e Commerce

R S

VEL TECH VEL TECH MULTI TECH VEL TECH HIGH TECH

STUDY MATERIAL

ELECTRONIC COMMERCE

DEPARTMENT OF MCA

JUNE – 2010

Vel Tech

Vel Tech Multi Tech Dr.Rangarajan Dr.Sakunthala Engineering

College

Vel Tech High Tech Dr. Rangarajan Dr.Sakunthala Engineering

College



SEM - V

INDEX

UNITS PAGE NO.

I. Introduction 06

II. Security Technologies 30

III. Electronic Payment Methods 48

IV. Electronic Commerce Providers 75

V. Online Commerce Environments 84



# 42 & 60, Avadi – Veltech Road, Avadi, Chennai – 62.

Phone : 044 26840603 email : [email protected] 26841601 website : www.vel-tech.org 26840766 www.veltechuniv.edu.in

Student Strength of Vel Tech increased from 413 to 10579, between 1997 and 2010.

Our heartfelt gratitude to AICTE for sanctioning highest number of seats and highest number of courses for the academic year 2009 – 2010 in Tamil Nadu, India.

Consistent success on academic performance by achieving 97% - 100% in University examination results during the past 4 academic years.

Tie-up with Oracle Corporation for conducting training programmes & qualifying our students for International Certifications.

Permission obtained to start Cisco Networking Academy Programmes in our College campus.

Satyam Ventures R&D Centre located in Vel Tech Engineering College premises.

Signed MOU with FL Smidth for placements, Project and Training.

Signed MOU with British Council for Promotion of High Proficiency in Business English, of the University of Cambridge, UK (BEC).

Signed MOU with NASSCOM.

MOU’s currently in process is with Vijay Electrical and One London University.

Signed MOU with INVICTUS TECHNOLOGY for projects & Placements.

Signed MOU with SUTHERLAND GLOBAL SERVICES for Training & Placements.

Signed MOU with Tmi First for Training & Placements.

VELTECH, VEL TECH MULTI TECH engineering colleges Accredited by TCSVEL TECH, VEL TECH MULTI TECH, VEL TECH HIGH TECH, engineering colleges & VEL SRI RANGA SANKU (ARTS & SCIENCE) Accredited by CTS.

Companies Such as TCS, INFOSYS TECHNOLOGIES, IBM, WIPRO TECHNOLOGIES, KEANE SOFT-WARE & T INFOTECH, ACCENTURE, HCL TECHNOLOGIES, TCE Consulting Engineers, SIEMENS, BIRLASOFT, MPHASIS(EDS), APOLLO HOSPITALS, CLAYTON, ASHOK LEYLAND, IDEA AE & E, SATYAM VENTURES, UNITED ENGINEERS, ETA-ASCON, CARBORANDUM UNIVERSAL, CIPLA, FU-TURE GROUP, DELPHI-TVS DIESEL SYSTEMS, ICICI PRULIFE, ICICI LOMBARD, HWASHIN, HYUNDAI, TATA CHEMICAL LTD, RECKITT BENKIZER, MURUGAPPA GROUP, POLARIS, FOX-CONN, LIONBRIDGE, USHA FIRE SAFETY, MALCO, YOUTELECOM, HONEYWELL, MANDOBRAKES, DEXTERITY, HEXAWARE, TEMENOS, RBS, NAVIA MARKETS, EUREKHA FORBES, RELIANCE INFO-COMM, NUMERIC POWER SYSTEMS, ORCHID CHEMICALS, JEEVAN DIESEL, AMALGAMATION CLUTCH VALEO, SAINT GOBAIN, SONA GROUP, NOKIA, NICHOLAS PHARIMAL, SKH METALS, ASIA MOTOR WORKS, PEROT, BRITANNIA, YOKAGAWA FED BY, JEEVAN DIESEL visit our campus annually to recruit our final year Engineering, Diploma, Medical and Management Students.

Preface to the First Edition


R S


This edition is a sincere and co-ordinated effort which we hope has

made a great difference in the quality of the material. “Giving the best to

the students, making optimum use of available technical facilities &

intellectual strength” has always been the motto of our institutions. In

this edition the best staff across the group of colleges has been chosen to

develop specific units. Hence the material, as a whole is the merge of the

intellectual capacities of our faculties across the group of Institutions.

45 to 60, two mark questions and 15 to 20, sixteen mark questions for

each unit are available in this material.

Prepared By : Ms. X. Agnes Kala Rani.

Asst. Professor.

MC1622 ELECTRONIC COMMERCE

1. INTRODUCTION 6

Networks and Commercial Transactions - Internet and Other Novelties - Electronic Transactions Today - Commercial Transactions - Establishing Trust - Internet Environment - Internet Advantage - World Wide Web.



2. SECURITY TECHNOLOGIES 9

Why Internet Is Unsecure - Internet Security Holes - Cryptography : Objective - Codes and Ciphers - Breaking Encryption Schemes - Data Encryption Standard - Trusted Key Distribution and Verification - Cryptographic Applications - Encryption - Digital Signature - Nonrepudiation and Message Integrity.

3. ELECTRONIC PAYMENT METHODS 9

Traditional Transactions : Updating - Offline and Online Transactions - Secure Web Servers - Required Facilities - Digital Currencies and Payment Systems - Protocols for the Public Transport - Security Protocols - SET - Credit Card Business Basics.

4. ELECTRONIC COMMERCE PROVIDERS 9

Online Commerce Options - Functions and Features - Payment Systems : Electronic, Digital and Virtual Internet Payment System - Account Setup and Costs - Virtual Transaction Process - InfoHaus - Security Considerations – CyberCash: Model - Security - Customer Protection - Client Application - Selling through CyberCash.

5. ONLINE COMMERCE ENVIRONMENTS 12

Servers and Commercial Environments - Payment Methods - Server Market Orientation - Netscape Commerce Server - Microsoft Internet Servers - Digital

Currencies - DigiCash - Using Ecash - Ecash Client Software and Implementation -

Smart Cards - The Chip - Electronic Data Interchange - Internet Strategies, Techniques and Tools.

TEXT BOOKS 1.Pete Loshin, “Electronic Commerce”, 4th Edition, Firewall media, An imprint of laxmi publications Pvt. Ltd., New Delhi, 2004.

REFERENCESJeffrey F.Rayport and Bernard J. Jaworski, “Introduction to E-Commerce”, 2nd Edition, Tata Mc-Graw Hill Pvt., Ltd., 2003.Greenstein, “Electronic Commerce”, Tata Mc-Graw Hill Pvt., Ltd., 2000.

UNIT – I

PART – A

1. Define E-Commerce.



Electric commerce: the conducting of business communication and transactions over networks and through computers. Specifically, ecommerce is the buying and selling of goods and services, and the transfer of funds, through digital communications.

2. What is Internet ?

The internet is a collection of wires, protocols and hardware that allows the electronic transmission of data over TCP/IP. The Internet forms a global n/w of computers that can share data and programs. the computers are connected through a series of LAN, WAN and transfer data through he communication rules set forth by the TCP/IP.

Four Components to use the Internet in an easy manner:1. DNS(Domain Name System).2. Packet switching , routing3. TCP4. IP Address

TCP -> S/w ensures the safe and reliable transfer of the data.IP -> IP S/w sets the rules for data transfer over a n/w.

3. How the internet works ?

a. Addressing and the Domain name system:

Each and every system have its own unique IP address. Sun Microsystems developed the DNS in the early 1980s. It converted numeric IP address into character IPaddress.

b. Packet Switching:

Internet is a packet switched system. All data transferred across the internet is broken into packets.

c. Routing:

It serve as intermediaries b/w the n/w.

Building blocks of the internet. They direct traffic and translate msg so that different n/w technologies can communicate with one another.

4. What is a Network?

A “network” has been defined as any set of interlinking lines resembling a net, a network of roads || an interconnected system, a network of alliances.'' This definition suits our purpose well: a computer network is simply a system of interconnected computers. How they're connected is irrelevant, and as we'll soon



see, there are a number of ways to do this.

5. Components of a Network:

The components given below are mainly used in Network Security.

1. Concentrator2. Hub3. Repeater4. Bridges5. Modem6. Routers7. Cables

6. What is Security?

In the computer industry, refers to techniques for ensuring that data stored in a computer cannot be read or compromised by any individuals without authorization. Most security measures involve data encryption and passwords. Data encryption is the translation of data into a form that is unintelligible without a deciphering mechanism. A password is a secret word or phrase that gives a user access to a particular program or system.

7. Network security :

Consists of the provisions made in an underlying computer network infrastructure, policies adopted by the network administrator to protect the network and the network-accessible resources from unauthorized access and the effectiveness (or lack) of these measures combined together.

8. What is a protocol?

A protocol is a well-defined specification that allows computers to communicate across a network. In a way, protocols define the "grammar" that computers can use to "talk" to each other.9. What is IP?

IP stands for "Internet Protocol". It can be thought of as the common language of computers on the Internet. There are a number of detailed descriptions of IP given elsewhere, so we won't cover it in detail in this document

10. What is an IP address?

IP addresses are analogous to telephone numbers – when you want to call someone on the telephone, you must first know their telephone number. Similarly, when a computer on the Internet needs to send data to another computer, it must first know its IP address. IP addresses are typically shown as four numbers separated by decimal points, or “dots”. For example, 10.24.254.3 and 192.168.62.231 are IP



addresses

11. Transfer Control Protocol:

TCP is a transport-layer protocol. It needs to sit on top of a network-layer protocol, and was designed to ride atop IP. (Just as IP was designed to carry, among other things, TCP packets.) Because TCP and IP were designed together and wherever you have one, you typically have the other, the entire suite of Internet protocols are known collectively as ``TCP/IP.'' TCP itself has a number of important features that we'll cover briefly.

12. Types of Network:

a. LAN(Local Area Network).b. WAN(Wide Area Network).c. MAN(Metropolitan Area Network).

13. E-commerce models.

a.B2C 3.B2G 5.C2B(Consumer to Business)b.B2B 4.C2C

14. What are the Advantages of Electronic payment systems?

They work in the same way as traditional checks, thus simplifying customer education

Electronic checks are well suited for clearing micro payments Electronic checks create float and the availability of float is an important

requirement for commerce.

Financial risk is assumed by the accounting server and may result in easier acceptance.

15. What are the advantages of TCP/IP Protocol?

They are everywhere! It's the common worldwide standard now for networking.

Interoperability: different types computers from different vendors can communicate seamlessly if they speak the same TCP/IP language.

Built-in intelligent mechanisms for error and flow control. Many others, just Google advantages of TCP/IP.

16. What are the advantages of E-Commerce?

New marketing time opportunities. Electronic bill presentment and payment services Related products and cross selling Featured product listingVEL TECH VEL TECH MULTI TECH VEL TECH

HIGH TECH


Coupon codes, gift certificates Inventory control Backorders allowed

17. What is commercial transaction?

A commercial contract deals with purely business or commercial transaction. Any contract, as long as the parties fulfill their respective promises

PART – B

1. EXPLAIN INTERNET ENVIRONMENT

A worldwide system of interconnected computer networks. The origins of the Internet can be traced to the creation of ARPANET (Advanced Research Projects Agency Network) as a network of computers under the auspices of the U.S. Department of Defense in 1969. Today, the Internet connects millions of computers around the world in a nonhierarchical manner unprecedented in the history of communications. The Internet is a product of the convergence of media, computers, and telecommunications. It is not merely a technological development but the product of social and political processes, involving both the academic world and the government (the Department of Defense). From its origins in a nonindustrial, noncorporate environment and in a purely scientific culture, it has quickly diffused into the world of commerce.

The Internet is a combination of several media technologies and an electronic version of newspapers, magazines, books, catalogs, bulletin boards, and much more. This versatility gives the Internet its power.



Technological features

The Internet 'Ls technological success depends on its principal communication tools, the Transmission Control Protocol (TCP) and the Internet Protocol (IP). They are referred to frequently as TCP/IP. A protocol is an agreed-upon set of conventions that defines the rules of communication. TCP breaks down and reassembles packets, whereas IP is responsible for ensuring that the packets are sent to the right destination.

Data travels across the Internet through several levels of networks until it reaches its destination. E-mail messages arrive at the mail server (similar to the local post office) from a remote personal computer connected by a modem, or a node on a local-area network. From the server, the messages pass through a router, a special-purpose computer ensuring that each message is sent to its correct destination. A message may pass through several networks to reach its destination. Each network has its own router that determines how best to move the message closer to its destination, taking into account the traffic on the network. A message passes from one network to the next, until it arrives at the destination network, from where it can be sent to the recipient, who has a mailbox on that network. See also Electronic mail; Local-area networks; Wide-area networks.

TCP/IP

TCP/IP is a set of protocols developed to allow cooperating computers to share resources across the networks. The TCP/IP establishes the standards and rules by which messages are sent through the networks. The most important traditional TCP/IP services are file transfer, remote login, and mail transfer.

The file transfer protocol (FTP) allows a user on any computer to get files from another computer, or to send files to another computer. Security is handled by requiring the user to specify a user name and password for the other computer.

The network terminal protocol (TELNET) allows a user to log in on any other computer on the network. The user starts a remote session by specifying a computer to connect to. From that time until the end of the session, anything the user types is sent to the other computer.

Mail transfer allows a user to send messages to users on other computers. Originally, people tended to use only one or two specific computers. They would maintain “mail files” on those machines. The computer mail system is simply a way for a user to add a message to another user's mail file.

Other services have also become important: resource sharing, diskless workstations, computer conferencing, transaction processing, security, multimedia access, and directory services.



TCP is responsible for breaking up the message into datagrams, reassembling the datagrams at the other end, resending anything that gets lost, and putting things back in the right order. IP is responsible for routing individual datagrams. The datagrams are individually identified by a unique sequence number to facilitate reassembly in the correct order. The whole process of transmission is done through the use of routers. Routing is the process by which two communication stations find and use the optimum path across any network of any complexity. Routers must support fragmentation, the ability to subdivide received information into smaller units where this is required to match the underlying network technology. Routers operate by recognizing that a particular network number relates to a specific area within the interconnected networks. They keep track of the numbers throughout the entire process.

Domain Name System

The addressing system on the Internet generates IP addresses, which are usually indicated by numbers such as 128.201.86.290. Since such numbers are difficult to remember, a user-friendly system has been created known as the Domain Name System (DNS). This system provides the mnemonic equivalent of a numeric IP address and further ensures that every site on the Internet has a unique address. For example, an Internet address might appear as crito.uci.edu. If this address is accessed through a Web browser, it is referred to as a URL (Uniform Resource Locator), and the full URL will appear as http://www.crito.uci.edu.

The Domain Name System divides the Internet into a series of component networks called domains that enable e-mail (and other files) to be sent across the entire Internet. Each site attached to the Internet belongs to one of the domains. Universities, for example, belong to the “edu” domain. Other domains are gov (government), com (commercial organizations), mil (military), net (network service providers), and org (nonprofit organizations).

World Wide Web

The World Wide Web (WWW) is based on technology called hypertext. The Web may be thought of as a very large subset of the Internet, consisting of hypertext and hypermedia documents. A hypertext document is a document that has a reference (or link) to another hypertext document, which may be on the same computer or in a different computer that may be located anywhere in the world. Hypermedia is a similar concept except that it provides links to graphic, sound, and video files in addition to text files.

In order for the Web to work, every client must be able to display every document from any server. This is accomplished by imposing a set of standards known as a protocol to govern the way that data are transmitted across the Web. Thus data travel from client to server and back through a protocol known as the HyperText Transfer Protocol (http). In order to access the documents that are transmitted through this protocol, a special program known as a browser is required, which browses the Web. See also World Wide Web.



Commerce on the Internet

Commerce on the Internet is known by a few other names, such as e-business, Etailing (electronic retailing), and e-commerce. The strengths of e-business depend on the strengths of the Internet. Internet commerce is divided into two major segments, business-to-business (B2B) and business-to-consumer (B2C). In each are some companies that have started their businesses on the Internet, and others that have existed previously and are now transitioning into the Internet world. Some products and services, such as books, compact disks (CDs), computer software, and airline tickets, seem to be particularly suited for online business.

World Wide Web :

A major service on the Internet. To understand exactly how the Web relates to the Internet, see Web vs. Internet. The World Wide Web is made up of "Web servers" that store and disseminate "Web pages," which are "rich" documents that contain text, graphics, animations and videos to anyone with an Internet connection.

The heart of the Web technology is the hyperlink, which connects each document to each other by its "URL" address, whether locally or in another country. "Click here" caused the Web to explode in the mid-1990s, turning the Internet into the largest shopping mall and information source in the world. It also enabled the concept of a "global server" that provides a source for all applications and data (see Web 2.0).

The Browser

Web pages are accessed by the user via a Web browser application such as Internet Explorer, Netscape, Safari, Opera and Firefox. The browser renders the pages on screen, executes embedded scripts and automatically invokes additional software as needed. For example, animations and special effects are provided by browser plug-ins, and audio and video are played by media player software that either comes with the operating system or from a third party.

HTML Is the Format

A Web page is a text document embedded with HTML tags that define how the text is rendered on screen. Web pages can be created with any text editor or word processor. They are also created in HTML authoring programs that provide a graphical interface for designing the layout. Authoring programs generate the HTML tags behind the scenes, but the tags can be edited if required. Many applications export documents directly to HTML, thus basic Web pages can be created in numerous ways without HTML coding. The ease of page creation helped fuel the Web's growth.



A collection of Web pages makes up a Web site. Very large organizations deploy their Web sites on inhouse servers or on their own servers co-located in a third party facility that provides power and Internet access. Small to medium sites are generally hosted by Internet service providers (ISPs). Millions of people have developed their own mini Web sites as ISPs typically host a small number of personal Web pages at no extra cost to individual customers.

The Intranet

The public Web spawned the private "intranet," an inhouse Web site for employees. Protected via a firewall that lets employees access the Internet, the firewall restricts uninvited users from coming in and viewing internal information. There is no difference in intranet and Web architectures. It has only to do with who has access.

HTTP Can Deliver Anything

HTML pages are transmitted to the user via the HTTP protocol. A Web server stores HTML pages for a Web site, but it can also be a storehouse for any kind of file delivered to a client application via HTTP. For example, the Windows version of this Encyclopedia is available as an HTTP application. The text and images are hosted on The Computer Language Company's Web server and delivered to the Windows client in the user's PC. The Windows client is an HTTP-enabled version of the popular interface first introduced in 1996 for stand-alone PCs and client/server LANs.

Where It Came From - Where It's Going

The World Wide Web was developed at the European Organization for Nuclear Research (CERN) in Geneva from a proposal by Tim Berners-Lee in 1989. It was created to share research information on nuclear physics. In 1991, the first command line browser was introduced. By the start of 1993, there were 50 Web servers, and the Voila X Window browser provided the first graphical capability. In that same year, CERN introduced its Macintosh browser, and the National Center for Supercomputing Applications (NCSA) in Chicago introduced the X Window version of Mosaic. Mosaic was developed by Marc Andreessen, who later became world famous as a principal at Netscape.

By 1994, there were approximately 500 Web sites, and, by the start of 1995, nearly 10,000. By the turn of the century, there were more than 30 million registered domain names. Many believe the Web signified the real beginning of the information age. However, those people who still use analog dial-up modems consider it the "World Wide Wait."

Everyone has some interest in the Web. ISPs, cable and telephone companies want to give you connectivity. Webmasters want more visitors. IT managers want more security. The publishing industry wants to preserve its copyrights. Hardware and software vendors want to make every product Web accessible. Nothing in the computer/communications field ever came onto the scene with such intensity. Even



with the dot-com crash of 2000/2001, the future of the Web is going to be very exciting. Stay tuned! See Web 2.0, Internet, HTTP, HTML, World Wide Wait and Wild Wooly Web.

2 . Explain Ecommerce | Online vs "Traditional" Commerce

Expectations Are Learned Offline

Users come to online commerce with some key experiential understandings of the characteristics of traditional commerce.

