Chapter 1: Digital Transformation ●​ digitisation = convert info -> digital format

​Digitalisation = synonym for digital transformation (+ strong focus on ●​ digitalisation = transform continuous -> concrete value
business) => special binary system of 0 and 1
"application of digital tech in all aspect of human society"
bit: smallest piece of info // info-unit w 2 states 0 or 1
Digital Transformation is driven by "Enablers" byte = 8 bits // info unit consist of 8 bits
●​ no need to dev new tech -> but identify & implement
opportunities based on these tech 𝑓𝑖𝑙𝑒 𝑠𝑖𝑧𝑒
𝑇𝑖𝑚𝑒 = 𝑏𝑎𝑛𝑑𝑤𝑖𝑑𝑡ℎ
10
How challenges r defined? Kilo = 2 = 1.024
20
Turing test: measure of a machine's ability to exhibit intelligent Mega = 2 = 1.024 * 1.024
behaviour equivalent to or indistinguishable from that of a human 30
Giga = 2 = 1.024 * 1.024 * 1.024
<=> first ever computer to pass: algorithm
*Kilo, Mega, Giga, etc not clearly defined
*1024 only use for file size ; for bandwidth use 1000
3 dimensions of Digital Transformation
●​ Development of new products and service (Value
Proposition)
○​ Products enhanced by IT e.g. self-driving cars
●​ Improvement of internal processes (Value Creation)
○​ Business process digitisation e.g. automatic invoice
creation
●​ Improved interface to the customer (Customer Interaction)
○​ Digital communication e.g. internet banking
—
Exercise: Uber
●​ VP: both stakeholders using app
●​ Value Creation: apply IT into management (i.e. driver
management) system ❗Important:
●​ Customer Interaction: call/text driver through apps ●​ size of files & storage media given in byte
— ●​ bandwidth: capacity for sending data (in bit/s ; KBit/s ;
Challenges in Digital Transformation: IT, organization, value added, MBit/s)
compliance ●​ factor kilo, mega, etc. always stand for 1.000, 1.000.000, etc.
respectively
●​ Information technology
○​ Know the latest enabler (current trends? which r ⭐With n bits possible to define exactly 2 states
𝑛

future-proof) —
○​ Status Quo of own IT § Exercise:
1.​ Legal systems 1.​ How many states can be expressed with 4 (8, 10, 16) bits?
4
2.​ Interfaces 4 bits = 2 = 16 states
○​ Handling of Data 8
8 bits = 2 = 256 states
○​ Running IT projects 10
10 bits = 2 = 1024 states
●​ Organisation
16
○​ Challenge of alignment of IT and organisation 16 bits = 2 = 65536 states
○​ Lack support by top-level-management
○​ Lack digital culture 2.​ How many states does a traffic-light have? How many bits
○​ Resistant against change are required to code all states of the traffic light?
3
●​ Value Added (how to earn (more) money w digital traffic light has 3 lights ⇒ 2 = 8 states (i.e. combination of on/off for
transformation) each light)
●​ Compliance = act of obeying a law/rule
○​ IT fast dev. -> legal problems 3.​ How many states does the alphabet have? How many bits
○​ Data privacy (GDPR in EU) are required for its representation?
○​ Ethical issue (in ML) alphabets has 26 letters = 26 states
Challenges: Legal systems ⇒ need enough bits to cover ≥ 26 possible combi
●​ most companies based on IT architecture -> grown past year 𝑛
⇒ 2 ≥ 26 ⇒ n = 5 ⇒ 2 = 32
5

●​ challenge: tame & handle these system interpretation: need ≥ 5 bits

○​ focus: no unexpected effects —
●​ example: FH Aachen Characters of alphabet rep. by bits
○​ IT-Architect/ Enterprise Architect: Ilias, Campus, QIS, ●​ very easy: a list is defined + assigned to a combi of bits
etc. ●​ problem: no. of characters has to be known to specific no.
○​ integration & update last several year + system required bit + standardize
relatively simple ●​ example: ASCII (American Standard Code for Info
Challenges: Organisation Interchange) → compatibility problem: ASCII too small for
●​ lack support by top-level-management -> alignment of IT + other nation (e.g. German)
lack digital culture ⇒ 2nd attempt: use 8 bits = 256 characters
○​ digital culture? not specified ​ ⇒ 3rd attempt: unicode
●​ example: digital culture - hackathon Dual numbers
○​ past: long feasibility studies "right the 1st time" ●​ usual number based on 10 digits: 0 → 9
○​ today: fast dev (w/in 24 or 48hrs) ●​ numbering system based on decimal system
Chapter 2: Digitalisation example:
digitalisation ~ digitisation (digitus = "finger") 4 * (100) + 5 * (10) + 6 * (1) = 456
 ●​ dual number based on 2 2 stereo = 705600 * 2 = 1, 411, 200
example: 3.​ You want to stream the audio in CD-quality. What
transmission capacity is required.

●​ hexadecimal numbers based on 16 Chapter 3: Computer

●​ diff numbering system: Hex, Dec, Oct, Bin Computers r defined by (free) programmability
— => programmability:
§ Exercise: ●​ Computer hardware can be used for diff duties
Change the following hexadecimal numbers into decimal ones: ●​ Can change behavior of a computer by other program
1
●​ 2B16 = 2 * 16 + 11 * 16 = 43
0 installation ⇔ hardware is unchanged
1 0 ●​ Clear separation of hardware and software (i.e. execute diff
●​ F316 = 15 * 16 + 3 * 16 = 243
software -> install new software)
​
—
Hardware: any element of a computer that's physical, e.g. monitors,
Pictures rep. by bits & bytes
keyboards, and also the insides of devices, like microchips and hard
Pictures r continuous in 2 respects
●​ colors r continuous → mapped to discrete color scheme drives​
●​ geometry of pic is continuous → mapped to discrete matrix Software: anything that tells hardware what to do and how to do it,
Geometry = picture divided in pixel (atomic pt w exactly 1 color incl. computer programs and apps on your phone​
assigned) ; organised in row & column Operating system: acts as an interface between the computer user
and computer hardware, after being initially loaded into the
Color = defined w color table computer by a boot program, manages all of the other application
●​ each color rep. by a no (combi of bits) & no. of colors (i.e. in a computer​
color depth) determine no. of required bits What is a mainframe? A mainframe is a large and powerful
computer that is designed to handle complex and critical business
RGB standard = more complex color scheme (each color composed applications, e.g. financial transactions, airline reservations, and
out of red, green, blue) ; each component rep. by 1 byte = 16 mil healthcare records.​
color var. What is a minicomputer? a computer of medium power, more than
one color = 2 hexa digit = 4 bits or ½ byte a microcomputer but less than a mainframe.​
8 An epoch: particular pt in time that is used as a ref pt for measuring
each byte = 8 bit ⇒ 2 = 256 diff intensity lv. for each color (R/G/B)
3 time in various fields, such as astronomy, geology, and computing.
possible color combi = 256 = 16, 777, 216 ​
Disadvantage of having diff software on diff computers​
Picture can be compressed Example: SAP​
●​ original size = TIFF, BMP SAP, or Systems, Applications, and Products in Data Processing, is a
●​ compressed size = JPG (photos), GIF (graphics), PNG prominent German software corporation. It specializes in
some compression algorithms r working w/out quality loss ; most enterprise software for optimizing business operations and
oft quality loss is accepted customer relations, primarily recognized for its ERP software.​

