ECommerce Infrastructure

1 / 73

About This Presentation

Title:

ECommerce Infrastructure

Description:

Web design/upkeep business? Stores are interested in selling their products ... Poor state management (application & session variables, cookies, timeouts) ... – PowerPoint PPT presentation

Number of Views:30

Avg rating:3.0/5.0

Slides: 74

Provided by: cimsCl

more less

Transcript and Presenter's Notes

Title: ECommerce Infrastructure

1
E-CommerceInfrastructure Security

Lecture 4
Hosting Models
.NET Overview
Cryptography

2
An Interesting Story

Managing large-scale courses
System in use designed 10 years ago
Has evolved into a scalable system
Manages over 3000 students
Over 200 TAs
Many different courses

3
Entropy Kicks In

Entropy states that everything moves from a
complex system to breakdown
Interesting to think how this coincides with the
theory evolution
System is plagued by entropy!

4
Current Problems

Assignments lost
Grades lost
Inordinate amount of time spent hacking the
system
Dedicated, much-needed person required
Stability of personnel!

5
Silver Lining?

Wheres the fix?
The existing system has been patched so much that
Its not stable
Its not viable to continue its upkeep
Its not the Universitys mission to develop
maintain software!

6
The Classic Problem

Build (internal)
vs.
Buy (another company)

7
Societys Complexity

More and more, companies (and individuals) are
Specializing in skills
Increasingly reliant upon each other
Have no idea how to do things other than their
specialization
Example making pies
Cost effective, but with drawbacks

8
The Least Common Denominator

Companies are interested in increasing sales
Thus they will want to maximize their market
potential
This often comes at the price of specialization
lost

9
Our Solution

We had to find an outside vendor
Manage the courses and the students
Allow for an easier interface
Reliability a must!

10
Enter WebCT

New functionality made it an option
The vendor seemed reasonable
The interface was much better than ours
It was free USG licenses already

11
The Stuff Hits the Fan

Deployment delayed
Reliant upon others now
Additional functionality came months/years late

12
But!

We dont have to maintain the code
Its better for the earlier reasons
We can focus on teaching (right! ?)

13
Whats the Point?

Should we develop in-house?
Should we outsource?
Pros and cons either way!
Stay Tuned!!!

14
Agenda

Essentials of an E-Commerce Site
Build vs. Buy Models
Outsourcing Options
Issues to Consider
.NET
Encryption PGP

15
E-Commerce Essentials

Web Presence
Catalog Display
Shopping Cart
Transaction Processing
Hooks

16
Web Presence

Obviously we need a Web site!
Clean interface is a must
Style reflects the company
Make the purchase easy!

17
Catalogs

Small stores can get away with simple static Web
pages
But what issues are present with a large store?
What might Best Buy want to have?

18
Complex Catalog Features

Search
By name, brand, upc-code, model number
Categories for organization
Pictures
Features list
Never stand in the way

19
Implementing the Catalog

Wanna keep updating Web pages each time the
catalog changes?
Whats a better approach?

20
DB Backend to Catalogs

Database manages catalog content
Tracks
Availability
Price
All consumer info (features, etc.)
Pictures

21
Shopping Cart

Replace legacy on-line forms
NUTS!
Preview order
Add/Remove
View total cost
Allow customer to proceed to checkout

22
Storing Information

Browsers are stateless
So how do you remember who has what in their
shopping cart?
How do you remember customer info from
transaction to transaction

23
Transaction Processing

What the cashier would do
Add sales tax (if applicable)
Discounts
Special Promotions
Coupons
Gift wrapping
Shipping
Order Tracking (typically outsourced)

24
Hooks

Other services are typicallycoupled with
E-commerce sites
Credit card processing
Legacy systems
Database systems

25
Buy vs. Build

Is the company in the Web design/upkeep
business?
Stores are interested in selling their products
Should someone else run the site?

26
Costs?

What might some of the costs be in running your
own E-commerce site?

27
Cost Analysis Essential

What does it cost to
Purchase hardware
Purchase software
Network the office
Purchase Net connection
Build the site
Maintain the site
Hire full-time, 24-7 support
Etc.

28
Got Website?

Why might you not want to outsource the whole
enchilada?

WEB
29
Why Not Outsource?

Giving up some (all?) control
Limited somewhat in offerings
Service providers might be overselling
Locking yourself into one-vendor solutions -
YIKES!

30
Outsourcing Options

Use an ISP for connection
Run the content off of your machines
Web Hosting
Put it all on their machines

31
Pricing

What can you afford?
Micro stores
Moms Pops
Midrange
Enterprise

32
Micro Stores

Less than 100 items in store
Startup Cost 2,000
Monthly Cost 0 - 100

33
Small-Scale Development

Smaller companies
Want to test the water
Gross sales 100,000
Startup Cost 2,000
Monthly Cost 3 of sales

34
Mid-Range Stores

Hosted on merchants machines
Must pay for setup 30,000
Setup machines
Setup Web site
Purchase connectivity
Monthly Cost 12,000-20,000

35
Monthly Expenses?

No less that two full time people
60,000/yr minimum salary benefits
2,000 for co-location of machine(s)
Machine upgrades, maintenance, etc.