Identity. Customers can easily authenticate the identity of a merchant simply by walking into a bricks-and-mortar store. Stores can be members of a community and neighborhood; they can be part of customers' daily experience. There is a concreteness about a physical store that no amount of HTML will ever match.Immediacy. Customers can touch and feel and hold the merchandise. Tactile cues can drive the decision to buy. A transaction that is face-to-face is usually unmediated: your communication with the merchant is not in the hands of a third party or technology (as with ordering by phone).

Value. The item at the center of the commerce transaction -- the product, service, or property that is to be sold/bought -- has some kind of value. Its price is determined and validated through the performance of the transaction. The seller agrees to a selling price, and the buyer agrees to a buying price. The value of an item, especially the relative value an item has for the buyer, is much easier to appraise if that item is close at hand.

Discourse. Customers can converse with the merchant face-to-face; unmediated conversation is basic to human communication. People want the feedback available from non-verbal behavior, which forms a large part of our judgment process.

Community. Customers can interact with other customers and gain feedback about the merchant from other customers, as well as by observing the merchant interacting with other customers.

Privacy. Customers can make purchases anonymously with cash; they usually don't have to give their name or address. They don't usually have to worry about what a store will do with their personal information, although this is becoming more of an issue with various recent attempts by lawyers to access private sales and rental records. Privacy is often a measure of how much of his or her identity a buyer wants to invest in a transaction; sometimes, we just want to quietly make our purchase and leave with it.

An online commerce customer faces mediation in every element and at every stage of the commerce transaction. Customers can't see the merchant, only the merchant's website; they can't touch the merchandise, they can only see a representation; they can't wander a store and speak with employees, they can only



browse HTML pages, read FAQs, and fire off email to nameless customer service mailboxes; they can't explore the store's shelves and product space, they can only search a digital catalog. A customer at an online commerce site lacks the concrete cues to comfortably assess the trustworthiness of the site, and so must rely on new kinds of cues. The problem for the online customer is that the web is new -- to a large sector of the online audience -- and online commerce seems like a step into an unknown experience.

3. Different Kinds of "Traditional" Commerce Models.

Not every commerce transaction is identical, and not every transaction is the same type of transaction. In my experience, I have dealt with roughly five types of commerce transaction offline (this is not an attempt at a taxonomy of commerce transactions, just my common-sense exploration of my own experience): Retail store

This is by far the most common commerce experience in American culture: you walk into a store that is stocked with merchandise for immediate sale -- bookstores, grocery stores, hardware stores -- and find what you want, then purchase it. You leave the store with the product, assuming immediate ownership.

Retail special order

When a retail store doesn't stock the product you want, or is currently out of stock, you often have the option of special ordering the product. If a bookstore doesn't care a small press book title that you want, and the title is in print, you can usually special order the title from the store; the store locates the product, buys it, then resells it you. Delayed gratification, but you have the advantage of dealing with a merchant face-to-face. I would consider rain checks in this same category.

Catalogue store

Smaller towns sometimes have catalogue stores, where a large merchant doesn't see a local demand to keep a store stocked with merchandise, so they instead provide a storefront where people can come in and look at catalogues, and order from a company representative. Sears is a company that operates catalogue stores (or at least they used to), and Service Merchandise functions as a catalogue store for much of their "stock".

phone order from a catalogue

Mail order catalogues, with their operators standing by, have been around longer than the internet. While you can't touch and feel the merchandise prior to ordering, you can at least speak with a live person when placing the order; I've had some excellent shopping experiences with mail order catalog customer service reps.

Bargaining VEL TECH VEL TECH MULTI TECH VEL TECH

HIGH TECH


I find this the strangest form of commerce transaction; I simply am not used to bargaining... just give me a price, and I'll decide whether or not to pay it. The United States is not a country with a vibrant bargaining culture, but if you travel internationally you will encounter cultures that thrive on bargaining. In the U.S., buying an automobile or shopping at collectors conventions is often a bargaining experience.

While these may be different types of commerce transactions, they are all clearly related. They share elements like the roles involved (seller and buyer), steps in the transactions (price must be agreed upon, money must change hands), and underlying concepts (the value of this merchandise to me, do I know this merchant?). Ultimately, these different transactions differ only slightly on some few elements, with the bulk of the transaction adhering to the internal models that we have built for what commerce is like.

In fact, based on our experience, we build frameworks to describe these transactions, with steps and meaningful elements, and we use these frameworks to understand every new commerce transaction in which we engage. These frameworks are called schemas, and we use these schemas to make sense of ecommerce web sites when we take our shopping online.

4. Explain E-commerce advantages and disadvantages :

E-commerce provides many new ways for businesses and consumers to communicate and conduct business. There are a number of advantages and disadvantages of conducting business in this manner.

E-commerce advantages

Some advantages that can be achieved from e-commerce include:

a. Being able to conduct business 24 x 7 x 365 .

E-commerce systems can operate all day every day. Your physical storefront does not need to be open in order for customers and suppliers to be doing business with you electronically.

b. Access the global marketplace .

The Internet spans the world, and it is possible to do business with any business or person who is connected to the Internet. Simple local businesses such as specialist record stores are able to market and sell their offerings internationally using e-commerce. This global opportunity is assisted by the fact that, unlike traditional communications methods, users are not charged according to the distance over which they are communicating.



c. Speed.

Electronic communications allow messages to traverse the world almost instantaneously. There is no need to wait weeks for a catalogue to arrive by post: that communications delay is not a part of the Internet / e-commerce world. d. Marketspace.

The market in which web-based businesses operate is the global market. It may not be evident to them, but many businesses are already facing international competition from web-enabled businesses.

e. Opportunity to reduce costs.

The Internet makes it very easy to 'shop around' for products and services that may be cheaper or more effective than we might otherwise settle for. It is sometimes possible to, through some online research, identify original manufacturers for some goods - thereby bypassing wholesalers and achieving a cheaper price.

f. Computer platform-independent .

'Many, if not most, computers have the ability to communicate via the Internet independent of operating systems and hardware. Customers are not limited by existing hardware systems' (Gascoyne & Ozcubukcu, 1997:87).

g. Efficient applications development environment .

'In many respects, applications can be more efficiently developed and distributed because the can be built without regard to the customer's or the business partner's technology platform. Application updates do not have to be manually installed on computers. Rather, Internet-related technologies provide this capability inherently through automatic deployment of software updates' (Gascoyne & Ozcubukcu, 1997:87).

h. Allowing customer self service and 'customer outsourcing'.

People can interact with businesses at any hour of the day that it is convenient to them, and because these interactions are initiated by customers, the customers also provide a lot of the data for the transaction that may otherwise need to be entered by business staff. This means that some of the work and costs are effectively shifted to customers; this is referred to as 'customer outsourcing'.

i. Stepping beyond borders to a global view.

Using aspects of e-commerce technology can mean your business can source and use products and services provided by other businesses in other countries. This seems obvious enough to say, but people do not always consider the implications of



e-commerce. For example, in many ways it can be easier and cheaper to host and operate some e-commerce activities outside Australia. Further, because many e-commerce transactions involve credit cards, many businesses in Australia need to make arrangements for accepting online payments. However a number of major Australian banks have tended to be unhelpful laggards on this front, charging a lot of money and making it difficult to establish these arrangements - particularly for smaller businesses and/or businesses that don't fit into a traditional-economy understanding of business. In some cases, therefore, it can be easier and cheaper to set up arrangements which bypass this aspect of the Australian banking system. Admittedly, this can create some grey areas for legal and taxation purposes, but these can be dealt with. And yes these circumstances do have implications for Australia's national competitiveness and the competitiveness of our industries and businesses.

6. Explain E-commerce disadvantages and constraints .

Some disadvantages and constraints of e-commerce include the following.

a. Time for delivery of physical products .

It is possible to visit a local music store and walk out with a compact disc, or a bookstore and leave with a book. E-commerce is often used to buy goods that are not available locally from businesses all over the world, meaning that physical goods need to be delivered, which takes time and costs money. In some cases there are ways around this, for example, with electronic files of the music or books being accessed across the Internet, but then these are not physical goods.

b. Physical product, supplier & delivery uncertainty .

When you walk out of a shop with an item, it's yours. You have it; you know what it is, where it is and how it looks. In some respects e-commerce purchases are made on trust. This is because, firstly, not having had physical access to the product, a purchase is made on an expectation of what that product is and its condition. Secondly, because supplying businesses can be conducted across the world, it can be uncertain whether or not they are legitimate businesses and are not just going to take your money. It's pretty hard to knock on their door to complain or seek legal recourse! Thirdly, even if the item is sent, it is easy to start wondering whether or not it will ever arrive.

c. Perishable goods .

Forget about ordering a single gelato ice cream from a shop in Rome! Though specialised or refrigerated transport can be used, goods bought and sold via the Internet tend to be durable and non-perishable: they need to survive the trip from the supplier to the purchasing business or consumer. This shifts the bias for perishable and/or non-durable goods back towards traditional supply chain arrangements, or towards relatively more local e-commerce-based purchases, sales



and distribution. In contrast, durable goods can be traded from almost anyone to almost anyone else, sparking competition for lower prices. In some cases this leads to disintermediation in which intermediary people and businesses are bypassed by consumers and by other businesses that are seeking to purchase more directly from manufacturers.

d. Limited and selected sensory information.

The Internet is an effective conduit for visual and auditory information: seeing pictures, hearing sounds and reading text. However it does not allow full scope for our senses: we can see pictures of the flowers, but not smell their fragrance; we can see pictures of a hammer, but not feel its weight or balance. Further, when we pick up and inspect something, we choose what we look at and how we look at it. This is not the case on the Internet. If we were looking at buying a car on the Internet, we would see the pictures the seller had chosen for us to see but not the things we might look for if we were able to see it in person. And, taking into account our other senses, we can't test the car to hear the sound of the engine as it changes gears or sense the smell and feel of the leather seats. There are many ways in which the Internet does not convey the richness of experiences of the world. This lack of sensory information means that people are often much more comfortable buying via the Internet generic goods - things that they have seen or experienced before and about which there is little ambiguity, rather than unique or complex things.

e. Returning goods.

Returning goods online can be an area of difficulty. The uncertainties surrounding the initial payment and delivery of goods can be exacerbated in this process. Will the goods get back to their source? Who pays for the return postage? Will the refund be paid? Will I be left with nothing? How long will it take? Contrast this with the offline experience of returning goods to a shop.

f. Privacy, security, payment, identity, contract.

Many issues arise - privacy of information, security of that information and payment details, whether or not payment details (eg credit card details) will be misused, identity theft, contract, and, whether we have one or not, what laws and legal jurisdiction apply.

g. Defined services & the unexpected .

E-commerce is an effective means for managing the transaction of known and established services, that is, things that are everyday. It is not suitable for dealing with the new or unexpected. For example, a transport company used to dealing with simple packages being asked if it can transport a hippopotamus, or a customer asking for a book order to be wrapped in blue and white polka dot paper with a bow. Such requests need human intervention to investigate and resolve.



h .Personal service .

Although some human interaction can be facilitated via the web, e-commerce can not provide the richness of interaction provided by personal service. For most businesses, e-commerce methods provide the equivalent of an information-rich counter attendant rather than a salesperson. This also means that feedback about how people react to product and service offerings also tends to be more granular or perhaps lost using e-commerce approaches. If your only feedback is that people are (or are not) buying your products or services online, this is inadequate for evaluating how to change or improve your e-commerce strategies and/or product and service offerings. Successful business use of e-commerce typically involves strategies for gaining and applying customer feedback. This helps businesses to understand, anticipate and meet changing online customer needs and preferences, which is critical because of the comparatively rapid rate of ongoing Internet-based change.

i. Size and number of transactions.

E-commerce is most often conducted using credit card facilities for payments, and as a result very small and very large transactions tend not to be conducted online. The size of transactions is also impacted by the economics of transporting physical goods. For example, any benefits or conveniences of buying a box of pens online from a US-based business tend to be eclipsed by the cost of having to pay for them to be delivered to you in Australia. The delivery costs also mean that buying individual items from a range of different overseas businesses is significantly more expensive than buying all of the goods from one overseas business because the goods can be packaged and shipped together.

Internet Advantages:

a. 24 hours a day - 7 days a week - 365 days per yearEven if no staff were to be in your office, visitors will come to your website. The website NEVER closes.

b. Structural

An advertisement in a newspaper is worthless the day (perhaps two days) after. Participation at a fair or conference doesn't reach anybody, once it is over. Apart from things like dates and prices, much of your website content will still be valid years after you've done the work to have it there.c. Measurable

You can measure anything; how many people saw your advertisement banners, how many clicked on it, how many asked information or a price quote and how many sales on resulted from that campaign. You can measure how many people came to your website through certain key words in a search-engine and calculate the profits per 1.000 visitors on THAT specific keyword. How many pages did people look at? What section of my content is more popular? What is the "normal route"? What it the



most frequent "exit page" (from where they leave your site". How many visitors are NEW to the site and how many are repeat-visits?

d. Interactive

Visitors can do a test, they can get an automatic price-quote through a form, they can participate in a forum, ask a question through different feedback systems (including online).

e. Community building

Invite people to contribute things themselves; evaluations of the product/ the service, tips for other users, use newsletters.

f. Low cost

Just compare the costs of sending out physical mailing to 25,000 addresses, with the costs of an e-mailing to 250.000 e-mail addresses.

g. Reproduction at "zero cost"

Whether 1,000 visitors come to your site or 25,000, the increased cost is marginal. Compare that with printing more brochures, producing more videos or using a call centre for another 2,000 calls.

h. Saves time (counselling on product and service information / administration)

Visitors can access "frequently asked questions" to help themselves, which saves you time. People can BUY online, without any member of staff having been involved.

i. Allows for new business models (CPM, PPC, PPL, affiliate)

Pay for every time someone SEES your advertisement, or only when they CLICK on your banner advertisement, or even only when they fill out a form, that identifies them and makes them approachable OR even ONLY pay, when you actually get a SALE from another website.j. Low "hassle" environment

Apart from "pop-ups and pop-unders"; Many possible clients will find it "safer" to look around on a website anonymously, rather than asking a question to a real life person.

7. Explain Commercial Transactions and Electronic Transactions ?

Understanding the ways in which commercial transactions take place online,



across the Internet, requires understanding the way in which any commercial transactions takes place. There will be differences between different types of transactions. Although the way a large corporation buys raw materials in bulk from its supplier is different from the way the schoolchild buys candy at the corner drugstore, both transactions share certain characteristics.

Let us examine some of the issues involved in electronic commerce by taking a look at what happens in the course of any commercial transaction, we will focus on the issues involved in simple retail transactions, since virtually everyone is familiar and comfortable with this type of transaction.

1. Establishing Trust2. Negotiating a Deal3. Payment and Settlement4. Payment Vehicles and Currencies5. Products and Delivery

Electronic Transactions :

When considering online commerce, it is important to maintain a perspective and define a context. Broadcasting networks, particularly television networks, have a long history of being used to market products, although viewers cannot use that same medium to place orders. with widespread use of credit cards, consumers and merchants have been happily transacting business over the telephone networks for many years. Highly sensitive banking transactions have been routinely processed through ATM networks since the late 1970s.

Once participants in the electronic marketplace understand the mechanisms set up for transacting business across the Internet, buying and selling online will be at least as simple and trusted a method as buying by phone or in person.

8. With a neat sketch explain the Electronic Commerce industry frame work?

Introduction

Electronic commerce is the ability to perform transactions involving the exchange of goods or services between two or more parties using electronic tools and techniques. Long employed by large businesses and financial service organizations, several factors are now converging to bring electronic commerce to a new level of utility and viability for small businesses and individuals -- thereby promising to make it part of everyday life.

These enabling factors include improved broader competitive access to networks, and the reduced cost and increased user-friendliness of both general-



purpose computers and specialized devices. The rapid growth of primarily the Internet and other on-line services, convenient point-of-sale payment systems, and automated teller machines all set the stage for broad-scale electronic commerce. Further, with relentless pressures of competition at all levels of the economy, the efficiencies offered by electronic commerce are becoming hard to ignore.

This white paper discusses primarily technical issues that, if properly addressed, can guide the evolution of electronic commerce. However, it is recognized that numerous complex social, legal and regulatory issues of equal importance must also be addressed if the potential of electronic commerce is to be realized. These include finding acceptable methods for authentication and protection of information, accomodating the special needs of law enforcement and international transactions, and creating the requisite means, technological and otherwise, of settling disputes. We point them out here specifically to emphasize their importance, but do not treat them at length in this paper. The remainder of the paper answers the following questions about electronic commerce:

Section 2 describes the advantages of electronic versus paper-based commerce and discusses several shortcomings of present electronic commerce systems. It then describes the kinds of progress that will need to be made to overcome these deficiencies and create an electronic commerce infrastructure. Section 3 describes the actual requirements of electronic commerce in terms of (1) the framework that must be in place, (2) the activities and functions that must be supported, and (3) the building blocks required to support these activities and functions. Section 4 presents an architecture and model for electronic commerce. Section 5 draws implications for future technical needs and for electronic commerce.

Types of information providers

Traditionally, in the physical world, we distinguish between three different types of information-driven companies: those that create content (e.g TV production), those that define the form or format (e.g recording studio) and finally those that provide the distribution medium.(e.g TV broadcasting station and cable operators). Companies that are targeting vertical markets need access in all three areas (see red, dashed circle, fig 1).

EC functions

The following ten functions must be provided in order to EC to occur; in essense, they are the enablers of EC:



Standards setting body WAN service provider Hosting service (i.e data center) Software developer (ISV or VAR) Certification authority Publisher/Aggregator (presense provider) Copyright broker Metering authority Auditing authority Information consumer

The provision of the above ten EC functions does not necessitate the involvement of an equivalent number of parties; many of these will be carried out by the same provider. For example, the Hosting Service can be the same organization as the Publisher/Aggregator.

9. Definition E-commerce and Introduction of E-commerce?.

Electronic commerce, commonly known as e-commerce or eCommerce, consists of the buying and selling of products or services over electronic systems such as the Internet and other computer networks. The amount of trade conducted electronically has grown dramatically since the wide introduction of the Internet. A wide variety of commerce is conducted in this way, including things such as electronic funds transfer, supply chain management, e-marketing, online marketing, online transaction processing, electronic data interchange (EDI), automated inventory management systems, and automated data collection systems. Modern electronic commerce typically uses the World Wide Web at least some point in the transaction's lifecycle, although it can encompass a wide range of technologies such as e-mail as well.

Introduction of E-commerce.

Electronic commerce, commonly known as e-commerce or eCommerce, consists of the buying and selling of products or services over electronic systems such as the Internet and other computer networks. The amount of trade conducted electronically has grown dramatically since the wide introduction of the Internet. A wide variety of commerce is conducted in this way, including things such as electronic funds transfer, supply chain management, e-marketing, online marketing, online transaction processing, electronic data interchange (EDI), automated inventory management systems, and automated data collection systems. Modern electronic commerce typically uses the World Wide Web at least some point in the transaction's lifecycle, although it can encompass a wide range of technologies such as e-mail as well.

A small percentage of electronic commerce is conducted entirely electronically for "virtual" items such as access to premium content on a website, but most



electronic commerce eventually involves physical items and their transportation in at least some way.

10. Explain History of the E-commerce and Internet ?

The meaning of the term "electronic commerce" has changed over the last 30 years. Originally, "electronic commerce" meant the facilitation of commercial transactions electronically, usually using technology like Electronic Data Interchange (EDI) and Electronic Funds Transfer (EFT), where both were introduced in the late 1970s, for example, to send commercial documents like purchase orders or invoices electronically.

The 'electronic' or 'e' in e-commerce refers to the technology/systems; the 'commerce' refers to be traditional business models. E-commerce is the complete set of processes that support commercial business activities on a network. In the 1970s and 1980s, this would also have involved information analysis. The growth and acceptance of credit cards, automated teller machines (ATM) and telephone banking in the 1980s were also forms of e-commerce. However, from the 1990s onwards, this would include enterprise resource planning systems (ERP), data mining and data warehousing.

