Explain any three basic needs of consumer oriented e-commerce.

It has been said that the meeting of money, commerce, computing and networks form
the global consumer market place. It includes facilities for negotiations, bargaining; order
processing, payment and customer service. Though it is desirable that the entire system
is automated, it may be possible that one/more of these activities may be transactcd in a
traditional manner. The order is placed over phone, further negotiations may be made
with the sales representative calling on the buyer, the payment may be made through a
cheque etc.
The following criteria arc essential for consumer-oriented electronic commerce
! "ritical mass of buyers and sellers. The trick is getting a critical mass of corporations
and consumers to use electronic mechanisms. In other words, the electronic
marketplace should be the first place customers go to find the products and services
they need.
! #pportunity for independent evaluations and for customer dialogue and discussion. In
the marketplace, not only do users buy and sell products or services, they also compare
notes on who has the best products and whose prices are outrageous. The ability to
openly evaluate the wares offered is a fundamental principle of a viable marketplace.
! $egotiation and bargaining. $o market place is complete if it does not support
negotiation. %uyers and sellers need to be able to haggle over conditions of mutual
satisfaction, including money, terms and conditions, delivery dates, and evaluation
ctiteria! $ew products and services. In a viable marketplace, consumers can make
requests for products and services not currently offered and have reasonable
e&pectations that someone will turn up with a proposed offering to meet that request.
List the OMCs (Order Management Cycle) generic steps.
OMC has the following generic steps
!)Order "lanning and Order #eneration The business process begins long before an
actual order is placed by the customer. The first step is order planning. #rder planning
leads into order generation. #rders are generated in number of ways in the e-commerce
environment. The sales force broadcasts ads 'direct marketing(, sends personali)ed e-
mail to customers 'cold calls(, or creates a *** page.
+( Cost Estimation and "ricing ,ricing is the bridge between customer needs and
company capabilities. ,ricing at the individual order level depends on understanding, the
value to the customer that is generated bye ach order, evaluating the cost of filling each
order; and instituting a system that enables the company to price each order based on
its valued and cost.
-( Order $eceipt and Entry .fter an acceptable price quote, the customer enters the
order receipt and entry phase of #/". Traditionally, this was under the purview of
departments variously titled customer service, order entry, the inside sales desk, or
customer liaison. These departments are staffed by customer service representatives,
usually either very e&perienced, long-term employees or totally ine&perienced trainees.
0( Order %election and "rioriti&ation "ustomer service representatives are also often
responsible for choosing which orders to accept and which to decline. In fact, not all
customer orders are created equal; some are simply better for the business than others.
.nother completely ignored issue concerns the importance of order selection and
prioriti)ation. "ompanies that put effort into order selection and link it to their business
strategy stand to make more money.
5) Order %cheduling #rdering scheduling phase the prioriti)ed orders get slotted into
an actual production or operational sequence. This task is difficult because the different
functional departments 1 sales, marketing, and customer service may have conflicting
goals.
2( Order 'ulfillment and (eli)ery The order fulfillment and delivery phase the actual
provision of the product or service is made. *hile the details vary from industry to
industry, in almost every company this step has become increasingly comple&. #ften,
order fulfillment involves multiple functions and locations. 3(
Order *illing and +ccount,"ayment management .fter the order has been fulfilled
and delivered, billing is typically handled by the finance staffs, who view their 4ob as
getting the bill out efficiently and collecting quickly.
5( "ost-sales 6ervice This phase plays an increasingly important role in all elements of
a company7s profit equation customer value, price, and cost. 8epending on the specifics
of the business, it can include such elements as physical installation of a product, repair
and maintenance, customer training, equipment upgrading and disposal. %ecause of the
information conveyed and intimacy involved, post sales service can affect customer
satisfaction and company profitability for years.
-hat is supply chain management. #i)e its characteristics.
%upply Chain Management (%CM) 6upply chain management '6"/( is a network of
suppliers and customers within which any business can operates. It is a chain of
suppliers and customers for a particular business
/n electronic commerce0 supply chain management has the following
characteristics
1 .n ability to source raw material or finished goods from anywhere in the world.
! . global business and management strategy with flawless local e&ecution.
! #n-line, real-time distributed information processing to the desktop, providing total
supply chain information visibility.
! The ability to manage information not only within a company but across industries and
enterprises.
! The seamless integration of all supply chain processes and measurements, including
third-party suppliers, information systems, cost accounting standards, and measurement
systems.
! The development and implementation of accounting models such as activity-based
costing that 9 ink cost to performance are used as tools for cost reduction.
! . reconfiguration of the supply chain organi)ation into high-performance teams going
from the shop floor to senior management.
*!
-hat are the desirable characteristics of E-mar2eting .
%efore we embark on the detailed study of e-commerce, we shall discuss some of
related issues.
"ommonsense tells us that few transactions are more congenial for e-marketing than
others. *e list out the desirable features of a hypothetical market pace 1 let us call it e-
market.
9. . minimal si)e of the place- #bviously for any such place to thrive there is a critical
si)e, below which it is not profitable to operate. This minimal number of buyers and
sellers characterises the profitability of the place.
+. . scope for interactions- Interactions include trial runs of the products, classifications
of doubts on the part of the customers, details of after sales services, ability to compare
different products and of course scope for negotiations and bargaining. $egotiations can
be in terms of cost, value additions, terms and conditions, delivery dates etc.
-hat are the three types electronic to2ens. Explain.
$one of the banking or selling payment methods is completely adequate in their present
form for the consumer-oriented e-commerce environment. Totally new forms of financial
instruments are also being developed. #ne such new financial instrument is 3electronic
tokens: in the form of electronic cash / money or checks. ;lectronic tokens are designed
as electronic analogs of various forms of payment backed by a bank or financial
institution. 6imply stated, electronic tokens are equivalent to cash that is backed by a
bank.
Electronic to2ens are of three types
!. Cash or real-time. Transactions are settled with the e&change of electronic currency.
.n e&ample of on-line currency e&change is electronic cash 'e-cash(.
4. (ebit or prepaid. <sers pay in advance for the privilege of getting information.
;&amples of prepaid payment mechanisms are stored in smart cards and electronic
purses that store electronic money.
-. Credit or postpaid. The server authenticates the customers and verifies with the
bank that funds are adequate before purchase. ;&amples of postpaid mechanisms are
credit / debit cards and electronic checks.
(raw the layered architecture of E(/.
E(/ architecture specifies four layers
a( The semantic 'or application( layer
b( The standards translation layer
c( The packing 'or transport( layer
d( The physical network infrastructure layer.
The ;8T semantic layer describes the business application that is driving ;8T. The
Information seen at the ;8T semantic layer must be translated from a company-specific
form to a more generic or universal form so that it can be sent to various trading
partners, who could be using a variety of software applications at their end. To facilitate
the transfer of computer files between two =trading partners: requires that the computer
applications of both sender and receiver use a compatible format for ;8T document
e&change. The ;8T translation software converts the proprietary format into a standard
mutually agreed on by the processing systems. *hen a company receives the
document, their ;8T translation software automatically changes the standard format into
the proprietary format of their document processing software.
The ;8T transport layer corresponds closely with the non-electronic activity of sending a
business form one company to another. The content and structure of the form are
separated from the transport carrier. ;8T documents are e&changed rapidly over
electronic networks using the e&isting e-mail programs and infrastructure.
E(/ in +ction The use of ;8T transporter saves large administration costs by
eliminating the bulk of flow paperwork.
(escribe the steps in)ol)ed in designing electronic payment system.
8espite cost and efficiency gains, many hurdles remain to the spread of electronic
payment systems. These include several factors, many non-technical in nature that must
be addressed before any new payment method can be successful.
! ,rivacy . user e&pects to trust in a secure system
! 6ecurity . secure system verifies the identity of two-party transaction through =user
authentication: and reserves fle&ibility to restrict information / service through access
control.
! Intuitive interface The payment interface must be as easy to use as a telephone.
>enerally speaking, users value convenience more than anything.
! 8atabase integration *ith home banking, for e&ample, a customer wants to play with
all his accounts. To date, separate accounts have been stored on separate databases.
! %rokers . =network banker: 1 someone to broker goods and services, settle conflicts,
and facilitate financial transactions electronically 1 must be in place.
! ,ricing #ne fundamental issue is how to price payment system services.
! 6tandard *ithout standards, the welding of different payment users into different
networks and different systems is impossible. 6tandards enable interoperability, giving
users the ability to buy and receive information, regardless of which bank is managing
their money.
o $one of these hurdles are intractable. The biggest question
concerns how customers will take to a paperless and 'if not cashless( less-cash world.
-hat do you mean by )alue added networ2s (5+6%7) . Explain. . ?.$ is a
communications network that typically e&changes ;8T messages among trading
partners. It also provides other services, including holding messages in =electronic
mailbo&es,: interfacing with other ?.$s and supporting many telecommunications
modes and transfer protocols. . ?.$s =electronic mailbo&: is a software feature into
which a user deposits ;8T transactions and then retrieves those messages when
convenient. It works much like residential personal mailbo&es, and it allows everybody
involved to be fle&ible and cost-effective.
%usiness can e&change data either by connecting to each other directly or by hooking
into a ?.$. Traditionally, by acting as middlemen between companies, ?.$s have
allowed companies to automatically and securely e&change purchase orders, invoices,
and payments. *hen a company sends and ;8T transaction, it arrives at a message
storehouse on the ?.$ to await pickup by the destination company. In this way ?.$s
can safeguard the transaction network.
The disadvantage of ;8T- enabling ?.$s is that they are slow and high priced, charging
by the number of characters transmitted.
In the figure we see the ;8T process. "ompany . puts an ;8T message for trading
partner manufacturing company % in the ?.$ mailbo& at a date and time of its choosing.
The ?.$ picks up the message from the mailbo& and delivers it to trading partner %7s
mailbo&, where it will remain until trading partner % logs on and picks it up. Trading
partner % responds to trading partner . in the same fashion. The cycle repeats itself on a
weekly, daily, or perhaps even hourly basis as needed. This service is generally referred
to as mail-enabled
;8T.
List the four ad)antages of internet.
9. @lat pricing,
+. cheap access,
-. common standards and
0. secure
9 @lat-pricing that is not dependent on the amount of information transferred. The
Internet flat- rate model is better for the customer as opposed to the standard ?.$
approach of charges per character.
+ "heap access with the low cost of connection 1 often a flat monthly fee for leased line
or dial- up access. %usiness users have access to commercial and noncommercial
Tnternet services in some 90A countries providing ubiquitous network coverage.
- "ommon mail standards and proven networking and interoperable systems; another
attraction is that Internet mail standards are nonproprietary and handle congestion and
message routing e&ceptionally well. It has been noted that sometimes on a ?.$ network
an e-mail message can take hours or days to reach its destination, while on the Tnternet
it usually takes seconds to minutes.
0 6ecurity- public-key encryption techniques are being incorporated in various electronic
mail systems. This will enable systems to ensure the privacy of ;8T messages and give
users a way to verify the sender or recipient.
There many advantages to using the internet such as ! ;mail.
;mail is now an essential communication tools in business. It is also e&cellent for
keeping in touch with family and friends. The advantages to email is that it is free ( no
charge per use( when compared to telephone, fa& and postal services.
! Information.
There is a huge amount of information available on the internet for 4ust about every
sub4ect known to man, ranging from government law and services, trade fairs and
conferences, market information, new ideas and technical support.
! 6ervices.
/any services are now provided on the internet such as online banking, 4ob seeking and
applications, and hotel reservations . #ften these services are not available off-line or
cost more.
! %uy or sell products.
The internet is a very effective way to buy and sell products all over the world.
! "ommunities.
"ommunities of all types have sprung up on the internet. Its a great way to meet up with
people of similar interest and discuss common issues.
-hat are the security threats to E-commerce .
! 6ome of the threats that stimulated the upsurge of interest in security include the
following
! #rgani)ed and internal attempts to obtain economic or market information from
competitive organi)ations in the private sector.
