emtm 553 electronic commerce systems

3/9/01 EMTM 553 1

EMTM 553Electronic Commerce Systems

Insup Lee

Department of Computer and Information Science

University of Pennsylvanialee@cis.upenn.edu

www.cis.upenn.edu/~lee

3/9/01 EMTM 553 2

Electronic Commerce (E-Commerce)

• Commerce refers to all the activities the purchase and sales of goods or services.– Marketing, sales, payment, fulfillment, customer

service

• Electronic commerce is doing commerce with the use of computers, networks and commerce-enabled software (more than just online shopping)

3/9/01 EMTM 553 3

Brief History

• 1970s: Electronic Funds Transfer (EFT)– Used by the banking industry to exchange account

information over secured networks

• Late 1970s and early 1980s: Electronic Data Interchange (EDI) for e-commerce within companies– Used by businesses to transmit data from one business to

another

• 1990s: the World Wide Web on the Internet provides easy-to-use technology for information publishing and dissemination– Cheaper to do business (economies of scale)– Enable diverse business activities (economies of scope)

3/9/01 EMTM 553 4

E-commerce applications

• Supply chain management• Video on demand• Remote banking• Procurement and purchasing• Online marketing and advertisement• Home shopping• Auctions

3/9/01 EMTM 553 5

Ecommerce infrastructure

• Information superhighway infrastructure– Internet, LAN, WAN, routers, etc.– telecom, cable TV, wireless, etc.

• Messaging and information distribution infrastructure– HTML, XML, e-mail, HTTP, etc.

• Common business infrastructure– Security, authentication, electronic payment,

directories, catalogs, etc.

3/9/01 EMTM 553 6

The Main Elements of E-commerce

• Consumer shopping on the Web, called B2C (business to consumer)

• Transactions conducted between businesses on the Web, call B2B (business to business)

• Transactions and business processes that support selling and purchasing activities on the Web– Supplier, inventory, distribution, payment

management– Financial management, purchasing products and

information

3/9/01 EMTM 553 7

Advantages of Electronic Commerce

• Increased sales– Reach narrow market segments in geographically

dispersed locations– Create virtual communities

• Decreased costs– Handling of sales inquiries– Providing price quotes– Determining product availability

• Being in the space

3/9/01 EMTM 553 8

Disadvantages of Electronic Commerce

• Loss of ability to inspect products from remote locations

• Rapid developing pace of underlying technologies

• Difficult to calculate return on investment• Cultural and legal impediments

3/9/01 EMTM 553 9

The process of e-commerce

1. Attract customers– Advertising, marketing

2. Interact with customers– Catalog, negotiation

3. Handle and manage orders– Order capture– Payment– Transaction– Fulfillment (physical good, service good, digital good)

4. React to customer inquiries– Customer service– Order tracking

3/9/01 EMTM 553 10

Web-based E-commerce Architecture

Client

Tier 1

Web Server

Tier 3Tier 2 Tier N

Application Server

Database Server

DMS

3/9/01 EMTM 553 11

E-commerce Technologies

• Internet• Mobile technologies• Web architecture• Component

programming • Data exchange• Multimedia• Search engines• Data mining• Intelligent agents

• Access security• Cryptographic security• Watermarking• Payment systems

3/9/01 EMTM 553 12

Infrastructure for E-commerce

• The Internet – system of interconnected networks that spans the

globe– routers, TCP/IP, firewalls, network infrastructure,

network protocols

• The World Wide Web (WWW) – part of the Internet and allows users to share

information with an easy-to-use interface– Web browsers, web servers, HTTP, HTML

• Web architecture– Client/server model– N-tier architecture; e.g., web servers, application

servers, database servers, scalability

3/9/01 EMTM 553 13

E-Commerce Software

• Content Transport – pull, push, web-caching, MIME

• Server Components– CGI, server-side scripting

• Programming Clients• Sessions and Cookies• Object Technology

– CORBA, COM, Java Beans/RMI

• Technology of Fulfillment of Digital Goods– Secure and fail-safe delivery, rights management

3/9/01 EMTM 553 14

System Design Issues

• Good architectural properties– Functional separation – Performance (load balancing, web caching)– Secure– Reliable– Available– Scalable

3/9/01 EMTM 553 15

Creating and Managing Content

• What the customer see• Static vs. dynamic content• Different faces for different users• Tools for creating content• Multimedia presentation• Integration with other media• Data interchange• HTML, XML (Extensible Markup Language)

