-
Advantages of E-Commerce
Some advantages of e-commerce are discussed below:
Global reach: An e-commerce website is accessible to a global
audience. Only an Internet connection is required to connect to an
e-commerce website. Therefore, billions of users who browse the
Internet have access to the products and services displayed on an
e-commerce website. This is in contrast to the traditional methods
of conducting commerce in which the customers include only the
people living in and around the place where the seller sells the
products or services.
Instant availability: An e-commerce website is available 24
hours a day and 365 days a year. However, in traditional way of
conducting commerce, customers can purchase the products only
during working hours.
Systematic communication: An e-commerce website displays the
information of the products it is selling in a systematic and
organized manner. For example, if you are looking for information
about a book on a website, you can get additional information such
as the contents of the book, the reviews of the book, and the
authors views on the book. Youll also get information on the price
and availability of the book. All this information highly
influences your buying decision.
Reduced paperwork: A customer on the web specifies the required
information only to make a transaction. This information is far
less than the paperwork done in traditional commerce. For example,
earlier when a business organization exported its products
overseas, it was required to fill in several pages of information,
which was not only time-consuming but also frustrating. However,
with the evolution of e-commerce where limited information is
required, which is transferred electronically, the paperwork has
reduced significantly.
Easier entry into new markets: E-commerce enables new business
houses to easily enter into new geographical areas and start
selling. For this, the business house doesnt need to set up branch
offices at all geographic locations. Business organizations can now
present corporate data online. For example, publishers can expose
their catalog of books on www.amazon.com from where any potential
buyer can buy the book.
Lower transaction cost: The overall cost involved is less
because most of the transactions take place online. In addition,
customer service can be provided over e-mail. When a business house
plans to go online, it needs to invest money in setting the
infrastructure that includes creating and maintaining a website.
However, this investment is compensated by the increased number of
customers on the web, which in turn, increases the revenue for the
organization.
Flexibility: An e-commerce website gives organizations the
flexibility to build an order over several days, compare prices
offered by other shops, and search large catalogs.
Larger catalogs: An e-commerce website has large catalogs, which
a customer can browse through. It is practically not possible and
potentially more expensive for company to deliver large catalogs in
an ordinary mailbox. However, the large catalogs on an e-commerce
site provide you with extensive and organized information about the
product. In addition, you can compare similar products from
catalogs of several vendors.
Disadvantages of E-Commerce
The disadvantages of e-commerce are:
Hackers use various techniques to hack sites and steal
information. For example, hackers can steal credit card
information.
It is difficult to trust vendors offering products over the
Internet because there is no personal contact with the vendor.
M-Commerce
Another major step in the evolution of e-commerce is the ability
to conduct commerce by using mobile devices. This form of
e-commerce is called m-commerce. M-commerce allows you to connect
your mobile device to an e-commerce website and conduct business.
M-commerce provides you with the flexibility of doing business at
all times and from all places, without even requiring a PC with an
Internet connection.
-
Mobile phones can now connect to the Internet and bring
information to you when you are far from your PC. By using this
technology, people can connect their notebooks, laptops, handheld
PCs, and other devices to the web.
Wireless Application Protocol (WAP) is one of the technologies
that have made m-commerce possible. WAP is the transfer protocol
that allows you to access a mobile web application or an Internet
site from a wireless device, such as a mobile phone.
As mobile phone usage experiences unprecedented growth,
m-commerce is expected to develop significantly. M-commerce is fast
gaining popularity among mobile users because wireless devices
offer fast, secure, and scalable data delivery.
Some of the industries that have benefited by m-commerce
include:
Financial services, such as mobile banking and brokerage
services. With the development of m-commerce, it is possible for
you to connect to the website of your bank from your mobile device
and know your account balance. Similarly, you can get the latest
stock exchange details on your mobile device, which you can then
use to buy and sell stocks instantly.
Telecommunications sector, in which a handheld device can be
used for services such as bill payment and account reviews. For
example, it is now possible for you to pay your telephone bills
from your mobile device.
Information services, where a mobile device can deliver
information on varied areas such as sports and traffic. You can log
on to various entertainment websites including sports, horoscopes,
news, and so on and get updated information on your mobile
device.
FAQs
1. List the risks associated with e-commerce.
Ans: Various risks associated with e-commerce are as
follows:
Security risks: A person has to provide confidential data, like
credit card number, for buying products over the Internet. This
data can be hacked. Therefore, e-commerce faces security risks.
Risk of buying unsatisfactory products: A person is not able to
physically look and feel a product before purchasing it. The
purchased item may not satisfy the buyer.
2. Is e-commerce all about buying and selling of goods
online?
Ans:
No, e-commerce is more than the buying and selling of goods
online. E-commerce also includes the following activities:
Buying and selling of information Exchange of
business-to-business information Payment for bills Making donations
to charities Sharing business information and maintaining business
relationships
3. What is the difference between traditional commerce and
e-commerce? Ans:
In traditional commerce, the buyer and the seller interact
face-to-face with each other. The buyer can also physically feel a
product before purchasing it. In addition, in traditional commerce,
a buyer may not have to provide his/her personal information, like
address, to the seller. On the other hand, in e-commerce, a person
purchases a product without any interaction with the buyer. A buyer
is also not able to see and feel the product before purchasing it.
In addition, in e-commerce, a buyer has to provide personal
information, like his/her address, to the e-commerce website.
-
Virtual Mall
A virtual mall is a website for small-sized and medium-sized
businesses. A virtual shopping mall offers a standardized
environment in which products and services from several companies
or stores are displayed on a single website.
A virtual mall is an online marketplace that a customer can
reach, browse, and shop easily. Usually, a virtual mall displays
all related products. For example, several computer hardware
companies can come together to set up a virtual mall.
In addition, the mall can contain products from various
suppliers. Therefore, the consumer can get the advantage of
comparing products from several vendors and get all required
products on a single website. On the other hand, vendors benefit
from a wide range of potential customers, who might be interested
in buying their products or services. Hence, as with real malls,
virtual malls provide an opportunity to benefit both businesses and
consumers. For example, a virtual store, which is part of a virtual
mall, may catch the attention of a consumer who originally comes to
the mall to buy goods from another store. Thus, consumers benefit
from the opportunities for integration and coordination of goods
and services on the mall.
Some of the features of a virtual mall are:
Always open for business: A virtual mall is nothing but a
website. Therefore, unlike real malls, a virtual mall is open for
business round the clock. A customer can visit a virtual mall any
time to make an online purchase.
Secure administration: Each owner of a store in a virtual mall
is provided a password to protect and secure administration.
Therefore, owners can safely display their products without the
fear of their products and services being misused.
Comprehensive design: Virtual malls are comprehensively designed
to include detailed information about the products and services so
that customers are able to make a quick purchasing decision. In
addition, the customers can compare and choose products and
services offered by several business houses participating in the
virtual mall. Each store in a virtual mall may have a completely
unique design, inventory, and checkout process.