⭐
​
Audio can be digitalised (~picture digitisation) Computing Epoch:
sound, music, noise rep using sound wave
1.​ 1st idea:
●​ frequency of measurement ~ resolution
a.​ Charles Babbage (1791-1871)
●​ 2 steps of audio digitalisation
i.​ mechanical computer sketch on paper
○​ sampling of sound wave = measure value of wave w
ii.​ implementation failed bc lack of tech
given frequency
b.​ Ada Lovelace (1815-1852)
○​ quantification of sample = display measurement
i.​ dev. 1st concept of programming
value on predefined scale
2.​ otw to computer (-1960)
a.​ electronic accounting machine
i.​ simple for cashier
ii.​ program r fixed wire + EAMs r not
computers
​ ⇒ lack free programmability
●​ standardized sample 3.​ Epoch 1: Mainframes & Mini-computers (1959 - today)
example: Telephone (PCM) based on 8000 8-bit sample (EU) a.​ start of commercial usage of mainframes →
per sec ⇒ acoustic frequencies higher than 4KHz lost
❗
computer
⇔ trade off between quality (better sound) & cost (memory & b.​ Important: all components incl. software and the
transmission capacity) infrastructure fr one company (now: still couldn't
— produce mọi thứ theo 1 khuôn khổ)
§ Exercise 4.​ Epoch 2: Personal Computer (1981 - today)
1.​ Calculate the required transmission capacity (Bits/s) for the a.​ 1965 DEC introduced mini-computer
telephone (PCM) i.​ cheaper than IBM-mainframes
Transmission cap. = 8000 * 8 = 64000 ii.​ IT can be decentralized (focus on
department instead of companies)
2.​ How much memory does an Audio-CD have? Use the 5.​ Epoch 3: Client Server (Mid 80's - today)
following assumptions: a.​ several clients connected to 1 server thru LAN
●​ 44,100 Samples/s → Frequencies up to 22,050 Hz b.​ offer diff service (DNS, WWW, Database)
presentable c.​ today: multiple services offer fr diff servers
●​ Samples of 16 Bits → 65,536 values 6.​ Internet Computing (90s - today)
●​ The CD has up to 74 minutes audio capacity. a.​ global internet = distribution of TCP/IP standard
●​ Because of the stereo, two separate channels are required. b.​ success of epoch 3 ⇒ increase network (which r
Transmission cap. = 44100 * 16 = 705600 interconnected)
 c.​ WWW offer easy access to network & its service
development mostly driven by "what is possible" rather than
7.​ Cloud Computing (~2000 - today)
actual need l
a.​ data stored thru internet (no long on local
hardware)
b.​ services can be taken fr internet thru cloud Moore's Law: introduction of processor-chips (1959) -> no. of
computing transistors per chip doubled every year; consequences:
c.​ IT provider dev. new business model offer scalable & 1.​ The performance of micro-processors doubles every 18
flexible cloud service months.
—​ 2.​ The performance of computers x2 every 18 months.
§ Exercise 3.​ The price for IT-based processing of information is only ½
Epoch 1: What kind of transformation is enabled by the mainframes every 18 months
and mini-computers? How can the IT of an epoch support this Consequences for business:
process? ●​ continuous price decline for hardware → when it's best to
buy?
●​ qualitative prognose abt IT performance: diff
●​ quantitative prognose about power of future IT: possible

other similar law:

●​ Mainframes and minicomputers enable transformation thru ●​ Kryder's Law: capacity of hard disks grows by a factor of
centralized data processing but not helping too much → 1000 every 15 years
mostly still done manually ●​ Nielsen's Law: predicts end-user bandwidth doubles every
21 months, though slower than Kryder's Law, it remains the
Epoch 2: What kind of transformation is enabled by stand-alone limiting factor
PCs? How can the IT of an epoch support this process? ●​ Koomey's Law: observes that energy per operation halves
●​ stand-alone PC enable transformation toward decentralized every 1.57 years, compensating Moore's Law, ultimately
computing (i.e. by department) w smaller task (i.e. resulting in computers requiring similar energy consumption
spreadsheet calculation, basic data management) w/out as in the past due to balanced performance and energy
reply on centralized mainframe decrease
●​ In this process, epoch 2 offer user-friendly operating system hard-disc capacity growing exponentially ⇔ price decline
tailored to personal productivity (e.g. prepare template) but exponentially ⇔ network bandwidth growing exponentially
most process unchanged
Chapter 4: Computer networks
Epoch 3: What kind of transformation is enabled by What is a computer network?
client-server-architectures? How can the IT of an epoch support this ●​ Collection of items which r compatible to each other:
process? ○​ Hardware
●​ client-server-architect allow several clients (i.e. personal ○​ Software
computers) to be connected thru 1 server LAN (centralized ○​ Transmission procedures (protocols) i.e. enable
computer); efficient, scalability and flexibility transmission of data between single components
●​ Epoch 3 allows employees to better collaborate & interact of a communication system
with resources while servers store & manage resources (e.g. ●​ Components example: computer, periphery (printer,
invoice database and invoice template) → other need to be keyboard, mouse, etc.), telephones, cable, Wi-Fi router, etc.
done manually (e.g. control payment) Compatible: 2+ things able to exist or work together without
conflict.
Epoch 4: What kind of transformation is enabled by the internet? Periphery: phụ kiện / thiết bị ngoại vi
How can the IT of an epoch support this process?
●​ internet allow global connectivity, info exchange & comm. Why do we have networks?
across geographic boundaries ⇒ no need for infrastructure ●​ Communicate w friends -> communication network
●​ Epoch 4 allows handling invoice between companies thru ●​ Use device that r connected to another computer -> device
online platforms (and ERP system) and EDI (electronic data network
interchange) + API & web service facilitate integration ○​ Use printer in the library
between diff system ●​ Access data -> data network
○​ Download examination regulation
Epoch 5: What kind of transformation is enabled by ●​ Execute functions offered by servers -> function(tional)
cloud-computing? How can the IT of an epoch support this process? network
●​ epoch 5 characterized by cloud computing and blockchain ○​ Internet banking
technology, handling invoices between 2 companies is ●​ Balance load -> load network
supported by utilizing cloud-based invoice management ●​ Reduce unavailability of computer in risky environment ->
platforms & blockchain-based systems for transparent and (high) availability network)

💡
automated tracking of invoice transactions.
Tips for the exam Protocols & Standards
If you're asked which epoch you're, check the following: ●​ Why r standards required for computer networks? -> to
​ stand-alone / department enable diff components to communicate since we need
​ connection to the internet? (for browsing only or core rules on how EXACTLY this communication has to look like
process of company) ●​ Standard: consistent, widely accepted and widely used
method to implement something
current trends: ⬆mobility, digital convergence (computer network, ●​ Protocol: set of regulations which define the structure of the
TV network, etc), ubiquity (hard- & software no longer limited to data to be sent and the process of the communication
computer but also embedded in cars, fridges, etc.) between components of a network.

