1 / 56

CMSC 691A/491

CMSC 691A/491. Midterm Review Lecture. EC Objectives. Increasing the speed and efficiency of business transactions and processes and improving customer relationships and services Business can implement new sales and marketing through the use of WWW

gloriaparker
Télécharger la présentation

CMSC 691A/491

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CMSC 691A/491 Midterm Review Lecture

  2. EC Objectives • Increasing the speed and efficiency of business transactions and processes and improving customer relationships and services • Business can implement new sales and marketing through the use of WWW • The WWW provides electronic means for organizations to display materials such as product catalogs, price lists, … • Internet security issues are resolved, businesses are selling more and more product online, direct to their customers

  3. Categories of ECommerce • B2B • B2C • B2G

  4. EC Models • E Shop • E Procurement • E Auction • E Mall • 3rd Party Market Place • Virtual Communities • Value chain Providers/Integrators • Collaboration Platform • Information Brokers • ASP • Banking/Financial services

  5. E-Commerce Infrastructure • Network • Machines • Protocols • Security • Payment

  6. E-Commerce Process • Buyers and sellers find each other • Communication (via Networking, the Internet, Core Java and Web-Based Information Architectures) • Human-Computer Interaction, Multimedia • Intermediaries • Negotiation • Electronic Negotiation, Intelligent agents • Foundations of Electronic Marketplaces

  7. E-Commerce Process (cont’d) • Transaction • Transaction processing, Databases • Electronic Payment Systems, • Computer Security, • E-Commerce Architecture • Order fulfillment • Manufacture (manufacturing systems) • Delivery (tracking systems) • Supply Chain Management

  8. Access Security • Access control • authorization / authentication / identity verification • Authentication • passwords • smart card • biometrics • GPS • Network protection, firewalls, proxy servers • Intrusion detection • Denial of service (DOS) attacks • Viruses, worms

  9. Cryptographic Security • Secrecy • information cannot be used if intercepted • Integrity • data cannot be altered • Non-repudiation • sender cannot deny sending • Cryptography • symmetric encryption (DES) • public key cryptosystems (RSA) • digital signatures, digital certificates • public key infrastructure (PKI)

  10. World Wide Web • WWW is an application of the Internet. • Evolving system for publishing and accessing resources and services across the Internet. • Open system: can be extended and implemented in new ways without disturbing its existing functionality; • Moved beyond simple data resources to encompass services, like electronic purchasing of goods.

  11. HTML • HyperText Markup Language. • Used to specify the text and images that make up the contents of a web page, and to specify how they are formatted for presentation to the user. • The set of markups (tags) is fixed.

  12. Document Structure • Document Structure • <HTML> This surrounds the entire document and lets the browser know what language is being used (<SGML> might also be used) • <HEAD> This surrounds the header portion of the document. Title is within the head as well. • <TITLE> The title of the document as shown in the title bar of the WWW browser. • <BODY> The main body of the document

  13. Example • <HTML> • <HEAD> • <TITLE> Title of Page </TITLE> • The Header of the document. • </HEAD> • <BODY> • The Main body of the document • </BODY> • </HTML>

  14. HTTP • HyperText Transfer Protocol. • Request-reply protocol. • main method of transfer used by Web protocols to transfer data between a server and client. • understands URLs. • intended for hypertext/hypermedia environments. • Stateless • Cookies –later.

  15. HTTP Cookies • HTTP designed to be stateless • Web sites want to save client associated session information • Solution: cookies • small amounts of data save by the Web server and retrieved later from the client system; • normally used by CGI and related server-side code.

  16. Downloaded code • Web design requires service-related code to run inside the browser • at the user’s computer. • Solution: Scripting • added to HTML documents; • expands static HTML to include client-side interactivity; • inserted into HTML document using script language tag.

  17. Mobile Code • Downloaded code is a subset of mobile code. • Code that can be sent from one computer to another; • e.g., Java applets. • The advantage of running downloaded code is network delay avoidance during interactions. • Potential security threat to the local resources.

  18. Scripting Languages: JavaScript • A scripting language developed by Netscape to enable Web authors to design interactive sites. • Developed independently from Java. • Can interact with HTML source code, enabling Web authors introduce dynamic content. • It is supported by recent browsers from Netscape and Microsoft, • Internet Explorer supports only a subset, which Microsoft calls JScript.

  19. Scripting Languages: VBScript • Microsoft proprietary scripting language • operations identical to JavaScript/JScript; • syntax familiar to Visual Basic users; • grew out of Visual Basic. • Visual Basic is component-based: • a program is built by placing components onto a form; • then using VB to link them together.

