Chapter 11

Infrastructure for
Electronic Commerce

Prentice Hall, 2000

Learning Objectives
Describe the protocols underlying Internet client/server
applications
Compare the functions and structures of Web browsers and
servers
Discuss the security requirements of Internet and ecommerce applications, and how are these requirements
fulfilled by various hardware and software systems
Describe the functional requirements for online selling and
what are the specialized services and servers that perform
these functions
Prentice Hall, 2000

Learning Objectives (cont.)

Describe the business functions that Web chat can fulfill
and list some of the commercially available systems that
support chat

Understand the ways in which audio, video and other

multimedia content are being delivered over the Internet
and to what business uses this content is being applied

Prentice Hall, 2000

A Network of Networks = Internet

Internet is a network of hundreds of
thousands interconnected networks
Network Service Providers (NSPs)
runs the backbones

Internet Service Providers (ISPs)

provide the delivery subnetworks
Prentice Hall, 2000

Internet Network Architecture

ISP

ISP
ISP
ISP

NAP

NAP

ISP

ISP
NAP

NAP
ISP

ISP
ISP

ISP
5

Prentice Hall, 2000

Prentice Hall, 2000

Backbone5

Internet Protocols
Protocols - A set of rules that determine how two
computers communicate with one another over a network
The protocols embody a series of design principles
Interoperable the system supports computers and software from
different vendors. For e-commerce this means that the customers or
businesses are not required to buy specific systems in order to conduct
business.
Layered the collection of Internet protocols work in layers with each
layer building on the layers at lower levels.
Simple each of the layers in the architecture provides only a few
functions or operations. This means that application programmers are
hidden from the complexities of the underlying hardware.
End-to-End the Internet is based on end-to-end protocols. This
means that the interpretation of the data happens at the application
layer and not at the network layers. Its much like the post office.
Prentice Hall, 2000

TCP/IP Architecture
Application Layer
FTP, HTTP, Telnet, NNTP

Transport Layer
Transmission
User
Control Protocol
Datagram Protocol
(TCP)
(UDP)
Internet Protocol
(IP)
Network Interface Layer
Physical Layer
Prentice Hall, 2000

Prentice Hall, 2000

TCP/IP
Solves the global internetworking problem
Transmission Control Protocol (TCP)
Ensures that 2 computers can communicate with
one another in a reliable fashion

Internet Protocol (IP)

Formats the packets and assigns addresses
packets are labeled with the addresses of the sending
and receiving computers

1999 version is version 4 (IPv4)

Version 6 (IPv6) has just begun to be adopted
Prentice Hall, 2000

Domain Names
Reference particular computers on the
Internet
Divided into segments separated by periods
For example, in the case of www.microsoft.com
www is the specific computer
com is the top level domain
microsoft is the subdomain

Internet Assigned Numbers Authority (IANA)

controls the domain name system

Network Solutions, Inc. (NSI)

issues and administers domain names for most of the
top level domains
Prentice Hall, 2000

Internet Client/Server Applications

Application
E-mail
File
Transfer

Protocol
Simple Mail Transport Protocol (SMTP)
Post Office Protocol version 3 (POP3)
Multipurpose Internet Mail Extensions (MIME)
File Transfer Protocol (TP)

Purpose
Allows the transmission of text
messages and binary
attachments across the Internet.
Enables files to be
uploaded and downloaded
across the Internet.
Provides a way for users to
talk to one another in realtime over the Internet. The
real-time chat groups are
called channels.

Chat

Internet Relay Chat Protocol (IRC)

UseNet
Newsgroups

Network News Transfer Protocol (NNTP)

Discussion forums where users

can asynchronously post
messages and read messages
posted by others.

World Wide
Web (Web)

Hypertext Transport Protocol (HTTP)

Offers access to hypertext

documents, executable
programs, and other
Internet resources.