Framework
Components of a network w same protocol implemented -> able to Gateways: a piece of networking hardware/software used in
communicate w each other telecommunications networks that allows data to flow from one
Framework (aka reference models): established to classify on an discrete network to another ; able to handle >2 diff media ⇒ ability
abstract level the diff protocols ; organised in (hierarchy) layers to to "translate" from one to other
which diff protocols r assigned Hub: (similar to USB) transmit/copy all info to all output
Switch: similar to hub but know which info to which address
Router: in the middle of network: guide where to send sth
Each computer want to connect to network need an unique address
presented in hexadecimal (i.e. combination of bits)
●​ MAC-address assigned by manufacturer & permanently
written into a chip

How do you know if data change/completely lost?

●​ data assembled in data packets (consist of 1s and 0s)
●​ data packets has checksum, receiver can find out if data
packet received correctly

—
§ Exercise
Students of XY-University get a student-number. This
student-number consists of eight digits. The last one and the second
last one are control digits (checksums). These control digits can are
based on the first six digits and can be calculated as follows:
TCP = transmission control protocol // transport layer 6

TCP UDP 𝐶ℎ𝑒𝑐𝑘𝑠𝑢𝑚 = ( ∑ (7 − 𝑘) * 𝑍𝑘 𝑚𝑜𝑑 100

𝑘=1

connection-based protocol connectionless ●​ Calculate the checksums for the given student-numbers:
923456, 543987
more reliable + more error faster ●​ Additional Question: Why are the digits multiplied with
prone but slower different weights? Why is no weight equal to zero? What is
IP = internet protocol // internet layer the advantage of having two digits in the checksum?
student ID: 923456
9 2 3 4 5 6

6 5 4 3 2 1

54 10 12 12 10 6

❗Important: in theory (oft in practice) you can replace a protocol 54 + 10 + 12 + 12 + 10 + = 108 mod 100 ⇒ 08
⇒ complete student ID: 92345608
w/in a layer by another protocol W/OUT impacting the other layers

student ID: 543987

What kind of transmission media r available?
1.​ Wire 5 4 3 9 8 7
○​ Twisted pair (telephone cable) - cáp xoắn đôi
6 5 4 3 2 1
1.​ (+) cheap, easy to install, robust (khoẻ)
○​ Coax cable - dây cáp đồng trục 30 20 12 27 16 7
1.​ (+) easy to install, robust, cheap (more 30 + 20 + 12 + 27 + 16 + 7 = 112 mod 100 ⇒ 12
expensive than twisted pair) ⇒ complete student ID: 54398712
2.​ (-) better bandwidth than twisted pair but —
less than fibre (optic) cable) Router: networking device, act as dispatcher, choose best route for
○​ Fibre (optic) cable - truyền thông sợi quang (mostly your info to travel + constantly update on the network traffic + have
used in backbones (data highways) only local perspective
1.​ (+) very high bandwidth (up to terabit/s) Data packet: small unit of information transmitted over a network,
2.​ (-) not easy to install, breakable (not such as the internet, from one device to another.
robust), connector r easily fouled Within networks, this problem is solved on the transport layer. The
2.​ Radio protocols TCP and UDP set up and control end-to-end-connections within
○​ Infrared the internet.
○​ Microwave (radio link system)
○​ Mobile communication Network classification:
○​ Satellite communication (intervisibility required)
○​ WiFi Wireless communication
○​ Bluetooth ●​ why? comfort & independence fr wire
○​ RFID (radio frequency identification) ●​ diff types of mobile comm. standards
○​ NFC (near field communication) ○​ telephone based standards like GSM, UMTS, LTE
○​ standardise WW
CSMA (carrier sense multiple access): a protocol for carrier 1.​ GSM (global system for mobile communication)
transmission in 802.11 networks ; developed to minimise potential 2.​ UMTS/WCDMA (universal mobile telecommunication
collision occur when 2+ stations send signals over a data link layer system/wideband code division multiple access)
3.​ LTE (Long-term evolution)
●​ Possible to switch between diff media (done by gateways) 4.​ 5G
💡slowest to fastest
GSM <WCDMA < bluetooth < Wifi < WIMAX < LTE < 5G < T1
●​ w/out domain ⇒ people need to memorize IP address
Computer oriented standards
●​ w/out IP address ⇒ communication doesn't work bc
●​ standardization by computer industry
computer can't function
○​ IEEE
○​ standards follow the ISO/OSI principals
●​ WiFi (wireless fidelity) example:
○​ wireless local network 10Mbit/s several domain address assigned to 1 single IP address: big corp
○​ no gateway required has several domain address for each country → reporting back to
●​ WIMAX (worldwide interoperability for microwave access) 1 single IP address
○​ operate like WiFi but cover larger areas + deliver
1 domain address assigned to several IP address when 1 domain
internet connection to both fixed & mobile device
address accessing multiple server
○​ ≤ 150MBit/s
●​ Special standard:
How is the internet organized?
○​ bluetooth: ad-hoc network between diff devices
Internet-root-domain > TLD (Top-Level-Domains) form uppermost
(bandwidtxh ~2MBit/s)
level > second-level-domain > third-level-domain
○​ NFC: based on passive RFID-tech (radio frequency
●​ IP = Internet Protocol, here: IPv4 = IP Version 4
identification)
●​ Each IP-address
○​ consists of 32 bits (4 bytes)
Tendencies:
○​ identifies one computer (more exactly: one
●​ Convergence of Network: network separation for multiple
interface of a computer)
purposes (data network for computer, telephone network,
○​ is typically given in the dotted decimal notation ◦
cable network for TV, etc.)
e.g. 173.254.23.1
●​ IoT: comm. between people (future: M2M comm. more
■​ address space from 0.0.0.0 up to
relevant // machine-to-machine comm.)
255.255.255.255 à 2³² ~ 4.3 billion
addresses
User datagram protocol (UDP): operates on top of the Internet
●​ IP-addresses are administered by the ICANN www.icann.org
Protocol (IP) to transmit datagrams over a network + does not
●​ Advantage:
require the source and destination to establish a three-way
○​ Easily handable for computers
handshake before transmission takes place => no need for an
○​ Bits can easily be processed
end-to-end connection
●​ Disadvantage: Not user friendly
○​ Hard to remember or to recognize
○​ Not possible to deduct source from IP-address

Why no. of IP-address not sufficient?