  20. The Common Gateway Interface : CGI • Static pages • same each time visited unless the file is modified on the server. • Many WWW sites are dynamic, i.e., the contents change each time we visit. • Need to search, fill out questionnaires, order things from catalogs. • Need two pieces: • HTML language to create Forms • Common Gateway Interface (CGI) to process the forms. • CGI is a way to pass information from a WWW browser to a program for further processing

  21. Java applets • Stored on server, downloaded by web client using HTTP. • Applets need to be embedded in another application, normally an HTML document and run by a Java-enabled Web browser. • Applets have a restricted security context, cannot access the client’s system, and can talk only with the server that hosted it. • http://java.sun.com/sfaq/

  22. Java Servlets • An applet that runs on a server • runs within a Web server environment.; • analogous to a Java applet that runs within a Web browser environment. • Java servlets are becoming increasingly popular as an alternative to CGI programs.

  23. Java Servlets vs CGI • A Java applet is persistent; • once it is started, it stays in memory and can fulfill multiple requests. • A CGI program disappears once it has fulfilled a request. • The persistence of Java applets makes them faster • Don’t need to initiate a new process for each request.

  24. Extensible Markup Language (XML) • A means for defining tags to encapsulate information. • A subset of SGML; • Provides syntactic interoperability: • Need to know the price – look inside the <price> tag. • Still lacking semantic interoperability • How do I know that you and I mean the same thing by price? • Semantic Web

  25. WAP • Wireless Application Protocol • “An open, global specification that empowers mobile users with wireless devices to easily access and interact with information and services instantly.” - WAP Forum • “The de facto worldwide standard for providing Internet communications and advanced telephony services on digital mobile phones, pagers, personal digital assistants and other wireless terminals.” - WAP Forum (www.wapforum.org)

  26. Why is WAP needed? • Traditional internet protocols (HTML, HTTP, TCP, etc.) and their security mechanisms (TLS) are inefficient over mobile networks. • Handheld devices tend to have less powerful CPUs, less memory and more restrictions on power consumption than desktops, so require special considerations. • Handheld devices tend to use input devices other than keyboards (e.g. voice, keypad).

  27. WML • WAP Mark-up Language • WML is an XML application. • Also uses WMLScript, which is similar to JavaScript. • Optimized for use with handheld devices. • Minimal use of CPU and memory.

  28. Internet and Network Security • Types of Attacks on Internet • Break-ins: Unauthorized attempts to gain access to a secure system • Denial of service: A legitimate user is denied access to a service (e.g. Flooding a WWW server with requests) • Bombs: Large email messages or other large data intended to overwhelm and possibly weaken a system. • Eavesdropping - Listening in on an electronic conversation. Perhaps with intent to gather information for a future break-in. • Viruses.

  29. Firewall • Monitors and controls all the traffic into and out of an intranet. • Firewall security policy • Service control: determine which services are available for external access and reject all other requests; • Levels of filtering: IP, TCP. • Example: reject HTTP request unless they are directed to the official website. • Behavioral control: prevent behavior that infringes organization policies; • Levels of filtering: IP, TCP, application; • Example: filtering of ‘spam’ e-mail. • User control: discriminate between users’ privileges; • Example: management of dial-up provided for off-site users.

  30. Filtering levels • IP packet filtering • Decisions made based on the destination and the source IP addresses, the service type field in the IP header, port numbers in TCP/UDP headers. • Example: prohibition of external access to NFS servers. • Performed by a process within the operating system kernel of a router. • TCP Gateway • A TCP Gateway process checks TCP connection requests and segment transmission for correctness. • Example: Denial-of-service attack prevention.

  31. Filtering levels (cont’d) • Application-level gateway • An application-level gateway process acts as a proxy for an application process. • Example: a Telnet proxy. All telnet requests are routed through the proxy process for approval. • A firewall is a combination of several processes working at different protocol levels running on more than one machine (for fault-tolerance). • Two overall (mutually exclusive) policies: • Anything not explicitly denied is allowed. • Anything not explicitly allowed is denied.

  32. Virtual Private Networks • Suppose a company wants to connect the intranets of its 5 offices. • One option is to lease a private line. • Another is to connect through the internet. • But then everything is open. • The solution is to use encryption schemes to establish secure tunnels through the internet. • Such a set-up is called a virtual private network.