! #rgani)ed and intentional attempts to obtain economic information from government
agencies.
! Inadvertent acquisition of economic or market information.
! Inadvertent acquisition of information about individuals.
! Intentional fraud through illegal access to computer repositories including acquisition of
funding data, economic data, law enforcement data, and data about individuals.
! >overnment intrusion on the rights of individuals
! Invasion of individuals7 rights by the intelligence community.
-hat is E(/ and electronic fund transfer.
The economic advantages of ;8I arc widely recogni)ed, but until recently, companies
have been able to improve only discrete processes such as automating the accounts
payable function or the funds transfer process. "ompanies are reali)ing that to truly
improve their productivity thcy need to automate their e&ternal processes as well as their
internal processes. .nother goal of new ;8I services is to reduce the cost of setting up
an ;8t relationship. These costs arc still very high because of the need for a detailed
two-sided agreement between the involved business partners and for the necessary
technical agreements. Therefore most successful ;8I implementations are either in
long-term partnerships or among a limited number of partners. The advent of inter-
organi)ational commerce, several new types of ;8T are emerging that can be broadly
categori)ed as traditional ;8T and open ;8T.
;lectronic @unds Transfer is the automatic transfer of funds among banks and other
organi)ations.
Explain secure soc2et layer (%%L).
66B is an encrypted communication protocol that we use to implement security by
switching a website into the secure mode. 66B prevents transactions between a
company and its customers from packet-sniffing attacks. The protocol allows
client/server applications to communicate in a way that data transmissions cannot be
altered. The strength of 66B is that it is application- independent. CTT,, telnet, and @T,
can be placed on top of 66B transparently. 66B provides channel security through
encryption and reliability through a message integrity check.
66B uses three-part process. @irst, information is encrypted to prevent unauthori)ed
disclosure. 6econd, the information is authenticated to make sure that the information is
being sent and received by the correct party. @inally, 66B provides message integrity to
prevent the information from being altered during interchanges between the source and
sink.
Explain secure electronic payment protocol.
6;,, 6;,, stands from 6ecure ;lectronic ,ayment 6ystem. 6;,, is the electronic
corresponding of the paper charge slide, signature, and submission process. 6;,, is an
open, vendor-neutral, nonproprietary, license free specification for securing on-line
transactions. 6;,, takes input from the cooperation process and causes the payment to
happen via a three-way communication among the cardholder, merchant, and acquirer.
6;,, only addresses the payment process.
There are several ma4or business requirements addressed by 6;,,.
9. To enable confidentiality of payment information.
+. To ensure integrity of all payment data transmitted.
-. To provide authentication that a cardholder is the legitimate owner of a card account.
0. To provide authentication that a merchant can accept master-card, branded card
payments with an acquiring member financial institution.
6;,, ,D#";66 6;,, suppose the cardholder and merchant have been
communicating in order to negotiate terms of a purchase and generate an order. These
processes may be conducted via a *** browser. 6;,, is designed to support
transaction action swapped in both interactive and non interactive modes.
The 6;,, system is composed of a collection of elements involved in electronic
commerce.
! "ard holder This is an authori)ed holder of a bankcard supported by an issuer and
registered to perform electronic commerce.
! /erchant This is a merchant of goods, services, and/or e-products who accepts
payment for them electronically and may provide selling services and / or electronic
delivery of items for sale.
! .cguirer This is a financial institution that supports merchants by providing service for
processing credit card based transactions.
! "ertificate management system This is an agent of one or more bankcard associations
that provides for the creation and distribution of electronic certificates for merchants,
acquirers, and cardholders.
! %anknet This represents the e&isting $etwork which interfaces acquirers, issuers and
the certificate management systems.
-hat are the desirable characteristics of an electronic mar2et.
(esirable characteristics of E-Mar2etplace
The following criteria are essential for consumer-oriented electronic commerce
1 Critical mass of buyers and sellers. The trick is getting a critical mass of
corporations and consumers to use electronic mechanisms. In other words, the
electronic marketplace should be the first place customers go to find the products and
services they need.
1 Opportunity for independent e)aluations and for customer dialogue and
discussion. In the marketplace, not only do users buy and sell products or services,
they also compare notes on who has the best products and whose prices are
outrageous. The ability to openly evaluate the wares offered is a fundamental principle of
a viable marketplace.
1 6egotiation and barainin. $o market place is complete if it does not support
negotiation. %uyers and sellers need to be able to haggle over conditions of mutual
satisfaction, including money, terms and conditions, delivery dates, and evaluation
criteria.
! $ew products and ser)ices. In a viable marketplace, consumers can make requests
for products and services not currently offered and have reasonable e&pectations that
someone will turn up with a proposed offering to meet that request.
1 %eamless interface. The biggest barrier to electronic trade is having all the pieces
work together so that information can flow seamlessly from one source to another. This
requires standardi)ation. #n the corporate side, companies need compatible ;8T
software and network services in order to send electronic purchase orders, invoices, and
payments back and forth.
1 $ecourse for disgruntled buyers. . viable marketplace must have a recogni)ed
mechanism for resolving disputes among buyers and sellers. /arkets typically include a
provision for resolving disagreements by returning the product or through arbitrage in
other cases.
*4
-rite short note on the following
a7) 8inds of shopping.
?ariety of e&periences
There are many ways that cardholders will shop. This section describes two ways. The
6;T protocol supports each of these shopping e&periences and should support others
as they are defined.
#n-line catalogues
The growth of electronic commerce can largely be attributed to the popularity of the
*orld *ide *eb.
/erchants can tap into this popularity by creating virtual storefronts on the *eb that
contain on-line catalogues. These catalogues can be quickly updated as merchant7s
product offerings change or to reflect seasonal promotions.
"ardholders can visit these *eb pages selecting items for inclusion on an order. #nce
the cardholder finishes shopping, the merchant7s *eb server can send a completed
order form for the cardholder to review and approve. #nce the cardholder approves the
order and chooses to use a payment card, the 6;T protocol provides the mechanisms
for the card holder to securely transmit payment instructions as well as for the merchant
to obtain authori)ation and receive payment for the order.
;lectronic catalogues /erchants may distribute
catalogues on electronic media such as diskettes or "8-D#/. This approach allows the
cardholder to browse through merchandise off-line. *ith an on-line catalogue, the
merchant has to be concerned about bandwidth and may choose to include fewer
graphics or reduce the resolution of the graphics. %y providing an off-line catalogue,
such constraints are significantly reduced.
b) %ecret-2ey cryptography.
6ecret Eey cryptography, also known as symmetric cryptography, uses the same key to
encrypt and decrypt the message. Therefore, the sender and recipient of a message
must share a secret, namely the key. . well known secret-key cryptography algorithm is
the 8ata ;ncryption 6tandard'8;6(, which is used by financial institutions to encrypt
,I$s. ,ublic 1 Eey cryptography, also known as
asymmetric cryptography, uses two keys one key to encrypt the message and the other
key to decrypt the message. The two keys are mathematically related such that data
encrypted with either key can only be decrypted using the other. ;ach user has two
keys a public key and a private key. The user distributes the public key. %ecause of the
relationship between the two keys, the user and anyone receiving the public key can be
assured that data encrypted with the public key and sent to the user can only be
decrypted by the user using the private key. This assurance is only maintained if the user
ensures that the private key is not disclosed to another. Therefore, the key pair should
be generated by the usr. The best known public-key cryptography algorithm is D6.
' named after its inventors Divest, 6hamir and .dleman(.
6ecret-key cryptography is impractical for
e&changing messages with a large group of previously unknown correspondents over a
public network. In order for a merchant to conduct transactions securely with millions of
Internet subscribers, each consumer would need a distinct key assigned by the
merchant and transmitted over a separate secure channel. #n the other hand, by using
public-key cryptography, that same merchant could create a public/private key pair and
publish the public key allowing any consumer to send a secure message to the
merchant. c) 5iruses and worms.
. virus is a program that can affect other programs by modifying them, the modified
program includes a copy of the virus program, which can then go into another programs.
. warm is a program that makes use of networking software to replicate itself and move
from system to system. The worm performs some activity on each system it gains
access to, such as consuming processor resources or depositing viruses.
Countering the threat of )iruses The best solution for the threat of viruses is
prevention do not allow a virus to get into the system in the first place. In general, this
goal is impossible to achieve, although prevention can reduce the number of successful
viral attacks. The ne&t best approach is to do the following
1 (etection .fter the infection has occurred, determine that it has occurred and locate
the virus.
1 "urging Demove the virus from all infected systems so that the disease cannot
spread further.
1 $eco)ery Decover any lost data or programs.
%ecause of the variety of viruses, there is no universal remedy. . number of programs
provide some protection, and the security manager should be advised to contact several
vendors and assess their products.


Explain in detail the e-commerce architecture.
The electronic commerce application architecture consists of si& layers of functionality or
services
(!) +pplications 6ervices The application services layer of e-commerce will be
comprised of e&isting and hope applications built on the native architecture.
*ro2erage ser)ices0 data or transaction management The information brokerage
and management layer provides service integration through the concept of information
brokerages, the development of which is necessitated by the increasing information
resource fragmentation. The concept of information brokerage to represent an
intermediary who provides service integration between customers and information
providers, given some constraint such as a low price, fast service, or profit ma&imi)ation
for a client. In foreign e&change trading, information is retrieved about the latest currency
e&change rates in order to hedge currency holdings to minimi)e risk and ma&imi)e profit.
The brokerage function is the support for data management and traditional transaction
services. %rokerages may provide tools to accomplish more sophisticated, time- delayed
updates or future- compensating transactions.
(9) /nterface and support layers Interface and support services, will provide interfaces
for electronic commerce applications such as interactive catalogs and will support
directory services 1 4ob needed for information search and access. Interactive catalogs
are the modified interface to consumer applications such as home shopping. .n
interactive catalog is an e&tension of the paper-based catalog and incorporates
additional features. The primary difference between the two is that unlike interactive
catalogs, which deal with people, directory support services interact directly with
software applications. @or this reason, they need not have the multimedia flash and
ballet generally associated with interactive catalogs.
(:) %ecure messaging0 security0 and electronic document interchange The
importance of the fourth layer, secured messaging, is clear. /essaging is the software
that sits between the network infrastructure and the clients or e-commerce applications,
masking the peculiarities of the environment. /essaging products are not applications
that solve problems; they are more enablers of the applications that solve problems. The
main disadvantages of messaging are the new types of applications it enables 1 which
appear to be more comple&, especially to traditional programmers 1 and the 4ungle of
standards it involves. .lso, security, privacy, and confidentiality through data encryption
and authentication techniques are important issues that need to be resolved.
5) Middleware and structured document interchange /iddleware is a relatively new
concept. *ith the growth of networks, client-server technology, and all other forms of
communicating between / among unlike platforms, the harms of getting all the pieces to
work together grew. /iddleware is the ultimate mediator between diverse F9w programs
that enables them talk to one another. /iddleware is the computing shift from application
centric to data centric.
(;) 6etwor2 infrastructure and basic communications ser)ices Transparency
implies that users should be unaware that they are accessing multiple systems.
Transparency is essential for dealing with higher-level issues than physical media and
interconnection that the underlying network infrastructure is in charge of. Transparency
is accomplished using middleware that facilitates a distributed computing environment.
The goal is for m the applications to send a request to the middleware layer, which then
satisfies the request any way it can, using remote information.