●​ Sold in blockwise -> many addresses r wasted => IPv4
address running low
=> new address space: IPv6 w 128 bit

DNS = domain name system = database which assigns internet

addresses to IP address and vice versa
●​ TCP model (transmission control protocol): a
communications standard that enables application Success factors of the internet
programs and computing devices to exchange messages 1.​ Layered architecture: enable exchange of technical parts not
over a network influence other part
●​ IP (internet protocol): the set of rules governing the format 2.​ End-to-end architecture: no need to care abt packages r
of data sent via the internet or local network taking thru internet, just final address need to be specified
3.​ Scalability: robust against growth
Chapter 5: Internet 4.​ Distributed dev. + decentralized control not controlled fr a
●​ Today's energy network: mostly centralized → vulnerable central position
system
●​ internet = network BETWEEN network Internet: based on protocols TCP/IP
●​ internet = decentralized architecture & decentralized ●​ on top of TCP/IP diff service r offered
organization → robustness ●​ below TCP/IP based on wireline & wireless tech
●​ 2 address-scheme on internet: domain-addresses & IP
addresses ; assigned by DNS
●​ Network w/out application = useless
●​ For many companies, the internet is important for comm. w
customer ; for internal comm. = new business model pop-up
Advantages: ●​ attributes of internet: omnipresent, global, universal,
●​ Single components can easily be exchanged or added personalisation, multimedia, interactivity, high information
●​ Independent dev. Becomes possible (decentralized) density
●​ Innovations & improvements r easily accepted
Chapter 6: E-commerce - Basics
Every computer on internet requires a unique address ●​ E-Commerce = electronic commerce; electronic support /
●​ IP address (aka Internet Protocol address) -> for computers implementation of processes and transactions between
●​ Domain address -> for people companies & customers
○​ (+) easy to remember & recognise ●​ external transaction r built on internal processes → diff
○​ (-) not computer friendly between e-commerce & e-business blur
Example: Customer buys and pays a digital product using the ●​ transaction cost: delivery/paperwork ⇔ automation for a
online-shop. Warehousing is virtual, payment and accounting is transaction
handled fully automatically. The borders between internal and ●​ delayed gratification: ~delayed shipping/delivery
external processes are getting unclear. ●​ dynamic pricing: static pricing (infrequent change) ⇔ algo
adjust price in real time
●​ price discrimination: limited info → hard to discriminate ⇔
use algo to adjust price based on predefined factor
(location, computer type used)
●​ market segmentation: low precision of segmentation + high
cost ⇔ moderate precision + low cost
●​ switching cost: cost of switching :)
●​ network effects: digital market (more trustworthy fr review)
⇔ traditional market (don't have review :) to help w
decision)
●​ disintermediation: digital market (no intermediaries) ⇔
traditional (more intermediaries)

Ubiquity = Omnipresence (Tính có mặt bất cứ nơi nào)

-> The commerce overcomes traditional borders with respect to
time (opening hours) and geography (real physical shop)
-> A market-space in contrast to a market-place is built up. marginal cost/unit:
-> The comfort for the end-user increases. production cost:
-> Transaction costs for both – customer and retailer – are copying cost: involve lots of printing cost ⇔ one need to create one
decreased. → inexpensive
-> New marketing channels are established. delivery cost: (digital) low cost cause buy digital good
-> The potential market increases: From local to global. inventory cost: cost for storage of inventory (goods)
-> For retailers the costs to enter new markets decrease. marketing cost: both are variable
-> New strategies for differentiation are enabled. pricing: fixed pricing ⇔ vary depend on diff factors
Typical E-commerce business model
Richness & Density of Info

relevance for business:

●​ continue trend fr mass marketing to marketing focus on
small groups / individual W/OUT losing reach
●​ integrated in a dialogue (i.e. evaluation at Amazon, Blogs,
etc.)
●​ use bi-directional comm. relationship to customer can be
established / stabilized
○​ reduce force of competitors
○​ reduce force of substitute
E-commerce w 5 forces by porter
Info richness: the ability of information to change understanding = framework for analyzing a company's competitive environment.
within a time interval + Media richness theory states that all = frequently used guideline for evaluating the competitive forces
communication media vary in their ability to enable users to that influence a variety of business sectors
communicate and to change understanding = guide business strategy to increase competitive advantage
Interactivity -> bi-directional communication (= 2-way conversation)

Digital markets vs Traditional markets

Chapter 7: E-commerce Analytic

●​ information asymmetry: when one party has more info ●​ Distinction between e-Comm & e-Business
than another party E-commerce E-Business
●​ search cost: the cost for searching for a product
Externally Internally
Interface to customer Everything ●​ analytics: pattern matching, ML, AI
—
B2B, B2c E2y
⭐ A Customer Journey covers all Touchpoints of a customer during § Exercise
To better understand their customers and to increase the
sale​ performance of the web, Big Skinny (a company explained within a
Touchpoint: event where customer gets in touch w a case in the exam) starts using web analytics.
product/service/customer ●​ First step is the analysis of log-files from the own
○​ Mary sees a TV-ad for BMW = touchpoint web-server. List four types of information, which can be
○​ She talks w her friend about the car = touchpoint found out using this analysis. List two types, which can not
○​ She surfs on the internet to the car web = be found out. (3 points)
touchpoint 4 types of info: visitor traffic, ref. source, user behavior, errors &
All touchpoints together ⇒ customer journey​ issues
​ 2 types can't be found:l demo info, user interactions
●​ A second step is the introduction of cookies. What is a
cookie? What is typically stored in a cookie? Which type of
analysis can be done which could not be done before? (5
points)
cookie is a small piece of data stored on user's device by a website
​
they visit, used to remember info abt user's browsing activity
before: session info + pref. → now: user tracking + personalisation
Which info derived fr log-file?
●​ from which IP address does access come
●​ Still unsatisfied, Big Skinny starts to cooperate with a
○​ user NOT be identified w IP ONLY
company which displays ads on different websites (Spiegel,
●​ from which website does access from?
gmx, web.de, yahoo, …). This company uses tracking pixels.
○​ search engine → the web found
Which additional information can be gained for Big Skinny?
○​ from another website → which ads work well?
(2 points)
○​ internal link → how user surf thru
cross-site tracking (activity across diff websites) & ad performance
●​ hardware & browser is used
(user interaction)
●​ stats key-figures can be derived
—

❗
●​ quality of own web can be analysed
Chapter 8: E-commerce Marketing
●​ important: comparison to real physical shop, it's possible
Conversion funnel: describe diff step user → customer
to observe customer & statistically analyze → gained data
Awareness > Interest > Consideration > Purchase > Loyalty

