CMSC666 E-commerce ProjectSpring 2003

Quyin Fan

Brian Brzezicki

• Motivation• Technologies• Architecture of solution • Security and authentication• Business Description• Market & Profit Analysis • Risks of business• challenges• Implementation

Presentation OverviewPresentation Overview

This project is aimed at a small hobbyist who

would like to make a secondary income

building and selling objects which they have

a passion and enjoyment for arcade-cabinets.

MotivationMotivation

Apache web server is compiled with Processor- Specific Optimization to take advantage of the power of the newprocessor generation, giving it 5-30% more performance thanany other Web Server.• The main advantage of using the Apache web server is speed.

Using the mod_php module, Apache can return CGI requests on faster than web servers that do not have mod_php technology. It takes advantage of powerful API interface.

• Apache provides a robust and commercial grade reference implementation of the HTTP protocol.

• Apache is the most widely used and trusted web server in use today with a market share of 62.57% (April 2003) which is more than twice that of the nearest competitor

• Apache is widely regarded as one of the most secure web servers• Apache works well with the popular MySQL • It’s FREE !!

Technologies-Why ApacheTechnologies-Why Apache

Technologies-why PHPTechnologies-why PHPPHP is now the most popular module for the Apache server and in total running on something like two million Web sites. Speed, stability, security and simplicity are some of the reasons why PHP is famous as a popular server side scripting language.

• Speed: not only the speed of execution is important, but also that the system doesn't slow down the rest of the machine. So it should not demand a lot of system resources. PHP integrates well with other software, especially under UNIX's, has a small footprint and when run as an Apache module is already loaded for use.

• Stability: its no good being fast if the system crashes every few thousand pages. No application is bug free, but having a community of PHP developers and users makes it much harder for bugs to survive for long.

• Security: PHP provides many levels of security which can be set in the .ini file to the desired level.

• Simplicity: programmers should be able to start being productive as soon as possible. With PHP, even HTML coders can start integrating PHP into their pages straight away. Programmers with previous experience of C, or even with Javascript can get up to speed very quickly.

• Other PHP advantages are that PHP will run on almost any platform. Using the same code base, PHP can be compiled and built on about 25 platforms, including most UNIXs, Windows(95/98/NT/2000) and Macs. PHP is similar to C. So anyone who has experience with a C-style language will soon understand PHP.

Technologies-why HTMLTechnologies-why HTML

• Small file sizes• Does not require expensive authoring tools• Web space is inexpensive• Does not require programming skills• Once uploaded, provides “Instant Publication”• Can be viewed on any computer with free web

browsing software

Technologies-why MySQLTechnologies-why MySQL

• Database licensing costs can be more than 70% of the cost web systems. But MySQL is inexpensive, as in free.

• MySQL is a mature, stable and robust database platform for most applications

• Extremely fast and scalable on reads (faster than most commercial DBs)

• Supported on multiple platforms (Solaris, Linux, Win32)

• Mature APIs for database application development• Integrates well with PHP

Architecture of Solution Architecture of Solution (cont.)

Database schema

auth users

orders

item

survey

orderparts

id sessionid

userid username timestamp

id sessionid

userid username timestamp

id username password name

address1 address2

city state

zip email

phonecredittype

creditnumber expiration

id username password name

address1 address2

city state

zip email

phonecredittype

creditnumber expiration

id userid

timestamp discount

id userid

timestamp discount

id orderid item

quantity tracking shipdate

id orderid item

quantity tracking shipdate

id name

description price

quantity monitortype

genre controller

link picture

shipping

id name

description price

quantity monitortype

genre controller

link picture

shipping

surveyIDcustomerID

gendereducation

ageincomejobType

homeOwnerhowOften

cabinetsOwnedfavoriteGame

genrecharacterName

timePeriod

surveyIDcustomerID

gendereducation

ageincomejobType

homeOwnerhowOften

cabinetsOwnedfavoriteGame

genrecharacterName

timePeriod

Architecture of Solution Architecture of Solution (cont.)

survey

Id

CustomerID

Gender

…

users

id

username

password

name

…

orders

id

userid

timestamp

discount

orderparts

id

orderid

item

…

Item

Id

name description

price

…

auth

Id

Sessionid

Userid

Username

Timestamp

Architecture of Solution Architecture of Solution (cont.)

