Docstoc

Database

Document Sample
Database Powered By Docstoc
					Chapter 13: Electronic
Commerce and Information
Security
   Invitation to Computer Science,
   C++ Version, Third Edition
Objectives

In this chapter, you will learn about:


n    E-commerce


n    Databases


n    Information security



Invitation to Computer Science, C++ Version, Third Edition   2
Introduction

n    E-commerce: financial transactions conducted
     by electronic means
n    Early days (early and mid-1990s) of online
     commerce
     q    A customer fills out an order via the Web and
          submits it
     q    The online order is printed out by the business,
          and then processed like a “traditional” purchase


Invitation to Computer Science, C++ Version, Third Edition   3
Introduction (continued)
n    E-business
     q    Every part of a financial transaction is handled
          electronically, including
          n     Processing of orders
          n     Verification of credit
          n     Completion of transactions
          n     Issuing debits
          n     Alerting shipping
          n     Reducing inventory

Invitation to Computer Science, C++ Version, Third Edition   4
E-commerce

n    Opening an online store requires at least as
     much planning as building another physical store
     location




Invitation to Computer Science, C++ Version, Third Edition   5
The Vision Thing

n    In planning for opening an online store, a
     company must access:
     q    Its objectives
     q    Risks involved
     q    Costs involved

n    The company should go ahead with its plans
     only if it is determined that its overall bottom line
     will improve by going online

Invitation to Computer Science, C++ Version, Third Edition   6
Decisions, Decisions

n    Personnel

     q    In-house development or outsourcing

n    Hardware

     q    Web server machine

     q    Additional computers



Invitation to Computer Science, C++ Version, Third Edition   7
Decisions, Decisions (continued)

n    Software: programs to

     q    Process customer orders


     q    Interact with accounting, shipping, and inventory
          control software

     q    Manage and store customer information


Invitation to Computer Science, C++ Version, Third Edition    8
Anatomy of a Transaction

n    Goals for an online business

     q    Draw potential customers to your site

     q    Keep them there

     q    Set up optimum conditions for them to complete a
          purchase

n    A typical online transaction can be divided into
     nine steps

Invitation to Computer Science, C++ Version, Third Edition   9
Step 1: Getting There

n    How can you get customers to your Web site?

     q    Conventional advertising

     q    Obvious domain name

     q    Search engine

     q    Portal


Invitation to Computer Science, C++ Version, Third Edition   10
Step 2: Do I Know You?

n    Providing Web site personalization by:

     q    Asking the user to register and then log-in on each
          visit

     q    Using cookies

n    Providing incentives and benefits for return
     customers


Invitation to Computer Science, C++ Version, Third Edition   11
Step 3: Committing to an Online
Purchase
n    Must provide security for transmitting sensitive
     information

     q    Encryption: encoding data to be transmitted into a
          scrambled form using a scheme agreed upon
          between the sender and the receiver

     q    Authentication: verifying the identify of the receiver
          of your message


Invitation to Computer Science, C++ Version, Third Edition    12
Step 3: Committing to an Online
Purchase (continued)
n    SSL (secure sockets layer)

     q    A series of protocols that allow a client and a Web
          server to:

          n     Agree on encryption methods

          n     Exchange security keys

          n     Authenticate the identity of each party

Invitation to Computer Science, C++ Version, Third Edition   13
Steps 4 and 5: Payment Processing

n    Most common payment option: credit card

n    Option 1

     q    Step 4: Online order form communicates with the
          accounting system

     q    Step 5: Accounting system verifies the customer’s
          credit and process the transaction on the fly



Invitation to Computer Science, C++ Version, Third Edition   14
Steps 4 and 5: Payment Processing
(continued)
n    Option 2

     q    Step 4: Collect information on the customer’s
          order


     q    Step 5: Evaluate the customer’s credit and
          complete the transaction offline


Invitation to Computer Science, C++ Version, Third Edition   15
Steps 6–9: Order Fulfillment

n    Step 6: Order entry system alerts inventory
     system to reduce the items in stock

n    Step 7: Order entry system contacts shipping
     system to arrange for shipping

n    Steps 8 and 9: Shipping system works with the
     shipping company to pick up and deliver the
     purchase to the customer