Typical key figures in E-Marketing

●​ impression (how oft page/ad requested)
●​ click (how oft page clicked on)
●​ conversion (how oft product/service is bought)
●​ CTR (Click-through-rate) = click/impression
●​ CR (conversion rate) = conversion/click
Cookies r web-application's memory ●​ bound rate = bounces/clicks
●​ visits
🍪
●​ communication in the web is memoryless
●​ = small file ; stored on client on behalf of server ⇒ not a ●​ unique visitor = how many DIFF visitors
program so can't harm the computer ●​ stickiness = how long user stay on page
Using info in header, user can be identified ●​ loyalty = how many customer (in %) r coming back
●​ header diff for each computer, users and computers can be ●​ reach = what % of market in reached
identified using this info
●​ approach is improved using "Canvas Fingerprinting" Payment models
𝑐𝑜𝑠𝑡
●​ can be manipulated (i.e. pretend computer as iphone) → ●​ CPM (cost per mile) = * 1000 = how much r 1000
ỉ𝑚𝑝𝑟𝑒𝑠𝑠𝑖𝑜𝑛
use for testing website or fake IP impressions
⇒ WWW supervised on very detailed lv ⇒ cheating & effort to ●​ CPC (cost per click)
overcome this surveillance ○​ advantage: avoid risk of visitor not clicking on the ad
⇒ ad for webpage r auctioned in real time! ○​ even better: cost per visitor (but rarely offer)
●​ CPA (cost per acquisition), CPA (cost per action)
eCommerce overcome conflict between richness and reach these figures can be payment models, also key figures
●​ reach: how many customers can be reached?
●​ richness: how much info can be given to the customer? 💡Formula 𝑐𝑙𝑖𝑐𝑘
●​ conflict: 𝐶𝑇𝑅 = 𝑖𝑚𝑝𝑟𝑒𝑠𝑠𝑖𝑜𝑛
𝑐𝑜𝑛𝑣𝑒𝑟𝑠𝑖𝑜𝑛
○​ big reach → little richness (e.g. ad on TV / 𝐶𝑅 = 𝑐𝑙𝑖𝑐𝑘
newspaper) 𝐶𝑃𝑀 1
𝐶𝑃𝐶 = 1000 * 𝐶𝑇𝑅 ; 𝐶𝑅 = 𝑐𝑜𝑛𝑣𝑒𝑟𝑠𝑖𝑜𝑛
𝑐𝑙𝑖𝑐𝑘

○​ big richness → little reach (e.g. individual talk in 𝑐𝑜𝑠𝑡 𝐶𝑃𝐶

⇒ 𝑐𝑜𝑛𝑣𝑒𝑟𝑠𝑖𝑜𝑛 = 𝐶𝑅
boutique)
𝑐𝑜𝑠𝑡 𝑐𝑜𝑠𝑡 𝑖𝑚𝑝𝑟𝑒𝑠𝑠𝑖𝑜𝑛 𝑐𝑙𝑖𝑐𝑘
eComm. overcome this conflict by adapt individual needs of 𝑐𝑜𝑛𝑣𝑒𝑟𝑠𝑖𝑜𝑛
= 1000 𝑖𝑚𝑝𝑟𝑒𝑠𝑠𝑖𝑜𝑛 * 1000 * 𝑐𝑙𝑖𝑐𝑘
* 𝑐𝑜𝑛𝑣𝑒𝑟𝑠𝑖𝑜𝑛
customer, can be produced in big numbers. 𝐶𝑃𝑀
⇒ 𝐶𝑇𝑅 * 𝐶𝑅 * 1000
𝑐𝑜𝑠𝑡
𝐶𝑃𝑀 = 𝑖𝑚𝑝𝑟𝑒𝑠𝑠𝑖𝑜𝑛 * 1000
Perspective:
1 𝑐𝑙𝑖𝑐𝑘 1 𝑖𝑚𝑝𝑟𝑒𝑠𝑠𝑖𝑜𝑛
●​ analysis: why has sth happened? 𝐶𝑅
= 𝑐𝑜𝑛𝑣𝑒𝑟𝑠𝑖𝑜𝑛 ; 𝐶𝑅 = 𝑐𝑙𝑖𝑐𝑘
𝐶𝑃𝐶
●​ analytics: what'll happen? at least w a high probability 𝐶𝑃𝐴 = 𝐶𝑅
Method:
●​ Impressions: How often is a page (or an ad) requested and
●​ analysis: de-composition into parts
shown?
 ●​ Clicks: How often is a page clicked on (e.g. an ad which § ○​ Conversion Rate: 2%
leads the customer into the web-shop) ○​ Display-Ad: CTR: 0,3%
●​ Conversions: ○​ Display-Ad: CPM: 10,00€
○​ How often a product or a service is bought. ○​ SEO: Monthly costs 2.000€
○​ Unique Visitors: How many DIFFERENT visitors ○​ SEM (= SEO and SEA): CTR: 1%
○​ CPA/CAC/CPA/cost per conversion ○​ SEA: CPC: 0,90€
●​ Bounce Rate ●​ XY has had 10.000 unique visitors in the web-shop during
○​ Bounce: The customer leaves the web page within a the last month. 40% came through SEA, 30% through SEO,
very short time. 10% through display-ads.
○​ Bounce Rate = Bounces/Clicks ●​ The average conversion creates a revenue of 50€.
●​ Visits: Number of Visits. A click becomes a visit, if the
customer stays at a defined time. Answer the following questions for each of the three marketing
●​ Unique Visitors: How many DIFFERENT visitors means (SEO, SEA, display-ads):
●​ Click-Through-Rate (CTR): ●​ How many visitors reached the web-shop through each
○​ Relation between Clicks and Impressions method? ◦ i.e. how many visitors have CLICKED on your
○​ CTR = Click/Impressions page?
●​ Conversion Rate (CR): ●​ How many visitors have seen the respective ads?
○​ Relation between Conversions and Clicks ○​ i.e. how many IMPRESSIONS have been reached
○​ CR = Conversions/Clicks with the means?
●​ Stickiness: How long does a user stay on my page. ●​ How high is the respective CTR? CPM?
●​ Loyalty: How many customers (in percent) are coming back ●​ How high is the respective CR?
●​ Reach: What percentage of the market is reached​ ●​ What are the costs for the three methods? Per what?
— ●​ What are the costs per month?
§ Exercise ●​ How high is the revenue per method?
●​ The money you're getting fr the customer for product X is ●​ How high is the Cost per Acquisition per method?
higher than the price for the conversion of product X. —
Should you go on w the business? Chapter 9: Data Security – Threats
○​ spontaneous answer: yes Conversion funnel: describe diff step user → customer
○​ BUT don't forget it cost money to produce product X Awareness > Interest > Consideration > Purchase > Loyalty
●​ The money you're getting for fr the customer for product X
is less than the price for the conversion. Are there any Problems w data security
reasons, to continue w this approach? I-Love-You-Virus (2000)
○​ spontaneous answer: no ●​ Send as attachments to email w subject "ILOVEYOU" and the
○​ BUT if cost per conversion is not the main goal of attachment named "LOVE-LETTER-FOR-YOU.txt.vbs
the campaign → it could be useful to go for this ⇔ vbs = visual basic script (by default) not shown on window
campaign if you only want to pr the product ⇔ user vet curious → open attachment → virus fwd itself as email
— to all contacts to address book → delete files w images & music​
display ad: classical ad Typical behavior of a virus
●​ banners = simple pic / texts ; most oft banner offered by 3rd ●​ Based on curiosity and naivety of users
parties ●​ Address-book used to fwd
●​ special forms of display ads: pop-ups or interstitial (shown ●​ Oft individual damage quite low, economic damage high

