Beruflich Dokumente
Kultur Dokumente
Unit-2: Unit-4
Electronic Commerce: securing the business on Internet,
Electronic Data Interchange: Conventional trading process,
Transaction security, cryptography, digital signature, email
meaning of EDI, building blocks of EDI system, layered
security. Electronic Payment System: Introduction to payment
architecture, value added networks, benefits and application of
system, Online payment system, prepaid electronic, payment
EDI. Electronic Commerce: Architectural framework,
systems, requirement metrics of a payment system, Mobile
Electronic Commerce: Information distribution and messaging:
Commerce: Introduction, Framework and models: meaning,
FTP application, Email, WWW server, HTTP,
benefits, impediments, framework 10 Hrs)
Web Servers implementation. 14Hrs
virtual shop windows at unspecified parts of the world and
UNIT-I
also are advertising on virtual networks and payment is
2) Business - to - Consumer(B2C)
Website following B2C business model sells its
product directly to a customer. A customer can
view products shown on the website of business
organization. The customer can choose a product
and order the same. Website will send a
notification to the business organization via email its services. Another consumer may opt to buy the
and organization will dispatch the product/goods product of the first customer by viewing the
to the customer. post/advertisement on the website.
UNIT-2
Paper 4.6: Computer applications
ELECTRONIC DATA INTERCHANGE (EDI):
Today, web servers provide the following four major NCSA HTTPd was a web server originally developed at
features. the NCSA by Robert McCool and others. First released in
1. Serving static web pages 1993, It was among the earliest web servers developed,
following Tim Berners-Lee's CERN httpd, Tony Sanders'
Plexus server, and some others. Web Documents that you
view on the Internet are stored on different Web servers.
Web servers are computers on which Web documents
reside and run HTTP software to permit Web transactions.
CERN and NCSA are the two organizations that provide
Web Server software, such as CERN http and NCSA httpd,
respectively.
UNIT-3 LANs are restricted in size, which means that the worst-
case transmission time is bounded and known in advance.
Electronic Commerce:
Knowing this bound makes it possible to use certain kinds
Network infrastructure: of designs that would not otherwise be possible. It also
LAN(local area network): simplifies network management. LANs may use a
Local area networks, generally called LANs, are privately- transmission technology consisting of a cable to which all
owned networks within a single building or campus of up the machines are attached, like the telephone company
to a few kilometres in size. They are widely used to party lines once used in rural areas. Traditional LANs run
connect personal computers and workstations in company at speeds of 10 Mbps to 100 Mbps, have low delay
offices and factories to share resources (e.g., printers) and (microseconds or nanoseconds), and make very few errors.
exchange information. LANs are distinguished from other Newer LANs operate at up to 10 Gbps Various topologies
kinds of networks by three characteristics: are possible for broadcast LANs. Figure1 shows two of
(1) Their size, them. In a bus (i.e., a linear cable) network, at any instant
(2) Their transmission technology, and at most one machine is the master and is allowed to
(3) Their topology. transmit. All other machines are required to refrain from
sending. An arbitration mechanism is needed to resolve
conflicts when two or more machines want to transmit
simultaneously. The arbitration mechanism may be
centralized or distributed. IEEE 802.3, popularly called
Ethernet, for example, is a bus-based broadcast network
with decentralized control, usually operating at 10 Mbps to
10 Gbps. Computers on an Ethernet can transmit whenever
they want to; if two or more packets collide, each
computer just waits a random time and tries again later.
WAN(wide area network):
ETHERNET LAN: A wide area network, or WAN, spans a large geographical
Ethernet is the most widely-installed local area network (
area, often a country or continent. It contains a collection
LAN) technology. Specified in a standard, IEEE
of machines intended for running user (i.e., application)
802.3, Ethernet was originally developed by Xerox from
programs. These machines are called as hosts. The hosts
an earlier specification called Alohanet (for the Palo Alto
are connected by a communication subnet, or just subnet
Research Center Aloha network) and then developed
for short. The hosts are owned by the customers (e.g.,
further by Xerox, DEC, and Intel. Well, the computer has
people's personal computers), whereas the communication
as ethernet port on it, into which you plug a patch cord,
subnet is typically owned and operated by a telephone
which plugs into the ethernet jack on the wall. There's a
company or Internet service provider. The job of the
wire behind that thing that runs back to the wiring closet
subnet is to carry messages from host to host, just as the
where it is attached to the patch panel.
telephone system carries words from speaker to listener.
