SYSTEM SOFTWARE Lab. 일자 : 98-03-19 - 1 - Secure Electronic Commerce System software laboratory...

- 1 -SYSTEM SOFTWARE Lab.SYSTEM SOFTWARE Lab.

일자 : 98-03-19

Secure Electronic Commerce

System software laboratory 석사 2 학기 박 정 호

( Chap.2 The Internet )


일자 : 98-03-19

Computer NetworkingComputer Networking

Distributed Application Single PC application - W.P, spreadsheets Multiple PC application - E-mail Distributed Application Computer network - transferring data between systems System

Equipment which is connected to a computer networkH/W & S/W running on that equipment

• ex) A network-connected desktop PC, ATM, POS devices

Client-server applications

File server Database server

Mail server Information-retrieval server

File server Database server

Mail server Information-retrieval server

serverClient systemClient system

End-user

…...End-user


일자 : 98-03-19

cont’dcont’d

Computer Networks Data item

Conveyed from one system to anotherRepresentation of a information

Protocol Set of rules understood by systems that intercommunicate

Multiple layer of protocol• operate independently of each other

Link or subnetwork layer • protocol to support the transfer of a string of data bits

Network layer • protocol to support the delivery of a packet Transport layer • protocol to ensure that all data packet deliver and no packets are lost

Application layer • protocol understood by the application S/W components in the end-systems


일자 : 98-03-19

TCP/IP 프로토콜 계층TCP/IP 프로토콜 계층

Layer 7Application

Layer 6Presentation

Layer 5Session

Layer 4Transport

Layer 3Network

Layer 2Link

Layer 1Physical

NetworkInterface

andHardware

Internet

Transport

Application

INTERNET PROTOCOL

TCP UDP

NETWORK INTERFACEAND HARDWARE

ICMPARP RARP

APPLICATIONS

FTPSMTP

TELNETX-WINDOWS

LPR, LPDREXEC

KERBEROSDNS

USERRPCNFS

PORTMAP

TFTPSNMP

ROUTEDNCS

MAC address

IP address

Segments Datagrams

Stream sockets Datagram sockets

ports

ISO Model (OSI) TCP/IP Model


일자 : 98-03-19

cont’dcont’d

Internet Both a technology and a live, massive computer network Foundation

U.S Department of Defense in 1969Support the establishment of connections between computers

Expansion ARPA (DARPA) in 1970s

• interconnecting computers in University and government research institutions across the U.S.

• become available for commercial exploitation and international Main technological achievement

Development of public-domain network protocols Two protocols

Transmission Control Protocol(TCP) : transport layer Internet Protocol(IP) : network layer


일자 : 98-03-19

Electronic messaging

(e-mail)

Network news(Newsgroup)

File transfer(FTP)

World Wide Web(WWW)

Information browsing(Gopher)

Remote login(Telnet)

Wide Area Information

Service(WAIS)

Internet ApplicationsInternet Applications


일자 : 98-03-19

Cont’dCont’d

Electronic MessagingSend a message to one or more recipients

Has some problem• message compromise only text

• must deal with multimedia data

Multipurpose Internet Mail Extensions(MIME)• transfer of structured, multimedia messages

Mail gatewayMail server Mail server

S1…..S2 R1…..R2

X.400 X.400


일자 : 98-03-19

WEB server

Cont’dCont’d

World Wide WebSupport the delivery of hypermedia documents

• Contain multimedia information

• Include hypertext references(links) to other documents

• HTTP(Hyper Text Transfer Protocol)

– application layer to access webserver

Has a unique identifier

URLN.CI .Eetc

Browser

userHTTP


일자 : 98-03-19

Internet CommunityInternet Community

InternetUsers

Internet Accessprovider

Host-based Service provider

Internet content provider

Internet ResearchTask Force(IRTF)

Internet EngineeringTask Force(IETF)

InterNIC AssignedNumbers

Authority(IANA)

InterNIC Directory and Database

Services

Internet Service Providers

Internet Activities Board

The InterNIC


일자 : 98-03-19


일자 : 98-03-19

cont’dcont’d

Internet Activities Board and Internet Standards

Standards track Proposed standard Draft standard Standard

IESGIESG

IRTFIETF

IAB


일자 : 98-03-19

Cont’dCont’d

InterNIC(Internet Network Information Center) Major component of the Internet’s infrastructure

InterNIC directory and database services

• operated by AT&T Corp

• including distribution of many Internet publications

InterNIC registration services

• provided by Network Solutions, Inc.