Prentice Hall, 2000

10

New World Network: Internet2

Two consortiums are in the process of
constructing the new world network
The University Corporation for Advanced Internet
Development (UCAID) www.ucaid.edu
Building a leading edge research network called
Internet2
Based on a series of interconnected gigapops
interconnected by the National Science Foundations very
high performance Backbone Network (vBNS) infrastructure

Goals of Internet2
to connect universities so that a 30 volume encyclopedia
could be transmitted in less than second
to support applications like distance learning, digital
libraries, video teleconferencing, teleimmersion and
collaborative tools,
andHall,
virtual
Prentice
2000 laboratories

11

New World Network: Next

Generation Internet
Next Generation Internet (NGI)
Government initiated and sponsored
Started by the Clinton Administration, this initiative
includes government research agencies, such as:

the Defense Advanced Research Projects Agency (DARPA)

the Department of Energy
the National Science Foundation (NSF)
the National Aeronautics and Space Administration (NASA)
the National Institute of Standards and Technology

Aim of the NGI

to support next generation applications like health care,
national security, energy research, biomedical research, and
environmental monitoring
Prentice Hall, 2000

12

Web-based Client/Server
Web browsers servers need as way to:
Locate each other so they can send requests
and responses back and forth
Communicate with one another

Uniform Resource Locators (URLs)

A new addressing scheme
Ubiquitous, appearing on the web, in print, on
billboards, on TV and anywhere else a company
can advertise
Default syntax - www.Anywhere.Com
Complete syntax - access-method://server-name[:port]/directory/file
Prentice Hall, 2000

13

Web-based Client/Server (cont.)

Hypertext Transport Protocol (HTTP)
A new protocol
Lightweight, stateless protocol that browsers and
servers use to converse with one another
Statelessness - every request that a browser makes opens a
new connection that is immediately closed after the document is
returned
represents a substantial problem for e-commerce applications
an individual user is likely to have a series of interactions with the
application

MIME (Multipurpose Internet Mail Extension)

describes the contents of the document

in the case of an HTML page the header is Content-type: text/html
Prentice Hall, 2000

14

Web Browsers (1999 Generation)

IE 4.6 suite of components consists of the
browser along with the following tools:
Outlook Express for e-mail reading
FrontPage Express for authoring of HTML Web
pages
Net Meeting for collaboration

Netscape Navigator 4.6 suite consists of the

browser plus the following components:
Messenger for e-mail reading
Composer for authoring HTML Web pages
Collabora for news offerings
Calendar for personal and group scheduling
Netcaster for push
delivery
of Web pages
Prentice
Hall, 2000

15

Web Servers: A Software Program

http daemon in Unix; http service in Windows NT
Functions:
service HTTP requests
provide access control, determining who can access
particular directories or files on the Web server
run scripts and external programs to either add
functionality to the Web documents or provide real-time
access to database and other dynamic data
enable management and administration of both the
server functions and the contents of the Web site
log transactions that the user makes

Distinguished by :
platforms, performance, security, and commerce
Prentice Hall, 2000

16

Internet Security
Cornerstones of Security
Authenticity
the sender (either client or server) of a message is
who he, she or it claims to be

Privacy
the contents of a message are secret and only known
to the sender and receiver

Integrity
the contents of a message are not modified
(intentionally or accidentally) during transmission

Non-repudiation
the sender of a message cannot deny that he, she or
it actually sent the message
Prentice Hall, 2000

17

Encryption
Private Key Encryption (Symmetrical Key Encryption)
Data Encryption Standard (DES) is the most widely
used symmetrical encryption algorithm

Private Key

Message
Text

Ciphered
Text
Encryption

Sender

Private Key

Message
Text
Decryption

Prentice Hall, 2000

Receiver

18

Encryption (cont.)
Public Key Encryption (Asymmetrical Key
Encryption
Public)Key of
Private Key of
Recipient

