Sie sind auf Seite 1von 101

Search for

documents:
Top of Form
Bottom of Form
Report this document
View the PDF
version
Share on
Facebook
Ads not by this site
Ads not by this site
!"#$
%
&'&!TR()*!
!(&R!&
ST+D, AT&R*A'
!"#$%
&'&!TR()*! !(&R!&
-As per Anna +niversity. !hennai Sy//abus0
R#11"
!2T3*,A)&S4ARA).
AP5BA
%
!"#$%
&'&!TR()*!
!(&R!&
*)D&6
+)*T
S
PA7&
)(2
*
2
*ntroductio
n
1
8
**
2
Security
Techno/o9ies
#
8
***2 &/ectronic Payment
ethods
8
1
*V2 &/ectronic !ommerce
Providers
:
8
V2 (n/ine !ommerce
&nvironments
$
%
!2T3*,A)&S4ARA).
AP5BA
#
!"#$% &'&!TR()*! !(&R!&
!"#$% &'&!TR()*! !(&R!&
%2 *)TR(D+!T*() :
)etworks and !ommercia/ Transactions ; *nternet and (ther )ove/ties ; &/ectronic Transactions
Today ; !ommercia/ Transactions ; &stab/ishin9 Trust ; *nternet &nvironment ; *nternet
Advanta9e ; 4or/d 4ide 4eb2
#2 S&!+R*T, T&!3)('(7*&S "
4hy *nternet *s +nsecure ; *nternet Security 3o/es ; !rypto9raphy : (b<ective ; !odes and
!iphers ; Breakin9 &ncryption Schemes ; Data &ncryption Standard ; Trusted =ey Distribution
and Verification ; !rypto9raphic App/ications ; &ncryption ; Di9ita/ Si9nature > )on repudiation
and essa9e *nte9rity2
?2 &'&!TR()*! PA,&)T "
&T3(DS
Traditiona/ Transactions : +pdatin9 ; (ff/ine and (n/ine Transactions ; Secure 4eb Servers ;
Re@uired Faci/ities ; Di9ita/ !urrencies and Payment Systems ; Protoco/s for the Pub/ic
Transport ; Security Protoco/s ; S&T ; !redit !ard Business Basics2
82 &'&!TR()*! !(&R!&
PR(V*D&RS
"
(n/ine !ommerce (ptions ; Functions and Features ; Payment Systems : &/ectronic. Di9ita/
and Virtua/ *nternet Payment System ; Account Setup and !osts ; Virtua/ Transaction Process ;
*nfo3aus
;Security !onsiderations > !yber!ash: ode/ ; Security ; !ustomer Protection ; !/ient
App/ication
;Se//in9 throu9h !yber!ash2
A2 ()'*)& !(&R!&
&)V*R()&)TS
%
#
Servers and !ommercia/ &nvironments ; Payment ethods ; Server arket (rientation ;
)etscape !ommerce Server ; icrosoft *nternet Servers ; Di9ita/ !urrencies ; Di9i!ash ; +sin9
&cash ; &cash !/ient Software and *mp/ementation ; Smart !ards ; The !hip ; &/ectronic Data
*nterchan9e ; *nternet Strate9ies. Techni@ues and Too/s2
T&6T B((=S
Pete 'oshin. B&/ectronic !ommerceC. 8th &dition. Firewa// media. An imprint of /aDmi
pub/ications Pvt2 'td2. )ew De/hi. #1182
R&F&R&)!&S
Eeffrey F2Rayport and Bernard E2 Eaworski. B*ntroduction to &;!ommerceC. #nd &dition. Tata c;
7raw 3i// Pvt2. 'td2. #11?2
7reenstein. B&/ectronic !ommerceC. Tata c;7raw 3i// Pvt2. 'td2. #1112
!2T3*,A)&S4ARA).
AP5BA
?
Ads not by this site
!"#$
%
&'&!TR()*!
!(&R!&
+)*T > *
PART > A
%2 Define &;!ommerce2
&/ectric commerce: the conductin9 of business communication and transactions over networks
and throu9h computers2 Specifica//y. ecommerce is the buyin9 and se//in9 of 9oods and
services. and the transfer of funds. throu9h di9ita/ communications2
#2 4hat is *nternet F
The internet is a co//ection of wires. protoco/s and hardware that a//ows the e/ectronic
transmission of data over T!P5*P2 The *nternet forms a 9/oba/ n5w of computers that can share
data and pro9rams2 the computers are connected throu9h a series of 'A). 4A) and transfer
data throu9h he communication ru/es set forth by the T!P5*P2
Four !omponents to use the *nternet in an easy manner:
%2D)S-Domain )ame System02
#2Packet switchin9 . routin9
?2T!P
82*P Address
T!P ;G S5w ensures the safe and re/iab/e transfer of the data2 *P ;G *P S5w sets the ru/es for
data transfer over a n5w2
?2 3ow the internet works F
a2 Addressin9 and the Domain name system:
&ach and every system have its own uni@ue *P address2 Sun icrosystems deve/oped the D)S
in the ear/y %"H1s2 *t converted numeric *P address into character *Paddress2
b2 Packet Switchin9:
*nternet is a packet switched system2 A// data transferred across the internet is broken into
packets2
c2 Routin9:
*t serve as intermediaries b5w the n5w2
Bui/din9 b/ocks of the internet2 They direct traffic and trans/ate ms9 so that different n5w
techno/o9ies can communicate with one another2
82 4hat is a )etworkF
A BnetworkC has been defined as any set of inter/inkin9 /ines resemb/in9 a net. a network of
roads II an interconnected system. a network of a//iances2JJ This definition suits our purpose we//:
a computer network is simp/y a system of interconnected computers2 3ow theyJre connected is
irre/evant. and as weJ// soon see. there are a number of ways to do this2
!2T3*,A)&S4ARA).
AP5BA
8
!"#$%
&'&!TR()*!
!(&R!&
A2 !omponents of a )etwork:
The components 9iven be/ow are main/y used in )etwork Security2
%2!oncentrator
#23ub
?2Repeater
82Brid9es
A2odem
:2Routers
$2!ab/es
:24hat is SecurityF
*n the computer industry. refers to techni@ues for ensurin9 that data stored in a computer cannot
be read or compromised by any individua/s without authoriKation2
ost security measures invo/ve data encryption and passwords2 Data encryption is the
trans/ation of data into a form that is uninte//i9ib/e without a decipherin9 mechanism2 A
password is a secret word or phrase that 9ives a user access to a particu/ar pro9ram or system2
$2 )etwork security :
!onsists of the provisions made in an under/yin9 computer network infrastructure. po/icies
adopted by the network administrator to protect the network and the network; accessib/e
resources from unauthoriKed access and the effectiveness -or /ack0 of these measures
combined to9ether2
H2 4hat is a protoco/F
A protoco/ is a we//;defined specification that a//ows computers to communicate across a
network2 *n a way. protoco/s define the L9rammarL that computers can use to Lta/kL to each
other2
"2 4hat is *PF
*P stands for L*nternet Protoco/L2 *t can be thou9ht of as the common /an9ua9e of computers on
the *nternet2 There are a number of detai/ed descriptions of *P 9iven e/sewhere. so we wonJt
cover it in detai/ in this document
%12 4hat is an *P addressF
*P addresses are ana/o9ous to te/ephone numbers > when you want to ca// someone on the
te/ephone. you must first know their te/ephone number2 Simi/ar/y. when a computer on the
*nternet needs to send data to another computer. it must first know its *P address2 *P addresses
are typica//y shown as four numbers separated by decima/ points. or BdotsC2 For eDamp/e.
%12#82#A82? and %"#2%:H2:#2#?% are *P addresses
%%2 Transfer !ontro/ Protoco/:
T!P is a transport;/ayer protoco/2 *t needs to sit on top of a network;/ayer protoco/. and was
desi9ned to ride atop *P2 -Eust as *P was desi9ned to carry. amon9 other thin9s. T!P packets20
Because T!P and *P were desi9ned to9ether and wherever you have one. you typica//y have
the other. the entire suite of *nternet protoco/s are known co//ective/y as MMT!P5*P2JJ T!P itse/f
has a number of important features that weJ// cover brief/y2
!2T3*,A)&S4ARA).
AP5BA
A
!"#$
%
&'&!TR()*!
!(&R!&
%#2 Types of )etwork:
a2'A)-'oca/ Area )etwork02
b24A)-4ide Area )etwork02
c2A)-etropo/itan Area )etwork02
%?2 &;commerce mode/s2
a2B#!?2B
#7
A2!#B-!onsumer to
Business0
b2B#B82!
#!