Explain0 how information flows with E(/. ;lectronic data
interchange ';8I( is the structured transmission of data between organi)ations by
electronic means. It is used to transfer electronic documents or business data from one
computer system to another computer system, i.e. from one trading partner to another
trading partner without human intervention. It is more than mere e-mail ; for instance,
organi)ations might replace bills of lading and even cheques with appropriate ;8I
messages. It also refers specifically to a family of standards , e.g. <$/;8I@."T, .$6I
G9+. The $ational Institute of 6tandards and Technology in a 9HH2 publication I9J
defines electronic data interchange as Kthe computer-to-computer interchange of strictly
formatted messages that represent documents other than monetary instruments. ;8I
implies a sequence of messages between two parties, either of whom may serve as
originator or recipient. The formatted data representing the documents may be
transmitted from originator to recipient via telecommunications or physically transported
on electronic storage media.K. It goes on further to say that KIn ;8I, the usual processing
of received messages is by computer only. Cuman intervention in the processing of a
received message is typically intended only for error conditions, for quality review, and
for special situations. @or e&ample, the transmission of binary or te&tual data is not ;8I
as defined here unless the data are treated as one or more data elements of an ;8I
message and are not normally intended for human interpretation as part of online data
processing.K I9J ;8I can be formally defined as LThe transfer of structured data, by
agreed message standards, from one computer system to another without human
interventionL. /ost other definitions used are variations on this theme. ;ven in this era of
technologies such as G/B web services , the Internet and the *orld *ide *eb, ;8I
may be the data format used by the vast ma4ority of electronic commerce transactions in
the world.
<ow does digital signature wor2s. Explain This is the
simplest version of how a 8igital 6ignature works. . K8igital 6ignatureK is slightly
different than an K;lectronic 6ignatureK, which is a broader term simply referring to any
indication of agreement and identity. . K8igital 6ignatureK often refers to a ,ublic /
,rivate Eey encryption system, the most common of which is K,>,K, or K,retty >ood
,rivacyK, which is a bit of humorous understatement as itLs the basis of most military
security and included in e&port regulations as a <.6. national security secret. %y
providing two keys, one with the public and the other privately with the buyer. The
signature is coded with both.
Explain E(/ business application layer with a diagram.
The first step in the ;8T process creates a document 1 in this case, an invoice 1 in a
software application. This software application then sends the document to an ;8T
translator, which automatically reformats the invoice into the agreed- on ;8T standard. If
these two pieces of software are from different vendors, it is very important that the
document preparation application seamlessly integrate with the ;8T translation
software. Tf both the ;8T translator and business application are on the same type of
computer, the data will move faster and more easily from one to another. The translator
creates and wraps the document in an electronic envelope =;8T package: that has a
mailbo& T8 for the company7s trading partners. The ;8T wrapper software can be a
module to the translator, a programming tool to write a different communications
protocols, or a separate application.
Explain main categories of %CM in details "omputerworld - In the simplest
terms, supply chain management '6"/( lets an organi)ation get the right goods and
services to the place they7re needed at the right time, in the proper quantity and at an
acceptable cost. ;fficiently managing this process involves overseeing relationships with
suppliers and customers, controlling inventory, forecasting demand and getting constant
feedback on what7s happening at every link in the chain.
The supply chain involves several elements
1 Location. It7s important to know where production facilities, stocking points and
sourcing points are located; these determine the paths along which goods will flow.
1 "roduction. +n organi)ation must decide what products to create at which plants,
which suppliers will service those plants, which plants will supply specific distribution
centers, and, sometimes, how goods will get to the final customer. These decisions have
a big impact on revenue, costs and customer service.
1 /n)entory. ;ach link in the supply chain has to keep a certain inventory of raw
materials, parts, subassemblies and other goods on hand as a buffer against
uncertainties and unpredictabilities. 6hutting down an assembly plant because an
e&pected parts shipment didn7t arrive is e&pensive. %ut inventory costs money too, so it7s
important to manage deployment strategies, determine efficient order quantities and
reorder points, and set safety stock levels.
1 =ransportation. Cow do materials, parts and products get from one link in the supply
chain to the ne&tM "hoosing the best way to transport goods often involves trading off
the shipping cost against the indirect cost of inventory. @or e&ample, shipping by air is
generally fast and reliable. 6hipping by sea or rail will likely be cheaper, especially for
bulky goods and large quantities, but slower and less reliable. 6o if you ship by sea or
rail, you have to plan further in advance and keep larger inventories than you do if you
ship by air.
Mention some hac2ing techni>ues.
%ome <ac2ing =echni>ues
%tolen access Involves the use of another user7s I8 or password without permission to
gain access to the internet.
6tolen resources 6earch for processors to store stolen software and data bases.
/nternet )irus ?irus designed to traverse through the network, passing through multiple
processors and either sending information back to the originator or doing damage to the
processors it passes though.
Email /mpostures 6ending email while falsifying from field ;mail passes through at
least two nodes to be received, email.
Email snooping passes through these nodes, and is stored transiently, it is susceptible
to people tithe system access, unless secured.
%niffing If a hacker has gained access to a host, the hacker may set up sniffing
programs to observe traffic storing information 'I8s/passwords( that can be used to
compromise other systems.
%poofing .ssuming someone else7s identity, whether it is a login I8, an I, address a
server, or an ecommerce merchant.
+sync attac2s *hile programs are idle in host memory, a hacker may have the
opportunity to access the program7s data.
=ro?an horses ?iruses concealed within a software package in4ected into a host. /ay
be destructive or perform some covert activity designed to send data back to the hacker.
*ac2 doors .pplications/system programmers may implement a secret password that
allows the programmer easy access to a host or application on the host; these
passwords may be infiltrated.
Explain digital signature techni>ue.
If digital signatures are to replace handwritten signatures, they must have the same legal
status as handwritten signatures. The digital signature provides a means for a third party
to verify that the notari)ed ob4ect is authentic. 8igital signatures should have greater
legal authority than handwritten signatures. If the contract was signed by digital
signatures, however, a third party can verify that not one byte of the contract has been
altered.
*9
-rite a note on the following (a) %ignificance of
--- on e-commerce -orld
-ide -eb (---) as the architecture -;lectronic commerce depends on the
unspoken statement that computers co-operate efficiently for seamless information
sharing. <nfortunately, this statement of interoperability has not been supported by the
realities of practical computing. "omputing is still a world make up of many technical
directions, product, implementations and competing vendors. The *eb community of
developers and users is tackling these comple& problems. The architecture is made up
of three primary entities client browser, *eb server, and third-party services. The client
browser usually interacts with the *** server, which acts as an intermediary in the
interaction with third-party services. The client browser resides on the user7s ," or
workstation and provides an interface to the various types of content. The browser has
to be smart enough to understand what file it is downloading and what browser
e&tension it needs to activate to display the file. %rowsers are also capable of
manipulating local files.
*eb server functions can be categori)ed into information retrieval, data and transaction
management, and security. The third-party services could be other *eb servers that
make up the digital library, information processing tools, and electronic payment
systems.
(b) %ecurity threats
6ome of the threats that stimulated the upsurge of interest in security include the
following
! #rgani)ed and internal attempts to obtain economic or market information from
competitive
organi)ations in the private sector.
! #rgani)ed and intentional attempts to obtain economic information from government
agencies.
! Inadvertent acquisition of economic or market information.
! Inadvertent acquisition of information about individuals.
! Intentional fraud through illegal access to computer repositories including acquisition of
funding data,
economic data, law enforcement data, and data about individuals.
! >overnment intrusion on the rights of individuals
Invasion of individuals7 rights by the intelligence community
(c) %ecurity tools
%ecure =ransport %tac2s (%ecure =ransport "rotocol)
The internet uses the transport control protocol / Internet protocol 'T",/I,( as the
primary network protocol engine. ;ach I, packet contains the data that is to be sent to
some endpoint destination. The I, packet consists of a -+ bit source and destination
address optional bit flags, a header checksum, and the data itself. There is guarantee at
the network layer that the I, protocol data units will be received, and even if they are
received, they may not be received in any particular order. *e cannot solely rely on the
source address to validate the identity of the user who sent the packet. T", provided
retransmission of lost or corrupted protocol data units into their original order of
transmission. ;ach packet contains a sequence number which is what T", uses to sort
the protocol data units. The acknowledgement number is the sequence number of the
last packet transmitted. The two most prominent secure transmission protocols for
secure *eb communication are
9 .6ecure 6ockets Bayer
+.6ecure CTT, '6-CTT,( (d) Cryptography
"rotection of sensiti)e information
"ryptography has been used for centuries to protect sensitive information as it is
transmitted from one location to another. In a cryptographic system, a message is
encrypted using a key. The esulting cipherte&t is then transmitted to the recipient where
it is decrypted using a key to produce the original message. There are two primary
encryption methods in use today secret-key cryptography and public- key cryptography.
6;T uses both methods in its encryption process. 6ecret key cryptography
%ecret 8ey cryptography0 also known as symmetric cryptography, uses the same key
to encrypt and
decrypt the message. Therefore, the sender and recipient of a message must share a
secret, namely the key. . well known secret-key cryptography algorithm is the 8ata
;ncryption 6tandard'8;6(, which is used by financial institutions to encrypt ,I$s.
(e) %-<=="
1 %-<==" sets up security details with special packet headers that are e&changed in 6-
CTT,. The headers define the type of security techniques, including the use of private-
key encryption, server authentication, client authentication, and message integrity. .
secure envelope encapsulates a message and provides secrecy, integrity, and
client/server authentication.
%-<==" pro)ides a number of security features. =hese include
! "lient and server authentication
! 6pontaneous encryption
%-<==" operates at the topmost layer of the protocol suite@the application layer.
/t pro)ides
! 6ymmetric encryption for maintaining secret communications.
! ,ublic-key encryption to establish client/server authentication.
! /essage digests for data integrity.
(f) "ayment processing
=ransactions described
This section describes the flow of transactions as they are processed by various
systems.
6;T defines a variety of transaction protocols that utili)e the cryptographic concepts
introduced in
previous section to securely conduct electronic commerce. The section describes the
following transactions
"ardholder registration
/erchant registration
,urchase request
,ayment authori)ation
,ayment capture
Other transactions
The following additional transactions are part of these specifications, but are not
described in this
section
"ertificate query
,urchase inquiry
,urchase notification
6ale transaction
.uthori)ation reversal
"apture reversal
"redit
"redit reversal
%tages of E-Commerce architecture on -eb.
9 ."lient browser,
+. *** server functions and
-. third party services.
The *eb community of developers and users is tackling these comple& problems. The
architecture is made up
of three primary entities client browser, *eb server, and third-party services. The client
browser usually
interacts with the *** server, which acts as an intermediary in the interaction with
third-party services. The
client browser resides on the user7s ," or workstation and provides an interface to the
various types of content. The browser has to be smart enough to understand what file it
is downloading and what browser e&tension it needs to activate to display the file.
%rowsers are also capable of manipulating local files
-hat are the basic ban2ing ser)ices pro)ided in e-commerce.
!. *asic ban2ing ser)ices -normal customer would be transacting with his bank most
of the time. They are mainly related to personal finances. + customer has with his bank
can be classified into the following
i "hecking his accounts statements ii Dound the
clock banking '.T/( iii ,ayment of bills etc.
iv @und transfer and v <pdating of his
pass books etc. The concept of .utomated Teller /achines is to allow the customer to
draw money from his account at any part of the day or night. The customer need not go
to the bank at all for his most important service. .T/s are connected to a %ank
6witching "entre. The 6witching "entre of several banks is interconnected to an
association switching centre.
4. <ome shopping -*e assume it is television based shopping. It may be noted that
this concept is picking up now in India in a small way, wherein the channels set apart
only a very small portion of their broadcasting time to teleshopping. "ustomer can order
the items over phone. The goods are delivered to his home and payment can be made
in the normal modes. "oncepts of traditional marketing like negotiations, trial testing etc.
are missing from this scheme and it is most suitable for those customers who are almost
sure of what they need to buy but who are to busy to go to the shops.
9. <ome entertainment - The ne&t e&ample of this type of commerce is home
entertainment. 8ubbed on line movies, it is possible for the user to select a movie/"8
online and make his cable operator play the movie e&clusively for him 'movie on
demand( cause against payment like Tata 6ky. ,ayment can be either online/ payable to
his account. It is also possible to play interactive games online/download them to your
computer to play. The concept of downloading games/news etc. .t a cost to the mobiles
is also a similar concept. It may be noted that in all these cases, the physical movement
of the customer/trader is avoided; of course, the computer need not always be a part of
the deal.
