Presentation on theme: "CMSC666 E-commerce Project Spring 2003 Quyin Fan Brian Brzezicki."— Presentation transcript:
CMSC666 E-commerce Project Spring 2003 Quyin Fan Brian Brzezicki
Motivation Technologies Architecture of solution Security and authentication Business Description Market & Profit Analysis Risks of business challenges Implementation Presentation Overview
This project is aimed at a small hobbyist who would like to make a secondary income building and selling objects which they have a passion and enjoyment for arcade-cabinets. Motivation
Apache web server is compiled with Processor- Specific Optimization to take advantage of the power of the new processor generation, giving it 5-30% more performance than any other Web Server. The main advantage of using the Apache web server is speed. Using the mod_php module, Apache can return CGI requests on faster than web servers that do not have mod_php technology. It takes advantage of powerful API interface. Apache provides a robust and commercial grade reference implementation of the HTTP protocol. Apache is the most widely used and trusted web server in use today with a market share of 62.57% (April 2003) which is more than twice that of the nearest competitor Apache is widely regarded as one of the most secure web servers Apache works well with the popular MySQL Its FREE !! Technologies-Why Apache
Technologies-why HTML Small file sizes Does not require expensive authoring tools Web space is inexpensive Does not require programming skills Once uploaded, provides Instant Publication Can be viewed on any computer with free web browsing software
Technologies-why MySQL Database licensing costs can be more than 70% of the cost web systems. But MySQL is inexpensive, as in free. MySQL is a mature, stable and robust database platform for most applications Extremely fast and scalable on reads (faster than most commercial DBs) Supported on multiple platforms (Solaris, Linux, Win32) Mature APIs for database application development Integrates well with PHP
Architecture of Solution Architecture of Solution (cont.) Database schema auth users orders item survey orderparts id sessionid userid username timestamp id sessionid userid username timestamp id username password name address1 address2 city state zip email phone credittype creditnumber expiration id username password name address1 address2 city state zip email phone credittype creditnumber expiration id userid timestamp discount id userid timestamp discount id orderid item quantity tracking shipdate id orderid item quantity tracking shipdate id name description price quantity monitortype genre controller link picture shipping id name description price quantity monitortype genre controller link picture shipping surveyID customerID gender education age income jobType homeOwner howOften cabinetsOwned favoriteGame genre characterName timePeriod surveyID customerID gender education age income jobType homeOwner howOften cabinetsOwned favoriteGame genre characterName timePeriod
Architecture of Solution Architecture of Solution (cont.) survey Id CustomerID Gender … users id username password name … orders id userid timestamp discount orderparts id orderid item … Item Id name description price … auth Id Sessionid Userid Username Timestamp
Architecture of Solution Architecture of Solution (cont.) Page function flow chart
Security & Authentication Uses encrypted cookies, with timeout values, and continual checks on the server. Similar to challenge/response 1.User sends username and password to server 2.Server verifies username and password 3.Servers chooses random encryption key and a word that only the server knows. Inserts sessionid, session key, plaintext, username, timeout value into a database 4.Server returns to client sessionid and cyphertext as cookies.
Security & Authentication Security & Authentication (cont.) 5.Each time client goes to new page, sends back sessionid and cyphertext. 6.On reciept servers looks up sessionid, if session id doesnt exist -> NOAUTH 7.If sessionid ok, check timestamp, if timestamp is too old -> NO AUTH 8.If timestamp ok, servername takes cyphertext, uses stored encryption key, validates that the stored plaintext matches the decryption, if decryption doesnt match -> NO AUTH 9.If decryption matches -> OK, update timestamp to current time 10.We could also change the plaintext, encryption key and cypertext at any transaction to increase security however we dont do this in this case
EC Category : B2C EC Model: E-shop Business functions: 1. E-payment 2. Shopping cart 3. Customer profiles 5. Promotion and survey 4. Security issues Business Description
Market Analysis Since 1998 there has been a huge interest in arcade cabinets from adults in the age range of 30-45 who have now disposable income, and are trying to relive an very powerful and enjoyable experience from their youth. This trend can be seen by projects such as the MAME project and ebay where on a daily bases hundreds of arcade games and game parts (even such trivial things as game display marques) are auctioned off everyday. A few industrial vending companies have even jumped in the game such as Hanaho manufacturing, x-arcade, team-play etc.
Market Analysis Market Analysis (Continued) Although a few companies have made consumer arcade products, there are no companies that really focus on the home consumer, most just have a few side products for the home market.
Promotion – Use mail in rebate to bring in users, while maximizing profit. It is show that most people never send in mail in rebates. The mail in rebate is based on whether users did the site survey or not. Arcade-cabinets.com is aimed at people who generally have a lot of money to spend on their interests. It is very specifically focused, and there is not real price competition. The costs to actually produces the product is fairly low in comparison to the product price, since the assembly and electronics are outside the scope of the target audience. Profit Analysis
Profit Analysis Profit Analysis (continued) Profit margin is extremely high (>= 300%) whereas most retail is low profit margins (5- 20%) Example average cost of machine production –Cabinet = $100.00 –Monitor = $250.00 –Power components = $50.00 –Controllers = $50.00 –Game board = $20.00 Average Total Cost = $470.00 Sales Cost Average $1500.00
Profit Analysis Profit Analysis (continued) There is cost of website maintains, etc. that needs to be factored in. Generally hosting costs are a reoccurring $200.00 a month for a moderate hosting contract. So assuming at least 1 sale a month the hobbyist will still make a nice amount of extra income a month.
Risk of Business Delivery and handle fee will affect sale Only using credit card for payment Product model is not latest, it is targeted at a very specific audience, which are financially stable adult males between the ages of 30-45.
challenges Problems with HTML compatibility between development platform (Mozilla) and demonstration platform (IE) Coming up with a resonably secure method for continous authentication Templates for pages.