%824hat are the Advanta9es of &/ectronic payment systemsF
They work in the same way as traditiona/ checks. thus simp/ifyin9 customer education
&/ectronic checks are we// suited for c/earin9 micro payments
&/ectronic checks create f/oat and the avai/abi/ity of f/oat is an important re@uirement for
commerce2
Financia/ risk is assumed by the accountin9 server and may resu/t in easier acceptance2
%A24hat are the advanta9es of T!P5*P Protoco/F
NThey are everywhereO *tJs the common wor/dwide standard now for networkin92
N*nteroperabi/ity: different types computers from different vendors can communicate seam/ess/y
if they speak the same T!P5*P /an9ua9e2
NBui/t;in inte//i9ent mechanisms for error and f/ow contro/2
Nany others. <ust 7oo9/e advanta9es of T!P5*P2
%:2 4hat are the advanta9es of &;!ommerceF
N)ew marketin9 time opportunities2
N&/ectronic bi// presentment and payment services
NRe/ated products and cross se//in9
NFeatured product /istin9
N!oupon codes. 9ift certificates
N*nventory contro/
NBackorders a//owed
%$2 4hat is commercia/ transactionF
A commercia/ contract dea/s with pure/y business or commercia/ transaction2 Any contract. as
/on9 as
the parties fu/fi// their respective promises
!2T3*,A)&S4ARA).
AP5BA
:
Ads not by this site
!"#$
%
&'&!TR()*!
!(&R!&
PART > B
%2 &6P'A*) *)T&R)&T &)V*R()&)T
A wor/dwide system of interconnected computer networks2 The ori9ins of the *nternet can be
traced to the creation of ARPA)&T -Advanced Research Pro<ects A9ency )etwork0 as a
network of computers under the auspices of the +2S2 Department of Defense in %":"2 Today.
the *nternet connects mi//ions of computers around the wor/d in a nonhierarchica/ manner
unprecedented in the history of communications2 The *nternet is a product of the conver9ence of
media. computers. and te/ecommunications2 *t is not mere/y a techno/o9ica/ deve/opment but
the product of socia/ and po/itica/ processes. invo/vin9 both the academic wor/d and the
9overnment -the Department of Defense02 From its ori9ins in a nonindustria/. noncorporate
environment and in a pure/y scientific cu/ture. it has @uick/y diffused into the wor/d of commerce2
The *nternet is a combination of severa/ media techno/o9ies and an e/ectronic version of
newspapers. ma9aKines. books. cata/o9s. bu//etin boards. and much more2 This versati/ity 9ives
the *nternet its power2
Techno/o9ica/ features
The *nternet J's techno/o9ica/ success depends on its principa/ communication too/s. the
Transmission !ontro/ Protoco/ -T!P0 and the *nternet Protoco/ -*P02 They are referred to
fre@uent/y as T!P5*P2 A protoco/ is an a9reed;upon set of conventions that defines the ru/es of
communication2 T!P breaks down and reassemb/es packets. whereas *P is responsib/e for
ensurin9 that the packets are sent to the ri9ht destination2
Data trave/s across the *nternet throu9h severa/ /eve/s of networks unti/ it reaches its
destination2 &; mai/ messa9es arrive at the mai/ server -simi/ar to the /oca/ post office0 from a
remote persona/ computer connected by a modem. or a node on a /oca/;area network2 From the
server. the messa9es pass throu9h a router. a specia/;purpose computer ensurin9 that each
messa9e is sent to its correct destination2 A messa9e may pass throu9h severa/ networks to
reach its destination2 &ach network has its own router that determines how best to move the
messa9e c/oser to its destination. takin9 into account the traffic on the network2 A messa9e
passes from one network to the neDt. unti/ it arrives at the destination network. from where it can
be sent to the recipient. who has a mai/boD on that network2 See a/so &/ectronic mai/P 'oca/;
area networksP 4ide;area networks2
T!P5*P
T!P5*P is a set of protoco/s deve/oped to a//ow cooperatin9 computers to share resources
across the networks2 The T!P5*P estab/ishes the standards and ru/es by which messa9es are
sent throu9h the networks2 The most important traditiona/ T!P5*P services are fi/e transfer.
remote /o9in. and mai/ transfer2
The fi/e transfer protoco/ -FTP0 a//ows a user on any computer to 9et fi/es from another
computer. or to send fi/es to another computer2 Security is hand/ed by re@uirin9 the user to
specify a user name and password for the other computer2
The network termina/ protoco/ -T&')&T0 a//ows a user to /o9 in on any other computer on the
network2 The user starts a remote session by specifyin9 a computer to connect to2 From that
time unti/ the end of the session. anythin9 the user types is sent to the other computer2
!2T3*,A)&S4ARA).
AP5BA
$
!"#$%
&'&!TR()*!
!(&R!&
ai/ transfer a//ows a user to send messa9es to users on other computers2 (ri9ina//y. peop/e
tended to use on/y one or two specific computers2 They wou/d maintain Bmai/ fi/esC on those
machines2 The computer mai/ system is simp/y a way for a user to add a messa9e to another
userJs mai/ fi/e2
(ther services have a/so become important: resource sharin9. disk/ess workstations. computer
conferencin9. transaction processin9. security. mu/timedia access. and directory services2
T!P is responsib/e for breakin9 up the messa9e into data9rams. reassemb/in9 the data9rams at
the other end. resendin9 anythin9 that 9ets /ost. and puttin9 thin9s back in the ri9ht order2 *P is
responsib/e for routin9 individua/ data9rams2 The data9rams are individua//y identified by a
uni@ue se@uence number to faci/itate reassemb/y in the correct order2 The who/e process of
transmission is done throu9h the use of routers2 Routin9 is the process by which two
communication stations find and use the optimum path across any network of any comp/eDity2
Routers must support fra9mentation. the abi/ity to subdivide received information into sma//er
units where this is re@uired to match the under/yin9 network techno/o9y2 Routers operate by
reco9niKin9 that a particu/ar network number re/ates to a specific area within the interconnected
networks2 They keep track of the numbers throu9hout the entire process2
Domain )ame System
The addressin9 system on the *nternet 9enerates *P addresses. which are usua//y indicated by
numbers such as %#H2#1%2H:2#"12 Since such numbers are difficu/t to remember. a user;friend/y
system has been created known as the Domain )ame System -D)S02 This system provides the
mnemonic e@uiva/ent of a numeric *P address and further ensures that every site on the *nternet
has a uni@ue address2 For eDamp/e. an *nternet address mi9ht appear as crito2uci2edu2 *f this
address is accessed throu9h a 4eb browser. it is referred to as a +R' -+niform Resource
'ocator0. and the fu// +R' wi// appear as http:55www2crito2uci2edu2
The Domain )ame System divides the *nternet into a series of component networks ca//ed
domains that enab/e e;mai/ -and other fi/es0 to be sent across the entire *nternet2 &ach site
attached to the *nternet be/on9s to one of the domains2 +niversities. for eDamp/e. be/on9 to the
BeduC domain2 (ther domains are 9ov -9overnment0. com -commercia/ or9aniKations0. mi/
-mi/itary0. net -network service providers0. and or9 -nonprofit or9aniKations02
4or/d 4ide 4eb
The 4or/d 4ide 4eb -4440 is based on techno/o9y ca//ed hyperteDt2 The 4eb may be
thou9ht of as a very /ar9e subset of the *nternet. consistin9 of hyperteDt and hypermedia
documents2 A hyperteDt document is a document that has a reference -or /ink0 to another
hyperteDt document. which may be on the same computer or in a different computer that may
be /ocated anywhere in the wor/d2 3ypermedia is a simi/ar concept eDcept that it provides /inks
to 9raphic. sound. and video fi/es in addition to teDt fi/es2
*n order for the 4eb to work. every c/ient must be ab/e to disp/ay every document from any
server2 This is accomp/ished by imposin9 a set of standards known as a protoco/ to 9overn the
way that data are transmitted across the 4eb2 Thus data trave/ from c/ient to server and back
throu9h a protoco/ known as the 3yperTeDt Transfer Protoco/ -http0 2 *n order to access the
documents that are transmitted throu9h this protoco/. a specia/ pro9ram known as a browser is
re@uired. which browses the 4eb2 See a/so 4or/d 4ide 4eb2
!2T3*,A)&S4ARA).
AP5BA
H
!"#$
%
&'&!TR()*!
!(&R!&
!ommerce on the *nternet
!ommerce on the *nternet is known by a few other names. such as e;business. &tai/in9
-e/ectronic retai/in90. and e;commerce2 The stren9ths of e;business depend on the stren9ths of
the *nternet2 *nternet commerce is divided into two ma<or se9ments. business;to;business -B#B0
and business;to;consumer -B#!02 *n each are some companies that have started their
businesses on the *nternet. and others that have eDisted previous/y and are now transitionin9
into the *nternet wor/d2 Some products and services. such as books. compact disks -!Ds0.
computer software. and air/ine tickets. seem to be particu/ar/y suited for on/ine business2
4or/d 4ide 4eb :
A ma<or service on the *nternet2 To understand eDact/y how the 4eb re/ates to the *nternet. see
4eb vs2 *nternet2 The 4or/d 4ide 4eb is made up of L4eb serversL that store and disseminate
L4eb pa9es.L which are LrichL documents that contain teDt. 9raphics. animations and videos to
anyone with an *nternet connection2
The heart of the 4eb techno/o9y is the hyper/ink. which connects each document to each other
by its L+R'L address. whether /oca//y or in another country2
L!/ick hereL caused the 4eb to eDp/ode in the mid;%""1s. turnin9 the *nternet into the /ar9est
shoppin9 ma// and information source in the wor/d2 *t a/so enab/ed the concept of a L9/oba/
serverL that provides a source for a// app/ications and data -see 4eb #2102
The Browser
4eb pa9es are accessed by the user via a 4eb browser app/ication such as *nternet &Dp/orer.
)etscape. Safari. (pera and FirefoD2 The browser renders the pa9es on screen. eDecutes
embedded scripts and automatica//y invokes additiona/ software as needed2 For eDamp/e.
animations and specia/ effects are provided by browser p/u9;ins. and audio and video are
p/ayed by media p/ayer software that either comes with the operatin9 system or from a third
party2
3T' *s the Format
A 4eb pa9e is a teDt document embedded with 3T' ta9s that define how the teDt is rendered
on screen2 4eb pa9es can be created with any teDt editor or word processor2 They are a/so
created in 3T' authorin9 pro9rams that provide a 9raphica/ interface for desi9nin9 the /ayout2
Authorin9 pro9rams 9enerate the 3T' ta9s behind the scenes. but the ta9s can be edited if
re@uired2 any app/ications eDport documents direct/y to 3T'. thus basic 4eb pa9es can be
created in numerous ways without 3T' codin92 The ease of pa9e creation he/ped fue/ the
4ebJs 9rowth2
A co//ection of 4eb pa9es makes up a 4eb site2 Very /ar9e or9aniKations dep/oy their 4eb
sites on inhouse servers or on their own servers co;/ocated in a third party faci/ity that provides
power and *nternet access2 Sma// to medium sites are 9enera//y hosted by *nternet service
providers -*SPs02 i//ions of peop/e have deve/oped their own mini 4eb sites as *SPs typica//y
host a sma// number of persona/ 4eb pa9es at no eDtra cost to individua/ customers2
The *ntranet
!2T3*,A)&S4ARA).
AP5BA
"
Ads not by this site
!"#$
%
&'&!TR()*!
!(&R!&
The pub/ic 4eb spawned the private Lintranet.L an inhouse 4eb site for emp/oyees2 Protected
via a firewa// that /ets emp/oyees access the *nternet. the firewa// restricts uninvited users from
comin9 in and viewin9 interna/ information2 There is no difference in intranet and 4eb
architectures2 *t has on/y to do with who has access2
3TTP !an De/iver Anythin9
3T' pa9es are transmitted to the user via the 3TTP protoco/2 A 4eb server stores 3T'
pa9es for a 4eb site. but it can a/so be a storehouse for any kind of fi/e de/ivered to a c/ient
app/ication via 3TTP2 For eDamp/e. the 4indows version of this &ncyc/opedia is avai/ab/e as an
3TTP app/ication2 The teDt and ima9es are hosted on The !omputer 'an9ua9e !ompanyJs
4eb server and de/ivered to the 4indows c/ient in the userJs P!2 The 4indows c/ient is an
3TTP;enab/ed version of the popu/ar interface first introduced in %"": for stand;a/one P!s and
c/ient5server 'A)s2
4here *t !ame From ; 4here *tJs 7oin9
The 4or/d 4ide 4eb was deve/oped at the &uropean (r9aniKation for )uc/ear Research
-!&R)0 in 7eneva from a proposa/ by Tim Berners;'ee in %"H"2 *t was created to share
research information on nuc/ear physics2 *n %""%. the first command /ine browser was
introduced2 By the start of %""?. there were A1 4eb servers. and the Voi/a 6 4indow browser
provided the first 9raphica/ capabi/ity2 *n that same year. !&R) introduced its acintosh
browser. and the )ationa/ !enter for Supercomputin9 App/ications -)!SA0 in !hica9o
introduced the 6 4indow version of osaic2 osaic was deve/oped by arc Andreessen. who
/ater became wor/d famous as a principa/ at )etscape2
By %""8. there were approDimate/y A11 4eb sites. and. by the start of %""A. near/y %1.1112 By
the turn of the century. there were more than ?1 mi//ion re9istered domain names2 any be/ieve
the 4eb si9nified the rea/ be9innin9 of the information a9e2 3owever. those peop/e who sti// use
ana/o9 dia/;up modems consider it the L4or/d 4ide 4ait2L
&veryone has some interest in the 4eb2 *SPs. cab/e and te/ephone companies want to 9ive you
connectivity2 4ebmasters want more visitors2 *T mana9ers want more security2 The pub/ishin9
industry wants to preserve its copyri9hts2 3ardware and software vendors want to make every
product 4eb accessib/e2 )othin9 in the computer5communications fie/d ever came onto the
scene with such intensity2 &ven with the dot;com crash of #1115#11%. the future of the 4eb is
9oin9 to be very eDcitin92 Stay tunedO See 4eb #21. *nternet. 3TTP. 3T'. 4or/d 4ide 4ait
and 4i/d 4oo/y 4eb2
# 2 &Dp/ain &commerce I (n/ine vs LTraditiona/L !ommerce &Dpectations Are
'earned (ff/ine
+sers come to on/ine commerce with some key eDperientia/ understandin9s of the
characteristics of
traditiona/ commerce2
*dentity2 !ustomers can easi/y authenticate the identity of a merchant simp/y by wa/kin9 into a
bricks;and; mortar store2 Stores can be members of a community and nei9hborhoodP they can
be part of customersJ dai/y eDperience2 There is a concreteness about a physica/ store that no
amount of 3T' wi// ever match2
*mmediacy2 !ustomers can touch and fee/ and ho/d the merchandise2 Tacti/e cues can drive the
decision to
!2T3*,A)&S4ARA).
AP5BA
%1
!"#$%
&'&!TR()*!
!(&R!&
buy2 A transaction that is face;to;face is usua//y unmediated: your communication with the
merchant is not in the hands of a third party or techno/o9y -as with orderin9 by phone02
Va/ue2 The item at the center of the commerce transaction ;; the product. service. or property
that is to be so/d5bou9ht ;; has some kind of va/ue2 *ts price is determined and va/idated throu9h
the performance of the transaction2 The se//er a9rees to a se//in9 price. and the buyer a9rees to
a buyin9 price2 The va/ue of an item. especia//y the re/ative va/ue an item has for the buyer. is
much easier to appraise if that item is c/ose at hand2
Discourse2 !ustomers can converse with the merchant face;to;faceP unmediated conversation is
basic to human communication2 Peop/e want the feedback avai/ab/e from non;verba/ behavior.
which forms a /ar9e part of our <ud9ment process2
!ommunity2 !ustomers can interact with other customers and 9ain feedback about the
merchant from other customers. as we// as by observin9 the merchant interactin9 with other
customers2
Privacy2 !ustomers can make purchases anonymous/y with cashP they usua//y donJt have to
9ive their name or address2 They donJt usua//y have to worry about what a store wi// do with
their persona/ information. a/thou9h this is becomin9 more of an issue with various recent
attempts by /awyers to access private sa/es and renta/ records2 Privacy is often a measure of
how much of his or her identity a buyer wants to invest in a transactionP sometimes. we <ust
want to @uiet/y make our purchase and /eave with it2
An on/ine commerce customer faces mediation in every e/ement and at every sta9e of the
commerce transaction2 !ustomers canJt see the merchant. on/y the merchantJs websiteP they
canJt touch the merchandise. they can on/y see a representationP they canJt wander a store and
speak with emp/oyees. they can on/y browse 3T' pa9es. read FAQs. and fire off emai/ to
name/ess customer service mai/boDesP they canJt eDp/ore the storeJs she/ves and product
space. they can on/y search a di9ita/ cata/o92 A customer at an on/ine commerce site /acks the
concrete cues to comfortab/y assess the trustworthiness of the site. and so must re/y on new
kinds of cues2 The prob/em for the on/ine customer is that the web is new ;; to a /ar9e sector of
the on/ine audience ;; and on/ine commerce seems /ike a step into an unknown eDperience2
!2T3*,A)&S4ARA).
AP5BA
%
%
!"#$
%
&'&!TR()*!
!(&R!&
?2 Different =inds of LTraditiona/L !ommerce ode/s2
)ot every commerce transaction is identica/. and not every transaction is the same type of
transaction2 *n my eDperience. * have dea/t with rou9h/y five types of commerce transaction
off/ine -this is not an attempt at a taDonomy of commerce transactions. <ust my common;sense
eDp/oration of my own eDperience0:
Retai/ store
This is by far the most common commerce eDperience in American cu/ture: you wa/k into a store
that is stocked with merchandise for immediate sa/e ;; bookstores. 9rocery stores. hardware
stores ;; and find what you want. then purchase it2 ,ou /eave the store with the product.
assumin9 immediate ownership2
Retai/ specia/ order
4hen a retai/ store doesnJt stock the product you want. or is current/y out of stock. you often
have the option of specia/ orderin9 the product2 *f a bookstore doesnJt care a sma// press book
tit/e that you want. and the tit/e is in print. you can usua//y specia/ order the tit/e from the storeP
the store /ocates the product. buys it. then rese//s it you2 De/ayed 9ratification. but you have the
advanta9e of dea/in9 with a merchant face;to;face2 * wou/d consider rain checks in this same
cate9ory2
!ata/o9ue store
Sma//er towns sometimes have cata/o9ue stores. where a /ar9e merchant doesnJt see a /oca/
demand to keep a store stocked with merchandise. so they instead provide a storefront where
peop/e can come in and /ook at cata/o9ues. and order from a company representative2 Sears is
a company that operates cata/o9ue stores -or at /east they used to0. and Service erchandise
functions as a cata/o9ue store for much of their LstockL2
phone order from a cata/o9ue
ai/ order cata/o9ues. with their operators standin9 by. have been around /on9er than the
internet2 4hi/e you canJt touch and fee/ the merchandise prior to orderin9. you can at /east
speak with a /ive person when p/acin9 the orderP *Jve had some eDce//ent shoppin9 eDperiences
with mai/ order cata/o9 customer service reps2
Bar9ainin9
* find this the stran9est form of commerce transactionP * simp/y am not used to bar9ainin9222 <ust
9ive me a price. and *J// decide whether or not to pay it2 The +nited
States is not a country with a vibrant bar9ainin9 cu/ture. but if you trave/ internationa//y you wi//
encounter cu/tures that thrive on bar9ainin92 *n the +2S2. buyin9 an automobi/e or shoppin9 at
co//ectors conventions is often a bar9ainin9 eDperience2
4hi/e these may be different types of commerce transactions. they are a// c/ear/y re/ated2 They
share e/ements /ike the ro/es invo/ved -se//er and buyer0. steps in the transactions -price must
be a9reed upon. money must chan9e hands0. and under/yin9 concepts -the va/ue of this
merchandise to me. do * know this merchantF02 +/timate/y. these different transactions differ
on/y s/i9ht/y on some few e/ements. with the bu/k of the transaction adherin9 to the interna/
mode/s that we have bui/t for what commerce is /ike2
!2T3*,A)&S4ARA).
AP5BA
%#
!"#$% &'&!TR()*!
!(&R!&
*n fact. based on our eDperience. we bui/d frameworks to describe these transactions. with steps
and meanin9fu/ e/ements. and we use these frameworks to understand every new commerce
transaction in which we en9a9e2 These frameworks are ca//ed schemas. and we use these
schemas to make sense of ecommerce web sites when we take our shoppin9 on/ine2
82 &Dp/ain &;commerce advanta9es and disadvanta9es :
&;commerce provides many new ways for businesses and consumers to communicate and
conduct business2 There are a number of advanta9es and disadvanta9es of conductin9
business in this manner2
&;commerce advanta9es
Some advanta9es that can be achieved from e;commerce inc/ude: a2 Bein9 ab/e to
conduct business #8 D $ D ?:A 2
&;commerce systems can operate a// day every day2 ,our physica/ storefront does not need to
be open in order for customers and supp/iers to be doin9 business with you e/ectronica//y2
b2 Access the 9/oba/ marketp/ace 2
The *nternet spans the wor/d. and it is possib/e to do business with any business or person who
is connected to the *nternet2 Simp/e /oca/ businesses such as specia/ist record stores are ab/e to
market and se// their offerin9s internationa//y usin9 e;commerce2 This 9/oba/ opportunity is
assisted by the fact that. un/ike traditiona/ communications methods. users are not char9ed
accordin9 to the distance over which they are communicatin92
c2 Speed2
&/ectronic communications a//ow messa9es to traverse the wor/d a/most instantaneous/y2 There
is no need to wait weeks for a cata/o9ue to arrive by post: that
communications de/ay is not a part of the *nternet 5 e;commerce wor/d2 d2 arketspace2
The market in which web;based businesses operate is the 9/oba/ market2 *t may not be evident
to them. but many businesses are a/ready facin9 internationa/ competition from web;enab/ed
businesses2
e2 (pportunity to reduce costs2
The *nternet makes it very easy to Jshop aroundJ for products and services that may be cheaper
or more effective than we mi9ht otherwise sett/e for2 *t is sometimes possib/e to. throu9h some
on/ine research. identify ori9ina/ manufacturers for some 9oods ; thereby bypassin9 who/esa/ers
and achievin9 a cheaper price2
!2T3*,A)&S4ARA). %
AP5BA ?
Ads not by this site
!"#$
%
&'&!TR()*!
!(&R!&
f2 !omputer p/atform;independent 2
Jany. if not most. computers have the abi/ity to communicate via the *nternet independent of
operatin9 systems and hardware2 !ustomers are not /imited by eDistin9 hardware systemsJ
-7ascoyne R (Kcubukcu. %""$:H$02
92 &fficient app/ications deve/opment environment 2
J*n many respects. app/ications can be more efficient/y deve/oped and distributed because the
can be bui/t without re9ard to the customerJs or the business partnerJs techno/o9y p/atform2
App/ication updates do not have to be manua//y insta//ed on computers2 Rather. *nternet;re/ated
techno/o9ies provide this capabi/ity inherent/y throu9h automatic dep/oyment of software
updatesJ -7ascoyne R (Kcubukcu. %""$:H$02
h2 A//owin9 customer se/f service and Jcustomer outsourcin9J2
Peop/e can interact with businesses at any hour of the day that it is convenient to them. and
because these interactions are initiated by customers. the customers a/so provide a /ot of the
data for the transaction that may otherwise need to be entered by business staff2 This means
that some of the work and costs are effective/y shifted to customersP this is referred to as
Jcustomer outsourcin9J2
i2 Steppin9 beyond borders to a 9/oba/ view2
+sin9 aspects of e;commerce techno/o9y can mean your business can source and use
products and services provided by other businesses in other countries2 This seems obvious
enou9h to say. but peop/e do not a/ways consider the imp/ications of e;commerce2 For eDamp/e.
in many ways it can be easier and cheaper to host and operate some e;commerce activities
outside Austra/ia2 Further. because many e; commerce transactions invo/ve credit cards. many
businesses in Austra/ia need to make arran9ements for acceptin9 on/ine payments2 3owever a
number of ma<or Austra/ian banks have tended to be unhe/pfu/ /a99ards on this front. char9in9 a
/ot of money and makin9 it difficu/t to estab/ish these arran9ements ; particu/ar/y for sma//er
businesses and5or businesses that donJt fit into a traditiona/;economy understandin9 of
business2 *n some cases. therefore. it can be easier and cheaper to set up arran9ements which
bypass this aspect of the Austra/ian bankin9 system2 Admitted/y. this can create some 9rey
areas for /e9a/ and taDation purposes. but these can be dea/t with2 And yes these circumstances
do have imp/ications for Austra/iaJs nationa/ competitiveness and the competitiveness of our
industries and businesses2
:2&Dp/ain &;commerce disadvanta9es and constraints 2
Some disadvanta9es and constraints of e;commerce inc/ude the fo//owin92 a2 Time for
de/ivery of physica/ products 2
*t is possib/e to visit a /oca/ music store and wa/k out with a compact disc. or a bookstore and
/eave with a book2 &;commerce is often used to buy 9oods that are not avai/ab/e /oca//y from
businesses a// over the wor/d. meanin9 that physica/ 9oods need to be de/ivered. which takes
time and costs money2 *n some cases there are ways around this. for eDamp/e. with e/ectronic
fi/es of the music or books bein9 accessed across the *nternet. but then these are not physica/
9oods2
!2T3*,A)&S4ARA).
AP5BA
%8
!"#$%
&'&!TR()*!
!(&R!&
b2 Physica/ product. supp/ier R de/ivery uncertainty 2
4hen you wa/k out of a shop with an item. itJs yours2 ,ou have itP you know what it is. where it is
and how it /ooks2 *n some respects e;commerce purchases are made on trust2 This is because.
first/y. not havin9 had physica/ access to the product. a purchase is made on an eDpectation of
what that product is and its condition2 Second/y. because supp/yin9 businesses can be
conducted across the wor/d. it can be uncertain whether or not they are /e9itimate businesses
and are not <ust 9oin9 to take your money2 *tJs pretty hard to knock on their door to comp/ain or
seek /e9a/ recourseO Third/y. even if the item is sent. it is easy to start wonderin9 whether or not
it wi// ever arrive2
c2 Perishab/e 9oods 2
For9et about orderin9 a sin9/e 9e/ato ice cream from a shop in RomeO Thou9h specia/ised or
refri9erated transport can be used. 9oods bou9ht and so/d via the *nternet tend to be durab/e
and non; perishab/e: they need to survive the trip from the supp/ier to the purchasin9 business
or consumer2 This shifts the bias for perishab/e and5or non;durab/e 9oods back towards
traditiona/ supp/y chain arran9ements. or towards re/ative/y more /oca/ e;commerce;based
purchases. sa/es and distribution2 *n contrast. durab/e 9oods can be traded from a/most anyone
to a/most anyone e/se. sparkin9 competition for /ower prices2 *n some cases this /eads to
disintermediation in which intermediary peop/e and businesses are bypassed by consumers and
by other businesses that are seekin9 to purchase more direct/y from manufacturers2
d2 'imited and se/ected sensory information2
The *nternet is an effective conduit for visua/ and auditory information: seein9 pictures. hearin9
sounds and readin9 teDt2 3owever it does not a//ow fu// scope for our senses: we can see
pictures of the f/owers. but not sme// their fra9ranceP we can see pictures of a hammer. but not
fee/ its wei9ht or ba/ance2 Further. when we pick up and inspect somethin9. we choose what we
/ook at and how we /ook at it2 This is not the case on the *nternet2 *f we were /ookin9 at buyin9 a
car on the *nternet. we wou/d see the pictures the se//er had chosen for us to see but not the
thin9s we mi9ht /ook for if we were ab/e to see it in person2 And. takin9 into account our other
senses. we canJt test the car to hear the sound of the en9ine as it chan9es 9ears or sense the
sme// and fee/ of the /eather seats2 There are many ways in which the *nternet does not convey
the richness of eDperiences of the wor/d2 This /ack of sensory information means that peop/e are
often much more comfortab/e buyin9 via the *nternet 9eneric 9oods ; thin9s that they have seen
or eDperienced before and about which there is /itt/e ambi9uity. rather than uni@ue or comp/eD
thin9s2
e2 Returnin9 9oods2
Returnin9 9oods on/ine can be an area of difficu/ty2 The uncertainties surroundin9 the initia/
payment and de/ivery of 9oods can be eDacerbated in this process2 4i// the 9oods 9et back to
their sourceF 4ho pays for the return posta9eF 4i// the refund be paidF 4i// * be /eft with
nothin9F 3ow /on9 wi// it takeF !ontrast this with the off/ine eDperience of returnin9 9oods to a
shop2
f2 Privacy. security. payment. identity. contract2
any issues arise ; privacy of information. security of that information and payment detai/s.
whether or not payment detai/s -e9 credit card detai/s0 wi// be misused. identity theft. contract.
and. whether we have one or not. what /aws and /e9a/ <urisdiction app/y2
!2T3*,A)&S4ARA).
AP5BA
%
A
!"#$
%
&'&!TR()*!
!(&R!&
92 Defined services R the uneDpected 2
&;commerce is an effective means for mana9in9 the transaction of known and estab/ished
services. that is. thin9s that are everyday2 *t is not suitab/e for dea/in9 with the new or
uneDpected2 For eDamp/e. a transport company used to dea/in9 with simp/e packa9es bein9
asked if it can transport a hippopotamus. or a customer askin9 for a book order to be wrapped
in b/ue and white po/ka dot paper with a bow2 Such re@uests need human intervention to
investi9ate and reso/ve2
h 2Persona/ service 2
A/thou9h some human interaction can be faci/itated via the web. e;commerce can not provide
the richness of interaction provided by persona/ service2 For most businesses. e;commerce
methods provide the e@uiva/ent of an information;rich counter attendant rather than a
sa/esperson2 This a/so means that feedback about how peop/e react to product and service
offerin9s a/so tends to be more 9ranu/ar or perhaps /ost usin9 e;commerce approaches2 *f your
on/y feedback is that peop/e are -or are not0 buyin9 your products or services on/ine. this is
inade@uate for eva/uatin9 how to chan9e or improve your e;commerce strate9ies and5or product
and service offerin9s2 Successfu/ business use of e;commerce typica//y invo/ves strate9ies for
9ainin9 and app/yin9 customer feedback2 This he/ps businesses to understand. anticipate and
meet chan9in9 on/ine customer needs and preferences. which is critica/ because of the
comparative/y rapid rate of on9oin9 *nternet;based chan9e2
i2 SiKe and number of transactions2
&;commerce is most often conducted usin9 credit card faci/ities for payments. and as a resu/t
very sma// and very /ar9e transactions tend not to be conducted on/ine2 The siKe of transactions
is a/so impacted by the economics of transportin9 physica/ 9oods2 For eDamp/e. any benefits or
conveniences of buyin9 a boD of pens on/ine from a +S;based business tend to be ec/ipsed by
the cost of havin9 to pay for them to be de/ivered to you in Austra/ia2 The de/ivery costs a/so
mean that buyin9 individua/ items from a ran9e of different overseas businesses is si9nificant/y
more eDpensive than buyin9 a// of the 9oods from one overseas business because the 9oods
can be packa9ed and shipped to9ether2
*nternet Advanta9es:
a2 #8 hours a day ; $ days a week ; ?:A days per year
&ven if no staff were to be in your office. visitors wi// come to your website2 The website )&V&R
c/oses2
b2 Structura/
An advertisement in a newspaper is worth/ess the day -perhaps two days0 after2 Participation at
a fair or conference doesnJt reach anybody. once it is over2 Apart from thin9s /ike dates and
prices. much of your website content wi// sti// be va/id years after youJve done the work to have it
there2
!2T3*,A)&S4ARA).
AP5BA
%:
!"#$%
&'&!TR()*!
!(&R!&
c2 easurab/e
,ou can measure anythin9P how many peop/e saw your advertisement banners. how many
c/icked on it. how many asked information or a price @uote and how many sa/es on resu/ted
from that campai9n2 ,ou can measure how many peop/e came to your website throu9h certain
key words in a search;en9ine and ca/cu/ate the profits per %2111 visitors on T3AT specific
keyword2 3ow many pa9es did peop/e /ook atF 4hat section of my content is more popu/arF
4hat is the Lnorma/ routeLF 4hat it the most fre@uent LeDit pa9eL -from where they /eave your
siteL2 3ow many visitors are )&4 to the site and how many are repeat; visitsF
d2 *nteractive
Visitors can do a test. they can 9et an automatic price;@uote throu9h a form. they can
participate in a forum. ask a @uestion throu9h different feedback systems -inc/udin9 on/ine02
e2 !ommunity bui/din9
*nvite peop/e to contribute thin9s themse/vesP eva/uations of the product5 the service. tips for
other users. use news/etters2
f2 'ow cost
Eust compare the costs of sendin9 out physica/ mai/in9 to #A.111 addresses. with the costs of
an e; mai/in9 to #A12111 e;mai/ addresses2
92 Reproduction at LKero costL
4hether %.111 visitors come to your site or #A.111. the increased cost is mar9ina/2 !ompare
that with printin9 more brochures. producin9 more videos or usin9 a ca// centre for another
#.111 ca//s2
h2 Saves time -counse//in9 on product and service information 5 administration0
Visitors can access Lfre@uent/y asked @uestionsL to he/p themse/ves. which saves you time2
Peop/e can B+, on/ine. without any member of staff havin9 been invo/ved2
i2 A//ows for new business mode/s -!P. PP!. PP'. affi/iate0
Pay for every time someone S&&S your advertisement. or on/y when they !'*!= on your
banner advertisement. or even on/y when they fi// out a form. that identifies them and makes
them approachab/e (R even ()', pay. when you actua//y 9et a SA'& from another website2
<2 'ow Lhass/eL environment
Apart from Lpop;ups and pop;undersLP any possib/e c/ients wi// find it LsaferL to /ook around on
a website anonymous/y. rather than askin9 a @uestion to a rea/ /ife person2
!2T3*,A)&S4ARA).
AP5BA
%
$
!"#$
%
&'&!TR()*!
!(&R!&
$2 &Dp/ain !ommercia/ Transactions and &/ectronic Transactions F
+nderstandin9 the ways in which commercia/ transactions take p/ace on/ine. across the
*nternet. re@uires understandin9 the way in which any commercia/ transactions takes p/ace2
There wi// be differences between different types of transactions2 A/thou9h the way a /ar9e
corporation buys raw materia/s in bu/k from its supp/ier is different from the way the schoo/chi/d
buys candy at the corner dru9store. both transactions share certain characteristics2
'et us eDamine some of the issues invo/ved in e/ectronic commerce by takin9 a /ook at what
happens in the course of any commercia/ transaction. we wi// focus on the issues invo/ved in
simp/e retai/ transactions. since virtua//y everyone is fami/iar and comfortab/e with this type of
transaction2
%2&stab/ishin9 Trust
#2)e9otiatin9 a Dea/
?2Payment and Sett/ement
82Payment Vehic/es and !urrencies
A2Products and De/ivery
&/ectronic Transactions :
4hen considerin9 on/ine commerce. it is important to maintain a perspective and define a
conteDt2 Broadcastin9 networks. particu/ar/y te/evision networks. have a /on9 history of bein9
used to market products. a/thou9h viewers cannot use that same medium to p/ace orders2 with
widespread use of credit cards. consumers and merchants have been happi/y transactin9
business over the te/ephone networks for many years2 3i9h/y sensitive bankin9 transactions
have been routine/y processed throu9h AT networks since the /ate %"$1s2
(nce participants in the e/ectronic marketp/ace understand the mechanisms set up for
transactin9 business across the *nternet. buyin9 and se//in9 on/ine wi// be at /east as simp/e and
trusted a method as buyin9 by phone or in person2
H2 4ith a neat sketch eDp/ain the &/ectronic !ommerce industry frame workF
*ntroduction
&/ectronic commerce is the abi/ity to perform transactions invo/vin9 the eDchan9e of 9oods or
services between two or more parties usin9 e/ectronic too/s and techni@ues2 'on9 emp/oyed by
/ar9e businesses and financia/ service or9aniKations. severa/ factors are now conver9in9 to
brin9 e/ectronic commerce to a new /eve/ of uti/ity and viabi/ity for sma// businesses and
individua/s ;; thereby promisin9 to make it part of everyday /ife2
These enab/in9 factors inc/ude improved broader competitive access to networks. and the
reduced cost and increased user;friend/iness of both 9enera/;purpose computers and
specia/iKed devices2 The rapid 9rowth of primari/y the *nternet and other on;/ine services.
convenient point;of;sa/e payment systems. and automated te//er machines a// set the sta9e for
broad; sca/e e/ectronic commerce2 Further. with re/ent/ess pressures of competition at a// /eve/s
of the economy. the efficiencies offered by e/ectronic commerce are becomin9 hard to i9nore2
!2T3*,A)&S4ARA).
AP5BA
%
H
!"#$
%
&'&!TR()*!
!(&R!&
This white paper discusses primari/y technica/ issues that. if proper/y addressed. can 9uide the
evo/ution of e/ectronic commerce2 3owever. it is reco9niKed that numerous comp/eD socia/. /e9a/
and re9u/atory issues of e@ua/ importance must a/so be addressed if the potentia/ of e/ectronic
commerce is to be rea/iKed2 These inc/ude findin9 acceptab/e methods for authentication and
protection of information. accomodatin9 the specia/ needs of /aw enforcement and internationa/
transactions. and creatin9 the re@uisite means. techno/o9ica/ and otherwise. of sett/in9 disputes2
4e point them out here specifica//y to emphasiKe their importance. but do not treat them at
/en9th in this paper2 The remainder of the paper answers the fo//owin9 @uestions about
e/ectronic commerce:
Section # describes the advanta9es of e/ectronic versus paper;based commerce and discusses
severa/ shortcomin9s of present e/ectronic commerce systems2 *t then describes the kinds of
pro9ress that wi// need to be made to overcome these deficiencies and create an e/ectronic
commerce infrastructure2 Section ? describes the actua/ re@uirements of e/ectronic commerce in
terms of -%0 the framework that must be in p/ace. -#0 the activities and functions that must be
supported. and -?0 the bui/din9 b/ocks re@uired to support these activities and functions2 Section
8 presents an architecture and mode/ for e/ectronic commerce2 Section A draws imp/ications for
future technica/ needs and for e/ectronic commerce2
Types of information providers
Traditiona//y. in the physica/ wor/d. we distin9uish between three different types of information;
driven companies: those that create content -e29 TV production0. those that define the form or
format -e29 recordin9 studio0 and fina//y those that provide the distribution medium2-e29 TV
broadcastin9 station and cab/e operators0 2 !ompanies that are tar9etin9 vertica/ markets need
access in a// three areas -see red. dashed circ/e. fi9 %02
&! functions
The fo//owin9 ten functions must be provided in order to &! to occurP in essense. they are the
enab/ers of
&!:
NStandards settin9 body
N4A) service provider
N3ostin9 service -i2e data center0
NSoftware deve/oper -*SV or VAR0
N!ertification authority
NPub/isher5A99re9ator -presense provider0
N!opyri9ht broker
Neterin9 authority
!2T3*,A)&S4ARA).
AP5BA
%"
!"#$%
&'&!TR()*!
!(&R!&
NAuditin9 authority
N*nformation consumer
The provision of the above ten &! functions does not necessitate the invo/vement of an
e@uiva/ent number of partiesP many of these wi// be carried out by the same provider2 For
eDamp/e. the 3ostin9 Service can be the same or9aniKation as the Pub/isher5A99re9ator2
"2 Definition &;commerce and *ntroduction of &;commerceF2
&/ectronic commerce. common/y known as e;commerce or e!ommerce. consists of the buyin9
and se//in9 of products or services over e/ectronic systems such as the *nternet and other
computer networks2 The amount of trade conducted e/ectronica//y has 9rown dramatica//y since
the wide introduction of the *nternet2 A wide variety of commerce is conducted in this way.
inc/udin9 thin9s such as e/ectronic funds transfer. supp/y chain mana9ement. e;marketin9.
on/ine marketin9. on/ine transaction processin9. e/ectronic data interchan9e -&D*0. automated
inventory mana9ement systems. and automated data co//ection systems2 odern e/ectronic
commerce typica//y uses the 4or/d 4ide 4eb at /east some point in the transactionJs /ifecyc/e.
a/thou9h it can encompass a wide ran9e of techno/o9ies such as e;mai/ as we//2
*ntroduction of &;commerce2
&/ectronic commerce. common/y known as e;commerce or e!ommerce. consists of the buyin9
and se//in9 of products or services over e/ectronic systems such as the *nternet and other
computer networks2 The amount of trade conducted e/ectronica//y has 9rown dramatica//y since
the wide introduction of the *nternet2 A wide variety of commerce is conducted in this way.
inc/udin9 thin9s such as e/ectronic funds transfer. supp/y chain mana9ement. e;marketin9.
on/ine marketin9. on/ine transaction processin9. e/ectronic data interchan9e -&D*0. automated
inventory mana9ement systems. and automated data co//ection systems2 odern e/ectronic
commerce typica//y uses the 4or/d 4ide 4eb at /east some point in the transactionJs /ifecyc/e.
a/thou9h it can encompass a wide ran9e of techno/o9ies such as e;mai/ as we//2
A sma// percenta9e of e/ectronic commerce is conducted entire/y e/ectronica//y for Lvirtua/L items
such as access to premium content on a website. but most e/ectronic commerce eventua//y
invo/ves physica/ items and their transportation in at /east some way2
%12 &Dp/ain 3istory of the &;commerce and *nternet F
The meanin9 of the term Le/ectronic commerceL has chan9ed over the /ast ?1 years2 (ri9ina//y.
Le/ectronic commerceL meant the faci/itation of commercia/ transactions e/ectronica//y. usua//y
usin9 techno/o9y /ike &/ectronic Data *nterchan9e -&D*0 and &/ectronic Funds Transfer -&FT0.
where both were introduced in the /ate %"$1s. for eDamp/e. to send commercia/ documents /ike
purchase orders or invoices e/ectronica//y2
The Je/ectronicJ or JeJ in e;commerce refers to the techno/o9y5systemsP the JcommerceJ refers to
be traditiona/ business mode/s2 &;commerce is the comp/ete set of processes that support
commercia/ business
!2T3*,A)&S4ARA).
AP5BA
#
1
!"#$
%
&'&!TR()*!
!(&R!&
activities on a network2 *n the %"$1s and %"H1s. this wou/d a/so have invo/ved information
ana/ysis2 The 9rowth and acceptance of credit cards. automated te//er machines -AT0 and
te/ephone bankin9 in the %"H1s were a/so forms of e;commerce2 3owever. from the %""1s
onwards. this wou/d inc/ude enterprise resource p/annin9 systems -&RP0. data minin9 and data
warehousin92
*n the dot com era. it came to inc/ude activities more precise/y termed L4eb commerceL ;; the
purchase of 9oods and services over the 4or/d 4ide 4eb. usua//y with secure connections
-3TTPS. a specia/ server protoco/ that encrypts confidentia/ orderin9 data for customer
protection0 with e;shoppin9 carts and with e/ectronic payment services. /ike credit card payment
authoriKations2
Today. it encompasses a very wide ran9e of business activities and processes. from e;bankin9
to offshore manufacturin9 to e;/o9istics2 The ever 9rowin9 dependence of modern industries on
e/ectronica//y enab/ed business processes 9ave impetus to the 9rowth and deve/opment of
supportin9 systems. inc/udin9 backend systems. app/ications and midd/eware2 &Damp/es are
broadband and fibre;optic networks. supp/y; chain mana9ement software. customer re/ationship
mana9ement software. inventory contro/ systems and financia/ accountin9 software2
4hen the 4eb first became we//;known amon9 the 9enera/ pub/ic in %""8. many <ourna/ists and
pundits forecast that e;commerce wou/d soon become a ma<or economic sector2 3owever. it
took about four years for security protoco/s -/ike 3TTPS0 to become sufficient/y deve/oped and
wide/y dep/oyed2 Subse@uent/y. between %""H and #111. a substantia/ number of businesses in
the +nited States and 4estern &urope deve/oped rudimentary web sites2
A/thou9h a /ar9e number of Lpure e;commerceL companies disappeared durin9 the dot;com
co//apse in #111 and #11%. many Lbrick;and;mortarL retai/ers reco9niKed that such companies
had identified va/uab/e niche markets and be9an to add e;commerce capabi/ities to their 4eb
sites2 For eDamp/e. after the co//apse of on/ine 9rocer 4ebvan. two traditiona/ supermarket
chains. A/bertsons and Safeway. both started e; commerce subsidiaries throu9h which
consumers cou/d order 9roceries on/ine2
The emer9ence of e;commerce a/so si9nificant/y /owered barriers to entry in the se//in9 of many
types of 9oodsP accordin9/y many sma// home;based proprietors are ab/e to use the internet to
se// 9oods2 (ften. sma// se//ers use on/ine auction sites such as eBay. or se// via /ar9e corporate
websites /ike AmaKon2com. in order to take advanta9e of the eDposure and setup convenience
of such sites2
*nternet :
The internet is a co//ection of wires. protoco/s and hardware that a//ows the e/ectronic
transmission of data over T!P5*P2 The *nternet forms a 9/oba/ n5w of computers that can share
data and pro9rams2 the computers are connected throu9h a series of 'A). 4A) and transfer
data throu9h he communication ru/es set forth by the T!P5*P2
Four !omponents to use the *nternet in an easy
manner:

%2 D)S-Domain )ame System02
!2T3*,A)&S4ARA). AP5BA
#
%
!"#$% &'&!TR()*! !(&R!&
#2Packet switchin9 . routin9
?2T!P
82*P Address
T!P ;G S5w ensures the safe and re/iab/e transfer of the data2 *P ;G *P S5w ets the ru/es for data
transfer over a n5w2
%%2Define 444 and Advanta9es of &;!ommerceF
Tim Berners > 'ee first ca//ed the 444 in %""12
4eb !onsists of three movin9 parts:
%24eb
pa9es2
#2'ink
s2
?2Serve
rs
N4eb content types 'inks
Forms *ma9es 7*F EP&7
u/timedia 4eb browsers:
NA// web pa9es are viewed throu9h P9ms ca//ed 4eb browsers2
NSma// in siKe and simp/e2
N3ow 4ebbrowser 4orks:;
N+sin9 +R'. The +R' te//s the browser severa/ thin9s about how to access the desired content
N&Damp/e:
Nhttp:55www2mcompany2com5home2htm/
N
Nit eDp/ains:
Nhttp ;Gprotoco/ used
Nwww2mcompany2com ;G Server
Nhome2htm/;Gfi/e ;Gresidin9 on a server ca//ed www2mcompany2com-/ocation of the fi/e0
Advanta9es of &;!ommerce:
N)ew marketin9 time opportunities2
N&/ectronic bi// presentment and payment services
NRe/ated products and cross se//in9
!2T3*,A)&S4ARA).
AP5BA
#
#
!"#$
%
&'&!TR()*!
!(&R!&
NFeatured product /istin9
N!oupon codes. 9ift certificates
N*nventory contro/
NBackorders a//owed
NQuantity discounts
N4ho/esa/e pricin9 capabi/ity
N(n Screen shoppin9 /ist
N*mport eDistin9 data
NSin9/e or batch picture up/oads
N)o p/u9;ins 5 pro9rammin9
N4eb based administration
N!omp/ete store front system
!2T3*,A)&S4ARA).
AP5BA
#?
!"#$%
&'&!TR()*!
!(&R!&
+)*T > **
-S&!+R*T, T&!3)('(7*&S0
PART > A
%2 4hat is a secured web serverF
A computer that de/ivers -serves up0 4eb pa9es2 &very 4eb server has an *P address and
possib/y a domain name2 For eDamp/e. if you enter the +R'
http:55www2pcwebopedia2com5indeD2htm/ in your browser. this sends a re@uest to the server
whose domain name is pcwebopedia2com2 The server then fetches the pa9e named indeD2htm/
and sends it to your browser
#2 4hat is a packet switched networkF
)etwork that does not estab/ish a dedicated path throu9h the network for the duration of a
session. optin9 instead to transmit data in units ca//ed packets in a connection/ess manner2 Data
streams are broken into packets at the front end of a transmission. sent over the best avai/ab/e
network connection. and then reassemb/ed in their ori9ina/ order at the destination endpoint2
?2 4hat is a software a9entF
*n computer science. a software a9ent is a piece of software that acts for a user or other
pro9ram in a
re/ationship of a9ency
82 Define D)S2
-%0 Short for Domain )ame System -or Service or Server0. an *nternet service that trans/ates
domain names into *P addresses2 Because domain names are a/phabetic. theyJre easier to
remember2 The *nternet however. is rea//y based on *P addresses2 &very time you use a domain
name. therefore. a D)S service must trans/ate the name into the correspondin9 *P address2 For
eDamp/e. the domain name www2eDamp/e2com mi9ht trans/ate to %"H2%1A2#?#282
A2 4hat is the need for inte//i9ent a9entsF
The concept of an a9ent has become important in both Artificia/ *nte//i9ence -A*0 and
mainstream
computer science2 (ur aim in this paper is to point the reader at what we perceive to be the
most important
theoretica/ and practica/ issues associated with the desi9n and construction of inte//i9ent a9ents2
:2 4hat is a markup /an9ua9eF
arkup /an9ua9e is a set of codes or ta9s that surrounds content and te//s a person or pro9ram
what that content is -its structure0 and5or what it shou/d /ook /ike -its format02 arkup ta9s have a
distinct syntaD that sets them apart from the content that they surround
!2T3*,A)&S4ARA).
AP5BA
#
8
!"#$
%
&'&!TR()*!
!(&R!&
$2 4hat is Di9ita/ Si9nature F
*n crypto9raphy. a di9ita/ si9nature or di9ita/ si9nature scheme is a type of asymmetric
crypto9raphy used to simu/ate the security properties of a si9nature in di9ita/. rather than
written. form2 Di9ita/ si9nature schemes norma//y 9ive two a/9orithms. one for si9nin9 which
invo/ves the userJs secret or private key. and one for verifyin9 si9natures which invo/ves the
userJs pub/ic key2 The output of the si9nature process is ca//ed the Ldi9ita/ si9nature2L
H24hat are the Security !oncerns F
a2!onfidentia/ity
b2Authenticity
c2*nte9rity
"24hat are the risk F
Some serious risks are when u transmit data across the internet2
a2*nterception by third party
b2For9ery
c2odification
PART > B
%2 &Dp/ain *nternet F
The internet is a co//ection of wires. protoco/s and hardware that a//ows the e/ectronic
transmission of data over T!P5*P2 The *nternet forms a 9/oba/ n5w of computers that can share
data and pro9rams2 the computers are connected throu9h a series of 'A). 4A) and transfer
data throu9h he communication ru/es set forth by the T!P5*P2
Four !omponents to use the *nternet in an easy manner:
%2D)S-Domain )ame System02
#2Packet switchin9 . routin9
?2T!P
82*P Address
T!P ;G S5w ensures the safe and re/iab/e transfer of the data2
*P ;G *P S5w sets the ru/es for data transfer over a n5w2
4hy the *nternet is +n SecureF
*nternet is an open medium2 it is an universa/ medium2 *n any case. the internet is definite/y an
open n5w2 once data is transmitted beyond the or9aniKationa/ network. it may be hand/ed by any
number
!2T3*,A)&S4ARA).
AP5BA
#
A
!"#$
%
&'&!TR()*!
!(&R!&
of different intermediate computers-ca//ed routers0 which make sure the data is de/ivered to its
intended destination2 Data is a/so /ike/y to trave/ across internet backbone networks. which
move vast @uantities of data over /ar9e distances2
N*tSs the protoco/s:
The primary protoco/ of the internet is T!P5*P2 *t contains Five 'ayers2
App/ication
'ayer Transport
'ayer *nternet
'ayer 'ink 'ayer
Physica/ 'ayer
There is no weakness in protoco/ side2
N4here the Risks AreF
The hacker who sto/e #1.111 credit card numbers did not eDp/oit any weakness in the internet
protoco/sP he eDp/oited the weakness in the security of the
computer where those numbers were stored2
N4hat the Risk areF
Some serious risks are when u transmit data across the internet2
%2*nterception by third party
#2For9ery
?2odification
NA Bi99er Risk
%2password
The pwd shou/d not be:
%2shou/d not be easy to 9uess
#2shou/d not be written down near the computer from which it wi// be used2
?2shou/d not 9ive out the pwd to anyone2
82shou/d not /eave an active session runnin9 on an unattended. unprotected system2
A2pwd shou/d be chan9ed periodica//y2
NFi9htin9 Back
%2Firewa// shou/d be used b5w internet and our or92
N4hat it a// means
The bottom /ine is that the *nternet is a pub/ic network. and anyone concerned with
!2T3*,A)&S4ARA).
AP5BA
#
:
!"#$ &'&!TR()*!
% !(&R!&
transmission security needs to approach the *nternet in the same way one wou/d approach
communicatin9 by any other pub/ic means2 *nternet communications are functiona//y e@uiva/ent
-at /east as far as security 9oes0 to communicatin9 in a pub/ic ha//2 !onversations between you
and your nei9hbor can be overheard by anyone who wants to eavesdropP if you want to ta/k to
someone at the opposite end of the ha//. youSve 9ot to re/y on intermediaries to carry the
messa9e between you2
Security !oncerns:
%2!onfidentia/ity
#2Authenticity
?2*nte9rity
#2&Dp/ain !rypto9raphyF
Dea/s 5 study of encryption and decryption2
NThe ob<ective of crypto9raphy:
N=eep the information in a secret manner2
N&ncryption: used to convert the p/ain teDt into cipher teDt
NDecryption: used to convert the cipher teDt into p/ain teDt
NSyntaD:
NBasic echanism of crypto9raphy:
P/ainteD
t
G
encrypt
G
ciphe
r
G
n5w
G
ciphe
r
Gdecryp
t
G

teD
t

teD
t

p/ainteD
t
3ere we are usin9 =eys to convert p/ain teDt into cipher teDt2
%2Symmetric key 5 Private =ey ;;; Gsame key shared b5w sender and receiver-for encryption and
decryption02
Sender-P/ainteDt0;G&ncryp-usin9 private key0;Gcipher teDt I-across the n5w0
!ipher teDt;GDecrypt-usin9 same key0;G-P/ainteDt0Receiver
#2Asymmetric key 5 Pub/ic =ey two keys are used 2one key is used for &ncryption-pub/ic key0
and one key is used for Decryption-Private key02
-A0Sender-P/ainteDt0;G&ncryp-usin9 BSs pub/ic key0;Gcipher teDt I-across the n5w0
!ipher teDt;GDecrypt-usin9 BSs private key0;G-P/ainteDt0Receiver-B0
Types of cipher teDt: a2
Transposition teDt2
*nterchan9in9 the position of teDt2 &62 7(D as (D7
!2T3*,A)&S4ARA).
AP5BA
#$
!"#$%
&'&!TR()*!
!(&R!&
b2 Substitution teDt2
P/acin9 the character instead of ori9ina/ teDt2
&6: 7od is encrypted as hpe
?2&Dp/ain Three !rypto9raphic App/ications F
a2&ncryption
b2Di9ita/ Si9nature
c2)onrepudiation and essa9e*nte9rity
Breakin9 &ncryption Standard:
&ven thou9h we have severa/ encryption methods there are some intruders are there to find our
encryption a/9orithm and cipher key siKe-secret key02 so it shou/d be three;di9it combination or
more than three2 Because if its three;di9it combination means there %111 chances are there to
set the secret;key 2so its very hard to find the secret;key and its very hard to break our
encryption methods5secret key2
Therefore. we shou/d set the secret key in mu/ti;di9it combinations2
=ey Distribution and !ertification
The precedin9 discussion about private and pub/ic key crypto9raphy has avoided the issue of
how to mana9e key distribution2 As with a// the other aspects of crypto9raphy. there are we//
known prob/ems pertainin9 to secure and re/iab/e key distribution2 To i//ustrate. a simp/e
scenario:
NBob and A/ice are two ac@uaintances who communicate by e;mai/ on occasion2
N&vi/ Robert. impersonatin9 Bob. sends a for9ed piece of e;mai/ to A/ice. re@uestin9 a secure
communication channe/ usin9 pub/ic key encryption2
N*nc/uded in this for9ed messa9e is &vi/ RobertSs pub/ic key-which he represents as BobSs pub/ic
key02
NA/ice receives the messa9e and encrypts a rep/y usin9 what she be/ieves to be BobSs pub/ic
key-but which is actua//y &vi/ RobertSs pub/ic key02
N&vi/ Robert receives the messa9e. decrypts it with her own secret key. and is ab/e to
communicate with A/ice whi/e pretendin9 to be <ob2
of course. this scenario can be easi/y defeated if <ones cou/d some how verify that the pub/ic key
matches the person who sends it2
Data &ncryption Standard:
A wide/y;adopted imp/ementation of secret;key crypto9raphy is Data &ncryption Standard
-D&S02 The actua/ software to perform D&S is readi/y avai/ab/e at no cost to anyone who has
access to the *nternet2 D&S was introduced in %"$A by *B. the )ationa/ Security A9ency-)SA0.
and the )ationa/ Bureau of Standards -)BS0 2 D&S has been eDtensive/y researched and
studied over the /ast twenty years and is definite/y the most we//;known and wide/y used
cryptosystem in the wor/d2
D&S is a secret;key. symmetric cryptosystem: when used for communication. both sender and
!2T3*,A)&S4ARA).
AP5BA
#
H
!"#$
%
&'&!TR()*!
!(&R!&
receiver must know the same secret key. which is used both to encrypt and decrypt the
messa9e2 D&S can a/so be used for sin9/e user encryption. for eDamp/e. to store fi/es on a hard
disk in encrypted form2 *n a mu/tiuser environment. however. secure;key distribution becomes
difficu/tP pub/ic;key crypto9raphy. discussed in the neDt subsection. was deve/oped to so/ve this
pbm2
D&S operates on :8;bit b/ocks with a A:;bit secret key2 Desi9ned for hardware imp/ementation.
its operation is re/ative/y fast and works we// for /ar9e bu/k documents or encryption2 *nstead of
definin9 <ust one encryption a/9orithm. D&S defines a who/e fami/y of them2 4ith a few
eDceptions. a different a/9orithm is 9enerated for each secret key2 This means that everybody
can be to/d about the a/9orithm and ur messa9e wi// sti// be secure2 u <ust need to te// others ur
secret key a number /ess than #powerA:2 the number #powerA: is a/so /ar9e enou9h to make it
difficu/t to break the code usin9 a brute force attack-tryin9 to break the cipher by usin9 a//
possib/e keys02
D&S has withstood the test of time2 Describe the fact that its a/9orithm is we// known. it is
impossib/e to break the cipher without usin9 tremendous amount of computin9 power2 A new
techni@ue for improvin9 the security of D&S is trip/e &ncryption -Trip/e D&S0 that is .encryptin9
each messa9e b/ock usin9 three different keys in succession2 Trip/e D&S thou9ht to be
e@uiva/ent to doub/in9 the key siKe of D&S. to %%# bits. shou/d prevent Decryption by a Third
Party capab/e of sin9/e;key eDhaustive search-mhH%0 2 (f !ourse. usin9 Trip/e &ncryption takes
three times as /on9 as sin9/e encryption D&S2 *f u use D&S three times on the same ms9 with
different secret;keys. it is virtua//y impossib/e to break it usin9 eDistin9 a/9orithms2
(ver the past few years severa/ new. faster symmetric a/9orithm have been deve/oped . but
D&S
remains the most fre@uent/y used2
82 &Dp/ain Trusted =ey Distribution and Verification F
4ith the wider app/ication of pub/ic key crypto9raphy for the purpose of commerce. mechanisms
for the trusted pub/ication and distribution of pub/ic keys are necessary2 Simp/y havin9 a
merchant-or customer0 send a copy of a pub/ic key wi// not do. since a for9er cou/d sent her own
pub/ic key whi/e pretendin9 to be someone e/se2
(ne so/ution is for some -respected0 or9aniKation to offer key pub/ishin9 services2 Those who
wish to can report their keys and their identities. and anyone e/se can find a key by /ookin9 for a
personSs name2 To add further trust. peop/e can have other peop/e certify their pub/ic keys2 *n
other words. one person -or or9aniKation0 can vouch for another one by addin9 their own name
and pub/ic key to the /istin92 The 9reater the resu/tin9 Bpedi9reeC to ur pub/ic key. the 9reater
amount of trust others can put in ur di9ita/ si9nature2
!2T3*,A)&S4ARA).
AP5BA
#
"
!"#$
%
&'&!TR()*!
!(&R!&
A2 &Dp/ain Fire4a// F
A firewa//Js basic task is to transfer traffic between computer networks of different trust /eve/s2
Typica/ eDamp/es are the *nternet which is a Kone with no trust and an interna/ network which is
a Kone of hi9her trust2 A Kone with an intermediate trust /eve/. situated between the *nternet and
a trusted interna/ network. is often referred to as a Lperimeter networkL
This artic/e is about the network security device2 For other uses. see Firewa// -disambi9uation02
A firewa// is a hardware or software device which is confi9ured to permit. deny. or proDy data
throu9h a computer network which has different /eve/s of trust2
Fire 4a// Dia9ram
Advanta9es of )etwork Security :
%2!onsu/t your system support personne/ if you work from home
#2+se virus protection software
?2+se a firewa//
82DonSt open unknown emai/ attachments
A2DonSt run pro9rams of unknown ori9in
:2Disab/e hidden fi/ename eDtensions
$2=eep a// app/ications -inc/udin9 your operatin9 system0 patched
H2Turn off your computer or disconnect from the network when not in use
"2Disab/e Eava. EavaScript. and Active6 if possib/e
%12Disab/e scriptin9 features in emai/ pro9rams
%%2ake re9u/ar backups of critica/ data
%#2ake a boot disk in case your computer is dama9ed or compromised2
:2 &Dp/ain Di9ita/ Si9natureF
*n crypto9raphy. a di9ita/ si9nature or di9ita/ si9nature scheme is a type of asymmetric
crypto9raphy used to simu/ate the security properties of a si9nature in di9ita/. rather than
written. form2 Di9ita/ si9nature schemes norma//y 9ive two a/9orithms. one for si9nin9 which
invo/ves the userJs secret or private key. and one for verifyin9 si9natures which invo/ves the
userJs pub/ic key2 The output of the si9nature process is ca//ed the Ldi9ita/ si9nature2L
Di9ita/ si9natures. /ike written si9natures. are used to provide authentication of the associated
input.
!2T3*,A)&S4ARA).
AP5BA
?1
!"#$%
&'&!TR()*!
!(&R!&
usua//y ca//ed a Lmessa9e2L essa9es may be anythin9. from e/ectronic mai/ to a contract. or
even a messa9e sent in a more comp/icated crypto9raphic protoco/2 Di9ita/ si9natures are used
to create pub/ic key infrastructure -P=*0 schemes in which a userJs pub/ic key -whether for
pub/ic;key encryption. di9ita/ si9natures. or any other purpose0 is tied to a user by a di9ita/
identity certificate issued by a certificate authority2 P=* schemes attempt to unbreakab/y bind
user information -name. address. phone number. etc20 to a pub/ic key. so that pub/ic keys can
be used as a form of identification2
Di9ita/ si9natures are often used to imp/ement e/ectronic si9natures. a broader term that refers
to any e/ectronic data that carries the intent of a si9natureT%U. but not a// e/ectronic si9natures
use di9ita/ si9natures2T#UT?UT8UTAU *n some countries. inc/udin9 the +nited States. and in the
&uropean +nion. e/ectronic si9natures have /e9a/ si9nificance2 3owever. /aws concernin9
e/ectronic si9natures do not a/ways make c/ear their app/icabi/ity towards crypto9raphic di9ita/
si9natures. /eavin9 their /e9a/ importance somewhat unspecified
NBenefits of di9ita/ si9natures
These are common reasons for app/yin9 a di9ita/ si9nature to communications:
Authentication
A/thou9h messa9es may often inc/ude information about the entity sendin9 a messa9e. that
information may not be accurate2 Di9ita/ si9natures can be used to authenticate the source of
messa9es2 4hen ownership of a di9ita/ si9nature secret key is bound to a specific user. a va/id
si9nature shows that the messa9e was sent by that user2 The importance of hi9h confidence in
sender authenticity is especia//y obvious in a financia/ conteDt2 For eDamp/e. suppose a bankJs
branch office sends instructions to the centra/ office re@uestin9 a chan9e in the ba/ance of an
account2 *f the centra/ office is not convinced that such a messa9e is tru/y sent from an
authoriKed source. actin9 on such a re@uest cou/d be a 9rave mistake2
*nte9rity
*n many scenarios. the sender and receiver of a messa9e may have a need for confidence that
the messa9e has not been a/tered durin9 transmission2 A/thou9h encryption hides the contents
of a messa9e. it may be possib/e to chan9e an encrypted messa9e without understandin9 it2
-Some encryption a/9orithms. known as nonma//eab/e ones. prevent this. but others do not20
3owever. if a messa9e is di9ita//y si9ned. any chan9e in the messa9e wi// inva/idate the
si9nature2 Furthermore. there is no efficient way to modify a messa9e and its si9nature to
produce a new messa9e with a va/id si9nature. because this is sti// considered to be
computationa//y infeasib/e by most crypto9raphic hash functions -see co//ision resistance02
Drawbacks of di9ita/ si9natures:
Association of di9ita/ si9natures and trusted time stampin9
Di9ita/ si9nature a/9orithms and protoco/s do not inherent/y provide certainty about the date and
time at which the under/yin9 document was si9ned2 The si9ner mi9ht. or mi9ht not. have
inc/uded a time stamp with the si9nature. or the document itse/f mi9ht have a date mentioned on
it. but a /ater reader cannot
!2T3*,A)&S4ARA).
AP5BA
?
%
!"#$ &'&!TR()*!
% !(&R!&
be certain the si9ner did not. for instance. backdate the date or time of the si9nature2 Such
misuse can be made impracticab/e by usin9 trusted time stampin9 in addition to di9ita/
si9natures2
)on;repudiation
*n a crypto9raphic conteDt. the word repudiation refers to any act of disc/aimin9 responsibi/ity for
a messa9e2 A messa9eJs recipient may insist the sender attach a si9nature in order to make
/ater repudiation more difficu/t. since the recipient can show the si9ned messa9e to a third party
-e9. a court0 to reinforce a c/aim as to its si9natories and inte9rity2 3owever. /oss of contro/ over
a userJs private key wi// mean that a// di9ita/ si9natures usin9 that key. and so ostensib/y JfromJ
that user. are suspect2 )onethe/ess. a user cannot repudiate a si9ned messa9e without
repudiatin9 their si9nature key2 *t is a99ravated by the fact there is no trusted time stamp. so
new documents -after the key compromise0 cannot be separated from o/d ones. further
comp/icatin9 si9nature key inva/idation2 !ertificate Authorities usua//y maintain a pub/ic
repository of pub/ic;key so the association user; key is certified and si9natures cannot be
repudiated2 &Dpired certificates are norma//y removed from the directory2 *t is a matter for the
security po/icy and the responsibi/ity of the authority to keep o/d certificates for a period of time if
a non;repudiation of data service is provided2
Some di9ita/ si9nature a/9orithms
NFu// Domain 3ash. RSA;PSS etc2. based on RSA
NDSA
N&!DSA
N&/7ama/ si9nature scheme
N+ndeniab/e si9nature
NS3A -typica//y S3A;%0 with RSA
NRabin si9nature a/9orithm
NPointcheva/;Stern si9nature a/9orithm
NSchnorr si9nature
A99re9ate si9nature ; a di9ita/ si9nature that supports a99re9ation: 7iven n si9natures on n
distinct messa9es from n distinct users. it is possib/e to a99re9ate a// these si9natures into a
sin9/e short si9nature2 This sin9/e si9nature wi// convince the verifier that the n users did indeed
si9n the n ori9ina/ messa9es
$2 Discuss in detai/ about Data &ncryption StandardF
The Data &ncryption Standard -D&S0 is a cipher -a method for encryptin9 information0 se/ected
as an officia/ Federa/ *nformation Processin9 Standard -F*PS0 for the +nited States in %"$: and
which has subse@uent/y en<oyed widespread use
internationa//y2 The a/9orithm was initia//y controversia/ with c/assified desi9n e/ements. a
re/ative/y short key /en9th. and suspicions about a )ationa/ Security A9ency -)SA0 backdoor2
D&S conse@uent/y came under intense academic scrutiny which motivated the modern
understandin9 of b/ock ciphers and their cryptana/ysis2
D&S is now considered to be insecure for many app/ications2 This is chief/y due to the A:;bit key
siKe bein9 too sma//P in Eanuary. %""". distributed2net and the &/ectronic Frontier Foundation
co//aborated to pub/ic/y break a D&S key in ## hours and %A minutes -see chrono/o9y 02 There
are a/so some ana/ytica/ resu/ts which demonstrate theoretica/ weaknesses in the cipher.
a/thou9h they are infeasib/e to mount in practice2 The
!2T3*,A)&S4ARA).
AP5BA
?#
!"#$%
&'&!TR()*!
!(&R!&
a/9orithm is be/ieved to be practica//y secure in the form of Trip/e D&S. a/thou9h there are
theoretica/ attacks2 *n recent years. the cipher has been superseded by the Advanced
&ncryption Standard -A&S02
*n some documentation. a distinction is made between D&S as a standard and D&S the
a/9orithm which is referred to as the D&A -the Data &ncryption A/9orithm02 4hen spoken. LD&SL
is either spe//ed out -*PA: 5di i s50 as an abbreviation or pronounced as a sin9/e sy//ab/e -*PA: 5d
s50 acronym2
3istory of D&S
This section does not cite any references or sources2 - Apri/ #11H0 P/ease he/p improve this
section by addin9 citations to re/iab/e sources2 +nverifiab/e materia/ may be cha//en9ed and
removed2
The ori9ins of D&S 9o back to the ear/y %"$1s2 *n %"$#. after conc/udin9 a study on the +S
9overnmentJs computer security needs. the +S standards body )BS -)ationa/ Bureau of
Standards0 V now named )*ST -)ationa/ *nstitute of Standards and Techno/o9y0 V identified a
need for a 9overnment;wide standard for encryptin9 unc/assified. sensitive information2
Accordin9/y. on %A ay %"$?. after consu/tin9 with the )SA. )BS so/icited proposa/s for a
cipher that wou/d meet ri9orous desi9n criteria2 )one of the submissions. however. turned out to
be suitab/e2 A second re@uest was issued on #$ Au9ust %"$82 This time. *B submitted a
candidate which was deemed acceptab/e V a cipher deve/oped durin9 the period %"$?> %"$8
based on an ear/ier a/9orithm. 3orst Feiste/Js 'ucifer cipher2 The team at *B invo/ved in cipher
desi9n and ana/ysis inc/uded Feiste/. 4a/ter Tuchman. Don !oppersmith. A/an =onheim. !ar/
eyer. ike atyas. Roy Ad/er. &dna 7rossman. Bi// )otK. 'ynn Smith. and Bryant Tuckerman2
)SAJs invo/vement in the desi9n
(n arch %$. %"$A. the proposed D&S was pub/ished in the Federa/ Re9ister2 Pub/ic comments
were re@uested. and in the fo//owin9 year two open workshops were he/d to discuss the
proposed standard2 There was some criticism from various parties. inc/udin9 from pub/ic;key
crypto9raphy pioneers artin 3e//man and 4hitfie/d Diffie. citin9 a shortened key /en9th and the
mysterious LS;boDesL as evidence of improper interference from the )SA2 The suspicion was
that the a/9orithm had been covert/y
weakened by the inte//i9ence a9ency so that they V but no;one e/se V cou/d easi/y read
encrypted messa9es2Tcitation neededU A/an =onheim -one of the desi9ners of D&S0
commented. L4e sent the S;boDes off
to 4ashin9ton2 They came back and were a// different2LT%U The +nited States Senate Se/ect
!ommittee on *nte//i9ence reviewed the )SAJs actions to determine whether there had been
any improper invo/vement2 *n the unc/assified summary of their findin9s. pub/ished in %"$H. the
!ommittee wrote:
L*n the deve/opment of D&S. )SA convinced *B that a reduced key siKe was sufficientP
indirect/y assisted in the deve/opment of the S;boD structuresP and certified that the fina/ D&S
a/9orithm was. to the best of their know/ed9e. free from any statistica/ or mathematica/
weakness2LT#U
3owever. it a/so found that
L)SA did not tamper with the desi9n of the a/9orithm in any way2 *B invented and desi9ned
the a/9orithm. made a// pertinent decisions re9ardin9 it. and concurred that the a9reed upon key
siKe was more than ade@uate for a// commercia/ app/ications for which the D&S was
intended2LT?U
Another member of the D&S team. 4a/ter Tuchman. is @uoted as sayin9. L4e deve/oped the
D&S a/9orithm
!2T3*,A)&S4ARA).
AP5BA
?
?
!"#$
%
&'&!TR()*!
!(&R!&
entire/y within *B usin9 *Bers2 The )SA did not dictate a sin9/e wireOLT8U
Some of the suspicions about hidden weaknesses in the S;boDes were a//ayed in %""1. with the
independent discovery and open pub/ication by &/i Biham and Adi Shamir of differentia/
cryptana/ysis. a 9enera/ method for breakin9 b/ock ciphers2 The S;boDes of D&S were much
more resistant to the attack than if they had been chosen at random. stron9/y su99estin9 that
*B knew about the techni@ue back in the %"$1s2 This was indeed the case V in %""8. Don
!oppersmith pub/ished the ori9ina/ desi9n criteria for the S;boDes2 Accordin9 to Steven 'evy.
*B 4atson researchers discovered differentia/ cryptana/ytic attacks in %"$8 and were asked by
the )SA to keep the techni@ue secret2TAU !oppersmith eDp/ains *BJs secrecy decision by
sayin9. Lthat was because Tdifferentia/ cryptana/ysisU can be a very powerfu/ too/. used a9ainst
many schemes. and there was concern that such information in the pub/ic domain cou/d
adverse/y affect nationa/ security2L 'evy @uotes 4a/ter Tuchman: LTtUhey asked us to stamp a//
our documents confidentia/222
4e actua//y put a number on each one and /ocked them up in safes. because they were
considered +2S2 9overnment c/assified2 They said do it2 So * did itL2T:U Shamir himse/f
commented. L* wou/d say that.
contrary to what some peop/e be/ieve. there is no evidence of tamperin9 with the D&S so that
the basic desi9n was weakened2LTcitation neededU
The other criticism V that the key /en9th was too short V was supported by the fact that the
reason 9iven
by the )SA for reducin9 the key /en9th from :8 bits to A: was that the other H bits cou/d serve
as parity bits. which seemed somewhat specious2Tcitation neededU *t was wide/y be/ieved that
)SAJs decision was motivated
by the possibi/ity that they wou/d be ab/e to brute force attack a A: bit key severa/ years before
the rest of the wor/d wou/d2Tcitation neededU
The a/9orithm as a standard
Despite the criticisms. D&S was approved as a federa/ standard in )ovember %"$:. and
pub/ished on %A Eanuary %"$$ as F*PS P+B 8:. authoriKed for use on a// unc/assified data2 *t
was subse@uent/y reaffirmed as the standard in %"H?. %"HH -revised as F*PS;8:; %0. %""?
-F*PS; 8:;#0. and a9ain in %""" -F*PS;8:;?0. the /atter prescribin9 LTrip/e D&SL -see be/ow02 (n
#: ay #11#. D&S was fina//y superseded by A&S. the Advanced &ncryption Standard.
fo//owin9 a pub/ic competition -see A&S process02 (n %" ay #11A. F*PS 8:;? was officia//y
withdrawn. but )*ST has approved Trip/e D&S throu9h the year #1?1 for sensitive 9overnment
information2T$U
Another theoretica/ attack. /inear cryptana/ysis. was pub/ished in %""8. but it was a brute force
attack in %""H that demonstrated that D&S cou/d be attacked very practica//y. and hi9h/i9hted
the need for a rep/acement a/9orithm2 These and other methods of cryptana/ysis are discussed
in more detai/ /ater in the artic/e2
The introduction of D&S is considered to have been a cata/yst for the academic study of
crypto9raphy. particu/ar/y of methods to crack b/ock ciphers2 Accordin9 to a )*ST retrospective
about D&S.
The D&S can be said to have L<ump startedL the nonmi/itary study and deve/opment of
encryption a/9orithms2 *n the %"$1s there were very few crypto9raphers. eDcept for those in
mi/itary or inte//i9ence or9aniKations. and /itt/e academic study of crypto9raphy2 There are now
many active academic crypto/o9ists. mathematics departments with stron9 pro9rams in
crypto9raphy. and commercia/ information security companies and consu/tants2 A 9eneration of
cryptana/ysts has cut its teeth ana/yKin9
!2T3*,A)&S4ARA).
AP5BA
?
8
!"#$
%
&'&!TR()*!
!(&R!&
-that is tryin9 to LcrackL0 the D&S a/9orithm2 *n the words of crypto9rapher Bruce Schneier T"U.THU
LD&S did more to 9a/vaniKe the fie/d of cryptana/ysis than anythin9 e/se2 )ow there was an
a/9orithm to study2L An astonishin9 share of the open /iterature in crypto9raphy in the %"$1s and
%"H1s dea/t with the D&S. and the D&S is the standard a9ainst which every symmetric key
a/9orithm since has been compared2
!hrono/o9y
,ea
Date
r
&vent