❗
before content of webpage display e.g. youtube) Stuxnet (2010)
term (CPC or CPM) used both for an payment method and a key ●​ New virus attack nuclear industry device in Iran
figure ●​ Analysis show:
●​ In the first case, you have a contract and e.g. the CPC ○​ Virus quite complex -> resulted by professional
defines what to pay for. The CPC is part of the contract. ○​ Way of infection: complex 'cause infected
●​ In the second case, you might have fixed costs (for SEO) and computers r not standard PCs + not connected to
you calculate a value for the CPC (e.g: 1.000€ for SEO, 500 internet => high logistic effort to infect these
Clicks per SEO → CPC = 2€) computes
●​ Suspect: virus go back to security agencies
Google adwords ○​ They are the only one w motivation, knowledge and
an example of SEA (search engine ad) resources to run an attack like this
advantage: ●​ Learning: nowaday virus (and other attack) can do "real"
●​ SEA lead to better ranking in organic search damage
●​ criteria to be place on top: ○​ Not only data stolen/manipulated -> real machines
○​ exact algo = Google secret were destroyed
○​ page-rank-algorithm ○​ Cyber war isn't only a buzzword but happening rn
○​ content of page Staatstrojaner (2011) - computer and network surveillance
●​ SEO is not worth if just do "little SEO" ●​ Bavarian order to develop the Staatstrojaner
○​ one has to get on 1st page ○​ Monitor VoIP & Skype-telephony
○​ has special combination of words ○​ Prepare ss of chats
Social Media Marketing ○​ Enable download of additional software
●​ it's not abt display ads on FB but an individual FB entry for a ●​ Diff critics:
product/company ○​ Surveillance society based on laws?
— ○​ Trojan taken over & misused by other attacjs
§ Exercise ○​ Trojan detected and made public by usual anti-virus
Company XY runs a web-shop. software
●​ Using display-ads, SEO and SEA, the web-shop shall become ●​ Learning: not only bad hackers
better known
●​ The following key-figures should be used:
 ○​ Its also companies & security agencies & who r ■​ Each society (each democracy) requires
running tracking and surveillance programs agreements about reality → can't agree on
○​ There's a grey area of WHAT'S ALLOWED a reality = society is in danger
○​ We expected (data) security guaranteed by our ●​ Definition of data security and data privacy
state. ○​ Data security: protects data against human
●​ Mirai (2016) (attackers)
○​ Malware (malicious software) by Linux based ○​ Data privacy: protects humans against (misuse) of

⭐
system data ; Data privacy require data security
■​ Linux system r usually less attacked ●​ Main goals of Data Security (CIAC = acronym of the listed

⭐
○​ No installed on classical computer but on digital goal)
cameras ○​ Confidentiality (privacy)
○​ In contrast, users have become sensible + make use ■​ Protection against unauthorized usage of
of basic security mean (i.e. password, virus scanner) confidential data

⭐
but still, devices unprotected ■​ E.g. password, TAN, PIN, results of exam
■​ Admin password unchange :) ○​ Integrity (data must be complete & correct)
○​ Use mirai, botnet have been built up, biggest ■​ Data & messages mustn't be manipulated
contained 500k+ bots or changed. At least it has to be obvious
■​ IT infrastructure of Liberia under attack -> that data has been changed

⭐
later identified as test run -> server of ■​ E.g. offer in ebay, answers in e-test
online platform (i.e. Spotify, Amazon, ○​ Availability
Minecraft) not reachable ■​ Authorized people should have access data
●​ WannaCry (2017) - a worm spread thru infected & service fr all defined places @ all define
computers time
○​ Actively look for computers in network using ■​ E.g. server of FH, own bachelor thesis
SMB-protocol (used for printer)
availability is always hard to achieve (or not achievable) when
○​ Protocol relatively old -> due to backward dealing w communication
compatibility -> still available & activated in current
versions of Window
○​ ⭐Accountability (who's responsible)
■​ Creation/change of data can be assigned
○​ WannaCry reaches. Admin status -> encrypt ~100
clearly to a person (service)
files and ask for ransom -> has to be transfer using
■​ Who has accessed the webpage? Who's
bitcoin
author of email
○​ Well-known security lack in window operating
●​ Depending on context → goals may diff
system
●​ Main goals of Data Security:
■​ Path (correction) is available but not
○​ 4 most important goals: confidentiality, integrity,
installed on every machine
availability, accountability
■​ Security lack is available in older version of
Root causes of lack of data security: technical, organisation, human
window which r out of maintenance
reasons
■​ Only older computer were infected but 52%
●​ Technical reasons: Internet started as research activity =>
of all companies still use 1+ computer w
small community so there was trust
outdated SW
○​ Security not an issue -> put aside consciously =>
●​ Learning: situation becomes more complex
open communication protocol (most protocol still
○​ Security agencies have own agenda => not
work w/out encrypting content/control data)
able/willing to protect society
○​ Internet has to built on top of standards =>
○​ Politic unable to cope w situation (i.e. German
attacker can analyse architecture of protocol →
change in IT security law have nothing to do w root
identify weaknesses
cause nor effect of WannaCry
●​ Organisational reasons
○​ User can't make use of correction
○​ Unclear responsibility: who's responsible for data
○​ There's growing interconnection between IT and
security in the company? => security means r oft
machines between virtual world and real world ->
organised in patchwork way
real infrastructure being vulnerable
○​ Insider threat
●​ Damage of IT infrastructure isn't just damage of a computer
○​ No rules, no user concept
-> the complete functions of an org can be destroyed. If
○​ Senior management not aware of digital issue
central func. of an organisation don't work anymore ->
●​ Human reasons: Stupidity & Ignorance
complete organisation is out of order
○​ not taken terms & conditions seriously
⇒ potential damage > broken computer​
​
Pizzagate (2016) - fake new incident where false human trafficking reasons can/can't change?
and child sex ring was reported on diff SoMe channels​
⇒ Fake news r an attack to the security of the society​
technical reason ❎ can't change due to
historical reason

☑️
​
Damage of IT attacks: organisation reason require consciousness of
●​ Computer - computer can't be destroy but software can be responsible person
changed/manipulated/deleted
human reasons hard to fight → need change
●​ Data mindset & internal edu
○​ theft/deletion/manipulation/misuse of data
○​ Loss of confidentiality
Different kinds of attacks / threats
○​ Loss of integrity
●​ Viruses - copy passively
●​ Embedded system (device w embedded IT)
○​ Example: stuxnet (nuclear power), oil pipeline, cars
○​ Loss of common reality
 ○​ Typical activity: check if system alr infected → not? ●​ (secured) access control
Install itself → reproduce itself → activate starting ●​ restricted user rights
condition → protect itself ●​ restrictive configuration (i.e. give fewer rights, restrict rights)
●​ Worms - spread actively ●​ keep software up-to-date + delete outdated software
●​ Botnet = network of remotely controlled computer // ●​ create backup copies
autonomous program running on computer ●​ anti-virus software
○​ Installed via virus/trojan ●​ run firewalls
○​ Triggered and activated using hub-bot ●​ use sandboxes (give potentially dangerous programmes a
○​ Goal: spreading of spam , denial of service attacks "playground" to run in)
(DoS) ●​ disable active content
○​ Botnet can be bought or rent -> organise computer ●​ encrypt sensitive data: pass, file, hard-disk, data during data
criminality transmission​
●​ How botnet install? ○​ authentication w pass = weak protection
○​ Attack install bot. (e.g. use virus) ○​ higher security level: property/physical
○​ Infected computer controlled by hub-bot characteristic (e.g. fingerprint, EC-card, etc.)
○​ Botnet is sold/rent ○​ strong authentication = based on 2+ measure (e.g.
○​ Individual computer of botnet r steered (only small 2-factor-authentication)
amount computer capacity) + host not recognised ■​ smartcard (property) + PIN (secret)
he's infected -> using botnet spam r distributed/DoS

