Sie sind auf Seite 1von 74

Fourth Semester

Paper 4.6 Computer Applications:

(B.Sc-Computer Science and BCA )

4.6 Computer Applications: SYLLABUS


Unit-3
Electronic Commerce : Network infrastructure: LAN, Ethernet
Unit-1: LAN, WANs, Internet, TCP/IP reference ,model, Domain Name
systems, Internet industry structure, Electronic Commerce:
Introduction to Electronic Commerce: The meaning, benefits,
securing the business on Internet: Vulnerability of information
impact, Classification, application of Electronic Commerce
on Internet, security, policy, procedures and practices, site
technologies. Electronic Commerce Business models: meaning of
security, protecting the network 12Hrs
business model 14Hrs

Unit-2: Unit-4
Electronic Commerce: securing the business on Internet,
Electronic Data Interchange: Conventional trading process,
Transaction security, cryptography, digital signature, email
meaning of EDI, building blocks of EDI system, layered
security. Electronic Payment System: Introduction to payment
architecture, value added networks, benefits and application of
system, Online payment system, prepaid electronic, payment
EDI. Electronic Commerce: Architectural framework,
systems, requirement metrics of a payment system, Mobile
Electronic Commerce: Information distribution and messaging:
Commerce: Introduction, Framework and models: meaning,
FTP application, Email, WWW server, HTTP,
benefits, impediments, framework 10 Hrs)
Web Servers implementation. 14Hrs
virtual shop windows at unspecified parts of the world and
UNIT-I
also are advertising on virtual networks and payment is

INTRODUCTION TO ELECTRONIC provided through electronic services, all of these options


have been caused that electronic commerce is considered
COMMERCE:
the miracle of our century. Electronic commerce,
Electronic commerce is a powerful concept and process
commonly known as E-commerce is trading in products or
that has fundamentally changed the current of human life.
services using computer networks, such as the Internet.
Electronic commerce is one of the main criteria of
Electronic commerce draws on technologies such as
revolution of Information Technology and communication
mobile commerce, electronic funds transfer, supply chain
in the field of economy. This style of trading due to the
management, Internet marketing, online transaction
enormous benefits for human has spread rapidly. Certainly
processing, electronic data interchange (EDI), inventory
can be claimed that electronic commerce is canceled many
management systems, and automated data collection
of the limitations of traditional business. For example,
systems. Modern electronic commerce typically uses the
form and appearance of traditional business has
World Wide Web for at least one part of the transaction's
fundamentally changed. These changes are basis for any
life cycle, although it may also use other technologies such
decision in the economy. Existence of virtual markets,
as e-mail.
passages and stores that have not occupy any physical
space, allowing access and circulation in these markets for
a moment and anywhere in the world without leaving
home is possible. Select and order goods that are placed in
Application Of E-commerce:

 Buying/selling a variety of goods and services from


one's home or business

 Anywhere, anytime transaction

 Can look for lowest cost for specific goods or


service
Definition:  Businesses can reach out to worldwide clients - can
E-commerce: Sharing business information, maintaining establish business partnerships
business relationships and conducting business
transactions using computers connected to tel.  Order processing cost reduced
ecommunication network is called E-Commerce.  Electronic funds transfer faster
OR  Supply chain management is simpler, faster, and
E-commerce -- electronic commerce or (EC)is the buying cheaper using ecommerce
and selling of goods and services, or the transmitting of  Can order from several vendors and monitor
funds or data, over an electronic network, primarily the supplies.
internet. These business transactions occur either as
business-to-business, business-to-consumer, consumer-to-  Production schedule and inventory of an
consumer or consumer-to-business. organization can be inspected by cooperating
supplier who can in turn schedule their work

 Retail & wholesale


are are possible. integrated into a single
marketing message and consuming
E-COMMERCE BENEFITS:
experience.
Low Financial Cost: One of the ecommerce
benefits is that it has a lower startup cost. Also,
 Interactivity The technology works
they have several upfront costs such as store signs,
Consumers are engaged in a dialog that
store design, buying inventory, sales equipment,
through interaction with the user. dynamically
and more. Physical retail stores also have to pay
adjusts the experience to the individual, and
staff to work and run each location.
makes the consumer a coparticipant in the
process of delivering goods to the market.
Features of E-Commerce:
 Information density The technology
 Global reach Information processing, storage, and reduces
information costs and raises quality.
The technology reaches Commerce is enabled across communication costs drop dramatically, while
cultural and across national boundaries, around the earth. currency, accuracy, and timeliness improve
national boundaries seamlessly and without modification. greatly. Information becomes plentiful, cheap,
―Marketplace‖ includes potentially billions of consumers and accurate.
and millions of businesses worldwide. DEPT OF CSE &
IT VSSUT, Burla  Personalization/Customization The
Personalization of marketing messages and
 Universal standards There is one set of There is
one set of technical media standards technology technology allows personalized messages to
standards, namely Internet across the globe. customization of products and services are be
delivered to individuals as well as groups.
 Richness Video, audio, and text messages
Video, audio, and text marketing messages based on individual characteristics.
ELECTRONICS COMMERCE BUSINESS
MODELS CAN GENERALLY CLASSIFIED
IN FOLLOWING CATEGORIES.

Meaning: A plan for the successful operation of a


business, identifying sources of revenue, the
intended customer base, products, and details of
financing.

1. Business - to - Business (B2B)


2. Business - to - Consumer (B2C)
3. Consumer - to - Consumer (C2C)
4. Consumer - to - Business (C2B)
5. Business - to - Government (B2G)
6. Government - to - Business (G2B)
7. Government - to - Citizen (G2C)
1) Business - to - Business (B2B)
Website following B2B business model sells its
product to an intermediate buyer who then sells the
product to the final customer. As an example, a
wholesaler places an order from a company's
website and after receiving the consignment, sells
the end product to final customer who comes to
buy the product at wholesaler's retail outlet.

2) Business - to - Consumer(B2C)
Website following B2C business model sells its
product directly to a customer. A customer can
view products shown on the website of business
organization. The customer can choose a product
and order the same. Website will send a
notification to the business organization via email its services. Another consumer may opt to buy the
and organization will dispatch the product/goods product of the first customer by viewing the
to the customer. post/advertisement on the website.

3) Consumer - to - Consumer (C2C) 4) Consumer - to - Business (C2B)


Website following C2C business model helps In this model, a consumer approaches website
consumer to sell their assets like residential showing multiple business organizations for a
property, cars, motorcycles etc. or rent a room by particular service. Consumer places an estimate of
publishing their information on the website. amount he/she wants to spend for a particular
Website may or may not charge the consumer for service. For example, comparison of interest rates
of personal loan/ car loan provided by various exchange information with various business
banks via website. Business organization who organizations. Such websites are accredited by the
fulfills the consumer's requirement within government and provide a medium to businesses
specified budget approaches the customer and to submit application forms to the government.
provides its services.

6)Government - to - Business (G2B)


Government uses B2G model website to approach
business organizations. Such websites support
auctions, tenders and application submission
5) Business - to - Government (B2G) functionalities.
B2G model is a variant of B2B model. Such
websites are used by government to trade and
7) Government - to - Citizen (G2C)
Government uses G2C model website to approach
citizen in general. Such websites support auctions
of vehicles, machinery or any other material. Such
website also provides services like registration for
birth, marriage or death certificates. Main
objectives of G2C website are to reduce average
time for fulfilling people requests for various
government services.
2. Once the correct requisition information has been
updated in the computerized purchase system, the purchase

UNIT-2
Paper 4.6: Computer applications
ELECTRONIC DATA INTERCHANGE (EDI):

Conventional Trading Process:


The typical process between two organizations remained
more or less similar to what has been in use for over a
century now. The relationship between a manufacturing
organization with the sub assembly, component, or other
raw material provider organizations in a conventional management system scans the suppliers ‘ databases for
consists of the following steps potential suppliers and prints the purchase requisitions,
1. Either the inventory management system – based on a requesting the price and delivery quotation in the name of
re-order policy following the examination of the stock screened suppliers.
levels – raises the purchase requisition for the item or a 3. The purchase requests are transmitted to the suppliers,
department raises the requirement for some items. The either through phone / fax or through mail / courier
information on the requisition forms is entered into the service.
purchase processing system. Many a time there are 4. The information printed on the purchase requests may
transcription errors in the process. Thus, it is necessary to be keyed in by the suppliers in their computerized systems
edit and correct to the data. for processing, and a quotation against the purchase
request may be prepared and printed.
5. The quotation from the supplier is transmitted using may be require repetition of some of the earlier steps, or
traditional paper transmission mechanisms such as fax re-negotiation / clarifications, causing further delays.
/courier / mail service. 11. The internal sales order is used for generating several
6. All quotations received from suppliers against a documents and forms for locating and identifying the
purchase request, are entered into the manufacturer's appropriate stocks. In case where such stocks are not
automated system and edited and corrected to remove any readily available, it may lead to the raising of a work
transcription errors. Based on the quotations received, the order or schedule to the production shop. The appropriate
system may process the quotations using structured or semi stock thus picked and packed for sending it to the buyer
- structured mechanisms and select the most suitable along with the packing list and advance shipping note and
candidate ordering. advice. The process, at times, may lead to a partial
7. The order is then printed on a standardized order form fulfillment of the order. In that case, the customer needs to
along with the terms and conditions for delivery and be informed of the short – delivery and order – status in
payment. writing
8. The printed order is mailed, couriered, or faxed to the 12. With the goods, the internal sales – order processing
supplier. system also prepares a delivery note. The goods packed in
9. The supplier, on receiving the order, enters it into the the previous step are sent using an appropriate dispatch
computer system and matches the order with the quotation mechanism.
that has been submitted. 13. The delivery / dispatch note is sent to the buyer using
10. If everything is found in order, it raises an internal postal mail / courier / fax service
sales order. Since the raising of an internal sales-order
14. The buyer or receiving yard, on receiving the goods
requires data entry / editing of the information from the
and advices, compares and inspects the goods, and
received purchase order, matching and processing of the
prepares a goods receipt note containing the purchase order
order, and then printing of the internal sales order, it often
number against which the goods are received, and marks
becomes a source of delay. In extreme cases, if the prices /
the acceptance and rejection of the items shipped. The
terms on quotation and the purchase order do not match, it
information on the goods receipt note is transcribed at the
computer department, edited, and matched against the
outstanding purchase – order. The information on the
pending quantity against a purchase - order and the stick
levels in the inventory management system are updated. In
case of partial delivery, steps 9 – 14 are repeated several
times until the quantities on the order are fulfilled.

15. The suppliers computer, on completion of the order


fulfillment, also generates an invoice by printing it, when,
in turn, is dispatched to the buyer / manufacture.

16. The supplier’s computer also generates a financial


statement at the end of the trading month for the
payments. At times it also keeps sending reminders for the
payment till the complete payment have been received
from the buyer.