:. Micro-transaction for information - The telephone directories provide a basic type
of micro- transaction. If we want by one particular type of item 1 say books 1 they list
the addresses and phone numbers of the various book dealers whom we may contact.
6imilar facilities are available on the internet 1 may be for more number of items and
also with more details. This can be though of as an e&tension of the earlier described
television based ordering. *e don7t have to order only those items that are shown in the
computer, but search for an item that we need.
*asic =enets of E-Commerce in a consumer oriented scenario - It has been said
that the meeting of money, commerce, computing and networks form the global
consumer market place. It includes facilities for negotiations, bargaining; order
processing, payment and customer service. Though it is desirable that the entire system
is automated, it may be possible that one/more of these activities may be transacted in a
traditional manner. The order is placed over phone, further negotiations may be made
with the sales representative calling on the buyer, the payment may be made through a
cheque etc.
%ome of the fundamental issues of consumer oriented e-commerce can be made
broad based are listed below
a( 6tandard business practices and processes for buying and selling of products as well
as services need to be established.
b( ;asy to use and well accepted software and hardware implementations of the various
stages of ecommerce like order taking, payment, delivery, after sales interactions etc.
need to be established.
c( 6ecure commercial and transport practices that make the parties believe that they are
not at the mercy of any body else for the safety of their information and goods need to
be in place.
It may be noted that each one of the above requirements can be established only over a
period of time with several trial and error methods.
-hat are the benefits of E(/. ;8I can be a cost-
and time-saving system, for many reasons. The automatic transfer of information from
computer to computer reduces the need to rekey information and as such reduces costly
errors to near )ero. ;8I transactions produce acknowledgments of receipt of data.
6aving also accrues from the following improvements Deduced paper-based systems
;8I can impact the effort and e&pense a company devotes to maintaining records,
paper- related supplies, filing cabinets, or other storage systems and to the personnel
required to maintain all of these systems. ;8I can also reduce postage bills because of
the amounts of paper that no longer need be sent.
/mpro)ed problem resolution and customer ser)ice ;8I can
minimi)e the time companies spend to identify and resolve inter-business problems. ;8I
can improve customer service by enabling the quick transfer of business documents and
a marked decrease in errors.
Expanded customer,supplier base /any large manufacturers and retailers with the
necessary clout are ordering their suppliers to institute an ;8T program. Cowever, these
are isolated islands of productivity because they are unable to build bridges to other
companies. *ith the advent of electronic commerce, the bridge is now available.
-hat is e-cash gi)e the properties of e-cash.
Electronic Cash ;lectronic cash 'e-cash( is a new concept in on-line payment systems
because it combines computeri)ed convenience with security and privacy that improve
on paper cash. ;-cash presents some interesting characteristics that should make it an
attractive alternative for payment over the Internet. ;-cash focuses on replacing cash as
the principal payment vehicle in consumer-oriented electronic payments. The
predominance of cash indicates an opportunity for innovative business practice that
revamps the purchasing process where consumers are heavy users of cash. "ash is
negotiable, meaning it can be given or traded to some one else. "ash is legal tender,
meaning the payee is obligated to take it. "ash is a bearer instrument, meaning that
possession is prima facie proof of ownership.
"roperties of E-cash 6pecifically, e-cash must have the following four properties
monetary value, interoperability, retrievability, and security.
1 E-cash must ha)e a monetary )alue it must be backed by cash 'currency(, bank-
authori)ed credit, or a bank-certified cashier7s check. *hen e-cash created by one bank
is accepted by others, reconciliation must occur without any problems. 6tated another
way, e-cash without proper bank certification caffies the risk that when deposited, it
might be returned for insufficient funds.
1 E-cash must be interoperable e&changeable as payment for other e-cash, paper
cash, goods or services, lines of credit, deposits in banking accounts, bank notes or
obligations, electronic benefits transfers,. ;-cash must be storable and retrievable. The
cash could be stored on a remote computer7s memory, in smart cards, or in other easily
transported standard devices. %ecause it might be easy to create counterfeit cash that is
stored in a computer, it might be preferable to store cash on a committed device that
cannot be misused.
1 E-cash should not be easy to copy or tamper with while being exchanged this
includes detecting duplication and double-spending. @ake a particular problem, in the
Internet and anywhere in the world and so is difficult to catch without appropriate
international agreements. 8etection is essential in order to audit whether prevention is
working. Then there is the tricky issue of double spending '8@$55(. ,reventing double-
spending from occurring is e&tremely difficult if multiple banks are involved in the
transaction. @or this reason, most systems rely on post-fact detection and punishment.
-hat is electronic pulse. Explain.
. new digital andphysical Babel for electronic /usic. electronic pulse records is not 4ust a
label. ?elocity is electronic pulse recordsNa comprehensive platform for artists,
musicians, producers and all other friends of electronic music."ompletely independent
and solely to the development and ;&pansion of electronic music, open to everything
and constantly on the lookout for new sounds that is electronic pulse recordsNN
Compare push and pull based supply chains.
The business terms push and pull originated in the marketing and selling world.but are
also applicable in the world of electronic content and supply chain management. The
push/pull relationship is that between a product or piece of information and who is
moving it. . customer =pulls: things towards themselves, while a
producer =pushes: things toward customers.
*ith a push-based supply chain, products are pushed through the channel, from the
production side up to the retailer. The manufacturer sets production at a level in accord
with historical ordering patterns from retailers. It takes longer for a push-based supply
chain to respond to changes in demand, which can result in overstocking or bottlenecks
and delays, unacceptable service levels and product obsolescence.
In a pull-based supply chain, procurement, production and distribution are demand
driven so that they are coordinated with actual customer orders, rather than forecast
demand. . supply chain is almost always a combination of both push and pull, where the
interface between the push- based stages and the pull-based stages is known as the
push-pull boundary. .n e&ample of this would be 8ell7s build to order supply chain.
Inventory levels of individual components are determined by forecasting general
demand, but final assembly is in response to a specific customer request. The push-pull
boundary would then be at the beginning of the assembly line. . push-pull-system in
business describes the movement of a product or information between two sub4ects. On
markets the consumers usually pulls the goods or information they demand for their
needs, while the offerers or suppliers pushes them toward the consumers. In logistic
chains or supply chains the stages are operating normally both in push- and pull-
manner.1 The interface between push-based stages and pull-based stages are called
push-pull boundary or decoupling point .
Explain electronic to2ens present in payment systems $one of the
banking or selling payment methods is completely adequate in their present form for the
consumer-oriented e-commerce environment. Totally new forms of financial instruments
are also being developed. #ne such new financial instrument is 3electronic to2ensA in
the form of electronic cash / money or checks. ;lectronic tokens are designed as
electronic analogs of various forms of payment backed by a bank or financial institution.
6imply stated, electronic tokens are equivalent to cash that is backed by a bank.
Electronic to2ens are of three types
!. Cash or real-time. Transactions are settled with the e&change of electronic currency.
.n e&ample of on-line currency e&change is electronic cash 'e-cash(.
4. (ebit or prepaid. <sers pay in advance for the privilege of getting information.
;&amples of prepaid payment mechanisms are stored in smart cards and electronic
purses that store electronic money.
9. Credit or postpaid. The server authenticates the customers and verifies with the
bank that funds are adequate before purchase. ;&amples of postpaid mechanisms are
credit / debit cards and electronic checks.
*:
-hat are the desirable characteristics of e-commerce
(esirable characteristics of E-Commerce - "ommonsense tells us that few
transactions are friendlier for e-marketing than others. *e list out the desirable features
of a hypothetical market pace 1 let us call it e-market.
a) + minimal si&e of the place #bviously for any such place to thrive there is a critical
si)e, below which it is not profitable to operate. This minimal number of buyers and
sellers characteri)es the profitability of the place.
+ scope for interactions Interactions include trial runs of the products, classifications
of doubts on the part of the customers, details of after sales services,
b( ability to compare different products and of course scope for negotiations and
bargaining. $egotiations can be in terms of cost, value additions, terms and conditions,
delivery dates etc.
c) %cope for desinint new products The customer need not buy only what is
available. Ce can ask for modifications, up-gradations etc. The supplier must be able to
accept these and produce made to order items.
d) + seamless connection to the mar2etplace It is obvious that each customer will be
operating with a different type of computer, software, connectivity etc. There should be
available standards sot that any of these costumers will be able to attach himself to any
of the markets without changing his hardware/software/interfaces etc.
$ecourse for disgruntled users It is naOve to believe that transaction of such a place
end up in complete satisfaction to all parties concerned. ;specially because of the
facelessness of the customer and the supplier, there should be a standard recourse to
settle such disputes.
(efine e-commerce. 6ame any two areas which are reasons of worry in e
commerce.
9.6ecurity and
+. legal acceptance 6ecurity. . secure system verifies the identity of two-party
transaction through =user
authentication: and reserves fle&ibility to restrict information / service through access
control. /illions of dollars have been embe))led by computer fraud. $o systems are yet
fool-proof,
although designers are concentrating closely on security.
Begal acceptance. It is not that the concept of e-commerce is totally without side effects.
The very nature of the concept, that is revolutionary makes it difficult for the users to
understand fully the various issues involved. There are several areas of security, safety
against fraud etc., the concept of legal acceptance that are yet to be solved. .lso since
the internet knows no national boundaries, the concepts become more comple&, since
what is legal in one country may not be so in another. There is also the concepts of
ta&ation and state controls that needs to be solved. .ll these issues will be taken up in
some detail during the course of this topic.
<ow does the commerce and e-commerce are related.
Concept of Commerce and E-Commerce -"ommerce is normally associated with the
buying and selling of items. "ommerce is one of the oldest activities of human beings
and the concept of traders selling and buying items is a part of history. /arkets are a
common place where the buyers and sellers meet along with their products. /oney is
also an essential part of the market place. The concept of money, we have several
concepts of banking, various methods of representing and transferring money like
cheques, /#<s, 8rafts etc.
The key element of e-commerce is information processing. ;very stage of commerce,
e&cept of route production of goods and their physical delivery can be automated. The
tasks that can be automated include information gathering, processing, and manipulation
and information distribution.
Explain the four layers of E(/ architecture and list the benefits of E(/.
a( The semantic 'or application( layer
b( The standards translation layer
c( The packing 'or transport( layer
d( The physical network infrastructure layer.
The ;8T semantic layer describes the business application that is driving ;8T. The
Information seen at the ;8T semantic layer must be translated from a company-specific
form to a more generic or universal form so that it can be sent to various trading
partners, who could be using a variety of software applications at their end. To facilitate
the transfer of computer files between two =trading partners: requires that the computer
applications of both sender and receiver use a compatible format for ;8T document
e&change. The ;8T translation software converts the proprietary format into a standard
mutually agreed on by the processing systems. *hen a company receives the
document, their ;8T translation software automatically changes the standard format into
the proprietary format of their document processing software.
The ;8T transport layer corresponds closely with the non-electronic activity of sending a
business form one company to another. The content and structure of the form are
separated from the transport carrier. ;8T documents are e&changed rapidly over
electronic networks using the e&isting e-mail programs and infrastructure.
=andble *enefits of E(/ ;8T can be a cost- and time-saving system, for many
reasons. The automatic transfer of information from computer to computer reduces the
need to rekey information and as such reduces costly errors to near )ero. ;8T
transactions produce acknowledgments of receipt of data. %a)ing also accrues from
the following impro)ements
1 $educed paper-based systems ;8T can impact the effort and e&pense a company
devotes to maintaining records, paper- related supplies, filing cabinets, or other storage
systems and to the personnel required to maintain all of these systems. ;8T can also
reduce postage bills because of the amounts of paper that no longer need be sent.
1 /mpro)ed problem resolution and customer ser)ice E(= can minimi)e the time
companies spend to identify and resolve inter-business problems. ;8T can improve
customer service by enabling the quick transfer of business documents and a marked
decrease in errors.