Separation of the pure communication aspects of the
network (the subnet) from the application aspects (the
hosts), greatly simplifies the complete network design. In
most wide area networks, the subnet consists of two
distinct components: transmission lines and switching
elements. Transmission lines move bits between machines.
They can be made of copper wire, optical fiber, or even
radio links. In most WANs, the network contains
numerous transmission lines, each one connecting a pair of
routers. If two routers that do not share a transmission line When a packet is sent from one router to another via one or
wish to communicate, they must do this indirectly, via more intermediate routers, the packet is received at each
other routers. intermediate router in its entirety, stored there until the
required output line is free, and then forwarded. A subnet
organized according to this principle is called a store-and-
forward or packet-switched subnet. Nearly all wide area
networks (except those using satellites) have store-and-
forward subnets. When the packets are small and all the
same size, they are often called cells.
The principle of a packet-switched WAN is so important.
Generally, when a process on some host has a message to
be sent to a process on some other host, the sending host
first cuts the message into packets, each one bearing its
number in the sequence. These packets are then injected
into the network one at a time in quick succession. The
packets are transported individually over the network and
deposited at the receiving host, where they are reassembled
into the original message and delivered to the receiving notable internet is called the Internet (uppercase letter I), a
process collaboration of more than hundreds of thousands of
interconnected networks
THE INTERNET :
VULNERABILITY OF INFORMATION ON INTERNET: In the Internet based business environment, business and
transaction information is hosted on a site that runs
The internet offers tremendous cost savings and services such as web and mail. Thus, Comprehensive
productivity gains, as well as significant for generating handling of the security of an internet based business
revenue, to the business, however, along with the required addressing the security issue at the following
convenience and easy access to information come new three levels:
risks. Among them is the risk that valuable data or
information may be lost, stolen, corrupted, or misused. 1. Site Security – Security of the host computer
Information recorded electronically, and available on 2. Services Security - Security of information
networked computers, is more vulnerable compared to the distribution services such as HTTP servers , SMTP
same information being printed on paper and locked in a servers , FTP servers
file cabinet. 3. Transaction Security – Since the transaction
information travels over the wire, it needs to secured
In the increasingly competitive environment, getting from intruders trying to access and comprehend or
access to his competitors’ financial, design and other tamper with it.
transactional information. Cyber intrusions between Indian
and Pakistani hackers, assaulting and defacing web sites
controlling by other sides, and Taiwanese and Chinese
hacking into sites supporting view points , other than there
are some common examples of this vulnerability . The
websites of Bhabha Atomic Research Center ( BARC) ,
National Informatics Center( NIC) of India , Microsoft ,
SECURITY POLICY , PROCEDURES AND Guidelines for reacting to site compromise ( e.g
PRACTICES: whether to trace intruder or shutdown and rebuild
the system)
SECURITY POLICY:
Technological support for the security policy includes
A security policy is a formal statement of the rules by options like :
which people with access to an organization’s technology
and information assets must abide, to ensure the security of Challenge/response systems for authentication
these assets. It provides a framework for making specific Encryption systems for confidential storage and
transmission of data
decision such as which defense mechanisms to use and
Network tools such as firewalls and proxy servers
how to configure services . It is the basis for developing Auditing systems for accountability and event
secure programming guidelines and procedures , for users reconstruction
and system administrators to follow .