%A ay %"$?
)BS pub/ishes a first re@uest for a standard
encryption a/9orithm
?

%"$8
ccccc
c
Au9us
t
%"$8
)BS pub/ishes a second re@uest for encryption
a/9orithms



%$ arch %"$A D&S is pub/ished in the Federa/ Re9ister for comment
A

Au9ust %"$: First workshop on D&S
September %"$:
Second workshop. discussin9 mathematica/ foundation of
D&S

)ovember %"$: D&S is approved as a standard
%A Eanuary %"$$ D&S is pub/ished as a F*PS standard F*PS P+B 8:
%"H? D&S is reaffirmed for the first time
%"H:
Videocipher **. a TV sate//ite scramb/in9 system based upon
D&S be9ins use by 3B(

##
Eanuary
%""H
D&S is reaffirmed for the second time as F*PS 8:;%. supersedin9
F*PS P+B 8:


%""1
Biham and Shamir rediscover differentia/ cryptana/ysis. and app/y it
to a %A;

Eu/y
1 round D&S;/ike cryptosystem2




Biham and Shamir report the first theoretica/ attack with /ess
comp/eDity

%""# than brute force: differentia/ cryptana/ysis2 3owever. it re@uires an
# unrea/istic #8$ chosen p/ainteDts2

?1
Decemb
%""?
D&S is reaffirmed for the third time as F*PS
8:;#

er ?

%""8
The first eDperimenta/ cryptana/ysis of D&S
is
performed usin9 /inear



8 cryptana/ysis -atsui. %""802

Eune
%""$
The D&S!3A'' Pro<ect breaks a messa9e encrypted with D&S for
the first

$ time in pub/ic2



Eu/y %""H
The &FFJs D&S cracker -Deep !rack0 breaks a D&S key in A:
hours2

H

Eanuary
%"""
To9ether. Deep !rack and distributed2net break a D&S key in ##
hours and

" %A minutes2



%"""
D&S is reaffirmed for the fourth time as F*PS 8:;?. which specifies
the

#A
(ctober
"
preferred use of Trip/e D&S. with sin9/e D&S permitted on/y in
/e9acy

systems2

#:
)ovemb
#11% The Advanced &ncryption Standard is pub/ished in F*PS %"$
!2T3*,A)&S4ARA). AP5BA ?:
!"#$% &'&!TR()*! !(&R!&

er

%



#: ay #11# The A&S standard becomes effective
#


The withdrawa/ of F*PS 8:;? -and a coup/e of re/ated standards0
is proposed
#: Eu/y #118 in the Federa/ Re9isterT%1U
8

%" ay #11A
)*ST withdraws F*PS 8:;? -see Federa/ Re9ister vo/ $1. number
":0
A


%A
arch
#11$
The FP7A based para//e/ machine !(PA!(BA)A of the
+niversity of Bochum