36
Enter the Big Dogs

If youre doing B2B, youre going to pay
Larger organizations
More transactions
More complete back-end features (hooks)

37
EnterpriseArchitecture
Catalog DB
Corporate Server
Web Server
Client
Payment Server
Banks
38
Naming Is Important!

Which is better
www.superstickers.com
www.yahoo.com/superstickers

39
Credibility

Users of the site must
Feel they can trust the owner
Find what they are looking for quickly
Want to come back
Enjoy the experience

40
Intermission
41
.NET

New execution/runtime environment
Common Language Runtime (CLR)
Class library w/ out-of-the-box functionality
.NET Framework
Multilanguage support (VB.NET, C, C.NET,
Python, ADA, etc.)
Self-describing Components (language
independence)
Simplified deployment (multiple versions of
components)
Common type system (int, currency, double,
string, array, etc.)

42
Managed Code
Managed Code
CLR
Existing features mediated by CLR
New featuresonly in CLR(garbage collection)
Win 32 OS
43
MSIL
VB.NET
Processor Specific Code
Microsoft Intermediate Language (MSIL)
C
JIT

C.NET
44
ASP (.asp) vs. ASP.NET (.aspx)

ASP via Internet Server API (ISAPI) extension on
server (asp.dll)
Slow performance (interpreted script)
Difficult maintenance (mixed HTML script)
Poor state management (application session
variables, cookies, timeouts)
Required COM components for advanced features
ASP.NET via ISAPI (xspisapi.dll xsp.exe)
Page caching, JIT/cached compilation
performance
Complete access to the entire .NET Framework

45
Static vs. Dynamic Web Page Delivery
46
ASP.NET Delivery
47
Examples!
48
Encryption

Project 2 Due on Thurs.
Cryptography Basics
Symmetric vs. Asymmetric Cryptography
Attack Methods
PGP

49
Crypto Basics

Cryptography is thousands of years old
Caesar Cipher based upon substitution
AD, BE, etc.
rot13 is a simple example of substitution
cryptography
V ybir vasbezngvba grpubaybtl

50
Weaknesses in Older Crypto

Patterns are easily discovered
Letters are not randomized
Frequency of letters (esp. vowels)
Strength of the crypto is insufficient given
modern computers
Cryptoquotes for example

51
Encryption Decryption
Encryption
Plaintext
Ciphertext
Crypto Algorithm
Decryption
52
Symmetric Crypto

Also known as private key cryptography
Both sender and receiver have same key
Problems
Securing the key
Number of keys O(n2) so 100 people
communicating privately would need 10000 keys!

53
Symmetric Key Infrastructure
54
Asymmetric Crypto

Also known as public key cryptography
Sender and receiver have different keys
Each has a public key and a private key
Public keys are distributed via a KDC
This scheme requires O(n) key pairs

55
Asymmetric Key Infrastructure
KDC
56
Public Key Cyrpto
Plain text
Encryptionwith Public KeyReceiver
Cipher text
Plain text
Decryptionwith Private KeyReceiver
57
How Public Key Crypto Works

You get my public key from the KDC
You encode a message to me using my public key
Only my private key can unlock this
I receive the message
I decode it using my private key (that only I
have)
I can then read the message

58
Public Key Infrastructure

Requires validation of keys
Thus certificate authorities
Public key certificate contains
ID
Identifying information (name, e-mail)
Date created
Certifying authorities (their signatures)

59
Public Key Encryption
Encrypted with Bobs Public Key
Encrypted with Alices Public Key
Alice
Bob
Message is Garbageto Third Party
60
Attack Methods

Brute Force
Requires recognition of plaintext
Key length determines strength
Cryptanalysis
Mathematical attack
Faults in system
Hack into creator of the key pair

61
Attack Methods (cont)

Factoring Attacks
Security of asymmetric crypto resides in large
number theory
Its easy to generate a large composite number
(multiply two large primes)
But its (thought) difficult to factor these

62
Mathematical Underpinnings

Pick two large primes
P Q
Pick another large number (e) which does not have
common factors with (P-1)(Q-1)
Public key PxQ e
Private key e-1 mod ((p-1)(q-1))

63
Trap Door Theory

Easy to create private key
Difficult to reconstruct it
Its easy to create the large number N
But its difficult to factor it into P Q

64
An Example

Took seconds to generate N 114,381,625,757,888,8
67,669,235,779,976,146,612,010,218,296,721,242,362
,562,561,842,935,706,935,245,733,897,830,597,123,5
63,958,705,058,989,075,147,599,290,026,879,543,541
(RSA-129, 1977)
But can you find the two primes P Q such that
PxQN?

65
In Case You are Wondering

After 17 years, it took 8 computer months and
over 1600 computers working worldwide
P3,490,529,510,847,650,949,147,849,619,903,898,13
3,417,764,638,493,387,843,990,820,577
Q32,769,132,993,266,709,549,961,988,190,834,461,4
13,177,642,967,992,942,539,798,288,533
And this was only a 429-bit key modern crypto
uses a key which is 2048 bits long (5 times as
long) which would require MUCH more time to
decrypt (about a million times more)

66
Publish or Perish?