A security policy generally covers the following aspects: SECURITY RELATED PROCEDURES AND PRACTICES:
High-level description of the technical environment Procedures are specific steps to be followed, based on the
of the site, the legal environment ( governing security policy. Procedures address such as connecting to
laws),the authority of the policy , and the basic the site’s system from home or while travelling, retrieving
philosophy to be used when interpreting the policy .
programs from the network using encryption,
Risk analysis to identity the site’s assets , the threats
authentication for issuing accounts, configuration and
existing against those assets and the costs of assets
loss monitoring.
Guidelines for system administrators on how to
manage the systems
Definition of acceptable use for users
SECURITY PRACTICES: functionality to legitimate clients, without any
breakdown.occasionally,a hacker may try to break-in and
System administration practices play a key role in network disrupt the services or alter the contents of the site which
security. some commonly recommended practices are: may be embarrassing to the organization.
A site may be wish to provide many services to its users,
Implement a one-time password system,ensure that
some of which may be external. Services which are
all accounts have a password and these passwords
are difficult to guess. essential to the security or smooth operation of a site
Use strong cryptographic techniques to ensure the would be better off being places on the dedicated machine
integrity of system software on a regular basis. wit very limited access, rather than on a machine thatis
Use safe programming techniques when writing used for providing greater access ability and other services
software. that may be prone to security lapses.
Make appropriate changes to the network There are two conflicting, underlaying philosophies that
configuration when vulnerabilities become known. can be adopted when defining a security plan. The choice
Keep the system current with upgrade and patches.
between them depends on the site and its needs for security
Check for security alerts and technical advice
regularly The “deny all” model suggests turning all services
Audit systems and networks,and regularly check and them selectively enabling services on a case by
logs for detecting an intrusion. case basis as required.however,more work and a
better understanding of services is required to
SITE SECURITY, PROTECTING THE NETWORK: successfully implement a “deny all” configuration.
A site is any organization that has network-related The “allow all” model is based on the logic of
resources like host computers that users routers, terminal simply turning on a services.
servers, PCs,or other devices that are connected to internet.
Usually with the host level,and allowing all
A site may be service provider such as mid-level network
or an end user of internet services. It is important that the protocols to travel across network boundries,usually
services hosted by the site provide the intended with the default at router level. Each of these model
can be applied to different portions of the An ideal flood attack would be injection of a single
site,depending on factors like packet which exploits some known flaw in the
functionality,requriments ,administrative control,and network nodes, causing them to retransmit the
the site policy. For example an “allow all” policy packet to generate error packets each of which is
may be adopted for traffic between aLAN’s internal picked up and repeated by another host.
to the site ,but a “deny all” policy can be adopted The solutions to most of these problems are to protect the
between the site and the internet. routing update packets sent by the routing protocols in use.
There are three levels of protection :
PROTECTING THE NETWORK:
Clear text password
1) Denial service:
Cryptographic checksum
The denial service attack brings the network to a state in
Encryption
which it can no longer carry legitimate users data. the two
common weaknesses that the “denial of service” attackers
2) Sniffing:
exploit in carrying out the attack on a site are as follows:
Sniffing uses network interface to receive data intended for
Attacking routers: an attack on the router is
other machines in the network. Sniffing data from the
designed to cause it to stop forwarding packets, or
network leads to leakage of several kinds of information
forward them improperly.
that should be kept secret for a computer network to be
A flood attack on a network involves the broadcast
secure. Sniffing can be prevented at least its effects can be
of flood packets.
mitigated,through the proper understanding of thse devices
and deploying them in an appropriate configuration implementing a network security policy if they are
configured and maintained correctly. They provide a
.encrypting all the message traffic on the network ensures
certain level of protection and are, in general a way of
that the sniffer will only be able to get encrypted text implementing security policy at the network level.
rather than the clear text information. The information will
History and types of firewalls
reamin protected ,provided the encryption mechanism
deployed is strong enough and cannot be easily broken. Computer security borrowed the term firewall from
firefighting and fire prevention, where a firewall is a
FIREWALL: barrier established to prevent the spread of fire.