Electronic payment: Virtual malls allow customers to purchase
products and services electronically. Also, the payments made for
the purchase are sent electronically over the Internet. There are
several modes of payment supported by virtual malls that include
electronic cash, electronic checks, and credit cards.
Product and Service Categories As in traditional commerce, goods
sold in e-commerce can be categorized as hard goods, soft goods,
and services.
Hard Goods
Hard goods are physical items such as:
Books Auctioned items Computer hardware Amazon.com
(http://www.amazon.corn) and ebay (http://www.ebay.com) are two
popular sellers of books and other items. Companies such as CompUSA
(http://www.compusa.corn) sell computer hardware over the Web.
Soft Goods
Examples of soft goods include:
Software Music and videos Online documents
-
The Web is becoming a primary means for selling software such as
games, productivity applications, and antivirus packages.
Organizations such as the International Standards Organization
(http://www.iso.eh) sell standards documents online.
Services
Some examples of services include:
Stock trades Airline or travel reservations Employment services
E-mail services
Discount stockbrokers are no longer the only stock traders
option, customers can also perform stock transactions over the Web.
Similarly, airlines have found that many passengers prefer to
reserve tickets electronically. This helps in saving their time and
effort spent in buying tickets manually. Therefore, almost every
airline now offers services on the Web that allows customers to buy
tickets online.
Employment services, such as the Monster Board
(http://www.monster.com), have become extremely popular e-commerce
sites. In fact, many organizations have begun to offer e-commerce
services on their sites with an aim to become the predominant Web
portal.
Meeting Customer Expectations with Archetypes
Most e-commerce customers expect an e-commerce website to
present standard elements called archetypes. These archetypes help
make a customer's experience more interesting and generate repeat
visits. Several e-commerce site archetypes are summarized in the
table below.
Archetypes Description and Usage
Catalog/shopping cart
Best suited for hard and soft goods. This archetype is very
popular and operates on the premise of choosing items for purchase
by adding them to the customer's virtual shopping cart.
Time-based or usage-based
This archetype is best suited for selling services. A website
that serves as a game server might charge on the basis of user
connection time. A law firm might charge based on connection time
to its databases.
Subscription This archetype works equally well with either soft
goods or services. In many ways, this model uses a fixed time
period over which a fee is charged for the right to access
information or services, independent of actual usage. Many online
magazines and dating services are using this model.
Advertising This archetype is most often used for services but
also workable with soft goods. Many e-commerce sites base their
revenue on charging for advertising based on the number of users
who visit the website in a given period.
E-Commerce Archetypes
FAQs
1. What is a shopping cart program?
Ans:
A shopping cart program allows you to offer products to your
customers with an easy to use interface that generally allows them
to go to different web pages within your website and select items
to put in their
-
virtual shopping cart. When they have finished selecting the
products, the customers check out and the shopping cart program
calculates the total.
2. List some electronic banking channels.
Ans:
Some of the electronic banking channels are ATMs, the Internet,
telephones, and cell phone.
3. List various ways through which home entertainment can be
accomplished.
Ans: Home entertainment can be accomplished through hard drive
DVD recorders and pocket-size MP3 players. Apart from this, a
number of hard drive-based home audio systems are available from
specialist retailers. The advent of multimedia PCs is an added
advantage.
E-Commerce Models
The first step in the development of an e-commerce website is to
identify the e-commerce model. Depending on the parties involved in
the transaction, e-commerce can be classified into four models:
Business-to-Business (B2B) Model
The B2B model involves electronic transactions for ordering,
purchasing, as well as other administrative tasks between two
business houses. It includes trading goods such as business
subscriptions, professional services, manufacturing, and wholesale
dealings. Sometimes in the B2B model, business may exist between
virtual companies, neither of which may have any physical
existence. In such cases, business is conducted only through the
Internet. The following figure represents the B2B model.
B2B Business Model
Business-to-Consumer (B2C) Model
The B2C model involves transactions between business
organizations and consumers. These websites display product
information in an online catalog and store it in a database. The
B2C model also includes services such as online banking, travel
services, and health information. The B2C model of e-commerce is
more prone to the security threats because individual consumers
provide their credit card and personal information to the website
of a business organization. In addition, consumers might be
doubtful about their information being secured at the business
organization. The following figure represents the B2C model.
B2C Business Model
-
Consumer-to-Consumer (C2C) Model
The C2C model involves transaction between consumers. Here, a
consumer sells directly to another consumer. eBay is an example of
an online auction website that allows a consumer to advertise and
sell their products online to another consumer. However, it is
essential that both the seller and the buyer must register with the
auction site. While the seller needs to pay a fixed fee to the
online auction house to sell its products, the buyer can bid
without paying any fee.
The following figure represents the C2C model.
C2C Business Model
Consumer-to-Business (C2B) Model
The C2B model involves a transaction that is conducted between a
consumer and a business organization. It is similar to the B2C
model, however, the difference is that in this case the consumer is
the seller and the business organization is the buyer. In this kind
of a transaction, the consumer decides the price of a particular
product rather than the supplier.
This category includes individuals who sell products and
services to organizations.
The following figure represents the C2B model.
C2B Business Model
In addition to the models discussed so far, five new models are
being worked on that involves transactions between the government
and other entities, such as consumer, business organizations, and
other governments. All these transactions that involve government
as one entity are called e-governance. The various models in the
e-governance scenario are:
Government-to-Government (G2G) Model: This model involves
transactions between two governments. For example, if the United
States government wants to buy oil from the Saudi Arabian
government, the transactions will be categorized as G2G.
Government-to-Consumer (G2C) Model: In this model, the
government transacts with an individual consumer. For example, a
government can enforce laws pertaining to tax payments on
individual consumers over the Internet.
Consumer-to-Government (C2G) Model: In this model, an individual
consumer interacts with the government. For example, consumers pay
income tax and house tax.
Government-to-Business (G2B) Model: This model involves
transactions between a government and business organizations. For
example, the government plans to build a flyover. It requests for
tenders from various contractors. Government can do this over the
Internet by using the G2B model.
Business-to-Government (B2G) Model: In this model, the business
houses transact with the government. For example, business houses
can also pay their taxes through the Internet.
-
E-Commerce Architecture
The e-commerce architecture, when explained with respect to the
technology, can be divided into three layers: client, middle-tier,
and back-end systems.
Client
The client constitutes a personal computer or a mobile device
and a browser, such as Internet Explorer or Netscape Navigator for
surfing the Internet. The client forms the first tier of e-commerce
architecture. The browser provides a Graphical User Interface
(GUI), which is the medium through which the user interacts with
the server. The client then requests the server to perform a
specific task. It receives the content from the server and displays
it to the user.