In the dot com era, it came to include activities more precisely termed "Web commerce" -- the purchase of goods and services over the World Wide Web, usually with secure connections (HTTPS, a special server protocol that encrypts confidential ordering data for customer protection) with e-shopping carts and with electronic payment services, like credit card payment authorizations.

Today, it encompasses a very wide range of business activities and processes, from e-banking to offshore manufacturing to e-logistics. The ever growing dependence of modern industries on electronically enabled business processes gave impetus to the growth and development of supporting systems, including backend systems, applications and middleware. Examples are broadband and fibre-optic networks, supply-chain management software, customer relationship management software, inventory control systems and financial accounting software.

When the Web first became well-known among the general public in 1994, many journalists and pundits forecast that e-commerce would soon become a major economic sector. However, it took about four years for security protocols (like HTTPS) to become sufficiently developed and widely deployed. Subsequently, between 1998 and 2000, a substantial number of businesses in the United States and Western Europe developed rudimentary web sites.

Although a large number of "pure e-commerce" companies disappeared during the dot-com collapse in 2000 and 2001, many "brick-and-mortar" retailers recognized that such companies had identified valuable niche markets and began to add e-commerce capabilities to their Web sites. For example, after the collapse of online grocer Webvan, two traditional supermarket chains, Albertsons and Safeway, both



started e-commerce subsidiaries through which consumers could order groceries online.

The emergence of e-commerce also significantly lowered barriers to entry in the selling of many types of goods; accordingly many small home-based proprietors are able to use the internet to sell goods. Often, small sellers use online auction sites such as eBay, or sell via large corporate websites like Amazon.com, in order to take advantage of the exposure and setup convenience of such sites.

Internet :


Four Components to use the Internet in an easy manner:

1. DNS(Domain Name System).2. Packet switching , routing3. TCP4. IP Address

TCP -> S/w ensures the safe and reliable transfer of the data.IP -> IP S/w sets the rules for data transfer over a n/w.11. Define WWW and Advantages of E-Commerce?

Tim Berners – Lee first called the WWW in 1990.

Web Consists of three moving parts:

1.Web pages. 2.Links. 3.Servers

Web content types

Links

Forms

Images

GIF

JPEG

Multimedia

Web browsers:

All web pages are viewed through Pgms called Web browsers.

Small in size and simple.



How Webbrowser Works:-

Using URL, The URL tells the browser several things about how to access the

desired content

Example:

http://www.mcompany.com/home.html

it explains:

http ->protocol used

www.mcompany.com -> Server

home.html->file ->residing on a server called www.mcompany.com(location of

the file)

Advantages of E-Commerce:

New marketing time opportunities.

Electronic bill presentment and payment services

Related products and cross selling

Featured product listing

Coupon codes, gift certificates

Inventory control

Backorders allowed

Quantity discounts

Wholesale pricing capability

On Screen shopping list

Import existing data

Single or batch picture uploads

No plug-ins / programming

Web based administration

Complete store front system



UNIT – II

(SECURITY TECHNOLOGIES)

PART – B

1. What is a secured web server?

A computer that delivers (serves up) Web pages. Every Web server has an IP address and possibly a domain name. For example, if you enter the URL http://www.pcwebopedia.com/index.html in your browser, this sends a request to the server whose domain name is pcwebopedia.com. The server then fetches the page named index.html and sends it to your browser

2. What is a packet switched network?

Network that does not establish a dedicated path through the network for the duration of a session, opting instead to transmit data in units called packets in a connectionless manner. Data streams are broken into packets at the front end of a transmission, sent over the best available network connection, and then reassembled in their original order at the destination endpoint. 3. What is a software agent?

In computer science, a software agent is a piece of software that acts for a user or other program in a relationship of agency

4. Define DNS. (1) Short for Domain Name System (or Service or Server), an Internet service that translates domain names into IP addresses. Because domain names are alphabetic, they're easier to remember. The Internet however, is really based on IP addresses.


http://www.webopedia.com/TERM/D/IP_address.html

http://www.webopedia.com/TERM/D/domain_name.html

http://www.webopedia.com/TERM/D/Internet.html

http://www.webopedia.com/term/w/browser.html

http://www.webopedia.com/term/w/URL.html

http://www.webopedia.com/term/w/domain_name.html

http://www.webopedia.com/term/w/IP_address.html

http://www.webopedia.com/term/w/web_page.html

http://www.webopedia.com/term/w/computer.html


Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address. For example, the domain name www.example.com might translate to 198.105.232.4.

5. What is the need for intelligent agents?

The concept of an agent has become important in both Artificial Intelligence (AI) and mainstream computer science. Our aim in this paper is to point the reader at what we perceive to be the most important theoretical and practical issues associated with the design and construction of intelligent agents.

6. What is a markup language?

Markup language is a set of codes or tags that surrounds content and tells a person or program what that content is (its structure) and/or what it should look like (its format). Markup tags have a distinct syntax that sets them apart from the content that they surround

7. What is Digital Signature ?

In cryptography, a digital signature or digital signature scheme is a type of asymmetric cryptography used to simulate the security properties of a signature in digital, rather than written, form. Digital signature schemes normally give two algorithms, one for signing which involves the user's secret or private key, and one for verifying signatures which involves the user's public key. The output of the signature process is called the "digital signature."

8. What are the Security Concerns ?

a. Confidentialityb. Authenticityc. Integrity

9. What are the risk ?

Some serious risks are when u transmit data across the internet.

a. Interception by third partyb. Forgeryc. Modification



PART – B

1. Explain Internet ?


Four Components to use the Internet in an easy manner:

1. DNS(Domain Name System).2. Packet switching , routing3. TCP4. IP Address

TCP -> S/w ensures the safe and reliable transfer of the data.IP -> IP S/w sets the rules for data transfer over a n/w.

Why the Internet is UnSecure?

Internet is an open medium. it is an universal medium. In any case, the internet is definitely an open n/w. once data is transmitted beyond the organizational network, it may be handled by any number of different intermediate computers(called routers) which make sure the data is delivered to its intended destination. Data is also likely to travel across internet backbone networks, which move vast quantities of data over large distances.

It’s the protocols:

The primary protocol of the internet is TCP/IP. It contains Five Layers.

Application LayerTransport LayerInternet LayerLink Layer



Physical Layer

There is no weakness in protocol side.

Where the Risks Are?

The hacker who stole 20,000 credit card numbers did not exploit any weakness in the internet protocols; he exploited the weakness in the security of the computer where those numbers were stored.

What the Risk are?

Some serious risks are when u transmit data across the internet.

1. Interception by third party2. Forgery3. Modification

A Bigger Risk

1.password

The pwd should not be:

1. should not be easy to guess2. should not be written down near the computer from which it will be used.3. should not give out the pwd to anyone.4. should not leave an active session running on an unattended, unprotected system.5. pwd should be changed periodically.

Fighting Back

1. Firewall should be used b/w internet and our org.

What it all means

The bottom line is that the Internet is a public network, and anyone concerned with transmission security needs to approach the Internet in the same way one would approach communicating by any other public means. Internet communications are functionally equivalent (at least as far as security goes) to communicating in a public hall. Conversations between you and your neighbor can be overheard by anyone who wants to eavesdrop; if you want to talk to someone at the opposite end of the hall, you’ve got to rely on intermediaries to carry the message between you.

Security Concerns:



1. Confidentiality2. Authenticity3. Integrity

2. Explain Cryptography?

Deals / study of encryption and decryption.

The objective of cryptography: Keep the information in a secret manner. Encryption: used to convert the plain text into cipher text Decryption: used to convert the cipher text into plain text Syntax: Basic Mechanism of cryptography:

Plaintext > encrypt > cipher text

> n/w > cipher text

>decrypt > plaintext

Here we are using Keys to convert plain text into cipher text.

1. Symmetric key / Private Key --- >same key shared b/w sender and receiver(for encryption and decryption).

Sender(Plaintext)->Encryp(using private key)->cipher text|(across the n/w)

Cipher text->Decrypt(using same key)->(Plaintext)Receiver

2. Asymmetric key / Public Key two keys are used .one key is used for En-cryption(public key) and one key is used for Decryption(Private key).

(A)Sender(Plaintext)->Encryp(using B’s public key)->cipher text|(across the n/w)

Cipher text->Decrypt(using B’s private key)->(Plaintext)Receiver(B)

Types of cipher text:

a. Transposition text.

Interchanging the position of text. EX. GOD as ODG

b. Substitution text.

Placing the character instead of original text.

EX: God is encrypted as hpe



3. Explain Three Cryptographic Applications ?

a. Encryptionb. Digital Signaturec. Nonrepudiation and MessageIntegrity

Breaking Encryption Standard:

Even though we have several encryption methods there are some intruders are there to find our encryption algorithm and cipher key size(secret key). so it should be three-digit combination or more than three. Because if its three-digit combination means there 1000 chances are there to set the secret-key .so its very hard to find the secret-key and its very hard to break our encryption methods/secret key.

Therefore, we should set the secret key in multi-digit combinations.

Key Distribution and Certification

The preceding discussion about private and public key cryptography has avoided the issue of how to manage key distribution. As with all the other aspects of cryptography, there are well known problems pertaining to secure and reliable key distribution. To illustrate, a simple scenario:

Bob and Alice are two acquaintances who communicate by e-mail on occasion. Evil Robert, impersonating Bob, sends a forged piece of e-mail to Alice, re-

questing a secure communication channel using public key encryption. Included in this forged message is Evil Robert’s public key(which he represents

as Bob’s public key). Alice receives the message and encrypts a reply using what she believes to be

Bob’s public key(but which is actually Evil Robert’s public key). Evil Robert receives the message, decrypts it with her own secret key, and is

able to communicate with Alice while pretending to be job.

of course, this scenario can be easily defeated if jones could some how verify that the public key matches the person who sends it.Data Encryption Standard:

A widely-adopted implementation of secret-key cryptography is Data Encryption Standard (DES). The actual software to perform DES is readily available at no cost to anyone who has access to the Internet. DES was introduced in 1975 by IBM, the National Security Agency(NSA), and the National Bureau of Standards (NBS). DES has been extensively researched and studied over the last twenty years and is definitely the most well-known and widely used cryptosystem in the world.

DES is a secret-key, symmetric cryptosystem: when used for communication, both sender and receiver must know the same secret key, which is used both to encrypt and decrypt the message. DES can also be used for single user encryption,



for example, to store files on a hard disk in encrypted form. In a multiuser environment, however, secure-key distribution becomes difficult; public-key cryptography, discussed in the next subsection, was developed to solve this pbm.

DES operates on 64-bit blocks with a 56-bit secret key. Designed for hardware implementation, its operation is relatively fast and works well for large bulk documents or encryption. Instead of defining just one encryption algorithm, DES defines a whole family of them. With a few exceptions, a different algorithm is generated for each secret key. This means that everybody can be told about the algorithm and ur message will still be secure. u just need to tell others ur secret key a number less than 2power56. the number 2power56 is also large enough to make it difficult to break the code using a brute force attack(trying to break the cipher by using all possible keys).

DES has withstood the test of time. Describe the fact that its algorithm is well known, it is impossible to break the cipher without using tremendous amount of computing power. A new technique for improving the security of DES is triple Encryption (Triple DES) that is ,encrypting each message block using three different keys in succession. Triple DES thought to be equivalent to doubling the key size of DES, to 112 bits, should prevent Decryption by a Third Party capable of single-key exhaustive search(mh81) . Of Course, using Triple Encryption takes three times as long as single encryption DES. If u use DES three times on the same msg with different secret-keys, it is virtually impossible to break it using existing algorithms.

Over the past few years several new, faster symmetric algorithm have been developed , but DES remains the most frequently used.

4. Explain Trusted Key Distribution and Verification ?

With the wider application of public key cryptography for the purpose of commerce, mechanisms for the trusted publication and distribution of public keys are necessary. Simply having a merchant(or customer) send a copy of a public key will not do, since a forger could sent her own public key while pretending to be someone else.

One solution is for some (respected) organization to offer key publishing services. Those who wish to can report their keys and their identities, and anyone else can find a key by looking for a person’s name. To add further trust, people can have other people certify their public keys. In other words, one person (or organization) can vouch for another one by adding their own name and public key to the listing. The greater the resulting “pedigree” to ur public key, the greater amount of trust others can put in ur digital signature.

5. Explain FireWall ?



A firewall's basic task is to transfer traffic between computer networks of different trust levels. Typical examples are the Internet which is a zone with no trust and an internal network which is a zone of higher trust. A zone with an intermediate trust level, situated between the Internet and a trusted internal network, is often referred to as a "perimeter network"

This article is about the network security device. For other uses, see Firewall (disambiguation).

A firewall is a hardware or software device which is configured to permit, deny, or proxy data through a computer network which has different levels of trust.

FireWall Diagram

Advantages of Network Security :

1. Consult your system support personnel if you work from home 2. Use virus protection software 3. Use a firewall 4. Don’t open unknown email attachments 5. Don’t run programs of unknown origin 6. Disable hidden filename extensions 7. Keep all applications (including your operating system) patched 8. Turn off your computer or disconnect from the network when not in use 9. Disable Java, JavaScript, and ActiveX if possible 10. Disable scripting features in email programs 11. Make regular backups of critical data 12. Make a boot disk in case your computer is damaged or compromised.

6. Explain Digital Signature?

In cryptography, a digital signature or digital signature scheme is a type of


http://en.wikipedia.org/wiki/Image:Firewall_(networking).png


asymmetric cryptography used to simulate the security properties of a signature in digital, rather than written, form. Digital signature schemes normally give two algorithms, one for signing which involves the user's secret or private key, and one for verifying signatures which involves the user's public key. The output of the signature process is called the "digital signature."

Digital signatures, like written signatures, are used to provide authentication of the associated input, usually called a "message." Messages may be anything, from electronic mail to a contract, or even a message sent in a more complicated cryptographic protocol. Digital signatures are used to create public key infrastructure (PKI) schemes in which a user's public key (whether for public-key encryption, digital signatures, or any other purpose) is tied to a user by a digital identity certificate issued by a certificate authority. PKI schemes attempt to unbreakably bind user information (name, address, phone number, etc.) to a public key, so that public keys can be used as a form of identification.

Digital signatures are often used to implement electronic signatures, a broader term that refers to any electronic data that carries the intent of a signature[1], but not all electronic signatures use digital signatures.[2][3][4][5] In some countries, including the United States, and in the European Union, electronic signatures have legal significance. However, laws concerning electronic signatures do not always make clear their applicability towards cryptographic digital signatures, leaving their legal importance somewhat unspecified

Benefits of digital signatures

These are common reasons for applying a digital signature to communications:

Authentication

Although messages may often include information about the entity sending a message, that information may not be accurate. Digital signatures can be used to authenticate the source of messages. When ownership of a digital signature secret key is bound to a specific user, a valid signature shows that the message was sent by that user. The importance of high confidence in sender authenticity is especially obvious in a financial context. For example, suppose a bank's branch office sends instructions to the central office requesting a change in the balance of an account. If the central office is not convinced that such a message is truly sent from an authorized source, acting on such a request could be a grave mistake.

Integrity

In many scenarios, the sender and receiver of a message may have a need for confidence that the message has not been altered during transmission. Although encryption hides the contents of a message, it may be possible to change an encrypted message without understanding it. (Some encryption algorithms, known as



nonmalleable ones, prevent this, but others do not.) However, if a message is digitally signed, any change in the message will invalidate the signature. Furthermore, there is no efficient way to modify a message and its signature to produce a new message with a valid signature, because this is still considered to be computationally infeasible by most cryptographic hash functions (see collision resistance).

Drawbacks of digital signatures:

Association of digital signatures and trusted time stamping

Digital signature algorithms and protocols do not inherently provide certainty about the date and time at which the underlying document was signed. The signer might, or might not, have included a time stamp with the signature, or the document itself might have a date mentioned on it, but a later reader cannot be certain the signer did not, for instance, backdate the date or time of the signature. Such misuse can be made impracticable by using trusted time stamping in addition to digital signatures.

Non-repudiation

In a cryptographic context, the word repudiation refers to any act of disclaiming responsibility for a message. A message's recipient may insist the sender attach a signature in order to make later repudiation more difficult, since the recipient can show the signed message to a third party (eg, a court) to reinforce a claim as to its signatories and integrity. However, loss of control over a user's private key will mean that all digital signatures using that key, and so ostensibly 'from' that user, are suspect. Nonetheless, a user cannot repudiate a signed message without repudiating their signature key. It is aggravated by the fact there is no trusted time stamp, so new documents (after the key compromise) cannot be separated from old ones, further complicating signature key invalidation. Certificate Authorities usually maintain a public repository of public-key so the association user-key is certified and signatures cannot be repudiated. Expired certificates are normally removed from the directory. It is a matter for the security policy and the responsibility of the authority to keep old certificates for a period of time if a non-repudiation of data service is provided.

Some digital signature algorithms

Full Domain Hash, RSA-PSS etc., based on RSA DSA ECDSA ElGamal signature scheme Undeniable signature SHA (typically SHA-1) with RSA Rabin signature algorithm Pointcheval-Stern signature algorithm Schnorr signature



Aggregate signature - a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into a single short signature. This single signature will convince the verifier that the n users did indeed sign the n original messages

7. Discuss in detail about Data Encryption Standard?

The Data Encryption Standard (DES) is a cipher (a method for encrypting information) selected as an official Federal Information Processing Standard (FIPS) for the United States in 1976 and which has subsequently enjoyed widespread use internationally. The algorithm was initially controversial with classified design elements, a relatively short key length, and suspicions about a National Security Agency (NSA) backdoor. DES consequently came under intense academic scrutiny which motivated the modern understanding of block ciphers and their cryptanalysis.

DES is now considered to be insecure for many applications. This is chiefly due to the 56-bit key size being too small; in January, 1999, distributed.net and the Electronic Frontier Foundation collaborated to publicly break a DES key in 22 hours and 15 minutes (see chronology). There are also some analytical results which demonstrate theoretical weaknesses in the cipher, although they are infeasible to mount in practice. The algorithm is believed to be practically secure in the form of Triple DES, although there are theoretical attacks. In recent years, the cipher has been superseded by the Advanced Encryption Standard (AES).

In some documentation, a distinction is made between DES as a standard and DES the algorithm which is referred to as the DEA (the Data Encryption Algorithm). When spoken, "DES" is either spelled out (IPA: /diː iː ɛs/) as an abbreviation or pronounced as a single syllable (IPA: /dɛs/) acronym.

History of DES

This section does not cite any references or sources. (April 2008)Please help improve this section by adding citations to reliable sources. Unverifiable material may be challenged and removed.

