Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
LYU9901 Travel-Net Supervisor: Members: Prof. Michael R. Lyu Ho Chi Ho Malcolm Lau Chi Ho Arthur Outline • • • • • • Introduction Travel-Net features System overview Security issues Future works Q&A Introduction • Nowadays e-commerce: A new way to do business and earn money. (Amazon, CDNow) • Due to its great potential and popularity among the internet, it is worthy for us to practice it. • Travel-Net is an e-commerce application providing travel related services. E-commerce model Clients (user interface) Middle-Ware/ Application server (application logic) Service Servers (Database/Payment) •Client: Web browser, PDA or any device supported by the application Serve •Middle-Ware: handle all application operations between the base computer and company back-end business application and database. •Service servers: provide data or information according to request from middleware. Process some requests (update database, payment transaction) •3-Tier client/server: A special type of client/server architecture consisting of three well-defined and separate processes, each running on a different platform Travel-Net Features • To provide travel related service • Flight Search & Reservation • Travel Accessories Shop • Travel Guides Flight Search & Reservation • Type of Search • One way flight • Round trip • Multi-cities route Flight Search & Reservation(2) • Basic Search Criteria based on • • • • Departure City Destination Class(first class, business, economy) Departure date and time Flight Search & Reservation(3) • Additional Search Criteria based on • Airline • Result(all possible result, lowest price) Flight Search & Reservation(4) Flight Search & Reservation(5) • Database coverage: • Each Airline has its own database for its flight • To minimize the complexity and the large size of data, the DB only covers for some major Asian cities Flight Search & Reservation(6) • Difficulties encountered: • Simulation of airline databases – unable to obtain the actual database of airlines – construct the structure of the database by hypothesis on the data from some travel web site – get flight data from these travel web site manually – Tedious work!!! Travel Accessories Shop • selling of travel accessories: • different types of luggages • travel maps • travel guide books • other stuffs that is convenient & portable for travel Travel Accessories Shop(2) • provides pictures and description of products • users add the item they want to buy in a shopping basket • system keep the content of basket until they pay for it • on-site delivery after paying the bill Travel Accessories Shop(3) Travel Guides • provides information on Cities that covered by Travel-Net • Information includes: – – – – City map Famous spot Currency Necessary equipment and procedure on visit the city – other information System Overview • • • • Architecture Overview Server System Software tools Client requirement System Architecture Web Browser Host Machine: Java enable web Server User Profile Database Foreign Inventory Database Authorized companies providing their inventory data HTTP Req/Resp Inventory Stock Database Servlets Company DB Mngr Payment Manager Bank Account Database Bank handling payments Foreign Inventory Database Company DB Mngr Server System Server machine: PIII 500Mhz, 128MB Memory Operating system: NT workstation/ Server Web Server: Internet Information Server 4.0(IIS) Servlet Engine: ServletExec 2.2 DBMS: Oracle 8i (CSE Dept.) Server System(2) • Reasons that not using UNIX Apache in the department – Unable to use security feature (SSL) – Unable to install a Sevrlet Engine • Reasons on choosing Microsoft IIS – – – – Free of charge Easy to install and configure Support of SSL Can plug-in Servlet Engine Server System(3) Database System: • Reasons that not using Sybase – JConnect (a JDBC product) is not a free extension of Sybase – JConnect is unavailable in our department • Reason for using Oracle – Oracle JDBC driver is shipped with Oracle, which is free for us to use . Server System(4) • The choice on Servlet Engine – ServletExec: light weight, easy installation, FREE for trial and relatively less restriction on trial version – Drawbacks of other trial vesions of Servlet Engine • E.g. JRUN and WebSphere: Large in size, difficult to install and configure and too many unnecessary features Software Tools • What is Java Servlet and Servlet Engine? • Servlet – Written in pure Java – Handle any request/response protocol. (mainly HTTP) – Run on Server side (Server side applet w/o GUI) • Servlet Engine – It is a Java VM running as background job – Allow the invocation of Java Servlet Advantages: Servlet over CGI • Performance: – Servlets start a new thread (rather than a new process) with each request. • Security: – Cannot execute commands on server by tricks. • Portability: – Java is platform independent. • Development & Growth – Object Oriented approach can obtain higher scalability – Much easier to detect error Route of Servlets • Servlets take the role of CGI – To handle the HTTP resquests (HTTP POST, HTTP GET, HTTP SERVICE) – Process order, query and generating dynamic pages • It behaves like the middle-ware in a 3-tier client/server system. • It will corporate with CORBA. Client Software Requirement • A web browser with no additional add-on. E.g. I.E 4+ or Netscape 3.0+ compatible • Security protocol (SSL) supported web browser is advised. Security • A major concern on every e-commerce system • Useful feature especially on transferring confidential data like credit card details during payment • Common solution: Encryption Security(2) • Parts that require encryption in the system: Client (browser) Travel Agent Server : credit card detail / user password : transaction reference Payment Gateway Security(3) • Our concern: – Encryption/Decryption of data requires computation power at both clients & servers – No problem for servers communication – But difficult to control the computation at client – Solution: use of Java Applet – Drawbacks on Applet: Increase download time, extra Java plug-in needed, inefficient to develop just for security. Security(4) • Our approach: – Use of browser build-in capability for security – Advantage: do not require user to install extra plug-in – Disadvantage: need the browser to support – Use of SSL which is supported by major browsers(Netscape / Internet Explorer) Security(5) - SSL • Brief introduction of SSL: – developed by Netscape – support of different encryption algorithm(e.g. RSA) – use of symmetric key called session key for data encryption & decryption – session key is generated using information of server certificate which should be signed by a trusted CA – common key length used is 40bits, 56bits and 128bits(US only) Security(6) - SSL • Brief procedures of SSL connection: – Authenticate the server to the client. – Allow the client and server to select the cryptographic algorithms, or ciphers, that they both support. – Optionally authenticate the client to the server. – Use public-key encryption techniques to generate shared secrets. – Establish an encrypted SSL connection. Security(7) • What do we need to do? • Get a server certificate & install it (a free server cert is available for CUHK hosts at: http://www.cuhk.edu.hk/ca) • Use https in browser for SSL connection • More detail of SSL is available here - http://developer.netscape.com/docs/manuals/security/sslin/contents.htm - http://developer.netscape.com/tech/security/ssl/howitworks.html Future Works • implement the payment method suggested by a post-graduate • implement CORBA in our system • add the part Hotel Reservation for features • evaluate the possibility of using Agent techniques in database negotiation • add other interesting stuffs if time allows Q&A • You are welcome to raise questions on our project