Middle-Tier
When a client requests for information, the server retrieves it
from a storage location such as a database or any other data source
and sends it back to the client. The server acts as an intermediary
layer between a client and a database, and therefore, forms the
middle-tier of the technology domain. The components of the middle
tier are:
Application servers Web servers Web services Commerce servers
Server-side scripting languages
Back-End Systems
Databases form the third tier of the e-commerce architecture.
The database stores the details of all products and services that
are displayed on the web page of an e-commerce website. It also
stores the information regarding the customers such as customer
name, address, products ordered for, mode of payment, and mode of
delivery.
Technology Domain
FAQs
1. What is market-link transaction?
Ans:
Market-link transaction is another name for business-to-business
transactions.
2. What is encrypted e-mail?
-
Ans: Encrypted e-mail is encrypted by the sender's e-mail
program, which renders it unreadable until the recipient decrypts
it.
3. What are electronic bulletin boards?
Ans:
Electronic bulletin boards are online communication systems
where one can share, request, or discuss information on any topic.
They are also known as message boards or computer forums.
E-Commerce Transaction
E-commerce transaction is an exchange that occurs when one
economic entity sells a product or service to another entity over
the Internet. It takes place when a product or service is
transferred across a technologically separable interface that links
a customer with a producer. E-commerce transaction follows a
seven-step process that is as follows:
Step 1: Browsing for a Product
An e-commerce transaction begins when a customer visits an
e-commerce website. In this step, the customer searches, discovers,
and compares one product with another for purchase. At the end of
this step, a potential customer may be tempted to buy products that
are on sale or on promotion. For example, consider that you need to
buy a digital camera. You can visit several websites that sell
digital cameras. You can then search for detailed information about
cameras on all these websites and also compare the features of
various models of cameras sold over the same or different
websites.
Step 2: Identifying and Listing the Products
In this step, the customer selects the products, negotiates or
determines their total price, and then adds them to their shopping
cart. The list consists of products that the customer has selected,
their quantities, prices, attributes, such as color and size, and
any other feature related to the product. A customer can always
clear the list, remove individual items from it, and also update
quantities of the products. Continuing with the example discussed
in the previous step, in this step, you add the digital camera that
you selected to your shopping cart, which might already include
several other products.
Step 3: Placing the Order
When the customers complete selecting the items for purchase
from an e-commerce site, they proceed to place an order. The
website displays a form to the customers to enter their personal
details, shipping and billing address information, and the mode of
delivery. It also allows the customer to choose the shipping mode.
The customers might also add some additional information for
ancillary services such as gift, greeting, and gift-wrapping. In
this step, you place an order for the digital camera. This includes
filling in the registration and the order form. You also need to
specify the mode of shipping.
Step 4: Confirming the Order
In this step, the e-commerce website calculates the taxes and
shipping charges applicable to the product to be delivered. Next,
the order is confirmed and the customer is intimated about the
total payment to be made for receiving the products. The final cost
is displayed to the customer and the payment information is
requested. The validity of the information entered by the customer
is then verified in the background. If the information is correct
and acceptable, order confirmations are created. Once the
verification is done, the order is confirmed.
Step 5: Making the Payment
-
In this step, the customer makes the payment for the products.
The mode of payment varies with the type of transaction. There are
various modes of payment such as credit cards, electronic checks,
and electronic cash.
Step 6: Verifying and Approving the Purchase
In this step, the mode of payment is verified. Consider an
example in which a customer makes the payment through a credit
card. Now, the validity of the credit card needs to be verified. It
is checked whether the credit card account contains sufficient
funds and the number entered is correct. The authorization of the
credit card is also verified. After the verification is over, the
business website approves the purchase of the product and the
customer is supplied with a proof of payment. The credit card
information that you specify for the payment of the digital camera
is verified with the help of a third party, and if it is fine, the
purchase is approved.
Step 7: Processing the Order
The last step in an e-commerce transaction is to process the
order, after which the products ordered by the customer are
delivered or shipped by using the mode of delivery chosen.
FAQs
1. What is OMC cycle?
Ans:
OMC cycle refers to the order-to-delivery cycle from the
merchants perspective. It consists of eight steps namely order
planning and order generation, cost estimation and pricing, order
receipt and entry, order selection and prioritization, order
scheduling, order fulfillment and delivery, order billing and
account/payment management, and post-sales service.
2. List the phases involved in the business process model from
the consumers perspective.
Ans:
There are three phases in the business process model from the
consumers perspective. They are as follows:
1. Prepurchase determination: It involves searching and
selecting a product after comparing its features from various
sites.
2. Purchase consummation: It involves placement of the order,
authorization of payment, and receipt of payment.
3. Postpurchase interaction: It involves providing feedback to
the e-commerce site based on the purchase.
Digital Cash
Digital cash is the electronic equivalent for currency. Digital
cash is either stored on the chip of a smart card or on the PC of a
consumer. Digital cash has gained popularity with the increase in
the volume of electronic business. It combines computerized
convenience with security and privacy. The versatility of digital
cash opens up a host of new markets and applications.
Digital Cash is the leader in the electronic cash system. It has
implemented secure transactions with the use of cryptography.
Although it is a software-based program, Digicash requires the user
to possess an account with an online bank.
Digital cash is based on cryptographic systems called digital
signatures. This method uses very large integers known as numeric
keys. These keys exist as a pair and always work together, one for
encryption or locking and the other for decryption or unlocking.
Only the decryption key of the pair can unlock whatever is locked
by the encryption key. The encryption key remains private while the
decryption key is
-
made public. Banks provide their buyers and sellers with the
public key. Therefore, the customers can decode any currency that
has been encoded with the banks private key.
Digital cash can be implemented by using the Wallet and
point-of-sale programs. Wallet is a program that stores digital
cash. When a wallet is used in a digital transaction, both the
buyer and the seller need to implement the same type of wallet.
This is because wallets do not follow a standard format. The
point-of-sale program integrates the website, the wallet program of
the buyer, and the wallet program of the seller. This program also
initiates the transfer of funds between the buyer and seller,
validates, and logs the transaction.
Properties of Digital Cash
To act as an effective medium of payment, digital cash must have
the following properties:
Monetary value Interoperability Accessibility Security
Monetary value: Digital cash must have a monetary value. It must
be supported by cash, bank-authorized credit, or a bank-certified
cashiers check. The creation and acceptance of digital cash between
any two banks must take place smoothly. A bank certification is
very important for digital cash to be valid. If there is no bank
certification, it could imply that the customer who is making the
purchase does not have enough funds in his or her account.
Interoperability: Digital cash must be interoperable. In other
words, it should be possible to exchange digital cash with another
type of digital cash, goods, or services. All the banks must
provide support for digital cash to promote its use.
Accessibility: People using digital cash should be able to store
it as well as withdraw it whenever required. Digital cash can be
stored on a remote computer or portable devices such as a Personal
Digital Assistant (PDA) along with proper security measures. There
should be a provision for an authentication process, such as the
use of passwords.