The origins of DES go back to the early 1970s. In 1972, after concluding a study on the US government's computer security needs, the US standards body NBS (National Bureau of Standards) — now named NIST (National Institute of Standards and Technology) — identified a need for a government-wide standard for encrypting unclassified, sensitive information. Accordingly, on 15 May 1973, after consulting with the NSA, NBS solicited proposals for a cipher that would meet rigorous design criteria. None of the submissions, however, turned out to be suitable. A second request was issued on 27 August 1974. This time, IBM submitted a candidate which was deemed acceptable — a cipher developed during the period 1973–1974 based on an earlier algorithm, Horst Feistel's Lucifer cipher. The team at IBM involved in


http://en.wikipedia.org/wiki/Lucifer_(cipher)

http://en.wikipedia.org/wiki/Horst_Feistel

http://en.wikipedia.org/wiki/International_Business_Machines

http://en.wikipedia.org/wiki/1974

http://en.wikipedia.org/wiki/August_27


http://en.wikipedia.org/wiki/May_15

http://en.wikipedia.org/wiki/NIST

http://en.wikipedia.org/wiki/NBS

http://en.wikipedia.org/wiki/Computer_security

http://en.wikipedia.org/wiki/Wikipedia:Verifiability

http://en.wikipedia.org/wiki/Wikipedia:Reliable_sources

http://en.wikipedia.org/w/index.php?title=Data_Encryption_Standard&action=edit

http://en.wikipedia.org/wiki/Wikipedia:Verifiability

http://en.wikipedia.org/wiki/Wikipedia:Citing_sources

http://en.wikipedia.org/wiki/Acronym

http://en.wikipedia.org/wiki/Help:IPA_for_English

http://en.wikipedia.org/wiki/Abbreviation

http://en.wikipedia.org/wiki/Help:IPA_for_English

http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

http://en.wikipedia.org/wiki/Triple_DES

http://en.wikipedia.org/wiki/Data_Encryption_Standard#Chronology

http://en.wikipedia.org/wiki/Electronic_Frontier_Foundation


http://en.wikipedia.org/wiki/Distributed.net

http://en.wikipedia.org/wiki/Cryptanalysis

http://en.wikipedia.org/wiki/Block_cipher

http://en.wikipedia.org/wiki/Backdoor_(computing)

http://en.wikipedia.org/wiki/National_Security_Agency

http://en.wikipedia.org/wiki/National_Security_Agency

http://en.wikipedia.org/wiki/Key_length

http://en.wikipedia.org/wiki/Classified_information

http://en.wikipedia.org/wiki/Algorithm

http://en.wikipedia.org/wiki/United_States

http://en.wikipedia.org/wiki/Federal_Information_Processing_Standard

http://en.wikipedia.org/wiki/Encrypt

http://en.wikipedia.org/wiki/Cipher


cipher design and analysis included Feistel, Walter Tuchman, Don Coppersmith, Alan Konheim, Carl Meyer, Mike Matyas, Roy Adler, Edna Grossman, Bill Notz, Lynn Smith, and Bryant Tuckerman.

NSA's involvement in the designOn March 17, 1975, the proposed DES was published in the Federal Register. Public comments were requested, and in the following year two open workshops were held to discuss the proposed standard. There was some criticism from various parties, including from public-key cryptography pioneers Martin Hellman and Whitfield Diffie, citing a shortened key length and the mysterious "S-boxes" as evidence of improper interference from the NSA. The suspicion was that the algorithm had been covertly weakened by the intelligence agency so that they — but no-one else — could easily read encrypted messages.[citation needed] Alan Konheim (one of the designers of DES) commented, "We sent the S-boxes off to Washington. They came back and were all different."[1] The United States Senate Select Committee on Intelligence reviewed the NSA's actions to determine whether there had been any improper involvement. In the unclassified summary of their findings, published in 1978, the Committee wrote:

"In the development of DES, NSA convinced IBM that a reduced key size was sufficient; indirectly assisted in the development of the S-box structures; and certified that the final DES algorithm was, to the best of their knowledge, free from any statistical or mathematical weakness."[2]

However, it also found that

"NSA did not tamper with the design of the algorithm in any way. IBM invented and designed the algorithm, made all pertinent decisions regarding it, and concurred that the agreed upon key size was more than adequate for all commercial applications for which the DES was intended."[3] Another member of the DES team, Walter Tuchman, is quoted as saying, "We developed the DES algorithm entirely within IBM using IBMers. The NSA did not dictate a single wire!"[4]

Some of the suspicions about hidden weaknesses in the S-boxes were allayed in 1990, with the independent discovery and open publication by Eli Biham and Adi Shamir of differential cryptanalysis, a general method for breaking block ciphers. The S-boxes of DES were much more resistant to the attack than if they had been chosen at random, strongly suggesting that IBM knew about the technique back in the 1970s. This was indeed the case — in 1994, Don Coppersmith published the original design criteria for the S-boxes. According to Steven Levy, IBM Watson researchers discovered differential cryptanalytic attacks in 1974 and were asked by the NSA to keep the technique secret.[5] Coppersmith explains IBM's secrecy decision by saying, "that was because [differential cryptanalysis] can be a very powerful tool, used against many schemes, and there was concern that such information in the public domain could adversely affect national security." Levy quotes Walter Tuchman: "[t]hey asked us to stamp all our documents confidential... We actually put


http://en.wikipedia.org/wiki/Data_Encryption_Standard#cite_note-4%23cite_note-4

http://en.wikipedia.org/wiki/Steven_Levy

http://en.wikipedia.org/wiki/Differential_cryptanalysis

http://en.wikipedia.org/wiki/Adi_Shamir

http://en.wikipedia.org/wiki/Adi_Shamir

http://en.wikipedia.org/wiki/Eli_Biham




http://en.wikipedia.org/wiki/IBM

http://en.wikipedia.org/wiki/United_States_Senate_Select_Committee_on_Intelligence


http://en.wikipedia.org/wiki/Wikipedia:Citation_needed

http://en.wikipedia.org/wiki/Substitution_box

http://en.wikipedia.org/wiki/Key_length

http://en.wikipedia.org/wiki/Whitfield_Diffie

http://en.wikipedia.org/wiki/Whitfield_Diffie

http://en.wikipedia.org/wiki/Martin_Hellman

http://en.wikipedia.org/wiki/Public-key_cryptography

http://en.wikipedia.org/wiki/Federal_Register


http://en.wikipedia.org/wiki/March_17

http://en.wikipedia.org/wiki/Bryant_Tuckerman

http://en.wikipedia.org/wiki/Edna_Grossman

http://en.wikipedia.org/wiki/Don_Coppersmith

http://en.wikipedia.org/wiki/Walter_Tuchman


a number on each one and locked them up in safes, because they were considered U.S. government classified. They said do it. So I did it".[6] Shamir himself commented, "I would say that, contrary to what some people believe, there is no evidence of tampering with the DES so that the basic design was weakened."[citation needed]

The other criticism — that the key length was too short — was supported by the fact that the reason given by the NSA for reducing the key length from 64 bits to 56 was that the other 8 bits could serve as parity bits, which seemed somewhat specious.[citation needed] It was widely believed that NSA's decision was motivated by the possibility that they would be able to brute force attack a 56 bit key several years before the rest of the world would.[citation needed]

The algorithm as a standardDespite the criticisms, DES was approved as a federal standard in November 1976, and published on 15 January 1977 as FIPS PUB 46, authorized for use on all unclassified data. It was subsequently reaffirmed as the standard in 1983, 1988 (revised as FIPS-46-1), 1993 (FIPS-46-2), and again in 1999 (FIPS-46-3), the latter prescribing "Triple DES" (see below). On 26 May 2002, DES was finally superseded by AES, the Advanced Encryption Standard, following a public competition (see AES process). On 19 May 2005, FIPS 46-3 was officially withdrawn, but NIST has approved Triple DES through the year 2030 for sensitive government information.[7]

Another theoretical attack, linear cryptanalysis, was published in 1994, but it was a brute force attack in 1998 that demonstrated that DES could be attacked very practically, and highlighted the need for a replacement algorithm. These and other methods of cryptanalysis are discussed in more detail later in the article.

The introduction of DES is considered to have been a catalyst for the academic study of cryptography, particularly of methods to crack block ciphers. According to a NIST retrospective about DES,

The DES can be said to have "jump started" the nonmilitary study and development of encryption algorithms. In the 1970s there were very few cryptographers, except for those in military or intelligence organizations, and little academic study of cryptography. There are now many active academic cryptologists, mathematics departments with strong programs in cryptography, and commercial information security companies and consultants. A generation of cryptanalysts has cut its teeth analyzing (that is trying to "crack") the DES algorithm. In the words of cryptographer Bruce Schneier [9],[8] "DES did more to galvanize the field of cryptanalysis than anything else. Now there was an algorithm to study." An astonishing share of the open literature in cryptography in the 1970s and 1980s dealt with the DES, and the DES is the standard against which every symmetric key algorithm since has been compared.[9]




http://en.wikipedia.org/wiki/Bruce_Schneier

http://en.wikipedia.org/wiki/Cryptanalysis

http://en.wikipedia.org/wiki/Brute_force_attack

http://en.wikipedia.org/wiki/Linear_cryptanalysis



http://en.wikipedia.org/wiki/NIST



http://en.wikipedia.org/wiki/AES_process

http://en.wikipedia.org/wiki/AES_process






http://en.wikipedia.org/wiki/January_15


http://en.wikipedia.org/wiki/Brute_force_attack


http://en.wikipedia.org/wiki/Parity




Chronology

Date Year Event

15 May1973

NBS publishes a first request for a standard encryption algorithm

27 August1974

NBS publishes a second request for encryption algorithms

17 March1975

DES is published in the Federal Register for comment

August1976

First workshop on DES

September1976

Second workshop, discussing mathematical foundation of DES

November1976

DES is approved as a standard

15 January1977

DES is published as a FIPS standard FIPS PUB 46

1983

DES is reaffirmed for the first time

1986

Videocipher II, a TV satellite scrambling system based upon DES begins use by HBO

22 January1988

DES is reaffirmed for the second time as FIPS 46-1, superseding FIPS PUB 46

July 199 Biham and Shamir rediscover differential cryptanalysis, and apply it to a




http://en.wikipedia.org/wiki/Videocipher



http://en.wikipedia.org/wiki/August_27



0 15-round DES-like cryptosystem.

1992

Biham and Shamir report the first theoretical attack with less complexity than brute force: differential cryptanalysis. However, it requires an unrealistic 247 chosen plaintexts.

30 Decemb er

1993

DES is reaffirmed for the third time as FIPS 46-2

1994

The first experimental cryptanalysis of DES is performed using linear cryptanalysis (Matsui, 1994).

June1997

The DESCHALL Project breaks a message encrypted with DES for the first time in public.

July1998

The EFF's DES cracker (Deep Crack) breaks a DES key in 56 hours.

January1999

Together, Deep Crack and distributed.net break a DES key in 22 hours and 15 minutes.

25 October1999

DES is reaffirmed for the fourth time as FIPS 46-3, which specifies the preferred use of Triple DES, with single DES permitted only in legacy systems.

26 Novemb er

2001

The Advanced Encryption Standard is published in FIPS 197

26 May2002

The AES standard becomes effective

26 July2004

The withdrawal of FIPS 46-3 (and a couple of related standards) is proposed in the Federal Register[10]

19 May 2005

NIST withdraws FIPS 46-3 (see Federal Register vol 70, number 96)


http://csrc.nist.gov/publications/fips/05-9945-DES-Withdrawl.pdf



http://en.wikipedia.org/wiki/July_26



http://en.wikipedia.org/wiki/26_November

http://en.wikipedia.org/wiki/26_November


http://en.wikipedia.org/wiki/October_25

http://en.wikipedia.org/wiki/Distributed.net

http://en.wikipedia.org/wiki/Deep_Crack

http://en.wikipedia.org/wiki/EFF_DES_cracker


http://en.wikipedia.org/w/index.php?title=DESCHALL_Project&action=edit&redlink=1



http://en.wikipedia.org/wiki/30_December

http://en.wikipedia.org/wiki/30_December

http://en.wikipedia.org/wiki/Chosen_plaintext



15 March2007

The FPGA based parallel machine COPACOBANA of the University of Bochum and Kiel, Germany, breaks DES in 6.4 days at $10,000 hardware cost

8. Write short notes on

a. Key Distribution techniques.b. Digital Signature

c. Non-repudiation

(a) Key Distribution techniques.

The general key distribution problem refers to the task of distributing secret keys between communicating parties to provide security properties such as secrecy and authentication.In sensor networks, key distribution is usually combined with initial communication establishment to bootstrap a secure communication infrastructure from a collection of deployed sensor nodes. In the setting we study in this chapter, nodes have been pre-initialized with some secret information before deployment, but only after network setup, we know the location of nodes. The node location often determines which nodes need to establish a cryptographic keys with which other nodes, so we cannot set up these keys before deployment.

In this chapter, we refer to the combined problem of key distribution and secure communications establishment as the security bootstrapping problem, or simply the bootstrapping problem. A bootstrapping protocol must not only enable a newly deployed sensor network to initiate a secure infrastructure, but it must also allow nodes deployed at a later time to join the network securely. This is a challenging problem due to the many limitations of sensor network hardware and software.

In this chapter, we discuss and evaluate several well-known methods of key distribution. Besides these, we present an in-depth study of random key pre2 distribution, a method that has recently attracted significant research attention, and we have also worked on. (b) Digital Signature

A digital signature scheme typically consists of three algorithms:

A key generation algorithm that selects a private key uniformly at random from a set of possible private keys. The algorithm outputs the private key and a cor-responding public key.

A signing algorithm which, given a message and a private key, produces a sig-nature.


http://en.wikipedia.org/wiki/Uniform_distribution_(discrete)

http://en.wikipedia.org/wiki/Key_generation

http://en.wikipedia.org/wiki/Custom_hardware_attack#History



A signature verifying algorithm which given a message, public key and a signa-ture, either accepts or rejects.

Two main properties are required. First, a signature generated from a fixed message and fixed private key should verify on that message and the corresponding public key. Secondly, it should be computationally infeasible to generate a valid signature for a party who does not possess the private key.

Benefits of digital signatures

Below are some common reasons for applying a digital signature to communications:

Authentication

Although messages may often include information about the entity sending a message, that information may not be accurate. Digital signatures can be used to authenticate the source of messages. When ownership of a digital signature secret key is bound to a specific user, a valid signature shows that the message was sent by that user. The importance of high confidence in sender authenticity is especially obvious in a financial context. For example, suppose a bank's branch office sends instructions to the central office requesting a change in the balance of an account. If the central office is not convinced that such a message is truly sent from an authorized source, acting on such a request could be a grave mistake.

Integrity

In many scenarios, the sender and receiver of a message may have a need for confidence that the message has not been altered during transmission. Although encryption hides the contents of a message, it may be possible to change an encrypted message without understanding it. (Some encryption algorithms, known as nonmalleable ones, prevent this, but others do not.) However, if a message is digitally signed, any change in the message will invalidate the signature. Furthermore, there is no efficient way to modify a message and its signature to produce a new message with a valid signature, because this is still considered to be computationally infeasible by most cryptographic hash functions (see collision resistance).

Drawbacks of digital signatures.

Despite their usefulness, digital signatures alone do not solve the following problems:

Association of digital signatures and trusted time stamping

Digital signature algorithms and protocols do not inherently provide certainty about the date and time at which the underlying document was signed. The signer might have included a time stamp with the signature, or the document itself might


http://en.wikipedia.org/wiki/Collision_resistance

http://en.wikipedia.org/wiki/Collision_resistance

http://en.wikipedia.org/wiki/Cryptographic_hash_functions

http://en.wikipedia.org/wiki/Malleability_(cryptography)


have a date mentioned on it. Regardless of the document's contents, a reader cannot be certain the signer did not, for example, backdate the date or time of the signature. Such misuse can be made impracticable by using trusted time stamping in addition to digital signatures.

c. Non-repudiation

In a cryptographic context, the word repudiation refers to any act of disclaiming responsibility for a message. A message's recipient may insist the sender attach a signature in order to make later repudiation more difficult, since the recipient can show the signed message to a third party (e.g., a court) to reinforce a claim as to its signatories and integrity. However, loss of control over a user's private key will mean that all digital signatures using that key, and so ostensibly 'from' that user, are suspect. Nonetheless, a user cannot repudiate a signed message without repudiating their signature key. This is aggravated by the fact there is no trusted time stamp, so new documents (after the key compromise) cannot be separated from old ones, further complicating signature key invalidation. Certificate authorities usually maintain a public repository of public keys so the associated private key is certified and signatures cannot be repudiated. Expired certificates are normally removed from the repository. It is a matter for the security policy and the responsibility of the authority to keep old certificates for a period of time if non-repudiation of data service is provided.


http://en.wikipedia.org/wiki/Certificate_authority

http://en.wikipedia.org/wiki/Trusted_timestamping


UNIT – III

ELECTRONIC PAYMENT METHODS

PART – A

1. What is meant by Secure Electronic Transaction protocol?

Secure Electronic Transaction (SET) is a standard protocol for securing credit card transactions over insecure networks, specifically, the Internet. SET is not itself a payment system, but rather a set of security protocols and formats that enables users to employ the existing credit card payment infrastructure on an open network in a secure fashion.

2. What is micro payment?

Micro payments are means for transferring very small amounts of money, in situations where collecting such small amounts of money with the usual payment systems is impractical, or very expensive, in terms of the amount of money being collected. "Micropayment" originally meant 1/1000th of a US dollar,[1] [2] , meaning a payment system that could efficiently handle payments at least as small as a mill, but now is often defined to mean payments too small to be affordably processed by credit card or other electronic transaction processing mechanism. The use of micropayments may be called Microcommerce

3. What is the difference between B2B and B2c website?

B2C websites are intermediary portals to link customers to suppliers. Some of the major ones are ebay, an auction site. Yell, an internet version of yellow pages and ZDNet a technology market place. All of these businesses exist primarily on the internet. They are what is known as e-businesses (electronic businesses). All of them can be classified under one general heading, market places.

B2C concerns itself with selling to the end user. Typically these are sites like Amazon, online book retailers, lastminute.com, a "good times" portal. These sites are more interested in passing the goods to the end user. There is likely a slight difference between them and your business. They are actually internet based. That is to say they exist primarily on the internet. Offices and warehousing are borne from necessity of their internet success.

4. What are the features to be considered for Electronic Payment System De-sign?

Managing Credit Risk Describe the infrastructure required to support Credit Card Processing Record keeping with credit cards is one of the features consumers value

most because of disputes and mistakes in billing Encryption and transaction speed must be balanced


http://www.lastminute.com/

http://www.amazon.com/

http://www.zdnet.com/

http://www.yell.com/

http://www.ebay.com/

http://en.wikipedia.org/wiki/Microcommerce

http://en.wikipedia.org/wiki/Mill_(currency)

http://www.w3.org/Conferences/WWW4/Papers/246/

http://www.marketconscious.com/dict3.htm

http://en.wikipedia.org/wiki/Payment_system

http://en.wikipedia.org/wiki/Payment_system

http://www.answers.com/topic/payment-system

http://www.answers.com/topic/internet-12

http://www.answers.com/topic/computer-network-2

http://www.answers.com/topic/charge-card

http://www.answers.com/topic/charge-card

http://www.answers.com/topic/communications-protocol


The complexity of credit card processing takes place in the verification phase

5. What is supply chain network?

Due to the rapid advancement of technology such as pervasive or ubiquitous wireless and internet networks, connective product marking technologies like RFID and emerging standards for the use of these defining specific locations using Global Location Number(s), the basic supply chain is rapidly evolving into what is known as a Supply Chain Network.

6. What is Offline?

Traditional Methods: (Offline methods)

a. Barter(Exaching the product) b.Coin c.Rupees d. Money Ordere.DDf.Personal Check

7. What is Online Transactions ?

Modern Methods: ( Online methods)

1. Echeck2.ECash3.Credit and Debit Cards4. Digital Wallet 5. Smart Cards

8. What is Payment Processing (s/w) service provider ?

a. ICVERIFYb. Authorize.Netc. Cybercash

9. What is Secure Online Transaction Models ?

a. Secure Web Serversb. Secure Server Purchasingc. Secure Server Sellingd. Required Facilities

i. Hardwareii. Softwareiii. Services


http://en.wikipedia.org/wiki/Supply_chain

http://en.wikipedia.org/wiki/Global_Location_Number

http://en.wikipedia.org/wiki/RFID


e. Electronic Malls

10. What is Protocols for the public transport of private information (or) Security Protocols ?

a. S-HTTP (Secure Hypertext Transfer Protocol)b. SSL (Secure Socket Layer)c. SET (Secure Electronic Transaction)

11. Credit Card Business Basics:

Before discussing SET , a few Credit Card processing definitions are in order . These terms are used throughout the SET document.

Cardholder : The consumer,customer ,you! Issuer : The bank who issued you a credit card.Merchant : The party from whom you are buying goods and Services.

Acquirer : The financial institution/bank who establishes an account with the merchant and processes payment authorizations and transactions for the merchant Payment Gateway : A device operated by an acquirer (financial institution ) that processes the merchant payment messages.

Brand : Visa,Master Card ,Discover,etc.

It is also important to point out that MasterCard and Visa are associations with banks comprising the membership.