17. The buyer’s computer enters the information on the


payment statement, matches it against the purchase order,
and also matches it against the information provided by
goods receipt note, or in other words, ensures that the order
has been fulfilled and has been inspected and accepted. If
everything is found to be in order, the buyer.
If we look at the above process, we will notice that
computerization has helped only in managing and
processing of records of the traditional supply chain to suppliers. The calls for quotations are transferred
management. The whole process remains more or less the electronically to the suppliers’ computers to the push of a
same, and is burdened with exhaustive paper work, button. The supplier’s computerized system receives the
repetitive entry of data, making it prone to errors and, is requests and prepares a quotation record which, in turn, is
still dependent on the postal communication of the submitted to the buyer’s computer electronically. The
document. The advances in communication technologies buyers’ purchase system collects, compiles and processes
have made it possible to interconnect the computers of all quotations and finally creates purchase orders in their
suppliers and buyers. As a result, they can talk to each own company’s’ purchasing software program. The
other directly, or exchange the requisite information electronically generated purchase – order, on pushing a
without printing on paper, dispatching it through mail / button, is automatically transferred to a supplier’s order
fax, and then re – entering it all at the other end. If this entry system. In other words, the transmission of the data
model of transmitting information electronically between between two trading partners happens in electronic form.
the supplier’s and buyer’s computer is put in practice, it
will lead to increased speeds, avoidance of errors due to re
– entry, accuracy and cost reductions due to reduced cycle E.D.I
time. These improvements dramatically influence the
“Electronic Data Interchange (EDI) is the exchange of
overall efficiency of business and commerce. Electronic
business documents between any two trading partners in a
Data Interchange is a paperless mechanism that addresses
structured, machine – readable form. It can be used to
the problems of the traditional systems by electronic
electronically transmit documents such as purchase orders,
interchange of documents
invoices, shipping bills, receiving advices, and other
standard business correspondence between trading
In the EDI environment, buyers create purchase
partners.” EDI can also be used in exchanging financial
requisitions in their computers and based on these purchase
information and payments in electronic form. The
requisitions, and the suppliers’ database at the buyer’s
Electronic Fund Transfer (EFT) systems used by financial
computers, the purchase system creates calls for quotations
institutions are a prime example of the application of EDI
in the banking and financial sector. EDI should not be
viewed as simply a way of replacing paper documents and
traditional methods of transaction such as mail, phone, or
in-person delivery with electronic transmission. Rather, it
should be seen not as an ‘end’, but as a means to “Electronic Data Interchange (EDI) is the computer – to –
streamline procedures and improve efficiency and Computer exchange of business data in standard formats.
productivity. EDI covers wide and varied application areas In EDI, information is organized according to a specified
and, depending upon the perspective, has been defined in format set by both parties, allowing a “hands – off”
several ways. According to the Data Interchange Standards computer transaction that requires no human intervention
Association. or rekeying on either end. All information contained in an
EDI transaction set is, for the most part, the same as on a
conventionally printed document.”
The Webopedia says that, “Electronic data interchange, is
the transfer of data between different companies using
networks, such as the Internet. As more and more
companies get connected to the Internet, EDI is becoming
increasingly important as an easy mechanism to buy, sell,
and trade information. ANSI has approved a set of EDI
standards known as the X12 standards.”
According to the EDI University, a training provider in
The EDI process looks like this — no paper, no people
EDI, “EDI stands for Electronic Data Interchange, a
involved
method of transporting all types of information, such as
purchase orders, invoices, payments and even graphics, to
another party electronically. EDI technology was
introduced by Value Added Networks (VANs), in the electronic exchange of information / documents is
1970’s, as an alternative to modern banks, and essentially heterogeneous in nature. Similarly, electronic messages /
replaces paper-based communications with electronic documents that can be interpreted and understood by
equivalents. Since EDI is based on a standard developed various purchase and order processing the systems
by the American National Standards Institute (ANSI), deployed at different vendors are also heterogeneous in
everyone can use it, enabling all businesses to share a nature. Thus, evolution a general purpose EDI system
common language.” requires addressing of the problem of heterogeneity at two
The national Institute of Standards and Technology says levels – exchanging documents over heterogeneous
that, “Electronic Data Interchange (EDI) is the computer – networks and the heterogeneity of document formats.
to – Computer interchange of strictly formatted messages The general architecture of the EDI system consists of four
that represent documents other than monetary instruments. layers: the application conversion layer, standard message
EDI implies a sequence of messages between two parties, formats layer, the data transport layer and the
either of whom may serve as originator or recipient. The interconnection layer
formatted data representing the documents may be
transmitted from originator to recipient via
telecommunications or physically transported on electronic
storage media”.

BUILDING BLOCKS OF EDI SYSTEMS: LAYERED


ARCHITECTURE :
As described above, two key concepts – electronic
document exchange and electronic messages – need to be
addressed for an EDI system to evolve. The real
networking environment that is used for purpose of
system(s), for EDI to operate, they need to convert the
internal company document format to a format that can be
understood by the system by the trading partner. When the
trading partners are small in number, converters for
various partner formats can be built. But, as the number of
partners with different internal formats increase, the task of
building converters for each proprietary format to other
formats becomes overwhelming. The fig. below shows a
number of converters for four trading partners with four
different proprietary message formats.

Application / Conversion Layer


The application layer consists of the actual business
applications that are going to be connected through the
EDI systems for exchange of electronic information. These
applications may use their own electronic record formats
and document formats for storing, retrieving, and
processing the information within each company’s
systems. Since each company’s system may have its own
proprietary format, which would be used by their
In case a need arises to handle a new proprietary format for
an additional partner, four new format conversion
programs have to be built. Thus, the approach is markedly
unsuitable for the general purpose EDI system. The
problem of heterogeneity of formats can be better
addressed using a common standard format for documents
/ messages transferred within the EDI system. The internal
processing systems continue to use the proprietary formats,
but, for transmission over the wire, they adopt a common
document / message format. In this case the conversion
program learns to translate the common message format to
the proprietary message format used by a system, and vice
– versa. The approach greatly simplifies the problem posed
by heterogeneity of proprietary message formats, as
depicted in the fig. below. Operational EDI systems follow The Standard Formats Layer
the second approach, in which all the documents that need The application layer of EDI systems rely on common
to be transmitted to the other systems are translated into agreed formats for operation. Thus, the second important
the standard format. The receiving systems accept the and critical building block of the EDI system is standards
for business documents / forms. Since the sender and
input in the standard format and convert it into the native
format used internally by the local system. receiver in the EDI systems have to exchange business
documents that can interpreted by all parties, it has
necessitated the development of form standards in EDI.
EDI form standards are basically data standards in that
they lay down the syntax and semantics of the data being
exchanged.
The grocery industry sector created the Uniform For example, a purchase order needs to be identified by all
Communication Standards (UCS) for addressing the EDI the EDI applications running on trading partner’s
standards requirement for their segment, which were later computers as being a purchase order from a particular
adopted by several other retail sectors. organization. Over a period of time, two major EDI
. In Europe on the other hand, the industry developed and standards have evolved. The first, commonly known as
adopted yet another set of standards. X12, was developed by the Accredited Standards X12
The shipping industry devised a set of standards called committee of the American National Standards Institute
Data Interchange for Shipping (DISH), the automobile (ANSI) and the second, the international standard, was
sector came up with a standard under the umbrella of developed by the United Nations EDI for administration,
Organization for Data Exchange by Tele Transmission in Commerce and Trade (EDIFACT)
Europe (ODETTE). ANSI X12
The need for an industry-wide EDI standards was widely The Accredited Standards Committee (ASC) X12 was set
felt and this lead to the formation of a Standard Committee up by the American National Standards Institute (ANSI )
in 1979 to develop cross-industry standards for exchanging
X12 under the auspices of American National Standards
electronic documents for use by all businesses in the
Institute (ANSI) United States. The committee developed ANSI ASC X12,
Document Standards commonly referred to as X12 standard. Today, EDI
standards are firm but not static, because the development
The cross-industry standardization of documents is at the
of EDI is a continuing effort. Specific industry groups are
core of smooth functioning of EDI systems. The
continuing to evolve new transaction sets that may be
interconnection among trading partners only serve the
better suited to standardization. The X12 standard sets the
purposing of exchanging information, but a document
framework and rules for electronic data interchange. It
exchanged between two trading partners needs to be
describes the format for structuring the data. The types of
recognized and interpreted correctly by the corresponding
documents that should be transmitted electronically, and
software systems running at various partners computers.
the content of each document. The identification numbers
for various forms, codes for a variety of fields, and types 1.The header contains the information that is common to
of information is also defined in the standard. The standard the whole document, such as date; from address; to
also defines the sequence of information flow. The X12 address; terms and conditions, tec. In the sample order
devised the standards to deal with transactions such as form shown in Fig., the following information is the
purchase order placement, order processing, shipping, header:
invoicing, and payments, to name a few. In the X12
standard, paper documents related to particular business
activities are mapped into a transaction set. It assigns a
numeric code to each of these transaction sets, in a manner
similar to the numbering of business forms followed at
many organizations.

The X12 standard defines a set of documents, referred to


as transaction sets, for a wide range of business transaction
forms. Each transaction set is given a numeric code, and
each transaction set is used and for defining the transfer of 2. Detail refers to line items that describe the actual
a single document (purchase order, manifest etc.) between
business transaction. In case of a purchase order, it may
the computers of two trading artners. The ata embedded in
a transaction set conveys the same information that is contain item number, description, quantity ordered, and
contained in the printed version of the document; usually, price information. In the sample order shown in Fig., the
it is a subset of the whole information on the printed
following information is the detail:
version. The printed version of the document can be
thought of as containing three distinct types of information
– header, detail, and summery.
X12, Trade Data Interchange (TDI) standards developed
and deployed by much of Europe and the United Kingdom.