A firewall is a network security system, either hardware- When organizations began moving
or software-based, that uses rules to control incoming and from mainframe computers and dumb clients to the client-
outgoing network traffic. server model, the ability to control access to the server
became a priority. Before firewalls emerged in the late
A firewall acts as a barrier between a trusted network and 1980s, the only real form of network security was
and an entrusted network. A firewall controls access to the performed by access control lists (ACLs) residing
resources of a network through a positive control model. on routers. ACLs determined which IP addresses were
This means that the only traffic allowed onto the network granted or denied access to the network.
is defined in the firewall policy; all other traffic is denied.
A Firewall is a controlled access point between domains, The growth of the Internet and the resulting increased
usually with different levels of trust. It acts as a gateway connectivity of networks meant that this type of filtering
through which all traffic to and from the protected network was no longer enough to keep out malicious traffic as only
and systems passes. It helps to build a wall between one basic information about network traffic is contained in
part of a network and another part. For example placing the packet headers. Digital Equipment Corp. shipped the
limitations on the amount and type of communication that first commercial firewall (DEC SEAL in 1992) and
takes place can separate a company’s internal network and firewall technology has since evolved to combat the
the internet. Firewalls can be a highly effective tool in increasing sophistication of cyber attacks.
1.Packet firewalls 2. Stateful firewalls
The earliest firewalls functioned as packet filters, In order to recognize a packet's connection state, a firewall
inspecting the packets that are transferred between needs to record all connections passing through it to ensure
computers on the Internet. When a packet passes through a
it has enough information to assess whether a packet is the
packet-filter firewall, its source and destination
address, protocol, and destination port number are checked start of a new connection, a part of an existing connection,
against the firewall's rule set. Any packets that aren't or not part of any connection. This is what's called "stateful
specifically allowed onto the network are dropped (i.e., not packet inspection." Stateful inspection was first introduced
forwarded to their destination). For example, if a firewall in 1994 by Check Point Software in its FireWall-1
is configured with a rule to block Telnet access, then the software firewall, and by the late 1990s, it was a common
firewall will drop packets destined for TCP port number firewall product feature.
23, the port where a Telnet server application would be
listening.
This additional information can be used to grant or reject
Packet-filter firewalls work mainly on the first three layers access based on the packet's history in the state table, and
of the OSI reference model (physical, data-link and to speed up packet processing; that way, packets that are
network), although the transport layer is used to obtain the part of an existing connection based on the firewall's state
source and destination port numbers. While generally fast table can be allowed through without further analysis. If a
and efficient, they have no ability to tell whether a packet packet does not match an existing connection, it's
is part of an existing stream of traffic. Because they treat evaluated according to the rule set for new connections.
each packet in isolation, this makes them vulnerable
to spoofing attacks and also limits their ability to make 3. Application-layer firewalls
more complex decisions based on what stage
communications between hosts are at. As attacks against Web servers became more common, so
too did the need for a firewall that could protect servers
and the applications running on them, not merely the
network resources behind them. Application-layer to conduct the session through the proxy, which can block
firewall technology first emerged in 1999, enabling or allow traffic based on its rule set. A proxy service must
firewalls to inspect and filter packets on any OSI layer up be run for each type of Internet application the firewall will
to the application layer. support, such as an HTTP proxy for Web services.
4. Proxy firewalls
Firewall proxy servers also operate at the firewall's
application layer, acting as an intermediary for requests
from one network to another for a specific network
application. A proxy firewall prevents direct connections
between either sides of the firewall; both sides are forced
Analogies can be drawn to traditional mail and phone
UNIT-4
systems. In regular mail systems, the sender uses an
ELECTRONIC COMMERECE:
envelope to conceal the inside contents rather than writing
SECURING NETWORK TRANSACTION
the information on a post card.