13. Definition Digital Wallet?

Electronic wallet (E-wallet) is a software component in which a user stores credit card numbers and other personal information. When shopping online, the user simply clicks the e-wallet to automatically fill in the information needed to make a purchase (Turban. 2004:499).

14. Definition SHTTP ?

Secure hypertext transfer protocol - developed by Enterprise Integration Technologies to ensure security with commercial transactions on the Internet.

PART – B

1. What is supply chain network?

Due to the rapid advancement of technology such as pervasive or ubiquitous wireless and internet networks, connective product marking technologies like RFID and emerging standards for the use of these defining specific locations using Global Location Number(s), the basic supply chain is rapidly evolving into what is known as a Supply Chain Network.


http://en.wikipedia.org/wiki/Supply_chain

http://en.wikipedia.org/wiki/Global_Location_Number

http://en.wikipedia.org/wiki/RFID


a. Offline and Online Transactions

1. Traditional Methods: (Offline methods)

1. Barter(Exaching the product) 2. Coin 3. Rupees 4. Money Order5. DD6. Personal Check

b. Modern Methods: ( Online methods)

1. Echeck2. ECash3. Credit and Debit Cards4. Digital Wallet 5. Smart Cards

c. Payment Processing (s/w) service provider

1. ICVERIFY2. Authorize.Net3. Cybercash

d. Secure Online Transaction Models:

1. Secure Web Servers2. Secure Server Purchasing3. Secure Server Selling4. Required Facilities

1. Hardware2. Software3. Services

5. Electronic Malls

e. Protocols for the public transport of private information (or) Security Protocols:

1. S-HTTP (Secure Hypertext Transfer Protocol)2. SSL (Secure Socket Layer)3. SET (Secure Electronic Transaction)

2. In General how the System works(b/w client ,merchant & service provider)

a. A consumer visits a merchant Webpage and makes a purchase by entering the re-quired information.



b. The payment client software is then loaded, and a signed message is sent to the payment handler to initiate payment.

c. The payment handler verifies the signature and begins a signed payment so the consumer’s client software knows it is communicating with a genuine payment handler.

d. After the payment is completed, a signed receipt is issued to the consumer and the merchant.

e. The merchant uses this receipt or payment acknowledgement to begin the process of shipping the goods.

Definition: SHTTP:

Secure hypertext transfer protocol - developed by Enterprise Integration Technologies to ensure security with commercial transactions on the Internet.

Cards:

Credit Card Postpaid Debit Card -Prepaid

Credit Cards

Credit Card is a card which allows a person to purchase goods and services on borrowed money. It helps to purchase something without having to pay for it immediately, instead the company or organization, issuing the credit card, makes the payment on behalf of the customer but the customer is liable to pay the same to the issuer of the card within a definite period of time which may vary depending upon the credit card type and the issuing company. Thus, Credit Cards give financial flexibility to the consumers.

In the year 1956 California's Bank of America first introduced credit cards to the general mass. Some of the big vendors of credit cards are VISA, MasterCard and many more.

In order to avail credit card, a consumer is required to open an account with such a bank or company which is sponsoring the card. After this the company/bank sends a credit card to him with a denominated limit to it in monetary units. The customer is entitled to buy goods and services up to the specified credit card limit. The service provider sends monthly bill to the customer specifying the details of his purchase. The customer in-turn has to make the payment within a specified time period. If the customer doesn't pay full or part of the amount within time-limit then he has to pay monthly interest on the outstanding payment amount.

Generally, the interest rate charged by the credit card companies on the outstanding payable amount are higher than most of the popular loans. But they are exempted from paying the interest rates when the customer pays the full outstanding payable amount to the card issuer within a month.

Rate of interest on the credit cards vary from card to card. The rate generally



increases with an increase in a customer's outstanding payable amount.

Severe competition has led the credit card issuing companies to offer variety of incentives to the consumers ranging from cash back to special incentives for frequent users to gift certificates.

There are many credit cards which offer credits at low or nil interest rates. But in such cases the time period of low interest rates are fixed (usually from 6 months to 1 year) and after which the rate hikes considerably.

Hence, Credit Cards have become a part and parcel of the modern life which gives financial flexibility to the consumers.

3. What is Third Party Credit Card Processor?

Internet merchant accounts can be harder to obtain. This is because of increased security risks as no signatures are involved, nor is a card physically presented at the point of sale. Another option may be to use a third party processor, which is basically a payment gateway and merchant account rolled into one. A third party credit card processor is a company that accepts credit card orders on behalf of other online businesses.

If you are a new business with an untested product range, consider using a third party credit card processor while you test the waters, which will incorporate a payment gateway with a merchant account.

Many of these services will also incorporate a shopping cart application as part of the deal (see links at the end of this article) These services may appear to cost more, but they can save you from expensive long term contracts and initial outlay on shopping cart applications.

If you intend using a third party credit card processor that combines gateway services with a merchant account, added to the points already mentioned, ensure you also check on monthly gateway fees, AVS costs, and any other added fraud protection you wish to implement.

Rushed decisions in choosing your ecommerce applications, elements and third party services will dramatically increase the likelihood of your business failure. This is definitely an area where if you spend the time fully investigating all the options open to you - you'll reap the rewards after implementation.

It is worthwhile considering contracting the services of an ecommerce consultant to assist you in making these crucial decisions. The fees you pay to a consultant will be returned in increased profits - and less stress.

Top rated third party credit card processor is 2checkout low costs $49 one time signup fee



$0.45 per Sale 5.5% of Sale Amount 30 Day money back guarantee No application fees No monthly fees No statement fees No leases No SSL certificate to buy No fees for ACH deposits to U.S. or participating Canadian bank accounts Check Payment or Low Cost Wire to Non U.S. Bank Accounts FREE shopping cart FREE code for your web site FREE on-line tech support why 2 checkout No waiting weeks (Getting started immediately) No term contracts No equipment or software needed Easy to use plug-n-play code Simple commission fee structure International suppliers accepted List products & services just about anything Supports recurring billing Works with existing shopping carts Automatic purchase order notification State of the Art fraud detection Great for simple or complex needs Comprehensive account management tools Robust shipping options

Third Party Credit Card Processors Can't afford a merchant account right now? Check out these 3rd party credit card processing companies.

Instead of paying transaction fees, monthly statement fees, etc., they take a percentage of your products cost (usually 3% to 15%). 3rd party processing is a great option for Non-US businesses.

Where obtaining a merchant account is much too expensive or hard to get. BEWARE: This type of solution is good for businesses just starting out that don't have the money to purchase a merchant account right off the bat, but you will pay more in the long run.

It is recommended that once you do have the funds to support a merchant account that you purchase one. It is unwise to set up a merchant account/gateway if you anticipate gross revenues under $650 per month .

Beyond $650 in revenues per month, a merchant account/gateway option begins to become cost effective compared to the alternatives CCNow, ClickBank and DigiBuy are suitable only for products that have a fairly high mark-up that can



absorb the substantial purchase costs of 8% to 14%. But this analysis only examines direct purchase costs.

The hidden costs are in time and ease-of-use. Observe that: Several of the service bureaus don't remit receipts immediately to the merchant There is a delay of several weeks.

None of the service bureau solutions nor PayPal allow the merchant access to the customer's credit card number.

PayPal's shopping cart is pretty rudimentary, figuring shipping only crudely and taxes not at all.

DigiBuy provides a sophisticated digital download and registration system, but takes about 14% -- a significant chunk of the total sales price .

CCNow's shopping cart is better than PayPal's, but their shipping calculation is crude Since they are a Delaware corporation, state sales tax need not be calculated.

ClickBank has no shopping cart at all. An affiliate program is included in ClickBank, possible with DigiBuy and CCNow, and totally frustrated by PayPal.

Other third party credit card processors :

PayPal Paypal is flexible enough to serve as a complete billing solution. It provides a variety of E-commerce solutions that can be integrated into your Web site in a few easy steps.

For example, a simple “purchase button” can be placed on your Web site. Once a visitor decides to make a purchase, all they have to do is click on the button and submit their information. That button sends the request to PayPal's back end where it processes the entire transaction for you. And if your business sells multiple products and services, PayPal can even provide you with a shopping cart solution free of charge.

clickbank To use ClickBank you must:

Agree to sell us access to your digital product. Place a "Buy It At ClickBank" button on your web site. Offer detailed technical support pages for your product at your web site.

You can set the suggested retail price for your product. Each time we sell your product, we pay you (and the affiliate, if any) that retail price less $1 + 7.5%. ClickBank has a one-time $49.95 activation fee, and no monthly fees.

Basic Requirements



ClickBank only lists specific types of products. All products must be:

Deliverable entirely over the internet via web pages, downloadable files, or email.

Deliverable to every customer within 24 hours of purchase.

Backed by a valid customer support email address, to which paying customers and ClickBank staff can send inquiries and receive a human (non-automated) reply by the end of the following business day.

Backed by appropriate technical support pages, written in English, and hosted at your own web site.

Fully compliant with US law, including FTC Advertising Rules and Disclosure Rules Digibuy Digibuy is an electronic commerce solution for publishers of software, shareware, electronic art, information, and data.

Using DigiBuy's turnkey service, you can quickly and inexpensively build a secure storefront to merchandise your products, take orders online, process payments, and distribute digital products over the Internet.

Take a look at DigiBuy's features We also offer a service for college students and faculty looking to start their own digital business.

DigiBuy University is free to students and faculty.

Ibill Don't Have An Internet Merchant Account?

iBill Complete: As your merchant, iBill handles all banking, risk management, affiliate management and customer service issues for clients selling products and services on the Internet.

In addition, iBill Complete offers the most comprehensive payment options on the web, including credit cards, online checks, and telephone billing.

Already Have or Want an Internet Merchant Account? iBill Processing Plus : Serves the needs of merchants who manage their business with an individual Internet merchant account handling their own customer service.

iBill provides transaction processing, fraud control, business reporting tools, subscription capability, shopping cart functionality, and affiliate management.

ccnow Are you an independent business with great products to sell? Let CCNow assist you in selling online so that you have the time to manage the rest of your business. CCNow is the perfect low cost solution to selling your products online. Learn how CCNow helps business find customers online



4. What is E-Cash?

E-Cash represents several different types of products. This section explores the different types of e-cash products and how each functions. The pros and cons of e-cash versus competing products is also examined.

While many different companies are rushing to offer digital money products, currently e-cash is cash is represented by two models. One is the on-line form of e-cash (introduced by DigiCash) which allows for the completion of all types of internet transactions. The other form is off-line; essentially a digitally encoded card that could be used for many of the same transactions as cash. This off-line version (which also has on-line capabilities) is being tested by Mondex in partnership with various banks.

The primary function of e-cash is to facilitate transactions on the Internet. Many of these transactions may be small in size and would not be cost efficient through other payment mediums such as credit cards. Thus, WWW sites in the future may charge $0.10 a visit, or $0.25 to download a graphics file. These types of payments, turning the Internet into a transaction oriented forum, require mediums that are easy, cheap (from a merchants perspective), private (see Privacy), and secure (see Security). Electronic Cash is the natural solution, and the companies that are pioneering these services claim that the products will meet the stated criteria. By providing this type of payment mechanism, the incentives to provide worthwhile services and products via the Internet should increase. Another prospective beneficiary from these developments would be Shareware providers, since currently they rarely receive payments. To complete the digital money revolution an offline product is also required for the pocket money/change that most people must carry for small transactions (e.g. buying a newspaper, buying a cup of coffee, etc...).

The concept of electronic money is at least a decade old. [Hewitt 1994] demonstrates that check writing is a pre-cursor to E-cash. When one person writes a check on his bank account and gives the check to another person with an account at a different bank, the banks do not transfer currency. The banks use electronic fund transfer. Electronic money, removes the middleman. Instead of requesting the banks to transfer the funds through the mechanism of a check, the E-cash user simply transfers the money from his bank account to the account of the receiver.

The reality of E-cash is only slightly more complicated, and these complications make the transactions both secure and private. The user downloads electronic money from his bank account using special software and stores the E-cash on his local hard drive. To pay a WWW merchant electronically, the E-cash user goes through the software to pay the desired amount from the E-cash "wallet" to the merchants local hard drive ("wallet") after passing the transaction through an E-cash bank for authenticity verification. The merchant can then pay its bills/payroll with this E-cash or upload it to the merchant's hard currency bank account. The E-cash company makes money on each transaction from the merchant (this fee is very small, however) and from royalties paid by banks which provide customers with E-cash software/hardware for a small monthly fee. Transactions between individuals would



not be subject to a fee.

E-cash truly globalizes the economy, since the user can download money into his cyber-wallet in any currency desired. A merchant can accept any currency and convert it to local currency when the cybercash is uploaded to the bank account.

To the extent a user wants E-cash off-line, all that is necessary is smart card technology. The money is loaded onto the smartcard, and special electronic wallets are used to offload the money onto other smartcards or directly to an on-line system. Smartcards have been used successful in other countries for such transactions as phone calls for a number of years. The money could also be removed from a smartcard and returned to a bank account. Visa is developing a related product, the stored value card. This card comes in a variety of denominations, but functions more like a debit card than E-cash.

In essence, E-cash combines the benefits of other transaction mediums. Thus, it is similar to debit/credit cards, but E-cash allows individuals to conduct transactions with each other. It is similar to personal checks, but it is feasible for very small transactions. While it appears superior to other forms, E-cash will not completely replace paper currency. Use of E-cash will require special hardware, and while most people will have access, not all will. However, E-cash presents special challenges for the existing "middlemen" of the current paper currency society. More and more, banks and other financial intermediaries will serve simply as storehouses for money, lenders, and processing/verifying electronic transactions. Personal interaction with a teller, or even visits to a bank ATM will become obsolete. All one will have to do is turn on his computer. E-Cash Security

b.Security is of extreme importance when dealing with monetary transactions. Faith in the security of the medium of exchange, whether paper or digital, is essential for the economy to function.

There are several aspects to security when dealing with E-cash. The first issue is the security of the transaction. How does one know that the E-cash is valid? Encryption and special serial numbers are suppose to allow the issuing bank to verify (quickly) the authenticity of E-cash. These methods are susceptible to hackers, just as paper currency can be counterfeited. However, promoters of E-cash point out that the encryption methods used for electronic money are the same as those used to protect nuclear weapon systems. The encryption security has to also extend to the smartcard chips to insure that they are tamper resistant. While it is feasible that a system wide breach could occur, it is highly unlikely. Just as the Federal Government keeps a step ahead of the counterfeiters, cryptography stays a step ahead of hackers.

Physical security of the E-cash is also a concern. If a hard drive crashes, or a smartcard is lost, the E-cash is lost. It is just as if one lost a paper currency filled wallet. The industry is still developing rules/mechanisms for dealing with such losses, but for the most part, E-cash is being treated as paper cash in terms of physical security. Companies are making some exceptions when it comes to a



software/hardware failure, but these are supposed to be rare. To help customers get used to this concept, most companies are limiting E-cash wallets to $500, reflecting the primary use of E-cash for low value transactions. There is a benefit to E-cash in the area of theft, however. A mugger or pickpocket would not be able to make use of another's smartcard without the appropriate password. Merchants should also lose less cash to employee theft, since the electronic cash will be inaccessible (or, at a minimum, traceable).

The ultimate area of security is faith in the currency. This, however, would still be the responsibility of the Federal Government on a systemic basis. Essentially, the E-cash is merely a representation of hard currency on deposit at banks. Thus, faith in the system should not falter.E-Cash Privacy

c. Transactions involving paper currency are difficult to trace. If digital money is to replace paper currency, it must retain certain aspects of this quality.

As information technologies expand, privacy becomes of greater concern. People are realizing that with every credit card transaction, corporate databases are becoming larger and larger. By using paper currency, people are able to exclude themselves from these databases. Therefore, for e-cash to be effective, it must maintain this privacy function.

DigiCash claims it has developed a system that provides privacy for the user without sacrificing security for the receiver. If a system is completely private, the merchant has no way of verifying the validity of the electronic money. The user would also be unable to have a receipt for the transaction. However, DigiCash utilizes a one-sided signature. Basically, the user keeps record of payments made, but the merchant only receives enough information to allow his bank to verify the authenticity of the E-cash.

This signature process is also suppose to deter the criminal element of cash transactions. Since a record of the transaction is created and kept (by the payee), extortion, bribes, or other illegal transactions should occur less frequently.E-Cash Regulation

A new medium of exchange presents new challenges to existing laws. Largely, the laws and systems used to regulate paper currency are insufficient to govern digi-tal money.

The legal challenges of E-cash entail concerns over taxes and currency issuers. In addition, consumer liability from bank cards will also have to be addressed (currently $50 for credit cards). E-cash removes the intermediary from currency transactions, but this also removes much of the regulation of the currency in the current system.

Tax questions immediately arise as to how to prevent tax evasion at the income or consumption level. If cash-like transactions become easier and less costly,



monitoring this potential underground economy may be extremely difficult, if not impossible, for the IRS.

The more daunting legal problem is controlling a potential explosion of private currencies. Large institutions that are handling many transactions may issue electronic money in their own currency. The currency would not be backed by the full faith of the United States, but by the full faith of the institution. This is not a problem with paper currency, but until the legal system catches up with the digital world, it may present a problem with cybercash.

5. Explain Digital Wallet?

Definition

Electronic wallet (E-wallet) is a software component in which a user stores credit card numbers and other personal information. When shopping online, the user simply clicks the e-wallet to automatically fill in the information needed to make a purchase (Turban. 2004:499).

E-wallet is basically another online payment scheme that functions as a carrier of e-cash, in the same way that a wallet is used to carry real cash for doing a physical transaction in an actual shop. The purpose is to offer a secure and easy means of online payment (Awad, 2003:492).

Four steps of using E-wallet

a. Decide on an online shop website.

b. Download the wallet form from the website and fill out the personal information such as credit number, phone number, and address. By filling out the details once, personal information will be completed automatically when customers click the E-wallet when purchasing in the future.

c. Fill out the personal information as to where customers want merchandise to be shipped.

d. When customers are ready to buy, one way is to click the E-wallet button to execute the process; or drag information out of the wallet and drop it into the online form.

Cooperating companies

The Electronic Commerce Modeling Language (ECML) is an organizational attempt to set standards for e-wallet vendors in the industry. It provides guidelines for Web merchandise in exchanging data for shipping, billing, and payment between users and merchants. Supporting companies include: American Express, America Online, Brodia, Compaq Computer, CyberCash, Discover, IBM, MasterCard International, Microsoft, Novell, Sun Microsystems and Visa International



(Casselman, 2000).

Other on-line merchants who use e-wallet mode and support ECML include 1800-Batteries, Beyond.com, Dell Computer, Fashion.com, Healthshop.com, Nordstrom , Omaha Steaks, and Reel.com (Casselman, 2000).

Advantages and disadvantages

Jupiter Communications report that 27% of online buyers abandon orders before checking out because of the hassle of filling out forms (Graphic Arts Monthly, 1999). E-wallet shortens and simplifies the process of repeatedly filling out detailed information, in a save environment. Customers not only save time but also have control of personal data by being able to drag the proper card from the E-wallet pop-up screen (Quinton, 1999:32).

However, the drawback is that users must download the wallet form and software, after the download is complete, the wallet is installed as a plug-in or ActiveX control which is within a browser that must also be installed. browser (Kerstetter, 1998:10).

E-wallet in the future

Due to the popularity of the mobile phone, mobile phone bill payments will predictably increase in the future. In Scandinavian countries such as Finland and Sweden, it is estimate that over 60% of the population has mobile phones and already has wireless mobile devices to pay for everyday purchases (Rayport and Jaworski, 2002:567).

EWallet Definition

eWallet is a system that stores a customer's data for easy retrieval for online purchases. Since completing forms as part of an e-tail transaction can be a reason for aborting a transaction, an eWallet service can reduce this inconvenience for the consumer.