The GE.1 group of UNEC / EDIFACT deals with data


element and rules and formats for automated data
exchange. The GE.1 group also coordinates the six
EDIFACT boards set up for Western Europe, Eastern
3. Summery refers to the control information and other Europe, Pan America, Australia/New Zealand, Asia, and
components that refer to the complete transaction. In case Africa. The Asia EDIFACT board (AEB) consists of
of a purchase-order, it may refer to order value. In the members like India, Japan, Korea, Hong Kong, China,
sample order form example, the summery information Singapore, Taiwan, and Malaysia.
refers to the following.
EDIFACT – An International Standard The basic unit of communication among EDI Trading
In 1987, the United Nations announced an international Partners, defined by EDIFACT, is an interchange.
standard called EDI for Administration, Commerce, and
Transport (EDIFACT). The EDIFACT standard is Data Transport Layer
promoted by the United Nations Economic Commission, The data transport layer consists of services that automate
which is responsible for the adoption and standardization the task of electronic transfer of messages. In a typical
of messages. The International Standards Organization purchase process, once a purchase order has been prepared
(ISO) has been entrusted with the responsibility of and printed in the standard format, it is placed in an
developing the syntax and data dictionary for EDIFACT. envelope and dispatched through postal or courier services
EDIFACT serves the purpose of trans-border to the supplier. The content and structure of the purchase
standardization of EDI messages. EDIFACT combines the order is defined in the standards layer and is separate from
efforts of American National Standards Institute’s ASC the transport/ carrier mechanism. The layer utilizes any of
the available network transport services such as electronic
mail; file transfer protocol; Telnet based remote X.435 standard consists of definition of normal EDI
connection and transfer; or even the Hyper Text Transfer messages and a set of EDI "notifications" to address the
Protocol (HTTP) that drives the World Wide Web. security requirement.
Electronic mail has emerged as the dominant means for In order to achieve equivalence to the security control
transporting EDI messages. EDI documents/ messages are offered by the paper-based systems, it has three types of
exchanged through network infrastructure as electronic notifications.
mail messages. Electronic mail is used only as a carrier for • A positive notification – It indicates that the
transporting formatted EDI messages by the EDI recipient has received the document and accepts the
Document Transport Layer. The structured message, responsibility for it;
delivered by the electronic mail, is interpreted by the • A negative notification- It indicates that the recipient
receiving software, which is capable of comprehending the received but refused to accept the document. The
structure of the EDI standard information. reason for refusal is attached with the notification.
The data transport layer consists of services that automate A forwarding notification- It indicates that the
the task of electronic transfer of messages. document was received, but
The Electronic Mail exchanged through the network forwarded to another recipient
infrastructure has emerged as the dominant means for Inter Connection Layer
transporting the EDI messages. It refers to the network infrastructure that is used for the
The electronic mail is used only as a carrier for exchange of information between trading partners. In the
transporting the formatted EDI messages by the EDI simplest and most basic form it may consist of dial-up
Document Transport Layer. lines, where trading partners dial-up through modem to
ITU-T has adopted X.435 (X.400-based) standards to each other and connect to exchange the messages as
support electronic data interchange (EDI) messaging. illustrated in the following:
Value Added Network (VAN):
The leased lines and I-way, Internet or any reliable A value-added network (VAN) is a private network
network infrastructure that can provide ability of provider (sometimes called a turnkey communications
interconnection can be used. Through the interconnection, line) that is hired by a company to facilitate electronic
data interchange (EDI) or provide other network
the EDI partners are able to achieve document exchanges
services.VANs are third-party communication networks
between themselves established for exchanging EDI traffic amongst the
partners. Various businesses (trading partners) subscribe
to the VAN services. For every subscriber, the VAN
maintains an account, which serves as an electronic post
office box for the subscriber, for sending and receiving the
EDI messages. The subscriber’s account receives and
accumulates all incoming mail from other partners that can
be viewed by the account owner as and when they connect
to the VAN account. There are a number of third-party
Value Added Network providers in the market place.
Many of the VANs today, also offer the document
exchange ability of EDI documents with other VANs
The vast majority of EDI still occurs via EDI Networks,
which in the days prior to the Internet were referred to as
Value-Added Networks (VANs). The growth of flexible,
low-cost approaches, such as Web EDI or EDI via AS2,
has begun to change this situation but the EDI Network is
still the preferred option due to the value- added services
that these providers can deliver. Often companies look to
implement a hybrid strategy in which different types of
EDI are implemented as appropriate to the business, but
the EDI Network remains the core to these installations.
The EDI Network is simply a secure network where EDI
documents can be exchanged between business partners.
An organization will be provided with a mailbox. In addition to secure communications, EDI Networks
Documents are sent and received from there and the deliver:
organization checks the mailbox periodically to retrieve its
documents. Most EDI Network Services providers offer an  Full mailbox service. Messages are automatically
alerting service that informs the sender when messages routed to the correct mailbox. Business partners
have been sent successfully and also notifies the recipient connect to the EDI Network to retrieve their
that a new message is waiting. messages
 Inspection and authentication of all EDI messages.
The EDI Network will verify the identity of the
The enduring appeal of EDI Networks is based upon the
business partner and validity of the message
value-added services that the EDI Network Services  Full audit trail. All EDI messages are tracked and
provider delivers recorded
 Message notification. Business partners are notified
 Community and business partner enablement when message enters their mailbox
 Back-office integration  Ancillary services. EDI Network Service providers
 Management information offer an extensive range of services including data
 Fully managed services (EDI Outsourcing) backup and recovery, document mapping and
compliance
Benefits and application of EDI evident that much of these problems are caused either by
delays in the transmission of printed documents, loss of
documents in transition, or due to errors in the
 Reduces Lead Time transcription of the printed information into the electronic
In the EDI environment, the exchange of documents form. The instantaneous transfer of business documents
among trading partners happens electronically through over the network in electronic form and confirmation of
interconnected computers. The process of transferring the the same addresses the first problem, thereby making
documents is instantaneous, offering weeks of time savings nearly impossible for documents to arrive in wrong
compared to the traditional environment that used postal / sequence. Also, since the documents are received in
courier based exchange of printed documents. Also, the electronic form, the need to re-enter the same data is not
direct electronic transfer of documents between inter- there and, as a result, transcription errors are totally
organizational systems eliminates the chance of error due eliminated.
to re-entry of data printed on paper from one system to  Reduces Redundancy
another system. As it streamlines the information flow, the As all the documents exchanged between trading partners
cycle time is reduced drastically. In the environment, are stores in an electronic mailbox, documents can be
order-processing, shipping of goods, and invoice- accessed, retrieved, and examined at any point of time.
preparation and transmission can all be done within a Either trading partner can access, examine, and make a
matter of a few hours compared to the days/ weeks it takes copy of the document from the electronic box instantly.
in a non-EDI environment. Contrast it with the non-EDI system; it may take hours, or
 Improves Coordination with Supplies even days, to locate and retrieve a printed business
Traditional trading environments are often burdened with document from the past. Many a time, trading partners file
the problem of mismatched invoices, un-matching terms in copies of the same document at multiple places. The EDI
quotations and purchase-orders, missing invoices even environment eliminates the need for multiple copies and
after the bill for payment is received and many similar reduces redundancy without compromising the
inter-business problems. On careful examination, it will be accessibility and retrieval of old documents.
quicker settlement of accounts. The reduced transaction
 Expands the Market Reach friction saves money and the supplier is in a better
position to offer the items at cheaper costs, leading to
Most large manufacturers like General Motors deal
improve revenue realizations and sales.
with EDI-enabled suppliers only. In the process of
streamlining the purchase process they often institute a
Applications of EDI:
value-added network. By being a part of their value-
The ability to exchange documents electronically has
added network, many opportunities open up for
been found to facilitate coordination between the
supplying the material to some other larger supplies
partners, reduce the lead time and thus reduce
who are also a part of the network. Also, with the
inventory. Although, large manufacturing and
growth of electronic commerce and further integration
transportation companies were the early birds who
of EDI with electronic commerce, the creation of an
recognized the advantages, any of the other industry
electronic marketplace by large manufacturers who buy
segments also stand to benefit from electronic
supplies from many large and small suppliers, has
document exchange. The health care, and financial
become a reality. By participating in this large market
sectors and cross-border trade facilitated through
place you are likely to pick many orders from other
electronic document exchanges including customs
suppliers who are a part of the market/ place / network.
service – have been some other sectors that adopted and
The General Electric initiated Trade Process Network
derived the returns from EDI.
(tpn.com) is a prime example of such a marketplace.

 Increases Revenue and Sales


Many large organizations use EDI and trade with other
EDI-enabled suppliers. The efficiency brought about by
EDI reduces the total transaction friction by eliminating
paperwork and related errors that ensure. It also leads to
Architectural framework of Electronic E-mail, Electronic bulletin boards, EFT(electronic fund
transfer) and other similar technologies.
Commerce: E-Commerce is used to describe a new online approach to
perform traditional function such as payment and fund
transfer, order entry and processing inventory management
involving cargo tracking, electronic catalogue etc.
Advertising, marketing and customer support functions are
also a part of E-commerce application. No single
technology can provide the full potential of E-commerce.
Therefore we require an integrated architecture which is
revolving in the form of WWW as E-commerce is
becoming more matured. Thus we need
To develop sophisticated applications on WWW.

Architectural framework of E-commerce:


A Frame Work is intended to define and create tools that
integrate the information found in today’s closed system
and allows the development of E-commerce applications.
Architectural framework should focus on synthesizing the
diverse resources already in place incorporation to
facilitate the integration of data and software for better use
and application.
The E-commerce applications architecture consists of 6
layers of functionality or services. They are
Apply computer technology to improve business process 1. Application Services
2. Brokerage Services
and information exchange both within the an organization
and across the organization. E-commerce is used to devote 3. Interface support layer
proper exchange of business information using EDI, 4. secure messaging & EDI
5. Middleware, structured document interchange.
6. Network infrastructure and providing communication
services. (c) Intra Organizational transactions:
This is called as market driven transaction. A company
becomes market driven by dispersing throughout the firm
information about his customers and competitors by
1. Application services: spreading strategic and tactical decision making so that all
It will be composed of existing and future applications units can participate and by continuously monitoring their
based on innate architecture. The three distinct customer commitment. To maintain relationships that are
classes of E-commerce applications can be distinguished critical, to deliver superior customer value management,
as most pay close attention to both before and after sales. A
a) Consumer to Business market driven business develops a comprehensive
(b) Business to Business understanding of its customer business and how customers
(c) Intra organization. in the immediate and downstream markets perceive value.
(a) Consumer to Business: Three major components of
We call this enterprise market place transaction. In market market driven transactions are
place transaction customer learn about product differently (i) Customer orientation through product and service
through Electronic publishing by them differently using customization
Electronic cash and secure payment and have (ii) Cross functional coordination through enterprise
themdeveloped differently. integration, marketing and advertising.
(iii) Customer service.
(b) Business to Business: 2. Information Brokerage and management:
This is called as market link transaction. Here business, This layer provides service integration through the notion
govt and other organizations depend on computer to of information brokerages. Information brokerage is used
computer communication as a fast, economical dependable to represent an intermediary which provides service
way to conduct business transactions. They include the use integration between customer and information providers,
of EDI and E-mail for Purchasing goods and services, given some constraints such as low price, fast service,
buying information and consulting services, submitting profit maximization for a
requests for proposals and receiving proposals. client. Information brokerage addresses the issue of adding
value to the information that is retrieved. Brokerage
function can support data management and traditional any server appear as a local file. Thus directories play an
transaction services. Brokerage may provide tools to important role in information
accomplish more sophisticated tasks such as time delay Management functions.
updates or feature comparative
transaction.
At the heart of this layer lies the work flow scripting 4. Secure messaging and structure document
environment that built on software agent model that interchange service:
coordinate work and data flow among support services. The importance of fourth layer is secured messaging.
Software agents are mobile programmers that have been Messaging is a software that sits between the network
called as “healthy viruses” , “digital butlers” , and infrastructure and the clients or e-commerce applications.
“intelligent agents”. Agents are encapsulations of users Messaging services offer solutions for communicating non
instructions that perform all kinds of tasks in electronic formatted data such as letters, memo, reports etc as well as
market places spread across the network. formatted data such as purchase order, shipping notices
and invoice etc. messaging support both for synchronous
3. Interface support service: (immediate) and asynchronous (delay) messaging. When a
The third layer interface and support services will provide message is sent work continuous (software does not wait
interface for e commerce applications such as interactive for response). This allows the transfer of messages through
catalogues and will support directory services etc., store and forward methods. With messaging tools people
functions necessary for information search and access. can communicate and work together more effectively, no
Interactive catalogues are customized interface to matter where they are located. The main disadvantages of
consumer applications such as home messaging are the new types of applications it enables ,
shopping. An interactive catalogue is an extension of paper which appear to be more complex especially to traditional
based catalogues and incorporates additional features such programmers.
as sophisticated graphics and video to make advertising 5. Middleware services:
more attractive. Middleware is a relatively new concept that emerged only
Directories on the other hand operate behind the scenes recently. Middleware is a mediator betweendiverse
and attempt to organize the huge amounts of information software programs that enable them to talk with one
and transactions generated to facilitate electronic
another. It solves all the interface, translation,
commerce. Directory services databases make data from
transformation and interpretation problems that were (2) Transaction security management:
driving application programmers crazy. Another reason for The two broad categories of security ( management )
Middleware is the computing shift from application centric services for transaction processing are(a) Authentication
to data centric. i.e., remote data controls all of the (b) Authorization.
applications in the network instead of applications Transaction integrity must be given for business that
controlling data. To achieve data centric computing cannot afford any loss or inconsistency in data. For E-
middleware services focus on three elements. commerce , middleware provides qualities expected in a
(1) Transparency standard transaction processing ( T.P) system i,e. the so
(2) Translation security management called ACID ( Atomicity, consistency, isolation, Durability
(3) Distributed object management and services
(3) Distributed Object Management:
(1) Transparency: Object orientation is proving fundamental to the
Transparency implies that users should be unaware that proliferation of network based application for the
they are accessing multiple systems. Transparency is following reasons. It is hard to write a network based
essential for dealing with higher level issues than physical application without either extensive developer retaining or
media interconnections that the underlying network technology that adopts the difficulties of the network.
infrastructure is in charge of. Transparency iaccomplished objects are defined as combination of data and instructions
using middleware that facilitates a distributed computing acting on the data. objects are an evolution of more
environment. This gives users and applications transparent traditional programming concept of functions and
access to data, computation and other resources procedures. A natural instance of an object in E-commerce
across collection of multi vendor heterogeneous systems. is a document. A document carries data and often carries
instructions about the action to be performed on the data.
Middleware acts as an integrator for various standard
protocols such as TCP(transmission control protocol) IP
(Internet protocol), OLL
Hyper text Publishing uploading and downloading copies of files to the local
Web provides a functionality necessary for e-commerce. computer.
The web has become an umbrella for wide range of File transfer applications provides the ability to
concepts and technology that differ markedly in purpose download/upload files between connected computers.
and scope which include hypertext publishing concept, the the application comprises of two components, the ftp
universal reader concept and the client server concept. server and the client
Hypertext publishing promotes the idea of seamless
information world in which all online information can be
accessed and retrieved. In a constant and simple way
hypertext publishing is a primary application of web
interest in hypermedia. On the internet ( called distributed
or global hypermedia). As accelerated shortly following
the success of web media and browser. This success has
been aided by more powerful work station high resolution
graphic display faster network communication and
decreased cost for large online service. The protocol requires the client login to the ftp server. on
successful login ,client can browse through the list of files
Electronic Commerce: Information distribution and and directories available under the login account. it can
messaging: request to transfer a file from the server machine to the
clients’ machine(downloading) or transfer a file from
FTP(file transfer protocol) application: clients machine to servers machine(uploading) file. the ftp
supports both batch as well as interactive uses. the protocol
FTP is both a program and the method used transfer only specifies mode of interaction between ftp server and
files between computers on the internet. FTP permits a clients running on two computers. So file type like ASCII
user to traverse distant computers directory structure, AND image(binary).
E-mail:
E-mail is an internet application that offers the ability to
exchange message among users on remote computer. a
system for exchanging written, voice and video messages
through computer network.

