university of toronto school of continuing studies a ... · how do we encrypt messages? (continue)...

University of Toronto School of Continuing Studies

A Conceptual Overview of E-Business Technologies

Day 4 - Conceptual Overview of E-Business Technologies

n Authentication, Encryption, and Digital Payments

n Overview of Computing Platforms

n E-Commerce Platform Components

n Mid-Term Exam Review

Authentication, Encryption, and Digital Payment

n Understand the importance of authentication.

n Understand the various encryption alternatives.

n Differentiate between symmetric and asymmetric encryption.

n Determine how and why encryption is important for e-commerce.

n Understand how security applies to e-mail, the Web, the intranet, and the extranet.

n Understand the core technologies that build a virtual private network work

n Plan for strategies to fend-off security threats.

What make up a secure network?

n Access privileges are exercised by the right personnel

n Messages are sent and delivered without being viewed by a third party

n Message contents are not tampered during the transmission process

n Confidential information is truly sent to the right parties for processing

What do we need to protect?

n Confidentiality

n Authentication

n Integrity

n Auditing

n Nonrepudiation

Encryption and Decryption

n Encryption

l “Encryption is the conversion of plain text or data into a unintelligible form by means of a reversible translation.”

n Decryption

l “The inverse operation to encryption”

How do we encrypt messages?

n Method One: Translation Tablel Simplest methodl Easy to programl Easy to breakl Refinements

Table rotation

Using several tables

HFEBAGDZIC

IHGFEDCBA0

How do we encrypt messages? (continue)

n Method Two: Word/byte rotation – XOR bit masking

l Only computers can do it

l Cyclic redundancy check (CRC) is used to detect problems during encryption or decryption

l Better method than translation table but still weak

e.g. “A” – 1000001 to 0111110 – “>”

How do we encrypt messages? (continue)

n Method Three: Symmetric Key Encryption

l Sender and receiver share the same key.

l Fast encryption and decryption (comparing to PKI)

l Only the key decrypts the message, this assures authentication.

l Security is compromised if the key is divulgated.

How do we encrypt messages? (continue)

n Common Symmetric Key Encryption Algorithms

l Data Encryption Standard (DES)

l Triple DES

l Advanced Encryption Standard (AES)

l International Data Encryption Algorithm (IDEA)

l Blowfish

l RC4

How do we encrypt messages? (continue)

n Key Length

Over 200 septillion years, longer than the life of the universe

128

Almost 12,000 years 64

255 days 40

6 hours 30

21 seconds 20

< 1 second10

Time to decrypt (@ 100,000 keys per second)Key length (in bits)

How do we encrypt messages? (continue)

n Method Four: Asymmetric Key Encryptionl Also called Public Key Encryption, usually

implemented with RSA Data Security Algorithm.l The key set are composed by two keys:

- public and private key.l The public key is published while the private is a

secret to the owner of the keyl Public key encrypts the information. Private key

decrypts the information. Only the key owner can see.

How do we encrypt messages? (continue)

n Common Asymmetric Key Encryption Algorithms

l RSA (most common)Named after its inventors, Ron Rivest, Adi Shamir and Leonard AdlemanThe patent for RSA has expired therefore the RSA algorithm is free to use.

l Diffie-Helman

l Elliptic curve cryptography

How do we encrypt messages? (continue)

n Hashing Algorithms

l Message Digest 4 (MD4)

l Message Digest 5 (MD5)

l Secure Hash Algorithm (SHA-1)

PKI – Public Key Infrastructure

n PKI Components

l Digital certificate

l Certification authority (CA)

l Certificate revocation list (CRL)

l Certificate publication points and CRL distribution points

l Certificate and CA management tools

l Applications and services that are enabled by public keys

Application of Asymmetric Key Encryption

n Digital Signature

What technologies are using?