Security: When digital cash is exchanged, there should be no
scope for malpractices such as copying or manipulating it. The
security aspect of digital cash should be able to prevent or detect
duplication and double spending. Sometimes, a consumer might use
the same digital cash simultaneously for carrying out transactions
in different countries. This is an instance of double spending.
Electronic Wallet
An electronic wallet serves a function similar to a physical
wallet. It holds credit cards, electronic cash, owner
identification, and owner contact information. Some electronic
wallets also contain an address book.
Electronic Checks
The electronic check, also known as digital check, is an
electronic document containing information like name of the payer,
his/her account number, the name of the bank, the name of the
payee, and the amount to be transferred. It has a digital signature
equivalent to the signature on a traditional check.
Electronic checks are the same as paper checks except that
digital signatures are used for signing and approving them. In
addition, digital certificates are used to authenticate the payers,
their banks, and their accounts. Digital checks that use digital
signatures implement cryptography to maintain the security and
authenticity of digital checks.
Electronic checks facilitate online services in the following
ways:
The seller can verify the validity of the available funds at the
buyers bank. Security is enhanced at every stage of the transaction
process through automatic validation of the
electronic signature by the seller and the bank. The EDI-based
electronic transaction facilitates payment integration.
-
Electronic checks are transferred through direct telephone lines
or the Internet. These payments are collected by the banks and
cleared through their networks.
Processing of Electronic Checks
The steps involved in the processing of electronic checks
are:
1. The electronic check users register with a third-party
accounts server before they are able to write electronic checks.
For example, Jack wants to transact with IBG, Inc. by using
electronic checks. To be able to do this, Jack first needs to
register with a third party.
2. After the registration process is complete, a consumer can
contact a seller to buy products or services. Consumers send an
electronic check to the seller by using e-mail. For example, after
registering, Jack can make an online purchase from IBG Inc.
3. After the electronic check is deposited, funds are
transferred from the account of the buyer to that of the seller.
For example, when the electronic check signed by Jack is deposited,
the third party makes the payment to IBG, Inc. by withdrawing funds
from Jacks account.
Credit Card
The following processes take place during a credit card
transaction:
Authentication: It ensures that the credit card accepted from
the customer is valid, has actually been issued, and is not
reported stolen.
Authorization: It ensures that the card has sufficient credit
available for the purchase. If the card has sufficient credit, the
credit limit of the customer is temporarily reduced by the value of
the transaction. Authorization can be obtained in the following
ways:
Manual: The storeowner downloads the details of the transaction
from the web server, and then requests authorization by using
various methods such as a point of sale (POS) terminal or a
personal computer (PC) program.
Automatic: The server obtains online authorization by
communicating directly with the computer of the credit card
processing company. Although automatic authorization is mostly
preferred, it is more complex and costly.
Settlement: Once the products are shipped or delivered to the
customers, the company informs the banks by issuing a capture
request, which is a request for settlement. The banks then release
the previously reserved funds, and the money is transferred to the
account of the company through numerous banks and
intermediaries.
Security plays a very important role when using credit cards for
online transactions. Many companies have offered various software,
such as iAuthorizer by Atomic Software, for conducting a secure
transaction while using credit cards.
Several vendors have developed software for both the sellers and
the banks. The software allows the sellers to buy a single package
integrated with the Web server. This combination serves as an
electronic store and a payment system. The buyers interact with the
store to purchase any product by using their own browser. The
software allows the banks to use their computer systems for
verifying and processing the encrypted credit card information.
The credit card payment process involves two steps:
1. Sellers provide the buyer with the product or service price,
confirmation of order, status, delivery process, and payment
options.
2. The buyers provide the seller with the payment choice and
other essential information in a secured way.
-
Types of Credit Card Payments
The payments made by credit cards can be of three types:
Payments by using unencrypted credit card information: This is
the easiest method of credit card payment. Here, payments are made
through the exchange of unencrypted credit card information over
public networks such as a telephone or the Internet. This method of
exchange has a very low level of security. Any hacker can read a
credit card number and use programs that scan the Internet traffic
for credit card numbers.
Payments by using encrypted credit card information: The first
step towards entering the credit card information into a browser is
the encryption of data. This helps to send the credit card number
securely over the network from the buyer to the seller. To make a
credit card transaction truly secure, the following steps should be
performed: a. The buyer sends the credit card information securely
to the seller. b. The seller validates the authenticity of the
buyer. c. The buyer sends the credit card information to the bank
or a processing party. d. The bank or the processing party sends
the information to the buyers bank for approval of
authorization. e. The buyers bank sends back the authenticated
credit card information to the seller.
Payments by using third-party verification: The introduction of
a third party has helped to secure and solve problems related to
credit card transactions. The third party collects and approves the
payment scheme of the buyer. The third party secures the credit
card transaction by ensuring that the credit card number is not
transmitted over the Internet. The buyer or the seller here does
not need to purchase any hardware or install any software to use
this payment system. Sellers and buyers only need an Internet
mailbox and a third-party account. Sellers who do not have Internet
servers to handle the sales directly are supplied with a server by
the third party. Payments by using third-party verification involve
the following steps:
1. The buyer fills up a registration form supplied by the third
party and acquires an account number. This gives the third party a
customer profile.
2. When buyers make a purchase, they request the sellers for the
item by giving their third-party account number.
3. The sellers derive information about the buyers account
number from the third-party payment server.
4. The third-party payment server checks the buyers account
balance and verifies their account numbers to the sellers.
5. The third-party payment server sends an electronic message
regarding the product to the buyer to which the buyer responds.
6. If the buyer agrees to buy the product, the third-party
payment server informs the seller and the buyer to download the
materials immediately.
7. After completing the purchase, the buyer sends a confirmation
of the purchase to the third party. If a buyer does not pay for a
product received, the buyers account is suspended.
By using these methods, buyers can purchase goods and services
on the Internet.
Credit Cards Vs. Charge Cards
A credit card enables you to make purchases for which you are
billed later. Most credit card accounts allow you to carry a
balance from one billing cycle to the next. However, you need to
pay interest on that balance. Usually, you need to pay a minimum
amount of your balance each time you receive a bill.
A charge card is a specific kind of a credit card. The balance
on a charge card account is payable in full when the statement is
received and cannot be rolled over from one billing to the next.
Because you cannot carry a balance, a charge card does not have a
periodic or annual percentage rate.
-
Smart Card
A smart card is a plastic payment card with a microchip. It
holds private user information such as financial information and
offers consumers more security than traditional methods. The design
enables the card to serve many additional functions that the
typical credit card cannot provide. A smart card can supplement SSL
for improved security of Internet transactions. They can also serve
as a convenient, portable storage medium of personal data. The
primary advantages of smart cards are portability, security, and
convenience.