Whenever you send a piece of e-mail, your e-mail client


interacts with the SMTP server to handle the sending. The
SMTP server on your host may have conversations with
other SMTP servers to deliver the e-mail.
Let's assume that I want to send a piece of e-mail. My e-
mail ID is brain, and I have my account on
howstuffworks.com. I want to send e-mail to
jsmith@mindspring.com.  You send an email with your webmail or mail client from
your address (e.g. mark@website.com) to a given recipient
(e.g. jane@domain.com). In jargon, the webmail or client
is called Message User Agent, or MUA.
 The message is sent normally via port 25 to an SMTP
server (named for instance mail.website.com) which is
given to your client when you set it up and acts as a
Message Transfer Agent or MTA. Client and server start a WWW SERVER:
brief "conversation" where the latter checks all the data
concerning the message's transmission (sender, recipient,
domains, etc.). Note that SMTP language defines only the
message's transmission, and doesn't deal with its body
content.
 Then, if the domain where your recipient has his account is
directly connected to the server, the email is immediately
delivered. If it's not the case, the SMTP hands it to
another incoming server closer to the recipient (in jargon
these passages are called relays). In our example, the
Website server connects with the Domain server, which (if
everything has gone right) receives the email and stores it.
 What if the recipient's server is down or busy? The SMTP
host simply drops the message to a backup server: if none The World Wide Web (WWW) is an information
of them is available, the email is queued and the delivery is space where documents and other web resources are
retried periodically. After a determined period, however,
identified by URLs, interlinked by hypertext links, and can
the message is returned as undelivered.
be accessed via the Internet. The World Wide Web was
 If there are no issues, however, the final segment is invented by English scientist Tim Berners-Lee in 1989. He
controlled by POP, another protocol that picks up the wrote the first web browser in 1990 while employed
email from the receiving server and puts it into the
at CERN in Switzerland.
recipient's inbox.
It has become known simply as the Web. The World Wide
Web was central to the development of the Information
Age and is the primary tool billions of people use to The following example demonstrates the functioning of a
interact on the Internet. The terms Internet and World Wide web browser when accessing a page at the
Web are often used without much distinction. However, the URL http://www.example.org/home.html . The browser
two are not the same. The Internet is a global system of resolves the server name of the URL ( www.example.org )
interconnected computer networks. In contrast, the World into an Internet using the globally distributed Domain
Wide Web is one of the services transferred over these Name System (DNS). This lookup returns an IP address
networks. It is a collection of text documents and other such as 203.0.113.4 or 2001:db8:2e::7334. The browser
resources, linked by hyperlinks and URLs, usually then requests the resource by sending an HTTP request
accessed by web browsers, from web servers. Viewing across the Internet to the computer at that address. It
requests service from a specific TCP port number that is
a web page on the World Wide Web normally begins
well known for the HTTP service, so that the receiving
either by typing theURL of the page into a web browser, or
host can distinguish an HTTP request from other network
by following a hyperlink to that page or resource. The web
protocols it may be servicing. The HTTP protocol
browser then initiates a series of background normally uses port number 80.
communication messages to fetch and display the
requested page. In the 1990s, using a browser to view web
HTTP:
pages and to move from one web page to another through
hyperlinks came to be known as 'browsing,' 'web surfing' The Hypertext Transfer Protocol (HTTP) is an application
(after channel surfing), or 'navigating the Web'. Early protocol fordistributed,collaborative, hypermedia informati
studies of this new behavior investigated user patterns in on systems. HTTP is the foundation of data
using web browsers. One study, for example, found five communication for the Web. Hypertext is structured text
user patterns: exploratory surfing, window surfing, evolved that uses logical links (hyperlinks) between nodes
surfing, bounded navigation and targeted navigation. containing text. HTTP is the protocol to exchange or
transfer hypertext. The standards development of HTTP
was coordinated by the Internet Engineering Task request and may also contain requested content in its
Force (IETF) and the World Wide Web message body.
Consortium (W3C), culminating in the publication of a
series of Requests for Comments (RFCs).
HTTP is a set of rules that World Wide Web clients and
servers use to communicate over the network. http is
request/response protocol between clients and servers
A web server is a computer system that processes requests
via HTTP, the basic network protocol used to distribute
information on the World Wide Web. The term can refer to
the entire system, or specifically to the software that Sender request line:
accepts and supervises the HTTP requests. HTTP functions A request line (e.g., GET /images/logo.png HTTP/1.1,
as a request–response protocol in the client–server which requests a resource called /images/logo.png from
computing model. A web browser, for example, may be the server).
the client and an application running on a Request header fields (e.g., Accept-Language: en).
computer hosting a website may be the server. The client An empty line.
submits an HTTP request message to the server. The An optional message body.
server, which provides resources such as HTML files and
other content, or performs other functions on behalf of the Response message:
client, returns a response message to the client. The A status line which includes the status code and reason
message (e.g., HTTP/1.1 200 OK, which indicates that
response contains completion status information about the
the client's request succeeded).
Response header fields (e.g., Content-Type: text/html). 2. Serving web pages generated by running gateway
An empty line. programs.
An optional message body. 3. Controlling access to the server.
4. Logging server access and errors statistics.
WEB SERVERS IMPLEMENTATION: Example:
Web server on the internet ,the original implementation APACHE software foundation distributed the web server
done by Tim Berner-Lee’s team came to be known as the
under public domain software license policy. It can be
CERN implementation.
freely downloaded and installed from the apache
Web client is the sending and receiving of information
where the web server is storing the in Web server software website.(http:/www.apache.org) Apache is a freely
(e.g. Apache, IIS, NGINX, Lighttpd) usually is used to available Web server that is distributed under an "open
deliver content and most of times it runs on servers located source" license. Version 2.0 runs on most UNIX-based
in data centers. Web client is an application (e.g. Internet
Explorer, Firefox, Chrome, Safari, Opera) running on a operating systems (such as Linux, Solaris, Digital UNIX,
local device (desktop, notebook, cell phone) used to and AIX), on other UNIX/POSIX-derived systems (such as
interact mainly with Web servers even though you can use Rhapsody, BeOS, and BS2000/OSD), on Amiga OS, and
your Web client to access servers running protocols others
on Windows 2000.
than HTTP and HTTPS.