$
and =ie/. 7ermany. breaks D&S in :28 days at W%1.111
hardware cost


H2 4rite short notes on
a2 =ey Distribution techni@ues2 b2 Di9ita/ Si9nature
c2 )on;repudiation
-a0 =ey Distribution techni@ues2
The 9enera/ key distribution prob/em refers to the task of distributin9 secret keys between
communicatin9 parties to provide security properties such as secrecy and authentication2
*n sensor networks. key distribution is usua//y combined with initia/ communication
estab/ishment to bootstrap a secure communication infrastructure from a co//ection of dep/oyed
sensor nodes2 *n the settin9 we study in this chapter. nodes have been pre;initia/iKed with some
secret information before dep/oyment. but on/y after network setup. we know the /ocation of
nodes2 The node /ocation often determines which nodes need to estab/ish a crypto9raphic keys
with which other nodes. so we cannot set up these keys before dep/oyment2
*n this chapter. we refer to the combined prob/em of key distribution and secure communications
estab/ishment as the security bootstrappin9 prob/em. or simp/y the bootstrappin9 prob/em2 A
bootstrappin9 protoco/ must not on/y enab/e a new/y dep/oyed sensor network to initiate a
secure infrastructure. but it must a/so a//ow nodes dep/oyed at a /ater time to <oin the network
secure/y2 This is a cha//en9in9 prob/em due to the many /imitations of sensor network hardware
and software2
*n this chapter. we discuss and eva/uate severa/ we//;known methods of key distribution2
Besides these. we present an in;depth study of random key pre# distribution. a method that has
recent/y attracted si9nificant research attention. and we have a/so worked on2
-b0 Di9ita/ Si9nature
!2T3*,A)&S4ARA).
AP5BA
?$
!"#$%
&'&!TR()*!
!(&R!&
A di9ita/ si9nature scheme typica//y consists of three a/9orithms:
NA key 9eneration a/9orithm that se/ects a private key uniform/y at random from a set of possib/e
private keys2 The a/9orithm outputs the private key and a correspondin9 pub/ic key2
NA si9nin9 a/9orithm which. 9iven a messa9e and a private key. produces a si9nature2
NA si9nature verifyin9 a/9orithm which 9iven a messa9e. pub/ic key and a si9nature. either
accepts or re<ects2
Two main properties are re@uired2 First. a si9nature 9enerated from a fiDed messa9e and fiDed
private key shou/d verify on that messa9e and the correspondin9 pub/ic key2 Second/y. it shou/d
be computationa//y infeasib/e to 9enerate a va/id si9nature for a party who does not possess the
private key2
Benefits of di9ita/ si9natures
Be/ow are some common reasons for app/yin9 a di9ita/ si9nature to communications:
Authentication
A/thou9h messa9es may often inc/ude information about the entity sendin9 a
messa9e. that information may not be accurate2 Di9ita/ si9natures can be used to authenticate
the source of messa9es2 4hen ownership of a di9ita/ si9nature secret key is bound to a specific
user. a va/id si9nature shows that the messa9e was sent by that user2 The importance of hi9h
confidence in sender authenticity is especia//y obvious in a financia/ conteDt2 For eDamp/e.
suppose a bankJs branch office sends instructions to the centra/ office re@uestin9 a chan9e in
the ba/ance of an account2 *f the centra/ office is not convinced that such a messa9e is tru/y sent
from an authoriKed source. actin9 on such a re@uest cou/d be a 9rave mistake2
*nte9rity
*n many scenarios. the sender and receiver of a messa9e may have a need for confidence that
the messa9e has not been a/tered durin9 transmission2 A/thou9h encryption hides the contents
of a messa9e. it may be possib/e to chan9e an encrypted messa9e without understandin9 it2
-Some encryption a/9orithms. known as nonma//eab/e ones. prevent this. but others do not20
3owever. if a messa9e is di9ita//y si9ned. any chan9e in the messa9e wi// inva/idate the
si9nature2 Furthermore. there is no efficient way to modify a messa9e and its si9nature to
produce a new messa9e with a va/id si9nature. because this is sti// considered to be
computationa//y infeasib/e by most crypto9raphic hash functions -see co//ision resistance02
Drawbacks of di9ita/ si9natures2
Despite their usefu/ness. di9ita/ si9natures a/one do not so/ve the fo//owin9 prob/ems:
Association of di9ita/ si9natures and trusted time stampin9
Di9ita/ si9nature a/9orithms and protoco/s do not inherent/y provide certainty about the date and
time at which the under/yin9 document was si9ned2 The si9ner mi9ht have inc/uded a time
stamp with the si9nature. or the document itse/f mi9ht have a date mentioned on it2 Re9ard/ess
of the documentJs contents. a reader cannot be certain the si9ner did not. for eDamp/e. backdate
the date or time of the si9nature2 Such misuse can
!2T3*,A)&S4ARA).
AP5BA
?
H
!"#$
%
&'&!TR()*!
!(&R!&
be made impracticab/e by usin9 trusted time stampin9 in addition to di9ita/ si9natures2
c2 )on;repudiation
*n a crypto9raphic conteDt. the word repudiation refers to any act of disc/aimin9 responsibi/ity for
a messa9e2 A messa9eJs recipient may insist the sender attach a si9nature in order to make
/ater repudiation more difficu/t. since the recipient can show the si9ned messa9e to a third party
-e292. a court0 to reinforce a c/aim as to its si9natories and inte9rity2 3owever. /oss of contro/
over a userJs private key wi// mean that a// di9ita/ si9natures usin9 that key. and so ostensib/y
JfromJ that user. are suspect2 )onethe/ess. a user cannot repudiate a si9ned messa9e without
repudiatin9 their si9nature key2 This is a99ravated by the fact there is no trusted time stamp. so
new documents -after the key compromise0 cannot be separated from o/d ones. further
comp/icatin9 si9nature key inva/idation2 !ertificate authorities usua//y maintain a pub/ic
repository of pub/ic keys so the associated private key is certified and si9natures cannot be
repudiated2 &Dpired certificates are norma//y removed from the repository2 *t is a matter for the
security po/icy and the responsibi/ity of the authority to keep o/d certificates for a period of time if
non;repudiation of data service is provided2
!2T3*,A)&S4ARA).
AP5BA
?
"
!"#$
%
&'&!TR()*!
!(&R!&
+)*T > ***
&'&!TR()*! PA,&)T &T3(DS
PART > A
%2 4hat is meant by Secure &/ectronic Transaction protoco/F
Secure &/ectronic Transaction -S&T0 is a standard protoco/ for securin9 credit card transactions
over insecure networks. specifica//y. the *nternet2 S&T is not itse/f a payment system. but rather
a set of security protoco/s and formats that enab/es users to emp/oy the eDistin9 credit card
payment infrastructure on an open network in a secure fashion2
#2 4hat is micro paymentF
icro payments are means for transferrin9 very sma// amounts of money. in situations where
co//ectin9 such sma// amounts of money with the usua/ payment systems is impractica/. or very
eDpensive. in terms of the amount of money bein9 co//ected2 LicropaymentL ori9ina//y meant
%5%111th of a +S do//ar. T%U T#U. meanin9 a payment system that cou/d efficient/y hand/e
payments at /east as sma// as a mi//. but now is often defined to mean payments too sma// to be
affordab/y processed by credit card or other e/ectronic transaction processin9 mechanism2 The
use of micropayments may be ca//ed icrocommerce
?2 4hat is the difference between B#B and B#c websiteF
B#! websites are intermediary porta/s to /ink customers to supp/iers2 Some of the ma<or ones
are ebay. an auction site2 ,e//. an internet version of ye//ow pa9es and XD)et a techno/o9y
market p/ace2 A// of these businesses eDist primari/y on the internet2 They are what is known as
e;businesses -e/ectronic businesses02 A// of them can be c/assified under one 9enera/ headin9.
market p/aces2
B#! concerns itse/f with se//in9 to the end user2 Typica//y these are sites /ike AmaKon. on/ine
book retai/ers. /astminute 2com. a L9ood timesL porta/2 These sites are more interested in
passin9 the 9oods to the end user2 There is /ike/y a s/i9ht difference between them and your
business2 They are actua//y internet based2 That is to say they eDist primari/y on the internet2
(ffices and warehousin9 are borne from necessity of their internet success2
824hat are the features to be considered for &/ectronic Payment System Desi9nF
Nana9in9 !redit Risk
NDescribe the infrastructure re@uired to support !redit !ard Processin9
NRecord keepin9 with credit cards is one of the features consumers va/ue most because of
disputes and mistakes in bi//in9
N&ncryption and transaction speed must be ba/anced
NThe comp/eDity of credit card processin9 takes p/ace in the verification phase
!2T3*,A)&S4ARA).
AP5BA
81
!"#$%
&'&!TR()*!
!(&R!&
A2 4hat is supp/y chain networkF
Due to the rapid advancement of techno/o9y such as pervasive or ubi@uitous wire/ess and
internet networks. connective product markin9 techno/o9ies /ike RF*D and emer9in9 standards
for the use of these definin9 specific /ocations usin9 7/oba/ 'ocation )umber -s0. the basic
supp/y chain is rapid/y evo/vin9 into what is known as a Supp/y !hain )etwork2
:2 4hat is (ff/ineF
Traditiona/ ethods: -(ff/ine methods0
a2 Barter-&Dachin9 the product0 b2!oin c2Rupees
d2 oney (rder e2DD
f2Persona/ !heck
$2 4hat is (n/ine Transactions F odern ethods: - (n/ine methods0
%2 &check #2&!ash
?2!redit and Debit !ards
82Di9ita/ 4a//et
A2Smart !ards
H24hat is Payment Processin9 -s5w0 service provider F
a2*!V&R*F,
b2AuthoriKe2)et
c2!ybercash
"24hat is Secure (n/ine Transaction ode/s F
a2Secure 4eb Servers
b2Secure Server Purchasin9
c2Secure Server Se//in9
d2Re@uired Faci/ities
i23ardware
ii2Software
iii2Services
e2&/ectronic a//s
!2T3*,A)&S4ARA).
AP5BA
8
%
!"#$
%
&'&!TR()*!
!(&R!&
%124hat is Protoco/s for the pub/ic transport of private information -or0 Security Protoco/s F
a2S;3TTP -Secure 3yperteDt Transfer Protoco/0
b2SS' -Secure Socket 'ayer0
c2S&T -Secure &/ectronic Transaction0
%%2!redit !ard Business Basics:
Before discussin9 S&T . a few !redit !ard processin9 definitions are in order 2 These terms are
used
throu9hout the S&T document2
!ardho/der : The consumer.customer .youO
*ssuer : The bank who issued you a credit card2
erchant : The party from whom you are buyin9 9oods and Services2
Ac@uirer :
The financia/ institution5bank who estab/ishes an account with
the
merchant and processes
payment
authoriKations and transactions for the merchant
Payment 7ateway : A device operated by an ac@uirer -financia/
institution 0 that processes the merchant payment messa9es2
Bran
d
: Visa.aster !ard
.Discover.etc2
*t is a/so important to point out that aster!ard and Visa are associations with banks
comprisin9 the
membership2
%?2 Definition Di9ita/ 4a//etF
&/ectronic wa//et -& ;wa//et0 is a software component in which a user stores credit card numbers
and other persona/ information2 4hen shoppin9 on/ine. the user simp/y c/icks the e;wa//et to
automatica//y fi// in the information needed to make a purchase -Turban2 #118:8""02
%82 Definition S3TTP F
Secure hyperteDt transfer protoco/ ; deve/oped by &nterprise *nte9ration Techno/o9ies to ensure
security with commercia/ transactions on the *nternet2
!2T3*,A)&S4ARA).
AP5BA
8#
!"#$%
&'&!TR()*!
!(&R!&
PART > B
%2 4hat is supp/y chain networkF
Due to the rapid advancement of techno/o9y such as pervasive or ubi@uitous wire/ess and
internet networks. connective product markin9 techno/o9ies /ike RF*D and emer9in9 standards
for the use of these definin9 specific /ocations usin9 7/oba/ 'ocation )umber -s0. the basic
supp/y chain is rapid/y evo/vin9 into what is known as a Supp/y !hain )etwork2
a2 (ff/ine and (n/ine Transactions
%2Traditiona/ ethods: -(ff/ine methods0
%2Barter-&Dachin9 the product0
#2!oin
?2Rupees
82oney (rder
A2DD
:2Persona/ !heck
b2 odern ethods: - (n/ine methods0
%2&check
#2&!ash
?2!redit and Debit !ards
82Di9ita/ 4a//et
A2Smart !ards
c2Payment Processin9 -s5w0 service provider
%2*!V&R*F,
#2AuthoriKe2)et
?2!ybercash
d2Secure (n/ine Transaction ode/s:
%2Secure 4eb Servers
#2Secure Server Purchasin9
?2Secure Server Se//in9
82Re@uired Faci/ities
%23ardware
#2Software
?2Services
A2&/ectronic a//s
e2Protoco/s for the pub/ic transport of private information -or0 Security Protoco/s:
!2T3*,A)&S4ARA).
AP5BA
8
?
!"#$
%
&'&!TR()*!
!(&R!&
%2S;3TTP -Secure 3yperteDt Transfer Protoco/0
#2SS' -Secure Socket 'ayer0
?2S&T -Secure &/ectronic Transaction0
#2*n 7enera/ how the System works-b5w c/ient .merchant R service provider0
A consumer visits a merchant 4ebpa9e and makes a purchase by enterin9 the re@uired
information2
The payment c/ient software is then /oaded. and a si9ned messa9e is sent to the payment
hand/er to initiate payment2
The payment hand/er verifies the si9nature and be9ins a si9ned payment so the consumerSs
c/ient software knows it is communicatin9 with a 9enuine payment hand/er2
After the payment is comp/eted. a si9ned receipt is issued to the consumer and the merchant2
The merchant uses this receipt or payment acknow/ed9ement to be9in the process of shippin9
the 9ood
Definition: S3TTP:
Secure hyperteDt transfer protoco/ ; deve/oped by &nterprise *nte9ration Techno/o9ies to ensure
security with commercia/ transactions on the *nternet2
!ards:
N !redit !ard Postpaid
NDebit !ard ; Prepaid
!redit !ards
!redit !ard is a card which a//ows a person to purchase 9oods and services on borrowed
money2 *t he/ps to purchase somethin9 without havin9 to pay for it immediate/y. instead the
company or or9aniKation. issuin9 the credit card. makes the payment on beha/f of the customer
but the customer is /iab/e to pay the same to the issuer of the card within a definite period of
time which may vary dependin9 upon the credit card type and the issuin9 company2 Thus.
!redit !ards 9ive financia/ f/eDibi/ity to the consumers2
*n the year %"A: !a/iforniaJs Bank of America first introduced credit cards to the 9enera/ mass2
Some of the bi9 vendors of credit cards are V*SA. aster!ard and many more2
*n order to avai/ credit card. a consumer is re@uired to open an account with such a bank or
company which is sponsorin9 the card2 After this the company5bank sends a credit card to him
with a denominated /imit to it in monetary units2 The customer is entit/ed to buy 9oods and
services up to the specified credit card /imit2 The service provider sends month/y bi// to the
customer specifyin9 the detai/s of his purchase2 The customer in;turn has to make the payment
within a specified time period2 *f the customer doesnJt pay fu// or part of the amount within time;
/imit then he has to pay month/y interest on the outstandin9 payment amount2
7enera//y. the interest rate char9ed by the credit card companies on the outstandin9 payab/e
amount are hi9her than most of the popu/ar /oans2 But they are eDempted from payin9 the
interest rates when the customer pays the fu// outstandin9 payab/e amount to the card issuer
within a month2
!2T3*,A)&S4ARA).
AP5BA
88
!"#$%
&'&!TR()*!
!(&R!&
Rate of interest on the credit cards vary from card to card2 The rate 9enera//y increases with an
increase in a customerJs outstandin9 payab/e amount2
Severe competition has /ed the credit card issuin9 companies to offer variety of incentives to the
consumers ran9in9 from cash back to specia/ incentives for fre@uent users to 9ift certificates2
There are many credit cards which offer credits at /ow or ni/ interest rates2 But in such cases the
time period of /ow interest rates are fiDed -usua//y from : months to % year0 and after which the
rate hikes considerab/y2
3ence. !redit !ards have become a part and parce/ of the modern /ife which 9ives financia/
f/eDibi/ity to the consumers2
?2 4hat is Third Party !redit !ard ProcessorF
*nternet merchant accounts can be harder to obtain2 This is because of increased security risks
as no si9natures are invo/ved. nor is a card physica//y presented at the point of sa/e2 Another
option may be to use a third party processor. which is basica//y a payment 9ateway and
merchant account ro//ed into one2 A third party credit card processor is a company that accepts
credit card orders on beha/f of other on/ine businesses2
*f you are a new business with an untested product ran9e. consider usin9 a third party credit
card processor whi/e you test the waters. which wi// incorporate a payment 9ateway with a
merchant account2
any of these services wi// a/so incorporate a shoppin9 cart app/ication as part of the dea/ -see
/inks at the end of this artic/e0 These services may appear to cost more. but they can save you
from eDpensive /on9 term contracts and initia/ out/ay on shoppin9 cart app/ications2
*f you intend usin9 a third party credit card processor that combines 9ateway services with a
merchant account. added to the points a/ready mentioned. ensure you a/so check on month/y
9ateway fees. AVS costs. and any other added fraud protection you wish to imp/ement2
Rushed decisions in choosin9 your ecommerce app/ications. e/ements and third party services
wi// dramatica//y increase the /ike/ihood of your business fai/ure2 This is definite/y an area where
if you spend the time fu//y investi9atin9 a// the options open to you ; youJ// reap the rewards after
imp/ementation2
*t is worthwhi/e considerin9 contractin9 the services of an ecommerce consu/tant to assist you in
makin9 these crucia/ decisions2 The fees you pay to a consu/tant wi// be returned in increased
profits ; and /ess stress2
Top rated third party credit card processor is #checkout
/ow costs
W8" one time si9nup fee W128A per Sa/e
A2AY of Sa/e Amount
?1 Day money back 9uarantee )o
!2T3*,A)&S4ARA).
AP5BA
8
A
!"#$
%
&'&!TR()*!
!(&R!&
app/ication fees
)o month/y fees )o statement fees )o /eases
)o SS' certificate to buy
)o fees for A!3 deposits to +2S2 or participatin9 !anadian bank accounts !heck Payment or
'ow !ost 4ire to )on +2S2 Bank Accounts
FR&& shoppin9 cart
FR&& code for your web site
FR&& on;/ine tech support why # checkout
)o waitin9 weeks -7ettin9 started immediate/y0 )o term contracts
)o e@uipment or software needed &asy to use p/u9;n;p/ay code Simp/e commission fee
structure *nternationa/ supp/iers accepted
'ist products R services <ust about anythin9 Supports recurrin9 bi//in9
4orks with eDistin9 shoppin9 carts Automatic purchase order notification State of the Art fraud
detection 7reat for simp/e or comp/eD needs
!omprehensive account mana9ement too/s Robust shippin9 options
Third Party !redit !ard Processors !anJt afford a merchant account ri9ht nowF !heck out these
?rd party credit card processin9 companies2
*nstead of payin9 transaction fees. month/y statement fees. etc2. they take a percenta9e of your
products cost -usua//y ?Y to %AY02 ?rd party processin9 is a 9reat option for )on;+S
businesses2
4here obtainin9 a merchant account is much too eDpensive or hard to 9et2 B&4AR&: This type
of so/ution is 9ood for businesses <ust startin9 out that donJt have the money to purchase a
merchant account ri9ht off the bat. but you wi// pay more in the /on9 run2
*t is recommended that once you do have the funds to support a merchant account that you
purchase one2 *t is unwise to set up a merchant account59ateway if you anticipate 9ross
revenues under W:A1 per month 2
Beyond W:A1 in revenues per month. a merchant account59ateway option
be9ins to become cost effective compared to the a/ternatives !!)ow. !/ickBank and Di9iBuy
are suitab/e on/y for products that have a fair/y hi9h mark;up that can absorb the substantia/
purchase costs of HY to %8Y2 But this ana/ysis on/y eDamines direct purchase costs2
The hidden costs are in time and ease;of;use2 (bserve that: Severa/ of the service bureaus
donJt remit receipts immediate/y to the merchant There is a de/ay of severa/ weeks2
!2T3*,A)&S4ARA).
AP5BA
8:
!"#$%
&'&!TR()*!
!(&R!&
)one of the service bureau so/utions nor PayPa/ a//ow the merchant access to the customerJs
credit card number2
PayPa/Js shoppin9 cart is pretty rudimentary. fi9urin9 shippin9 on/y crude/y and taDes not at a//2
Di9iBuy provides a sophisticated di9ita/ down/oad and re9istration system. but takes about %8Y
;; a si9nificant chunk of the tota/ sa/es price 2
!!)owJs shoppin9 cart is better than PayPa/Js. but their shippin9 ca/cu/ation is crude Since they
are a De/aware corporation. state sa/es taD need not be ca/cu/ated2
!/ickBank has no shoppin9 cart at a//2 An affi/iate pro9ram is inc/uded in !/ickBank. possib/e
with Di9iBuy and !!)ow. and tota//y frustrated by PayPa/2
(ther third party credit card processors :
PayPa/ Paypa/ is f/eDib/e enou9h to serve as a comp/ete bi//in9 so/ution2 *t provides a variety of
&; commerce so/utions that can be inte9rated into your 4eb site in a few easy steps2
For eDamp/e. a simp/e Bpurchase buttonC can be p/aced on your 4eb site2 (nce a visitor
decides to make a purchase. a// they have to do is c/ick on the button and submit their
information2 That button sends the re@uest to PayPa/Js back end where it processes the entire
transaction for you2 And if your business se//s mu/tip/e products and services. PayPa/ can even
provide you with a shoppin9 cart so/ution free of char9e2
!/ick bank To use !/ick Bank you must:
A9ree to se// us access to your di9ita/ product2 P/ace a LBuy *t At !/ick BankL button on your
web site2 (ffer detai/ed technica/ support pa9es for your product at your web site2
,ou can set the su99ested retai/ price for your product2 &ach time we se// your product. we pay
you -and the affi/iate. if any0 that retai/ price /ess W% Z $2AY2 !/ick Bank has a one;time W8"2"A
activation fee. and no month/y fees2
Basic Re@uirements
!/ick Bank on/y /ists specific types of products2 A// products must be:
De/iverab/e entire/y over the internet via web pa9es. down/oadab/e fi/es. or emai/2
De/iverab/e to every customer within #8 hours of purchase2
Backed by a va/id customer support emai/ address. to which payin9 customers and !/ick Bank
staff
!2T3*,A)&S4ARA).
AP5BA
8
$
!"#$
%
&'&!TR()*!
!(&R!&
can send in@uiries and receive a human -non;automated0 rep/y by the end of the fo//owin9
business day2
Backed by appropriate technica/ support pa9es. written in &n9/ish. and hosted at your own web
site2
Fu//y comp/iant with +S /aw. inc/udin9 FT! Advertisin9 Ru/es and Disc/osure Ru/es Di9ibuy
Di9ibuy is an e/ectronic commerce so/ution for pub/ishers of software. shareware. e/ectronic art.
information. and data2
+sin9 Di9iBuyJs turnkey service. you can @uick/y and ineDpensive/y bui/d a secure storefront to
merchandise your products. take orders on/ine. process payments. and distribute di9ita/
products over the *nternet2
Take a /ook at Di9iBuyJs features 4e a/so offer a service for co//e9e students and facu/ty
/ookin9 to start their own di9ita/ business2
Di9iBuy +niversity is free to students and facu/ty2
*bi// DonJt 3ave An *nternet erchant AccountF
iBi// !omp/ete: As your merchant. iBi// hand/es a// bankin9. risk mana9ement. affi/iate
mana9ement and customer service issues for c/ients se//in9 products and services on the
*nternet2
*n addition. iBi// !omp/ete offers the most comprehensive payment options on the web. inc/udin9
credit cards. on/ine checks. and te/ephone bi//in92
A/ready 3ave or 4ant an *nternet erchant AccountF iBi// Processin9 P/us : Serves the needs
of merchants who mana9e their business with an individua/ *nternet merchant account hand/in9
their own customer service2
iBi// provides transaction processin9. fraud contro/. business reportin9 too/s. subscription
capabi/ity. shoppin9 cart functiona/ity. and affi/iate mana9ement2
ccnow Are you an independent business with 9reat products to se//F 'et !!)ow assist you in
se//in9 on/ine so that you have the time to mana9e the rest of your business2
!!)ow is the perfect /ow cost so/ution to se//in9 your products on/ine2 'earn how !!)ow he/ps
business find customers on/ine
82 4hat is &;!ashF
&;!ash represents severa/ different types of products2 This section eDp/ores the different types
of e;cash products and how each functions2 The pros and cons of e;cash versus competin9
products is a/so eDamined2
4hi/e many different companies are rushin9 to offer di9ita/ money products. current/y e;cash is
cash is represented by two mode/s2 (ne is the on;/ine form of e;cash -introduced by Di9i!ash0
which a//ows for the comp/etion of a// types of internet transactions2 The other form is off;/ineP
essentia//y a di9ita//y encoded card that cou/d be used for many of the same transactions as
cash2 This off;/ine version -which a/so has on;
!2T3*,A)&S4ARA).
AP5BA
8H
!"#$%
&'&!TR()*!
!(&R!&
/ine capabi/ities0 is bein9 tested by ondeD in partnership with various banks2
The primary function of e;cash is to faci/itate transactions on the *nternet2 any of these
transactions may be sma// in siKe and wou/d not be cost efficient throu9h other payment
mediums such as credit cards2 Thus. 444 sites in the future may char9e W12%1 a visit. or
W12#A to down/oad a 9raphics fi/e2 These types of payments. turnin9 the *nternet into a
transaction oriented forum. re@uire mediums that are easy. cheap -from a merchants
perspective0. private -see Privacy0. and secure -see Security02 &/ectronic !ash is the natura/
so/ution. and the companies that are pioneerin9 these services c/aim that the products wi// meet
the stated criteria2 By providin9 this type of payment mechanism. the incentives to provide
worthwhi/e services and products via the *nternet shou/d increase2 Another prospective
beneficiary from these deve/opments wou/d be Shareware providers. since current/y they rare/y
receive payments2 To comp/ete the di9ita/ money revo/ution an off/ine product is a/so re@uired
for the pocket money5chan9e that most peop/e must carry for sma// transactions -e292 buyin9 a
newspaper. buyin9 a cup of coffee. etc22202
The concept of e/ectronic money is at /east a decade o/d2 T3ewitt %""8U demonstrates that check
writin9 is a pre;cursor to &;cash2 4hen one person writes a check on his bank account and
9ives the check to another person with an account at a different bank. the banks do not transfer
currency2 The banks use e/ectronic fund transfer2 &/ectronic money. removes the midd/eman2
*nstead of re@uestin9 the banks to transfer the funds throu9h the mechanism of a check. the &;
cash user simp/y transfers the money from his bank account to the account of the receiver2
The rea/ity of &;cash is on/y s/i9ht/y more comp/icated. and these comp/ications make the
transactions both secure and private2 The user down/oads e/ectronic money from his bank
account usin9 specia/ software and stores the &;cash on his /oca/ hard drive2 To pay a 444
merchant e/ectronica//y. the &;cash user 9oes throu9h the software to pay the desired amount
from the &;cash Lwa//etL to the merchants /oca/ hard drive -Lwa//etL0 after passin9 the transaction
throu9h an &;cash bank for authenticity verification2 The merchant can then pay its bi//s5payro//
with this &;cash or up/oad it to the merchantJs hard currency bank account2 The &;cash
company makes money on each transaction from the merchant -this fee is very sma//. however0
and from roya/ties paid by banks which provide customers with &;cash software5hardware for a
sma// month/y fee2 Transactions between individua/s wou/d not be sub<ect to a fee2
&;cash tru/y 9/oba/iKes the economy. since the user can down/oad money into his cyber; wa//et
in any currency desired2 A merchant can accept any currency and convert it to /oca/ currency
when the cybercash is up/oaded to the bank account2
To the eDtent a user wants &;cash off;/ine. a// that is necessary is smart card techno/o9y2 The
money is /oaded onto the smartcard. and specia/ e/ectronic wa//ets are used to off/oad the
money onto other smartcards or direct/y to an on;/ine system2 Smartcards have been used
successfu/ in other countries for such transactions as phone ca//s for a number of years2 The
money cou/d a/so be removed from a smartcard and returned to a bank account2 Visa is
deve/opin9 a re/ated product. the stored va/ue card2 This card comes in a variety of
denominations. but functions more /ike a debit card than &;cash2
*n essence. &;cash combines the benefits of other transaction mediums2 Thus. it is simi/ar to
debit5credit cards. but &;cash a//ows individua/s to conduct transactions with each other2 *t is
simi/ar to
!2T3*,A)&S4ARA).
AP5BA
8
"
!"#$
%
&'&!TR()*!
!(&R!&
persona/ checks. but it is feasib/e for very sma// transactions2 4hi/e it appears superior to other
forms. &; cash wi// not comp/ete/y rep/ace paper currency2 +se of &;cash wi// re@uire specia/
hardware. and whi/e most peop/e wi// have access. not a// wi//2 3owever. &;cash presents
specia/ cha//en9es for the eDistin9 Lmidd/emenL of the current paper currency society2 ore and
more. banks and other financia/ intermediaries wi// serve simp/y as storehouses for money.
/enders. and processin95verifyin9 e/ectronic transactions2 Persona/ interaction with a te//er. or
even visits to a bank AT wi// become obso/ete2 A// one wi// have to do is turn on his computer2
&;!ash Security
b2Security is of eDtreme importance when dea/in9 with monetary transactions2 Faith in the
security of the medium of eDchan9e. whether paper or di9ita/. is essentia/ for the economy to
function2
There are severa/ aspects to security when dea/in9 with &;cash2 The first issue is the security of
the transaction2 3ow does one know that the &;cash is va/idF &ncryption and specia/ seria/
numbers are suppose to a//ow the issuin9 bank to verify -@uick/y0 the authenticity of &;cash2
These methods are susceptib/e to hackers. <ust as paper currency can be counterfeited2
3owever. promoters of &;cash point out that the encryption methods used for e/ectronic money
are the same as those used to protect nuc/ear weapon systems2 The encryption security has to
a/so eDtend to the smartcard chips to insure that they are tamper resistant2 4hi/e it is feasib/e
that a system wide breach cou/d occur. it is hi9h/y un/ike/y2 Eust as the Federa/ 7overnment
keeps a step ahead of the counterfeiters. crypto9raphy stays a step ahead of hackers2
Physica/ security of the &;cash is a/so a concern2 *f a hard drive crashes. or a smartcard is /ost.
the &; cash is /ost2 *t is <ust as if one /ost a paper currency fi//ed wa//et2 The industry is sti//
deve/opin9 ru/es5mechanisms for dea/in9 with such /osses.but for the most part. &;cash is bein9
treated as paper cash in terms of physica/ security2 !ompanies are makin9 some eDceptions
when it comes to a software5hardware fai/ure. but these are supposed to be rare2 To he/p
customers 9et used to this concept. most companies are /imitin9 &;cash wa//ets to WA11.
ref/ectin9 the primary use of &;cash for /ow va/ue transactions2 There is a benefit to &;cash in
the area of theft. however2 A mu99er or pickpocket wou/d not be ab/e to make use of anotherJs
smartcard without the appropriate password2 erchants shou/d a/so /ose /ess cash to emp/oyee
theft. since the e/ectronic cash wi// be inaccessib/e -or. at a minimum. traceab/e02
The u/timate area of security is faith in the currency2 This. however. wou/d sti// be the
responsibi/ity of the Federa/ 7overnment on a systemic basis2 &ssentia//y. the &;cash is mere/y
a representation of hard currency on deposit at banks2 Thus. faith in the system shou/d not
fa/ter2
&;!ash Privacy
c2 Transactions invo/vin9 paper currency are difficu/t to trace2 *f di9ita/ money is to rep/ace paper
currency. it must retain certain aspects of this @ua/ity2
As information techno/o9ies eDpand. privacy becomes of 9reater concern2 Peop/e are rea/iKin9
that with every credit card transaction. corporate databases are becomin9 /ar9er and /ar9er2 By
usin9 paper currency. peop/e are ab/e to eDc/ude themse/ves from these databases2 Therefore.
for e;cash to be effective. it must maintain this privacy function2
!2T3*,A)&S4ARA).
AP5BA
A1
!"#$%
&'&!TR()*!
!(&R!&
Di9i!ash c/aims it has deve/oped a system that provides privacy for the user without sacrificin9
security for the receiver2 *f a system is comp/ete/y private. the merchant has no way of verifyin9
the va/idity of the e/ectronic money2 The user wou/d a/so be unab/e to have a receipt for the
transaction2 3owever. Di9i!ash uti/iKes a one;sided si9nature2 Basica//y. the user keeps record
of payments made. but the merchant on/y receives enou9h information to a//ow his bank to
verify the authenticity of the &;cash2
This si9nature process is a/so suppose to deter the crimina/ e/ement of cash transactions2 Since
a record of the transaction is created and kept -by the payee0. eDtortion. bribes. or other i//e9a/
transactions shou/d occur /ess fre@uent/y2
&;!ash Re9u/ation