  33. Directory and Discovery Services • Directory service: A service that stores collections of bindings between names and attributes and that looks up entries that match attribute-based specifications. • Example: MS Active Directory Service, UNIX X.500, etc. • Discovery service: a directory service that registers the services in a spontaneous networking environment. • Provides an interface for automatically registering and de-registering services (fax machines, printers, etc.). • Provides a lookup interface for mobile devices • Example: Jini

  34. Jini • A system designed for spontaneous networking. • Java-based: assumes that JVMs run on all of the computers, allowing them to communicate through RMI (remote method invocation, a flavor of interprocess communication in an object-oriented environment). • Provides facilities for service discovery, transactions and shared data spaces called JavaSpaces.

  35. What is a Database • A system that stores data • “persistent” – Exists beyond the immediate use • Centralized storage • Single or multiple users

  36. Advantages • Reduces redundancy • Reduces inconsistency • Shared • Data representation standards can be enforced • Enables security restrictions • Integrity maintained • Valid cross references between records • Allows data-independent applications • Applications ignorant of how data is stored

  37. Categories of Data Models • High-level or conceptual • entities, attributes, relationships • Representational or implementation or logical • relational, network hierarchical, object-oriented, object-relational • Physical or low-level • data storage

  38. 3-schema Architecture • Physical level description of a database: • how things are stored on disk: • files, record structures, • indices, • data structures for disk blocks, • methodology for dealing with too long records, etc. • Conceptual level description of a database • The description of application data (its schema) using one of the traditional data models.

  39. 3-Schema Architecture (cont'd) • View-level description of a database • What users of a particular application see • their own customized schema, e.g., for payroll, for the ticket agent, for a simulation program. • Multiple levels • helps with data independence; • helps with maintenance. • Many views, single logical and physical schema. • Levels of abstraction give data independence.

  40. The Entity-Relational Model • Entity: a distinguishable object. • Entity set: a set of entities all of the same type. • Attribute: a single property of an entity; • simple vs composite; • single-valued vs multi-valued; • stored vs derived; • null values. • Domain: set of values permitted for that attribute.

  41. The E-R Model (cont’d) • Relationship: an association between two or more entities. • Relationship set: a set of relationships all of the same type • There is no correct schema for a batch of data. Which schema is best depends on the application. • Many basic data modelling choices depend on an understanding of the application.

  42. Data Model • Data model: notation for describing data, plus a set of operations used to manipulate that data. • a set of primitives for defining the structure of a DB; • a set of operations for specifying the retrievals and updates on a DB; • relational, hierarchical, network, object-oriented.

  43. The Relational Model (Codd 1970) • The relational data model is the most important data model currently existing. • Value-oriented, i.e., allows operations on relations whose results are relations, thus enables to combine operations. • As opposed to object-oriented models, in which • Operations cannot be applied to the result of other operations; • The result of an operation may be a new data type, and operations may not be available for this type.

  44. Domain and Relation • A domain is a set of atomic values. • A relation is a finite subset of the Cartesian product of a finite list of domains; • relation is a set of tuples; • order of tuples is irrelevant and • no relation has 2 identical tuples; • each tuple value is atomic • no composite attributes; • no multi-valued attributes.

  45. How a user interacts with a Web Database • In a Web browser, a user submits a request to the Web server. • The Web server passes it onto the middleware • The middleware writes the request in SQL queries and sends it to a back-end database. • The data retrieved are handed back to the middleware • The middleware generates a Web page for the data • The Web server sends the Web page to the browser • The browser displays the Web page in front of the user

  46. Decision support systems for EC • DSS: help the knowledge worker (executive, manager, analyst) make faster and better decisions • Data Warehousing: enables On-line analytical processing (OLAP) • OLAP is a component of decision support system • Data mining • Extraction of interesting knowledge (rules, regularities, patterns, constraints) from data in large databases. • Data mining is a powerful, high-performance data analysis tool for decision support.

  47. Potential Applications of Data Warehousing and Mining in EC • Analysis of user access patterns and buying patterns • Customer segmentation and target marketing • Improved Web advertisement • Personalization • Association (link) analysis • Customer classification and prediction • Time-series analysis • Typical event sequence and user behavior pattern analysis • Transition and trend analysis

  48. Multidimensional Data • Sales volume as a function of product, time, and geography

  49. OLAP Servers • Relational OLAP (ROLAP) • Extended relational DBMS that maps operations on multidimensional data to standard relations operations • Multidimensional OLAP (MOLAP) • Special purpose server that directly implements multidimensional data and operations • Hybrid OLAP (HOLAP) • give users/system administrators freedom to select different partitions.

  50. OLAP Operations • roll-up • aggregating on a specific dimension, I.e., summarize data • total sales volume last year by product category by region • drill-down • also called roll down, drill through • inverse of roll-up, go from higher level summary to lower level summary or detailed data • For a particular product category, find the detailed sales data for each salesperson by date

More Related