1 Expanded customer,supplier base /any large manufacturers and retailers with the
necessary clout are ordering their suppliers to institute an ;8T program. Cowever, these
are isolated islands of productivity because they are unable to build bridges to other
companies. *ith the advent of electronic commerce, the bridge is now available.
Explain the legal and security aspects of E(/
6ince in the case of ;8T, we are dealing with trade between countries and company,
issues of legal admissibility and computer security are paramount. Cowever, careful
assessment of the trade-offs must be part of this process and should satisfy legal
requirements.
!)Legal status of E(/ Messages There has been considerable debate concerning the
legal status of ;8T messages and electronic messages in general. $o rules e&ist that
indicate how electronic messages may be considered binding in business or other
related transactions. The establishment of such a framework is essential if ;8T is to
become widespread.
4)(igital %ignatures and E(/ If digital signatures are to replace handwritten
signatures, they must have the same legal status as handwritten signatures. The digital
signature provides a means for a third party to verify that the notari)ed ob4ect is
authentic. 8igital signatures should have greater legal authority than handwritten
signatures. If the contract was signed by digital signatures, however, a third party can
verify that not one byte of the contract has been altered.
6ame three broad phases of consumer7s perspecti)e and gi)e categories of
consumers.
!) "re-purchase "reparati)e The pre-purchase preparation phase includes search
and discovery for a set of products in the larger information space capable of meeting
customer requirements and products selection from the smaller set of products based on
attribute comparison.
4) "urchase Consummation The purchase consummation phase includes mercantile
protocols that specify the flow of information and documents associated with purchasing
and negotiation with purchasing and negotiation with merchants for suitable terms, such
as price, availability, and delivery dates; and electronic payment mechanisms that
integrate payment into the purchasing process.
9) "ost-purchase interaction The post-purchase interaction phase includes customer
service and support to address customer complaints, product returns, and product
defects. ,urchase deliberation is defined as the elapsed time between a consumer7s first
thinking about buying and the actual purchase
"re-purchase "reparati)e ,urchase deliberation is defined as the elapsed time
between a consumer7s first thinking about buying and the actual purchase itself.
Information search should constitute the ma4or part of the duration, but comparison of
alternatives and price negotiation would be included in the continually evolving
information search and deliberation process.
Customer can be categori&ed into three types
!. /mpulsi)e buyers - *ho purchase products quickly.
4. "atient buyers --ho purchase products after making some comparisons.
9. +nalytical buyers - *ho do large research before making the decision to purchase
products or services.
/arketing researchers have isolated several types of purchasing
! 6pecifically planned purchases. The need was recogni)ed on entering the store and
the shopper
bought the e&act item planned.
! >enerally planned purchases. The need was recogni)ed, but the shopper decided in-
store on the actual
manufacturer of the item to satisfy the need.
! Deminder purchases. The shopper was reminded of the need by some store influence.
This shopper is
influenced by in-store advertisements and can substitute products readily.
! ;ntirely unplanned purchases. The need was not recogni)ed entering the store like gift
items.
"urchase Consummation .fter identifying the products to be purchased, the buyer
and seller must interact in some way to actually carry out the mercantile transaction. .
mercantile transaction is defined as the e&change of information between the buyer and
seller followed by the necessary payment. There may be many variants of this protocol,
the basic flow remains the same;
they are listed below
9. %uyer contacts vendor to purchase product or service.
+. ?endor states price.
-. %uyer and vendor may or may not engage in negotiation.
0. If satisfied, buyer authori)es payment to the vendor with an encrypted transaction
containing a digital signature for the agreed price.
F.?endor contacts his or her billing service to verify the encrypted authori)ation for
authentication.
2. %illing service decrypts authori)ation and checks buyer7s account balance or credit
and puts a hold on the amount of transfer.
3. %illing service gives the vendor the =green light: to deliver product and sends a
standardi)ed message giving details of transaction.
5. #n notification of adequate funds to cover financial transaction, vendor delivers the
goods to buyer or in the case of information purchase provides a crypto key to unlock
the file.
H. #n receiving the goods, the buyer signs and delivers receipt. ?endor then tells billing
service to complete the transaction.
9A. .t the end of the billing cycle, buyer receives a list of transactions. %uyer can then
either deny certain transactions or complain about over billing. 6uitable audit or
customer service actions are then initiated depending on the payment scheme.
"ost-purchase /nteraction Deturns and claims are an important part of the purchasing
process that impact administrative costs, scrap and transportation e&penses, and
customer relations. #ther comple& customer service challenges arise in customi)ed
retailing that we have not fully understood or resolved
1 /n)entory issues To serve the customer properly, a company should inform a
customer right away when an item ordered is sold out-not with a rain check or back-
order notice several days later. #n the other hand, if the item is in stock, a company
must be able to assign that piece to the customer immediately and remove it from
available inventory.
1 (atabase access and compatibility issues <nless the customer can instantly
access all the computers of all the direct-response vendors likely to advertise on the
Information 6uperhighway 1 on a realtime basis, with compatible software 1 he or she
is not likely to get the kind of service that customers normally get.
1 Customer ser)ice issues "ustomers often have questions about the product 'color,
si)e, shipment(, want e&pedited delivery, or have one of a myriad of other things in mind
that can be resolved only by talking to an order entry operator.
-hat are security strategies and list the security tools.
There is basic security strategies that can be utili)ed to combat the threats discussed so
for access to control, integrity, confidentiality, and authentication
%ecure =ransport %tac2s (%ecure =ransport "rotocol)
The internet uses the transport control protocol / Internet protocol 'T",/I,( as the
primary network protocol engine. ;ach T, packet contains the data that is to be sent to
some endpoint destination. The I, packet consists of a -+ bit source and destination
address optional bit flags, a header checksum, and the data itself. There is guarantee at
the network layer that the I, protocol data units will be received, and even if they are
received, they may not be received in any particular order. *e cannot solely rely on the
source address to validate the identity of the user who sent the packet. T", provided
retransmission of lost or corrupted protocol data units into their original order of
transmission. ;ach packet contains a sequence number which is what T", uses to sort
the protocol data units. The acknowledgement number is the sequence number of the
last packet transmitted. The two most prominent secure transmission protocols for
secure *eb communication are
1 %ecure %oc2ets Layer 66B is an encrypted communication protocol that we use to
implement security by switching a website into the secure mode. 66B prevents
transactions between a company and its customers from packet-sniffing attacks. The
protocol allows client/server applications to communicate in a way that data
transmissions cannot be altered. The strength of 66B is that it is application-
independent. CTT,, telnet, and @T, can be placed on top of 66B transparently. 66B
provides channel security through encryption and reliability through a message integrity
check.
66B uses three-part process. @irst, information is encrypted to prevent unauthori)ed
disclosure. 6econd, the information is authenticated to make sure that the information is
being sent and received by the correct party. @inally, 66B provides message integrity to
prevent the information from being altered during interchanges between the source and
sink.
66B depends on D6. encryption for e&change of the session key and client/server
authentication and for various other cryntographic algorithms. The length of key can vary
between 0A to 9A+0 bits. The information is sent to the company, which then uses a
private key to decrypt the information. The process is transparent to customers; hence it
is easy to use the shoppers enter their credit card numbers, 66B encrypts them and
sends the encrypted files to the merchant; the transmission proceeds as soon as 66B
decrypts the files.
! 6ecure CTT, '6-CTT, 6-CTT, sets up security details with special packet headers
that are e&changed in 6-CTT,. The headers define the type of security techniques,
including the use of private-key encryption, server authentication, client authentication,
and message integrity. . secure envelope encapsulates a message and provides
secrecy, integrity, and client/server authentication.
6-CTT, provides a number of security features. These include
! "lient and server authentication
! 6pontaneous encryption
-hat are the approaches for enterprise le)el security.
. firewall is a security mechanism that allows users with special rights to access a
protected network. Illegal users are denied access to the protected websites on the
Internet. It is important to note that a firewall can only prevent the corporate data against
user threats, but it cannot protect against viruses.
@irewalls are mainly used to protect sites that involve financial transactions. . selection
basis is applied while granting access to e&ternal users. The selection procedure is
based on the user name and password, Internet ,rotocol 'I,( address, or domain name.
@or e&ample, a vendor could permit entry to its website through the firewall only to those
users with specific domain names belonging to customer companies.
@irewalls are classified into three main categories 9. ,acket filters ,acket filtering at the
network layer can be use as a first defense. %asic filtering comes as part of most routers
software. ;ach packet is either forwarded or dropped based on its source address
destination address, or a defined 'T",( port. "onfiguring a filter involves some
determination of what services/ addresses should and should not be permitted to access
the network or server.+. .pplication 1 level gateways .n application-level gateway
provides a mechanism
for filtering traffic for various applications. The administrator defines and implements
code specific to applications or services used by the user7s site. 6ervices or users that
can compromise the network security can then e restricted. To counter some
weaknesses associated with packet filtering routers, firewalls utili)e software
applications to forward and filter connections for services such as Telnet, @T,, and
CTT,. -. "roxy servers . pro&y server terminates a user7s connection 'by application(
and sets up a new connection to the ultimate destination on behalf of the user, pro&ying
for the user. . user connects with a port on the pro&y; the connection is routed through
the gateway to a destination port, which is routed to the destination address.
*B
6ame any four issues addressed in a e- payment system. 8espite cost and
efficiency gains, many hurdles remain to the spread of electronic payment systems.
These
include several factors, many non-technical in nature that must be addressed before any
new payment method
can be successful.
! ,rivacy . user e&pects to trust in a secure system
! 6ecurity . secure system verifies the identity of two-party transaction through =user
authentication:
and reserves fle&ibility to restrict information / service through access control.
! Intuitive interface The payment interface must be as easy to use as a telephone.
>enerally speaking,
users value convenience more than anything.
! 8atabase integration *ith home banking, for e&ample, a customer wants to play with
all his accounts.
To date, separate accounts have been stored on separate databases.
! %rokers . =network banker: 1 someone to broker goods and services, settle conflicts,
and facilitate
financial transactions electronically 1 must be in place.
! ,ricing #ne fundamental issue is how to price payment system services.
! 6tandard *ithout standards, the welding of different payment users into different
networks and
different systems is impossible. 6tandards enable interoperability, giving users the ability
to buy and receive
information, regardless of which bank is managing their money.
$one of these hurdles are intractable. The biggest question concerns how customers will
take to a paperless and 'if not cashless( less-cash world.
Explain any four components of E(/ implementation.
;8T implementation starts with an agreement between a company and its trading
partner. The data moves without much interference to the trading partner7s application,
with no additional steps to slow the process. %oth parties e&change message based on
a structured format each type of message; a standard format has been agreed on by the
e&changing parties.
The basic kit necessary for ;8T implementation are
! "ommon ;8T standards dictate synta& and standardi)e on the business language.
;8T standards basically specify transaction sets 1 complete sets of business
documents.
! Translation software sends messages between trading partners, integrates data into
and from e&isting computer applications, and translates among ;8T message
standards.
! Trading partners are a firm7s customers and suppliers with whom business is
conducted.
! %anks facilitate payment and remittance.
! ;8T ?alue -.dded $etwork services '?.$s(. . ?.$ is a third-party service provider
that manages data communications networks for businesses that e&change electronic
data with other businesses.
! ,roprietary hardware and networking if it is a hub company. Cubs, also called
sponsors, are large companies, very active in ;8T, that facilitate their business partner7s
use of ;8T. .n important feature of ;8T is that software evaluates and processes
structured messages. The information system then proceeds to act upon the message.
<ow does the commerce and e-commerce are related.
Concept of Commerce and E-Commerce -"ommerce is normally associated with the
buying and selling of items. "ommerce is one of the oldest activities of human beings
and the concept of traders selling and buying items is a part of history. /arkets are a
common place where the buyers and sellers meet along with their products. /oney is
also an essential part of the market place. The concept of money, we have several
concepts of banking, various methods of representing and transferring money like
cheques, /#<s, 8rafts etc.