• support Domain

– the assignment of names to network or organization


일자 : 98-03-19

인터넷의 IP 주소 체계인터넷의 IP 주소 체계

네트워크 주소 (7) 호스트주소 (24)1

네트워크 주소 (14) 호스트주소 (16)1

네트워크 주소 (21) 호스트주소 (8)

다중 전송용 (Multicast) 주소 (28)1

0

1 01

1 01

예약 (27)1 1 1 01

8 16 24

클래스 A

클래스 B

클래스 C

클래스 D

클래스 E

클래스 네트워크 수 호스트 수(네트워크 당)

주소 범위

A 27 = 128 224 = 16,777,216 0.0.0.0 – 127.255.255.255

B 214 = 16,384 216 = 65,536 128.0.0.0 – 191.255.255.255

C 221 = 2,097,152 28 = 256 192.0.0.0 – 223.255.255.255

D 228 = 268,435,456 224.0.0.0 – 239.255.255.255

E 227 = 134,217,728 240.0.0.0 – 247.255.255.255


일자 : 98-03-19

Cont’dCont’d

Service Providers Access serviceHost-based servicesContent

Internet PublicationsRequests for Comments (RFC) seriesAnother important series - Internet Drafts

Working Together for SecurityRFC1281(guideline for the secure operation of the internet)

• work together to achieve a secure environment– users – computer and network service provider– vendors and system developers


일자 : 98-03-19

EC on the InternetEC on the Internet

EDIEDI

Electronic Data InterchangeElectronic Data Interchange One of the forms of electronic commerceOne of the forms of electronic commerce

• Purchase ordersPurchase orders• InvoicesInvoices• Payment advicesPayment advices

The X12 standardsThe X12 standardsThe EDIFACT standardsThe EDIFACT standards


일자 : 98-03-19

cont’dcont’d

EDIEDI VANVAN+

• Data communications services Data communications services • Software, security, recovery of lost dataSoftware, security, recovery of lost data

transaction tracing, auditingtransaction tracing, auditing

ClientClient

EDIEDI ClientClient

• Communications linesCommunications lines• Dial up linksDial up links• Mainframe terminal emulationMainframe terminal emulation• Packet-switching data networksPacket-switching data networks


일자 : 98-03-19

cont’dcont’d

EDI VANSEDI VANS InternetInternet ClientClient

ClientClientVANVAN

• High costHigh cost

• Low costLow cost

• Didn’t provide basic data communications serviceDidn’t provide basic data communications service• Provide auxiliary serviceProvide auxiliary service• Using the natural technology of electronic massagingUsing the natural technology of electronic massaging


일자 : 98-03-19

cont’dcont’d

EDI EDI InternetInternet ClientClient

MIMEMIME

• Providing an ideal frameworkProviding an ideal framework

EDI UserEDI UserEDI UserEDI User EDI UserEDI UserEDI UserEDI User

VANVANVANVAN AnotherAnotherAnotherAnother

• Using the MIME content typeUsing the MIME content type • MIME have three content typesMIME have three content types


일자 : 98-03-19

cont’dcont’d

• Open Electronic CommerceOpen Electronic Commerce

EDI transactionsEDI transactionsEDI transactionsEDI transactions require • technical & administrative protocolstechnical & administrative protocols• legal agreementslegal agreements

BuyersBuyers

WEBWEB

SellersSellers

E-mailE-mail

• Finding easilyFinding easily

• GoodsGoods• ServiceService

• Business agreementsBusiness agreements• Paper documentsPaper documents

• New electronic commerceNew electronic commerce

Without pre-negotiated, customized, bilateral agreementsWithout pre-negotiated, customized, bilateral agreements


일자 : 98-03-19

Example Transaction ScenariosExample Transaction Scenarios

Vera Buys a Lathe

Decides on a model offered by Danielle’s Machine Markers

Investigates the vendor electronicallyFills out the electronic order formTransmits the order via the internet

Checks the order and confirms the order by returning an electronic invoice

Pays for the lathe using a network-based process

Vera

Danielle :

Vera :

Danielle : Delivers the lathe to Vera’s manufacturing

Web


일자 : 98-03-19

InternetInternet

Example Transaction ScenariosExample Transaction Scenarios

Vera Buys a Lathe

Vera Danielle’sMachineMarker

Launches Web broswerlathe 검색

lathe 목록 표시

모델 결정전자주문서 작성 및 전송

전자주문서 수신

송장 발송

송장 수신

요금 지불- 신용카드 .- 전자화폐

Lathe 탁송Lathe 수취


일자 : 98-03-19

cont’dcont’d

Inter-corporate Trading Using e-mail-based electronic commerce

Because e-mail present too many risks

Needs to incorporate the following safeguards

Originator of every message must be securely authenticated

All messages must be confidentiality-protected

Nola’s Electronic Market Faces some substantial risks because she don’t know who they are


일자 : 98-03-19

SummarySummary

Computer networkmeans for transferring data depends on network protocol

Internet public network + private networkinternet protocol = TCP/IP

Internet applicationelectronic messaging & WWW MIME(Multi-purpose Internet Mail Extensions)

Internet community users, service providers, IAB(Internet Activities Board), InterNIC

EC(Electronic Commerce)

SYSTEM SOFTWARE Lab. 일자 : 98-03-19 - 1 - Secure Electronic Commerce System software laboratory...

Documents

Transcript of SYSTEM SOFTWARE Lab. 일자 : 98-03-19 - 1 - Secure Electronic Commerce System software laboratory...