Today, web servers provide the following four major NCSA HTTPd was a web server originally developed at
features. the NCSA by Robert McCool and others. First released in
1. Serving static web pages 1993, It was among the earliest web servers developed,
following Tim Berners-Lee's CERN httpd, Tony Sanders'
Plexus server, and some others. Web Documents that you
view on the Internet are stored on different Web servers.
Web servers are computers on which Web documents
reside and run HTTP software to permit Web transactions.
CERN and NCSA are the two organizations that provide
Web Server software, such as CERN http and NCSA httpd,
respectively.
UNIT-3 LANs are restricted in size, which means that the worst-
case transmission time is bounded and known in advance.
Electronic Commerce:
Knowing this bound makes it possible to use certain kinds
Network infrastructure: of designs that would not otherwise be possible. It also
LAN(local area network): simplifies network management. LANs may use a
Local area networks, generally called LANs, are privately- transmission technology consisting of a cable to which all
owned networks within a single building or campus of up the machines are attached, like the telephone company
to a few kilometres in size. They are widely used to party lines once used in rural areas. Traditional LANs run
connect personal computers and workstations in company at speeds of 10 Mbps to 100 Mbps, have low delay
offices and factories to share resources (e.g., printers) and (microseconds or nanoseconds), and make very few errors.
exchange information. LANs are distinguished from other Newer LANs operate at up to 10 Gbps Various topologies
kinds of networks by three characteristics: are possible for broadcast LANs. Figure1 shows two of
(1) Their size, them. In a bus (i.e., a linear cable) network, at any instant
(2) Their transmission technology, and at most one machine is the master and is allowed to
(3) Their topology. transmit. All other machines are required to refrain from
sending. An arbitration mechanism is needed to resolve
conflicts when two or more machines want to transmit
simultaneously. The arbitration mechanism may be
centralized or distributed. IEEE 802.3, popularly called
Ethernet, for example, is a bus-based broadcast network
with decentralized control, usually operating at 10 Mbps to
10 Gbps. Computers on an Ethernet can transmit whenever
they want to; if two or more packets collide, each
computer just waits a random time and tries again later.
WAN(wide area network):
ETHERNET LAN: A wide area network, or WAN, spans a large geographical
Ethernet is the most widely-installed local area network (
area, often a country or continent. It contains a collection
LAN) technology. Specified in a standard, IEEE
of machines intended for running user (i.e., application)
802.3, Ethernet was originally developed by Xerox from
programs. These machines are called as hosts. The hosts
an earlier specification called Alohanet (for the Palo Alto
are connected by a communication subnet, or just subnet
Research Center Aloha network) and then developed
for short. The hosts are owned by the customers (e.g.,
further by Xerox, DEC, and Intel. Well, the computer has
people's personal computers), whereas the communication
as ethernet port on it, into which you plug a patch cord,
subnet is typically owned and operated by a telephone
which plugs into the ethernet jack on the wall. There's a
company or Internet service provider. The job of the
wire behind that thing that runs back to the wiring closet
subnet is to carry messages from host to host, just as the
where it is attached to the patch panel.
telephone system carries words from speaker to listener.
Separation of the pure communication aspects of the
network (the subnet) from the application aspects (the
hosts), greatly simplifies the complete network design. In
most wide area networks, the subnet consists of two
distinct components: transmission lines and switching
elements. Transmission lines move bits between machines.
They can be made of copper wire, optical fiber, or even
radio links. In most WANs, the network contains
numerous transmission lines, each one connecting a pair of
routers. If two routers that do not share a transmission line When a packet is sent from one router to another via one or
wish to communicate, they must do this indirectly, via more intermediate routers, the packet is received at each
other routers. intermediate router in its entirety, stored there until the
required output line is free, and then forwarded. A subnet
organized according to this principle is called a store-and-
forward or packet-switched subnet. Nearly all wide area
networks (except those using satellites) have store-and-
forward subnets. When the packets are small and all the
same size, they are often called cells.
The principle of a packet-switched WAN is so important.
Generally, when a process on some host has a message to
be sent to a process on some other host, the sending host
first cuts the message into packets, each one bearing its
number in the sequence. These packets are then injected
into the network one at a time in quick succession. The
packets are transported individually over the network and
deposited at the receiving host, where they are reassembled
into the original message and delivered to the receiving notable internet is called the Internet (uppercase letter I), a
process collaboration of more than hundreds of thousands of
interconnected networks

THE INTERNET :

The Internet has revolutionized many aspects of our daily


lives. It has affected the way we do business as well as the
way we spend our leisure time. Count the ways you've
used the Internet recently. Perhaps you've sent electronic
mail (e-mail) to a business associate, paid a utility bill,
read a newspaper from a distant city, or looked up a local
movie schedule-all by using the Internet. Or maybe you
researched a medical topic, booked a hotel reservation,
chatted with a fellow Trekkie, or comparison-shopped for
a car. The Internet is a communication system that has
brought a wealth of information to our fingertips and
organized it for our us A network is a group of connected
communicating devices such as computers and printers. An
Private individuals as well as various organizations such as
internet (note the lowercase letter i) is two or more government agencies, schools, research facilities,
networks that can communicate with each other. The most corporations, and libraries in more than 100 countries use
the Internet. Millions of people are users. Yet this Protocol (NCP) provided communication between the
extraordinary communication system only came into being hosts.
in 1969.In the mid-1960s, mainframe computers in In 1972, Vint Cerf and Bob Kahn, both of whom were part
research organizations were standalone devices. of the core ARPANET group, collaborated on what they
Computers from different manufacturers were unable to called the Internetting Projec1. Cerf and Kahn's landmark
communicate with one another. The Advanced Research 1973 paper outlined the protocols to achieve end-to-end
Projects Agency (ARPA) in the Department of Defense delivery of packets. This paper on Transmission Control
(DoD) was interested in finding a way to connect Protocol (TCP) included concepts such as encapsulation,
computers so that the researchers they funded could share the datagram, and the functions of a gateway. Shortly
their findings, thereby reducing costs and eliminating thereafter, authorities made a decision to split TCP into
duplication of effort. two protocols: Transmission Control Protocol (TCP) and
In 1967, at an Association for Computing Machinery Internetworking Protocol (lP). IP would handle datagram
(ACM) meeting, ARPA presented its ideas for ARPANET, routing while TCP would be responsible for higher-level
a small network of connected computers. The idea was that functions such as segmentation, reassembly, and error
each host computer (not necessarily from the same detection. The internetworking protocol became known as
manufacturer) would be attached to a specialized TCP/IP.
computer, called an inteiface message processor (IMP). The Internet has come a long way since the 1960s. The
The IMPs, in tum, would be connected to one another. Internet today is not a simple hierarchical structure. It is
Each IMP had to be able to communicate with other IMPs made up of many wide- and local-area networks joined by
as well as with its own attached host. By 1969, ARPANET connecting devices and switching stations. It is difficult to
was a reality. Four nodes, at the University of California at give an accurate representation of the Internet because it is
Los Angeles (UCLA), the University of California at Santa continually changing-new networks are being added,
Barbara (UCSB), Stanford Research Institute (SRI), and existing networks are adding addresses, and networks of
the University of Utah, were connected via the IMPs to defunct companies are being removed. Today most end
form a network. Software called the Network Control users who want Internet connection use the services of
Internet service providers (lSPs). There are international
service providers, national service providers, regional
service providers, and local service providers. The Internet
today is run by private companies, not the government.

TCP/IP REFERENCE MODEL:

The TCP/IP reference model was developed prior to OSI


model. The major design goals of this model were,
1. To connect multiple networks together so that they
appear as a single network.
2. To survive after partial subnet hardware failures.
3. To provide a flexible architecture.

Unlike OSI reference model, TCP/IP reference model has


only 4 layers. They are,
1. Host-to-Network Layer
2. Internet Layer The Transport Layer:
Host-to-Network Layer: The layer above the internet layer in the TCP/IP model is
The TCP/IP reference model does not really say much now usually called the transport layer. It is designed to
about what happens here, except to point out that the host allow peer entities on the source and destination hosts to
has to connect to the network using some protocol so it can carry on a conversation, just as in the OSI transport layer.
send IP packets to it. This protocol is not defined and Two end-to-end transport protocols have been defined
varies from host to host and network to network. here. The first one, TCP (Transmission Control Protocol),
Internet Layer: is a reliable connection-oriented protocol that allows a byte
stream originating on one machine to be delivered without
This layer, called the internet layer, is the linchpin that
error on any other machine in the internet. It fragments the
holds the whole architecture together. Its job is to permit
incoming byte stream into discrete messages and passes
hosts to inject packets into any network and have they
each one on to the internet layer. At the destination, the
travel independently to the destination (potentially on a
receiving TCP process reassembles the received messages
different network). They may even arrive in a different
into the output stream. TCP also handles flow control 26 to
order than they were sent, in which case it is the job of
make sure a fast sender cannot swamp a slow receiver with
higher layers to rearrange them, if in-order delivery is
more messages than it can handle. The second protocol in
desired. Note that ''internet'' is used here in a generic sense,
this layer, UDP (User Datagram Protocol), is an unreliable,
even though this layer is present in the Internet.
connectionless protocol for applications that do not want
The internet layer defines an official packet format and
TCP's sequencing or flow control and wish to provide their
protocol called IP (Internet Protocol). The job of the
internet layer is to deliver IP packets where they are own. It is also widely used for one-shot, client-server-type
supposed to go. Packet routing is clearly the major issue request-reply queries and applications in which prompt
here, as is avoiding congestion. For these reasons, it is delivery is more important than accurate delivery, such as
reasonable to say that the TCP/IP internet layer is similar transmitting speech or video. The relation of IP, TCP, and
in functionality to the OSI network layer. Fig. shows this UDP . Since the model was developed, IP has been
correspondence. implemented on many other networks.
The Application Layer:

The TCP/IP model does not have session or presentation


layers. On top of the transport layer is the application
layer. It contains all the higher-level protocols. The early
ones included virtual terminal (TELNET), file transfer
(FTP), and electronic mail (SMTP). The virtual terminal
protocol allows a user on one machine to log onto a distant
machine and work there. The file transfer protocol
provides a way to move data efficiently from one machine
to another. Electronic mail was originally just a kind of file
transfer, but later a specialized protocol (SMTP) was
developed for it. Many other protocols have been added to
these over the years: the Domain Name System (DNS) for
mapping host names onto their network addresses, NNTP,
the protocol for moving USENET news articles around,
and HTTP, the protocol for fetching pages on the World
Wide Web, and many others. DOMAIN NAME SYSTEMS(DNS):

The Internet Domain Name System (DNS) is used to


provide a mapping between these two alternative
identification approaches: the human-oriented domain
name and the delivery-oriented IP address. Its most
common usage is to look up the IP address corresponding
to a known domain name.
The DNS Namespace is based on a "tree" structure, with a 1. A name server provides domain-name-to-IP-
small number of generic Top Level address mappings (and a few other functions, but
Domains (eg, .com, .edu, .org) and a large number of "looking up" IP addresses is the most common) for
country-based domains (eg .au, .my, .uk). Each TLD one or more zones, which are sub-trees of the
supports a group of "second-level" domains, and so on, all domain name space. For example, sheoak is a
the way down to individual hosts. nameserver for the
zone bendigo.latrobe.edu.au. This means that if I
want to look up a particular IP address in that zone,
I can ask sheoak.
2. Exactly which server is responsible for a particular
zone is specified in start of authority (SOA) RRs.
An SOA RR specifies, for the particular name
server, the zones for which it has authority. It also
has the email address of the site administrator, a
unique serial number.

There are a limited number of top-level domains (TLDs),


including:
1. A domain name is a dotted sequence describing a
path through the name hierarchy from the root, • .edu, educational
maybe with a trailing dot, thus:
bindi.bendigo.latrobe.edu.au. • .com, commercial
2. An individual name component must be less than • .gov, government
63 characters, must begin with a letter, etc... • .org, non profit
3. Upper and lowercase may be used, although name • .net, networking organizations
lookups are case insensitive by definition.

DNS Servers and Resolvers


INTERNET INDUSTRY STRUCTURE In 1986,the national science foundation(NSF) of USA
created a nationwide backbone interconnecting the six
supercomputer centres.the original backbone was handed
over for five years to the leading communication company
(MCI)for upgrading and operating it. moreover four
network access providers(NAP)were created as central
points to interconnect commercial backbones. These four
NAPs are located in san Francisco,Chicago,Washington
DC,and new jersey, operated by
pacbell,amertitech,worldcom etc.. network access
points(NAP’S) are central points, which interconnect many
different national backbones and internet service
providers(ISP’S).these ISP’s offer connectivity through the
local internet point of presence(IPOP)to other internet
service providers who operate locally and thus have local
IPOP.business organizations and home users connect to the
local IPOP provider, which in turn is connected to the
backbone and ultimately to NAP. The private network
access points(PNAP) are technically identical to a NAP,
but interconnect peer backbone ISPs are even peer local
ISPs.
Electronic Commerce: NASA, Whitehouse , FBI, CNN , EBay, and Amazon have
all have been hacked and defaced by intruders at one point
SECURING THE BUSINESS ON INTERNET: or the other.