Message
Text

Encryption

Recipient

Ciphered
Text

Sender

Decryption

Message
Text

Receiver
Prentice Hall, 2000

19

Encryption (cont.)
Digital Envelope combination of symmetrical
and public key encryption
Public key of
Recipient
Session Key

Digital Envelop

Session Key

Public key of
Recipient

Session Key

Session Key

Message
Ciphered
Message
Text
Text
Text
Encryption
Decryption
Sender

Prentice Hall, 2000

Receiver

20

Encryption (cont.)
Digital Signatures : Authenticity and Non-Denial
Public Key of
Recipient

Message
Text
Signature

Sender

Private Key of
Recipient

Message
Text

Ciphered
Text

Encryption

Decryption

Private Key
of Sender

Public Key
of Sender

Prentice Hall, 2000

Signature

Receiver
21

Digital Certificates and

Certifying Authorities
Digital Certificates
Verify the holder of a public and private key is
who he, she or it claims to be

Certifying Authorities (CA)

Issue digital certificates
Verify the information and creates a certificate
that contains the applicants public key along with
identifying information
Uses their private key to encrypt the certificate
and sends the signed certificate to the applicant
Prentice Hall, 2000

22

Secure Socket Layer (SSL)

A protocol that operates at the TCP/IP
layer
Encrypts communications between
browsers and servers
Supports a variety of encryption
algorithms and authentication methods
Encrypts credit card numbers that are
sent from a consumers browser to a
merchants Web site
Prentice Hall, 2000

23

Secure Electronic Transactions (SET)

A cryptographic protocol to handle the
complete transaction
Provides authentication, confidentiality,
message integrity, and linkage
Supporting features
Cardholder registration
Merchant registration
Purchase requests
Payment authorizations
Payment capture

Chargebacks
Credits
Credit reversal
Debit card transactions

Prentice Hall, 2000

24

Access Control
Password Protection
Passwords are notoriously susceptible to
compromise
Users have a habit of sharing their passwords with
others, writing them down where others can see them,
and choosing passwords that are easily guessed.
Browser transmits the passwords in a form that is
easily intercepted and decoded. By making sure that
even if the passwords are compromised the intruder
only has restricted access to the rest of the network;
which is one of the roles of a firewall.
Prentice Hall, 2000

25

Firewalls
A network node consisting of both hardware and software
that isolates a private network from a public network
Make sure that even if the passwords are compromised the
intruder only has restricted access to the rest of the network
Two types
Dual-homed gateway
bastion gateway connects a private internal network to
outside Internet
proxies (software programs) run on the gateway server and
pass repackaged packets from one network to the other

Screen-host gateway
screened subnet gateway in which the bastion gateway
offers access to a small segment of the internal network
demilitarized zone is the open subnet
Prentice Hall, 2000

26

Screened Subnet Firewall

Web Server

Bastion
Host

Internet

Router

Local
Network

Router

Proxies:
FTP, HTTP,
NNTP,
Telnet

Prentice Hall, 2000

FTP
Server
Prentice
Hall, 2000

27

Virtual Private Networks (VPN)

A VPN combines encryption, authentication,
and protocol tunneling to provide secure
transport of private communications over the
public Internet. Its as if the Internet
becomes part of a larger enterprise wide
area network (WAN). In this way,
transmission costs are drastically reduced
because workers can access enterprise data
by making a local call into an ISP rather than
using a long distance phone call.
Prentice Hall, 2000

28

Virtual Private Networks (VPN)

(cont.)
Real challenge of a VPN
To ensure the confidentiality and integrity of the data transmitted
over the Internet

Protocol tunneling
Support multi-protocol networking
To encrypt and encapsulate the data being transmitted
Types of protocol being used to carry out protocol tunneling
protocols are aimed primarily at site-to-site VPNs (e.g. IPV6)
protocols are used to support VPNs that provide employees,
customers, and others with dial-up access via an ISP (e.g.
Microsofts Point-to-Point Tunneling Protocol (PPTP))
Prentice Hall, 2000

29

Selling on the Web

Function Requirements for an Electronic Storefront
Search for, discover, and compare products for purchase
Select a product to be purchased and negotiate or determine
its total price
Place an order for desired products
Have their order confirmed, ensuring that the desired product
is available
Pay for the ordered products (usually through some form of
credit)
Verify their credit and approve their purchase
Have orders processed
Verify that the product has been shipped
Request post-sales support or provide feedback to the seller
Prentice Hall, 2000

30

Selling on the Web (cont.)