n Confidentialityl SSL/ HTTPS, SET, S/MIME, PGP

n Authenticationl SSL/ HTTPS, Digital Signature, Kerberos

n Integrityl CRC, SHA-1, MD5

n Auditingl Relational Database

n Non-repudiationl X.509 Digital Certificates, S/MINE

Applications of Encryption Technologies

n Security Socket Layer (SSL)

n Online Credit Card Transactions

n Virtual Private Network (VPN)

Security Socket Layer (SSL)

Online Credit Card Transactions

Page 316, E-commerce – Business. Technology. Society. By Kenneth C. Laudon and Carol Guercio Traver

Virtual Private Network (VPN)

n IP Security Protocol (IPSec)

n Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol (L2TP)

Day 4 - Conceptual Overview of E-Business Technologies

n Authentication, Encryption, and Digital Payments

n Overview of Computing Platforms

n E-Commerce Platform Components

n Mid-Term Exam Review

What is Computing Platforms?

n Computing Platform =

l Hardware + Software required to run your computing environment

Computing Architecture

n Shift from a centralized mainframe environment to a distributed computing environment

n Tier functions under a distributed computing environment:

l User Interface / Presentation Layer

l Business Application Layer

l Database Layer

n Clients vs. Servers

Typical Evolution of an E-Commerce Site

Aligning all business processes and supply chains with the E-Commerce technologies

Stage 3:

Receiving orders, managing inventory and collecting invoices

Stage 2:

Placing company information and product list only

Stage 1:

An Integrated System View of a Mature E-Business

StoreFront System

Product CatalogueComponent

Customers

Overview of E-Commerce System Architecture

MerchandisingComponent

Product ConfigurationComponent

Shopping BasketComponent

Tax CalculatorComponent

Shipping ChargesCalculator Component

Payment SystemComponent

BackOffice Systems

Order Processing /Fulfillment Management

Inventory ControlManagement

Warehouse/ LogisticsManagement

Customer RelationManagement

Accounting System

Database Services

Decision Support System

Data Feeds fromVendors

Credit CardCompanies

Internet CreditCard Broker

Inte

rnet

- a

s a

med

ium

Evolution of Computing Platforms

n Host-Based Platform

n Client Server Platform

n Inter-Net Platform

Evolution of Computing Platforms (cont.)

Page 42, E-commerce – Business. Technology. Society.By Kenneth C. Laudon and Carol Guercio Traver

Host-Based Platform

n Centralized computer provide:

l Data Processing in batches

l Network Control

l Database Storage

Client Server Platform

Inter-Net Platform

E-Commerce Inter-Net Platform Components

n Internet

n Routing and Firewall Devices

n Internet Browser Software

n Web Servers

n Application Servers

n Back-End Transactional Software

l (includes TP monitors, database management system and data warehouse).

Internet Browser Software

n Microsoft Internet Explorer

n Other Browsers such as Gecko, KHTML, Opera and PDA

Source: http://www.upsdell.com/BrowserNews/stat.htm

1.1unidentified

.35.15.3.45.25.25other

1.0.3.1Mobile

2.1.7.11.11.2Opera

.05.1.2.15.1NN8

39159.87.71523Gecko based

4.23.12.42.24.61.6KHTML based

.1.2.05IE5 (Mac)

1.2.75

15.65.4

2.0IE5 (windows)

335952584548IE6

192120313324IE7

source6

source5

source4

source3

source2

source1

Usage Stats (%) – August 3, 2007

Browser

Microsoft Internet Explorer

n Come with Windows Server and Client OSes

l Also available in Windows 2000, XP, Vista

n Graphic Enhancement (e.g. auto image resize)

n Integrated with Windows Media Player

n NetMeeting for collaboration

n Outlook Express for fully functional e-mail.

n Supports FTP, Gopher, NNTP (News Group), JavaScript, ActiveX controls etc.

n Java applets (extra installation required)