A new medium of eDchan9e presents new cha//en9es to eDistin9 /aws2 'ar9e/y. the /aws and
systems used to re9u/ate paper currency are insufficient to 9overn di9ita/ money2
The /e9a/ cha//en9es of &;cash entai/ concerns over taDes and currency issuers2 *n addition.
consumer /iabi/ity from bank cards wi// a/so have to be addressed
-current/y WA1 for credit cards02 &;cash removes the intermediary from currency transactions.
but this a/so removes much of the re9u/ation of the currency in the current system2
TaD @uestions immediate/y arise as to how to prevent taD evasion at the income or consumption
/eve/2 *f cash;/ike transactions become easier and /ess cost/y. monitorin9 this potentia/
under9round economy may be eDtreme/y difficu/t. if not impossib/e. for the *RS2
The more dauntin9 /e9a/ prob/em is contro//in9 a potentia/ eDp/osion of private currencies2 'ar9e
institutions that are hand/in9 many transactions may issue e/ectronic money in their own
currency2 The currency wou/d not be backed by the fu// faith of the +nited States. but by the fu//
faith of the institution2 This is not a prob/em with paper currency. but unti/ the /e9a/ system
catches up with the di9ita/ wor/d. it may present a prob/em with cybercash2
A2 &Dp/ain Di9ita/ 4a//etF
Definition
&/ectronic wa//et -& ;wa//et0 is a software component in which a user stores credit card numbers
and other persona/ information2 4hen shoppin9 on/ine. the user simp/y c/icks the e;wa//et to
automatica//y fi// in the information needed to make a purchase -Turban2 #118:8""02
&;wa//et is basica//y another on/ine payment scheme that functions as a carrier of e;cash. in the
same way that a wa//et is used to carry rea/ cash for doin9 a physica/ transaction in an actua/
shop2 The purpose is to offer a secure and easy means of on/ine payment -Awad. #11?:8"#02
Four steps of usin9 &;wa//et
!2T3*,A)&S4ARA).
AP5BA
A
%
!"#$
%
&'&!TR()*!
!(&R!&
a2Decide on an on/ine shop website2
b2Down/oad the wa//et form from the website and fi// out the persona/ information such as credit
number. phone number. and address2 By fi//in9 out the detai/s once. persona/ information wi// be
comp/eted automatica//y when customers c/ick the &;wa//et when purchasin9 in the future2
c2Fi// out the persona/ information as to where customers want merchandise to be shipped2
d24hen customers are ready to buy. one way is to c/ick the &;wa//et button to eDecute the
processP or dra9 information out of the wa//et and drop it into the on/ine form2
!ooperatin9 companies
The &/ectronic !ommerce ode/in9 'an9ua9e -&!'0 is an or9aniKationa/ attempt to set
standards for e;wa//et vendors in the industry2 *t provides 9uide/ines for 4eb merchandise in
eDchan9in9 data for shippin9. bi//in9. and payment between users and merchants2 Supportin9
companies inc/ude: American &Dpress. America (n/ine. Brodia. !ompa@ !omputer.
!yber!ash. Discover. *B. aster!ard *nternationa/. icrosoft. )ove//. Sun icrosystems and
Visa *nternationa/ -!asse/man. #11102
(ther on;/ine merchants who use e;wa//et mode and support &!' inc/ude %H11;Batteries.
Beyond2com. De// !omputer. Fashion2com. 3ea/thshop2com. )ordstrom . (maha Steaks. and
Ree/2com -!asse/man. #11102
Advanta9es and disadvanta9es
Eupiter !ommunications report that #$Y of on/ine buyers abandon orders before checkin9 out
because of the hass/e of fi//in9 out forms -7raphic Arts onth/y. %"""02 &;wa//et shortens and
simp/ifies the process of repeated/y fi//in9 out detai/ed information. in a save environment2
!ustomers not on/y save time but a/so have contro/ of persona/ data by bein9 ab/e to dra9 the
proper card from the &;wa//et pop;up screen -Quinton. %""":?#02
3owever. the drawback is that users must down/oad the wa//et form and software. after the
down/oad is comp/ete. the wa//et is insta//ed as a p/u9;in or Active6 contro/ which is within a
browser that must a/so be insta//ed2 browser -=erstetter. %""H:%102
&;wa//et in the future
Due to the popu/arity of the mobi/e phone. mobi/e phone bi// payments wi// predictab/y increase
in the future2 *n Scandinavian countries such as Fin/and and Sweden. it is estimate that over
:1Y of the popu/ation has mobi/e phones and a/ready has wire/ess mobi/e devices to pay for
everyday purchases -Rayport and Eaworski. #11#:A:$02
!2T3*,A)&S4ARA).
AP5BA
A#
!"#$%
&'&!TR()*!
!(&R!&
&4a//et Definition
e4a//et is a system that stores a customerJs data for easy retrieva/ for on/ine purchases2 Since
comp/etin9 forms as part of an e;tai/ transaction can be a reason for abortin9 a transaction. an
e4a//et service can reduce this inconvenience for the consumer2
:2 &Dp/ain Di9ita/ !urrencies and Payment SystemsF -a/so known as e/ectronic cash. e/ectronic
currency. di9ita/ money. di9ita/ cash or di9ita/ currency0
&/ectronic money -a/so known as e/ectronic cash. e/ectronic currency. di9ita/ money. di9ita/ cash
or di9ita/ currency0 refers to money or scrip which is eDchan9ed on/y e/ectronica//y2 Typica//y.
this invo/ves use of computer networks. the internet and di9ita/ stored va/ue systems2 &/ectronic
Funds Transfer -&FT0 and direct deposit are eDamp/es of e/ectronic money2 A/so. it is a
co//ective term for financia/ crypto9raphy and techno/o9ies enab/in9 it2
4hi/e e/ectronic money has been an interestin9 prob/em for crypto9raphy -see for eDamp/e the
work of David !haum and arkus Eakobsson0. to date. use of di9ita/ cash has been re/ative/y
/ow;sca/e2 (ne rare success has been 3on9 =on9Js (ctopus card system. which started as a
transit payment system and has 9rown into a wide/y used e/ectronic cash system2 Another
success is !anadaJs *nterac network. which in #111 at retai/ -in !anada0 surpassed cash T%U as
a payment method2 Sin9apore a/so has an e/ectronic money imp/ementation for its pub/ic
transportation system -commuter trains. bus. etc0. which is very simi/ar to 3on9 =on9Js (ctopus
card and based on the same type of card -Fe/i!a02 a 9ood way to earn money easy. is noisin9
to buD. that pays you for see websites2 <oin here22
A/ternative systems
Technica//y e/ectronic or di9ita/ money is a representation. or a system of debits and credits.
used -but not /imited to this0 to eDchan9e va/ue. within another system. or itse/f as a stand a/one
system. on/ine or off/ine2 A/so sometimes the term e/ectronic money is used to refer to the
provider itse/f2 A private currency may use 9o/d to provide eDtra security. such as di9ita/ 9o/d
currency2 An e;currency system may be fu//y backed by 9o/d -/ike e;9o/d and c;9o/d0. non;9o/d
backed -/ike eee!urrency0. or both 9o/d and non;9o/d backed -/ike e;Bu//ion and 'iberty
Reserve02
any systems wi// se// their e/ectronic currency direct/y to the end user. such as Paypa/ and
4eboney. but other systems. such as e;9o/d. se// on/y throu9h third party di9ita/ currency
eDchan9ers2
*n the case of (ctopus !ard in 3on9 =on9. deposits work simi/ar/y to banksJ2 After (ctopus
!ard 'imited receives money for deposit from users. the money is deposited into banks. which
is simi/ar to debit; card;issuin9 banks redepositin9 money at centra/ banks2
Some community currencies. /ike some '&TS systems. work with e/ectronic transactions2
!yc/os Software a//ows creation of e/ectronic community currencies2
Ripp/e monetary system is a pro<ect to deve/op a distributed system of e/ectronic money
independent of /oca/ currency2
!2T3*,A)&S4ARA).
AP5BA
A
?
!"#$
%
&'&!TR()*!
!(&R!&
Virtua/ debit cards
Various companies now se// V*SA. astercard or aestro debit cards. which can be rechar9ed
via e/ectronic money systems2 This system has the advanta9e of 9reater privacy if a card
provider is /ocated offshore. and 9reater security since the c/ient can never be debited more
than the va/ue on the prepaid card2 Such debit cards are a/so usefu/ for peop/e who do not have
a bank account2 7enera//y cards can be rechar9ed with either e;9o/d. e;Bu//ion. 4eboney. or
via a wire transfer2
Advanta9es
ost money in todaySs wor/d is e/ectronic. and tan9ib/e cash is becomin9 /ess fre@uent2 4ith the
introduction of internet 5 on/ine bankin9. debit cards. on/ine bi// payments and internet business.
paper money is becomin9 a thin9 of the past2
Banks now offer many services whereby a customer can transfer funds. purchase stocks.
contribute to their retirement p/ans -such as !anadian RRSP0 and offer a variety of other
services without havin9 to hand/e physica/ cash or che@ues2 !ustomers do not have to wait in
/inesP this provides a /ower;hass/e environment2
Debit cards and on/ine bi// payments a//ow immediate transfer of funds from an individua/Js
persona/ account to a businessJs account without any actua/ paper transfer of money2 This
offers a 9reat convenience to many peop/e and businesses a/ike2
Disadvanta9es
A/thou9h there are many benefits to di9ita/ cash. there are a/so many si9nificant disadvanta9es2
These inc/ude fraud. fai/ure of techno/o9y. possib/e trackin9 of individua/s and /oss of human
interaction2
Fraud over di9ita/ cash has been a pressin9 issue in recent years2 3ackin9 into bank accounts
and i//e9a/ retrieva/ of bankin9 records has /ed to a widespread invasion of privacy and has
promoted identity theft2 Tcitation neededU
There is a/so a pressin9 issue re9ardin9 the techno/o9y invo/ved in di9ita/ cash2 Power fai/ures.
/oss of records and undependab/e software often cause a ma<or setback in promotin9 the
techno/o9y2 Tcitation neededUPrivacy @uestions have a/so been raisedP there is a fear that the
use of debit cards and the /ike wi// /ead to the creation by the bankin9 industry of a 9/oba/
trackin9 system2 Some peop/e are workin9 on anonymous ecash to try to address this issue2
The issue of providin9 anonymity to users itse/f introduces more prob/ems. howeverP there is the
distinct possibi/ity that a fu//y anonymous di9ita/ cash system cou/d permit the Lperfect crimeL ;
i2e2. where a crimina/ uses someone e/seJs e/ectronic cash to make a payment. but cannot be
traced ; to occur2 For this reason. Jrevokab/e anonymityJ is a su99ested so/ution: a user is fu//y
anonymous unti/ they commit some crime. at which point authorisation is 9iven for their identity
to be revea/ed2 3owever. critics of this po/icy point out that the anonymous users wi// never be
cau9ht and he/d tria/ -thus their identity wi// never be revea/ed0 without tracin92Tcitation neededU
Future evo/ution
The main focuses of di9ita/ cash deve/opment are %0 bein9 ab/e to use it throu9h a wider ran9e
of hardware such as secured credit cardsP and #0 /inked bank accounts that wou/d 9enera//y be
used over an
!2T3*,A)&S4ARA).
AP5BA
A8
!"#$% &'&!TR()*!
!(&R!&
internet means. for eDchan9e with a secure micropayment system such as in /ar9e corporations
-PayPa/02
Furtherin9 network evo/ution in terms of the use of di9ita/ cash. a company named Di9i!ash is
at the focus of creatin9 an e;cash system that wou/d a//ow issuers to se// e/ectronic coins at
some va/ue2 4hen they are purchased they come under someoneSs own name and are stored
on his computer or under his on/ine identity2 At a// times. the e;cash is /inked to the e;cash
company and a// transactions 9o throu9h it. so the e; cash company secures anythin9 that is
purchased2 (n/y the company knows your information and wi// proper/y direct purchases to your
/ocation2
Theoretica/ deve/opments in the area of decentra/iKed money are underway that may riva/
traditiona/. centra/iKed money2 Systems of accountin9 such as A/truistic &conomics are
emer9in9 that are entire/y e/ectronic. and can be more efficient and more rea/istic because they
do not assume a Kero;sum transaction mode/2
:2 &Dp/ain Secure &/ectronic Transaction -S&T0 F
Secure &/ectronic Transaction -S&T0 is a standard protoco/ for securin9 credit card transactions
over insecure networks. specifica//y. the *nternet2 S&T is not itse/f a payment system. but rather
a set of security protoco/s and formats that enab/es users to emp/oy the eDistin9 credit card
payment infrastructure on an open network in a secure fashion2
S&T was deve/oped by V*SA and aster!ard -invo/vin9 other companies such as 7T&. *B.
icrosoft. )etscape. RSA and VeriSi9n0 startin9 in %"":2
S&T is based on 62A1" certificates with severa/ eDtensions2 S&T uses a b/indin9 a/9orithm that.
in effect. /ets merchants substitute a certificate for a userJs credit;card number2 This a//ows
traders to credit funds from c/ientsJ credit cards without the need of the credit card numbers2
S&T makes use of crypto9raphic techni@ues such as di9ita/ certificates and pub/ic key
crypto9raphy to a//ow parties to identify themse/ves to each other and eDchan9e information
secure/y2
S&T was heavi/y pub/iciKed in the /ate %""1Js as the credit card approved standard. but fai/ed to
win market share2 Reasons for this inc/ude:
)etwork effect ; need to insta// c/ient software -an e wa//et02
!ost and comp/eDity for merchants to offer support and comparative/y /ow cost and simp/icity of
the eDistin9. ade@uate SS' based a/ternative2
!/ient;side certificate distribution /o9istics2
S&T was said to become the de facto standard of payment method on the *nternet between the
merchants. the buyers. and the credit;card companies2 4hen S&T is used. the merchant itse/f
never has to know the credit;card numbers bein9 sent from the buyer. which provide a benefit
for e;commerce2
The S&T Protoco/
!2T3*,A)&S4ARA).
AP5BA
A
A
!"#$
%
&'&!TR()*!
!(&R!&
Peop/e today pay for on/ine purchases by sendin9 their credit card detai/s to the merchant2 A
protoco/ such as SS' or T'S keeps the card detai/s safe from eavesdroppers. but does nothin9
to protect merchants from dishonest customers or vice;versa2 S&T addresses this situation by
re@uirin9 cardho/ders and merchants to re9ister before they may en9a9e in transactions2 A
cardho/der re9isters by contactin9 a certificate authority. supp/yin9 security detai/s and the
pub/ic ha/f of his proposed si9nature key2 Re9istration a//ows the authorities to vet an app/icant.
who if approved receives a certificate confirmin9 that his si9nature key is va/id2 A// orders and
confirmations bear di9ita/ si9natures. which provide authentication and cou/d potentia//y he/p to
reso/ve disputes2
A S&T purchase invo/ves three parties: the cardho/der. the merchant. and the payment 9ateway
-essentia//y a bank02 The cardho/der shares the order information with the merchant but not with
the payment 9ateway2 3e shares the payment information with the bank but not with the
merchant2 A set dua/ si9nature accomp/ishes this partia/ sharin9 of information whi/e a//owin9 a//
parties to confirm that they are hand/in9 the same transaction2 The method is simp/e: each party
receives the hash of the withhe/d information2 The cardho/der si9ns the hashes of both the order
information and the payment information2 &ach party can confirm that the hashes in their
possession a9rees with the hash si9ned by the cardho/der2 *n addition. the cardho/der and
merchant compute e@uiva/ent hashes for the payment 9ateway to compare2 3e confirms their
a9reement on the detai/s withhe/d from him2 A// parties are protected2 erchants do not
norma//y have access to credit card numbers2 oreover. the mere possession of credit card
detai/s does not enab/e a crimina/ to make a S&T purchaseP he needs the cardho/derSs
si9nature key and a secret number that the cardho/der receives upon re9istration2
The crimina/ wou/d have better /uck with traditiona/ frauds. such as orderin9 by te/ephone2 *t is a
pity that other features of S&T -presumab/y demanded by merchants0 weaken these properties2
A merchant can be authoriKed to receive credit card numbers and has the option of acceptin9
payments 9iven a credit card number a/one2 S&T is a fami/y of protoco/s2 The five main ones
are cardho/der re9istration. merchant re9istration. purchase re@uest. payment authoriKation. and
payment capture2 There are many minor protoco/s. for eDamp/e to hand/e errors2 S&T is
enormous/y more comp/icated than SS'. which mere/y ne9otiates session keys between the
cardho/derSs and merchantSs *nternet service providers2 Because of this comp/eDity. much of
which is unnecessary. the protoco/ is hard/y used2 3owever. S&T contains many features of
interest: > The mode/ is unusua/2 *n the re9istration protoco/s. the initiator possesses no di9ita/
proof of identity2 *nstead. he authenticates himse/f by fi/in9 a re9istration form whose format is
not specified2 Authentication takes p/ace outside the protoco/. when the cardho/derSs bank
eDamines the comp/eted form2 > The dua/ si9nature is a nove/ construction2 The partia/ sharin9
of information amon9 three peers /eads to unusua/ protoco/ 9oa/s2 > S&T uses severa/ types of
di9ita/ enve/ope2 A di9ita/ enve/ope consists of two parts: one. encrypted usin9 a pub/ic key.
contains a fresh symmetric key = and identifyin9 informationP the other. encrypted usin9 =.
conveys the fu// messa9e teDt2 Di9ita/ enve/opes keep pub/ic;key encryption to a minimum. but
the many symmetric keys comp/icate the reasonin92 ost verified protoco/s distribute <ust one or
two secrets2
Business re@uirements
Book % of the S&T specification /ists the fo//owin9 business re@uirements for secure payment
processin9 with credit cards over the *nternet and other networks:
NProvide confidentia/ity of payment and orderin9 information
N&nsure the inte9rity of a// transmitted data
NProvide authentication that a cardho/der is a /e9itimate user of a credit card account
NProvide authentication that a merchant can accept credit card transactions throu9h its
re/ationship with a financia/ institution
!2T3*,A)&S4ARA).
AP5BA
A
:
!"#$
%
&'&!TR()*!
!(&R!&
N&nsure the use of the best security practices and system desi9n techni@ues to protect a//
/e9itimate parties in an e/ectronic commerce transaction
N!reate a protoco/ that neither depends in transport security mechanisms nor prevents their use
NFaci/itate and encoura9e interoperabi/ity amon9 software and network providers
=ey features
To meet the business re@uirements. S&T incorporates the fo//owin9 features:
!onfidentia/ity of information
*nte9rity of data
!ardho/der account authentication
erchant authentication
Participants
A S&T system inc/udes the fo//owin9 participants:
!ardho/der
erchant
*ssuer
Ac@uirer
Payment 9ateway
!ertification authority
!2T3*,A)&S4ARA).
AP5BA
A
$
!"#$
%
&'&!TR()*!
!(&R!&
Transaction -#. H mark0
The se@uence of events re@uired for a transaction is as fo//ows:
NThe customer obtains a credit card account with a bank that supports e/ectronic payment and
S&T
NThe customer receives an 62A1"v? di9ita/ certificate si9ned by the bank2
Nerchants have their own certificates
NThe customer p/aces an order
NThe merchant sends a copy of its certificate so that the customer can verify that itJs a va/id
store
NThe order and payment are sent
NThe merchant re@uests payment authoriKation
NThe merchant confirms the order
NThe merchant ships the 9oods or provides the service to the customer
NThe merchant re@uests payment
H2&Dp/ain Dua/ si9natureF
An important innovation introduced in S&T is the dua/ si9nature2 The purpose of the dua/
si9nature is the same as the standard e/ectronic si9nature: to 9uarantee the authentication and
inte9rity of data2 *t /inks two messa9es that are intended for two different recipients2 *n this case.
the customer wants to send the order information -(*0 to the merchant and the payment
information -P*0 to the bank2 The merchant does not need to know the customerJs credit card
number. and the bank does not need to know the detai/s of the customerJs order2 The /ink is
needed so that the customer can prove that the payment is intended for this order2
"2 &Dp/ain S&!+R*T, PR(T(!('SF
SS' and S;3TTP
&/ectronic commerce payment protoco/s
Secure 3TTP 3TTP (ther App/ications
Secure Socket 'ayer -SS'0
Transport !ontro/ Protoco/ -T!P0
*nternet Protoco/ -*P0
S;3TTP
Define 3TTP:
3TTP is a communication protoco/ used to convey information in the 444 hyper/inked2
S;3TTP:
S;3TTP -Secure 3TTP0 is an eDtension to the 3yperteDt Transfer Protoco/ -3TTP0
that a//ows the secure eDchan9e of fi/es on the 4or/d 4ide 4eb2
&ach S;3TTP fi/e is either encrypted. contains a di9ita/ certificate. or both2 For a 9iven
document. S;
!2T3*,A)&S4ARA).
AP5BA
AH
!"#$%
&'&!TR()*!
!(&R!&
3TTP is an a/ternative to another we//;known security protoco/. Secure Sockets 'ayer -SS'02
A ma<or difference is that S;3TTP a//ows the c/ient to send a certificate to authenticate the user
whereas. usin9 SS'. on/y the server can be authenticated2 S;3TTP is more /ike/y to be used in
situations where the server represents a bank and re@uires authentication from the user that is
more secure than a userid and password2
S;3TTP does not use any sin9/e encryption system. but it does support the Rivest;Shamir;
Ad/eman pub/ic key infrastructure encryption system2
SS' works at a pro9ram /ayer s/i9ht/y hi9her than the Transmission !ontro/ Protoco/ -T!P0
/eve/2 S;3TTP works at the even hi9her /eve/ of the 3TTP app/ication2
Both security protoco/s can be used by a browser user. but on/y one can be used with a 9iven
document2 Terisa Systems inc/udes both SS' and S;3TTP in their *nternet security too/ kits2
A number of popu/ar 4eb servers support both S;3TTP and SS'2 )ewer browsers support both
SS' and S;3TTP2
S;3TTP has been submitted to the *nternet &n9ineerin9 Task Force -*&TF0 for consideration as
a standard2 Re@uest for !omments -R!Fs0 *nternet draft #::1 describes S;3TTP in detai/2
%2An &Dtension of the 444 protoco/
#2Adds security direct/y to the app/ication2
?2Basics of the 4442
82To re@uire S;3TTP to transmit a document. its +R' must be defined in the form
Shttp:55www2mcompany2com5secure2htm/
A2The browser shou/d imp/ement this protoco/-s;http0 in his e/se we cant access the s;http
document2
S;3TTP Security Features:
Add security at the app52 'eve/
(b<: wide ran9e of security mechanisms on top of the interactions b5w web browser and web
server2
Protection mechanisms inc/ude the fo//owin9:
%2Di9ita/ Si9nature #2 essa9e Authentication ?2essa9e &ncryption
*t support for many crypto9raphy formats2 inc/udin9 ;Gpub/ic key crypto9raphy .
!2T3*,A)&S4ARA).
AP5BA
A
"
!"#$
%
&'&!TR()*!
!(&R!&
private key crypto9raphy2
*t used for key distribution scheme2
Secure 3TTP Data Transport
S;3TTP encapsu/ates the 3TTP interactions between browser and server2
*t eans the bein9 sent from browser to server or server to browser is contained within a specia/
S; 3TTP chunk of data
Secure information Secure 3TTP data
-this may be encrypted0
3TT
P
heade
r
That is an s;http ms9 sent from a server to a browser inc/udes data that is BwrappedC by a
header with hand/in9 and contents information about the data2
Therefore S;3TTP 3eader Z Packa9e2
NS;3TTP &Dp/ained
o Secure 3TTP 3eader 'ines
Two important header /ines for S;3TTP
a2!ontent Type *dentifyin9 the type of content contained within the S;3TTP messa9e2
b2!ontent Privacy Domain *dentifyin9 the 9enera/ crypto9raphic imp/ementation bein9 used
S;3TTP s9 !ontents
*t is simp/e data 5http data2
The contents of an s;http ms9 are interpreted by the receivin9 entity-browser5server0 based on
[Packa9e -how the data0 is /abe/ed
[4hat =ind (f Security
S;3TTP Security )e9otiation 3eaders
Four different issues are ne9otiated between server and browser:
!2T3*,A)&S4ARA).
AP5BA
:1
!"#$%
&'&!TR()*!
!(&R!&
a2Property ;G 4hat =ind of Security (ption is bein9 se/ected -crypto9raphy scheme0 to app/y to
a transfer2
b2Va/ue ;G imp/ementation
c2Direction ;G security enhanced transmission between server and browser2
d2Stren9th ; G how stron9/y ne9otiated
This are used to transfer data in a secure manner2
Re/ated Protoco/ &Dtensions
Data is re@uested R de/ivered across the 444 usin9 3TTP and S;3TTP2
Two other important protoco/s are there - without which the 444 wou/d not eDist0
a2+R' protoco/ definin9 the syntaD of web documents and /ocations2
b23T' protoco/ definin9 the syntaD of the document themse/ves2
%12 &Dp/ain Secure Sockets 'ayer-SS'0 F
Transport 'ayer Security -T'S0 and its predecessor. Secure Sockets 'ayer -SS'0. are
crypto9raphic protoco/s that provide secure communications on the *nternet for such thin9s as
web browsin9. e ;mai/. *nternet faDin9. instant messa9in9 and other data transfers2 There are
s/i9ht differences between SS' and T'S. but the protoco/ remains substantia//y the same2 The
term LT'SL as used here app/ies to both protoco/s un/ess c/arified by conteDt2
\G
)etscape !ommunications has proposed a protoco/ for providin9 data security /ayered between
hi9h; /eve/ app/ication protoco/s and T!P5*P2 This Security protoco/. ca//ed ss/2 Provides data
encryption. server authentication. messa9e inte9rity. and optiona/ c/ient authentication for a
T!P5*P connection2
!2T3*,A)&S4ARA).
AP5BA
:
%
!"#$
%
&'&!TR()*!
!(&R!&
4&B S&!+R*T, 'A,&RS
&/ectronic commerce app/ications
S;3TTP
T!P > based app/ication protoco/
-3TTP.STP.))TP0 SS'
*P
SS' provides a security B3andshakeC to initiate the T!P5*P connection
This handshake resu/ts in the c/ient R server a9reein9 on the /eve/ of security they wi// use R
fu/fi// any authentication re@uirements for the connection2
Ro/e of the SS':
*s to encrypt and decrypt the ms9 stream2
This protoco/ fu//y encrypts a// the information in both the 3TTP re@uest and 3TTP response
-+R'. credit card numbers. username and pwd0 and a// the data returned from the server to the
c/ient2
To re@uire SS' to transmit a document. its +R' must be defined in the form
:https:55www2mcompany2com5secure2htm/
)(T&:
*f the browser was imp/emented by S;3TTP R SS' protoco/ means we can view the webpa9e
S; 3TTP . SS' and 3TTP documents2 &/se we can view on/y 3TTP document2
SS' Record Specification:
*t encapsu/ates the data transmitted between server and the c/ient in an SS' R&!(RD2
3owever. the SS' header is on/y two or three bytes /on9P it is primari/y used to indicate how
much data has been encapsu/ated and whether that inc/udes data paddin9 to fi// out the SS'
record2
Data Paddin9 is often necessary to make sure that the Brea/C data can be proper/y encrypted
with certain types of cipher2
*nitiatin9 an SS' Session
An SS' session be9ins after the T!P session is initiated2 SS' uses a handshakin9 protoco/.
with the c/ient and the software eDchan9in9 specific pieces of information in order to bui/d a
secure channe/ for transmittin9 data2
!2T3*,A)&S4ARA).
AP5BA
:#
!"#$%
&'&!TR()*!
!(&R!&
The very first eDchan9e between c/ient and server is in p/ain teDt and contains enou9h
information for the two systems to initiate an encrypted and authenticated data stream2
The SS' c/ient and server eDchan9e information in a connection openin9 handshake se@uence
before openin9 the secure channe/2
a2 !/ient to the Server
S7: c/ient;he//o-cha//en9e data and cipher specifications0 b2 Server to
the !/ient
Server;he//o-connection *D. pub/ic key certificate. cipher specifications0 c2 !/ient to the
Server
Two ms9s2
%2c/ient ; master;key-encrypted master key0
#2 c/ient > finish -connection *D. encrypted0 d2
Server to the !/ient
Two ms9s:
%2server ; verify -encrypted cha//en9e data0
#2server > finish -session *D0
Because 3TTP ZSS'-https0 and http are different protoco/s and typica//y reside on different
ports -88? and H1. respective/y0. the same server system can run both secure and insecure
3TTP servers simu/taneous/y2 This means that 3TTP can provide some information to a// users
usin9 no security. and https can provide information on/y secure/y2 For. instance. the Bstore
;frontC and merchandise cata/o9 cou/d be insecure and the orderin9 payment forms cou/d be
secure2
Browsers who do not imp/ement support for 3TTP over SS' wi// not be ab/e to access https
+R's2
!2T3*,A)&S4ARA).
AP5BA
:
?
!"#$
%
&'&!TR()*!
!(&R!&
+)*T > *V
PART > A
%2 4hat is &;!ommerce Providers F
&;com providers are those who make enou9h preparations or arran9ements for the business via
the internet2 They use the /atest and apt techno/o9ies so that they can be successfu/ to best
adapt the internet business environment2
&D2 Visa . master card
#2 4hat is (n/ine !ommerce (ptions F
4hen customers order products e/ectronica//y they shou/d not make any choices or any specia/
arran9ements2 So the merchants shou/d on/y make arran9ements for the products that he is
9oin9 to se// via the net that is with the basic re@uirements the customers shou/d be ab/e to
order products2
For this purpose Banks and other financia/ institutions are workin9 with companies /ike
cybercash. first virtua/. netscape. icrosoft and others in an effort to produce payment system
for consumers and merchant a/ike2
?2 4hat is !onsumer choices F
!onsumers can opt to do nothin9 beyond 9ettin9 a web browser that supports the secure
eDchan9e of transaction info2 +sin9 either SS' or S3TTP protoco/s2
This may prove sufficient for many consumer needs:
a2/ets the customer pay for 9oods and services by credit card2
b2*t protects the transaction from bein9 intercepted2
But his doesnSt protect the consumers from dishonest merchants2 For that consumers must be
educated2 The transaction of the amount is made with the credit cards2 But prob/ems are a/so
there with these credit cards2
c2The card we use may not be accepted by the merchant
d2Some cards may be accepted in more p/aces but not at the p/aces that we need to shop
e2e2 For security purpose we can Re9ister with a third party which wi// act as a 9o between for
the merchant and the consumer2 i2e2 he can act on beha/f of both the merchant R the consumer2
f2For consumer with sp/ bank a5c e/ectronic checkin9 or di9ita/ cash products may be a 9ood
option where the consumer encrypts the payment sett/ement into and is sent to the consumers
bank where it is decrypted2 Then the payment is sent to the merchant
!2T3*,A)&S4ARA).
AP5BA
:8
!"#$%
&'&!TR()*!
!(&R!&
82 4hat is erchant (ptionsF
a2The merchants must take 9reater care in settin9 up to accept e/ectronic payments2
b2For this we can have someone to mana9e a secure web server and set up shop there
c2There are hundreds of Be/ectronic ma//s B active on the internet on which merchants can set up
these shop2
PART > B
%2 4hat is Functions and Features of e/ectronic commerceF
The eDpectation of consumers from the e/ectronic commerce provider wi// probab/y be
NRe/iabi/ity
NSecurity
NSimp/icity
NAcceptabi/ity
Re/iabi/ity
!onsumers have come to re/y on their credit cards and char9e card companies not <ust to
eDtend
credit. but to eDtend protection a9ainst2
a2+nsourp/ous vendors
b2Thieves
c2Vicissitudes of dai/y /ife
The same kind of re/iabi/ity wi// be eDpected of e/ectronic commerce providers2
Security
a2This is a very important issue which wi// never 9o away2
b2The stron9est possib/e encryption wi// have many security /oop ho/e in it2-&ven if the stron9est
possib/e encryption is used to send payment info2 there are sti// many security ho/es02
This kind of transactions and methods used in encryption and decryption for security can be
eDposed three any no2 of non]internet attacks2
c2The dissatisfied emp/oyee with access to payment info2
d2Stora9e of payment info with insufficient security2
e2*mproper disposa/ of printed materia/2
Simp/icity
a2&;com schemes must be simp/e to achieve widespread appea/2
b2!onsumers prefer to use a sin9/e. mu/tipurpose credit card such as Visa or aster card rather
than set
!2T3*,A)&S4ARA).
AP5BA
:
A
!"#$
%
&'&!TR()*!
!(&R!&
up credit accounts with every diff retai/er they purchase from2
c2 The same 9oes for e;com schemes. if they can be made to be simp/e. pain/ess and even
more easy than transactin9 business in person. then they wi// be successfu/2
Acceptabi/ity
&;com schemes shou/d offer widespread acceptabi/ity2
A scheme that is accepted on/y by a few merchants wi// not be attractive to consumers who
donSt do business with those merchants. a scheme that few consumers have chosen wi// be one
that merchants seek out2
!onc/usion
The industry is sti// in the very ear/iest phase of its infancy and is under9oin9 rapid chan9e every
day 2 There are many companies that are invo/ved in the internet commerce area2 Some of
them are workin9 to9ether. whi/e others are competin9. the on/y certainty is that B Thin9s wi//
!han9eOOOC
#2 &Dp/ain FV*PS-F*RST V*RT+A' *)T&R)&T PA,&)T S,ST&0F
First Virtua/ was one of the first *nternet payment systems to be avai/ab/e to the pub/ic.
becomin9 fu//y operationa/ in (ctober of %""82 A main 9oa/ of this company was to create an
*nternet payment system that was easy to use2 )either buyers nor se//ers are re@uired to insta//
