Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FinTech Lecture 6 : The World of Apps - continued

FinTech Lecture 6 : The World of Apps - continued

Slides I used for Lecture 6 of FinTech - Financial Innovation and the Internet 2021 Fall at Graduate School of Business and Finance, Waseda University on October 29, 2021.

Kenji Saito

October 29, 2021
Tweet

More Decks by Kenji Saito

Other Decks in Technology

Transcript

  1. Changes in the economy and labor. FinTech — Financial Innovation

    and the Internet 2021 Fall Lecture 6 : The World of Apps - continued Kenji Saito, Graduate School of Business and Finance, Waseda University Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.1/40
  2. This class is recorded Camera ON is recommended, but not

    required Zoom names : change your names to whatever you want to be called Please link your Zoon names to your real names in your reports Zoom names are important, because if you choose to be called by your real names, still I don’t know whether I should call you by your given or family names You do need to speak often (we are going to have a lot of dialogue) We will use breakout rooms a lot, but those won’t be recorded unless you do it yourselves (need to be allowed) Keep your Zoom client updated! We might use latest features Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.2/40
  3. The lecture slides can be found at : https://speakerdeck.com/ks91 Recording

    and chat text will be posted at Moodle and Discord Trial automatic transcription will be posted at Discord Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.3/40
  4. Schedule (provisional) Lecture 1 9/24 Overview of FinTech (1) •

    Lecture 2 10/1 Overview of FinTech (2) • Lecture 3 10/8 Internet Technology and Governance (1) • Lecture 4 10/15 Internet Technology and Governance (2) • Lecture 5 10/22 Internet Governance and the World of Apps • Lecture 6 10/29 The World of Apps - continued • Lecture 7 11/12 Blockchain (1) Lecture 8 11/19 Blockchain (2) Lecture 9 11/26 Other Ledger Technology and Applications (1) Lecture 10 12/3 Other Ledger Technology and Applications (2) Lecture 11 12/10 Cyber-Physical Society and Future of Finance (1) Lecture 12 12/17 Cyber-Physical Society and Future of Finance (2) Lecture 13 1/7 FinTech Ideathon (1) Lecture 14 1/14 FinTech Ideathon (2) Lecture 15 1/21 Presentations and Conclusions Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.4/40
  5. Last Week, We Did. . . Principles of the Internet

    Internet Governance Discussion “Commons” in Finance Assignment Review The World of the Web Applications of the Internet Birth, technology and evolution of World Wide Web Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.5/40
  6. Today’s Topics The World of the Web Birth, technology and

    evolution of World Wide Web Consequences and problems of World Wide Web API (Application Programming Interface) Web API (REST) in particular Discussion : Imagine API Basics of Cryptography Probably continued to the next lecture Assignment Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.6/40
  7. To refresh your memory Lecture 6 : The World of

    Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.7/40
  8. The World of the Web Applications of the Internet Birth,

    technology and evolution of World Wide Web Consequences and problems of World Wide Web Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.8/40
  9. Applications and Port Numbers 3BJMT 5P[BJ-JOF 8BTFEB4U &YJU 8BTFEB6OJW 8BTFEB

    3BJMT .JUB-JOF .JUB4U ̖&YJU ,FJP6OJW .JUB 3BJMT ɹ0UFNBDIJ4U .JUB-JOFc5P[BJ-JOF "QQMJDBUJPO 8BTFEB6OJWFSTJUZ JTMJTUFOJOHPO BTQFDJpDQPSU  *1 BEESFTT 1PSUOVNCFS * * 5 5 Like many web servers used to be listening mainly on port 80 (when HTTP was OK) Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.9/40
  10. Client-Server Model 5IF*OUFSOFU (JWFNFTPNFUIJOH )FSFZPVBSF $MJFOU $MJFOU 4FSWFS 4FSWFS4PGUXBSF "QQMJDBUJPOMJTUFOJOH