⭐
attack r executed A whitelist will restrict network access to anyone whose IP address
●​ The botnet can't be found backward => attackers are does not match one on the list. This improves your security. Only
"renting" infected computers to conduct criminality. users with approved devices have access to your data or systems.
Denial of Service (DoS) = bombarded w request → server break Typically, a whitelist would be created to allow an authorized user to
●​ A system (e.g. web-server, ftp-server) receives a big amount do things like access a network. [source]
of legal request Encryption is the process by which a readable message is converted
●​ Due to big no. of request → server break = not able to to an unreadable form to prevent unauthorized parties from reading
handle "real" request it. Decryption is the process of converting an encrypted message
●​ DoS attack r executed using botnet back to its original (readable) format.
Hash algorithm: principle that use trapdoor function/ oneway
Attacks function (ie you can encrypt but can't decrypt)
●​ Attacks r strike against clearly defined goals (e.g. ●​ Popular example: SHA2, SHA3
competitors) = usually based on known security lacks Hashing is a one-way process that converts a password to ciphertext
(exploits) in software & operation // security lacks can never using hash algorithms
fully be avoided
○​ Today: important to quickly react on newly detected
security lacks
○​ Problem: altho corrections available => not install :)
Malware
●​ software that executes func. not wanted by owner
Phishing = a phenomenon
●​ Try to grab confidential info →mask other identity (e.g. send
fake email) → distributed w millions of copies as a link fwd a
victim to fake webpage ask for info
Fake news:
Social hacking: being hack by attackers who knows their victims
●​ Platform: fake news r spread especially thru internet
●​ New technical possibilities: deep fake -- use AI generate
Attacking password
picture, video, audio of each and every person
How attacker get clear password?
●​ Goal: establish of "alternative reality"
A hashed password for a database account is maintained in
●​ Future challenges: agree on ONE reality
the database, while an unhashed (clear-text) version of the
Summary:
password is stored in the external directory.
○​ Attacks r more complex/multifaceted
1.​ It's diff to reverse hashed password
○​ Attackers become more professional + more
2.​ Once capture, attacker compare his result to captured one
differentiated (diff goal, diff methods, diff tools)
-> identical? -> yes, "reverse" done
❗LENGTH IS IMPORTANT
§ Exercise
Confidentiality Integrity Availability Accountability

Virus ➕ ➕ ➕ ➕ How's try out done?

●​ Dictionary attack: words fr dictionaries
Phishing ➕ ➕ ➕ ➕ ●​ Brute-force-attack: combination of characters r tried

Attack ➕ ➕ ➕ ➕ Chapter 11: Data Privacy

Fake
news
➖ ➖ ➖ ➖ protection against misuse in data processing ; primacy of data
economy

🍪
GDPR: regulation by EU on data privacy
When is GDPR applicable? personal data stored, used, ggl
virus/worm: install additional software → somebody else could
analytics used, newsletter is fwd
change data (integrity) ; data could be deleted (availability) ; who's
done what = all goals r in endanger
Information privacy / privacy / data protection between the
collection and dissemination of data, tech, the public expectation of
Chapter 10: Data security – countermeasure
privacy, and the legal & political issues surrounding them
Typical operational measure:
 ●​ Protection against misuse in data processing Diff countries - diff regulations
●​ Info self-determination -- data abt a person belong to the ●​ In US, diff regulation wrt data privacy -> in EU, these
person - not to the one who collected it => company has regulations are weaker
●​ Primacy of data economy -- data which rn't required, ●​ Data to be protected (i.e. data abt individuals) mustn't be
mustn't be recorded stored in the US
●​ Enable american companies to store "EU data" anyhow, the
Data privacy regulated by law Safe-Harbor-Privacy-Principles were agreed on
Germany ○​ This agreement was cancelled in 2015 by the
●​ Bundesdatenschutzgesetz European Court of Justice
●​ Landesdatenschutzgesetz ○​ EU-US-Privacy-Shield was installed, which is
EU criticised too
●​ Datenschutzrichtlinine (privacy policy)
US ●​ Obviously: w/out info & info processing, we wouldn't
●​ Data privacy is hardly regulated in the US. From a EU require protection of data and info
understanding, there's hardly any data protection. ●​ Modern computing possibilities, data protection is
Especially, if public authorities r interested in data challenged
○​ Using modern IT, mass data can be analysed
The GDPR (Datenschutzgrundverordung, DSGVO) became ○​ Combine single data, user pro5 can be created
enforceable on 25th of May 2018 ●​ Having new technical capabilities, there r new challenges,
●​ Companies & administration which require new regulations
○​ Have to carefully handle personal info
○​ Must limit their greed for personal data Challenges in data privacy
○​ Must not fwd personal data to 3rd parties ●​ Data privacy conflicts w other goals
●​ People have the right ○​ Data privacy & data transparency
○​ To view their personal data ○​ Data privacy & costs
○​ To ask for erasure of data (under certain ○​ Data privacy & fight against criminality
circumstances) ○​ Data privacy & research

❗
…but neither companies nor public administration stick to these ●​ BBA (big brother awards) r negative awards, which r
regulations assigned to administration, companies, org, ppl.

❗Important change: violations become much more expensive

Consequently
○​ Award has been founded in UK
●​ The boss is liable for data privacy. A loosely handled data ○​ Award r assigned to those who have affected the
privacy policy is interpreted as failure by the management data privacy long lasting
●​ Penalties r limited up to 4% of the companies revenue ●​ Awards r given in several categories like politics, business
●​ Companies listed on the stock exchange can be accused by and administration
their shareholders ●​ Having a closer look @ the reasoning, it becomes obvious
that there's a trade off between data privacy
GDPR fr people's perspective
●​ In principle, processing of data is forbidden -- overall idea of PLT -- planning for logistics & transport is assigned to employees in
GDPR is storage and processing of personal data is forbidden the field or in big warehouses
●​ Prohibition of coupling -- companies r not allowed to ●​ Using GPS and GPRS, the exact position of each employee
depend a contract on massive data processing can be identified
●​ Compensation -- not only for specific damages but as well ●​ Using special software, a roaming pro5 of each employee
for stress, hassle and inconvenience can be created
●​ Transparency is a MUST -- provide info to concerned people ●​ Not too comfortable for the employees. Fr a legal point w/in
about which data is stored & for what kind purpose a grey area
●​ Sensitive data -- religious affiliation, sexual orientation, ●​ Fr a business pov, new opportunities r given:
biometric data,.. must only be handled in exceptional cases. ○​ Identification of lazy employees
Special protection for ppl under 16 ○​ Optimisation & late adjustment of routes
●​ Right to erasure -- under certain circumstances, ppl ask ●​ Question: should such a tracking-device be allowed?
companies to erase their data If the tracking device doesn't leak any personal info like name, age,
●​ Right to explanation of algorithmic decisions -- if a email but only where the driver is and location (i.e. destination) and
computer 'decides', the concerned person has the right to traffic situation, it should be fine. Regarding GPS, it allows the
get feedback abt reasons for the decision company to support driver in-time in case of accident.
●​ Right to obtain a portable copy of stored data -- have the
right, get a copy of their data e.g. move fr one physician to Chapter 12: Data Privacy
another 4 most important goal: AICA (availability, integrity, confidentiality,
accountability
What companies & admin have to do: Encryption: secure data & communication
●​ Potentially announce a data protection officer Principle of encryption:
●​ Create a binder of "data processing activities" ●​ clear text encrypted → secret text
●​ Document all processes connected to personal data ●​ secret text fwd as message/stored
●​ If sensitive data r taken -> an impact analysis abt data ●​ secret text need to be decrypted