new software. -thou9h automated sa/e processin9 software is avai/ab/e02 *f you have access to
*nternet emai/. you can se// or buy over the *nternet usin9 the First Virtua/ System2
The First Virtua/ payment system is uni@ue in that it does not use encryption2 A fundamenta/
phi/osophy of their payment system is that certain information shou/d not trave/ over the *nternet
because it is an open network2 This inc/udes credit card numbers2 *nstead of usin9 credit card
numbers. transactions are done usin9 a First Virtua/P*) which references the buyerJs First
Virtua/ account2 These P*) numbers can be sent over the *nternet because even if they are
intercepted. they cannot be used to char9e purchases to the buyerJs account2 A personJs
account is never char9ed without emai/ verification from them acceptin9 the char9e2
Their payment system is based on eDistin9 *nternet protoco/s. with the backbone of the system
desi9ned around *nternet emai/ and the *& -u/tipurpose *nternet ai/ &Dtensions0 standard2
First Virtua/ uses emai/ to communicate with a buyer to confirm char9es a9ainst their account2
Se//ers use either emai/. Te/net. or automated pro9rams that make use of First Virtua/Js Simp/e
*& &Dchan9e Protoco/ -S6P0 to verify accounts and initiate payment transactions2
The fo//owin9 steps occur durin9 a sa/e when usin9 the First Virtua/ payment system:
erchant re@uests buyerJs First Virtua/P*) -usua//y throu9h a form on a 444 pa9e02
erchant can then check whether the Virtua/P*) actua//y be/on9s to a rea/ First Virtua/ account
!2T3*,A)&S4ARA).
AP5BA
::
!"#$%
&'&!TR()*!
!(&R!&
that is in 9ood standin92 erchants can verify accounts by usin9 the fo//owin9 pro9ramsP Fin9er.
Te/net. emai/. or the FV]AP* uti/ity2
)ote ; Verifyin9 the account is an optiona/ step in the sa/e process2
The merchant then initiates a payment transaction throu9h First Virtua/2 This payment
transaction is initiated by sendin9 the fo//owin9 information either by emai/.
Te/net. or a S6P enab/ed pro9ram to First Virtua/P
BuyerJs First Virtua/P*) erchantJs First Virtua/P*)
The amount and currency of the sa/e -)ot everythin9 is processed in do//arsO0 A description of
the item for sa/e
First Virtua/ 9enerates an emai/ re@uest to the buyer to confirm the sa/e2 This emai/ re@uest
contains the fo//owin9 sa/e information:
The merchantJs fu// name The amount of the sa/e
A description of the item bou9ht
Buyer confirms sa/e by sendin9 a ,&S response to back to First Virtua/
A buyer can a/so respond )(. to state that they are unsatisfied with the item and are unwi//in9
to pay. or FRA+D. to state that they never made the purchase and someone must have sto/en
their Virtua/P*)2
*f a buyer does not respond in a reasonab/e time. their account is suspended2
First Virtua/ sends a transaction resu/t messa9e to the merchant. indicatin9 whether the buyer
accepted the char9es2
After a waitin9 period. -"% days after buyerJs credit card has been char9ed0. the amount of the
sa/e minus transaction fees are direct/y deposited into the merchantJs account2
)ote ; The "% day waitin9 period is in p/ace to protect First Virtua/ from buyers who dispute the
char9e on their credit card and have the credit card company char9eback First Virtua/ for a// or
part of the sa/e2
erchant assumes a// riskO
The First Virtua/ payment system has severa/ advanta9es and disadvanta9es over other
payment systems used on the *nternet2
Advanta9es:
)either buyer or se//er needs to insta// any software in order to use the system2
Buyers are virtua//y %11 Y protected from fraud2 )o char9es are processed a9ainst their
account without
!2T3*,A)&S4ARA).
AP5BA
:
$
!"#$
%
&'&!TR()*!
!(&R!&
their confirmation2
Purchases are essentia//y anonymous2 The merchant is never 9iven the buyerJs name from First
Virtua/2
*t is eDtreme/y easy to become a merchant. or se//er. under First Virtua/2 First Virtua/ does not
screen merchants. nor do they re@uire merchants to have a specia/ business accounts
estab/ished with a bank2 A// a person needs to se// merchandise. services. data. etc22 over the
*nternet is an ordinary checkin9 account2
First Virtua/ has very /ow processin9 fees compared to other *nternet payment schemes or even
strai9ht credit card processin92
Disadvanta9es:
erchant assumes a// riskO
&Dtreme/y /on9 waitin9 period between when a sa/e is made and when payment is deposited in
the
merchantJs account2
* stron9/y ur9e that anyone interested in /earnin9 more about First Virtua/ visit their 444 site2 *t
contains detai/ed descriptions of everythin9 invo/ved p/us the forms necessary for openin9 an
account2 They have a/so recent/y pub/ished a paper discussin9 their first year on /ine. Peri/s and
Pitfa//s of Practica/ !yber!ommerce2
?2 &Dp/ain !yber!ashF
*t was an internet payment service for e/ectronic commerce. head@uartered in Reston. Vir9inia2
*t was founded in Au9ust %""8 by Danie/ !2 'ynch -who served as chairman0 and 4i//iam )2
e/ton -who served as president and !&(. and /ater chairman02 The company initia//y provided
an e/ectronic wa//et software to consumers and provided software to merchants to accept credit
card payments2 'ater they a/so offered L!yber!oinL. a micropayment system mode/ed after the
)etBi// research pro<ect at !arne9ie e//on +niversity. which they /ater /icensed2 Despite a tria/
with &SP)2com. !yber!oin never took off. and the focus remained on providin9 software for
consumers and merchants to process credit card payments2
*n %""A. the company proposed RF! %H"H. !yber!ash !redit !ard Protoco/ Version 12H2 The
company went pub/ic on February %". %"": with the symbo/ L!,!3L and its shares rose $"Y
on the first day of tradin92
*n %""H. !yber!ash bou9ht another on/ine credit card processin9 company. *!Verify2 *n
Eanuary #111. a teena9e Russian hacker nicknamed LaDusL announced he had cracked
!yber!ashJs *!Verify app/icationP the company denied this2
(n Eanuary %. #111. !yber!ash fe// victim to the ,#= Bu9. causin9 doub/e recordin9 of credit
card payments throu9h their system2
!2T3*,A)&S4ARA).
AP5BA
:H
!"#$%
&'&!TR()*!
!(&R!&
82 4hat is &;!ommerce Providers F
&;com providers are those who make enou9h preparations or arran9ements for the business via
the internet2 They use the /atest and apt techno/o9ies so that they can be successfu/ to best
adapt the internet business environment2
&D2 Visa . mastercard
(n/ine !ommerce (ptions:
4hen customers order products e/ectronica//y they shou/d not make any choices or any specia/
arran9ements2 So the merchants shou/d on/y make arran9ements for the products that he is
9oin9 to se// via the net that is with the basic re@uirements the customers shou/d be ab/e to
order products2
For this purpose Banks and other financia/ institutions are workin9 with companies /ike
cybercash. first virtua/. netscape. icrosoft and others in an effort to produce payment system
for consumers and merchant a/ike2
!onsumer choices:
!onsumers can opt to do nothin9 beyond 9ettin9 a web browser that supports the secure
eDchan9e of transaction info2 +sin9 either SS' or S3TTP protoco/s2
This may prove sufficient for many consumer needs:
a2/ets the customer pay for 9oods and services by credit card2
b2*t protects the transaction from bein9 intercepted2
But his doesnSt protect the consumers from dishonest merchants2 For that consumers must be
educated2 The transaction of the amount is made with the credit cards2 But prob/ems are a/so
there with these credit cards2
c2The card we use may not be accepted by the merchant
d2Some cards may be accepted in more p/aces but not at the p/aces that we need to shop2
e2For security purpose we can Re9ister with a third party which wi// act as a 9o between for the
merchant and the consumer2 i2e2 he can act on beha/f of both the merchant R the consumer2
f2For consumer with sp/ bank a5c e/ectronic checkin9 or di9ita/ cash products may be a 9ood
option where the consumer encrypts the payment sett/ement into and is sent to the consumers
bank where it is decrypted2 Then the payment is sent to the merchant
erchant (ptions:
a2The merchants must take 9reater care in settin9 up to accept e/ectronic payments2
b2For this we can have someone to mana9e a secure web server and set up shop there
c2 There are hundreds of Be/ectronic ma//s B active on the internet on which merchants can set
up these shop2 4e have other options too2
d2 *n addition to secure or commerce server which supports credit card payments merchants
can a/so accept /ess fami/iar payment methods such as di9ita/ cash or e/ectronic cash2
!2T3*,A)&S4ARA).
AP5BA
:
"
!"#$
%
&'&!TR()*!
!(&R!&
!hoosin9 Functions and Features
The eDpectation of consumers from the e/ectronic commerce provider wi// probab/y be
NRe/iabi/ity
NSecurity
NSimp/icity
NAcceptabi/ity
Re/iabi/ity
!onsumers have come to re/y on their credit cards and char9e card companies not <ust to
eDtend credit. but to eDtend protection a9ainst
a2+nsourp/ous vendors
b2Thieves
c2Vicissitudes of dai/y /ife
The same kind of re/iabi/ity wi// be eDpected of e/ectronic commerce providers2
Security
a2This is a very important issue which wi// never 9o away2
b2The stron9est possib/e encryption wi// have many security /oop ho/e in it2-&ven if the stron9est
possib/e encryption is used to send payment info2 there are sti// many security ho/es02
This kind of transactions and methods used in encryption and decryption for security can be
eDposed three any no2 of non]internet attacks2
c2The dissatisfied emp/oyee with access to payment info2
d2Stora9e of payment info with insufficient security2
e2*mproper disposa/ of printed materia/2
Simp/icity
a2&;com schemes must be simp/e to achieve widespread appea/2
b2!onsumers prefer to use a sin9/e. mu/tipurpose credit card such as Visa or aster card rather
than set up credit accounts with every diff retai/er they purchase from2
c2The same 9oes for e;com schemes. if they can be made to be simp/e. pain/ess and even
more easy than
transactin9 business in person. then they wi// be successfu/2
Acceptabi/ity
&;com schemes shou/d offer widespread acceptabi/ity2
A scheme that is accepted on/y by a few merchants wi// not be attractive to consumers who
donSt do business with those merchants. a scheme that few consumers have chosen wi// be one
that merchants seek out2
!onc/usion
The industry is sti// in the very ear/iest phase of its infancy and is under9oin9 rapid chan9e every
day 2 There are many companies that are invo/ved in the internet commerce area2 Some of
them are workin9 to9ether. whi/e others are competin9. the on/y certainty is that B Thin9s wi//
!han9eOOOC
!2T3*,A)&S4ARA).
AP5BA
$1
!"#$%
&'&!TR()*!
!(&R!&
+)*T > V
()'*)& !(&R!& &)V*R()&)TS
PART > A
%2 4hat is &/ectronic Data *nterchan9e F
&/ectronic Data *nterchan9e -&D*0 is a set of standards for structurin9 information that is to be
e/ectronica//y eDchan9ed between and within businesses. or9aniKations. 9overnment entities
and other 9roups2 The standards describe structures that emu/ate documents. for eDamp/e
purchase orders to automate purchasin92 The term &D* is a/so used to refer to the
imp/ementation and operation of systems and processes for creatin9. transmittin9. and receivin9
&D* documents2
Despite bein9 re/ative/y unhera/ded. in this era of techno/o9ies such as 6' services. the
*nternet and the 4or/d 4ide 4eb. &D* is sti// the data format used by the vast ma<ority of
e/ectronic commerce transactions in the wor/d2
#2 4hat is StandardsF
7enera//y speakin9. &D* is considered to be a technica/ representation of a business
conversation between two entities. either interna/ or eDterna/2 )ote. there is a perception that
L&D*L consists of the entire e/ectronic data interchan9e paradi9m. inc/udin9 the transmission.
messa9e f/ow. document format. and software used to interpret the documents2 &D* is
considered to describe the ri9orous/y standardiKed format of e/ectronic documents2
The &D* -&/ectronic Data *nterchan9e0 standards were desi9ned to be independent of
communication and software techno/o9ies2 &D* can be transmitted usin9 any methodo/o9y
a9reed to by the sender and recipient2 This inc/udes a variety of techno/o9ies. inc/udin9 modem
-asynchronous. and bisynchronous0. FTP. &mai/. 3TTP. AS%. AS#. 4ebSphere Q. etc2 *t is
important to differentiate between the &D* documents and the methods for transmittin9 them2
4hi/e comparin9 the bisynchronous protoco/ #811 bit5s modems. !'&( devices. and va/ue;
added networks used to transmit &D* documents to transmittin9 via the *nternet. some peop/e
e@uated the non;*nternet techno/o9ies with &D* and predicted erroneous/y that &D* itse/f wou/d
be rep/aced a/on9 with the non; *nternet techno/o9ies2 These non;internet transmission methods
are bein9 rep/aced by *nternet Protoco/s such as FTP. te/net. and e;mai/. but the &D*
documents themse/ves sti// remain2
As more tradin9 partners use the *nternet for transmission. standards have emer9ed2 *n #11#.
the *&TF pub/ished RF! ???A. offerin9 a standardiKed. secure method of transferrin9 &D* data
via e;mai/2 (n Eu/y %#th. #11A. an *&TF workin9 9roup ratified RF!8%?1 for *&;based 3TTP
&D**)T -aka2 AS#0 transfers. and is preparin9 simi/ar documents for FTP transfers -aka2 AS?02
4hi/e some &D* transmission has moved to these newer protoco/s the providers of the va/ue;
added networks remain active2
!2T3*,A)&S4ARA).
AP5BA
$
%
!"#$
%
&'&!TR()*!
!(&R!&
&D* documents 9enera//y contain the same information that wou/d norma//y be found in a paper
document used for the same or9aniKationa/ function2 For eDamp/e an &D* "81 ship;from
;warehouse order is used by a manufacturer to te// a warehouse to ship product to a retai/er2 *t
typica//y has a ship to address. bi// to address. a /ist of product numbers -usua//y a +P! code0
and @uantities2 *t may have other information if the parties a9ree to inc/ude it2 3owever. &D* is
not confined to <ust business data re/ated to trade but encompasses a// fie/ds such as medicine
-e292. patient records and /aboratory resu/ts0. transport -e292. container and moda/ information0.
en9ineerin9 and construction. etc2 *n some cases. &D* wi// be used to create a new business
information f/ow -that was not a paper f/ow before02 This is the case in the Advanced Shipment
)otification -HA:0 which was desi9ned to inform the receiver of a shipment. the 9oods to be
received and how the 9oods are packa9ed2
?2 4hat are four ma<or sets of &D* standardsF
The +);recommended +)5&D*FA!T is the on/y internationa/ standard and is predominant
outside of
)orth America2
The +S standard A)S* AS! 6%# -6%#0 is predominant in )orth America2
The TRADA!(S standard deve/oped by the A)A -Artic/e )umberin9 Association0 is
predominant in
the += retai/ industry2
The (D&TT& standard used within the &uropean automotive industry
A// of these standards first appeared in the ear/y to mid %"H1s2 The standards prescribe the
formats. character sets. and data e/ements used in the eDchan9e of business documents and
forms2 The comp/ete 6%# Document 'ist inc/udes a// ma<or business documents. inc/udin9
purchase orders -ca//ed L(RD&RSL in +)5&D*FA!T and an LHA1L in 6%#0 and invoices -ca//ed
L*)V(*!L in +)5&D*FA!T and an LH%1L in 6%#02
The &D* standard says which pieces of information are mandatory for a particu/ar document.
which pieces are optiona/ and 9ive the ru/es for the structure of the document2 The standards
are /ike bui/din9 codes2 Eust as two kitchens can be bui/t Lto codeL but /ook comp/ete/y different.
two &D* documents can fo//ow the same standard and contain different sets of information2 For
eDamp/e a food company may indicate a productJs eDpiration date whi/e a c/othin9 manufacturer
wou/d choose to send co/or and siKe information2
82 4hat are SpecificationsF
(r9aniKations that send or receive documents from each other are referred to as Ltradin9
partnersL in &D* termino/o9y2 The tradin9 partners a9ree on the specific information to be
transmitted and how it shou/d be used2 This is done in human readab/e specifications -a/so
ca//ed essa9e *mp/ementation 7uide/ines02 4hi/e the standards are ana/o9ous to bui/din9
codes. the specifications are ana/o9ous to b/ue prints2 -The specification may a/so be ca//ed a
mappin9 but the term mappin9 is typica//y reserved for specific machine readab/e instructions
9iven to the trans/ation software20 'ar9er tradin9 LhubsL have eDistin9 essa9e *mp/ementation
7uide/ines which mirror their business processes for processin9 &D* and they are usua//y
unwi//in9 to modify their &D* business practices to meet the needs of their tradin9 partners2
(ften in a /ar9e company these &D* 9uide/ines wi// be written to be 9eneric enou9h to be used
by different branches or divisions and therefore wi// contain information not needed for a
particu/ar business
!2T3*,A)&S4ARA).
AP5BA
$
#
!"#$% &'&!TR()*! !(&R!&
document eDchan9e2 For other /ar9e companies. they may create separate &D* 9uide/ines for
each branch5division2
A2 4hat are TransmissionF
Tradin9 partners are free to use any method for the transmission of documents2 *n the past one
of the more popu/ar methods was the usa9e of a bisync modem to communicate throu9h a
Va/ue Added )etwork -VA)02 Some or9aniKations have used direct modem to modem
connections and Bu//etin Board Systems -BBS0. and recent/y there has been a move towards
usin9 the some of the many *nternet protoco/s for transmission. but most &D* is sti// transmitted
usin9 a VA)2 *n the hea/thcare industry. a VA) is referred to as a L!/earin9houseL2
:2 4hat are Va/ue Added )etworksF
*n the most basic form. a VA) acts as a re9iona/ post office2 They receive transactions. eDamine
the JFromJ and the JToJ information. and route the transaction to the fina/ recipient2 VA)s provide
a number of additiona/ services. e292 retransmittin9 documents. providin9 third party audit
information. actin9 as a 9ateway for different transmission methods. and hand/in9
te/ecommunications support2 Because of these and other services VA)s provide. businesses
fre@uent/y use a VA) even when both tradin9 partners are usin9 *nternet; based protoco/s2
3ea/thcare c/earin9houses perform many of the same functions as a VA). but have additiona/
/e9a/ restrictions that 9overn protected hea/thcare information2
VA)s a/so provide an advanta9e with certificate rep/acement in AS# transmissions2 Because
each node in a traditiona//y business;re/ated AS# transmission usua//y invo/ves a security
certificate. routin9 a /ar9e number of partners throu9h a
VA) can make certificate rep/acement much easier2 $2 4hat are *nternetF
+nti/ recent/y. the *nternet transmission was hand/ed by nonstandard methods between tradin9
partners usua//y invo/vin9 FTP or emai/ attachments2 There are a/so standards for embeddin9
&D* documents into 6'2 any or9aniKations are mi9ratin9 to this protoco/ to reduce costs2 For
eDamp/e. 4a/;art is now re@uirin9 its tradin9 partners to switch to the AS# protoco/2
PART > B
%2 &Dp/ain *nterpretin9 dataF
(ften missin9 from the &D* specifications -referred to as &D* *mp/ementation 7uide/ines0 are
rea/ wor/d descriptions of how the information shou/d be interpreted by the business receivin9 it2
For eDamp/e. suppose candy is packa9ed in a /ar9e boD that contains A disp/ay boDes and each
disp/ay boD contains #8 boDes of candy packa9ed for the consumer2 *f an &D* document says to
ship %1 boDes of candy it may not be c/ear whether to ship %1 consumer packa9ed boDes. #81
consumer packa9ed boDes or %#11 consumer packa9ed boDes2 *t is not enou9h for two parties
to a9ree to use a particu/ar @ua/ifier indicatin9 case. pack. boD or eachP they must a/so a9ree on
what that particu/ar @ua/ifier means2
!2T3*,A)&S4ARA).
AP5BA
$?
!"#$%
&'&!TR()*!
!(&R!&
&D* trans/ation software provides the interface between interna/ systems and the &D* format
sent5received2 For an LinboundL document the &D* so/ution wi// receive the fi/e -either via a
Va/ue Added )etwork or direct/y usin9 protoco/s such as FTP or AS#0. take the received &D* fi/e
-common/y referred to as a Lmai/ba9L0. va/idate that the tradin9 partner who is sendin9 the fi/e is
a va/id tradin9 partner. that the structure of the fi/e meets the &D* standards and that the
individua/ fie/ds of information conforms to the a9reed upon standards2 Typica//y the trans/ator
wi// either create a fi/e of either fiDed /en9th. variab/e /en9th or 6' ta99ed format or LprintL the
received
&D* document -for non; inte9rated &D* environments02 The neDt step is to convert5transform the
fi/e that the trans/ator creates into a format that can be imported into a companyJs back;end
business systems or &RP2 This can be accomp/ished by usin9 a custom pro9ram. an inte9rated
proprietary LmapperL or to use an inte9rated standards based 9raphica/ LmapperL usin9 a
standard data transformation /an9ua9e such as 6S'T2 The fina/ step is to import the
transformed fi/e -or database0 into the companyJs back;end enterprise resource p/annin9 -&RP02
For an LoutboundL document the process for inte9rated &D* is to eDport a fi/e -or read a
database0 from a companyJs back;end &RP. transform the fi/e to the appropriate format for the
trans/ator2 The trans/ation software wi// then Lva/idateL the &D* fi/e sent to ensure that it meets
the standard a9reed upon by the tradin9 partners. convert the fi/e into L&D*L format -addin9 in
the appropriate identifiers and contro/ structures0 and send the fi/e to the tradin9 partner -usin9
the appropriate communications protoco/02
Another critica/ component of any &D* trans/ation software is a comp/ete LauditL of a// the steps
to move business documents between tradin9 partners2 The audit ensures that any transaction
-which in rea/ity is a business document0 can be tracked to ensure that they are not /ost2 *n case
of a retai/er sendin9 a Purchase (rder to a supp/ier. if the Purchase (rder is L/ostL anywhere in
the business process. the effect is devastatin9 to both businesses2 To the supp/ier. they do not
fu/fi// the order as they have not received it thereby /osin9 business and dama9in9 the business
re/ationship with their retai/ c/ient2 For the retai/er. they have a stock outa9e and the effect is /ost
sa/es. reduced customer service and u/timate/y /ower profits2
*n &D* termino/o9y LinboundL and LoutboundL refer to the direction of transmission of an &D*
document in re/ation to a particu/ar system. not the direction of merchandise. money or other
thin9s represented by the document2 For eDamp/e. an &D* document that te//s a warehouse to
perform an outbound shipment is an inbound document in re/ation to the warehouse computer
system2 *t is an outbound document in re/ation to the manufacturer or dea/er that transmitted the
document2
#2 &Dp/ain Advanta9es of usin9 &D*F
&D* and other simi/ar techno/o9ies save a company money by providin9 an a/ternative to or
rep/acin9 information f/ows that re@uire a 9reat dea/ of human interaction and materia/s such as
paper documents. meetin9s. faDes. emai/. etc2 &ven when paper documents are maintained in
para//e/ with &D* eDchan9e. e292 printed shippin9 manifests. e/ectronic eDchan9e and the use of
data from that eDchan9e reduces the hand/in9 costs of sortin9. distributin9. or9aniKin9. and
searchin9 paper documents2 &D* and simi/ar techno/o9ies a//ow a company to take advanta9e
of the benefits of storin9 and manipu/atin9 data e/ectronica//y without the cost of manua/ entry or
scannin92
!2T3*,A)&S4ARA).
AP5BA
$
8
!"#$
%
&'&!TR()*!
!(&R!&
Barriers to imp/ementation
There are a few barriers to adoptin9 e/ectronic data interchan9e2 (ne of the most si9nificant
barriers is the accompanyin9 business process chan9e2 &Distin9 business processes bui/t
around s/ow paper hand/in9 may not be suited for &D* and wou/d re@uire chan9es to
accommodate automated processin9 of business documents2 For eDamp/e. a business may
receive the bu/k of their 9oods by % or # day shippin9 and a// of their invoices by mai/2 The
eDistin9 process may therefore assume that 9oods are typica//y received before the invoice2
4ith &D*. the invoice wi// typica//y be sent when the 9oods ship and wi// therefore re@uire a
process that hand/es /ar9e numbers of invoices whose correspondin9 9oods have not yet been
received2
Another si9nificant barrier is the cost in time and money in the initia/ set;up2 The pre/iminary
eDpenses and time that arise from the imp/ementation. customiKation and trainin9 can be cost/y
and therefore may discoura9e some businesses2 The key is to determine what method of
inte9ration is ri9ht for your company which wi// determine the cost of imp/ementation2 For a
business that on/y receives one P2(2 per year from a c/ient. fu//y inte9rated &D* may not make
economic sense2 *n this case. businesses may imp/ement ineDpensive Lrip and readL so/utions
or use outsourced &D* so/utions provided by &D* LService BureausL2 For other businesses. the
imp/ementation of an inte9rated &D* so/ution may be necessary as increase in tradin9 vo/umes
brou9ht on by &D* force them to re;imp/ement their order processin9 business processes2
The key hindrance to a successfu/ imp/ementation of &D* is the perception many businesses
have of the nature of &D*2 any view &D* from the technica/ perspective that &D* is a data
formatP it wou/d be more accurate to take the business view that &D* is a system for eDchan9in9
business documents with eDterna/ entities. and inte9ratin9 the data from those documents into
the companyJs interna/ systems2 Successfu/ imp/ementations of &D* take into account the effect
eDterna//y 9enerated information wi// have on their interna/ systems and va/idate the business
information received2 For eDamp/e. a//owin9 a supp/ier to update a retai/erJs Accounts Payab/es
system without appropriate checks and ba/ances wou/d be a recipe for disaster2 Businesses
new to the imp/ementation of &D* shou/d take pains to avoid such pitfa//s2
*ncreased efficiency and cost savin9s drive the adoption of &D* for most tradin9 partners2 But
even if a company wou/d not choose to use &D* on their own. pressures from /ar9er tradin9
partners -ca//ed hubs0 often force sma//er tradin9 partners to use &D*2
)etscape !ommerce Server
D&S!R*PT*()
)etscape^ !ommerce Server^ Version %2%# for (pen;VS^ is software for conductin9
secure e/ectronic commerce and communications on the *nternet and other T!P5*P;based
networks2
)etscape !ommerce Server provides the capabi/ity to pub/ish hypermedia documents usin9 the
3yperTeDt arkup 'an9ua9e -3T'0 and de/iver them over the
*nternet and other T!P5*P networks usin9 the 3yper;TeDt Transport Protoco/ -3TTP02 To ensure
data
!2T3*,A)&S4ARA).
AP5BA
$A
!"#$%
&'&!TR()*!
!(&R!&
security. )etscape !ommerce Server provides advanced security features such as server
authentication. data encryption. data inte9rity. and user authoriKation2 !ommunications are
based on open standards such as 3T'. 3TTP. the !ommon 7ateway *nterface -!7*0. and the
Secure Sockets 'ayer -SS'0 protoco/22
F&AT+R&S A)D B&)&F*TS
*nte9rated Security
)etscape !ommerce Server provides inte9rated security features desi9ned to a//ow secure
e/ectronic commerce and communications2 F/eDib/e user authoriKation contro/s access to
individua/ fi/es or directories usin9 a user name and password. domain name. host name. *P
address. or named 9roups2
Advanced security features are provided usin9 the open SS' protoco/. which has been
pub/ished on the *nternet and adopted by ma<or providers of *nternet hardware and software
products. financia/ institutions. and certification authorities2
Secure Sockets 'ayer SS'
provides:
_Server authentication. which a//ows any SS' compatib/e c/ient to verify the identity of the server
usin9 a certificate and a di9ita/ si9nature2
_Data encryption. which ensures the privacy of c/ient5server communications by encryptin9 the
data stream between the two entities2
_Data inte9rity. which verifies that the contents of a messa9e arrive at their destination in the
same form as they were sent2
SS' emp/oys pub/ic key crypto9raphic techno/o9y from RSA Data Security. an estab/ished
/eader in !omputer data security. and works with various encryption a/9orithms2
)etscape !ommerce Server supports pub/ic key encryption and de/ivers server authentication
usin9 si9ned di9ita/ certificates2 A di9ita/ certificate is used to associate an identity with a
serverSs pub/ic key2 Di9ita/ si9natures ensure the inte9rity and authenticity of information within a
certificate2 )etscape !ommerce Server re@uires a si9ned di9ita/ certificate to operate secure/yP
!ertification is an additiona/ fee;based service2 Pricin9 is avai/ab/e from your certification
authority2
&ncryption Support )etscape !ommerce Server is avai/ab/e in both 81;bit and %#H;bit
encryption schemes2 The difference between %#H; and 81;bit encryption is. most notab/y. that
the +2S2 9overnment restricts the eDport of %#H;bit encryption but not the eDport of 81;bit
encryption2%#H;bit encryption provides si9nificant/y 9reater crypto9raphic protection than 81;bit
encryption2 *t is now necessary to emp/oy /ar9er keys to counter the increasin9 computin9
power of potentia/ crimina/s2
%#H bits and 81 bits refer to the siKe of the key used to encrypt the messa9e2 %#H;bit encryption
is rou9h/y
!2T3*,A)&S4ARA).
AP5BA
$
:
!"#$
%
&'&!TR()*!
!(&R!&
?1".8HA.11".H#%.?8A.1:H.$#8.$H%.1A: times stron9er than 81;bit encryption2 81;bit encryption
is not considered ``stron9SS security in the crypto9raphic community2 &ven accountin9 for
ooreSs 'aw. which states that computin9 power doub/es about every %H months. %#H;bit
encryption represents a very stron9 method of encryption for the forseeab/e future2
)ote: )etscape products use a different key for every different security;enhanced
communication. re9ard/ess of key siKe2 This means that even if crimina/s were to devote
si9nificant resources and time to breakin9 a key for one encrypted communication. the
discovered key wou/d be use/ess for other communications2 P/ease note that this product is
sub<ect to eDport restrictions under the +2S2 Department of !ommerceSs &Dport Administration
Re9u/ations -&AR0 and cannot be transmitted in any form outside the +nited States or to a
forei9n nationa/ in the +nited States without a va/id Department of !ommerce eDport /icense2
(pen Standards
)etscapeSs compatibi/ity with network standards and document formats makes it interoperab/e
with other environments and systems2 )etscape !ommerce Server supports 3TTP V%21.
ensurin9 compatibi/ity with any 3TTP;compatib/e c/ients or servers. and de/ivers 3T'
documents. inc/udin9 fu// use of u/tipurpose *nternet ai/ &Dtension -*&0 types and
standard ima9e formats such as 7*F and EP&72 The server inte9rates readi/y with /e9acy
systems usin9 the !ommon 7ateway *nterface -!7*0. a standard AP* used across the insta//ed
base of eDistin9 web servers2 3i9h;Performance Servin9 )etscapeSs process mana9er a//ows
the creation of a confi9urab/e number of processes that reside in memory. waitin9 to fu/fi// 3TTP
re@uests2 This improves system performance by e/iminatin9 the unnecessary overhead of
creatin9 and de/etin9 processes to fu/fi// every 3TTP re@uest2 The dynamic process
mana9ement a/9orithm increases the number of server processes within confi9urab/e /imits to
efficient/y hand/e periods of peak demand2 *t a/so dramatica//y reduces system /oad and
increases system re/iabi/ity2 This efficiency /eaves additiona/ !P+ resources avai/ab/e for
runnin9 other app/ications2 *ntuitive Server ana9ement )etscape !ommerce Server uses the
)etscape )avi9ator ^ 9raphica/ interface to provide a consistent. easy to; use operatin9
environment2 *ts simp/e user interface and forms capabi/ity provide point;and;c/ick server
insta//ation.
!onfi9uration. and maintenance2 Forms are used for the initia/ server confi9uration. as we// as to
mana9e a// server functions. inc/udin9 user authoriKation. transaction /o99in9. and process
confi9uration2
T&!3)*!A' SP&!*F*!AT*()S
)etscape !ommerce Server Version %2%# conforms to the fo//owin9 technica/ specifications:
_Provides sophisticated support for c/usterin9. inc/udin9 transparent operation on miDed;
architecture (penVS !/usters2 This a//ows you to have a primary 4eb server on one c/uster
system -either VA6 or A/pha0. with automatic. transparent fai/over to any other system in the
c/uster -either VA6 or A/pha02
_*s compatib/e with network standards2
V Supports industry;standard 3TTP V%21 protoco/2
_ Serves a// 3TTP;compatib/e c/ients:
V Serves 3T' documentsP supports *& typin9 throu9h fi/e
name eDtensions V *s !7* V%2%
comp/iant