Page function flow chart

h o m e p ag e

mya c c o u n t

lo g inc re a te

a c c o u n tlo g o u t

v ie w a llg a me s

s e a rc hg a me s

s u r v ey

f eed b ac ked it in f o

v iew o r d ers ta tu s

s h o p p in gc a rt

c h ec k o u t

c o n f ir m

Security & AuthenticationSecurity & Authentication

• Uses encrypted cookies, with timeout values, and continual checks on the server.

• Similar to challenge/response

1. User sends username and password to server

2. Server verifies username and password

3. Servers chooses random encryption key and a word that only the server knows. Inserts sessionid, session key, plaintext, username, timeout value into a database

4. Server returns to client sessionid and cyphertext as cookies.

Security & AuthenticationSecurity & Authentication (cont.)

5. Each time client goes to new page, sends back sessionid and cyphertext.

6. On reciept servers looks up sessionid, if session id doesn’t exist -> NOAUTH

7. If sessionid ok, check timestamp, if timestamp is too old -> NO AUTH

8. If timestamp ok, servername takes cyphertext, uses stored encryption key, validates that the stored “plaintext” matches the decryption, if decryption doesn’t match -> NO AUTH

9. If decryption matches -> OK, update timestamp to current time10. We could also change the plaintext, encryption key and cypertext

at any transaction to increase security however we don’t do this in this case

• EC Category : B2C• EC Model: E-shop• Business functions:

1. E-payment

2. Shopping cart

3. Customer profiles

5. Promotion and survey

4. Security issues

Business DescriptionBusiness Description

Market AnalysisMarket Analysis

• Since 1998 there has been a huge interest in arcade cabinets from adults in the age range of 30-45 who have now disposable income, and are trying to relive an very powerful and enjoyable experience from their youth.

• This trend can be seen by projects such as the “MAME” project and ebay where on a daily bases hundreds of arcade games and game parts (even such trivial things as game display marques) are auctioned off everyday. A few industrial vending companies have even jumped in the game such as Hanaho manufacturing, x-arcade, team-play etc.

Market Analysis Market Analysis (Continued)

• Although a few companies have made consumer arcade products, there are no companies that really focus on the home consumer, most just have a few side products for the home market.

• Promotion – Use mail in rebate to bring in users, while maximizing profit. It is show that most people never send in mail in rebates. The mail in rebate is based on whether users did the site survey or not.

• Arcade-cabinets.com is aimed at people who generally have a lot of money to spend on their interests. It is very specifically focused, and there is not real price competition. The costs to actually produces the product is fairly low in comparison to the product price, since the assembly and electronics are outside the scope of the target audience.

Profit AnalysisProfit Analysis

Profit Analysis Profit Analysis (continued)

• Profit margin is extremely high (>= 300%) whereas most retail is low profit margins (5-20%)

• Example average cost of machine production– Cabinet = $100.00– Monitor = $250.00– Power components = $50.00– Controllers = $50.00– Game board = $20.00

Average Total Cost = $470.00Sales Cost Average $1500.00

Profit Analysis Profit Analysis (continued)

• There is cost of website maintains, etc. that needs to be factored in. Generally hosting costs are a reoccurring $200.00 a month for a moderate hosting contract. So assuming at least 1 sale a month the hobbyist will still make a nice amount of extra income a month.

Risk of BusinessRisk of Business

• Delivery and handle fee will affect sale• Only using credit card for payment• Product model is not latest, it is targeted at

a very specific audience, which are financially stable adult males between the ages of 30-45.

challengeschallenges

• Problems with HTML compatibility between development platform (Mozilla) and demonstration platform (IE)

• Coming up with a resonably secure method for continous authentication

• Templates for pages.

ImplementationImplementation

Arcade-Cabinets website

Questions?Questions?