VeriSign
VeriSign is a payment service. It simplifies e-commerce by
providing payment connectivity over the Internet, between online
customers, merchants, buyers, sellers, and the financial networks
that move money between them. It is easy-to-use, secure, and
cost-effective. From high volume businesses with complex online
requirements to businesses just getting started on the web, it has
a payment solution that fits everybodys needs.
FAQs
1. While using electronic checks, how can forgery be
eliminated?
Ans:
Forgery can be virtually eliminated by electronic check through
digital signatures, automatic verification, and PIN-protected
hardware signing keys.
2. What are the important points that need to be taken into
consideration to make any payment method successful?
Ans:
The points that must be addressed for any new payment method to
be successful are privacy, security, intuitive interface, database
integration, brokers, pricing, and standard.
3. List some of the desired characteristics of digital
money.
Ans:
Some of the desirable characteristics of digital money are as
follows:
Universally accepted Electronically transferable Nonstealable
Private
4. What are the advantages and disadvantages of Payment
Cards?
Ans: Following are the advantages of payment cards:
Payment cards provide fraud protection. Payment cards have
worldwide acceptance. Payment cards are good for online
transactions.
The disadvantage is:
Payment card service companies charge merchants per-transaction
fees and monthly processing fees to the card holder.
-
Information Flow Without EDI
Let us consider an example in which Harry sends a purchase order
to a company called XYZ Ltd. without using EDI. The entire
transactions without EDI are sequentially ordered as follows:
1. Harry sends a purchase order to a company. 2. The relevant
data to prepare the purchase order is extracted from the internal
database and recorded
on a hard copy. Then, the hard copy of the purchase order is
sent to XYZ Ltd. 3. XYZ Ltd. receives the information through
courier or fax. 4. The data entry operators of XYZ Ltd. manually
enter this information into the internal information
systems.
Overheads Involved in the Above System
The various overheads involved in the flow of information
without implementing EDI are:
This process is very time-consuming and involves overhead costs
in transmitting documents manually.
An error might be introduced while entering data manually in the
internal information systems.
Therefore, there was a need for automating the information flow
and facilitating management of the business process. This can be
achieved by using EDI.
Benefits of EDI
The benefits of EDI are as follows:
It increases business opportunities, not only with the
government, but also with many private sector trading partners.
It improves the overall quality through:
Better record-keeping
Fewer errors in data Reduced processing time
Less reliance on human interpretation of data Minimized
unproductive time
It permits faster and more accurate filling of orders. This
helps reduce inventory and assists you in "Just-in-Time" inventory
management.
It reduces: Distribution time for mailing Elimination of lost
documents
Postage and other mailing costs Order time through faster order
processing
There is high customer satisfaction with faster response to
orders, with less paper to handle. Orders are filled and delivered
faster. It provides accurate information and audit trails for the
transactions. This enables you to identify
areas offering greatest potential for efficiency and improvement
or cost reduction.
FAQs
1. How are digital signatures helpful in EDI transactions?
Ans:
Digital signatures are the most effective, secure, and easy-to
implement method of providing accountability while enabling E
transactions.
-
2. How can a company use EDI?
Ans: A company can use EDI by computerizing accounting records.
The trading partners of the company should agree to exchange EDI
transactions.
3. What are the disadvantages of EDI?
Ans:
Following are the disadvantages of EDI:
Expensive for low volume transactions. Not every partner is
willing to participate. Complex to integrate all business
processes.
EDI Components
The EDI system consists of four essential components:
EDI agreements EDI standards EDI networks EDI implementation
EDI agreements define the way a business will be pursued
electronically. EDI agreements include two components, data
interchange procedures and conflict resolution strategies. An
agreement has two perspectives for these components, legal and
technical. For example, if the legal requirement specifies that a
message should expire within a certain period of time, then you
also need to specify the technical requirements for ensuring that
the message expires after that time.
EDI standards aim at standardizing the data interchange between
diverse trading partners. For example, a banking organization may
have to interface with varying customers. Each of these customers
might have a separate set of standards for sending data to the
banking organization.
Implementing EDI with diversity in standards is difficult.
Therefore, an EDI system must define and follow standards.
Desirable properties of an EDI standard are:
Ready-to-use Able to integrate and adapt Hardware and software
neutral Unbiased towards any specific trading partner
XML has been an important breakthrough in the field of EDI
standards as it satisfies all of the above properties.
EDI network deals with EDI communication and transmission. EDI
communication specifies the communication protocol. It specifies
the type of encoding of the electronic documents between the
trading partners. EDI transmission deals with the transmission
medium to be used for EDI. This medium can be the Internet or VANs.
Note that the EDI transmission medium should be independent of the
protocol used for communication between the trading partners.
EDI implementation refers to the actual implementation of
software for EDI and its operation. The formatting, coding,
decoding of electronic documents, implementation of standards and
agreements, and interfacing with the EDI network are done by the
EDI software. Apart from the above functions, nowadays vendors
provide various additional EDI functions, such as support for
multiple EDI standards of different countries or trade
organizations, integration with non-EDI components, and various
types of encryption and decryption schemes. EDI implementation
interfaces between the EDI network and standards and the business
application.
-
FAQs
1. Where can you see a format for an EDI agreement?
Ans: Various EDI agreements formats and samples are available on
the web. For example, the URL www.gea.nu/edi/ediavt98/ediagre.pdf
provides a template of an EDI agreement.
2. Give an example of EDI standards.
Ans: Trade organizations have developed standards for use in EDI
for their sectors. For example, TRADACOM is a UK EDI standard,
which is prevalent in the retail and catering sector. Another
example is the ANSI X12 is a national standard used in North
America.
3. How do VANs work?
Ans: VANs are protocol independent networks that support
synchronous and asynchronous communication for EDI systems. VANs
are store-and-forward systems that use the concept of postboxes and
mailboxes where a sending endpoint, sends a message to a postbox
where it is stored till it is forwarded to the receiving endpoints
mailbox.
4. Can we consider EDI Security as a component of EDI
systems?
Ans:
Yes, we can consider EDI security as a component of EDI systems.
Actually, EDI security is a subcomponent in all the components of
EDI system from agreements to implementation. Security is a prime
concern when business related documents are exchanged over
vulnerable networks.
Workflow Management and E-Commerce
Workflow management is the process of definition, management,
and automation of various business processes in an organization,
where each business process is a sequence of work activities.
Workflow management is essential for an organizations B2B
e-commerce. An organization, which has successfully implemented
intraorganization e-commerce through workflow management, has a
higher probability of succeeding in the B2B domain.
Within an organization, workflow management integrates varying
operations of different business processes. An e-commerce system
consists of three components: data management, workflow processes,
and commercial operations. Workflow processes are collaborative
actions where participants efficiently and effectively follow
business procedures and regulations to achieve business objectives.
To facilitate intraorganization e-commerce, a workflow management
system must be capable of handling these workflow processes. In
addition, workflow management systems should also be capable of
handling commercial operations.