VULNERABILITY OF INFORMATION ON INTERNET: In the Internet based business environment, business and
transaction information is hosted on a site that runs
The internet offers tremendous cost savings and services such as web and mail. Thus, Comprehensive
productivity gains, as well as significant for generating handling of the security of an internet based business
revenue, to the business, however, along with the required addressing the security issue at the following
convenience and easy access to information come new three levels:
risks. Among them is the risk that valuable data or
information may be lost, stolen, corrupted, or misused. 1. Site Security – Security of the host computer
Information recorded electronically, and available on 2. Services Security - Security of information
networked computers, is more vulnerable compared to the distribution services such as HTTP servers , SMTP
same information being printed on paper and locked in a servers , FTP servers
file cabinet. 3. Transaction Security – Since the transaction
information travels over the wire, it needs to secured
In the increasingly competitive environment, getting from intruders trying to access and comprehend or
access to his competitors’ financial, design and other tamper with it.
transactional information. Cyber intrusions between Indian
and Pakistani hackers, assaulting and defacing web sites
controlling by other sides, and Taiwanese and Chinese
hacking into sites supporting view points , other than there
are some common examples of this vulnerability . The
websites of Bhabha Atomic Research Center ( BARC) ,
National Informatics Center( NIC) of India , Microsoft ,
SECURITY POLICY , PROCEDURES AND  Guidelines for reacting to site compromise ( e.g
PRACTICES: whether to trace intruder or shutdown and rebuild
the system)
SECURITY POLICY:
Technological support for the security policy includes
A security policy is a formal statement of the rules by options like :
which people with access to an organization’s technology
and information assets must abide, to ensure the security of  Challenge/response systems for authentication
these assets. It provides a framework for making specific  Encryption systems for confidential storage and
transmission of data
decision such as which defense mechanisms to use and
 Network tools such as firewalls and proxy servers
how to configure services . It is the basis for developing  Auditing systems for accountability and event
secure programming guidelines and procedures , for users reconstruction
and system administrators to follow .

A security policy generally covers the following aspects: SECURITY RELATED PROCEDURES AND PRACTICES:

 High-level description of the technical environment Procedures are specific steps to be followed, based on the
of the site, the legal environment ( governing security policy. Procedures address such as connecting to
laws),the authority of the policy , and the basic the site’s system from home or while travelling, retrieving
philosophy to be used when interpreting the policy .
programs from the network using encryption,
 Risk analysis to identity the site’s assets , the threats
authentication for issuing accounts, configuration and
existing against those assets and the costs of assets
loss monitoring.
 Guidelines for system administrators on how to
manage the systems
 Definition of acceptable use for users
SECURITY PRACTICES: functionality to legitimate clients, without any
breakdown.occasionally,a hacker may try to break-in and
System administration practices play a key role in network disrupt the services or alter the contents of the site which
security. some commonly recommended practices are: may be embarrassing to the organization.
A site may be wish to provide many services to its users,
 Implement a one-time password system,ensure that
some of which may be external. Services which are
all accounts have a password and these passwords
are difficult to guess. essential to the security or smooth operation of a site
 Use strong cryptographic techniques to ensure the would be better off being places on the dedicated machine
integrity of system software on a regular basis. wit very limited access, rather than on a machine thatis
 Use safe programming techniques when writing used for providing greater access ability and other services
software. that may be prone to security lapses.
 Make appropriate changes to the network There are two conflicting, underlaying philosophies that
configuration when vulnerabilities become known. can be adopted when defining a security plan. The choice
 Keep the system current with upgrade and patches.
between them depends on the site and its needs for security
 Check for security alerts and technical advice
regularly  The “deny all” model suggests turning all services
 Audit systems and networks,and regularly check and them selectively enabling services on a case by
logs for detecting an intrusion. case basis as required.however,more work and a
better understanding of services is required to
SITE SECURITY, PROTECTING THE NETWORK: successfully implement a “deny all” configuration.
A site is any organization that has network-related  The “allow all” model is based on the logic of
resources like host computers that users routers, terminal simply turning on a services.
servers, PCs,or other devices that are connected to internet.
Usually with the host level,and allowing all
A site may be service provider such as mid-level network
or an end user of internet services. It is important that the protocols to travel across network boundries,usually
services hosted by the site provide the intended with the default at router level. Each of these model
can be applied to different portions of the An ideal flood attack would be injection of a single
site,depending on factors like packet which exploits some known flaw in the
functionality,requriments ,administrative control,and network nodes, causing them to retransmit the
the site policy. For example an “allow all” policy packet to generate error packets each of which is
may be adopted for traffic between aLAN’s internal picked up and repeated by another host.
to the site ,but a “deny all” policy can be adopted The solutions to most of these problems are to protect the
between the site and the internet. routing update packets sent by the routing protocols in use.
There are three levels of protection :
PROTECTING THE NETWORK:
 Clear text password
1) Denial service:
 Cryptographic checksum
The denial service attack brings the network to a state in
 Encryption
which it can no longer carry legitimate users data. the two
common weaknesses that the “denial of service” attackers
2) Sniffing:
exploit in carrying out the attack on a site are as follows:
Sniffing uses network interface to receive data intended for
 Attacking routers: an attack on the router is
other machines in the network. Sniffing data from the
designed to cause it to stop forwarding packets, or
network leads to leakage of several kinds of information
forward them improperly.
that should be kept secret for a computer network to be
 A flood attack on a network involves the broadcast
secure. Sniffing can be prevented at least its effects can be
of flood packets.
mitigated,through the proper understanding of thse devices
and deploying them in an appropriate configuration implementing a network security policy if they are
configured and maintained correctly. They provide a
.encrypting all the message traffic on the network ensures
certain level of protection and are, in general a way of
that the sniffer will only be able to get encrypted text implementing security policy at the network level.
rather than the clear text information. The information will
History and types of firewalls
reamin protected ,provided the encryption mechanism
deployed is strong enough and cannot be easily broken. Computer security borrowed the term firewall from
firefighting and fire prevention, where a firewall is a
FIREWALL: barrier established to prevent the spread of fire.

A firewall is a network security system, either hardware- When organizations began moving
or software-based, that uses rules to control incoming and from mainframe computers and dumb clients to the client-
outgoing network traffic. server model, the ability to control access to the server
became a priority. Before firewalls emerged in the late
A firewall acts as a barrier between a trusted network and 1980s, the only real form of network security was
and an entrusted network. A firewall controls access to the performed by access control lists (ACLs) residing
resources of a network through a positive control model. on routers. ACLs determined which IP addresses were
This means that the only traffic allowed onto the network granted or denied access to the network.
is defined in the firewall policy; all other traffic is denied.
A Firewall is a controlled access point between domains, The growth of the Internet and the resulting increased
usually with different levels of trust. It acts as a gateway connectivity of networks meant that this type of filtering
through which all traffic to and from the protected network was no longer enough to keep out malicious traffic as only
and systems passes. It helps to build a wall between one basic information about network traffic is contained in
part of a network and another part. For example placing the packet headers. Digital Equipment Corp. shipped the
limitations on the amount and type of communication that first commercial firewall (DEC SEAL in 1992) and
takes place can separate a company’s internal network and firewall technology has since evolved to combat the
the internet. Firewalls can be a highly effective tool in increasing sophistication of cyber attacks.
1.Packet firewalls 2. Stateful firewalls

The earliest firewalls functioned as packet filters, In order to recognize a packet's connection state, a firewall
inspecting the packets that are transferred between needs to record all connections passing through it to ensure
computers on the Internet. When a packet passes through a
it has enough information to assess whether a packet is the
packet-filter firewall, its source and destination
address, protocol, and destination port number are checked start of a new connection, a part of an existing connection,
against the firewall's rule set. Any packets that aren't or not part of any connection. This is what's called "stateful
specifically allowed onto the network are dropped (i.e., not packet inspection." Stateful inspection was first introduced
forwarded to their destination). For example, if a firewall in 1994 by Check Point Software in its FireWall-1
is configured with a rule to block Telnet access, then the software firewall, and by the late 1990s, it was a common
firewall will drop packets destined for TCP port number firewall product feature.
23, the port where a Telnet server application would be
listening.
This additional information can be used to grant or reject
Packet-filter firewalls work mainly on the first three layers access based on the packet's history in the state table, and
of the OSI reference model (physical, data-link and to speed up packet processing; that way, packets that are
network), although the transport layer is used to obtain the part of an existing connection based on the firewall's state
source and destination port numbers. While generally fast table can be allowed through without further analysis. If a
and efficient, they have no ability to tell whether a packet packet does not match an existing connection, it's
is part of an existing stream of traffic. Because they treat evaluated according to the rule set for new connections.
each packet in isolation, this makes them vulnerable
to spoofing attacks and also limits their ability to make 3. Application-layer firewalls
more complex decisions based on what stage
communications between hosts are at. As attacks against Web servers became more common, so
too did the need for a firewall that could protect servers
and the applications running on them, not merely the
network resources behind them. Application-layer to conduct the session through the proxy, which can block
firewall technology first emerged in 1999, enabling or allow traffic based on its rule set. A proxy service must
firewalls to inspect and filter packets on any OSI layer up be run for each type of Internet application the firewall will
to the application layer. support, such as an HTTP proxy for Web services.

The key benefit of application-layer filtering is the ability


to block specific content, such as known malware or
certain websites, and recognize when certain applications
and protocols -- such as HTTP, FTP and DNS -- are being
misused.

Firewall technology is now incorporated into a variety of


devices; many routers that pass data between networks
contain firewall components and most home computer
operating systems include software-based firewalls. Many
hardware-based firewalls also provide additional
functionality like basic routing to the internal network they
protect.

4. Proxy firewalls
Firewall proxy servers also operate at the firewall's
application layer, acting as an intermediary for requests
from one network to another for a specific network
application. A proxy firewall prevents direct connections
between either sides of the firewall; both sides are forced
Analogies can be drawn to traditional mail and phone
UNIT-4
systems. In regular mail systems, the sender uses an
ELECTRONIC COMMERECE:
envelope to conceal the inside contents rather than writing
SECURING NETWORK TRANSACTION
the information on a post card.
For E-commerce, keeping order details and credit
TRANSACTION SECURITY SERVICES
information confidential during the transmission is a major
security concern. Further, trading partners sharing design
Confidentiality Privacy of messages Encryption Message
specifications also want to ensure the confidentiality of
Intermit Detecting message tamer in Hashing
their messages so that proprietary design specifications can
Authentication Origin verification Digital signatures
be viewed only by the sender and the intended receiver of
challenge- Response passwords Biometric devices Non-
the information. The most effective technique for masking
Repudiation Proof of Origin, receipt, and contents( sender
a message is encryption.
cannot falsely deny sending or receiving the message) Bi-
2. Integrity: when a message is sent electronically, both
directional hashing Digital signatures Transaction
the sender and receiver want to ensure that the message
certificates Time Stamps Confirmation services. Access
received is exactly the same as the message transmitted by
controls Limiting entry to authorized users Firewalls
the sender. A message that has not been altered in any
Passwords Biometric devices.
way, either intentionally or unintentionally, is said to have
1. Confidentiality: when a message is sent electronically,
maintained its integrity. For electronic commerce
the sender and receiver may desire that the message remain
verifying that the order details sent by purchaser have not
confidential, and thus not read by any other parties.
been altered is one major security concern. An effective 4. Non-Repudiation: the term repudiates means to accept
cryptographic means as having rightful authority or obligation as in refusing to
of ensuring message integrity is through the use of pay a debt because one refuses to acknowledge that the
hashing , where a “hash” of the message is computed debt exists.
using an algorithm and the message contents. The hash For business transactions, unilateral repudiation of a
value is sent along with the message; then, upon receipt, a transaction by either party un acceptable and can result in
hash is calculated by the recipient using the same hashing legal action. Well designed electronic commerce system
algorithm. The two hash values ( received and calculated) provide for no repudiation, which is the provision for
are compared, and a match can indicate that the message is irrefutable proof of the origin receipt, and contents of an
the same as that sent. electronic message.
3. Authentication: when an electronic message is received 5. Access Controls: Electronic commerce systems,
by a user or a system, the identity of the sender needs to be particularly those using the internet and the WWW, require
verified( i.e. authenticated ) in order to determine if the a certain amount of data sharing. Limiting access to data
sender is who he claims to be. To identify a user at least and systems only to authorized users is the objectives of
one of the following types of information is generally access controls. Some form of authentication procedure is
required. typically employed in access controls in order to gain entry
Something you have(e.g., a token) into the desired part of the system. The emerging attribute
Something you know( e.g., a PIN) or certificate or “privilege management” technology promises
Something you are (e.g., fingerprints or signatures) to be a highly effective form of access control provided it
is implemented correctly. Firewalls can also be used to
implement additional screening mechanisms.