The key element of e-commerce is information processing. ;very stage of commerce,
e&cept of route production of goods and their physical delivery can be automated. The
tasks that can be automated include information gathering, processing, and manipulation
and information distribution.
-hat is meant by integrity of data . Explain the encryption +lgorithm on which
%%L depends.
(ata integrity is data that has a complete or whole structure. .ll characteristics of the
data including business rules, rules for how pieces of data relate, dates, definitions and
lineage must be correct for data to be complete.
,er the discipline of data architecture, when functions are performed on the data the
functions must ensure integrity. ;&amples of functions are transforming the data, storing
the history, storing the definitions '/etadata( and storing the lineage of the data as it
moves from one place to another. The most important aspect of data integrity per the
data architecture discipline is to e&pose the data, the functions and the data7s
characteristics.
8ata that has integrity is identically maintained during any operation 'such as transfer,
storage or retrieval(. ,ut simply in business terms, data integrity is the assurance that
data is consistent, certified and can be reconciled.
In terms of a database data integrity refers to the process of ensuring that a database
remains an accurate reflection of the universe of discourse it is modelling or
representing. In other words there is a close correspondence between the facts stored in
the database and the real world it models
. *eb server that utili)es security protocols like 66B to encrypt and decrypt data,
messages, and online payment gateways to accept credit cards, to protect them against
fraud, false identification, or third party tampering. ,urchasing from a secure *eb server
ensures that a user7s credit card information, or personal information can be encrypted
with a secret code that is difficult to break. ,opular security protocols include 66B,
6CTT,, 66C+, 6@T,, ,"T, and I,6ec.

List ad)antages and disad)antages of internet.
Tnternet is probably one of the greatest inventions of the century. %efore we have to go
to the library to do our research work but now, all we have to do is go to >oogle and do
our research. *e can do many things with the internet we can shop from e%ay , chat
with your friends in @acebook or 6kype , watch videos in PouTube, earn money from
blogging, and many moreN
Internet is really useful and has a lot of advantages, but there are also some
disadvantages of using it. "heck out this list of advantages and disadvantages of the
internet +d)antages-
Communication The foremost target of internet has always been the communication.
.nd internet has e&celled beyond the e&pectations . 6till; innovations are going on to
make it faster, more reliable. %y the advent of computer7s Internet, our earth has reduced
and has attained the form of a global village.
$ow we can communicate in a fraction of second with a person who is sitting in the other
part of the world. Today for better communication, we can avail the facilities of e-mail; we
can chat for hours with our loved ones. There are plenty messenger services in offering.
*ith help of such services, it has become very easy to establish a kind of global
friendship where you can share your thoughts, can e&plore other cultures of different
ethnicity.
/nformation Information is probably the biggest advantage internet is offering. The
Internet is a virtual treasure trove of information. .ny kind of information on any topic
under the sun is available on the Internet. The search engines like >oogle, yahoo is at
your service on the Internet. Pou can almost find any type of data on almost any kind of
sub4 ect that you are looking for. There is a huge amount of information available on the
internet for 4ust about every sub4 ect known to man, ranging from government law and
services, trade fairs and conferences, market information, new ideas and technical
support, the list is end less.
6tudents and children are among the top users who surf the Internet for research. Today,
it is almost required that students should use the Internet for research for the purpose of
gathering resources. Teachers have started giving assignments that require research on
the Internet. .lmost every coming day, researches on medical issues become much
easier to locate. $umerous web sites available on the net are offering loads of
information for people to research diseases and talk to doctors online at sites such as,
.merica7s 8octor. 8uring 9HH5 over +A million people reported going online to retrieve
health information.
Entertainment ;ntertainment is another popular raison d7Qtre why many people prefer
to surf the Internet. In fact, media of internet has become quite successful in trapping
multifaceted entertainment factor. 8ownloading games, visiting chat rooms or 4ust surfing
the *eb are some of the uses people have discovered. There are numerous games that
may be downloaded from the Internet for free. The industry of online gaming has tasted
dramatic and phenomenal attention by game lovers. "hat rooms are popular because
users can meet new and interesting people. In fact, the Internet has been successfully
used by people to find life long partners. *hen people surf the *eb, there are numerous
things that can be found. /usic, hobbies, news and more can be found and shared on
the Internet.
%er)ices /any services are now provided on the internet such as online banking, 4ob
seeking, purchasing tickets for your favorite movies, guidance services on array of topics
engulfing the every aspect of life, and hotel reservations. #ften these services are not
available off-line and can cost you more.
E-Commerce ;commerce is the concept used for any type of commercial
maneuvering, or business deals that involves the transfer of information across the globe
via Internet. It has become a phenomenon associated with any kind of shopping, almost
anything. Pou name it an ;commerce with its giant tentacles engulfing every single
product and service will make you available at your door steps. It has got a real ama)ing
and wide range of products from household needs, technology to entertainment.
(isad)antages
=heft of "ersonal information
If you use the Internet, you may be facing grave danger as your personal information
such as name, address, credit card number etc. can be accessed by other culprits to
make your problems worse.
%pamming 6pamming refers to sending unwanted e-mails in bulk, which provide no
purpose and needlessly obstruct the entire system. 6uch illegal activities can be very
frustrating for you, and so instead of 4ust ignoring it, you should make an effort to try and
stop these activities so that using the Internet can become that much safer.
5irus threat ?irus is nothing but a program which disrupts the normal functioning of
your computer systems. "omputers attached to internet are more prone to virus attacks
and they can end up into crashing your whole hard disk, causing you considerable
headache.
"ornography This is perhaps the biggest threat related to your children7s healthy
mental life. + very serious issue
concerning the Internet. There are thousands of pornographic sites on the Internet that
can be easily found and can be a detrimental factor to letting children use the Internet.
/n short answer The advantages of
using internet communication are that
R can callibrate easily with people
R it7s easy to access with 4ust one click
R we have the ability to link to peapole and places immediately
The disadvantages of using Internet communication are that
R not everyone have the access to the Internet
R it requires a specialist staff
The disadvantages of using the Internet in general are
R young children have access to porn
R anyone can easily access instructions on making bombs, guns, silencers, or other
dangerous materials.
Ranyone can find information on committing an almost untraceable murder
Ranyone can find anything, no matter how illegal
List the six layers of E-Commerce architecture and what are the four types of
"urchases.
The electronic commerce application architecture consists of si& layers of functionality or
services
(!) +pplications %er)ices The application services layer of e-commerce will be
comprised of e&isting and hope applications built on the native architecture.
=hree district classes of electronic commerce applications can be famous
a( "ustomer-to- business "ustomers learn about products differently through electronic
publishing, buy them using electronic cash and secure payment systems, and have them
delivered differently.
b( %usiness-to-business %usinesses, governments, and other organi)ations depend on
computer-to-computer communication as a fast, an economical, and a reliable way to
conduct business transactions. 6mall companies are also beginning to see the benefits
of adopting the similar methods. c( Intra-orani)ation
. "ompany becomes market driven by dispersing throughout the firm information about
its customers and competitors. To maintain the relationships that are critical to delivering
superior customer value, management must pay close attention to service, both before
and after sales.
(4) *ro2erage ser)ices0 data or transaction management The information brokerage
and management layer provides service integration through the concept of information
brokerages, the development of which is necessitated by the increasing information
resource fragmentation. The concept of information brokerage to represent an
intermediary who provides service integration between customers and information
providers, given some constraint such as a low price, fast service, or profit ma&imi)ation
for a client. In foreign e&change trading, information is retrieved about the latest currency
e&change rates in order to hedge currency holdings to minimi)e risk and ma&imi)e profit.
The brokerage function is the support for data management and traditional transaction
services. %rokerages may provide tools to accomplish more sophisticated, time- delayed
updates or future- compensating transactions.
(9) /nterface and support layers Interface and support services, will provide interfaces
for electronic commerce applications such as interactive catalogs and will support
directory services 1 4ob needed for information search and access. Interactive catalogs
are the modified interface to consumer applications such as home shopping. .n
interactive catalog is an e&tension of the paper-based catalog and incorporates
additional features. The primary difference between the two is that unlike interactive
catalogs, which deal with people, directory support services interact directly with
software applications. @or this reason, they need not have the multimedia flash and
ballet generally associated with interactive catalogs.
(:) %ecure messaging0 security0 and electronic document interchange The
importance of the fourth layer, secured messaging, is clear. /essaging is the software
that sits between the network infrastructure and the clients or e-commerce applications,
masking the peculiarities of the environment. /essaging products are not applications
that solve problems; they are more enablers of the applications that solve problems. The
main disadvantages of messaging are the new types of applications it enables 1 which
appear to be more comple&, especially to traditional programmers 1 and the 4ungle of
standards it involves. .lso, security, privacy, and confidentiality through data encryption
and authentication techniques are important issues that need to be resolved.
B) Middleware and structured document interchange /iddleware is a relatively new
concept. *ith the growth of networks, client-server technology, and all other forms of
communicating between / among unlike platforms, the harms of getting all the pieces to
work together grew. /iddleware is the ultimate mediator between diverse s/w programs
that enables them talk to one another. /iddleware is the computing shift from application
centric to data centric. (;) 6etwor2 infrastructure and
basic communications ser)ices Transparency implies that users should be unaware
that they are accessing multiple systems. Transparency is essential for dealing with
higher-level issues than physical media and interconnection that the underlying network
infrastructure is in charge of. Transparency is accomplished using middleware that
facilitates a distributed computing environment. The goal is for m the applications to
send a request to the middleware layer, which then satisfies the request any way it can,
using remote information.
/arketing researchers have isolated several types of purchasing
! 6pecifically planned purchases. The need was recogni)ed on entering the store and
the shopper
bought the e&act item planned.
! >enerally planned purchases. The need was recogni)ed, but the shopper decided in-
store on the actual
manufacturer of the item to satisfy the need.
! Deminder purchases. The shopper was reminded of the need by some store influence.
This shopper is
influenced by in-store advertisements and can substitute products readily.
! ;ntirely unplanned purchases. The need was not recogni)ed entering the store like gift
items.
Explain the primary elements of %CM.
Bogistics, integrated marketing and agile manufacturing.
Bogistics is a fairly new order that deals with the mi&ing of materials management and
physical distribution. Bogistics and 6"/ are sometimes interchanged, think of 6"/ as
an umbrella that incorporates the logistics function. #ver the years areas such as
materials management and distribution have evolved into logistics, which in turn has
become one integral component of 6"/.
/ost managers often don7t reali)e that order dispensation and finishing processes may
e&ceed 9F percent of the cost of sales. In electronic commerce, the order process could
be initiated by marketing information systems such as point-of-sale systems. Today, with
the aid of technology, we are able to integrate the customer directly and react to
changes in demand by modifying the supply chain.
.gile manufacturing "onsumers and manufacturers are stressing quality and speed.
#ne of the most important visions of production goes by the name of nimble
manufacturing.
*;
Explain hori&ontal and )ertical organi&ation.
a) =he 5ertical organi&ation =he vertical approach to corporate management poses
two problems to smooth operations. @irst, it creates boundaries that discourage
employees in different departments from interacting with one another. 6econd,
departmental goals are typically set in a way that could cause friction among
departments. @or instance, goals for sales are typically set to ma&imi)e sales and pay
little attention to account collection or service delivery.
The vertical organi)ation allows gaps to e&ist between employees from different
departments and lacks a channel to facilitate interaction and communication. The lower
level in the hierarchy, the larger the gap. These gaps e&pand with geographic dispersion
and corporate growth. ,roblems can result when a need arises for two departments to
communicate at the lower level. This structure consumes time and resources, and the
lack of communication channels and practices clearly contributes to misunderstanding
and frustration among departments. @inally, three key ingredients are missing from the
vertical organi)ations chart The product, the process, and the customer
b) =he <ori&ontal Organi&ationC=he principal goal of hori)ontal management is to
facilitate the smooth transition of intermediate products and services through its various
functions to the customer. This is achieved by empowering employees, improving
communication, and eliminating unnecessary work. The importance of having a clear
view of how products and services flow from one department to another eventually, to
the customer is apparent. The structure of a hori)ontal organi)ation is two-tiered instead
of multilayered, as seen in vertical organi)ations a core group of senior management
responsible for strategic decisions and policies, and a stratum of employees in process
teams. The ob4ective of a hori)ontal structure is to change the staff7s focus from
coordinating and reporting to improving flow managements and work quality and
increasing value for customers. The hori)ontal structure eliminates the need to devote
resources to vertical communication. Cowever, there is an increased need for
coordination of the various parties involved.