SCM
SCM is the process of planning and implementing supply chain
operations in order to meet customer requirements. A supply chain
is a system of activities and resources that helps in moving a
product from the supplier to the customer. Key supply chain
activities include production planning, purchasing, materials
management, distribution, customer service, and sales
forecasting.
In the traditional supply chain model or the push model, the raw
material suppliers are at one end of the chain. They are connected
to the manufacturer and distributor, who in turn are connected to
the retailer
-
and the end customer. Although the customer is the main source
of profit in a supply chain, this model involves serving the other
entities as much as the customer.
In addition, this model involves a lot of paperwork. As a
result, most organizations are shifting towards the pull model,
which is driven by e-commerce. In the pull model, the members of
the supply chain can establish direct electronic connections with
the customer. The customers here are better informed and have a
direct voice in the supply chain.
E-commerce creates a much more efficient supply chain, which
benefits both the customers and the manufacturers. Organizations
can meet customer needs more efficiently, carry fewer inventories,
and send goods to markets quickly.
Impact of E-Commerce on SCM
E-commerce and the Internet are fundamentally changing the
nature of supply chains. The result has been the emergence of new
B2B supply chains that are consumer-oriented rather than
product-oriented. They also provide customized products and
services.
E-commerce impacts SCM in the following ways:
Cost Efficiency: E-commerce allows organizations to handle
documents without financial and time investments, as required in
the traditional document delivery systems. Through e-commerce,
organizations can reduce costs, improve accuracy of data,
streamline business processes, accelerate business, and improve
customer service.
Flexibility in Distribution Systems: E-commerce allows
businesses to flexibly manage the complex movement of data and
products between businesses, suppliers, and customers.
Customer Orientation: E-commerce helps organizations to provide
better services to their customers. E-commerce allows customers to
access product information, place delivery orders through the
Internet, track shipment, and pay bills from any location.
Freight Auditing: E-commerce ensures that each freight bill is
reviewed efficiently for accuracy. This greatly reduces the risk of
overpayment. It also eliminates countless hours of paperwork and
the need for a third-party auditing firm. By intercepting duplicate
billings and incorrect charges, a significant percent of shipping
costs can be recovered.
Shipping Documentation: E-commerce reduces the need for manual
intervention because bills and other related shipment documents can
be automatically produced. Paperwork is significantly reduced and
the shipping department is therefore more efficient.
Online Shipping Inquiry: E-commerce gives instant shipping
information access to anyone in the company from any location.
Parcel shipments can be tracked and proof of delivery quickly
confirmed. A customer's transportation costs and performance can be
analyzed, thus helping the customer to negotiate rates and improve
service.
FAQs
1. What is the purpose of having a virtual organization
structure?
Ans: A virtual organization structure aims at integrating the
economic activities and other business processes across the
organizational hierarchy without hard-coding them. It is a flexible
representation of the hierarchy of an organization. This
facilitates integration of business processes.
2. Are inter and intra organization e-commerce distinct and
unrelated?
Ans: No. Intraorganization e-commerce supports interorganization
e-commerce.
3. Is business-to-consumer e-commerce different from
intraorganizational e-commerce?
Ans:
-
Yes. Business-to-consumer e-commerce is the one that facilitates
e-commerce operations between a business and its consumer. It is
not restricted to within a business, as is the case with
intraorganizational e-commerce.
4. Is workflow management specific to intraorganization
e-commerce?
Ans:
No. It applies to interorganization e-commerce also.
SSL
SSL is an encrypted communication protocol that you use to
implement security by switching a website into the secure mode. SSL
prevents transactions between a company and its customers from
packet-sniffing attacks.
Information is exchanged over the network in the form of data
packets. A packet-sniffer can easily sniff these data packets. A
packet sniffer is a utility that plugs into computer networks and
sniffs the data packets without modifying them in any way. To
prevent packet-sniffing, digital keys are used that allow the
server to lock the data packets before sending them. This enables
only a legitimate user to unlock the packets and view their
contents.
Another method of implementing security of the data transferred
over the web is by using SSL. Using SSL into your system involves
simply installing a digital certificate and turning on its SSL
capabilities. Alternatively, you can enable SSL on the web server
to implement secure mode encryption.
Firewalls
A firewall is a security mechanism that allows users with
special rights to access a protected network. However,
unauthenticated users are denied access to the protected websites
on the Internet. It is important to note that a firewall can only
prevent the corporate data against user threats, but it cannot
protect against viruses.
Firewalls are mainly used to protect sites that involve
financial transactions. A selection basis is applied while granting
access to external users. The selection procedure is based on the
user name and password, Internet Protocol (IP) address, or domain
name. For example, a vendor could permit entry to its website
through the firewall only to those users with specific domain names
belonging to customer companies.
Firewall Between the Corporate Network and the Internet
Notice that the firewall system is located at a point where a
website connects the Internet. However, this can be located at
internal points to provide protection for a smaller collection of
host computers or subnets.
CERT
CERT is the Internetwide security organization that helps stop
computer crime. Over a decade ago, a group of researchers met to
study and eliminate the infamous Internet Worm attack. The
National
-
Computer Security Center, part of the National Security Agency
(NSA), initiated a series of meetings to figure out how to respond
to future security breaks that might affect thousands of people.
Soon after that meeting of security experts, DARPA (Defense
Advanced Research Projects Agency) created the CERT Coordination
Center (CERT/CC). CERT/CC provides information about the security
of networked computing systems. CERT members are responsible for
setting up an effective and quick communications infrastructure
among security experts so that future security breakouts can be
avoided or quickly terminated. In the first 10 years of its
existence, CERT has responded to more than 14,000 security events
and incidents occurring with the U.S. government and in the private
sector.
FAQs
1. How do hackers pose a security threat to the organizational
resources?
Ans:
Hackers can monitor traffic on networks by directly connecting
to the organizations on a network. Hackers use search routines to
move through packages across the Internet. They search for any
password or code, which is being set by any business transaction.
After tracing the route, they break into the systems that store
sensitive information and data. For example, hackers can hack the
data that contains personal information of their customers and then
tamper with this data in several ways.
2. What is a virus?
Ans: A virus is a program that infects other programs by
modifying these programs to include its copy. Viruses can easily
replicate themselves to spread to other computer systems. Viruses
are responsible for various security breaches. For example, they
can alter data in files, change disk assignments, create bad
sectors, decrease fee space on disk, destroy File Allocation Table
(FAT), erase specific programs, format specific tracks or entire
disk, hang the system, overwrite disk directory, suppress execution
of RAM resident programs, write a volume label on the disk, and so
on.
3. What are worms and how are they different from viruses?
Ans:
Worms are programs that replicate themselves from system to
system without the use of a host file. A worm is similar to a virus
by its design, and is considered to be a subclass of a virus. Worms
spread from computer to computer, but unlike a virus, it has the
ability to travel without any help from a person. A worm spreads
more rapidly than a virus.