3/9/01 EMTM 553 16

Cryptography

• Keeping secrets– Privacy: interceptor cannot use information– Authentication: sender’s identity cannot be forged– Integrity: data cannot be altered– Non-repudiation: sender cannot deny sending

• How to evaluate cryptography• Secret key (symmetric) cryptography; e.g., DES• Public key (asymmetric) cryptosystems; e.g, RSA• Digital signatures, digital certificates• Key management; e.g., PKI

3/9/01 EMTM 553 17

Security

• Concerns about security• Client security issues• Server security issues• Security policy, risk assessment• Authentication methods

– Something you know: passwords– Something you have: smart card– Something you are: biometrics

• Firewalls, proxy servers, intrusion detection• Denial of service (DOS) attacks, viruses,

worms

3/9/01 EMTM 553 18

Payment Systems

• Role of payment• Cash

– properties: wide accept, convenient, anonymity, untraceability, no buyer transaction cost

• Online credit card payment, Smart Cards– Secure protocols: SSL, SET

• Internet payment systems– Electronic cash, digital wallets

• Micro-payments• Wireless devices

©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 5 Slide 19

Key points

Good project management is essential for project success.

The intangible nature of software causes problems for management.

Managers have diverse roles but their most significant activities are planning, estimating and scheduling.

Planning and estimating are iterative processes which continue throughout the course of a project.

©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 5 Slide 20

A project milestone is a predictable state where a formal report of progress is presented to management.

Project scheduling involves preparing various graphical representations showing project activities, their durations and staffing.

Risk management is concerned with identifying risks which may affect the project and planning to ensure that these risks do not develop into major threats.

Key points

14.21

1414DatabasesDatabases

Foundations of Computer Science Cengage Learning

14.22

14-1 INTRODUCTION14-1 INTRODUCTION

Data storage traditionally used individual, unrelated Data storage traditionally used individual, unrelated files, sometimes called files, sometimes called flat filesflat files. In the past, each . In the past, each application program in an organization used its own file. application program in an organization used its own file. In a university, for example, each department might In a university, for example, each department might have its own set of files: the record office kept a file have its own set of files: the record office kept a file about the student information and their grades, the about the student information and their grades, the scheduling office kept the name of the professors and scheduling office kept the name of the professors and the courses they were teaching, the payroll department the courses they were teaching, the payroll department kept its own file about the whole staff and so on. Today, kept its own file about the whole staff and so on. Today, however, all of these flat files can be combined in a however, all of these flat files can be combined in a single entity; the database for the whole university.single entity; the database for the whole university.

14.23

Definition

Although it is difficult to give a universally agreed definition of a database, we use the following common definition:

Definition:A database is a collection of related, logically

coherent data used by the application programs in an organization.

i

14.24

Advantages of databases

Comparing the flat-file system, we can mention several advantages for a database system.

Less redundancy

In a flat-file system there is a lot of redundancy. For example, in the flat file system for a university, the names of professors and students are stored in more than one file.

Inconsistency avoidance

If the same piece of information is stored in more than one place, then any changes in the data need to occur in all places that data is stored.

14.25

Efficiency

A database is usually more efficient that a flat file system, because a piece of information is stored in fewer locations.

Data integrity

In a database system it is easier to maintain data integrity (see Chapter 16), because a piece of data is stored in fewer locations.

Confidentiality

It is easier to maintain the confidentiality of the information if the storage of data is centralized in one location.

14.26

14-2 DATABASE MANAGEMENT SYSTEMS14-2 DATABASE MANAGEMENT SYSTEMS

A database management system (DBMS) defines, A database management system (DBMS) defines, creates and maintains a database. The DBMS also creates and maintains a database. The DBMS also allows controlled access to data in the database. A allows controlled access to data in the database. A DBMS is a combination of five components: hardware,DBMS is a combination of five components: hardware,software, data, users and procedures (Figure 14.1).software, data, users and procedures (Figure 14.1).

Figure 14.1 DBMS components

14.27

Hardware

The hardware is the physical computer system that allows access to data.

Software

The software is the actual program that allows users to access, maintain and update data. In addition, the software controls which user can access which parts of the data in the database.

Confidentiality

The data in a database is stored physically on the storage devices. In a database, data is a separate entity from the software that accesses it.