Encryption Techniques:
Confidentiality of electronic messages is a necessity of
electronic commerce application. The primary method of
achieving confidentiality is encryption . messages are
Encryption is defined as the transformation of data, via a
initially created in a form that is readable and
cryptographic mathematical process into a form that is
understandable by the sender, and by any other individuals
unreadable by anyone who does not possess the
as well if they have access to the message. The message,
appropriate secret key. That data in this unreadable form is
when it is in this form is commonly reffered to as clear
commonly referred to as cipher text. If a message is
text or plaintext .
intercepted and read, it will be useless since the cipher text
message is unintelligible to any party not possessing the
secret key. In order to be able to read and understand the
message, the encrypted message must be transformed back
to its original state- the clear text. The process so restoring
cipher text to clear text is called decryption.
The key contains the binary code used to mathematically The cryptographic algorithm.
transform a message, two types of cryptographic The length of the key(s) used for
mechanisms can be used to provide an encryption encryption/decryption.
capability: Symmetric cryptography where entities share a The protocol used to manage/generate those keys.
common secret key; and a public key cryptography ( also The storage of secret keys( key management keys and
known as Asymmetric cryptography ) where each encryption keys).
communicating entity has a unique pair ( a public key and The strength of a system usually increases as the key
a private key ). length increases. This is because a longer key length
For symmetric and asymmetric encryption, the relative implies a larger number of possible keys, which makes
strength of the cryptography is most commonly measured searching for the correct key a more time consuming
by length of the key, in bits. However it should be noted process. Any key length less than 64-bits is no longer
that the true strength of the confidentiality service may considered to be secure.
depend on a number of variables associated with the Symmetric Encryption Keys:
encryption function : In symmetric key systems, both the sender and the receiver
of the message must have access to the same key. This
The security protocol used to invoke the encryption shared secret key is used to both encrypt and decrypt the
function. message.
The trust in the platform executing the protocol or
application.
What is Cryptanalysis?
CRYPTOGRAPHY: The art and science of breaking the cipher text is known
as cryptanalysis.
Cryptology, the study of cryptosystems, can be
subdivided into two branches − Cryptanalysis is the sister branch of cryptography and
they both co-exist. The cryptographic process results in
 Cryptography
the cipher text for transmission or storage. It involves the
 Cryptanalysis study of cryptographic mechanism with the intention to
break them. Cryptanalysis is also used during the design
of the new cryptographic techniques to test their security
strengths.

Note − Cryptography concerns with the design of


What is Cryptography? cryptosystems, while cryptanalysis studies the breaking of
cryptosystems.
Cryptography is the art and science of making a
cryptosystem that is capable of providing information Security Services of Cryptography
security. The primary objective of using cryptography is to provide
Cryptography deals with the actual securing of digital the following four fundamental information security
data. It refers to the design of mechanisms based on services. Let us now see the possible goals intended to be
mathematical algorithms that provide fundamental fulfilled by cryptography.
information security services. You can think of
Confidentiality
cryptography as the establishment of a large toolkit
Confidentiality is the fundamental security service
containing different techniques in security applications.
provided by cryptography. It is a security service that
keeps the information from an unauthorized person. It is Authentication service has two variants −
sometimes referred to as privacy or secrecy.
 Message authentication identifies the originator of
Confidentiality can be achieved through numerous means the message without any regard router or system
starting from physical securing to the use of mathematical that has sent the message.
algorithms for data encryption.
 Entity authentication is assurance that data has
Data Integrity been received from a specific entity, say a
It is security service that deals with identifying any particular website.
alteration to the data. The data may get modified by an
In 1976, a concept referred to as public key cryptography
unauthorized entity intentionally or accidently. Integrity
service confirms that whether data is intact or not since it was introduced by Whitefield Diffie and martin Hellman,
was last created, transmitted, or stored by an authorized called the Diffie-hellman technique. The public-key
user. Data integrity cannot prevent the alteration of data, method allows a sender and a receiver to generate a shared,
but provides a means for detecting whether data has been
secret key over an insecure telecommunications line.
manipulated in an unauthorized manner.

Authentication
Authentication provides the identification of the
originator. It confirms to the receiver that the data
received has been sent only by an identified and verified
sender.
key pairs (a, B) and (b, A). the sender knows his private
value, a and the receiver’s public value, B. the receiver
knows her private value, b , and the sender’s public value,
A. the secret key is generated from (a, B) and (b, A) by an
algorithm that makes it computationally infeasible to
calculate the secret key from solely knowing the two
public values, A and B. In order to generate the secret key,
one of the secret values must be known. The secret key is
shared avoiding the problem of transmitting it over a
This
insecure telecommunications line.
process uses an algorithm based on the sender’s and
Good encryption practices:
receiver’s public and private information. The following
The following are the few good encryption practices that
steps are used foster stronger security.
1. The sender determines a secret value a. 1. Password maintenance: never share your secret
2. A related value, A, is derived from a. A is made public.
password. A password can be used to protect your private
3. The receiver determines a secret value b. key, and therefore your digital signature.
4. A related value, B is derived from b. B is made public. 2. key length: use an appropriate key length whenever
5. the Diffie-Hellman algorithm is used to calculate a possible. The longer the key length, the greater the
secret key corresponding the
security. For domestic use a key length of at least 64-bits the problem of tampering and impersonation in digital
should be used . communications
3. compressed files: in order to reduce transmission time, it must incorporate the following properties:
data compression is frequently used to reduce the size of a  The signature must be a bit pattern that is
file. Most loss less data compression techniques are based independent on the message being signed.
on removing redundancy from the file.  To prevent forgery and denial, the signature must
DIGITAL SIGNATURE: use some information unique to the sender.
The digital signature is to the electronic world what the  The digital signature must easy to generate.
handwritten signature is to the commerce.  The storage of a copy of the digital signature must
Or be simple.
A digital code (generated and authenticated by public key  Forging the signature must be computationally
encryption) which is attached to an electronically infeasible, i e either by constructing a fraudulent
transmitted document to verify its contents and the sender's signature for a given message or constructing a new
identity. Or message with an existing signature.
A digital signature is a mathematical technique used to  The signature must be easy recognize and verify
validate the authenticity and integrity of a message, E-MAIL SECURITY:
software or digital document. The digital equivalent of a
Secure email uses set cryptographic tools to encapsulate a
handwritten signature or stamped seal, a digital signature
message into a specially formatted envelope. Cryptography
offers far more inherent security, and it is intended to solve
is a method of storing and transmitting data in a particular
form so that only those for whom it is intended can read internet standard simple mail transfer protocol(smtp) but
and process it. Encryption Means of hiding a message can beused with any electronic scheme.
through substitution or rearranging Decryption is the
PEM provides the following capabilities :
process of converting encrypted data back into its original
form, so it can be understood. Encryption and decryption  Confidentiality

should not be confused with encoding and decoding, in  Message Integrity

which data is converted from one form to another but is  Sender Authentication

not deliberately altered so as to conceal its content.  Protection

Two schemes that are extensively used to ensure the


privacy of e-mails are:

1)pretty good privacy(PGP)


2) privacy enhanced mail(PEM)
Pretty good privacy(PGP) is a e-mail security package that
address privacy, authentication, confidentially, digital
signature and compression issues.

Privacy enhanced mail(PEM) is a draft internet standard


that provides security related services for electronic mail
applications.its most common use is in conjuction with the
ELECTRONIC ONLINE PAYMENT SYSTEM: card via card readers. When a customer purchases a
product via credit card, credit card issuer bank pays on
INTRODCTION TO PAYMENT SYSTEM: behalf of the customer and customer has a certain time
period after which he/she can pay the credit card bill. It is
ONLINE PAYMENT SYSTEM: usually credit card monthly payment cycle. Following are
the actors in the credit card system. The card holder –
E-Commerce or Electronics Commerce sites use electronic Customer The merchant - seller of product who can accept
payment where electronic payment refers to paperless credit card payments. The card issuer bank - card holder's
monetary transactions. Electronic payment has bank The acquirer bank - the merchant's bank The card
revolutionized the business processing by reducing paper brand - for example , visa or MasterCard.
work, transaction costs, labour cost. Being user friendly
and less time consuming than manual processing, helps
business organization to expand its market reach
/expansion. Some of the modes of electronic payments are
following.
1) Credit Card Credit card payment process
2) Debit Card
3) Smart Card Step Description
4) E-Money Step 1 Bank issues and activates a credit card to customer
5) Electronic Fund Transfer EFT on his/her request.
Step 2 Customer presents credit card information to
Credit Card
merchant site or to merchant from whom he/she want to
Payment using credit card is one of most common mode of purchase a product/service.
electronic payment. Credit card is small plastic card with a Step 3 Merchant validates customer's identity by asking for
unique number attached with an account. It has also a approval from card Brand Company.
magnetic strip embedded in it which is used to read credit
Step 4 Card brand company authenticates the credit card and gets the service chargers paid to him/her.
and paid the transaction by credit. Merchant keeps the Step 6 Acquirer bank requests the card brand company to
sales slip. clear the credit amount and gets the payment.
Step 6 Now card brand company asks to clear amount
from the issuer bank and amount gets transferred to card
brand company.

Debit Card

Debit card, like credit card is a small plastic card with a


unique number mapped with the bank account number. It
is required to have a bank account before getting a debit
card from the bank. The major difference between debit
card and credit card is that in case of payment through
debit card, amount gets deducted from card's bank account
immediately and there should be sufficient balance in bank
account for the transaction to get completed. Whereas in
case of credit card there is no such compulsion. Debit
cards free customer to carry cash, cheques and even
merchants accepts debit card more readily. Having
restriction on amount being in bank account also helps
customer to keep a check on his/her spending.