For E-commerce, keeping order details and credit
TRANSACTION SECURITY SERVICES
information confidential during the transmission is a major
security concern. Further, trading partners sharing design
Confidentiality Privacy of messages Encryption Message
specifications also want to ensure the confidentiality of
Intermit Detecting message tamer in Hashing
their messages so that proprietary design specifications can
Authentication Origin verification Digital signatures
be viewed only by the sender and the intended receiver of
challenge- Response passwords Biometric devices Non-
the information. The most effective technique for masking
Repudiation Proof of Origin, receipt, and contents( sender
a message is encryption.
cannot falsely deny sending or receiving the message) Bi-
2. Integrity: when a message is sent electronically, both
directional hashing Digital signatures Transaction
the sender and receiver want to ensure that the message
certificates Time Stamps Confirmation services. Access
received is exactly the same as the message transmitted by
controls Limiting entry to authorized users Firewalls
the sender. A message that has not been altered in any
Passwords Biometric devices.
way, either intentionally or unintentionally, is said to have
1. Confidentiality: when a message is sent electronically,
maintained its integrity. For electronic commerce
the sender and receiver may desire that the message remain
verifying that the order details sent by purchaser have not
confidential, and thus not read by any other parties.
been altered is one major security concern. An effective 4. Non-Repudiation: the term repudiates means to accept
cryptographic means as having rightful authority or obligation as in refusing to
of ensuring message integrity is through the use of pay a debt because one refuses to acknowledge that the
hashing , where a “hash” of the message is computed debt exists.
using an algorithm and the message contents. The hash For business transactions, unilateral repudiation of a
value is sent along with the message; then, upon receipt, a transaction by either party un acceptable and can result in
hash is calculated by the recipient using the same hashing legal action. Well designed electronic commerce system
algorithm. The two hash values ( received and calculated) provide for no repudiation, which is the provision for
are compared, and a match can indicate that the message is irrefutable proof of the origin receipt, and contents of an
the same as that sent. electronic message.
3. Authentication: when an electronic message is received 5. Access Controls: Electronic commerce systems,
by a user or a system, the identity of the sender needs to be particularly those using the internet and the WWW, require
verified( i.e. authenticated ) in order to determine if the a certain amount of data sharing. Limiting access to data
sender is who he claims to be. To identify a user at least and systems only to authorized users is the objectives of
one of the following types of information is generally access controls. Some form of authentication procedure is
required. typically employed in access controls in order to gain entry
Something you have(e.g., a token) into the desired part of the system. The emerging attribute
Something you know( e.g., a PIN) or certificate or “privilege management” technology promises
Something you are (e.g., fingerprints or signatures) to be a highly effective form of access control provided it
is implemented correctly. Firewalls can also be used to
implement additional screening mechanisms.
Encryption Techniques:
Confidentiality of electronic messages is a necessity of
electronic commerce application. The primary method of
achieving confidentiality is encryption . messages are
Encryption is defined as the transformation of data, via a
initially created in a form that is readable and
cryptographic mathematical process into a form that is
understandable by the sender, and by any other individuals
unreadable by anyone who does not possess the
as well if they have access to the message. The message,
appropriate secret key. That data in this unreadable form is
when it is in this form is commonly reffered to as clear
commonly referred to as cipher text. If a message is
text or plaintext .
intercepted and read, it will be useless since the cipher text
message is unintelligible to any party not possessing the
secret key. In order to be able to read and understand the
message, the encrypted message must be transformed back
to its original state- the clear text. The process so restoring
cipher text to clear text is called decryption.
The key contains the binary code used to mathematically The cryptographic algorithm.
transform a message, two types of cryptographic The length of the key(s) used for
mechanisms can be used to provide an encryption encryption/decryption.
capability: Symmetric cryptography where entities share a The protocol used to manage/generate those keys.
common secret key; and a public key cryptography ( also The storage of secret keys( key management keys and
known as Asymmetric cryptography ) where each encryption keys).
communicating entity has a unique pair ( a public key and The strength of a system usually increases as the key
a private key ). length increases. This is because a longer key length
For symmetric and asymmetric encryption, the relative implies a larger number of possible keys, which makes
strength of the cryptography is most commonly measured searching for the correct key a more time consuming
by length of the key, in bits. However it should be noted process. Any key length less than 64-bits is no longer
that the true strength of the confidentiality service may considered to be secure.
depend on a number of variables associated with the Symmetric Encryption Keys:
encryption function : In symmetric key systems, both the sender and the receiver
of the message must have access to the same key. This
The security protocol used to invoke the encryption shared secret key is used to both encrypt and decrypt the
function. message.