Microsoft Internet Explorer (continue)

n Enhanced Privacy Support

l Provide Privacy Report

l Block and delete cookies

Mozilla – Firefox

n An open source project from Mozilla.org

l Mozilla was the original code name for Netscape Navigator

n A modular web browser, designed for standards compliance, performance and portability

n Platform-independent (can run on Mac, UNIX, OS/2)

n Author of Mozilla Suite and ThunderBird

Netscape Communicator

n Based on FireFox 2.0 – Gecko engine (an open-source code) supports XML

n Netscape Navigator (Web Browser)

l Tabbed Browsing

l Site Controls

l Multi-Bar

l Form Fill/Passcard

l Live Content from RSS XML feed

n Add-ins compatibility

n Java applets can be executed

Opera Software

n Optimizes space and speed

n Strict adherence to HTML standards

n Sophisticated and speedy web-browsing with news and e-mail

n Secure 128-bit SSL encryption

n Ideal for older machines and mobile computing with less available memory or disk space

n OS/2, Linux, Solaris, Mac, Mobile, Cable TV versions are available

n Freely available for download (in advertising mode with an advertising base)

Other Browsers – Micro-Browser

n Wireless devices are constrained computing device with limited CPU, memory, battery life, and simple user interface

n Wireless networks are restricted with low bandwith, high latency, and unpredictable availability and stability

n Wireless subscribers have different needs and desires than desktop, or even laptop Internet users

n WAP (Wireless Application Protocol) specification was developed to address the technical requirements and market issues unique to the wireless environment

For more information

n For more up-to-date statistics about Internet Browser

l http://www.upsdell.com/BrowserNews/overview.htm

E-Commerce Platform Components

n InterNet - the network itself

n Routing and Firewall Devices

n Internet Browser Software

n Web Servers

n Application Servers

n Back-End Transactional Software

Web Server Selection

n Performance, Development, Security

n Scalability, Stability, Platform

Page 209, E-commerce – Business. Technology. Society.By Kenneth C. Laudon and Carol Guercio Traver

Web Server Selection (continue)

n Technical aspect:

l HTTP engine performance

l Interfaces support for backend integrations

l Publishing capability

l Management and administration

l High-availability options

l Ability of the web server to add functionality and to control the website’s content.

l Security technologies supported

Web Server Selection (continue)

n Management aspect:

l Product evolution path

l Security

l Database connectivity

l Implementability

l Supportability

l Cost

Comparing Web Servers

n Market Share for Top Servers Across All Domains August 1995 – August 2007 (source: www.netcraft.com)

Comparing Web Servers (continue)

n Totals for Active Servers Across All Domains June 2000 – July 2007 (source: www.netcraft.com)

Comparing Web Servers (continue)

n Apache (SUN, IBM, RedHat, Borland, Apple)

n Microsoft Internet Information Server

Web Server - Apache

n Can be downloaded FREE from http://www.apache.org

n Available for many platforms

n Highly reliable and stable

n Very good in performance

n Bug-fixes are rapid and timely

n Poor administration interface

n SUN, IBM, RedHat, Borland, SAP is bundling its blend of Apache Web Server

Web Server - Microsoft Internet Information Server

n Come with any Microsoft Windows Operating Systems

l Microsoft Windows NT 4.0, 2000, 2003 Servers

l Personal Web Server in Vista, XP, 2000, ME, 98, 95

n Only runs on Intel and Windows (Wintel) platform

n Winning numerous awards including Editors’ Choice from PC Magazine

n Support JScript, VBScript, ActiveX, COM, ADO, .NET, Web Services

n Come with comprehensive administration tools

l Include both Web-based and Windows-based tools

Monitoring Web Server Performance

n Load Testing Tool

l Ziff Davis WebBench

l Microsoft Web Capacity Analysis Tool (WCAT) and InetLoad

n Web Traffic Reporting and Analyzing Tool

l Pilot HitList

l WebTrends Analytics

E-Commerce Platform Components

n InterNet - the network itself

n Routing and Firewall Devices

n Internet Browser Software

n Web Servers

n Application Servers

n Back-End Transactional Software

Application Servers

n Database Server

n Mail Server

n Mainframe Gateway Server

n Multimedia Server

n Certificates Server

n Business Component Server

l Run Business Components in an Application Frameworke.g. Microsoft .NET Framework or SUN Java Enterprise Edition 2

Business Component Server

n Microsoft .NET Platform – IIS with .NET Framework

n SUN Java Enterprise Application Server

n Oracle Application Server

n IBM WebSphere Application Server

n Sybase Enterprise Application Server

n BEA WebLogic Application Server

n Borland Application Server

Business Component Server (cont.)