🔑
privacy has to be performed ●​ encryption & decryption usually done w an encryption
●​ All efforts wrt data privacy should be documented method +
❗When wanting to move a server onto cloud: consider if cryptography: science of encryption
there're personal data stored on the server (e.g. Ilias-server)
→ if yes, GDPR in effect.
 🔑 🔑
●​ public encryption = 1 public + 1 private (must be a 🔑
🔑
PAIR)
classical encryption method: Caesar
⇒ problem of distribution is (nearly) solved

🔑
●​ method: simple shift
best known method: RSA (according Rives, Shamir, Adleman)

❓
●​ : 2 (shift to the R)
●​ implementation based on RSA (prime factorisation)
●​ : how secure is this cipher?
○​ PGP: pretty good privacy
classical encryption method: Vignere
○​ GPG: GNU privacy guard

🔑
●​ method: a word taken as a key

❓
●​ : "the chosen word"
●​ : how secure is this cipher?
Alice public key is published (e.g.
fwd to cert agency)

Alice private key stayed w Alice

Enigma ⇔ ensure confidentiality,

●​ encryption-machine used in WWII message encrypted w receiver's
●​ method: scrambling plaintext messages through a series of public key (bc only a pair can
interchangeable rotors and a plugboard, providing a encrypt/decrypt)
complex and variable encryption method.

❓Keep method or 🔑secret?

🔑
Alice encrypt her message w

❗Important: Kerckhoff's Principle Alice's private

🔑
Bob decrypt secret message w

🔑, it must not depend on the secrecy of the used encryption

The security of an encryption must depend on the secrecy of the Alice's public

method.

❗Kerckhoff's principle is important for computer science bc

encryption methods can be standardized (so all devices support the
same functions so that encryption/decryption works) and be

🔑
implemented by all involved parties. The security depends on the
🧍 🔄 🕵️ 🔄🧍
Problem: Man-in-the-middle-attack
secrecy of the

🔑
the attacker position himself between Bob and Alice and pretend to
Modern Encryption Standard: DES and AES be the other person → Bob and Alice then exchange w the
●​ DES (data encryption standard) attacker
○​ 1976 become official standard in US ⇒ solution: use certification agency
56
○​ 56 bit i.e. 2 = 7 𝑞𝑢𝑎𝑑𝑟𝑖𝑙𝑙𝑖𝑜𝑛
○​ implemented efficiently
●​ AES (advanced encryption standard)

🔑
○​ standardized in 2002
○​ having length of 128, 192 and 256 bit
○​ similar properties compared to DES

🔑
both methods r used
⇒ problem: distribution of (problem of AES)

🔑
●​ if message shall be encrypted, receiver of message has to
get before he can start the decryption

🔑
●​ key need to be sent in CT (clear text) → method not
whole process relies on a trustworthy institution
anymore if security depends on secrecy of
●​ example: E-banking
○​ PIN and TAN r not sent via internet (insecure) but
how is security handled on internet ? 🛜
●​ https where "s" = secure
thru sealed envelope
🔑
●​ method: Diffie-Hellman-Key-Exchange

🔑
○​ each party create a secret for single use
Symmetric Encryption ~AES
🔑 🔑
○​ both receive a public

🔑 🔑 🔑
○​ new key = personal private + public received

🔑
○​ new + secret = final new

🔑
⇒ final new secret + identical for both (i.e. no secret
exchanged)

Asymmetric Encryption ~RSA

 ●​ goal of strong AI: "to create an intelligence that can think
and solve problems like humans and that is characterized
by a form of consciousness"
●​ goal of weak AI: imitate intelligent behavior w/out claiming
consciousness
●​ problem:
○​ symbolic AI: approach the problem fr "above" +
consider logical reasoning (i.e. predefined rule)
○​ sub-symbolic AI: approach the problem fr "below" +
stimulate gr of neurons (i.e. build a system + input
→ system figure rule them self)
expert system: typical rep. of symbolic AI
●​ basic idea: imitation of decision-making process of human
expert
○​ implementation: database + processing rules
○​ (+): can justify their decision
○​ (-): problem w uncertain
knowledge/expectations/knowledge acquisition is
diff
other approach: ML
❗important: only key-generation is symmetric → once generated, ●​ do NOT prescribe any rules → AI "learn" fr training data &
common 🔑 used w asymmetric encryption derive regularities & patterns
●​ support vector machine is a simple machine learning
method
●​ idea: subdivide a 2D space w straight line into diff surfaces
●​ problem: quality of the training data ; result not
comprehensible ; problem w GDPR
real-world example: churn-analysis
●​ who'll churn?
●​ historical data fr telelcom available
●​ 21-dimensional data set
neural networks take a diff approach:
●​ neuron (in biology) is a nerve cell ; neurons r connected to
each other by synapses, many interconnected neurons form
a neural network
●​ simplified: neurons have 2 states: on and off = digital logic
Chapter 13: Trends in IT
●​ important properties:
Gartner Hype Cycle (1995): describe tech trend fr novelty →
○​ apply both natural & artificial neural network
everyday use
○​ neural networks can "learn"
○​ don't need an abstract model (unlike symbolic AI)
○​ correct "training" of a net: important
●​ neural network learn (better) w help of DL
●​ pattern recognition by means of neural networks: traffic
signs, house number, products/faces/facial expression

*annotation:
Technology Trigger = discussed among academia
Peak of Inflated Expectation = public of news + excitement
Trough of Disillusionment = realization
Slope of Enlightenment = public again but no excitement
Plateau of Productivity = take it for granted/norm

7 primary skills (1938)

1.​ verbal comprehension
2.​ word fluency
3.​ deductive reasoning
4.​ spatial imagination
5.​ retentiveness
6.​ numeracy
7.​ perceptual speed

❓ 💻
Criticism: intelligence is what you can test w intelligence tests
: in which of these abilities do perform well/badly?

What is AI?
●​ AI based on idea of "man as a machine"