14.28

Users

In a DBMS, the term users has a broad meaning. We can divide users into two categories: end users and application programs.

Procedures

The last component of a DBMS is a set of procedures or rules that should be clearly defined and followed by the users of the database.

14.29

14-3 DATABASE ARCHITECTURE14-3 DATABASE ARCHITECTURE

The American National Standards Institute/Standards The American National Standards Institute/Standards Planning and Requirements Committee (ANSI/SPARC) Planning and Requirements Committee (ANSI/SPARC) has established a three-level architecture for a DBMS: has established a three-level architecture for a DBMS: internalinternal, , conceptualconceptual and and externalexternal (Figure 14.2). (Figure 14.2).

14.30

Figure 14.2 Database architecture

14.31

Internal levelThe internal level determines where data is actually stored on the storage devices. This level deals with low-level access methods and how bytes are transferred to and from storage devices. In other words, the internal level interacts directly with the hardware.

Conceptual levelThe conceptual level defines the logical view of the data. The data model is defined on this level, and the main functions of the DBMS, such as queries, are also on this level. The DBMS changes the internal view of data to the external view that users need to see. The conceptual level is an intermediary and frees users from dealing with the internal level.

14.32

External levelThe external level interacts directly with the user (end users or application programs). It changes the data coming from the conceptual level to a format and view that is familiar to the users.

14.33

14.5 THE RELATIONAL DATABASE MODEL14.5 THE RELATIONAL DATABASE MODEL

In the In the relational database management systemrelational database management system (RDBMS)(RDBMS), the data is represented as a set of , the data is represented as a set of relationsrelations..

14.34

RelationsA relation appears as a two-dimensional table. The RDBMS organizes the data so that its external view is a set of relations or tables. This does not mean that data is stored as tables: the physical storage of the data is independent of the way in which the data is logically organized.

Figure 14.6 An example of a relation

14.35

14-7 DATABASE DESIGN14-7 DATABASE DESIGN

The design of any database is a lengthy and involved The design of any database is a lengthy and involved task that can only be done through a step-by-step task that can only be done through a step-by-step process. The first step normally involves interviewing process. The first step normally involves interviewing potential users of the database. The second step is to potential users of the database. The second step is to build an build an entity-relationship model (ERM)entity-relationship model (ERM) that defines that defines the entities, the attributes of those entities and the the entities, the attributes of those entities and the relationship between those entities.relationship between those entities.

14.36

NormalizationNormalization is the process by which a given set of relations are transformed to a new set of relations with a more solid structure. Normalization is needed to allow any relation in the database to be represented, to allow a language like SQL to use powerful retrieval operations composed of atomic operations, to remove anomalies in insertion, deletion, and updating, and reduce the need for restructuring the database as new data types are added.The normalization process defines a set of hierarchical normal forms (NFs). Several normal forms have been proposed, including 1NF, 2NF, 3NF, BCNF (Boyce-Codd Normal Form), 4NF, PJNF (Projection/Joint Normal Form), 5NF and so on.

14.37

14-8 OTHER DATABASE MODELS14-8 OTHER DATABASE MODELS

The relational database is not the only database model The relational database is not the only database model in use today. Two other common models are in use today. Two other common models are distributed databasesdistributed databases and and object-oriented databasesobject-oriented databases. . We briefly discuss these here.We briefly discuss these here.

14.38

Distributed databases

The distributed database model is not a new model, but is based on the relational model. However, the data is stored on several computers that communicate through the Internet or a private wide area network. Each computer (or site) maintains either part of the database or the whole database.

Fragmented distributed databases

In a fragmented distributed database, data is localized—locally used data is stored at the corresponding site. However, this does not mean that a site cannot access data stored at another site. Access is mostly local, but occasionally global.

14.39

Replicated distributed databases

In a replicated distributed database, each site holds an exact replica of another site. Any modification to data stored in one site is repeated exactly at every site. The reason for having such a database is security. If the system at one site fails, users at the site can access data at another site.

14.40

Object-oriented databases

An object-oriented database tries to keep the advantages of the relational model and at the same time allows applications to access structured data. In an object-oriented database, objects and their relations are defined. In addition, each object can have attributes that can be expressed as fields.

XMLThe query language normally used for objected-oriented databases is XML (Extensible Markup Language). As we discussed in Chapter 6, XML was originally designed to add markup information to text documents, but it has also found its application as a query language in databases. XML can represent data with nested structures.