Page 214, E-commerce – Business. Technology. Society. By Kenneth C. Laudon and Carol Guercio Traver

Choosing a Business Component Server

n Which bleed of platform the software supports?

n Who makes the server or the technologies behind?

n What programming language interface does the application server support?

n What portion of existing applications portfolio will have to be re-written to accommodate the new environment?

n What interfaces to the existing database management system are feasible?

n What are the total cost of implementation and support?

E-Commerce Platform Components

n InterNet - the network itself

n Routing and Firewall Devices

n Internet Browser Software

n Web Servers

n Application Servers

n Back-End Transactional Software

E-Commerce Enablers

Infrastructure Major Players Hardware: Web Server IBM, HP/Compaq, Dell, Sun Software: Operation Systems and Web Server

Microsoft, IBM, Red Hat Linux, Sun, Apache

Networking: Routers Cisco, JDS Uniphase, Lucent, Nortel Security: Encryption Software VeriSign, Check Point, Entrust, RSA E-Commerce Software Systems Microsoft, IBM, Ariba, BEA Systems Streaming and Rich Media Systems

Microsoft, Real Networks, Apple

Customer Relationship Management Software

Microsoft, PeopleSoft, Siebel, SAP

Payment Systems VeriSign, PayPal, VISA, Your bankers Performance Enhancement Akamai, Speedera Networks, Kontiki Relational Databases Management Systems

Oracle, Microsoft, IBM, Sybase

Hosting Services Q9, Bell, Rogers, Hydro, Canadian ISPs

Back-end Transactional Applications

n ERP – Enterprise Resource Planning

n SCM – Supply Chain Management

n CRM – Customer Relationship Management

List of E-Commerce Technology Terms

n COM / COM + / ActiveX

n ADO

n MTS

n ASP

n XML

n SOAP

n Web Services

n .NET

n CGI

n PERL

n CORBA

n Java Applets

n Java Servlets

n JSP

n Java Bean

n JDBC

More tech terms: http://www.matisse.net/files/glossary.html

E-Business System Architecture – Physical

Internet

Web Serverwith Business

LogicComponents

A Typical E-Commerce System Architecture

SQL Databaseon a high-

performanceRAID system

SecondaryNode

DatabaseServer

ProcessInter-

connect

Router/ LoadBalancer

Firewall

Web Serverwith Business

LogicComponents

Web Serverwith Business

LogicComponents

A number of Web serv ersf orming a Web Farm

Only databasetraffic (between Webservers and Database

servers) canpenetrate the firewall

Only HTTP trafficcan penetrate

this router

Primary Node

Secured Network

Unsecured Networkor De-militarized Zone (DMZ)

Database Cluster

Typical N-Tier Application Architecture for Internet Applications

CorporateClient Presentation

Services

Data Services

Application /Web Services

Database Server

Data

Application Server

Web BrowserBased

ApplicationsUser Interface

Middleware /ApplicationServices

BusinessRules / Logic

DatabaseManagement

SystemData Storage

Mid-Term Exam

n 30 multiple choice questions

l Read the questions carefully

l Some of them may have more than one answer

n Complete in 40 minutes

Home Readings

n E-Commerce - Business, Technology, Society:

l Chapter 4, 5 and 6.1-6.2

l Read Case: Enerline Restorations Inc.: Stay with an ASP

l Preview for Next Class: Chapter 4

“Thinking Beyond the Box” Case Study Series:

n Enerline Restorations Inc.: Stay with an ASP

l If you are Mr. Hozjan, would you go with FutureLink as your application service provider?

l What are the reasons behind your decision?