-hat is non-repudiation. List the four basic goals of electronic security.
. person cannot deny after having sent I received a message.
$on-repudiation of origin -The ability to identify who sent the information
originally versus which intermediary forwarded it.
$onrepudiation of receipt-The ability to identify that the information was received by the
final addressed destination in a manner that cannot be repudiated. The information has
been opened and interpreted to some degree.
$onrepudiation of delivery - The ability to identify whether the information was delivered
to an appropriate in a manner if cannot repudiate.
"omputer security has several fundamental goals. They are following
!. "ri)acy Eeep private documents private, using encryption, passwords, and access-
control systems. 4. /ntegrity 8ata and applications should
be safe from modification without the owner7s consent.
9. +uthentication ;nsure that the people using the computer are the authori)ed users
of that system. :. +)ailability The end system 'host(
and data should be available when needed by the authori)ed user.
-hat is 5+6. Explain the functions of 5+6.
. ?.$ is a communications network that typically e&changes ;8T messages among
trading partners. It also provides other services, including holding messages in
=electronic mailbo&es,: interfacing with other ?.$s and supporting many
telecommunications modes and transfer protocols. . ?.$s =electronic mailbo&: is a
software feature into which a user deposits ;8T transactions and then retrieves those
messages when convenient. It works much like residential personal mailbo&es, and it
allows everybody involved to be fle&ible and cost-effective.
-hat is E-Commerce . 6ame two stages of commerce that cannot be automated.
The key element of e-commerce is information processing. ;very stage of commerce,
e&cept of route
production of goods and their physical delivery can be automated. The tasks that can be
automated include
information gathering, processing, and manipulation and information distribution.
=he following categories of operations came under e- commerce
!) Transactions between a supplier/a shopkeeper and a buyer or between two
companies over a public
network like the service provider network 'like I6,(. *ith suitable encryption of data and
security for
transaction, entire operation of selling/buying and settlement of accounts can be
automated.
+( Transactions with the trading partners or between the officers of the company located
at different
locations.
-( Information gathering needed for market research.
0( Information processing for decision making at different levels of management.
5) Information manipulation for operations and supply chain management.
2( /aintenance of records needed for legal purposes, including ta&ation, legal suits etc.
3( Transactions for information distributions to different retailers, customers etc. including
advertising,
sales and marketing.
The uses of computers in these areas not only make the operations quicker, but also
error free and provides for consolidated approach towards the problem. It is not that the
concept of e-comnierce is totally without side effects. There are several areas of security,
safety against fraud etc., the concept of legal acceptance that is however to be solved.
,roduction of goods and delivery of goods.

List any two tangible benefits of E(/.
;8I - ;lectronic 8ata Interchange. It helps trading partners to establish communication
between their computers. The communication can be as simple as a floppy I "8 but
normally we talk of an electronic connection. ;8T communication information pertinent
for business transactions between the computer system of transaction between the
computer system of companies, govt, organi)ations, small business and banks.
Tangible benefits of ;8T
0 Deduced paper 1 based systems - ;8T can impact the effort and e&pense a
company devotes to maintaining records, paper 1 related supplies, filling cabinets, or
other
storage system and to the personal required to maintain all of these system.
0 Tmproved problem resolution and customer service ;8T can minimi)e the time
companies spend to identify and resolve interbussines problem.
0 ;&panded customerN supplier base /any large manufacturers and retailers with the
necessary clout are ordering their supplier to institute an ;8T program.. The issues that
are yet to be tackled are Issue of legal, admissibility and computer security is
paramount.
Explain four ob?ecti)es of %E= and what are the se)en ma?or business
re>uirements addressed by %E=.
.t this 4uncture, the industry is counting on 6;T to accelerate internet electronic
commerce. 6;T is becoming the de facto standard for security. 8epicts its operation.
The following list depicts key functions of the specification.
R,rovide for confidential payment information and enable confidentiality of order
information that is transmitted with payment information
R ;nsure integrity for all transmitted data
R ,rovide authentication that a buyer is a legitimate user of a branded 'e.g. ?isa, /aster
"ard, .merican ;&press( bankcard account.
R ,rovide authentication that a merchant can accept bank card payments through its
relationship with an appropriate financial institution.
R ;nsure the use of the best security practices and design techniques to protect all
legitimate
parties in an electronic commerce transaction.
R ;nsure the creation of a protocol that is neither department on transport security
mechanismsmno prevents their use.
R @acilitate and encourage interoperability across software and network providers.
-hat are the two desirable properties in any e-transaction . 6ame any four issues
addressed in a e-payment system.
. recently proposed abstraction, called e-Transaction 'e&actly-once Transaction(,
specifies a set of properties capturing end-to-end reliability aspects for three-tier *eb-
based systems. In this paper we propose a distributed protocol ensuring the e-
Transaction properties for the general case of multiple, autonomous back- end
databases. The key idea underlying our proposal consists in distributing, across the
back-end tier, some recovery information reflecting the transaction processing state. This
information is manipulated at low cost via local operations at the database side, with no
need for any form of coordination among asynchronous replicas of the application server
within the middle-tier. "ompared to e&isting solutions, our protocol has therefore the
distinguishing features of being both very light and highly scalable. The latter aspect
makes our proposal particularly attractive for the case of very high degree of replication
of the application access point, with distribution of the replicas within infrastructures
geographically spread on public networks over the Internet 'e.g., .pplication 8elivery
$etworks(, namely, a configuration that also provides the advantages of reduced user
perceived latency and increased system availability.
-hat in the role of encryption in data transfer. List the )arious encryption
=echni>ues.
/ntroduction #ften there has been a need to protect information from Sprying eyes7. In
the electronic age, information that could otherwise benefit or educate a group or
individual can also be used against such groups or individuals. Industrial espionage
among highly competitive businesses often requires that e&tensive security measures be
put into place. .nd, those who wish to e&ercise their personal freedom, outside of the
oppressive nature of governments, may also wish to encrypt certain information to avoid
suffering the penalties of going against the wishes of those who attempt to control. 6till,
the methods of data encryption and decryption are relatively straightforward, and easily
mastered. I have been doing data encryption since my college days, when I used an
encryption algorithm to store game programs and system information files on the
university mini-computer, safe from Sprying eyes7. These were files that raised eyebrows
amongst those who did not approve of such things, but were harmless Iwe were always
careful $#T to run our games while people were trying to get work done on the
machineJ. I was occasionally asked what this =rather large file: contained, and I once
demonstrated the program that accessed it, but you needed a password to get to Scertain
files7 nonetheless. .nd, some files needed a separate encryption program to decipher
them.
Methods of Encrpyting (ata
Traditionally, several methods can be used to encrypt data streams, all of which can
easily be implemented through software, but not so easily decrypted when either the
original or its encrypted data stream are unavailable. '*hen both source and encrypted
data are available, code-breaking becomes much simpler, though it is not necessarily
easy(. The best encryption methods have little effect on system performance, and may
contain other benefits 'such as data compression( built in. The well-known S,ETI,U7
utility offers both compression .$8 data encryption in this manner. .lso 8%/6
packages have often included some kind of encryption scheme so that a standard Sfile
copy7 cannot be used to read sensitive information that might otherwise require some
kind of password to access. They also need Shigh performance7 methods to encode and
decode the data.
-ith the help of a diagram explain hori&ontal and )ertical orani&ation.
a) =he 5ertical organi&ation The vertical approach to corporate management poses
two problems to smooth operations. @irst, it creates boundaries that discourage
employees in different departments from interacting with one another. 6econd,
departmental goals are typically set in a way that could cause friction among
departments. @or instance, goals for sales are typically set to ma&imi)e sales and pay
little attention to account collection or service delivery. The vertical organi)ation allows
gaps to e&ist between employees from different departments and lacks a channel to
facilitate interaction and communication. The lower level in the hierarchy, the larger the
gap. These gaps e&pand with geographic dispersion and corporate growth. ,roblems
can result when a need arises for two departments to communicate at the lower level.
This structure consumes time and resources, and the lack of communication channels
and practices clearly contributes to misunderstanding and frustration among
departments. @inally, three key ingredients are missing from the vertical organi)ations
chart The product, the process, and the customer.
b) =he <ori&ontal Organi&ation The principal goal of hori)ontal management is to
facilitate the smooth transition of intermediate products and services through its various
functions to the customer. This is achieved by empowering employees, improving
communication, and eliminating unnecessary work. The importance of having a clear
view of how products and services flow from one department to another eventually, to
the customer is apparent. The structure of a hori)ontal organi)ation is two-tiered instead
of multilayered, as seen in vertical organi)ations a core group of senior management
responsible for strategic decisions and policies, and a stratum of employees in process
teams. The ob4ective of a hori)ontal structure is to change the staff7s focus from
coordinating and reporting to improving flow managements and work quality and
increasing value for customers. The hori)ontal structure eliminates the need to devote
resources to vertical communication. Cowever, there is an increased need for
coordination of the various parties involved.
Explain its importance in E-commerce. ;lectronic commerce,
or ;commerce, which literally means business trading through the Internet, has been
around the globe since mid HAs. Cowever, until the recent few years, ;commerce is
getting more and more attention from entrepreneur and consumers, both local and
international. #ne of the main reasons is due to the highly successful operations of
some well known names on the Internet, such as e%ay, Pahoo and 8ell. The sales
revenue these companies shown in their annual reports are without doubt, one of the
biggest factors why
;commerce is important in the commercial market nowadays.
;commerce proved its importance based on the fact where time is essence. In the
commercial markets, time plays an important role to both the business and consumers.
@rom the business perspective, with less time spent during each transaction, more
transaction can be achieved on the same day. .s for the consumer, they will save up
more time during their transaction. %ecause of this, ;commerce steps in and replaced
the traditional commerce method where a single transaction can cost both parties a lot of
valuable time. *ith 4ust a few clicks in minutes, a transaction or an order can be placed
and completed via the internet with ease. @or instance, a banking transaction can be
completed through the Internet within a few minutes compared to the traditional banking
method which may take up to hours. This fact obviously proves that ;commerce is
beneficial to both business and consumer wise as payment and documentations can be
completed with greater efficiency. @rom the business viewpoint, ;commerce is much
more cost effective compared to traditional commerce method. This is due to the fact
where through ;commerce, the cost for the middleperson to sell their products can be
saved and diverted to another aspect of their business. #ne e&ample is the giant
computer enterprise, 8ell, which practice such a method by running most of their
business through internet without involving any third parties. .side from that, marketing
for ;commerce can achieve a better customer to cost ratio as putting an advertisement
on the internet is comparably much cheaper than putting up a roadside banner or filming
a television commercial. @or ;commerce, the total overheads needed to run the
business is significantly much less compared to the traditional commerce method. The
reason due to that is where most of the cost can be reduced in ;commerce. @or
e&ample, in running an ;commerce business, only a head office is needed rather than a
head office with a few branches to run the business. In addition to that, most of the cost
for staff, maintenance, communications and office rental can be substitute by a single
cost, web hosting for the ;commerce business. To both the consumers and business,
connectivity plays an important part as it is the key factor determining the whole
business. @rom the business point of view, ;commerce provides better connectivity for
its potential customer as their respective website can be accessed virtually from
anywhere through Internet. This way, more potential customers can get in touch with the
company7s business and thus, eliminating the limits of geographical location. @rom the
customer standpoint, ;commerce is much more convenient as they can browse through
a whole directories of catalogues without any hassle, compare prices between products,
buying from another country and on top of that, they can do it while at home or at work,
without any necessity to move a single inch from their chair. %esides that, for both
consumers and business, ;commerce proves to be more convenient as online trading
has less red tape compared to traditional commerce method.