    GPSSFRVFTUTGSPN DMJFOUTPOBTQFDJpD QPSU $MJFOU4PGUXBSF "QQMJDBUJPOUIBU DPNNVOJDBUFTXJUI TFSWFSTPGUXBSF TFOEJOHSFRVFTUT XIFOOFFEFE One of the basic models of communication on the Internet Two types of computers Servers: computers providing services Clients: computers to be serviced Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.10/40
  11. Before Web What the Internet was used for (everything is

    still out there) Window system (X window) Mail (SMTP/POP) Netnews (NNTP) There were already “flaming” File transfer (FTP) Below came around the same time as Web Chat (IRC) Information retrieval (gopher) Now little used Now actually sounds more like an iconic mascot of the Go project Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.11/40
  12. To Web Changes in the way information is shared File

    storage and sharing services Save file on server (upload) Users access the server to download files (Files at the time were often scientific papers and program code) ⇓ WWW : World Wide Web Embed “Relation” links in the file → Hypertext (by Ted Nelson, 1963, 1974) The way files around the world link to one another is referred to as “Cobweb (web)”, and is named “World-Wide Web” Birth of a digital information infrastructure in which various data are organically linked Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.12/40
  13. World Wide Web #SPXTFS #SPXTFS XXXBNB[PODPKQ MJOLT TFSWFST EBUBTUSVDUVSF BDDFTT

    MJOLT MJOLT CSPXTF CSPXTF CSPXTF CSPXTF CSPXTF CSPXTF XXXHPPHMFDPKQ XXXZBIPPDPKQ A browser fetches a page, and if a user clicks on (or touches) a link, fetches another page Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.13/40
  14. Birth, Technology and Evolution of World Wide Web The Great

    Meeting of Hypertext and the Internet Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.14/40
  15. History of World Wide Web In 1989 Draft proposal by

    Tim Berners-Lee at CERN Adopts the concept of hypertext In 1990 WWW server and browser implemented on NeXT, HTML 1.0 Draft In 1991 Released WWW system (server, browser, library), started to be used by universities and laboratories In 1993 Mark Andreessen et al. developed the Mosaic browser, which made WWW widely spread In 1994 Tim Berners-Lee founded the W3C (World Wide Web Consortium) In 1995 Published HTML 2.0 In 2014 HTML5 In 2021 HTML Living Standard (WHATWG) Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.15/40
  16. We Start Here This Week You can wear a Halloween

    costume! Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.16/40
  17. Element Technologies of the World Wide Web HTTP/HTTPS HyperText Transfer

    Protocol (Secure) Protocol used for transferring HTML files HTML Hyper Text Markup Language Markup language for describing web pages Designed and recommended by the W3C → WHATWG URI Uniform Resource Identifier Identifier of an information resource on the Internet (not necessarily on WWW) URL (Uniform Resource Locator) is one way to implement URI Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.17/40
  18. Format of URL (Uniform Resource Locator) In case of https

    scheme Scheme https://www.google.com Host name : Port # 443/search Path ? Search string q = refrigerator Port number, path, and search string are optional For https scheme, the port number defaults to 443 Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.18/40
  19. HTTPS Demo $ openssl s_client -connect www.waseda.jp:443 Then GET /

    Install openssl in your environment and try it out You may want to try www.google.com:443 and GET /search?q=refrigerator instead Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.19/40
  20. Characteristics of HTTP/HTTPS You can get 1 resource (file) per

    request Each request is independent (state-less) It was enough to achieve its original purpose Original purpose → easy access to documents such as scientific papers But then there appeared a lot of applications for which this is inadequate. . . Want to treat a series of requests as a session Shopping, logging into membership site, etc. Art of maintaining states for that purpose Unique URL generation including a representation of the state HTTP cookies (like shared magic numbers) Access tokens Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.20/40
  21. Generalized Access Token 8FC4FSWFS SFRVFTU SFRVFTU SFTQPOTF SFTQPOTF TFBSDI SFHJTUFS

    HFOFSBUFTUPLFO EBUBQSPUFDUFECZBDDFTTSJHIU %BUBCBTF #SPXTFS 5JNF JOEFQFOEFOUDPOOFDUJPO JOEFQFOEFOUDPOOFDUJPO IFBEFS SFTPVSDF IFBEFS IFBEFS SFTPVSDF 9Z;X 9Z;X 9Z;X EBUBQSPUFDUFE CZBDDFTTSJHIU Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.21/40
  22. Consequences and problems of World Wide Web Changes in how

    people use the Internet Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.22/40
  23. What World Wide Web Brought Information distribution Information now contains