4. What are the advantages of Kerberos authentication
mechanism?
Ans:
Various advantages of Kerberos authentication mechanism are as
follows:
It offers more security. It can work with any client logon
method. It uses the standard Microsoft policy control. It is
platform independent.
S-HTTP Protocol
S-HTTP provides a number of security features. These
include:
Client and server authentication Spontaneous encryption
S-HTTP operates at the topmost layer of the protocol suitethe
application layer. It provides:
Symmetric encryption for maintaining secret communications.
-
Public-key encryption to establish client/server authentication.
Message digests for data integrity.
S-HTTP sets up security details with special packet headers that
are exchanged in S-HTTP. The headers define the type of security
techniques, including the use of private-key encryption, server
authentication, client authentication, and message integrity. A
secure envelope encapsulates a message and provides secrecy,
integrity, and client/server authentication.
Security Protocols
Some of the security protocols are Open Buying on the Internet
(OBI), Internet Open Trading Protocol (IOTP), and Transport Layer
Security (TLS). These protocols are explained below.
OBI
OBI is sponsored by American Express and facilitated by Supply
Works Inc. OBI ensures that the purchaser is appropriately
identified and his or her spending capabilities are authorized
before a purchase is completed. After purchasing, the invoicing and
payment are handled electronically without user intervention. OBI
uses EDI for purchase order transfer and invoicing. OBI follows the
B2B model.
IOTP
IOTP defines trading protocol options. These options tell the
consumer how the transaction will occur and the available payment
options. The transaction details can be handled dynamically. For
example, a vendor may give a discount if a consumer uses a credit
card that is preferred by the store, or a certain item is purchased
in bulk. IOTP can be used for B2B and B2C models. IOTP uses
eXtensible Markup Language (XML) to describe transactions.
TLS
TLS is a security protocol that works largely in the same way as
SSL. TLS protocol provides security to the information exchanged
between clients and servers. By using TLS, the server can verify
the identity of the client before allowing the user to log on to
the server.
Site Identity Certification
For SSL to work, a company needs an authentication certificate,
which is a digital ID from a trusted third-party source that can
assure the customers of the companys identity. This certificate is
either called SSL certificate or site identity certificate. SSL
certificates allow a web browser to verify the identity of the
company, and check the credentials of the website, which is being
displayed to the customer. If hackers try to redirect the browser
to their own sites, the certificate will not match with that of the
hacker, and the browser will display an error.
FAQs
1. How does an applet pose a security threat to the computer
system?
Ans: Applets are the Java programs that are downloaded and
executed into the clients computer. Thus, if a malicious applet
gets introduced to the clients computer, it can perform various
nefarious functions. These applets could corrupt data on your hard
disk, reveal your private data to third parties, turn your machine
into a hostile listening post, or infect your machine with a
virus.
2. What is the difference between SSL and S-HTTP?
Ans:
-
The main difference between SSL and S-HTTP is the layer at which
they operate. SSL operates at the transport layer while S-HTTP
operates at the application layer. Encryption of the transport
layer allows SSL to be application-independent, while S-HTTP is
limited to the specific software implementing it. These protocols
adopt different philosophies towards encryption as well. For
example, with SSL, the entire communications channel is encrypted,
whereas with S-HTTP, each message is encrypted independently.
S-HTTP allows a user to produce digital signatures on any messages
(not just specific messages during an authentication protocol), a
feature that SSL lacks.
E-Commerce Threats
The various threats to e-commerce are:
Communication Channel Threats: The data transmitted over a
network is passed through several computers of various networks.
The data passed is not safe and can be hacked. The message can be
altered or completely removed from the network.
Secrecy Threats: Both secrecy and privacy of the transactions
need to be maintained. Secrecy is prevention of unauthorized
information disclosure. Privacy is the protection of individual
rights to disclosure. Hackers use special software called sniffer
programs to record information that passes through a particular
computer while traveling on the Internet.
Integrity Threat: All the security measures should work together
in order to prevent unauthorized disclosure, destruction, or
modification of assets. Cyber vandalism, the electronic defacing of
an existing website, is an example of integrity violation. Cyber
vandalism occurs whenever individuals replace a websites regular
content with their own. Masquerading or spoofing is another means
of creating havoc on websites.
Necessity Threats: The purpose of necessity threats is to
disrupt normal computer processing or to deny processing entirely.
A computer that has experienced a necessity threat slows processing
to an intolerably slow speed.
Server Threats: Servers have vulnerabilities that can be
exploited by anyone determined to cause destruction or to illegally
acquire information. One entry point is the Web server and its
software. Other entry points are any back-end programs containing
data, such as a database and its server. Perhaps the most dangerous
entry points are Common Gateway Interface (CGI) programs or utility
programs residing on the server. While no system is completely
safe, the commerce server administrators job is to ensure that
security policies are documented and considered in every part of
the electronic commerce system. Web server software is designed to
deliver Web pages by responding to HTTP requests. Servers are
exposed to security threats continually because they are always
online. A common and simple form of a threat to a server is a
Denial-of-Service (DoS) attack. In this type of threat, the server
is intentionally bombarded with so many false requests that the
server is unable to respond to the real requests. In addition, an
unauthorized user may gain access to a server either as an
administrator and then modify the Web pages or copy sensitive data
stored on the server.
Database Threats: E-commerce systems store user data and
retrieve product information from databases connected to the Web
server. Besides product information, databases connected to the Web
contain valuable and private information that should never be
disclosed or altered. Most modern, large-scale database systems use
extensive database security features that rely on usernames and
passwords. Security is enforced in databases through the use of
privileges that are stored in the database.
Encryption
Encryption refers to the coding of information by a
mathematically based program and a secret key to produce a string
of characters. The program that transforms text into cipher text is
called an encryption program. Upon arrival, each message is
decrypted by using a decryption program.
The three types of encryption are:
Hash Coding: It is a process that uses a hash algorithm to
calculate a hash value from a message. Asymmetric Encryption: It is
also known as public-key encryption. It encodes the messages by
using two mathematically related numeric keys, a public key and
a private key.
-
Symmetric Encryption: It is also known as private-key
encryption. It encodes the message by using a single numeric key
that is used to encode and decode the data.
Asymmetric Encryption
Asymmetric encryption is commonly known as public-key
encryption. This type of encryption uses two keys for its
functioning, one for encrypting the data and the other for
decrypting the data. Here, two parties who are not known to each
other can also conduct a transaction.
Both the parties involved in the transaction are given a pair of
keys. One key is given to encrypt a message and the other key to
decrypt a message. The decryption is public, a common key that is
widely distributed and is disclosed to the other party. The private
key, on the other hand, is a secret key whose confidentiality is
known only to its owner. In asymmetric encryption, the private key
is not exchanged because communication takes place only through the
public keys. The following figure shows asymmetric encryption.
Asymmetric Encryption
In the preceding diagram, both Maria (sender) and XYZ Ltd.
