall: ACCESS CONTROL
A firewall is a network node consisting of both hardware and software that
isolates a private network. There are two basic types of firewalls: dualhomed gateway and screen-host gateway.
In a dual-homed gateway a special server called the bastion gateway
connects a private internal network to the outside internet.
With a screen-host gateway a network router is used to control access to
the bastion gateway. The router ensures that all inbound traffic must pass
through the bastion gateway. A popular variant of the screened-host is the
screened subnet gateway in which the bastion gateway offers access to a
small segment of the internal network. The open subnet is known as the
demilitarized zone. The idea behind the screened subnet is that there is no
way for outside traffic to gain access to any of the other hosts on the
internal network.
01/27/14
41
44. VIRTUAL PRIVATE NETWORKS
Suppose an enterprise wishes to provide mobile or remote
workers with secure access to enterprise data that is normally
accessed over a LAN.Traditionally, remote and mobile workers
access this data through a bank of modems or a remote
access server (RAS) that allows them to dial in over phone
lines to the LAN. The chance of caves dropping on the
transmission is nil, but it is an expensive way to do business
because of the long distance phone charges that are incurred.
A less expensive alternative is a virtual private network(VPN).
VPN combines encryption, authentication, and protocol
tunneling to provide secure transport of private
communications over the public Internet. It is as if the Internet
becomes part of a larger enterprise WAN. In this way,
transmission costs are drastically reduced because workers
can access enterprise data by making a local call into an ISP
rather than a long- distance call.
01/27/14
44
45. Selling on the WEB
Functional requirements
The
TCP/IP, web browsers, commercial web
servers, encryption, and firewalls provide an
open foundation for creating web site that can
easily support marketing and service activities.
They provide an infrastructure for conducting
business online.
01/27/14
45
46. Selling on the WEB
Just like their physical counter parts, online store must provide the
means:
Discover, search for, and compare products for purchase;
Select a product to be purchase and determine its total price;
Place an order for products;
Confirm order, or ensuring that the desire product is available;
To pay for products;
To verify credit
To process order
To verify shipment;
Provide feedback to the seller
01/27/14
46
47. ELECTRONIC COMMERCE SOLUTIONS:
OUTSOURCING VERSUS INSOURCING
Like
traditional merchants, web merchants
have a number of options for creating and
operating their electronic storefronts. There
are threes types of providers who offer
services for creating and operating an
electronic storefront.
01/27/14
47
48. ELECTRONIC COMMERCE SOLUTIONS:
OUTSOURCING VERSUS INSOURCING
1.
Internet malls:
01/27/14
There are 3,000 or more malls on the web, like a real world mall.
An internet mall consist of a single storefront entry to a
collection of electronic storefront.
Internet malls come in a variety of shapes and size. There are
regional malls like South Florida's (www.sf-mall.com), specially
malls like the Golf Mall (www.golf-mall.com), and general
purpose malls like Choice Mall (www.choicemall.com) .
48
49. ELECTRONIC COMMERCE SOLUTIONS:
OUTSOURCING VERSUS INSOURCING
2.
Internet service providers:
In addition to providing internet access to companies and
individual users, a large number of ISPs offer host services for
EC.
For the most parts of ISPs are focused on operating a secure
transaction environment.
This task can be outsourced by third party.
A listing of top site designers can be found at
www.internetworld.com .
Some of the national ISPs like UUNet have begun offering more
complete EC solution.
01/27/14
49
50. ELECTRONIC COMMERCE SOLUTIONS:
OUTSOURCING VERSUS INSOURCING
Telecommunication companies:
3.
•
•
•
01/27/14
Increasingly the large telecommunication companies have
expanded their hosting services to include the full range of EC
solutions.
Network service provider NSP, one of the private companies
maintaining and servicing the Internet’s high-speed back bones.
Include among the companies are MCI, sprint, UUNET/MIS,
PSINet, and BBN planet
50
51. Electronic Catalogs and merchant
servers.
Electronic catalogs presentation of information about
products (services) that traditionally were in paper catalogs.
However, electronic catalogs include multimedia such as
voice clips.
An electronic catalog contain
written descriptions
photos of products along with information about various
promotions,
discounts,
payment methods and
methods of delivery.
01/27/14
51
52. Electronic Catalogs and merchant
servers.
Electronic catalogs and merchant server allow businesses to
create simple, straight forward electronic storefronts. For more
complex operations, a number of vendors offer EC suite that
support most stages of the supply and buying chains.
Electronic commerce suites offer merchants
Greater flexibility
Specialization
Customization
Integration in supporting complete front and back-office
functionality.
01/27/14
52
53. Chatting on the web.
Online forum and chat group technologies offer a variety of
business opportunities.
Chat groups involving customers and helpline staff are one
way of offering enhanced customer services.
Communication centers:
Virtual meeting places can be created and fees charged for
participation.
One example is Match. COM (www.match.com) , web chat broad
casting system (www.wbs.com) , contain 200 chat rooms.
01/27/14
53
54. Chatting on the web.
Customer services:
A number of customer services site now offer
online
support where customers can converse with help line
staff and other customer.
Most online support center are organized as forums
rather than chat groups.
There are some exceptions Merchant (
www.intersolv.com/csupport/index.asp) .
01/27/14
54
55. Multimedia delivery.
The way in which audio, video and other multimedia content are
being delivered over the internet are
Web casting:
Web casting is a term used to describe internet-based broad
casting of audio and video content.
One of the leading arena is Real Networks.&
Web casting ranges from simple text streams; to periodic
transmission of webcam images; to low quality audio and
animation; to high end CD quality audio; and full motion, full
screen video.
01/27/14
55
56. Bandwidth
The major barrier to widespread participation in in Web cast is
bandwidth.
Bandwidth refers to the speed with which content can be delivered.
Most consumer connect to the internet over the telephone through
modems whose speed range from 14.4 kbps to 56 kbps (kilo byte per
second).
Most consumer connect to the internet using lower speed modems.
Soon this will change as the cable television and telephone
companies battle for the privilege of wiring homes with internet
connections.
01/27/14
56
57. Internet telephones:
Internet phones are not a real telephones– they are
program that let you talk with other people using the
internet.
The main attraction of internet telephones is cost,
depending on the type of internet phone connections.
Internet phones comes in three versions---PC-to-PC, PCto-Phone, and Phone-to-Phone.
01/27/14
57
58. Internet telephones:
With PC-to-PC internet phones call, the caller and recipient are
both required to have the same internet phones software on their
computers.
PC-to-Phone system only require the caller to have the internet
phone software. The recipient answer the call with a regular
telephone.
Phone-to-Phone, the caller and the recipient use a regular
telephone.
01/27/14
58