!2T3*,A)&S4ARA). AP5BA
$
$
!"#$%
&'&!TR()*!
!(&R!&
_Provides inte9rated security usin9 SS'. which incorporates pub/ic key crypto9raphy techno/o9y
from RSA Data Security2
_(ffers enhanced user authoriKation. inc/udin9 3TTP V%21 access authoriKation. *P and D)S;
based access contro/. /oca/ access contro/. user;contro//ed passwords. and named 9roups2
_Provides an intuitive 9raphica/ user interface usin9 )etscape )avi9ator for insta//ation.
confi9uration. and mana9ement2
_&Dtensive on/ine documentation provides conteDt sensitive he/p2
_'o9 ana/ysis too/s a//ow summaries of /o9 information so that it can be used to better mana9e
server functions2
_Provides f/eDibi/ity in confi9uration and mana9ement. inc/udin9:
V!onfi9uration by fi/e. directory. she// wi/dcard pattern. or temp/ate2 Temp/ates a//ow a set of
confi9uration parameters to be created and app/ied to mu/tip/e directories -such as a// user
directories0
V!onfi9urab/e /o99in9 optionsP c/ient accesses /o99ed in common /o9fi/e format
V!ustom error messa9es
S(FT4AR& PR&R&Q+*S*T&S
)etscape !ommerce Server Version %2%# for (penVS re@uires:
_(penVS Version :2% or /ater
_D&!windows^ otif a Version %2#;? for (penVS or /ater -on/y needed for runnin9 a browser
on (pen; VS to mana9e the server0
_D*7*TA' T!P5*P Services for (penVS Version ?2? or /ater or any T!P5*P product for
(penVS that supports the Berke/ey socket interface
3ARD4AR& R&Q+*R&&)TS
)etscape !ommerce Server has no specific hardware re@uirements2 Any va/id. supported
confi9uration can support the server2 The /eve/ of performance wi// vary dependin9 upon the
processor. memory. and system /oad2
(RD&R*)7 *)F(RAT*()
_edia: (penVS *nternet Product Suite edia =it -!D>R(P A/pha and VA60: QA; A!)AA;
3H -*nternationa/0 QA;A$$AA;3H -+2S2 and !anada on/y0
_'icense: )etscape !ommerce Server V%2%# for (penVS VA6 or A/pha: Q';A$"A";AA
-*nternationa/0
Q';A!QA";AA -+2S2 and !anada on/y0
S(FT4AR& 4ARRA)T,
D*7*TA' warrants its software products accordin9 to the terms of the D*7*TA' /icense for each
product2 D*7*TA' warrants that the software wi// substantia//y conform to the app/icab/e
Software Product Description or documentation accompanyin9 the software un/ess provided
LAS *S2L
!2T3*,A)&S4ARA).
AP5BA
$
H
!"#$
%
&'&!TR()*!
!(&R!&
S(FT4AR& PR(D+!T S&RV*!&S
A variety of service options for this product are avai/ab/e from D*7*TA'2 For more information.
contact your /oca/ D*7*TA' account representative2
F(R (R& *)F(RAT*()
For more information about (penVS *nternet Product Suite. visit the (penVS home pa9e at:
http:55www2openvms2di9ita/2com ^ D&!. D&!net. D&!windows. D*7*TA'. (penVS.VA6.
VA6c/uster. and the D*7*TA' /o9o are trademarks of Di9ita/ &@uipment !orporation2
^ )etscape. )etscape !ommerce Server. and )etscape )avi9ator are trademarks of
)etscape !ommunications !orporation2
?2 &Dp/ain &/ectronic Data *nterchan9eF
&/ectronic Data *nterchan9e -&D*0 is a set of standards for structurin9 information that is to be
e/ectronica//y eDchan9ed between and within businesses. or9aniKations. 9overnment entities
and other 9roups2 The standards describe structures that emu/ate documents. for eDamp/e
purchase orders to automate purchasin92 The term &D* is a/so used to refer to the
imp/ementation and operation of systems and processes for creatin9. transmittin9. and receivin9
&D* documents2
Despite bein9 re/ative/y unhera/ded. in this era of techno/o9ies such as 6' services. the
*nternet and the 4or/d 4ide 4eb. &D* is sti// the data format used by the vast ma<ority of
e/ectronic commerce transactions in the wor/d2
824rite short note on
a2Standards
b2Specifications
c2Transmission a2
Standards
7enera//y speakin9. &D* is considered to be a technica/ representation of a business
conversation between two entities. either interna/ or eDterna/2 )ote. there is a perception that
L&D*L consists of the entire e/ectronic data interchan9e paradi9m. inc/udin9 the transmission.
messa9e f/ow. document format. and software used to interpret the documents2 &D* is
considered to describe the ri9orous/y standardiKed format of e/ectronic documents2
The &D* -&/ectronic Data *nterchan9e0 standards were desi9ned to be independent of
communication and software techno/o9ies2 &D* can be transmitted usin9 any methodo/o9y
a9reed to by the sender and recipient2 This inc/udes a variety of techno/o9ies. inc/udin9 modem
-asynchronous. and bisynchronous0. FTP. &mai/. 3TTP. AS%. AS#. 4ebSphere Q. etc2 *t is
important to differentiate between the &D* documents and the methods for transmittin9 them2
4hi/e comparin9 the bisynchronous protoco/ #811 bit5s modems. !'&( devices. and va/ue;
added networks used to transmit &D* documents
!2T3*,A)&S4ARA).
AP5BA
$"
!"#$%
&'&!TR()*!
!(&R!&
to transmittin9 via the *nternet. some peop/e e@uated the non;*nternet techno/o9ies with &D* and
predicted erroneous/y that &D* itse/f wou/d be rep/aced a/on9 with the non; *nternet
techno/o9ies2 These non; internet transmission methods are bein9 rep/aced by *nternet
Protoco/s such as FTP. te/net. and e;mai/. but the &D* documents themse/ves sti// remain2
As more tradin9 partners use the *nternet for transmission. standards have emer9ed2 *n #11#.
the *&TF pub/ished RF! ???A. offerin9 a standardiKed. secure method of transferrin9 &D* data
via e;mai/2 (n Eu/y %#th. #11A. an *&TF workin9 9roup ratified RF!8%?1 for *&;based 3TTP
&D**)T -aka2 AS#0 transfers. and is preparin9 simi/ar documents for FTP transfers -aka2 AS?02
4hi/e some &D* transmission has moved to these newer protoco/s the providers of the va/ue;
added networks remain active2
&D* documents 9enera//y contain the same information that wou/d norma//y be found in a paper
document used for the same or9aniKationa/ function2 For eDamp/e an &D* "81 ship;from
;warehouse order is used by a manufacturer to te// a warehouse to ship product to a retai/er2 *t
typica//y has a ship to address. bi// to address. a /ist of product numbers -usua//y a +P! code0
and @uantities2 *t may have other information if the parties a9ree to inc/ude it2 3owever. &D* is
not confined to <ust business data re/ated to trade but encompasses a// fie/ds such as medicine
-e292. patient records and /aboratory resu/ts0. transport -e292. container and moda/ information0.
en9ineerin9 and construction. etc2 *n some cases. &D* wi// be used to create a new business
information f/ow -that was not a paper f/ow before02 This is the case in the Advanced
Shipment )otification -HA:0 which was desi9ned to inform the receiver of a shipment. the 9oods
to be
received and how the 9oods are packa9ed2
There are four ma<or sets of &D* standards:
The +);recommended +)5&D*FA!T is the on/y internationa/ standard and is predominant
outside of
)orth America2
The +S standard A)S* AS! 6%# -6%#0 is predominant in )orth America2
The TRADA!(S standard deve/oped by the A)A -Artic/e )umberin9 Association0 is
predominant in
the += retai/ industry2
The (D&TT& standard used within the &uropean automotive industry
A// of these standards first appeared in the ear/y to mid %"H1s2 The standards prescribe the
formats. character sets. and data e/ements used in the eDchan9e of business documents and
forms2 The comp/ete 6%# Document 'ist inc/udes a// ma<or business documents. inc/udin9
purchase orders -ca//ed L(RD&RSL in +)5&D*FA!T and an LHA1L in 6%#0 and invoices -ca//ed
L*)V(*!L in +)5&D*FA!T and an LH%1L in 6%#02
The &D* standard says which pieces of information are mandatory for a particu/ar document.
which pieces are optiona/ and 9ive the ru/es for the structure of the document2 The standards
are /ike bui/din9 codes2 Eust as two kitchens can be bui/t Lto codeL but /ook comp/ete/y different.
two &D* documents can fo//ow the same standard and contain different sets of information2 For
eDamp/e a food company may indicate a productJs eDpiration date whi/e a c/othin9 manufacturer
wou/d choose to send
!2T3*,A)&S4ARA). H
AP5BA 1
!"#$
%
&'&!TR()*!
!(&R!&
co/or and siKe information2
b2 Specifications
(r9aniKations that send or receive documents from each other are referred to as Ltradin9
partnersL in &D* termino/o9y2 The tradin9 partners a9ree on the specific information to be
transmitted and how it shou/d be used2 This is done in human readab/e specifications -a/so
ca//ed essa9e *mp/ementation 7uide/ines02 4hi/e the standards are ana/o9ous to bui/din9
codes. the specifications are ana/o9ous to b/ue prints2 -The specification may a/so be ca//ed a
mappin9 but the term mappin9 is typica//y reserved for specific machine readab/e instructions
9iven to the trans/ation software20 'ar9er tradin9 LhubsL have eDistin9 essa9e *mp/ementation
7uide/ines which mirror their business processes for processin9 &D* and they are usua//y
unwi//in9 to modify their &D* business practices to meet the needs of their tradin9 partners2
(ften in a /ar9e company these &D* 9uide/ines wi// be written to be 9eneric enou9h to be used
by different branches or divisions and therefore wi// contain information not needed for a
particu/ar business document eDchan9e2 For other /ar9e companies. they may create separate
&D* 9uide/ines for each branch5division2
c2 Transmission
Tradin9 partners are free to use any method for the transmission of documents2 *n the past one
of the more popu/ar methods was the usa9e of a bisync modem to communicate throu9h a
Va/ue Added )etwork -VA)02 Some or9aniKations have used direct modem to modem
connections and Bu//etin Board Systems -BBS0. and recent/y there has been a move towards
usin9 the some of the many *nternet protoco/s for transmission. but most &D* is sti// transmitted
usin9 a VA)2 *n the hea/thcare industry. a VA) is referred to as a L!/earin9houseL2
A2 4rite short note on
a2 Va/ue Added )etworks b2 *nternet
c2 *nterpretin9 data
a2 Va/ue Added )etworks
*n the most basic form. a VA) acts as a re9iona/ post office2 They receive transactions. eDamine
the JFromJ and the JToJ information. and route the transaction to the fina/ recipient2 VA)s provide
a number of additiona/ services. e292 retransmittin9 documents. providin9 third party audit
information. actin9 as a 9ateway for different transmission methods. and hand/in9
te/ecommunications support2 Because of these and other services VA)s provide. businesses
fre@uent/y use a VA) even when both tradin9 partners are usin9 *nternet; based protoco/s2
3ea/thcare c/earin9houses perform many of the same functions as a VA). but have additiona/
/e9a/ restrictions that 9overn protected hea/thcare information2
VA)s a/so provide an advanta9e with certificate rep/acement in AS# transmissions2 Because
each node in a traditiona//y business;re/ated AS# transmission usua//y invo/ves a security
certificate. routin9 a /ar9e number of partners throu9h a VA) can make certificate rep/acement
much easier2
!2T3*,A)&S4ARA).
AP5BA
H%
!"#$%
&'&!TR()*!
!(&R!&
b2 *nternet
+nti/ recent/y. the *nternet transmission was hand/ed by nonstandard methods between tradin9
partners usua//y invo/vin9 FTP or emai/ attachments2 There are a/so standards for embeddin9
&D* documents into 6'2 any or9aniKations are mi9ratin9 to this protoco/ to reduce costs2 For
eDamp/e. 4a/;art is now re@uirin9 its tradin9 partners to switch to the AS# protoco/2
c2 *nterpretin9 data
(ften missin9 from the &D* specifications -referred to as &D* *mp/ementation 7uide/ines0 are
rea/ wor/d descriptions of how the information shou/d be interpreted by the business receivin9 it2
For eDamp/e. suppose candy is packa9ed in a /ar9e boD that contains A disp/ay boDes and each
disp/ay boD contains #8 boDes of candy packa9ed for the consumer2 *f an &D* document says to
ship %1 boDes of candy it may not be c/ear whether to ship %1 consumer packa9ed boDes. #81
consumer packa9ed boDes or %#11 consumer packa9ed boDes2 *t is not enou9h for two parties
to a9ree to use a particu/ar @ua/ifier indicatin9 case. pack. boD or eachP they must a/so a9ree on
what that particu/ar @ua/ifier means2
&D* trans/ation software provides the interface between interna/ systems and the &D* format
sent5received2 For an LinboundL document the &D* so/ution wi// receive the fi/e -either via a
Va/ue Added )etwork or direct/y usin9 protoco/s such as FTP or AS#0. take the received &D* fi/e
-common/y referred to as a Lmai/ba9L0. va/idate that the tradin9 partner who is sendin9 the fi/e is
a va/id tradin9 partner. that the structure of the fi/e meets the &D* standards and that the
individua/ fie/ds of information conforms to the a9reed upon standards2 Typica//y the trans/ator
wi// either create a fi/e of either fiDed /en9th. variab/e /en9th or 6' ta99ed format or LprintL the
received &D* document -for non; inte9rated &D* environments02 The neDt step is to
convert5transform the fi/e that the trans/ator creates into a format that can be imported into a
companyJs back;end business systems or &RP2 This can be accomp/ished by usin9 a custom
pro9ram. an inte9rated proprietary LmapperL or to use an inte9rated standards based 9raphica/
LmapperL usin9 a standard data transformation /an9ua9e such as 6S'T2 The fina/ step is to
import the transformed fi/e -or database0 into the companyJs back;end enterprise resource
p/annin9 -&RP02
For an LoutboundL document the process for inte9rated &D* is to eDport a fi/e -or read a
database0 from a companyJs back;end &RP. transform the fi/e to the appropriate format for the
trans/ator2 The trans/ation software wi// then Lva/idateL the &D* fi/e sent to ensure that it meets
the standard a9reed upon by the tradin9 partners. convert the fi/e into L&D*L format -addin9 in
the appropriate identifiers and contro/ structures0 and send the fi/e to the tradin9 partner -usin9
the appropriate communications protoco/02
Another critica/ component of any &D* trans/ation software is a comp/ete LauditL of a// the steps
to move business documents between tradin9 partners2 The audit ensures that any transaction
-which in rea/ity is a business document0 can be tracked to ensure that they are not /ost2 *n case
of a retai/er sendin9 a Purchase (rder to a supp/ier. if the Purchase (rder is L/ostL anywhere in
the business process. the effect is devastatin9 to both businesses2 To the supp/ier. they do not
fu/fi// the order as they have not received it thereby /osin9 business and dama9in9 the business
re/ationship with their retai/ c/ient2 For the retai/er. they have a stock outa9e and the effect is /ost
sa/es. reduced customer service and u/timate/y /ower profits2
!2T3*,A)&S4ARA).
AP5BA
H
#
!"#$
%
&'&!TR()*!
!(&R!&
*n &D* termino/o9y LinboundL and LoutboundL refer to the direction of transmission of an &D*
document in re/ation to a particu/ar system. not the direction of merchandise. money or other
thin9s represented by the document2 For eDamp/e. an &D* document that te//s a warehouse to
perform an outbound shipment is an inbound document in re/ation to the warehouse computer
system2 *t is an outbound document in re/ation to the manufacturer or dea/er that transmitted the
document2
:2 &Dp/ain Advanta9es of usin9 &D* and Barriers to imp/ementationF Advanta9es over
paper systems
&D* and other simi/ar techno/o9ies save a company money by providin9 an a/ternative to or
rep/acin9 information f/ows that re@uire a 9reat dea/ of human interaction and materia/s such as
paper documents. meetin9s. faDes. emai/. etc2 &ven when paper documents are maintained in
para//e/ with &D* eDchan9e. e292 printed shippin9 manifests. e/ectronic eDchan9e and the use of
data from that eDchan9e reduces the hand/in9 costs of sortin9. distributin9. or9aniKin9. and
searchin9 paper documents2 &D* and simi/ar techno/o9ies a//ow a company to take advanta9e
of the benefits of storin9 and manipu/atin9 data e/ectronica//y without the cost of manua/ entry or
scannin92
Barriers to imp/ementation
There are a few barriers to adoptin9 e/ectronic data interchan9e2 (ne of the most si9nificant
barriers is the accompanyin9 business process chan9e2 &Distin9 business processes bui/t
around s/ow paper hand/in9 may not be suited for &D* and wou/d re@uire chan9es to
accommodate automated processin9 of business documents2 For eDamp/e. a business may
receive the bu/k of their 9oods by % or # day shippin9 and a// of their invoices by mai/2 The
eDistin9 process may therefore assume that 9oods are typica//y received before the invoice2
4ith &D*. the invoice wi// typica//y be sent when the 9oods ship and wi// therefore re@uire a
process that hand/es /ar9e numbers of invoices whose correspondin9 9oods have not yet been
received2
Another si9nificant barrier is the cost in time and money in the initia/ set;up2 The pre/iminary
eDpenses and time that arise from the imp/ementation. customiKation and trainin9 can be cost/y
and therefore may discoura9e some businesses2 The key is to determine what method of
inte9ration is ri9ht for your company which wi// determine the cost of imp/ementation2 For a
business that on/y receives one P2(2 per year from a c/ient. fu//y inte9rated &D* may not make
economic sense2 *n this case. businesses may imp/ement ineDpensive Lrip and readL so/utions
or use outsourced &D* so/utions provided by &D* LService BureausL2 For other businesses. the
imp/ementation of an inte9rated &D* so/ution may be necessary as increase in tradin9 vo/umes
brou9ht on by &D* force them to re;imp/ement their order processin9 business processes2
The key hindrance to a successfu/ imp/ementation of &D* is the perception many businesses
have of the nature of &D*2 any view &D* from the technica/ perspective that &D* is a data
formatP it wou/d be more accurate to take the business view that &D* is a system for eDchan9in9
business documents with eDterna/ entities. and inte9ratin9 the data from those documents into
the companyJs interna/ systems2
!2T3*,A)&S4ARA).
AP5BA
H?
!"#$%
&'&!TR()*!
!(&R!&
Successfu/ imp/ementations of &D* take into account the effect eDterna//y 9enerated information
wi// have on their interna/ systems and va/idate the business information received2 For eDamp/e.
a//owin9 a supp/ier to update a retai/erJs Accounts Payab/es system without appropriate checks
and ba/ances wou/d be a recipe for disaster2
Businesses new to the imp/ementation of &D* shou/d take pains to avoid such pitfa//s2
*ncreased efficiency and cost savin9s drive the adoption of &D* for most tradin9 partners2 But
even if a company wou/d not choose to use &D* on their own. pressures from /ar9er tradin9
partners -ca//ed hubs0 often force sma//er tradin9 partners to use &D*2
)etscape !ommerce Server
D&S!R*PT*()
)etscape^ !ommerce Server^ Version %2%# for (pen;VS^ is software for conductin9
secure e/ectronic commerce and communications on the *nternet and other T!P5*P;based
networks2
)etscape !ommerce Server provides the capabi/ity to pub/ish hypermedia documents usin9 the
3yperTeDt arkup 'an9ua9e -3T'0 and de/iver them over the *nternet and other T!P5*P
networks usin9 the 3yper;TeDt Transport Protoco/ -3TTP02 To ensure data security. )etscape
!ommerce Server provides advanced security features such as server authentication. data
encryption. data inte9rity. and user authoriKation2 !ommunications are based on open
standards such as 3T'. 3TTP. the !ommon 7ateway *nterface -!7*0. and the Secure
Sockets 'ayer -SS'0 protoco/22
F&AT+R&S A)D B&)&F*TS
*nte9rated Security
)etscape !ommerce Server provides inte9rated security features desi9ned to a//ow secure
e/ectronic commerce and communications2 F/eDib/e user authoriKation contro/s access to
individua/ fi/es or directories usin9 a user name and password. domain name. host name. *P
address. or named 9roups2
Advanced security features are provided usin9 the open SS' protoco/. which has been
pub/ished on the *nternet and adopted by ma<or providers of *nternet hardware and software
products. financia/ institutions. and certification authorities2
Secure Sockets 'ayer SS'
provides:
_Server authentication. which a//ows any SS' compatib/e c/ient to verify the identity of the server
usin9 a certificate and a di9ita/ si9nature2
_Data encryption. which ensures the privacy of c/ient5server communications by encryptin9 the
data stream between the two entities2
_Data inte9rity. which verifies that the contents of a messa9e arrive at their destination in the
same form
!2T3*,A)&S4ARA).
AP5BA
H
8
!"#$
%
&'&!TR()*!
!(&R!&
as they were sent2
SS' emp/oys pub/ic key crypto9raphic techno/o9y from RSA Data Security. an estab/ished
/eader in !omputer data security. and works with various encryption a/9orithms2
)etscape !ommerce Server supports pub/ic key encryption and de/ivers server authentication
usin9 si9ned di9ita/ certificates2 A di9ita/ certificate is used to associate an identity with a
serverSs pub/ic key2 Di9ita/ si9natures ensure the inte9rity and authenticity of information within a
certificate2 )etscape !ommerce Server re@uires a si9ned di9ita/ certificate to operate secure/yP
!ertification is an additiona/ fee;based service2 Pricin9 is avai/ab/e from your certification
authority2
&ncryption Support )etscape !ommerce Server is avai/ab/e in both 81;bit and %#H;bit
encryption schemes2 The difference between %#H; and 81;bit encryption is. most notab/y. that
the +2S2 9overnment restricts the eDport of %#H;bit encryption but not the eDport of 81;bit
encryption2%#H;bit encryption provides si9nificant/y 9reater crypto9raphic protection than 81;bit
encryption2 *t is now necessary to emp/oy /ar9er keys to counter the increasin9 computin9
power of potentia/ crimina/s2
%#H bits and 81 bits refer to the siKe of the key used to encrypt the messa9e2 %#H;bit encryption
is rou9h/y
?1".8HA.11".H#%.?8A.1:H.$#8.$H%.1A: times stron9er than 81;bit encryption2 81;bit encryption
is not considered ``stron9SS security in the crypto9raphic community2 &ven accountin9 for
ooreSs 'aw. which states that computin9 power doub/es about every
%H months. %#H;bit encryption represents a very stron9 method of encryption for the forseeab/e
future2
!2T3*,A)&S4ARA).
AP5BA
H
A
!onvert PDF to 3T'
Ads not by this site