(receiver) have a public key as well as a private key or secret
key. Maria writes a message in plain text. She then obtains the
public key of XYZ Ltd. from a public directory and uses it to
encrypt the message. After encryption, the message changes to
cipher text and is then sent to XYZ Ltd. After receiving the
message, XYZ Ltd. uses its secret key to decrypt the message and
reads it in plain text.
Anyone who can access the recipients public key can send an
encrypted message. However, when it comes to decryption, only the
recipient can decrypt it by using the secret key. An encrypted
message uses a public key and can only be decrypted by its
corresponding private key. Therefore, the person who owns the
private key can only decipher the data. This is a very secure
method of transferring data over a network.
Here is another example. Maria has sent a message to XYZ Ltd.
Maria wants to convince XYZ Ltd. that the message sent is actually
from her. In this case, she encrypts the message with the private
or secret key. When XYZ Ltd. receives the message, it can decrypt
it with the public key, which it can obtain from a public
directory. In this case, all organizations or people who can obtain
a public key for the corresponding private key can decrypt the
message. As a result, this method is not very secure.
Asymmetric encryption does not require a communication channel.
In fact, messages can be safely sent to people whom you have never
seen. This method can be used to exchange business documents and
perform electronic transactions in a secure way.
Features of Public-Key Encryption
The features of public-key encryption are as follows:
The combination of keys required to provide private messages
between a large number of people is small.
Key distribution is not a problem. It enables the implementation
of digital signatures.
Symmetric Encryption
In symmetric encryption, also known as private-key encryption,
both parties use a shared key for encryption and decryption. The
transmitter and the recipient use the same key to encrypt and
decrypt the information that is exchanged over the network. The
following figure shows symmetric encryption.
-
Symmetric Encryption
For example, Maria (sender) wishes to send a purchase order to
XYZ Ltd (recipient). She wants to send it in such a way that only
XYZ Ltd. can read it. Therefore, Maria writes the purchase order in
plain text and uses a private key to encrypt the purchase order.
After encryption, the plain text is converted to cipher text, which
is then sent to XYZ Ltd. During the symmetric encryption process,
the message is completely secured because it is made readable only
to the person who decrypts it, that is, the recipient.
After receiving the purchase order in cipher text, XYZ Ltd.
decrypts by using a decryption key. XYZ Ltd. uses the same key used
by Maria.
To use symmetric encryption:
A secure and proper channel is required between the two parties
involved. Both parties should adopt a safe and reliable way to
protect the key.
However, data can be hacked if unauthorized users get access to
the key. In addition, private key encryption faces the problems of
key distribution, generation, transmission, and storage of keys.
Therefore, it is not applicable in case of large networks.
Features of Private-Key Encryption
The features of private-key encryption are as follows:
The private key is kept private. The owner of the private key
never shares the private key with anyone. The private key is
necessary for the recipient to decrypt the encrypted message. Only
the bearer of the private key can decrypt the message. Even the
person who encrypted the
message cannot decrypt it because he does not hold the private
key.
Private-Key Encryption Versus Public-Key Encryption
The following table compares private-key encryption and
public-key encryption.
Features Private-Key Encryption Public-Key Encryption
Number of keys Single key A pair of keys Type of keys
Private(secret) key One key is private and the
other key is public
Relative speeds Very Fast Slow
Usage Used for bulk data encryption Used for encrypting small
documents or signing messages
Private-Key Encryption Vs. Public-Key Encryption
Data Encryption Standard (DES)
DES is an encryption standard adopted by the U.S. government.
DES is the most widely used private-key encryption system.
The DES implements certain mathematical algorithm in the
encrypting and decrypting of binary information.
-
The system consists of an algorithm and a key. The key has a
length of 64 bits, of which 56 are used as the key in the classical
sense. The remaining eight bits are parity bits used for checking
errors. Even with just 56 bits, there are over 70 quadrillion
(2^56) possible keys. The digits in the key must be independently
determined to take full advantage of 70 quadrillion possible keys.
There is no way to break the DES algorithm.
Digital Certificates
The digital certificate is a way to send an encrypted message to
the entity that sent the original web page or the e-mail message.
Digital certificates are data files that are used to establish the
identity of people and electronic assets on the Internet. They
allow for secure, encrypted online communication, and are often
used to protect online transactions.
A certificate is similar to a drivers license, passport,
permanent residential card, or a birth certificate that provides
the identity of the owner. A digital certificate contains
information about a persons public key that helps other users to
verify whether the key is valid or not.
Through the use of a common third-party, digital certificates
provide an easy and convenient way to ensure the trust between
participants in a commercial transaction. Certificates guarantee
the identity of a users claim. The third party creates the
certificate that contains the users identity and associated public
key and then, signs the certificate using its private key. A
digital certificate consists of the following:
Public key Certificate information about the user name and user
ID Digital signatures
The following diagram shows a transaction using a digital
certificate.
Transaction Using a Digital Certificate
Internet Explorer Security
Internet Explorer helps to guard confidentiality on the Web by
supporting the privacy policy of a website. The privacy policy of a
website provides details on the type of information collected, the
users to whom this information is given, and how this information
is used by the website.
Internet Explorer provides client-side protection rights inside
the browser. Internet Explorer uses Microsoft Authenticode
technology, which verifies that the program has a valid
certificate.
Web Client
Secure Web
Server
1. User accesses website
2. Web server requests users digital certificate
3. Users digital certificate is presented to the Web browser
4. CAs check the users digital certificate
5. All session information is encrypted with users key
6. Users Web browser decrypts the transmission with the websites
private key
-
You can view the security settings of Internet Explorer by
clicking Tools Internet Options Security in the Internet Explorer,
as shown in the following figure.
Activating the Security Tab
You can alter the Privacy settings. For example, if you want to
block all cookies, click Tools Internet Options Privacy and move
the slider to the top, as shown in the following figure.
Blocking All the Cookies
-
FAQs
1. List the disadvantages of SET?
Ans: Various disadvantages of SET are as follows:
SET employs complex cryptographic mechanisms resulting in
unacceptable transaction speed. Implementing SET is more costly
than SSL/TLS for both consumers and merchants.
2. List the advantages of dual signature.
Ans: Various advantages of dual signature are as follows:
Signature verification process can be centralized to a trusted
third party. It provides a real-time response of acceptance of a
signed file to the sender at the time of file
submission. It eliminates the burden of certificate verification
process from the recipient.
3. What is the difference between online catalogs and electronic
catalogs?
Ans:
Online catalogs are the ones that are placed on the Internet by
the merchants. On the other hand, electronic catalogs are
distributed over the electronic media such as diskettes or CD-ROM.
With an online catalogue, the merchant has to be concerned about
bandwidth and may choose to include fewer graphics or reduce the
resolution of the graphics. By providing an offline catalogue, such
constraints are significantly reduced.