6. Explain Digital Currencies and Payment Systems? (also known as electronic cash, electronic currency, digital money, digital cash or digital currency)

Electronic money (also known as electronic cash, electronic currency, digital money, digital cash or digital currency) refers to money or scrip which is exchanged only electronically. Typically, this involves use of computer networks, the internet and digital stored value systems. Electronic Funds Transfer (EFT) and direct deposit are examples of electronic money. Also, it is a collective term for financial cryptography and technologies enabling it.

While electronic money has been an interesting problem for cryptography (see



for example the work of David Chaum and Markus Jakobsson), to date, use of digital cash has been relatively low-scale. One rare success has been Hong Kong's Octopus card system, which started as a transit payment system and has grown into a widely used electronic cash system. Another success is Canada's Interac network, which in 2000 at retail (in Canada) surpassed cash [1] as a payment method. Singapore also has an electronic money implementation for its public transportation system (commuter trains, bus, etc), which is very similar to Hong Kong's Octopus card and based on the same type of card (FeliCa). a good way to earn money easy, is noising to bux, that pays you for see websites. join here..

Alternative systems

Technically electronic or digital money is a representation, or a system of debits and credits, used (but not limited to this) to exchange value, within another system, or itself as a stand alone system, online or offline. Also sometimes the term electronic money is used to refer to the provider itself. A private currency may use gold to provide extra security, such as digital gold currency. An e-currency system may be fully backed by gold (like e-gold and c-gold), non-gold backed (like eeeCurrency), or both gold and non-gold backed (like e-Bullion and Liberty Reserve).

Many systems will sell their electronic currency directly to the end user, such as Paypal and WebMoney, but other systems, such as e-gold, sell only through third party digital currency exchangers.

In the case of Octopus Card in Hong Kong, deposits work similarly to banks'. After Octopus Card Limited receives money for deposit from users, the money is deposited into banks, which is similar to debit-card-issuing banks redepositing money at central banks.

Some community currencies, like some LETS systems, work with electronic transactions. Cyclos Software allows creation of electronic community currencies.

Ripple monetary system is a project to develop a distributed system of electronic money independent of local currency.

Virtual debit cards

Various companies now sell VISA, Mastercard or Maestro debit cards, which can be recharged via electronic money systems. This system has the advantage of greater privacy if a card provider is located offshore, and greater security since the client can never be debited more than the value on the prepaid card. Such debit cards are also useful for people who do not have a bank account. Generally cards can be recharged with either e-gold, e-Bullion, WebMoney, or via a wire transfer.

Advantages

Most money in today’s world is electronic, and tangible cash is becoming less



frequent. With the introduction of internet / online banking, debit cards, online bill payments and internet business, paper money is becoming a thing of the past.

Banks now offer many services whereby a customer can transfer funds, purchase stocks, contribute to their retirement plans (such as Canadian RRSP) and offer a variety of other services without having to handle physical cash or cheques. Customers do not have to wait in lines; this provides a lower-hassle environment.

Debit cards and online bill payments allow immediate transfer of funds from an individual's personal account to a business's account without any actual paper transfer of money. This offers a great convenience to many people and businesses alike.

Disadvantages

Although there are many benefits to digital cash, there are also many significant disadvantages. These include fraud, failure of technology, possible tracking of individuals and loss of human interaction.

Fraud over digital cash has been a pressing issue in recent years. Hacking into bank accounts and illegal retrieval of banking records has led to a widespread invasion of privacy and has promoted identity theft. [citation needed]

There is also a pressing issue regarding the technology involved in digital cash. Power failures, loss of records and undependable software often cause a major setback in promoting the technology. [citation needed]Privacy questions have also been raised; there is a fear that the use of debit cards and the like will lead to the creation by the banking industry of a global tracking system. Some people are working on anonymous ecash to try to address this issue. The issue of providing anonymity to users itself introduces more problems, however; there is the distinct possibility that a fully anonymous digital cash system could permit the "perfect crime" - i.e., where a criminal uses someone else's electronic cash to make a payment, but cannot be traced - to occur. For this reason, 'revokable anonymity' is a suggested solution: a user is fully anonymous until they commit some crime, at which point authorisation is given for their identity to be revealed. However, critics of this policy point out that the anonymous users will never be caught and held trial (thus their identity will never be revealed) without tracing.[citation needed]

Future evolution

The main focuses of digital cash development are 1) being able to use it through a wider range of hardware such as secured credit cards; and 2) linked bank accounts that would generally be used over an internet means, for exchange with a secure micropayment system such as in large corporations (PayPal).



Furthering network evolution in terms of the use of digital cash, a company named DigiCash is at the focus of creating an e-cash system that would allow issuers to sell electronic coins at some value. When they are purchased they come under someone’s own name and are stored on his computer or under his online identity. At all times, the e-cash is linked to the e-cash company and all transactions go through it, so the e-cash company secures anything that is purchased. Only the company knows your information and will properly direct purchases to your location.

Theoretical developments in the area of decentralized money are underway that may rival traditional, centralized money. Systems of accounting such as Altruistic Economics are emerging that are entirely electronic, and can be more efficient and more realistic because they do not assume a zero-sum transaction model.

6. Explain Secure Electronic Transaction (SET) ?

Secure Electronic Transaction (SET) is a standard protocol for securing credit card transactions over insecure networks, specifically, the Internet. SET is not itself a payment system, but rather a set of security protocols and formats that enables users to employ the existing credit card payment infrastructure on an open network in a secure fashion.

SET was developed by VISA and MasterCard (involving other companies such as GTE, IBM, Microsoft, Netscape, RSA and VeriSign) starting in 1996.

SET is based on X.509 certificates with several extensions. SET uses a blinding algorithm that, in effect, lets merchants substitute a certificate for a user's credit-card number. This allows traders to credit funds from clients' credit cards without the need of the credit card numbers.

SET makes use of cryptographic techniques such as digital certificates and public key cryptography to allow parties to identify themselves to each other and exchange information securely.

SET was heavily publicized in the late 1990's as the credit card approved standard, but failed to win market share. Reasons for this include:Network effect - need to install client software (an e wallet).

Cost and complexity for merchants to offer support and comparatively low cost and simplicity of the existing, adequate SSL based alternative.

Client-side certificate distribution logistics.

SET was said to become the de facto standard of payment method on the Internet between the merchants, the buyers, and the credit-card companies. When SET is used, the merchant itself never has to know the credit-card numbers being sent from the buyer, which provide a benefit for e-commerce.



The SET Protocol

People today pay for online purchases by sending their credit card details to the merchant. A protocol such as SSL or TLS keeps the card details safe from eavesdroppers, but does nothing to protect merchants from dishonest customers or vice-versa. SET addresses this situation by requiring cardholders and merchants to register before they may engage in transactions. A cardholder registers by contacting a certificate authority, supplying security details and the public half of his proposed signature key. Registration allows the authorities to vet an applicant, who if approved receives a certificate confirming that his signature key is valid. All orders and confirmations bear digital signatures, which provide authentication and could potentially help to resolve disputes. A SET purchase involves three parties: the cardholder, the merchant, and the payment gateway (essentially a bank). The cardholder shares the order information with the merchant but not with the payment gateway. He shares the payment information with the bank but not with the merchant. A set dual signature accomplishes this partial sharing of information while allowing all parties to confirm that they are handling the same transaction. The method is simple: each party receives the hash of the withheld information. The cardholder signs the hashes of both the order information and the payment information. Each party can confirm that the hashes in their possession agrees with the hash signed by the cardholder. In addition, the cardholder and merchant compute equivalent hashes for the payment gateway to compare. He confirms their agreement on the details withheld from him. All parties are protected. Merchants do not normally have access to credit card numbers. Moreover, the mere possession of credit card details does not enable a criminal to make a SET purchase; he needs the cardholder’s signature key and a secret number that the cardholder receives upon registration. The criminal would have better luck with traditional frauds, such as ordering by telephone. It is a pity that other features of SET (presumably demanded by merchants) weaken these properties. A merchant can be authorized to receive credit card numbers and has the option of accepting payments given a credit card number alone. SET is a family of protocols. The five main ones are cardholder registration, merchant registration, purchase request, payment authorization, and payment capture. There are many minor protocols, for example to handle errors. SET is enormously more complicated than SSL, which merely negotiates session keys between the cardholder’s and merchant’s Internet service providers. Because of this complexity, much of which is unnecessary, the protocol is hardly used. However, SET contains many features of interest: – The model is unusual. In the registration protocols, the initiator possesses no digital proof of identity. Instead, he authenticates himself by filing a registration form whose format is not specified. Authentication takes place outside the protocol, when the cardholder’s bank examines the completed form. – The dual signature is a novel construction. The partial sharing of information among three peers leads to unusual protocol goals. – SET uses several types of digital envelope. A digital envelope consists of two parts: one, encrypted using a public key, contains a fresh symmetric key K and identifying information; the other, encrypted using K, conveys the full message text. Digital envelopes keep public-key encryption to a minimum, but the many symmetric keys



complicate the reasoning. Most verified protocols distribute just one or two secrets.

Business requirements

Book 1 of the SET specification lists the following business requirements for secure payment processing with credit cards over the Internet and other networks:

Provide confidentiality of payment and ordering information Ensure the integrity of all transmitted data Provide authentication that a cardholder is a legitimate user of a credit card

account Provide authentication that a merchant can accept credit card transactions

through its relationship with a financial institution Ensure the use of the best security practices and system design techniques to

protect all legitimate parties in an electronic commerce transaction Create a protocol that neither depends in transport security mechanisms nor

prevents their use Facilitate and encourage interoperability among software and network

providers

Key features

To meet the business requirements, SET incorporates the following features:

Confidentiality of information Integrity of data Cardholder account authentication Merchant authentication

Participants

A SET system includes the following participants:

Cardholder Merchant Issuer Acquirer Payment gateway Certification authority

Transaction (2, 8 mark)

The sequence of events required for a transaction are as follows:



The customer obtains a credit card account with a bank that supports elec-tronic payment and SET

The customer receives an X.509v3 digital certificate signed by the bank. Merchants have their own certificates The customer places an order The merchant sends a copy of its certificate so that the customer can verify

that it's a valid store The order and payment are sent The merchant requests payment authorization The merchant confirms the order The merchant ships the goods or provides the service to the customer The merchant requests payment

8. Explain Dual signature?

An important innovation introduced in SET is the dual signature. The purpose of the dual signature is the same as the standard electronic signature: to guarantee the authentication and integrity of data. It links two messages that are intended for two different recipients. In this case, the customer wants to send the order information (OI) to the merchant and the payment information (PI) to the bank. The merchant does not need to know the customer's credit card number, and the bank does not need to know the details of the customer's order. The link is needed so that the customer can prove that the payment is intended for this order.

9. Explain SECURITY PROTOCOLS?

SSL and S-HTTP

Electronic commerce payment protocolsSecure HTTP HTTP Other Applications

Secure Socket Layer (SSL)Transport Control Protocol (TCP)Internet Protocol (IP)

S-HTTP

Define HTTP:

HTTP is a communication protocol used to convey information in the WWW hyperlinked.

S-HTTP:

S-HTTP (Secure HTTP) is an extension to the Hypertext Transfer Protocol (HTTP) that allows the secure exchange of files on the World Wide Web.



Each S-HTTP file is either encrypted, contains a digital certificate, or both. For a given document, S-HTTP is an alternative to another well-known security protocol, Secure Sockets Layer (SSL).

A major difference is that S-HTTP allows the client to send a certificate to authenticate the user whereas, using SSL, only the server can be authenticated. S-HTTP is more likely to be used in situations where the server represents a bank and requires authentication from the user that is more secure than a userid and password.

S-HTTP does not use any single encryption system, but it does support the Rivest-Shamir-Adleman public key infrastructure encryption system.

SSL works at a program layer slightly higher than the Transmission Control Protocol (TCP) level. S-HTTP works at the even higher level of the HTTP application.

Both security protocols can be used by a browser user, but only one can be used with a given document. Terisa Systems includes both SSL and S-HTTP in their Internet security tool kits.

A number of popular Web servers support both S-HTTP and SSL. Newer browsers support both SSL and S-HTTP.

S-HTTP has been submitted to the Internet Engineering Task Force (IETF) for consideration as a standard. Request for Comments (RCFs) Internet draft 2660 describes S-HTTP in detail.

1. An Extension of the WWW protocol2. Adds security directly to the application.3. Basics of the WWW.4. To require S-HTTP to transmit a document, its URL must be defined in the form

Shttp://www.mcompany.com/secure.html5. The browser should implement this protocol(s-http) in his else we cant access the s-http document.

S-HTTP Security Features:

Add security at the app/. LevelObj: wide range of security mechanisms on top of the interactions b/w web browser and web server.

Protection mechanisms include the following:1.Digital Signature 2. Message Authentication3.Message EncryptionIt support for many cryptography formats. including ->public key cryptography ,



private key cryptography.It used for key distribution scheme.

Secure HTTP Data Transport

S-HTTP encapsulates the HTTP interactions between browser and server.

It Means the being sent from browser to server or server to browser is contained within a special S-HTTP chunk of data

That is an s-http msg sent from a server to a browser includes data that is “wrapped” by a header with handling and contents information about the data.Therefore S-HTTP Header + Package.

S-HTTP Explainedo Secure HTTP Header Lines

Two important header lines for S-HTTP

a. Content Type Identifying the type of content contained within the S-HTTP message.

b. Content Privacy Domain Identifying the general cryptographic implementation being used

S-HTTP Msg Contents

It is simple data /http data.

The contents of an s-http msg are interpreted by the receiving entity(browser/server) based on

* Package (how the data) is labeled* What Kind Of Security

S-HTTP Security Negotiation Headers

Four different issues are negotiated between server and browser:

a. Property -> What Kind of Security Option is being selected (cryptography scheme) to apply to a transfer.b. Value -> implementation


Secure HTTP header informationSecure HTTP data(this may be encrypted)


c. Direction -> security enhanced transmission between server and browser.d. Strength - > how strongly negotiated

This are used to transfer data in a secure manner.

Related Protocol Extensions

Data is requested & delivered across the WWW using HTTP and S-HTTP.

Two other important protocols are there ( without which the WWW would not exist)

a. URL protocol defining the syntax of web documents and locations.b. HTML protocol defining the syntax of the document themselves.

10. Explain Secure Sockets Layer(SSL) ?

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers. There are slight differences between SSL and TLS, but the protocol remains substantially the same. The term "TLS" as used here applies to both protocols unless clarified by context.

<>

Netscape Communications has proposed a protocol for providing data security layered between high-level application protocols and TCP/IP. This Security protocol, called ssl. Provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection.



WEB SECURITY LAYERS

Electronic commerce applicationsS-HTTPTCP – based application protocol(HTTP,SMTP,NNTP)SSLIP

SSL provides a security “Handshake” to initiate the TCP/IP connection

This handshake results in the client & server agreeing on the level of security they will use & fulfill any authentication requirements for the connection.

Role of the SSL:

Is to encrypt and decrypt the msg stream.

This protocol fully encrypts all the information in both the HTTP request and HTTP response (URL, credit card numbers, username and pwd) and all the data returned from the server to the client.

To require SSL to transmit a document, its URL must be defined in the form :https://www.mcompany.com/secure.html

NOTE:

If the browser was implemented by S-HTTP & SSL protocol means we can view the webpage S-HTTP , SSL and HTTP documents. Else we can view only HTTP document.

SSL Record Specification:

It encapsulates the data transmitted between server and the client in an SSL RECORD. However, the SSL header is only two or three bytes long; it is primarily used to indicate how much data has been encapsulated and whether that includes data padding to fill out the SSL record.

Data Padding is often necessary to make sure that the “real” data can be properly encrypted with certain types of cipher.

Initiating an SSL Session

An SSL session begins after the TCP session is initiated. SSL uses a handshaking protocol, with the client and the software exchanging specific pieces of information in order to build a secure channel for transmitting data.



The very first exchange between client and server is in plain text and contains enough information for the two systems to initiate an encrypted and authenticated data stream.

The SSL client and server exchange information in a connection opening handshake sequence before opening the secure channel.

a. Client to the Server

MSG: client-hello(challenge data and cipher specifications)

b. Server to the Client

Server-hello(connection ID, public key certificate, cipher specifications)

c. Client to the Server

Two msgs.1.client - master-key(encrypted master key)2. client – finish (connection ID, encrypted)

d. Server to the Client

Two msgs:1. server - verify (encrypted challenge data)2. server – finish (session ID)

Because HTTP +SSL(https) and http are different protocols and typically reside on different ports (443 and 80, respectively), the same server system can run both secure and insecure HTTP servers simultaneously. This means that HTTP can provide some information to all users using no security, and https can provide information only securely. For, instance, the “store-front” and merchandise catalog could be insecure and the ordering payment forms could be secure.

Browsers who do not implement support for HTTP over SSL will not be able to access https URLs.



UNIT – IV

PART – A

1. What is E-Commerce Providers ?

E-com providers are those who make enough preparations or arrangements for the business via the internet. They use the latest and apt technologies so that they can be successful to best adapt the internet business environment.

Ex. Visa , mastercard

2. What is Online Commerce Options ?

When customers order products electronically they should not make any choices or any special arrangements. So the merchants should only make arrangements for the products that he is going to sell via the net that is with the basic requirements the customers should be able to order products.

For this purpose Banks and other financial institutions are working with companies like cybercash, first virtual, netscape, Microsoft and others in an effort to produce payment system for consumers and merchant alike.

3. What is Consumer choices ?

Consumers can opt to do nothing beyond getting a web browser that supports the secure exchange of transaction info. Using either SSL or SHTTP protocols.

This may prove sufficient for many consumer needs:

a. lets the customer pay for goods and services by credit card.b. It protects the transaction from being intercepted.But his doesn’t protect the consumers from dishonest merchants. For that consumers must be educated.

The transaction of the amount is made with the credit cards. But problems are also there with these credit cards.

c. The card we use may not be accepted by the merchantd. Some cards may be accepted in more places but not at the places that we need to shop.



e. For security purpose we can Register with a third party which will act as a go between for the merchant and the consumer. i.e. he can act on behalf of both the merchant & the consumer. f. For consumer with spl bank a/c electronic checking or digital cash products may be a good option where the consumer encrypts the payment settlement into and is sent to the consumers bank where it is decrypted. Then the payment is sent to the merchant

4. What is Merchant Options?

a. The merchants must take greater care in setting up to accept electronic payments.

b. For this we can have someone to manage a secure web server and set up shop

there

c. There are hundreds of “electronic malls “ active on the internet on which merchants can set up these shop.

PART – B



1. What is Functions and Features of electronic commerce?

The expectation of consumers from the electronic commerce provider will probably be

Reliability Security Simplicity Acceptability

Reliability

Consumers have come to rely on their credit cards and charge card companies not just to extend credit, but to extend protection against.

a. Unsourplous vendors b. Thieves c. Vicissitudes of daily life

The same kind of reliability will be expected of electronic commerce providers.

Security

a. This is a very important issue which will never go away.b. The strongest possible encryption will have many security loop hole in it.(Even if the strongest possible encryption is used to send payment info. there are still many security holes).

This kind of transactions and methods used in encryption and decryption for security can be exposed three any no. of non_internet attacks.

c. The dissatisfied employee with access to payment info.d. Storage of payment info with insufficient security.e. Improper disposal of printed material.

Simplicity

a. E-com schemes must be simple to achieve widespread appeal.b. Consumers prefer to use a single, multipurpose credit card such as Visa or Master card rather than set up credit accounts with every diff retailer they purchase from.c. The same goes for e-com schemes, if they can be made to be simple, painless and even more easy than transacting business in person, then they will be successful.

Acceptability

E-com schemes should offer widespread acceptability.



A scheme that is accepted only by a few merchants will not be attractive to consumers who don’t do business with those merchants, a scheme that few consumers have chosen will be one that merchants seek out.

Conclusion

The industry is still in the very earliest phase of its infancy and is undergoing rapid change every day . There are many companies that are involved in the internet commerce area. Some of them are working together, while others are competing, the only certainty is that “ Things will Change!!!”