    links and information is organically linked across distributed servers Information providers create information (data) with links in mind Information users follow links to obtain new information (data) Finding information (data) Need some way to find a server that stores information (data) Large numbers of servers and distributed volumes of information (data) Search engine is important How information (data) is collected Distributed across the Internet, servers with popular information (data) are being accessed intensively as the number of users increases Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.23/40
  24. API API : Application Programming Interface Interface through which an

    application can make use of some features provided somewhere Web API : API by HTTP(S) requests In the case, features are provided by a web server Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.24/40
  25. REST (Representational State Transfer) Stateless client/server protocol Well-defined set of

    methods POST, GET (demoed), PUT, DELETE vs. CRUD (Create/Read/Update/Delete) CRUD represents the basic set of operations against a database Uniquely identify resources by URI Some demonstrations later Often returns results in the form of JSON (JavaScript Object Notation) Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.25/40
  26. REST – contd. Hypermedia that can handle both application information

    and state transitions An example of state transitions (state machines) (For example, on the web, page = state, and the page presents possible operations in that state as a set of buttons) A stack is a last-in, first-out date store You can push data in, and pop data out A design would be like, POST to create a stack POST to push to the stack POST to pop from the stack GET to peek in the stack state PUT to update an item DELETE to delete the stack Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.26/40
  27. Demonstration $ git clone https://github.com/ks91/sample-web-api.git Git is a free and

    open source distributed version control system GitHub is a service offering cloud-based Git repositories GitHub is also useful for managing dissertations and other papers, in fact any documents and tasks For example, at DX committee of WBS, we track issues using GitHub This is a really simple sample API that provides stacks (requires Python3 and Flask) Run the simple web API server $ python stack.py See README to discover how to try At the end of this demo, we will try (5 − 2) × (3 + 4) Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.27/40
  28. Discussion : Imagine API What APIs are useful in banking?

    Roughly design With CRUD (Create/Read/Update/Delete) in mind Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.28/40
  29. Basics of Cryptography Cryptographic hash function Public key cryptography and

    digital signature Zero-knowledge proof Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.29/40
  30. Cryptographic Hash Function       

                 *OQVUUIBUHJWFTUIFTBNFEJHFTU $BO` UEFEVDF 'JYFEMFOHUIEFpOFECZ UIFGVODUJPO FYCJU *OQVU )BTIWBMVF EJHFTU *GJOQVUTBSFKVTU CJUEJ⒎FSFOU 5PUBMMZEJ⒎FSFOU PVUQVU $SZQUPHSBQIJDIBTIGVODUJPO 4)" 3*1&.% FUD $BO` UEFEVDF $BO`UEFEVDF *U` TJOGFBTJCMFUPDBMDVMBUFBO JOQVUUIBUQSPEVDFTBTQFDJpD EJHFTU When a file (e.g., an open-source app) needs to be authenticated, the provider may publish a fingerprint value (called a hash value or digest) of the file (typically in hexadecimal) The downloader can calculate the digest in the same way, and if it is the same value as the publicly available one, they have a real file It is considered extremely difficult to disguise a fake file so that it gives the same digest The digest is calculated using a cryptographic hash function There are various functions, such as the SHA (Secure Hash Algorithm) series A cryptographic hash function is a function that outputs a completely different value if the original data (preimage) is different by even 1 bit Unidirectional, and cannot get preimage from the digest So it is sometimes used to hide the original data Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.30/40
  31. Actually Found Collisions for SHA-1 https://shattered.it Announced in February 2017

    by Google and the National Research Institute for Mathematics and Computer Science (CWI), Netherlands As an alert Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.31/40
  32. Public Key Cryptography 5IF*OUFSOFU %JTUSJCVUFQVCMJDLFZTJOBEWBODF -PDLJOHBOEVOMPDLJOHLFZTBSFTFQBSBUF  BTZNNFUSJDDSZQUPTZTUFN 4FOEFS LFZQBJS

    3FDFJWFS QMBJOUFYU QVCMJDLFZ QSJWBUFLFZ &ODSZQUX QVCMJDLFZ %FDSZQUX QSJWBUFLFZ 4FOEFODSZQUFEUFYU It is extremely difficult to deduce the private key from a public key Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.32/40
  33. Digital Signature (RSA) 5IF*OUFSOFU &ODSZQUXQVCMJDLFZ  BTJGJU`TBEFDSZQUFEEBUB 4FOEQMBJOUFYUX TJHOBUVSF %PFTUIFFODSZQUFETJHOBUVSF