Electronic storefront must contain:
A merchant system or storefront that provides
the merchants catalog with products, prices and
promotions
A transaction system for processing orders and
payments and other aspects of the transaction
A payment gateway that routes payments
through existing financial systems primarily for
the purpose of credit card authorization and
settlement
Prentice Hall, 2000

31

Outsourcing Vs. Insourcing

Insourcing build and run the electronic storefront inhouse
Large companies wanting:
to experiment with e-commerce without a great investment
to protect their own internal networks
to rely on experts to establish their sites

Outsourcing contract with an outside firm

Smaller or medium sized companies with few IT staff and
smaller budgets
Three types of providers
Internet Malls offers cross-selling from one store to
another and provides a common payment structure
Internet Service Providers focused on operating a secure
transaction environment; not on store content
Telecommunication Companies includes the full range of
e-commerce solutions
Prentice Hall, 2000

32

Electronic Catalogs and Merchant

Servers
The virtual equivalents of traditional product
catalogs
Commonly include:
Templates or wizards for creating a storefront and catalog
pages with pictures describing products for sale
Electronic shopping carts that enable consumers to gather
items of interest until they are ready for checkout
Web-based order forms for making secure purchases
(either through a SSL or a SET)
Database for maintaining product descriptions and pricing,
as well as customer orders
Integration with third party software for calculating taxes
Prentice
2000
and shipping costs and
forHall,
handling
distribution and

33

Electronic Catalogs and Merchant

Servers (cont.)
Store
HTML Pages

3rd Party
Applications

Merchant
Server

Internet
Web
Browser

Prentice Hall, 2000

Financial
Network

Web
Server

Database
Catalog
Order
Merchant
Server Architecture
Prentice Hall, 2000

34

Electronic Catalogs and Merchant

Servers (cont.)
Two of the best known products in this category
iCat Electronic Commerce Suite
Standard edition includes:
Catalog templates
Shopping carts
Product searching

Cross selling
Secure payment processing

Professional edition provides support for:

High-end databases
Integration with ISAPI and Netscape's NSAPI
Options for third-party plug-ins for searching, user tracking,
sale pricing, discounting, etc.
Prentice Hall, 2000

35

Electronic Catalogs and Merchant

Servers (cont.)
Microsofts Site Server Commerce Edition
Features of this product are:
Commerce Sample Sites providing templates for complete
applications
Microsofts Wallet supporting a variety of digital currencies
Site Builder Wizard for stores with multi-level departments
Commerce Server Software Development Kit (SDK) for developing
custom-order processing
Order processing pipeline for managing orders according to
specified business rules
Microsofts Wallet Software Development Kit (SDK) for supporting
a variety of digital payment schemes
Promotion and Cross-selling Manager for administering a range of
specialized promotions, discounts,cross-selling opportunities
Integration with Microsofts Web site development (e.g. Visual
InterDev) and administrative tools (e.g. NT Security Support)
Prentice Hall, 2000

36

Electronic Commerce Suites

Offer merchants greater flexibility, specialization,
customization and integration in supporting
complete front and back-office functionality
Catalog
Application
Customer
Management,
Registration,
Profiles, Service

Internet
Web
Browser

Order Capture,
Completion

Web
Server

Payment
Processing
(SET & Purchase
Order)

Open Market E-Commerce Server Architecture

Prentice Hall, 2000

Catalog
Database
Customer
Database
Order
Database
Fulfillment
Systems
Payment
Database
Financial
Network
37

