LYU9901 TravelNet

1
LYU9901 Travel-Net

• Supervisor Prof. Michael R. Lyu
• Members Ho Chi Ho Malcolm
• Lau Chi Ho Arthur

2
Outline

• Introduction Project Objectives
• Approaches to Web Applications
• Facilities of TravelNet
• System Design
• Security Issues
• Future Enhancement
• Summary

3
Project Objectives

• Practise real life e-commerce with security and
  payment issues
  
• Building an online Web application -
• A Travel Agent
• Using new server side programming technology -
  Java Servlet
  
• Finally, develop our system in distributed manner

4
Introduction

• Nowadays e-commerce A new way to do business and
  earn money. (Amazon, CDNow)
  
• Due to its great potential and popularity among
  the internet, it is worthy for us to practice
  it.
  
• Travel-Net is an e-commerce application providing
  travel related services.(like Expedia,
  Travelocity, Preview Travel)

5
E-commerce model

• 3-Tier client/server A special type of
  client/server architecture consisting of three
  well-defined and separate processes, each running
  on a different platform
• Components include
• Client Web Browser
• Web Server with programming capability (like
  servlets)
  
• Database or other resources

6
Approaches on Web Applications

• Java Applets
• ASP
• CGI
• Java Servlets

7
Java Applets

• Run on Client Side
• Reduce server process load
• Download overhead(plugins, classes)
• Connectivity restrictions
• Small scale application

8
Active Server Page(ASP)

• Server scripts in Html
• Can invoke server programs (rarely)
• Generating dynamic pages
• Fast and efficient
• Low compatibility (MS products)

9
Common Gateway Interface(CGI)

• Gateway for server programs
• Can be written in different languages
• Scripts or Compiled code
• Platform dependent
• Poor concurrency performance
• Security threats

10
Java Servlets

• Server side programming
• Written in pure Java
• Handle HTTP protocol
• Need Servlet engine

11
Advantages Of Servlets

• Performance (concurrent)
• High Portability
• Extensibility
• Security

12
Facilities of TravelNet

• To provide travel related service

• Travel Accessories Shop
• Flight Search
• Travel Guides

13
Travel Accessories Shop

• Selling of travel accessories

• different types of luggage
• travel maps
• travel guide books
• other stuffs that is convenient portable for
  travel
  

14
Travel Accessories Shop(2)

• provides pictures and description of products
• users add the item they want to buy in a shopping
  basket
  
• system keep the content of basket until they
  leave the current session
  
• on-site delivery after paying the bill

15
Demonstration
16
Flight Search

• Type of Search

• One way flight (ready)
• Round trip
• Multi-cities route

17
Flight Search (2)

• User enter search information
• TravelNet contact each Airline Manager through
  interface
  
• Show results

18
Flight Search(3)

• Database coverage

• Each Airline has its own database for its flight
• To minimize the complexity and the large size of
  data, the DB only covers for some major Asian
  cities
  

19
Flight Search (4)

• Difficulties encountered

• Simulation of airline databases
• unable to obtain the actual database of airlines
• construct the structure of the database by
  hypothesis on the data from some travel web site
  
• get flight data from these travel web site
  manually
  
• Tedious work!!!

20
Travel Guides

• Provides online information on Cities that
  covered by Travel-Net
  
• Information includes
• City map
• Famous spot
• Currency
• Necessary equipment and procedure on visit the
  city
  
• other information

21
System Design

• Architecture Overview
• Communication Interfaces
• Web Site Hierarchy

22
System Architecture
Web Browser

23
Airline Database Manager Interface
Flight information query FLIGHT_ID FLIGHT_QUERY
(DEPARTURE_DATE, DEPARTURE_TIME SOURCE,
DESTINATION, TYPE_OF_FLIGHT, CLASS_OF_SEAT, AGE_G
ROUP, USER_REQUIREMENT) THROWS (NO_FLIGHT_MATCH
) Flight booking request VOID FLIGHT_BOOK (DEP
ARTURE_DATE, FLIGHT_ID TYPE_OF_FLIGHT,
CLASS_OF_SEAT, AGE_GROUP, USER_REQUIREMENT, USER
_INFORMATION) THROWS (NO_FLIGHT_MATCH, BOOKING_F
ULL) Flight price search FLOAT GET_PRICE (FLIGHT
_ID) THROWS (NO_FLIGHT_MATCH)
24
Simple Payment Manager
Visa card validation interface
VALIDATE_VISA (VISA_NUMBER, CARD_HOLDER_NAME, EX
PIRE_DATE) THROWS (INVALID_VISA) Visa card de
bit credit interface DEDUCT_CREDIT_FROM_VISA_CARD
(VISA_NUMBER, CARD_HOLDER_NAME, EXPIRE_DATE, DE
BIT_AMOUNT, CREDIT_ACCOUNT) THROWS (INVALID_VI
SA, NOT_ENOUGH_CREDIT, CREDIT_ACCOUNT_NOT_EXIST)
25
Web Site Hierarchy
26
Security

• A major concern on every e-commerce system
• Useful feature especially on transferring
  confidential data like credit card details during
  payment
  
• Common solution Encryption

27
Security(2)

• Parts that require encryption in the system

28
Security(3)

• Our concern
• Encryption/Decryption of data requires
  computation power at both clients servers
  
• No problem for servers communication
• But difficult to control the computation at
  clients

29
Security(4)

• Our approach
• Use of browser build-in capability for security
• Advantage do not require user to install extra
  plug-in
  
• Disadvantage need the browser to support
• Use of SSL which is supported by major
  browsers(Netscape / Internet Explorer)

30
Security(5) - SSL

• Brief introduction of SSL
• developed by Netscape
• support of different encryption algorithm(e.g.
  RSA)
  
• use of symmetric key called session key for data
  encryption decryption
  
• session key is generated using information of
  server certificate which should be signed by a
  trusted CA
  
• common key length used is 40bits, 56bits and
  128bits(US only)
  

31
Security(6) - SSL

• Brief procedures of SSL connection
• Authenticate the server to the client.
• Allow the client and server to select the
  cryptographic algorithms, or ciphers, that they
  both support.
  
• Optionally authenticate the client to the
  server.
  
• Use public-key encryption techniques to generate
  shared secrets.
  
• Establish an encrypted SSL connection.

32
Security(7)

• What do we need to do?
• Get a server certificate install it
• we are now using a fully functional free trial
  certificate from Entrust Co.
  
• Use https in browser for SSL connection

33
Future Enhancement

• Develop distributed TravelNet using CORBA
• Integrate a secure payment system of a
  post-graduate student with TravelNet
  
• Real life micro payment payment (Mondex)
• Add service Hotel Room Reservation
• Evaluate the possibility of using Agent
  techniques
  
• Add other interesting stuffs if time is allowed
  (like trip planner)
  

34
Summary

• Already built a nearly real life Web application,
  a travel agency.
  
• Using Servlet (a quite new technology) to
  implement our system
  
• The use of Java allow us to extend our
  distributed system in CORBA
  
• Security has be taken in consideration on
  information exchange.

35
Program Listing
36
Thanks for Coming LYU9901 TravelNet Ho Chi
Ho Malcolm
Lau Chi Ho Arthur