Step 5 Merchant submits the sales slip to acquirer banks Smart Card
Smart card is again similar to credit card and debit card in Electronic Fund Transfer:
appearance but it has a small microprocessor chip
embedded in it. It has the capacity to store customer work It is a very popular electronic payment method to transfer
related/personal information. Smart card is also used to money from one bank account to another bank account.
store money which is reduced as per usage. Smart card can Accounts can be in same bank or different bank. Fund
be accessed only using a PIN of customer. Smart cards are transfer can be done using ATM AutomatedTellerMachine
secure as they stores information in encrypted format and or using computer.
are less expensive/provides faster processing.Mondex and Now a day, internet based EFT is getting popularity. In this
Visa Cash cards are examples of smart cards. case, customer uses website provided by the bank.
Customer logins to the bank's website and registers another
E-Money bank account. He/she then places a request to transfer
certain amount to that account. Customer's bank transfers
E-Money transactions refer to situation where payment is amount to other account if it is in same bank otherwise
done over the network and amount gets transferred from transfer request is forwarded to ACH Automated
one financial body to another financial body without any Clearinghouse to transfer amount to other account and
involvement of a middleman. E-money transactions are amount is deducted from customer's account. Once amount
faster, convenient and save a lot of time. Online payments is transferred to other account, customer is notified of the
done via credit card, debit card or smart card are examples fund transfer by the bank.
of e-money transactions. Another popular example is e-
cash. In case of e-cash, both customer and merchant both
have to sign up with the bank or company issuing e-cash.
PRE-PAID ELECTRONIC PAYMENT MONDEX:
SYSTEMS:
The mondex purse is a smart card alternative to cash. The
E-CASH: e-cash is a purely software based anonymous mondex purse ,a self-standing value store, requires no
untraceable, online token payment system, available on remote approval of individual transactions. rather ,the
unix, windows as well as Macintosh platforms. Customers mondex value equivalent to cash is stored in the card ‘s
as well as merchants require graphical wallet software that microchip. The purse also stores secure programs for
can also be accessed via a command line interface. e Cash manipulating that value and for interfacing with other
allows bi-directional payments. there is no distinction mondex cards or terminals.
between customers and merchants with regards to MILICENT:
payments. however ,since the system is coin based ,it
requires clearing of coins by it issuing bank. the Millicent digital microcommercesystem from digital
implementation of various transactions with eCash are as equipment provides a way to buy and sell content in very
follows: small amounts, over the internet. who acts as
intermediaries between vendors and customers.
Withdraw: there are two participants’ in the withdrawal
transaction the bank and the customer. A customer MICROMINT: Microment is a payment mechanism for
connects to an eCash issuer and purchases electronic coins making purchases over the internet. the main goal is to
of the required value. minimize the number of public key operations required per
payment.
Purchase: once the customer has some eCash on his hard
drive ,he can buy things from the merchants shop. if the
customer shows intent to purchase a product ,he receives a
payment request from the merchant ,which he has to
confirm.
NETBILL: Complete transfer: this is a applicable in the case of

Netbill has been conceived to address the problem of digital goods transfers over the internet. The complete
buying information goods over the internet. As opposed to exchange of currency with the corresponding digital goods
the physical goods purchased on the internet and shipped should take place.
later by the merchant, the information goods are
themselves transferred over the internet to the customer. Durability: durability becomes important in case the

REQUIREMENT METRICS OF A PAYMENT system crashes during the transfer. even after a system
crashes, the system should recover to a state ,where
SYSTEM:
transactions and status information is consistent.
The actual of individual characteristics is determined by
the actual need of the transacting parties. Transaction in
the context of payment systems ,refers to the actual Security:
exchange of currency with the goods(documents) being
Security in the context of payment systems refers to the
transferred .transaction the following characteristics:
system’s ability to protect all parties from frauds, due to
Atomicity: it refers to the system ability to ensure that no interception of online transmission and storage.
partial transactions or exchange can take place . Transfer
Fraud protection: digital payment system must be tmper
funds: this should not be any currency loss in the
resistant and should have built in mechanism to prevent
transaction.
illegal use of digital cash.
No double spending: since digital cash is represented by
bytes that can be easily copied and respent,the digital
payment system should safeguard against reuse of
currency.
MOBILE COMMERCE: M-COMMERCE FRAME WORK DIAGRAM:

Generally speaking, the EA framework defines the scope


INTRODUCTION:
M-commerce is all about wireless e-commerce, that is of the resulting architecture, which typically includes a
where mobile devices are used to do business on the business view, information integration, application-level
internet. views, and technology infrastructures. Definitions of each
view may include more refined constructs and
"Mobile Commerce is any transaction, involving the
relationships at a lower level of granularity. The
transfer of ownership or Rights to use goods and services,
application of an EA approach is considered relevant and
which is initiated and/or completed by using mobile access
appropriate since the ecosystem within which the
to compute mediated networks with the help of an
development of m-commerce solutions occurs comprises a
electronic device."
set of interrelated perspectives based upon the integration
DEFINITION
of mobile devices, technologies, and business processes.
"Mobile Commerce is the use of information technologies
and communication Technologies for the purpose of
mobile integration of different value chains an

Business processes, and for the purpose of management of


business relationships
research has shown that integration of core EA approaches
with m-commerce is relatively sparse, whereas literature in
both contributing areas is substantial.

The increasing attention to business underpinned by


mobility, mobile services, mobile applications, and
technologies has become a major driver for the
development of m-commerce systems. This growing trend
has become a focus for a significant number of
organizations. This paper proposes that in developing m-
commerce systems organizations need to establish an
Therefore, an EA framework for mobile commerce can be
enterprise architecture for m-commerce. The rationale for
considered to address, at least, the scope of architecture
this is rooted in the need to develop a holistic and
covering the business level/view, the application level and
integrated view of strategic direction relating to
the technology infrastructure level. In each level of our
mcommerce which will enable a coordinated and
proposal, core components have been identified. These are:
controlled approach that reduces complexity and yields
a business model of m-commerce (business level), supply
effective systems based on the structured integration of
chain of m-commerce (supply chain level), m-commerce
services, practices and technology resources. mobility is
applications (application level) and technology
harnessed to produce and organizational asset to drive the
infrastructure for m-commerce (technology level). Our
development of m-commerce. The next section proposes a
framework to establish such an enterprise architecture for framework defines the scope of the resulting architecture,
mobile commerce. Firstly, an enterprise architecture which typically includes a business view, information
framework for mobile commerce is presented followed by integration, application-level views, and technology
a brief view of associated issues concerned with method. 2. infrastructures. Definitions of each view may include more
An Enterprise Architecture (EA) Framework for Mobile refined constructs and relationships at a lower level of
Commerce An EA framework provides the basis or granularity. The application of an EA approach is
template for the creation and establishment of enterprise considered relevant and appropriate since the ecosystem
architecture. Zachman . is credited with developing the within which the development of m-commerce solutions
discipline of enterprise architectures as a concern for both occurs comprises a set of interrelated perspectives based
researchers and practitioners. An enterprise architecture upon the integration of mobile devices, technologies, and
framework is essentially a meta-construct used to define business processes.Therefore, an EA framework for mobile
the scope of the associated architecture and how the areas commerce can be considered to address, at least, the scope
of the architecture relate to each other. An architecture can of architecture covering the business level/view, the
be considered analogous to a blueprint or plan of a application level and the technology infrastructure level. In
building structure, where different perspectives may exist each level of our proposal, core components have been
and each perspective contains structures that demonstrate identified. These are: a business model of m-commerce
inter-relationships based upon some predefined constraint (business level), supply chain of m-commerce (supply
and yield a solid foundation and approach upon which the chain level), m-commerce applications (application level)
building is constructed. Generally speaking, the EA and technology infrastructure for m-commerce (technology
level). Our research has shown that integration of core EA MOBILE COMMERCE APPLICATION:
approaches with m-commerce is relatively sparse, whereas
Travel and Ticketing: By utilizing the B CODE
literature in both contributing areas is substantial.
technology or NFC1 technology we coulduse the mobile
Furthermore, Leist & Zellner state that “as information
phone as a means receiving E-Tickets. B CODE tech
systems grown in complexity and scope the need for a
consists of sending text SMS which is scan able from the
comprehensive and consistent approach in modelling these
mobile phone display screen through the related set. So by
systems becomes of paramount importance.” Basole
receiving the chosen SMS, the ticket is practically received
recognises that businesses are “just beginning to recognise
and we could present the mobile phone to the scanning
the importance and potentially transformative impact of
machine at the ticket receipt spot.
enterprise mobility.” Given this our approach to applying
Commerce: Commerce is the exchange or buying and
EA principles to m-commerce appears well-grounded. A
selling of commodities on a largescale involving
proposed Enterprise Architecture Framework for mobile
transportation of goods from place to place. It is boosted
commerce is shown in Figure .
by the convenience and ubiquity conveyed by mobile
commerce technology. There are many examples
showinghow mobile commerce helps commerce. For
example, consumers can buy products from avending
machine or pay a parking fee by using their cellular
phones, and mobile users cancheck their bank accounts
and perform account balance transfers without needing to tool toseamlessly exchange information, automate data
go to abank. (Hu, 2005) entry and perform a range of transactionsanytime,
Education: Similar to other wired technologies, mobile anywhere .
wireless technologies have first beenused in industry Entertainment: Entertainment has always played a crucial
sectors such as business. The movement of mobile wireless role in Internet applications andis probably the most
technologies ineducation is a recent trend, and it is now popular application for the younger generation. Mobile
becoming the hottest technology in highereducation commerce makes it possible to download
(Levine, 2002; McGhee & Kozma, 2001; McKenzie, game/image/music/video files at anytime and anywhere,
2005). and it also makes on-line games and gambling much easier
Enterprise Resource Planning (ERP): In the coming to access and play. It is projected that by2005, 80 percent
mobile commerce era, users will want tobe able to have of all mobile users in the United States and Western
access to the right resources and work as efficiently as Europe will play mobilegames at least occasionally
possible– whether theyare traveling, seeing a customer or (Leavitt, 2003).
working at other remote locations– with their ERP Health Care: The cost of health care is high and mobile
systems(Siau et al., 2001). Many ERP vendors are commerce can help to reduce it. By using the technology
currently researching for means to provide mobilityto ERP of mobile commerce, physicians and nurses can remotely
users. They attempt to connect employees to their work access and update patient records immediately, a function
more effectively than ever before by enabling mobile which has often incurred a considerable delay in the past.
phones and other wireless devices to become a new kind of
This improves efficiency and productivity, reduces these technologies to their business operations worldwide
administrative overheads, and with great success.
enhances overall service quality. Mobile technologies such Traffic: Traffic is the movement of vehicles or pedestrians
as PDAs, Laptops or Tablet PCscan be of great value in through an area or along a route. The passengers in the
hospitals and healthcare facilities by allowing better access vehicles and the pedestrians are all mobile objects, ideal
to critical information – e.g. patient status, staff and patient clients of mobile commerce. Also, traffic control is usually
location and facilities availability (Larkin 2001; Banitsas, a major headache for many metropolitan areas. Using the
2002; Chau et al. 2004; Varshney 2004; Rowley 2005). technology of mobile commerce can easily improve the
Healthcare facilities that choose to adopt such technologies flow of traffic in many
may be able to not only perform better but ultimately
provide more efficient and better quality of care for
patients (Bahlman et al. 2005).
Inventory Tracking and Dispatching: Just-in-time
delivery is critical for the success of today‘s businesses.
Mobile commerce allows a business to keep track of its
mobile inventory and make time-definite deliveries, thus
improving customer service, reducing inventory, and
enhancing a company‘s competitive edge. Major delivery
services such as UPS and FedEx have already applied