    NBUDIUIFEJHFTU DPNQVUFEGSPNUIFQMBJOUFYU %FDSZQUXQSJWBUFLFZ  BTJGJU`TBOFODSZQUFEEBUB 3FDFJWFS 4FOEFS QMBJOUFYU QMBJOUFYU TJHOBUVSF TJHOBUVSF %JTUSJCVUFQVCMJDLFZTJOBEWBODF LFZQBJS EJHFTU QVCMJDLFZ QSJWBUFLFZ EJHFTU Can prove that it was sent by the very person and has not been altered This illustration shows how it works with RSA (RSA : Rivest, Shamir, Adleman) ECDSA is used in Bitcoin, etc., instead (Elliptic Curve Digital Signature Algorithm), in which we don’t encrypt/decrypt Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.33/40
  34. Generalized Digital Signature Signing Input : <plain text, private key>

    Output : signature Verifying Input : <plain text, signature, public key> Output : OK (no change in plain text, and private key was used) or NG (otherwise) Whether the signature meets certain mathematical properties that can be tested using plain text and public key Private key cannot be inferred in the verification process Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.34/40
  35. Public Key Certificate 5IFSFJTOPHVBSBOUFFUIBUUIFQVCMJDLFZ PCUBJOFEUISPVHIUIF*OUFSOFUJTHFOVJOF 8FEPOULOPXJGUIFQVCMJDLFZVTFEGPSTJHOJOH UIFDFSUJpDBUFJTHFOVJOFPSOPUFJUIFS "MJDF #PC $BSPMF

    DFSUJpFS # C " # 8IPTF $ 5IF*OUFSOFU TJHOBUVSF 4JHOBUVSFPO"TQVCMJDLFZ  $FSUJpDBUF #VUXFOFFE$TQVCMJDLFZ UPWFSJGZUIFTJHOBUVSF .BMJTTB BUUBDLFS & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & . " QVCMJDLFZ LFZQBJS QVCMJDLF LF LF LF LFZ QSJWBUFLFZ QVCMJDLFZ LFZQBJS QVCMJDLF LF LFZ QSJWBUFLFZ QVCMJDLFZ LFZQBJS QVCMJDLF LF LFZ QSJWBUFLFZ Public key infrastructure is used in the Web and elsewhere It has a root ← need to trust someone unconditionally, and CA (Certificate Authority) is a (single) point of failure Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.35/40
  36. What is Zero-Knowledge Proof? 4PVSDFl;FSPLOPXMFEHFQSPPGz 8JLJQFEJB Verifier remains to have

    no knowledge other than what prover wants to prove Example: “I know a secret spell to open the door” ↑ Prove this without revealing the spell itself For example, repeat “coming out from the way she is told” for 20 times Completeness Verifier accepts with high probability if the proposition is true Soundness Verifier has little chance of accepting if the proposition is false Zero-knowledge Can imitate dialogue without having to be a prover (without knowledge) Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.36/40
  37. What’s Non-Interactive Zero-Knowledge Proof? No dialogue is required for performing

    zero-knowledge proof Example: proving “my test score is the same as yours” Only one person can enter the room at a time Room has numbered and locked voting boxes for every possible score (for example, 101 boxes for 0∼100 points) You have a key bundle, but leave only the key of your score box, and throw away the rest I enter the room and vote for my score box and × for the rest You go into the room and unlock your score box to see if it’s voted Digital signature (can prove that the private key is there without revealing it) is an example of non-interactive zero-knowledge proof Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.37/40
  38. Assignment Lecture 6 : The World of Apps - continued

    — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.38/40
  39. Assignment 3. “Blockchain” (1) Please give a specific example of

    financial services (2) If a user is an “end (edge)”, what is the “center” operated by people or an organization in the example? (3) How will the service change if that center is automated, without an organization? Deadline and how to submit November 9, 2021 at 17:59 JST From Moodle (mandatory) Optionally, you can also post to #assignments channel at Discord So that your classmates can read your report, refer to it, and comment on it Just plain text, and be concise, please (and please remember Kent Beck on How to Get a Paper Accepted) Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.39/40
  40. See You Next Time! Have a nice weekend or two!

    The next lecture will be on November 12, 2021 Lecture 6 : The World of Apps - continued — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-10-29 – p.40/40