2. Explain FVIPS(FIRST VIRTUAL INTERNET PAYMENT SYSTEM)?

First Virtual was one of the first Internet payment systems to be available to the public, becoming fully operational in October of 1994. A main goal of this company was to create an Internet payment system that was easy to use. Neither buyers nor sellers are required to install new software, (though automated sale processing software is available). If you have access to Internet email, you can sell or buy over the Internet using the First Virtual System.

The First Virtual payment system is unique in that it does not use encryption. A fundamental philosophy of their payment system is that certain information should not travel over the Internet because it is an open network. This includes credit card numbers. Instead of using credit card numbers, transactions are done using a First VirtualPIN which references the buyer's First Virtual account. These PIN numbers can be sent over the Internet because even if they are intercepted, they cannot be used to charge purchases to the buyer's account. A person's account is never charged without email verification from them accepting the charge.

Their payment system is based on existing Internet protocols, with the backbone of the system designed around Internet email and the MIME (Multipurpose Internet Mail Extensions) standard. First Virtual uses email to communicate with a buyer to confirm charges against their account. Sellers use either email, Telnet, or automated programs that make use of First Virtual's Simple MIME Exchange Protocol (SMXP) to verify accounts and initiate payment transactions.

The following steps occur during a sale when using the First Virtual payment system:

Merchant requests buyer's First VirtualPIN (usually through a form on a WWW page).

Merchant can then check whether the VirtualPIN actually belongs to a real First Virtual account that is in good standing. Merchants can verify accounts by using the following programs; Finger, Telnet, email, or the FV_API utility.



Note - Verifying the account is an optional step in the sale process.

The merchant then initiates a payment transaction through First Virtual. This payment transaction is initiated by sending the following information either by email, Telnet, or a SMXP enabled program to First Virtual;

Buyer's First VirtualPIN Merchant's First VirtualPIN The amount and currency of the sale (Not everything is processed in dollars!) A description of the item for sale First Virtual generates an email request to the buyer to confirm the sale. This email request contains the following sale information: The merchant's full name The amount of the sale

A description of the item bought

Buyer confirms sale by sending a YES response to back to First Virtual

A buyer can also respond NO, to state that they are unsatisfied with the item and are unwilling to pay, or FRAUD, to state that they never made the purchase and someone must have stolen their VirtualPIN.

If a buyer does not respond in a reasonable time, their account is suspended.

First Virtual sends a transaction result message to the merchant, indicating whether the buyer accepted the charges.

After a waiting period, (91 days after buyer's credit card has been charged), the amount of the sale minus transaction fees are directly deposited into the merchant's account.

Note - The 91 day waiting period is in place to protect First Virtual from buyers who dispute the charge on their credit card and have the credit card company chargeback First Virtual for all or part of the sale.

Merchant assumes all risk!

The First Virtual payment system has several advantages and disadvantages over other payment systems used on the Internet.

Advantages:

Neither buyer or seller needs to install any software in order to use the system.

Buyers are virtually 100 % protected from fraud. No charges are processed against



their account without their confirmation.

Purchases are essentially anonymous. The merchant is never given the buyer's name from First Virtual.

It is extremely easy to become a merchant, or seller, under First Virtual. First Virtual does not screen merchants, nor do they require merchants to have a special business accounts established with a bank. All a person needs to sell merchandise, services, data, etc.. over the Internet is an ordinary checking account.

First Virtual has very low processing fees compared to other Internet payment schemes or even straight credit card processing.

Disadvantages:

Merchant assumes all risk!

Extremely long waiting period between when a sale is made and when payment is deposited in the merchant's account.

I strongly urge that anyone interested in learning more about First Virtual visit their WWW site. It contains detailed descriptions of everything involved plus the forms necessary for opening an account. They have also recently published a paper discussing their first year on line, Perils and Pitfalls of Practical CyberCommerce.

3. Explain CyberCash?

It was an internet payment service for electronic commerce, headquartered in Reston, Virginia. It was founded in August 1994 by Daniel C. Lynch (who served as chairman) and William N. Melton (who served as president and CEO, and later chairman). The company initially provided an electronic wallet software to consumers and provided software to merchants to accept credit card payments. Later they also offered "CyberCoin", a micropayment system modeled after the NetBill research project at Carnegie Mellon University, which they later licensed. Despite a trial with ESPN.com, CyberCoin never took off, and the focus remained on providing software for consumers and merchants to process credit card payments.

In 1995, the company proposed RFC 1898, CyberCash Credit Card Protocol Version 0.8. The company went public on February 19, 1996 with the symbol "CYCH" and its shares rose 79% on the first day of trading.

In 1998, CyberCash bought another online credit card processing company, ICVerify. In January 2000, a teenage Russian hacker nicknamed "Maxus" announced he had cracked CyberCash's ICVerify application; the company denied this.



On January 1, 2000, CyberCash fell victim to the Y2K Bug, causing double recording of credit card payments through their system.

4. What is E-Commerce Providers ?

E-com providers are those who make enough preparations or arrangements for the business via the internet. They use the latest and apt technologies so that they can be successful to best adapt the internet business environment.

Ex. Visa , mastercard

Online Commerce Options:

When customers order products electronically they should not make any choices or any special arrangements. So the merchants should only make arrangements for the products that he is going to sell via the net that is with the basic requirements the customers should be able to order products.

For this purpose Banks and other financial institutions are working with companies like cybercash, first virtual, netscape, Microsoft and others in an effort to produce payment system for consumers and merchant alike.Consumer choices:

Consumers can opt to do nothing beyond getting a web browser that supports the secure exchange of transaction info. Using either SSL or SHTTP protocols.

This may prove sufficient for many consumer needs:

a. lets the customer pay for goods and services by credit card.b. It protects the transaction from being intercepted.But his doesn’t protect the consumers from dishonest merchants. For that consumers must be educated.

The transaction of the amount is made with the credit cards. But problems are also there with these credit cards.

c. The card we use may not be accepted by the merchantd. Some cards may be accepted in more places but not at the places that we need to shop.e. For security purpose we can Register with a third party which will act as a go between for the merchant and the consumer. i.e. he can act on behalf of both the merchant & the consumer. f. For consumer with spl bank a/c electronic checking or digital cash products may be a good option where the consumer encrypts the payment settlement into and is sent to the consumers bank where it is decrypted. Then the payment is sent to the merchant

Merchant Options:



a. The merchants must take greater care in setting up to accept electronic payments.b. For this we can have someone to manage a secure web server and set up shop therec. There are hundreds of “electronic malls “ active on the internet on which merchants can set up these shop.

We have other options too.

d. In addition to secure or commerce server which supports credit card payments merchants can also accept less familiar payment methods such as digital cash or electronic cash.

Choosing Functions and Features

The expectation of consumers from the electronic commerce provider will probably be

Reliability Security Simplicity Acceptability

Reliability

Consumers have come to rely on their credit cards and charge card companies not just to extend credit, but to extend protection against a. Unsourplous vendors b. Thieves c. Vicissitudes of daily life

The same kind of reliability will be expected of electronic commerce providers.

Security

a. This is a very important issue which will never go away.b. The strongest possible encryption will have many security loop hole in it.(Even if the strongest possible encryption is used to send payment info. there are still many security holes).

This kind of transactions and methods used in encryption and decryption for security can be exposed three any no. of non_internet attacks.c. The dissatisfied employee with access to payment info.d. Storage of payment info with insufficient security.e. Improper disposal of printed material.

Simplicitya. E-com schemes must be simple to achieve widespread appeal.b. Consumers prefer to use a single, multipurpose credit card such as Visa or Master card rather than set up credit accounts with every diff retailer they purchase from.



c. The same goes for e-com schemes, if they can be made to be simple, painless and even more easy than transacting business in person, then they will be successful.

Acceptability

E-com schemes should offer widespread acceptability.

A scheme that is accepted only by a few merchants will not be attractive to consumers who don’t do business with those merchants, a scheme that few consumers have chosen will be one that merchants seek out.

Conclusion

The industry is still in the very earliest phase of its infancy and is undergoing rapid change every day . There are many companies that are involved in the internet commerce area. Some of them are working together, while others are competing, the only certainty is that “ Things will Change!!!”

UNIT – V

ONLINE COMMERCE ENVIRONMENTS

PART – A

1. What is Electronic Data Interchange ?

Electronic Data Interchange (EDI) is a set of standards for structuring information that is to be electronically exchanged between and within businesses, organizations, government entities and other groups. The standards describe structures that emulate documents, for example purchase orders to automate purchasing. The term EDI is also used to refer to the implementation and operation of systems and processes for creating, transmitting, and receiving EDI documents.

Despite being relatively unheralded, in this era of technologies such as XML services, the Internet and the World Wide Web, EDI is still the data format used by the vast majority of electronic commerce transactions in the world.

2. What is Standards?

Generally speaking, EDI is considered to be a technical representation of a business conversation between two entities, either internal or external. Note, there is a perception that "EDI" consists of the entire electronic data interchange paradigm, including the transmission, message flow, document format, and software used to interpret the documents. EDI is considered to describe the rigorously standardized format of electronic documents.

The EDI (Electronic Data Interchange) standards were designed to be independent of communication and software technologies. EDI can be transmitted using any methodology agreed to by the sender and recipient. This includes a variety



of technologies, including modem (asynchronous, and bisynchronous), FTP, Email, HTTP, AS1, AS2, WebSphere MQ, etc. It is important to differentiate between the EDI documents and the methods for transmitting them. While comparing the bisynchronous protocol 2400 bit/s modems, CLEO devices, and value-added networks used to transmit EDI documents to transmitting via the Internet, some people equated the non-Internet technologies with EDI and predicted erroneously that EDI itself would be replaced along with the non-Internet technologies. These non-internet transmission methods are being replaced by Internet Protocols such as FTP, telnet, and e-mail, but the EDI documents themselves still remain.

As more trading partners use the Internet for transmission, standards have emerged. In 2002, the IETF published RFC 3335, offering a standardized, secure method of transferring EDI data via e-mail. On July 12th, 2005, an IETF working group ratified RFC4130 for MIME-based HTTP EDIINT (aka. AS2) transfers, and is preparing similar documents for FTP transfers (aka. AS3). While some EDI transmission has moved to these newer protocols the providers of the value-added networks remain active.

EDI documents generally contain the same information that would normally be found in a paper document used for the same organizational function. For example an EDI 940 ship-from-warehouse order is used by a manufacturer to tell a warehouse to ship product to a retailer. It typically has a ship to address, bill to address, a list of product numbers (usually a UPC code) and quantities. It may have other information if the parties agree to include it. However, EDI is not confined to just business data related to trade but encompasses all fields such as medicine (e.g., patient records and laboratory results), transport (e.g., container and modal information), engineering and construction, etc. In some cases, EDI will be used to create a new business information flow (that was not a paper flow before). This is the case in the Advanced Shipment Notification (856) which was designed to inform the receiver of a shipment, the goods to be received and how the goods are packaged.

3. What are four major sets of EDI standards?

The UN-recommended UN/EDIFACT is the only international standard and is predominant outside of North America.

The US standard ANSI ASC X12 (X12) is predominant in North America.

The TRADACOMS standard developed by the ANA (Article Numbering Association) is predominant in the UK retail industry.

The ODETTE standard used within the European automotive industry

All of these standards first appeared in the early to mid 1980s. The standards prescribe the formats, character sets, and data elements used in the exchange of business documents and forms. The complete X12 Document List includes all major business documents, including purchase orders (called "ORDERS" in UN/EDIFACT



and an "850" in X12) and invoices (called "INVOIC" in UN/EDIFACT and an "810" in X12).

The EDI standard says which pieces of information are mandatory for a particular document, which pieces are optional and give the rules for the structure of the document. The standards are like building codes. Just as two kitchens can be built "to code" but look completely different, two EDI documents can follow the same standard and contain different sets of information. For example a food company may indicate a product's expiration date while a clothing manufacturer would choose to send color and size information.4. What are Specifications?

Organizations that send or receive documents from each other are referred to as "trading partners" in EDI terminology. The trading partners agree on the specific information to be transmitted and how it should be used. This is done in human readable specifications (also called Message Implementation Guidelines). While the standards are analogous to building codes, the specifications are analogous to blue prints. (The specification may also be called a mapping but the term mapping is typically reserved for specific machine readable instructions given to the translation software.) Larger trading "hubs" have existing Message Implementation Guidelines which mirror their business processes for processing EDI and they are usually unwilling to modify their EDI business practices to meet the needs of their trading partners. Often in a large company these EDI guidelines will be written to be generic enough to be used by different branches or divisions and therefore will contain information not needed for a particular business document exchange. For other large companies, they may create separate EDI guidelines for each branch/division.

5. What are Transmission?

Trading partners are free to use any method for the transmission of documents. In the past one of the more popular methods was the usage of a bisync modem to communicate through a Value Added Network (VAN). Some organizations have used direct modem to modem connections and Bulletin Board Systems (BBS), and recently there has been a move towards using the some of the many Internet protocols for transmission, but most EDI is still transmitted using a VAN. In the healthcare industry, a VAN is referred to as a "Clearinghouse".

6. What are Value Added Networks?

In the most basic form, a VAN acts as a regional post office. They receive transactions, examine the 'From' and the 'To' information, and route the transaction to the final recipient. VANs provide a number of additional services, e.g. retransmitting documents, providing third party audit information, acting as a gateway for different transmission methods, and handling telecommunications support. Because of these and other services VANs provide, businesses frequently use a VAN even when both trading partners are using Internet-based protocols. Healthcare clearinghouses perform many of the same functions as a VAN, but have



additional legal restrictions that govern protected healthcare information.

VANs also provide an advantage with certificate replacement in AS2 transmissions. Because each node in a traditionally business-related AS2 transmission usually involves a security certificate, routing a large number of partners through a VAN can make certificate replacement much easier.7. What are Internet?

Until recently, the Internet transmission was handled by nonstandard methods between trading partners usually involving FTP or email attachments. There are also standards for embedding EDI documents into XML. Many organizations are migrating to this protocol to reduce costs. For example, Wal-Mart is now requiring its trading partners to switch to the AS2 protocol.



PART – B

1. Explain Interpreting data?

Often missing from the EDI specifications (referred to as EDI Implementation Guidelines) are real world descriptions of how the information should be interpreted by the business receiving it. For example, suppose candy is packaged in a large box that contains 5 display boxes and each display box contains 24 boxes of candy packaged for the consumer. If an EDI document says to ship 10 boxes of candy it may not be clear whether to ship 10 consumer packaged boxes, 240 consumer packaged boxes or 1200 consumer packaged boxes. It is not enough for two parties to agree to use a particular qualifier indicating case, pack, box or each; they must also agree on what that particular qualifier means.

EDI translation software provides the interface between internal systems and the EDI format sent/received. For an "inbound" document the EDI solution will receive the file (either via a Value Added Network or directly using protocols such as FTP or AS2), take the received EDI file (commonly referred to as a "mailbag"), validate that the trading partner who is sending the file is a valid trading partner, that the structure of the file meets the EDI standards and that the individual fields of information conforms to the agreed upon standards. Typically the translator will either create a file of either fixed length, variable length or XML tagged format or "print" the received EDI document (for non-integrated EDI environments). The next step is to convert/transform the file that the translator creates into a format that can be imported into a company's back-end business systems or ERP. This can be accomplished by using a custom program, an integrated proprietary "mapper" or to use an integrated standards based graphical "mapper" using a standard data transformation language such as XSLT. The final step is to import the transformed file (or database) into the company's back-end enterprise resource planning (ERP).

For an "outbound" document the process for integrated EDI is to export a file (or read a database) from a company's back-end ERP, transform the file to the appropriate format for the translator. The translation software will then "validate" the EDI file sent to ensure that it meets the standard agreed upon by the trading partners, convert the file into "EDI" format (adding in the appropriate identifiers and control structures) and send the file to the trading partner (using the appropriate communications protocol).

Another critical component of any EDI translation software is a complete "audit" of all the steps to move business documents between trading partners. The audit ensures that any transaction (which in reality is a business document) can be tracked to ensure that they are not lost. In case of a retailer sending a Purchase Order to a supplier, if the Purchase Order is "lost" anywhere in the business process, the effect is devastating to both businesses. To the supplier, they do not fulfill the order as they have not received it thereby losing business and damaging the business relationship with their retail client. For the retailer, they have a stock outage and the



effect is lost sales, reduced customer service and ultimately lower profits.

In EDI terminology "inbound" and "outbound" refer to the direction of transmission of an EDI document in relation to a particular system, not the direction of merchandise, money or other things represented by the document. For example, an EDI document that tells a warehouse to perform an outbound shipment is an inbound document in relation to the warehouse computer system. It is an outbound document in relation to the manufacturer or dealer that transmitted the document.

2. Explain Advantages of using EDI?

EDI and other similar technologies save a company money by providing an alternative to or replacing information flows that require a great deal of human interaction and materials such as paper documents, meetings, faxes, email, etc. Even when paper documents are maintained in parallel with EDI exchange, e.g. printed shipping manifests, electronic exchange and the use of data from that exchange reduces the handling costs of sorting, distributing, organizing, and searching paper documents. EDI and similar technologies allow a company to take advantage of the benefits of storing and manipulating data electronically without the cost of manual entry or scanning.

Barriers to implementation

There are a few barriers to adopting electronic data interchange. One of the most significant barriers is the accompanying business process change. Existing business processes built around slow paper handling may not be suited for EDI and would require changes to accommodate automated processing of business documents. For example, a business may receive the bulk of their goods by 1 or 2 day shipping and all of their invoices by mail. The existing process may therefore assume that goods are typically received before the invoice. With EDI, the invoice will typically be sent when the goods ship and will therefore require a process that handles large numbers of invoices whose corresponding goods have not yet been received.

Another significant barrier is the cost in time and money in the initial set-up. The preliminary expenses and time that arise from the implementation, customization and training can be costly and therefore may discourage some businesses. The key is to determine what method of integration is right for your company which will determine the cost of implementation. For a business that only receives one P.O. per year from a client, fully integrated EDI may not make economic sense. In this case, businesses may implement inexpensive "rip and read" solutions or use outsourced EDI solutions provided by EDI "Service Bureaus". For other businesses, the implementation of an integrated EDI solution may be necessary as increase in trading volumes brought on by EDI force them to re-implement their order processing business processes.

The key hindrance to a successful implementation of EDI is the perception many businesses have of the nature of EDI. Many view EDI from the technical



perspective that EDI is a data format; it would be more accurate to take the business view that EDI is a system for exchanging business documents with external entities, and integrating the data from those documents into the company's internal systems. Successful implementations of EDI take into account the effect externally generated information will have on their internal systems and validate the business information received. For example, allowing a supplier to update a retailer's Accounts Payables system without appropriate checks and balances would be a recipe for disaster. Businesses new to the implementation of EDI should take pains to avoid such pitfalls.

Increased efficiency and cost savings drive the adoption of EDI for most trading partners. But even if a company would not choose to use EDI on their own, pressures from larger trading partners (called hubs) often force smaller trading partners to use EDI.

Netscape Commerce Server

DESCRIPTION

Netscape™ Commerce Server™ Version 1.12 for Open-VMS™ is software for conducting secure electronic commerce and communications on the Internet and other TCP/IP-based networks.

Netscape Commerce Server provides the capability to publish hypermedia documents using the HyperText Markup Language (HTML) and deliver them over the Internet and other TCP/IP networks using the Hyper-Text Transport Protocol (HTTP). To ensure data security, Netscape Commerce Server provides advanced security features such as server authentication, data encryption, data integrity, and user authorization. Communications are based on open standards such as HTML, HTTP, the Common Gateway Interface (CGI), and the Secure Sockets Layer (SSL) protocol..

FEATURES AND BENEFITS

Integrated Security

Netscape Commerce Server provides integrated security features designed to allow secure electronic commerce and communications. Flexible user authorization controls access to individual files or directories using a user name and password, domain name, host name, IP address, or named groups.

Advanced security features are provided using the open SSL protocol, which has been published on the Internet and adopted by major providers of Internet hardware and software products, financial institutions, and certification authorities.