The trust in the platform executing the protocol or
application.
What is Cryptanalysis?
CRYPTOGRAPHY: The art and science of breaking the cipher text is known
as cryptanalysis.
Cryptology, the study of cryptosystems, can be
subdivided into two branches − Cryptanalysis is the sister branch of cryptography and
they both co-exist. The cryptographic process results in
Cryptography
the cipher text for transmission or storage. It involves the
Cryptanalysis study of cryptographic mechanism with the intention to
break them. Cryptanalysis is also used during the design
of the new cryptographic techniques to test their security
strengths.
Authentication
Authentication provides the identification of the
originator. It confirms to the receiver that the data
received has been sent only by an identified and verified
sender.
key pairs (a, B) and (b, A). the sender knows his private
value, a and the receiver’s public value, B. the receiver
knows her private value, b , and the sender’s public value,
A. the secret key is generated from (a, B) and (b, A) by an
algorithm that makes it computationally infeasible to
calculate the secret key from solely knowing the two
public values, A and B. In order to generate the secret key,
one of the secret values must be known. The secret key is
shared avoiding the problem of transmitting it over a
This
insecure telecommunications line.
process uses an algorithm based on the sender’s and
Good encryption practices:
receiver’s public and private information. The following
The following are the few good encryption practices that
steps are used foster stronger security.
1. The sender determines a secret value a. 1. Password maintenance: never share your secret
2. A related value, A, is derived from a. A is made public.
password. A password can be used to protect your private
3. The receiver determines a secret value b. key, and therefore your digital signature.
4. A related value, B is derived from b. B is made public. 2. key length: use an appropriate key length whenever
5. the Diffie-Hellman algorithm is used to calculate a possible. The longer the key length, the greater the
secret key corresponding the
security. For domestic use a key length of at least 64-bits the problem of tampering and impersonation in digital
should be used . communications
3. compressed files: in order to reduce transmission time, it must incorporate the following properties:
data compression is frequently used to reduce the size of a The signature must be a bit pattern that is
file. Most loss less data compression techniques are based independent on the message being signed.
on removing redundancy from the file. To prevent forgery and denial, the signature must
DIGITAL SIGNATURE: use some information unique to the sender.
The digital signature is to the electronic world what the The digital signature must easy to generate.
handwritten signature is to the commerce. The storage of a copy of the digital signature must
Or be simple.
A digital code (generated and authenticated by public key Forging the signature must be computationally
encryption) which is attached to an electronically infeasible, i e either by constructing a fraudulent
transmitted document to verify its contents and the sender's signature for a given message or constructing a new
identity. Or message with an existing signature.
A digital signature is a mathematical technique used to The signature must be easy recognize and verify
validate the authenticity and integrity of a message, E-MAIL SECURITY:
software or digital document. The digital equivalent of a
Secure email uses set cryptographic tools to encapsulate a
handwritten signature or stamped seal, a digital signature
message into a specially formatted envelope. Cryptography
offers far more inherent security, and it is intended to solve
is a method of storing and transmitting data in a particular
form so that only those for whom it is intended can read internet standard simple mail transfer protocol(smtp) but
and process it. Encryption Means of hiding a message can beused with any electronic scheme.
through substitution or rearranging Decryption is the
PEM provides the following capabilities :
process of converting encrypted data back into its original
form, so it can be understood. Encryption and decryption Confidentiality
which data is converted from one form to another but is Sender Authentication
Debit Card
Step 5 Merchant submits the sales slip to acquirer banks Smart Card
Smart card is again similar to credit card and debit card in Electronic Fund Transfer:
appearance but it has a small microprocessor chip
embedded in it. It has the capacity to store customer work It is a very popular electronic payment method to transfer
related/personal information. Smart card is also used to money from one bank account to another bank account.
store money which is reduced as per usage. Smart card can Accounts can be in same bank or different bank. Fund
be accessed only using a PIN of customer. Smart cards are transfer can be done using ATM AutomatedTellerMachine
secure as they stores information in encrypted format and or using computer.
are less expensive/provides faster processing.Mondex and Now a day, internet based EFT is getting popularity. In this
Visa Cash cards are examples of smart cards. case, customer uses website provided by the bank.