Open Market (www.openmarket.com)

One of the market leaders in the electronic
commerce software segment
Provides a compete set of end-to-end
transaction services including:
Analysis and Profiling
Demand Generation
Order Management
Fulfillment
Payment
Self-Service
Customer Service
Reporting
Prentice Hall, 2000

38

Chatting on the Web

Varied uses of the forums and chat groups
Communication Centers
a virtual meeting place where communications can
take place among the participants

Customer Service
offer online support where customers can converse
with help-line staff and receive advice

Community Discussion
provide forums and chat services with a marketing eye
toward developing a community of loyal users,
followers and advocates
Prentice Hall, 2000

39

Multimedia Delivery
Webcasting describes Internet-based broadcasting of
audio and video content
Types of Webcasts
Text Streams Text-only wordcasts and datacasts
to deliver constant news and stock price updates

Ambient Webcasts Video content

is captured from a Webcam and delivered as single-frame
updates that are transmitted at periodic intervals

Streaming Audio Web equivalent of radio

to deliver everything from talk radio to sports broadcasts to
music previews to archived music and radio shows

Streaming Video
to deliver videoconferences where high quality images are not
required and there is not much movement among participants
Prentice Hall, 2000

40

Webcasting
Works in a straightforward way

Examples of companies offering both Webcast

servers and players
RealNetworks ( www.real.com )
Liquid Audio ( www.liquidaudio.com )
Xingtech with its streamworks technology ( www.xingtech.com )
Apple with its QuickTime system ( quicktime.apple.com )
Microsoft with its Netshow software
(www.microsoft.com/windows/windowsmedia )

Multicasting
stream a Webcast from a central server to other media servers
which are distributed to different locations
when a listener or viewer clicks on a Webcast link they are
automatically routed to the closest server
Prentice Hall, 2000

41

Bandwidth Requirements for

Streaming Audio and Video
Bandwidth [1 mbps = 1 million kbps]
the speed with which content can be delivered
14.4 kbps to 56 kbps for connecting to the Internet
over the telephone through modems
128 kbps for connecting to the Internet over ISDN
telephone lines
1 - 1.5 mbps for connecting to the Internet over digital
subscriber line (DSL)
10 mbps for downloading over cable wires

To download a standard Web page, say around 400,000 kilobits;

56 kbps modem takes about 7 seconds
Cable modem takes about 0.04 seconds
Prentice Hall, 2000

42

Internet Telephones
Internet phones
programs that let you talk with other people using the
Internet
the added cost to the end user is at best zero and at
worst a substantially lower total charge than a standard
telephone call
PC-to-PC; PC-to-phone; and phone-to-phone
vendors who dominate the Internet telephone market
space
VocalTec ( www.vocaltec.com )
IDT ( www.met2phone.com )
Delta Three ( www.deltathree.com )
Prentice Hall, 2000

43

Analyzing Web Visits

Access logs file
Text file, example :
www.somewhere.com - [18/Aug/1998:12:00:00 +0000] Get /a htm HTTP/1.0 200 15000

Telling you which pages are most popular, which times

are most popular, which geographical regions make the
most requests, and other interesting tidbits that help site
administrators maintain and refine their sites

Software for analyzing access log files (FREE)

net.Analysis form net.Genesis ( www.netgen.com )
Insight form Accrue ( www.accrue.com )
Web Trends Log Analyzer from Web Trends
Corporation ( www.egsoftware.com )
Prentice Hall, 2000

44

Managerial Issues
Now or later the question is no longer Will but
When

Its the business issues that count to succeed, a

business must understand how to meet the needs of their
online customers

In-house or outsource mainly depends on the

company size

Analyzing the data automatic record of everyone who

visits your Web site

Security management takes every precaution to ensure

the security of their sites and their communications with site
visitors

Evolving Web rapid change of the underlying

standards, protocols and governance
Prentice Hall, 2000

45