Secure Sockets Layer



SSL provides:

• Server authentication, which allows any SSL compatible client to verify the identity of the server using a certificate and a digital signature.

• Data encryption, which ensures the privacy of client/server communications by encrypting the data stream between the two entities.

• Data integrity, which verifies that the contents of a message arrive at their destination in the same form as they were sent.

SSL employs public key cryptographic technology from RSA Data Security, an established leader in Computer data security, and works with various encryption algorithms.

Netscape Commerce Server supports public key encryption and delivers server authentication using signed digital certificates. A digital certificate is used to associate an identity with a server’s public key. Digital signatures ensure the integrity and authenticity of information within a certificate. Netscape Commerce Server requires a signed digital certificate to operate securely;

Certification is an additional fee-based service. Pricing is available from your certification authority.

Encryption Support Netscape Commerce Server is available in both 40-bit and 128-bit encryption schemes. The difference between 128- and 40-bit encryption is, most notably, that the U.S. government restricts the export of 128-bit encryption but not the export of 40-bit encryption.128-bit encryption provides significantly greater cryptographic protection than 40-bit encryption. It is now necessary to employ larger keys to counter the increasing computing power of potential criminals.

128 bits and 40 bits refer to the size of the key used to encrypt the message. 128-bit encryption is roughly

309,485,009,821,345,068,724,781,056 times stronger than 40-bit encryption. 40-bit encryption is not considered ‘‘strong’’ security in the cryptographic community. Even accounting for Moore’s Law, which states that computing power doubles about every 18 months, 128-bit encryption represents a very strong method of encryption for the forseeable future.

Note: Netscape products use a different key for every different security-enhanced communication, regardless of key size. This means that even if criminals were to devote significant resources and time to breaking a key for one encrypted communication, the discovered key would be useless for other communications. Please note that this product is subject to export restrictions under the U.S. Department of Commerce’s Export Administration Regulations (EAR) and cannot be transmitted in any form outside the United States or to a foreign national in the



United States without a valid Department of Commerce export license.

Open Standards

Netscape’s compatibility with network standards and document formats makes it interoperable with other environments and systems. Netscape Commerce Server supports HTTP V1.0, ensuring compatibility with any HTTP-compatible clients or servers, and delivers HTML documents, including full use of Multipurpose Internet Mail Extension (MIME) types and standard image formats such as GIF and JPEG. The server integrates readily with legacy systems using the Common Gateway Interface (CGI), a standard API used across the installed base of existing web servers. High-Performance Serving Netscape’s process manager allows the creation of a configurable number of processes that reside in memory, waiting to fulfill HTTP requests. This improves system performance by eliminating the unnecessary overhead of creating and deleting processes to fulfill every HTTP request. The dynamic process management algorithm increases the number of server processes within configurable limits to efficiently handle periods of peak demand. It also dramatically reduces system load and increases system reliability. This efficiency leaves additional CPU resources available for running other applications. Intuitive Server Management Netscape Commerce Server uses the Netscape Navigator ™ graphical interface to provide a consistent, easy to- use operating environment. Its simple user interface and forms capability provide point-and-click server installation,

Configuration, and maintenance. Forms are used for the initial server configuration, as well as to manage all server functions, including user authorization, transaction logging, and process configuration.

TECHNICAL SPECIFICATIONS

Netscape Commerce Server Version 1.12 conforms to the following technical specifications:• Provides sophisticated support for clustering, including transparent operation on mixed-architecture OpenVMS Clusters. This allows you to have a primary Web server on one cluster system (either VAX or Alpha), with automatic, transparent failover to any other system in the cluster (either VAX or Alpha).• Is compatible with network standards.— Supports industry-standard HTTP V1.0 protocol.

• Serves all HTTP-compatible clients:— Serves HTML documents; supports MIME typingthrough file name extensions — Is CGI V1.1 compliant

• Provides integrated security using SSL, which incorporates public key cryptography technology from RSA Data Security.• Offers enhanced user authorization, including HTTP V1.0 access authorization, IP and DNS-based access control, local access control, user-controlled passwords, and named groups.



• Provides an intuitive graphical user interface using Netscape Navigator for installation, configuration, and management.• Extensive online documentation provides context sensitive help.• Log analysis tools allow summaries of log information so that it can be used to better manage server functions.• Provides flexibility in configuration and management, including:— Configuration by file, directory, shell wildcard pattern, or template. Templates allow a set of configuration parameters to be created and applied to multiple directories (such as all user directories)— Configurable logging options; client accesses logged in common logfile format— Custom error messages

SOFTWARE PREREQUISITES

Netscape Commerce Server Version 1.12 for OpenVMS requires:

• OpenVMS Version 6.1 or later

• DECwindows™ Motif ® Version 1.2-3 for OpenVMS or later (only needed for running a browser on Open- VMS to manage the server)

• DIGITAL TCP/IP Services for OpenVMS Version 3.3 or later or any TCP/IP product for OpenVMS that supports the Berkeley socket interface

HARDWARE REQUIREMENTS

Netscape Commerce Server has no specific hardware requirements. Any valid, supported configuration can support the server. The level of performance will vary depending upon the processor, memory, and system load.ORDERING INFORMATION

• Media: OpenVMS Internet Product Suite Media Kit (CD–ROM; Alpha and VAX):QA-5CNAA-H8 (International) QA-577AA-H8 (U.S. and Canada only)

• License: Netscape Commerce Server V1.12 for OpenVMS VAX or Alpha: QL-579A9-AA (International)QL-5CQA9-AA (U.S. and Canada only)

SOFTWARE WARRANTY

DIGITAL warrants its software products according to the terms of the DIGITAL license for each product. DIGITAL warrants that the software will substantially conform to the applicable Software Product Description or documentation accompanying the software unless provided "AS IS."

SOFTWARE PRODUCT SERVICES



A variety of service options for this product are available from DIGITAL. For more information, contact your local DIGITAL account representative.

FOR MORE INFORMATION

For more information about OpenVMS Internet Product Suite, visit the OpenVMS home page at: http://www.openvms.digital.com ™ DEC, DECnet, DECwindows, DIGITAL, OpenVMS,VAX, VAXcluster, and the DIGITAL logo are trademarks of Digital Equipment Corporation.

™ Netscape, Netscape Commerce Server, and Netscape Navigator are trademarks of Netscape Communications Corporation.

3. Explain Electronic Data Interchange?

Electronic Data Interchange (EDI) is a set of standards for structuring information that is to be electronically exchanged between and within businesses, organizations, government entities and other groups. The standards describe structures that emulate documents, for example purchase orders to automate purchasing. The term EDI is also used to refer to the implementation and operation of systems and processes for creating, transmitting, and receiving EDI documents.

Despite being relatively unheralded, in this era of technologies such as XML services, the Internet and the World Wide Web, EDI is still the data format used by the vast majority of electronic commerce transactions in the world.

4. Write short note on a. Standards b. Specifications c. Transmission

a. Standards

Generally speaking, EDI is considered to be a technical representation of a business conversation between two entities, either internal or external. Note, there is a perception that "EDI" consists of the entire electronic data interchange paradigm, including the transmission, message flow, document format, and software used to interpret the documents. EDI is considered to describe the rigorously standardized format of electronic documents.

The EDI (Electronic Data Interchange) standards were designed to be independent of communication and software technologies. EDI can be transmitted using any methodology agreed to by the sender and recipient. This includes a variety of technologies, including modem (asynchronous, and bisynchronous), FTP, Email, HTTP, AS1, AS2, WebSphere MQ, etc. It is important to differentiate between the EDI documents and the methods for transmitting them. While comparing the



bisynchronous protocol 2400 bit/s modems, CLEO devices, and value-added networks used to transmit EDI documents to transmitting via the Internet, some people equated the non-Internet technologies with EDI and predicted erroneously that EDI itself would be replaced along with the non-Internet technologies. These non-internet transmission methods are being replaced by Internet Protocols such as FTP, telnet, and e-mail, but the EDI documents themselves still remain.

As more trading partners use the Internet for transmission, standards have emerged. In 2002, the IETF published RFC 3335, offering a standardized, secure method of transferring EDI data via e-mail. On July 12th, 2005, an IETF working group ratified RFC4130 for MIME-based HTTP EDIINT (aka. AS2) transfers, and is preparing similar documents for FTP transfers (aka. AS3). While some EDI transmission has moved to these newer protocols the providers of the value-added networks remain active.

EDI documents generally contain the same information that would normally be found in a paper document used for the same organizational function. For example an EDI 940 ship-from-warehouse order is used by a manufacturer to tell a warehouse to ship product to a retailer. It typically has a ship to address, bill to address, a list of product numbers (usually a UPC code) and quantities. It may have other information if the parties agree to include it. However, EDI is not confined to just business data related to trade but encompasses all fields such as medicine (e.g., patient records and laboratory results), transport (e.g., container and modal information), engineering and construction, etc. In some cases, EDI will be used to create a new business information flow (that was not a paper flow before). This is the case in the Advanced Shipment Notification (856) which was designed to inform the receiver of a shipment, the goods to be received and how the goods are packaged.

There are four major sets of EDI standards:

The UN-recommended UN/EDIFACT is the only international standard and is predominant outside of North America.

The US standard ANSI ASC X12 (X12) is predominant in North America.

The TRADACOMS standard developed by the ANA (Article Numbering Association) is predominant in the UK retail industry.

The ODETTE standard used within the European automotive industry

All of these standards first appeared in the early to mid 1980s. The standards prescribe the formats, character sets, and data elements used in the exchange of business documents and forms. The complete X12 Document List includes all major business documents, including purchase orders (called "ORDERS" in UN/EDIFACT and an "850" in X12) and invoices (called "INVOIC" in UN/EDIFACT and an "810" in X12).



The EDI standard says which pieces of information are mandatory for a particular document, which pieces are optional and give the rules for the structure of the document. The standards are like building codes. Just as two kitchens can be built "to code" but look completely different, two EDI documents can follow the same standard and contain different sets of information. For example a food company may indicate a product's expiration date while a clothing manufacturer would choose to send color and size information.

b. Specifications

Organizations that send or receive documents from each other are referred to as "trading partners" in EDI terminology. The trading partners agree on the specific information to be transmitted and how it should be used. This is done in human readable specifications (also called Message Implementation Guidelines). While the standards are analogous to building codes, the specifications are analogous to blue prints. (The specification may also be called a mapping but the term mapping is typically reserved for specific machine readable instructions given to the translation software.) Larger trading "hubs" have existing Message Implementation Guidelines which mirror their business processes for processing EDI and they are usually unwilling to modify their EDI business practices to meet the needs of their trading partners. Often in a large company these EDI guidelines will be written to be generic enough to be used by different branches or divisions and therefore will contain information not needed for a particular business document exchange. For other large companies, they may create separate EDI guidelines for each branch/division.

c. Transmission

Trading partners are free to use any method for the transmission of documents. In the past one of the more popular methods was the usage of a bisync modem to communicate through a Value Added Network (VAN). Some organizations have used direct modem to modem connections and Bulletin Board Systems (BBS), and recently there has been a move towards using the some of the many Internet protocols for transmission, but most EDI is still transmitted using a VAN. In the healthcare industry, a VAN is referred to as a "Clearinghouse".

5. Write short note on a. Value Added Networks b. Internet c. Interpreting data

a. Value Added Networks

In the most basic form, a VAN acts as a regional post office. They receive transactions, examine the 'From' and the 'To' information, and route the transaction to the final recipient. VANs provide a number of additional services, e.g. retransmitting documents, providing third party audit information, acting as a gateway for different transmission methods, and handling telecommunications



support. Because of these and other services VANs provide, businesses frequently use a VAN even when both trading partners are using Internet-based protocols. Healthcare clearinghouses perform many of the same functions as a VAN, but have additional legal restrictions that govern protected healthcare information.

VANs also provide an advantage with certificate replacement in AS2 transmissions. Because each node in a traditionally business-related AS2 transmission usually involves a security certificate, routing a large number of partners through a VAN can make certificate replacement much easier.

b. Internet

Until recently, the Internet transmission was handled by nonstandard methods between trading partners usually involving FTP or email attachments. There are also standards for embedding EDI documents into XML. Many organizations are migrating to this protocol to reduce costs. For example, Wal-Mart is now requiring its trading partners to switch to the AS2 protocol.

c. Interpreting data

Often missing from the EDI specifications (referred to as EDI Implementation Guidelines) are real world descriptions of how the information should be interpreted by the business receiving it. For example, suppose candy is packaged in a large box that contains 5 display boxes and each display box contains 24 boxes of candy packaged for the consumer. If an EDI document says to ship 10 boxes of candy it may not be clear whether to ship 10 consumer packaged boxes, 240 consumer packaged boxes or 1200 consumer packaged boxes. It is not enough for two parties to agree to use a particular qualifier indicating case, pack, box or each; they must also agree on what that particular qualifier means.

EDI translation software provides the interface between internal systems and the EDI format sent/received. For an "inbound" document the EDI solution will receive the file (either via a Value Added Network or directly using protocols such as FTP or AS2), take the received EDI file (commonly referred to as a "mailbag"), validate that the trading partner who is sending the file is a valid trading partner, that the structure of the file meets the EDI standards and that the individual fields of information conforms to the agreed upon standards. Typically the translator will either create a file of either fixed length, variable length or XML tagged format or "print" the received EDI document (for non-integrated EDI environments). The next step is to convert/transform the file that the translator creates into a format that can be imported into a company's back-end business systems or ERP. This can be accomplished by using a custom program, an integrated proprietary "mapper" or to use an integrated standards based graphical "mapper" using a standard data transformation language such as XSLT. The final step is to import the transformed file (or database) into the company's back-end enterprise resource planning (ERP).



For an "outbound" document the process for integrated EDI is to export a file (or read a database) from a company's back-end ERP, transform the file to the appropriate format for the translator. The translation software will then "validate" the EDI file sent to ensure that it meets the standard agreed upon by the trading partners, convert the file into "EDI" format (adding in the appropriate identifiers and control structures) and send the file to the trading partner (using the appropriate communications protocol).

Another critical component of any EDI translation software is a complete "audit" of all the steps to move business documents between trading partners. The audit ensures that any transaction (which in reality is a business document) can be tracked to ensure that they are not lost. In case of a retailer sending a Purchase Order to a supplier, if the Purchase Order is "lost" anywhere in the business process, the effect is devastating to both businesses. To the supplier, they do not fulfill the order as they have not received it thereby losing business and damaging the business relationship with their retail client. For the retailer, they have a stock outage and the effect is lost sales, reduced customer service and ultimately lower profits.

In EDI terminology "inbound" and "outbound" refer to the direction of transmission of an EDI document in relation to a particular system, not the direction of merchandise, money or other things represented by the document. For example, an EDI document that tells a warehouse to perform an outbound shipment is an inbound document in relation to the warehouse computer system. It is an outbound document in relation to the manufacturer or dealer that transmitted the document.

6. Explain Advantages of using EDI and Barriers to implementation?

Advantages over paper systems

EDI and other similar technologies save a company money by providing an alternative to or replacing information flows that require a great deal of human interaction and materials such as paper documents, meetings, faxes, email, etc. Even when paper documents are maintained in parallel with EDI exchange, e.g. printed shipping manifests, electronic exchange and the use of data from that exchange reduces the handling costs of sorting, distributing, organizing, and searching paper documents. EDI and similar technologies allow a company to take advantage of the benefits of storing and manipulating data electronically without the cost of manual entry or scanning.

Barriers to implementation

There are a few barriers to adopting electronic data interchange. One of the most significant barriers is the accompanying business process change. Existing business processes built around slow paper handling may not be suited for EDI and would require changes to accommodate automated processing of business documents. For example, a business may receive the bulk of their goods by 1 or 2



day shipping and all of their invoices by mail. The existing process may therefore assume that goods are typically received before the invoice. With EDI, the invoice will typically be sent when the goods ship and will therefore require a process that handles large numbers of invoices whose corresponding goods have not yet been received.

Another significant barrier is the cost in time and money in the initial set-up. The preliminary expenses and time that arise from the implementation, customization and training can be costly and therefore may discourage some businesses. The key is to determine what method of integration is right for your company which will determine the cost of implementation. For a business that only receives one P.O. per year from a client, fully integrated EDI may not make economic sense. In this case, businesses may implement inexpensive "rip and read" solutions or use outsourced EDI solutions provided by EDI "Service Bureaus". For other businesses, the implementation of an integrated EDI solution may be necessary as increase in trading volumes brought on by EDI force them to re-implement their order processing business processes.

The key hindrance to a successful implementation of EDI is the perception many businesses have of the nature of EDI. Many view EDI from the technical perspective that EDI is a data format; it would be more accurate to take the business view that EDI is a system for exchanging business documents with external entities, and integrating the data from those documents into the company's internal systems. Successful implementations of EDI take into account the effect externally generated information will have on their internal systems and validate the business information received. For example, allowing a supplier to update a retailer's Accounts Payables system without appropriate checks and balances would be a recipe for disaster. Businesses new to the implementation of EDI should take pains to avoid such pitfalls.

Increased efficiency and cost savings drive the adoption of EDI for most trading partners. But even if a company would not choose to use EDI on their own, pressures from larger trading partners (called hubs) often force smaller trading partners to use EDI.

Netscape Commerce Server

DESCRIPTION

Netscape™ Commerce Server™ Version 1.12 for Open-VMS™ is software for conducting secure electronic commerce and communications on the Internet and other TCP/IP-based networks.

Netscape Commerce Server provides the capability to publish hypermedia documents using the HyperText Markup Language (HTML) and deliver them over the Internet and other TCP/IP networks using the Hyper-Text Transport Protocol (HTTP). To ensure data security, Netscape Commerce Server provides advanced security features such as server authentication, data encryption, data integrity, and



user authorization. Communications are based on open standards such as HTML, HTTP, the Common Gateway Interface (CGI), and the Secure Sockets Layer (SSL) protocol..

FEATURES AND BENEFITS

Integrated Security

Netscape Commerce Server provides integrated security features designed to allow secure electronic commerce and communications. Flexible user authorization controls access to individual files or directories using a user name and password, domain name, host name, IP address, or named groups.

Advanced security features are provided using the open SSL protocol, which has been published on the Internet and adopted by major providers of Internet hardware and software products, financial institutions, and certification authorities.

Secure Sockets Layer

SSL provides:

• Server authentication, which allows any SSL compatible client to verify the identity of the server using a certificate and a digital signature.

• Data encryption, which ensures the privacy of client/server communications by encrypting the data stream between the two entities.

• Data integrity, which verifies that the contents of a message arrive at their destination in the same form as they were sent.

SSL employs public key cryptographic technology from RSA Data Security, an established leader in Computer data security, and works with various encryption algorithms.

Netscape Commerce Server supports public key encryption and delivers server authentication using signed digital certificates. A digital certificate is used to associate an identity with a server’s public key. Digital signatures ensure the integrity and authenticity of information within a certificate. Netscape Commerce Server requires a signed digital certificate to operate securely;

Certification is an additional fee-based service. Pricing is available from your certification authority.

Encryption Support Netscape Commerce Server is available in both 40-bit and 128-bit encryption schemes. The difference between 128- and 40-bit encryption is, most notably, that the U.S. government restricts the export of 128-bit encryption but not the export of 40-bit encryption.128-bit encryption provides significantly greater



cryptographic protection than 40-bit encryption. It is now necessary to employ larger keys to counter the increasing computing power of potential criminals.

128 bits and 40 bits refer to the size of the key used to encrypt the message. 128-bit encryption is roughly

309,485,009,821,345,068,724,781,056 times stronger than 40-bit encryption. 40-bit encryption is not considered ‘‘strong’’ security in the cryptographic community. Even accounting for Moore’s Law, which states that computing power doubles about every 18 months, 128-bit encryption represents a very strong method of encryption for the forseeable future.

*****************


e Commerce

Documents

tcs vel tech

signed mou

security technologies

promotion of high proficiency

electronic payment methods

electronic commerce

group of colleges

training placements