Invitation to Computer Science, C++ Version, Third Edition   16
         Figure 13.1: A Typical Online Transaction in Nine Steps

Invitation to Computer Science, C++ Version, Third Edition         17
Designing Your Web Site

n    Web site taxonomy
     q    How information will be classified and organized
          on the Web site
n    CRM (customer relationship management)
     q    Goals
          n     Improve your customer satisfaction
          n     Build customer relationships
          n     Bring people back to your Web site time and time
                again

Invitation to Computer Science, C++ Version, Third Edition         18
Designing Your Web Site (continued)

n    Some important Web site components
     q    Site map
     q    Navigation bar
     q    Shopping carts
     q    Order checkout forms
     q    Shipping options
     q    E-mail confirmations
     q    Privacy policy

Invitation to Computer Science, C++ Version, Third Edition   19
Designing Your Web Site (continued)

n    Web pages should be designed to be displayed
     on different machines, operating systems, and
     browsers


n    Text-only options should be offered for users
     with slow connections, the visually impaired, and
     the hearing-impaired



Invitation to Computer Science, C++ Version, Third Edition   20
Databases

n    An electronic database

     q    Stores data items

     q    Data items can be extracted

     q    Data items can be sorted

     q    Data items can be manipulated to reveal new
          information


Invitation to Computer Science, C++ Version, Third Edition   21
Data Organization

n    Byte
     q    A group of eight bits
     q    Can store the binary representation of a single
          character or of a small integer number
     q    A single unit of addressable memory
n    Field
     q    A group of bytes used to represent a string of
          characters

Invitation to Computer Science, C++ Version, Third Edition   22
Data Organization (continued)

n    Record

     q    A collection of related fields

n    Data file

     q    Related records are kept in a data file

n    Database

     q    Related files make up a database

Invitation to Computer Science, C++ Version, Third Edition   23
                                            Figure 13.3
                                    Data Organization Hierarchy

Invitation to Computer Science, C++ Version, Third Edition        24
                                       Figure 13.4
                             Records and Fields in a Single File

Invitation to Computer Science, C++ Version, Third Edition         25
                                 Figure 13.5
               One Record in the Rugs-For-You Employees File


Invitation to Computer Science, C++ Version, Third Edition     26
Database Management Systems

n    Database management system (DBMS)

     q    Manages the files in a database


n    Relational database model

     q    Conceptual model of a file as a two-dimensional
          table


Invitation to Computer Science, C++ Version, Third Edition   27
Database Management Systems
(continued)
n    In a relational database
     q    A table represents information about an entity

     q    A row contains data about one instance of an
          entity

     q    A row is called a tuple

     q    Each category of information is called an attribute


Invitation to Computer Science, C++ Version, Third Edition      28
                                       Figure 13.6
                             Employees Table for Rugs-For-You


Invitation to Computer Science, C++ Version, Third Edition      29
                                     Figure 13.7
                      InsurancePolicies Table for Rugs-For-You

Invitation to Computer Science, C++ Version, Third Edition       30
Database Management Systems
(continued)
n    Specialized query languages
     q    Enable the user or another application program to
          query the database
     q    Example: SQL (Structured Query Language)
n    Relationships among different entities in a
     database
     q    Established through the correspondence between
          primary keys and foreign keys

Invitation to Computer Science, C++ Version, Third Edition   31
                                     Figure 13.8
                   Three Entities in the Rugs-For-You Database

Invitation to Computer Science, C++ Version, Third Edition       32
Other Considerations

n    Performance issues

     q    Large files are maintained on disk

     q    Organizing record storage on disk can minimize
          time to access a particular record

     q    Creating additional records to be stored with the
          file can significantly reduce access time



Invitation to Computer Science, C++ Version, Third Edition    33
Other Considerations (continued)

n    Distributed databases


     q    Allow physical data to reside at separate and
          independent locations that are networked


n    Massive, integrated government databases raise
     legal, political, social, and ethical issues



Invitation to Computer Science, C++ Version, Third Edition   34
Information Security

n    Information security

     q    Data protection, whether on disk or transmitted
          across a network


     q    Authentication: prevent access by hackers

     q    Encryption: make data meaningless if they do get it


Invitation to Computer Science, C++ Version, Third Edition   35
Encryption Overview

n    Cryptography

     q    The science of “secret writing”

n    Plaintext

     q    A message that is not encoded

n    Ciphertext

     q    An encrypted message

Invitation to Computer Science, C++ Version, Third Edition   36
Encryption Overview (continued)
n    Process of encryption and decryption
     q    Plaintext is encrypted before it is sent
     q    Ciphertext is decrypted back to plaintext when it is
          received
n    A symmetric encryption algorithm
     q    Requires a secret key known to both the sender
          and receiver
          n     Sender encrypts the plaintext using the key
          n     Receiver decrypt the message using the key

Invitation to Computer Science, C++ Version, Third Edition    37
Encryption Overview (continued)

n    Asymmetric encryption algorithm
     q    Also called public key encryption algorithm
     q    The key for encryption and the key for decryption
          are different
          n     Person A makes an encryption key public
          n     Anyone can encrypt a message using the public
                key and send it to A
          n     Only A has the decryption key and can decrypt the
                message

Invitation to Computer Science, C++ Version, Third Edition          38
Simple Encryption Algorithms: Caesar
Cipher
n    Caesar cipher
     q    Also called a shift cipher
     q    Each character in the message is shifted to
          another character some fixed distance farther
          along in the alphabet
     q    A stream cipher: encodes one character at a time
     q    A substitution cipher: a single letter of plaintext
          generates a single letter of ciphertext


Invitation to Computer Science, C++ Version, Third Edition      39
Block Cipher

n    A group or block of plaintext letters gets
     encoded into a block of ciphertext, but not by
     substituting one at a time for each character


n    Each plaintext character in the block contributes
     to more than one ciphertext character




Invitation to Computer Science, C++ Version, Third Edition   40
Block Cipher (continued)

n    One ciphertext character is created as a result of
     more than one plaintext letter


n    Diffusion (scattering) of the plaintext within the
     ciphertext




Invitation to Computer Science, C++ Version, Third Edition   41
DES

n    Stands for Data Encryption Standard

n    Designed to protect electronic information

n    A block cipher

n    Blocks: 64 bits long

n    Key: 64 bit binary key (only 56 bits are actually
     used)

Invitation to Computer Science, C++ Version, Third Edition   42
DES (continued)

n    Every substitution, reduction, expansion, and
     permutation is determined by a well-known set
     of tables


n    The same algorithm serves as the decryption
     algorithm




Invitation to Computer Science, C++ Version, Third Edition   43
                                                        Figure 13.11
                                                        The DES Encryption Algorithm

Invitation to Computer Science, C++ Version, Third Edition                             44
DES (continued)

n    Triple DES
     q    Improves the security of DES
     q    Requires two 56-bit keys
     q    Runs the DES algorithm three times
n    AES (Advanced Encryption Standard)
     q    Uses successive rounds of computations that mix
          up the data and the key
     q    Key length: 128, 192, or 256 bits

Invitation to Computer Science, C++ Version, Third Edition   45
Public-Key Systems

n    RSA

     q    Most common public key encryption algorithm

     q    Based on results from number theory

     q    If n is a large number, it is extremely difficult to
          find the prime factors for n

     q    RSA is often used in the initial stage of
          communication between client and server

Invitation to Computer Science, C++ Version, Third Edition       46
                                                 Figure 13.12
                                                An SSL Session

Invitation to Computer Science, C++ Version, Third Edition       47
Summary

n    E-business: every part of a financial transaction
     is handled electronically
n    Opening an online store requires a significant
     amount of planning
n    Database: allows data items to be stored,
     extracted, sorted, and manipulated
n    Relational database model: conceptual model of
     a file as a two-dimensional table

Invitation to Computer Science, C++ Version, Third Edition   48
Summary

n    Main parts of information security: encryption
     and authentication
n    Types of encryption algorithms
     q    Symmetric encryption algorithms
     q    Asymmetric encryption algorithms (or public key
          encryption algorithms)
n    Encryption algorithms: Caesar cipher, block
     cipher, DES, Triple DES, AES, RSA

Invitation to Computer Science, C++ Version, Third Edition   49

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:10/3/2013
language:English
pages:49