In global market sense, the appearance of ;commerce as a pioneer has opened up
various windows of opportunities for a variety of other companies and investors. @or
instance, due to the booming of ;commerce, more and more resources are being
directed into electronic securities, internet facilities, business plans and new
technologies. In result of this phenomenon, a variety of new markets have emerged from
;commerce itself giving a boost to the global market.
*D
-hat is the purpose of 8erberose.
Eerberos is a protocol that allows individuals communicating over an insecure network to
prove their identity to one another in a secure manner. Eerberos prevents replay attacks
and ensures the integrity of the data. Eerberos works on client-server model and it
provides mutual authentication, both the user and the service verify each other7s identity.
Eerberos is built on synimetric key cryptography and requires a trusted third party. Tt
offers more security. It can work with any client logon method. It uses the standard
/icrosoft policy control. It is platform independent. Eerberos uses a trusted third-party
authentication scheme, in which users and hosts rely on the third party to bear the
burden of trust 1 both the hosts and users trust the third party and not each other.
6ome of the design principles of Eerberos are as follows R %oth one-way and two-way
authentications are supported. R .uthentication should be achieved without transmitting
unencrypted passwords over a network. R $o unencrypted passwords should be stored
in the E8". R "lear te&t passwords entered by client users should be retained in memory
for the shortest time possible, and then destroyed. R .uthentication compromises that
might occur should be limited to the length of the user7s current login session. R ;ach
authentication should have a finite lifetime, lasting about as long as a typical logic
session.
-hat is the role of encryption in data transfer. 6ame any two concepts of =5
based home entertainment.
$ole of encryption in data transfer-
<ome entertainment - The ne&t e&ample of this type of commerce is home
entertainment. 8ubbed on line movies, it is possible for the user to select a movie/"8
online and make his cable operator play the movie e&clusively for him 'movie on
demand( cause against payment like Tata 6ky. ,ayment can be either online/ payable to
his account. It is also possible to play interactive games online/download them to your
computer to play. The concept of downloading games/news etc. .t a cost to the mobiles
is also a similar concept. It may be noted that in all these cases, the physical movement
of the customer/trader is avoided; of course, the computer need not always be a part of
the deal.
-hat are the main types of E(/ access method.
Three main types of ;8T access methods are available
9( (irect dial or modem to modem connection
! 8irect-dial systems are by far the simplest and most common.
! The user has direct access to partner7s modem and communicates by using the
modem to dial the modem of the other party.
! . direct computer-to-computer transfer of documents through a modem.
+( Limited third-party )alue-added network services
! Bimited ?.$s are regional and international communications services similar to those
used with email.
! These ?.$s often provide only the very basic technical services such as protocol
conversion and data
error detection and correction, directing and delivering ;8T traffic to thousands of buyers
and sellers.
9) 'ull-ser)ice third-party 5+6s
! @ull third-party services provide more than 4ust communication between two or more
parties.
! ;lectronic mailbo&es and associated e&tra features are the heart of these third-party
services.
! ;&tra features include access control for security and document tracking, which allows
users to track
their own documents as they pass though the system.
! This feature supports audit needs.
! . third-party network can also provide a =gateway: to interconnect with other third-party
networks.
Explain the three broad phases of consumer7s perspecti)e.
The business process model from a consumer7s perspective consists of seven activities
that can be grouped into three phases pre-purchase phase, purchase consummation,
and post-purchase interaction.
!) "re-purchase "reparati)e The pre-purchase preparation phase includes search
and discovery for a set of products in the larger information space capable of meeting
customer requirements and products selection from the smaller set of products based on
attribute comparison. 4)"urchase
Consummation The purchase consummation phase includes mercantile protocols that
specify the flow of information and documents associated with purchasing and
negotiation with purchasing and negotiation with merchants for suitable terms, such as
price, availability, and delivery dates; and electronic payment mechanisms that integrate
payment into the purchasing process 9) "ost-
purchase interaction The post-purchase interaction phase includes customer service
and support to address customer complaints, product returns, and product defects.
,urchase deliberation is defined as the elapsed time between a consumer7s first thinking
about buying and the actual purchase itself.
6ame of few operations performed by e-commerce.
9( Transactions between a supplier/a shopkeeper and a buyer or between two
companies over a publicnetwork like the service provider network 'like I6,(. *ith
suitable encryption of data and security fortransaction, entire operation of selling/buying
and settlement of accounts can be automated.
+( Transactions with the trading partners or between the officers of the company located
at different locations. -( Information gathering needed for
market research. 0( Information processing for decision making at
different levels of management. F(
Information manipulation for operations and supply chain management.
2( /aintenance of records needed for legal purposes, including ta&ation, legal suits etc.
3( Transactions for information distributions to different retailers, customers etc. including
advertising,sales and marketing.

Explain any se)en business re>uirements.
There are seven ma4or business requirements addressed by 6;T
9. ,rovide confidentiality of payment information and enable confidentiality or order
information that is
transmitted along with the payment information.
+. ;nsure integrity for all transmitted data.
-. ,rovide authentication that a cardholder is a legitimate user of a branded payment
card account.
0. ,rovide authentication that a merchant can accept branded payment card
transactions through its
relationship with an acquiring financial institution. 5. ;nsure the use of the best security
practices and system design techniques to protect all legitimate parties of an electronic
commerce transaction.
2. ;nsure the creation of a protocol that is neither dependent on transport security
mechanisms nor prevents their use.
3. @acilitate and encourage interoperability across software and network providers.
-hat are the two approaches of )irtual organi&ation.
The virtual organi)ation is defined as being closely coupled upstream with its suppliers
and downstream with its customers such that where one begins and the other ends
means little to those who manage the business processes within the entire organi)ation.
In simplest terms, it is an organi)ation having the essence or effect of a traditional
corporation without the structure or appearance of one. In the virtual organi)ation, each
separate firm retains authority in ma4or budgeting and pricing matters and functions as
part of a greater organi)ation coordinated by a core firm acting as integrator of the
actions done by the various partners. Interdependence among partners differentiates the
virtual corporation from the traditional hierarchy. "ompanies adept at coordinating and
ma&imi)ing the capabilities of suppliers will gain more control over key elements of time
from overall order to shipment lead time to product specific cycle time. In addition, full
fledged alliances that tap the resources of multiple parties will effectively slash product-
or process- development time.
push and pull.
List the acti)ities of ban2ing system for business.
The concepts under basic banking services are what a normal customer would be
transacting with his bank most of the time. They are mainly related to personal finances.
It can safely be presumed that most of normal transactions that a customer has with his
bank can be classified into the following.
i. "hecking his accounts statements
ii. Dound the clock banking '.T/(
iii. ,ayment of bills etc.
iv. @und transfer and
v. <pdating of his pass books etc.
Can the digital signature fully replace handwritten signature.
The cryptographic community is e&ploring various technical uses of digital signatures by
which messages might be time-stamped or digitally notari)ed to establish dates and
times at which a recipient might claim to have had access or even read a particular
message. If digital signatures are to replace handwritten signatures, they must have the
same legal status as handwritten signatures. The digital signature provides a means for
a third party to verify that the notari)ed ob4ect is authentic. 8igital signatures should have
greater legal authority than handwritten signatures. @or instance, if a ten-page contract is
signed by hand on the tenth page, one cannot be sure that the first nine pages have not
been altered. If the contract was signed by digital signatures, however, a their party can
verify that not one byte of the contract has been altered. *ithout such a framework, it is
hard to see how ;8T can fulfill the role envisioned for it in the future.
-hy are information bro2erages needed. Explain with an example.
The information brokerage and management layer provides service integration through
the concept of information brokerages, the development of which is necessitated by the
increasing information resource fragmentation. The concept of information brokerage to
represent an intermediary who provides service integration between customers and
information providers, given some constraint such as a low price, fast service, or profit
ma&imi)ation for a client. In foreign e&change trading, information is retrieved about the
latest currency e&change rates in order to hedge currency holdings to minimi)e risk and
ma&imi)e profit. The brokerage function is the support for data management and
traditional transaction services. %rokerages may provide tools to accomplish more
sophisticated, time-delayed updates or future- compensating transactions.
Explain "ublic 8ey.
,ublic 1 Eey cryptography, also known as asymmetric cryptography, uses two keys
one key to encrypt the message and the other key to decrypt the message. The two
keys are mathematically related such that data encrypted with either key can only be
decrypted using the other. ;ach user has two keys a public key and a private key. The
user distributes the public key. %ecause of the relationship between the two keys, the
user and anyone receiving the public key can be assured that data encrypted with the
public key and sent to the user can only be decrypted by the user using the private key.
This assurance is only maintained if the user ensures that the private key is not
disclosed to another. Therefore, the key pair should be generated by the usr. The best
known public-key cryptography algorithm is D6. ' named after its inventors Divest,
6hamir and .dleman(.
On what factors can negotiations ta2e place.
#ver money, terms and conditions, delivery dates and evaluation criteria. $egotiation
occurs in business, non-profit organi)ations, government branches, legal proceedings,
among nations and in personal situations such as marriage, divorce, parenting, and
everyday life. The study of the sub4ect is called negotiation theory . ,rofessional
negotiators are often speciali)ed, such as union negotiators, leverage buyout
negotiators, peace negotiators, hostage negotiators, or may work under other titles, such
as diplomats , legislators or brokers.
-hat should be co)ered in the policy.
a( The following is a list of topics that should be covered in this area of the policy.
9( *hat guidelines you have regarding resource use. +( *hat might
constitute abuse -( *hether users are permitted
to share accounts or let others use their accounts.
:) Cow users should keep their passwords secret. F( Cow often users
should change their passwords and any password restrictions or requirements.
2( Destrictions on disclosure of information that may be proprietary. 3( 6tatement or
electronic mail privacy. 5( ,olicy on electronic
communications, mail forging, and so on. E) The organi)ation7s policy
concerning controversial mail or postings to mailing lists or discussion groups.
-hat is the need for seamless connections. (efine a %oftware +gent.
+ seamless connection to the mar2etplace It is obvious that each customer will be
operating with a different type of computer, software, connectivity etc. There should be
available standards sot that any of
these costumers will be able to attach himself to any of the markets without changing his
hardware/software/interfaces etc.
6oftware agents are used to implement information brokerages. .gents are
encapsulations of users instructions that perform all kinds of tasks in electronic
marketplaces spread across networks. Information brokerages dispatch agents capable
of information resource gathering, negotiating deals and performing transactions.
-hat is E'= . List any four components of E(/ implementation.
;lectronic @unds Transfer is the automatic transfer of funds among banks and other
organi)ations.
;8T implementation starts with an agreement between a company and its trading
partner. The data moves without much interference to the trading partner7s application,
with no additional steps to slow the process. %oth parties e&change message based on
a structured format each type of message; a standard format has been agreed on by the
e&changing parties.
(escribe the 5+6 pricing system.
?.$s bill in various ways for services rendered. Typically, customers can pick and
choose from an array of
?.$ service and be billed accordingly. These services may include ;8T translation
software and support,
;8T to fa& support, email capability, inter-?.$ connectivity, and, most commonly,
transmission of G. 9+
documents.
-hat are the basic types of physical data security and threats to data.
8ata integrity and 8ata availability
8ata Integrity
! .bstract resource such as information is usually more difficult than providing physical
security. 8ata integrity is critical; so is data availability. %ecause information can in
principle be copied as it passes across a network, protection must also prevent
unauthori)ed read/write/delete; that is, network security must include a guarantee of
privacy.
-hat is the need for open E(/.
The increased interest in open ;8T is a result of discontent with traditional ;8T. #pen
;8T is a business process for automating the operation of the law of contract within the
conte&t of electronic commerce where transactions are not repeated or sustained over a
long period of time. The aid revisions and aids in more speedy agreement on a final
version.
*F