Customer logins to the bank's website and registers another
E-Money bank account. He/she then places a request to transfer
certain amount to that account. Customer's bank transfers
E-Money transactions refer to situation where payment is amount to other account if it is in same bank otherwise
done over the network and amount gets transferred from transfer request is forwarded to ACH Automated
one financial body to another financial body without any Clearinghouse to transfer amount to other account and
involvement of a middleman. E-money transactions are amount is deducted from customer's account. Once amount
faster, convenient and save a lot of time. Online payments is transferred to other account, customer is notified of the
done via credit card, debit card or smart card are examples fund transfer by the bank.
of e-money transactions. Another popular example is e-
cash. In case of e-cash, both customer and merchant both
have to sign up with the bank or company issuing e-cash.
PRE-PAID ELECTRONIC PAYMENT MONDEX:
SYSTEMS:
The mondex purse is a smart card alternative to cash. The
E-CASH: e-cash is a purely software based anonymous mondex purse ,a self-standing value store, requires no
untraceable, online token payment system, available on remote approval of individual transactions. rather ,the
unix, windows as well as Macintosh platforms. Customers mondex value equivalent to cash is stored in the card ‘s
as well as merchants require graphical wallet software that microchip. The purse also stores secure programs for
can also be accessed via a command line interface. e Cash manipulating that value and for interfacing with other
allows bi-directional payments. there is no distinction mondex cards or terminals.
between customers and merchants with regards to MILICENT:
payments. however ,since the system is coin based ,it
requires clearing of coins by it issuing bank. the Millicent digital microcommercesystem from digital
implementation of various transactions with eCash are as equipment provides a way to buy and sell content in very
follows: small amounts, over the internet. who acts as
intermediaries between vendors and customers.
Withdraw: there are two participants’ in the withdrawal
transaction the bank and the customer. A customer MICROMINT: Microment is a payment mechanism for
connects to an eCash issuer and purchases electronic coins making purchases over the internet. the main goal is to
of the required value. minimize the number of public key operations required per
payment.
Purchase: once the customer has some eCash on his hard
drive ,he can buy things from the merchants shop. if the
customer shows intent to purchase a product ,he receives a
payment request from the merchant ,which he has to
confirm.
NETBILL: Complete transfer: this is a applicable in the case of
Netbill has been conceived to address the problem of digital goods transfers over the internet. The complete
buying information goods over the internet. As opposed to exchange of currency with the corresponding digital goods
the physical goods purchased on the internet and shipped should take place.
later by the merchant, the information goods are
themselves transferred over the internet to the customer. Durability: durability becomes important in case the
REQUIREMENT METRICS OF A PAYMENT system crashes during the transfer. even after a system
crashes, the system should recover to a state ,where
SYSTEM:
transactions and status information is consistent.
The actual of individual characteristics is determined by
the actual need of the transacting parties. Transaction in
the context of payment systems ,refers to the actual Security:
exchange of currency with the goods(documents) being
Security in the context of payment systems refers to the
transferred .transaction the following characteristics:
system’s ability to protect all parties from frauds, due to
Atomicity: it refers to the system ability to ensure that no interception of online transmission and storage.
partial transactions or exchange can take place . Transfer
Fraud protection: digital payment system must be tmper
funds: this should not be any currency loss in the
resistant and should have built in mechanism to prevent
transaction.
illegal use of digital cash.
No double spending: since digital cash is represented by
bytes that can be easily copied and respent,the digital
payment system should safeguard against reuse of
currency.
MOBILE COMMERCE: M-COMMERCE FRAME WORK DIAGRAM: