Fourth Semester

Paper 4.6 Computer Applications:

(B.Sc-Computer Science and BCA )

4.6 Computer Applications: SYLLABUS

Unit-1:
Introduction to Electronic Commerce: The meaning, benefits,
impact, Classification, application of Electronic Commerce
technologies. Electronic Commerce Business models: meaning of
business model 14Hrs
Unit-3
Electronic Commerce : Network infrastructure: LAN, Ethernet
LAN, WANs, Internet, TCP/IP reference ,model, Domain Name
systems, Internet industry structure, Electronic Commerce:
securing the business on Internet: Vulnerability of information
on Internet, security, policy, procedures and practices, site
security, protecting the network 12Hrs

Unit-2: Unit-4
Electronic Commerce: securing the business on Internet,
Electronic Data Interchange: Conventional trading process,
Transaction security, cryptography, digital signature, email
meaning of EDI, building blocks of EDI system, layered
security. Electronic Payment System: Introduction to payment
architecture, value added networks, benefits and application of
system, Online payment system, prepaid electronic, payment
EDI. Electronic Commerce: Architectural framework,
systems, requirement metrics of a payment system, Mobile
Electronic Commerce: Information distribution and messaging:
Commerce: Introduction, Framework and models: meaning,
FTP application, Email, WWW server, HTTP,
benefits, impediments, framework 10 Hrs)
Web Servers implementation. 14Hrs
 virtual shop windows at unspecified parts of the world and
UNIT-I
also are advertising on virtual networks and payment is

INTRODUCTION TO ELECTRONIC provided through electronic services, all of these options

have been caused that electronic commerce is considered
COMMERCE:
the miracle of our century. Electronic commerce,
Electronic commerce is a powerful concept and process
commonly known as E-commerce is trading in products or
that has fundamentally changed the current of human life.
services using computer networks, such as the Internet.
Electronic commerce is one of the main criteria of
Electronic commerce draws on technologies such as
revolution of Information Technology and communication
mobile commerce, electronic funds transfer, supply chain
in the field of economy. This style of trading due to the
management, Internet marketing, online transaction
enormous benefits for human has spread rapidly. Certainly
processing, electronic data interchange (EDI), inventory
can be claimed that electronic commerce is canceled many
management systems, and automated data collection
of the limitations of traditional business. For example,
systems. Modern electronic commerce typically uses the
form and appearance of traditional business has
World Wide Web for at least one part of the transaction's
fundamentally changed. These changes are basis for any
life cycle, although it may also use other technologies such
decision in the economy. Existence of virtual markets,
as e-mail.
passages and stores that have not occupy any physical
space, allowing access and circulation in these markets for
a moment and anywhere in the world without leaving
home is possible. Select and order goods that are placed in
 Application Of E-commerce:
Definition:
E-commerce: Sharing business information, maintaining
business relationships and conducting business
transactions using computers connected to tel.
ecommunication network is called E-Commerce.
OR
E-commerce -- electronic commerce or (EC)is the buying
and selling of goods and services, or the transmitting of
funds or data, over an electronic network, primarily the
internet. These business transactions occur either as
business-to-business, business-to-consumer, consumer-to-
consumer or consumer-to-business.
 Buying/selling a variety of goods and services from
one's home or business
 Anywhere, anytime transaction
 Can look for lowest cost for specific goods or
service
 Businesses can reach out to worldwide clients - can
establish business partnerships
 Order processing cost reduced
 Electronic funds transfer faster
 Supply chain management is simpler, faster, and
cheaper using ecommerce
 Can order from several vendors and monitor
supplies.
 Production schedule and inventory of an
organization can be inspected by cooperating
supplier who can in turn schedule their work
 Retail & wholesale

E-COMMERCE BENEFITS:
Low Financial Cost: One of the ecommerce
benefits is that it has a lower startup cost. Also,
they have several upfront costs such as store signs,
store design, buying inventory, sales equipment,
and more. Physical retail stores also have to pay
staff to work and run each location.
Features of E-Commerce:
 Global reach
The technology reaches Commerce is enabled across
cultural and across national boundaries, around the earth.
national boundaries seamlessly and without modification.
―Marketplace‖ includes potentially billions of consumers
and millions of businesses worldwide. DEPT OF CSE &
IT VSSUT, Burla
 Universal standards There is one set of There is
one set of technical media standards technology
standards, namely Internet across the globe.
 Richness Video, audio, and text messages
Video, audio, and text marketing messages
are are possible. integrated into a single
marketing message and consuming
experience.
 Interactivity The technology works
Consumers are engaged in a dialog that
through interaction with the user. dynamically
adjusts the experience to the individual, and
makes the consumer a coparticipant in the
process of delivering goods to the market.
 Information density The technology
Information processing, storage, and reduces
information costs and raises quality.
communication costs drop dramatically, while
currency, accuracy, and timeliness improve
greatly. Information becomes plentiful, cheap,
and accurate.
 Personalization/Customization The
Personalization of marketing messages and
technology allows personalized messages to
customization of products and services are be
delivered to individuals as well as groups.
based on individual characteristics.
ELECTRONICS COMMERCE BUSINESS
MODELS CAN GENERALLY CLASSIFIED
IN FOLLOWING CATEGORIES.

Meaning: A plan for the successful operation of a

business, identifying sources of revenue, the
intended customer base, products, and details of
financing.

1. Business - to - Business (B2B)

2. Business - to - Consumer (B2C)
3. Consumer - to - Consumer (C2C)
4. Consumer - to - Business (C2B)
5. Business - to - Government (B2G)
6. Government - to - Business (G2B)
7. Government - to - Citizen (G2C)
1) Business - to - Business (B2B)
Website following B2B business model sells its
product to an intermediate buyer who then sells the
product to the final customer. As an example, a
wholesaler places an order from a company's
website and after receiving the consignment, sells
the end product to final customer who comes to
buy the product at wholesaler's retail outlet.

2) Business - to - Consumer(B2C)
Website following B2C business model sells its
product directly to a customer. A customer can
view products shown on the website of business
organization. The customer can choose a product
and order the same. Website will send a
notification to the business organization via email
and organization will dispatch the product/goods
to the customer.
3) Consumer - to - Consumer (C2C)
Website following C2C business model helps
consumer to sell their assets like residential
property, cars, motorcycles etc. or rent a room by
publishing their information on the website.
Website may or may not charge the consumer for
its services. Another consumer may opt to buy the
product of the first customer by viewing the
post/advertisement on the website.
4) Consumer - to - Business (C2B)
In this model, a consumer approaches website
showing multiple business organizations for a
particular service. Consumer places an estimate of
amount he/she wants to spend for a particular
service. For example, comparison of interest rates
of personal loan/ car loan provided by various
banks via website. Business organization who
fulfills the consumer's requirement within
specified budget approaches the customer and
provides its services.
5) Business - to - Government (B2G)
B2G model is a variant of B2B model. Such
websites are used by government to trade and
exchange information with various business
organizations. Such websites are accredited by the
government and provide a medium to businesses
to submit application forms to the government.
6)Government - to - Business (G2B)
Government uses B2G model website to approach
business organizations. Such websites support
auctions, tenders and application submission
functionalities.
7) Government - to - Citizen (G2C)
Government uses G2C model website to approach
citizen in general. Such websites support auctions
of vehicles, machinery or any other material. Such
website also provides services like registration for
birth, marriage or death certificates. Main
objectives of G2C website are to reduce average
time for fulfilling people requests for various
government services.

UNIT-2
Paper 4.6: Computer applications
ELECTRONIC DATA INTERCHANGE (EDI):
Conventional Trading Process:
The typical process between two organizations remained
more or less similar to what has been in use for over a
century now. The relationship between a manufacturing
organization with the sub assembly, component, or other
raw material provider organizations in a conventional
consists of the following steps
1. Either the inventory management system – based on a
re-order policy following the examination of the stock
levels – raises the purchase requisition for the item or a
department raises the requirement for some items. The
information on the requisition forms is entered into the
purchase processing system. Many a time there are
transcription errors in the process. Thus, it is necessary to
edit and correct to the data.
2. Once the correct requisition information has been
updated in the computerized purchase system, the purchase
management system scans the suppliers ‘ databases for
potential suppliers and prints the purchase requisitions,
requesting the price and delivery quotation in the name of
screened suppliers.
3. The purchase requests are transmitted to the suppliers,
either through phone / fax or through mail / courier
service.
4. The information printed on the purchase requests may
be keyed in by the suppliers in their computerized systems
for processing, and a quotation against the purchase
request may be prepared and printed.
5. The quotation from the supplier is transmitted using
traditional paper transmission mechanisms such as fax
/courier / mail service.
6. All quotations received from suppliers against a
purchase request, are entered into the manufacturer's
automated system and edited and corrected to remove any
transcription errors. Based on the quotations received, the
system may process the quotations using structured or semi
- structured mechanisms and select the most suitable
candidate ordering.
7. The order is then printed on a standardized order form
along with the terms and conditions for delivery and
payment.
8. The printed order is mailed, couriered, or faxed to the
supplier.
9. The supplier, on receiving the order, enters it into the
computer system and matches the order with the quotation
that has been submitted.
10. If everything is found in order, it raises an internal
sales order. Since the raising of an internal sales-order
requires data entry / editing of the information from the
received purchase order, matching and processing of the
order, and then printing of the internal sales order, it often
becomes a source of delay. In extreme cases, if the prices /
terms on quotation and the purchase order do not match, it
may be require repetition of some of the earlier steps, or
re-negotiation / clarifications, causing further delays.
11. The internal sales order is used for generating several
documents and forms for locating and identifying the
appropriate stocks. In case where such stocks are not
readily available, it may lead to the raising of a work
order or schedule to the production shop. The appropriate
stock thus picked and packed for sending it to the buyer
along with the packing list and advance shipping note and
advice. The process, at times, may lead to a partial
fulfillment of the order. In that case, the customer needs to
be informed of the short – delivery and order – status in
writing
12. With the goods, the internal sales – order processing
system also prepares a delivery note. The goods packed in
the previous step are sent using an appropriate dispatch
mechanism.
13. The delivery / dispatch note is sent to the buyer using
postal mail / courier / fax service
14. The buyer or receiving yard, on receiving the goods
and advices, compares and inspects the goods, and
prepares a goods receipt note containing the purchase order
number against which the goods are received, and marks
the acceptance and rejection of the items shipped. The
information on the goods receipt note is transcribed at the
computer department, edited, and matched against the
outstanding purchase – order. The information on the
pending quantity against a purchase - order and the stick
levels in the inventory management system are updated. In
case of partial delivery, steps 9 – 14 are repeated several
times until the quantities on the order are fulfilled.

15. The suppliers computer, on completion of the order

fulfillment, also generates an invoice by printing it, when,
in turn, is dispatched to the buyer / manufacture.

16. The supplier’s computer also generates a financial

statement at the end of the trading month for the
payments. At times it also keeps sending reminders for the
payment till the complete payment have been received
from the buyer.

17. The buyer’s computer enters the information on the

payment statement, matches it against the purchase order,
and also matches it against the information provided by
goods receipt note, or in other words, ensures that the order
has been fulfilled and has been inspected and accepted. If
everything is found to be in order, the buyer.
If we look at the above process, we will notice that
computerization has helped only in managing and
processing of records of the traditional supply chain
management. The whole process remains more or less the
same, and is burdened with exhaustive paper work,
repetitive entry of data, making it prone to errors and, is
still dependent on the postal communication of the
document. The advances in communication technologies
have made it possible to interconnect the computers of
suppliers and buyers. As a result, they can talk to each
other directly, or exchange the requisite information
without printing on paper, dispatching it through mail /
fax, and then re – entering it all at the other end. If this
model of transmitting information electronically between
the supplier’s and buyer’s computer is put in practice, it
will lead to increased speeds, avoidance of errors due to re
– entry, accuracy and cost reductions due to reduced cycle
time. These improvements dramatically influence the
overall efficiency of business and commerce. Electronic
Data Interchange is a paperless mechanism that addresses
the problems of the traditional systems by electronic
interchange of documents
In the EDI environment, buyers create purchase
requisitions in their computers and based on these purchase
requisitions, and the suppliers’ database at the buyer’s
computers, the purchase system creates calls for quotations
to suppliers. The calls for quotations are transferred
electronically to the suppliers’ computers to the push of a
button. The supplier’s computerized system receives the
requests and prepares a quotation record which, in turn, is
submitted to the buyer’s computer electronically. The
buyers’ purchase system collects, compiles and processes
all quotations and finally creates purchase orders in their
own company’s’ purchasing software program. The
electronically generated purchase – order, on pushing a
button, is automatically transferred to a supplier’s order
entry system. In other words, the transmission of the data
between two trading partners happens in electronic form.
E.D.I
“Electronic Data Interchange (EDI) is the exchange of
business documents between any two trading partners in a
structured, machine – readable form. It can be used to
electronically transmit documents such as purchase orders,
invoices, shipping bills, receiving advices, and other
standard business correspondence between trading
partners.” EDI can also be used in exchanging financial
information and payments in electronic form. The
Electronic Fund Transfer (EFT) systems used by financial
institutions are a prime example of the application of EDI
in the banking and financial sector. EDI should not be
viewed as simply a way of replacing paper documents and
traditional methods of transaction such as mail, phone, or
in-person delivery with electronic transmission. Rather, it
should be seen not as an ‘end’, but as a means to
streamline procedures and improve efficiency and
productivity. EDI covers wide and varied application areas
and, depending upon the perspective, has been defined in
several ways. According to the Data Interchange Standards
Association.
The EDI process looks like this — no paper, no people
involved
“Electronic Data Interchange (EDI) is the computer – to –
Computer exchange of business data in standard formats.
In EDI, information is organized according to a specified
format set by both parties, allowing a “hands – off”
computer transaction that requires no human intervention
or rekeying on either end. All information contained in an
EDI transaction set is, for the most part, the same as on a
conventionally printed document.”
The Webopedia says that, “Electronic data interchange, is
the transfer of data between different companies using
networks, such as the Internet. As more and more
companies get connected to the Internet, EDI is becoming
increasingly important as an easy mechanism to buy, sell,
and trade information. ANSI has approved a set of EDI
standards known as the X12 standards.”
According to the EDI University, a training provider in
EDI, “EDI stands for Electronic Data Interchange, a
method of transporting all types of information, such as
purchase orders, invoices, payments and even graphics, to
another party electronically. EDI technology was
introduced by Value Added Networks (VANs), in the
1970’s, as an alternative to modern banks, and essentially
replaces paper-based communications with electronic
equivalents. Since EDI is based on a standard developed
by the American National Standards Institute (ANSI),
everyone can use it, enabling all businesses to share a
common language.”
The national Institute of Standards and Technology says
that, “Electronic Data Interchange (EDI) is the computer –
to – Computer interchange of strictly formatted messages
that represent documents other than monetary instruments.
EDI implies a sequence of messages between two parties,
either of whom may serve as originator or recipient. The
formatted data representing the documents may be
transmitted from originator to recipient via
telecommunications or physically transported on electronic
storage media”.
electronic exchange of information / documents is
heterogeneous in nature. Similarly, electronic messages /
documents that can be interpreted and understood by
various purchase and order processing the systems
deployed at different vendors are also heterogeneous in
nature. Thus, evolution a general purpose EDI system
requires addressing of the problem of heterogeneity at two
levels – exchanging documents over heterogeneous
networks and the heterogeneity of document formats.
The general architecture of the EDI system consists of four
layers: the application conversion layer, standard message
formats layer, the data transport layer and the
interconnection layer

BUILDING BLOCKS OF EDI SYSTEMS: LAYERED

ARCHITECTURE :
As described above, two key concepts – electronic
document exchange and electronic messages – need to be
addressed for an EDI system to evolve. The real
networking environment that is used for purpose of
 system(s), for EDI to operate, they need to convert the
internal company document format to a format that can be
understood by the system by the trading partner. When the
trading partners are small in number, converters for
various partner formats can be built. But, as the number of
partners with different internal formats increase, the task of
building converters for each proprietary format to other
formats becomes overwhelming. The fig. below shows a
number of converters for four trading partners with four
different proprietary message formats.

Application / Conversion Layer

The application layer consists of the actual business
applications that are going to be connected through the
EDI systems for exchange of electronic information. These
applications may use their own electronic record formats
and document formats for storing, retrieving, and
processing the information within each company’s
systems. Since each company’s system may have its own
proprietary format, which would be used by their
In case a need arises to handle a new proprietary format for
an additional partner, four new format conversion
programs have to be built. Thus, the approach is markedly
unsuitable for the general purpose EDI system. The
problem of heterogeneity of formats can be better
addressed using a common standard format for documents
/ messages transferred within the EDI system. The internal
processing systems continue to use the proprietary formats,
but, for transmission over the wire, they adopt a common
document / message format. In this case the conversion
program learns to translate the common message format to
the proprietary message format used by a system, and vice
– versa. The approach greatly simplifies the problem posed
by heterogeneity of proprietary message formats, as
depicted in the fig. below. Operational EDI systems follow The Standard Formats Layer
the second approach, in which all the documents that need The application layer of EDI systems rely on common
to be transmitted to the other systems are translated into agreed formats for operation. Thus, the second important
the standard format. The receiving systems accept the and critical building block of the EDI system is standards
for business documents / forms. Since the sender and
input in the standard format and convert it into the native
format used internally by the local system. receiver in the EDI systems have to exchange business
documents that can interpreted by all parties, it has
necessitated the development of form standards in EDI.
EDI form standards are basically data standards in that
they lay down the syntax and semantics of the data being
exchanged.
The grocery industry sector created the Uniform
Communication Standards (UCS) for addressing the EDI
standards requirement for their segment, which were later
adopted by several other retail sectors.
. In Europe on the other hand, the industry developed and
adopted yet another set of standards.
The shipping industry devised a set of standards called
Data Interchange for Shipping (DISH), the automobile
sector came up with a standard under the umbrella of
Organization for Data Exchange by Tele Transmission in
Europe (ODETTE).
The need for an industry-wide EDI standards was widely
felt and this lead to the formation of a Standard Committee
X12 under the auspices of American National Standards
Institute (ANSI)
Document Standards
The cross-industry standardization of documents is at the
core of smooth functioning of EDI systems. The
interconnection among trading partners only serve the
purposing of exchanging information, but a document
exchanged between two trading partners needs to be
recognized and interpreted correctly by the corresponding
software systems running at various partners computers.
For example, a purchase order needs to be identified by all
the EDI applications running on trading partner’s
computers as being a purchase order from a particular
organization. Over a period of time, two major EDI
standards have evolved. The first, commonly known as
X12, was developed by the Accredited Standards X12
committee of the American National Standards Institute
(ANSI) and the second, the international standard, was
developed by the United Nations EDI for administration,
Commerce and Trade (EDIFACT)
ANSI X12
The Accredited Standards Committee (ASC) X12 was set
up by the American National Standards Institute (ANSI )
in 1979 to develop cross-industry standards for exchanging
electronic documents for use by all businesses in the
United States. The committee developed ANSI ASC X12,
commonly referred to as X12 standard. Today, EDI
standards are firm but not static, because the development
of EDI is a continuing effort. Specific industry groups are
continuing to evolve new transaction sets that may be
better suited to standardization. The X12 standard sets the
framework and rules for electronic data interchange. It
describes the format for structuring the data. The types of
documents that should be transmitted electronically, and
the content of each document. The identification numbers
for various forms, codes for a variety of fields, and types 1.The header contains the information that is common to
of information is also defined in the standard. The standard the whole document, such as date; from address; to
also defines the sequence of information flow. The X12 address; terms and conditions, tec. In the sample order
devised the standards to deal with transactions such as form shown in Fig., the following information is the
purchase order placement, order processing, shipping, header:
invoicing, and payments, to name a few. In the X12
standard, paper documents related to particular business
activities are mapped into a transaction set. It assigns a
numeric code to each of these transaction sets, in a manner
similar to the numbering of business forms followed at
many organizations.

The X12 standard defines a set of documents, referred to

as transaction sets, for a wide range of business transaction
forms. Each transaction set is given a numeric code, and
each transaction set is used and for defining the transfer of 2. Detail refers to line items that describe the actual
a single document (purchase order, manifest etc.) between
business transaction. In case of a purchase order, it may
the computers of two trading artners. The ata embedded in
a transaction set conveys the same information that is contain item number, description, quantity ordered, and
contained in the printed version of the document; usually, price information. In the sample order shown in Fig., the
it is a subset of the whole information on the printed
following information is the detail:
version. The printed version of the document can be
thought of as containing three distinct types of information
– header, detail, and summery.

3. Summery refers to the control information and other
components that refer to the complete transaction. In case
of a purchase-order, it may refer to order value. In the
sample order form example, the summery information
refers to the following.
EDIFACT – An International Standard
In 1987, the United Nations announced an international
standard called EDI for Administration, Commerce, and
Transport (EDIFACT). The EDIFACT standard is
promoted by the United Nations Economic Commission,
which is responsible for the adoption and standardization
of messages. The International Standards Organization
(ISO) has been entrusted with the responsibility of
developing the syntax and data dictionary for EDIFACT.
EDIFACT serves the purpose of trans-border
standardization of EDI messages. EDIFACT combines the
efforts of American National Standards Institute’s ASC
X12, Trade Data Interchange (TDI) standards developed
and deployed by much of Europe and the United Kingdom.
The GE.1 group of UNEC / EDIFACT deals with data
element and rules and formats for automated data
exchange. The GE.1 group also coordinates the six
EDIFACT boards set up for Western Europe, Eastern
Europe, Pan America, Australia/New Zealand, Asia, and
Africa. The Asia EDIFACT board (AEB) consists of
members like India, Japan, Korea, Hong Kong, China,
Singapore, Taiwan, and Malaysia.
The basic unit of communication among EDI Trading
Partners, defined by EDIFACT, is an interchange.
Data Transport Layer
The data transport layer consists of services that automate
the task of electronic transfer of messages. In a typical
purchase process, once a purchase order has been prepared
and printed in the standard format, it is placed in an
envelope and dispatched through postal or courier services
to the supplier. The content and structure of the purchase
order is defined in the standards layer and is separate from
the transport/ carrier mechanism. The layer utilizes any of
the available network transport services such as electronic
mail; file transfer protocol; Telnet based remote
connection and transfer; or even the Hyper Text Transfer
Protocol (HTTP) that drives the World Wide Web.
Electronic mail has emerged as the dominant means for
transporting EDI messages. EDI documents/ messages are
exchanged through network infrastructure as electronic
mail messages. Electronic mail is used only as a carrier for
transporting formatted EDI messages by the EDI
Document Transport Layer. The structured message,
delivered by the electronic mail, is interpreted by the
receiving software, which is capable of comprehending the
structure of the EDI standard information.
The data transport layer consists of services that automate
the task of electronic transfer of messages.
The Electronic Mail exchanged through the network
infrastructure has emerged as the dominant means for
transporting the EDI messages.
The electronic mail is used only as a carrier for
transporting the formatted EDI messages by the EDI
Document Transport Layer.
ITU-T has adopted X.435 (X.400-based) standards to
support electronic data interchange (EDI) messaging.
X.435 standard consists of definition of normal EDI
messages and a set of EDI "notifications" to address the
security requirement.
In order to achieve equivalence to the security control
offered by the paper-based systems, it has three types of
notifications.
• A positive notification – It indicates that the
recipient has received the document and accepts the
responsibility for it;
• A negative notification- It indicates that the recipient
received but refused to accept the document. The
reason for refusal is attached with the notification.
A forwarding notification- It indicates that the
document was received, but
forwarded to another recipient
Inter Connection Layer
It refers to the network infrastructure that is used for the
exchange of information between trading partners. In the
simplest and most basic form it may consist of dial-up
lines, where trading partners dial-up through modem to
each other and connect to exchange the messages as
illustrated in the following:

The leased lines and I-way, Internet or any reliable
network infrastructure that can provide ability of
interconnection can be used. Through the interconnection,
the EDI partners are able to achieve document exchanges
between themselves
Value Added Network (VAN):
A value-added network (VAN) is a private network
provider (sometimes called a turnkey communications
line) that is hired by a company to facilitate electronic
data interchange (EDI) or provide other network
services.VANs are third-party communication networks
established for exchanging EDI traffic amongst the
partners. Various businesses (trading partners) subscribe
to the VAN services. For every subscriber, the VAN
maintains an account, which serves as an electronic post
office box for the subscriber, for sending and receiving the
EDI messages. The subscriber’s account receives and
accumulates all incoming mail from other partners that can
be viewed by the account owner as and when they connect
to the VAN account. There are a number of third-party
Value Added Network providers in the market place.
Many of the VANs today, also offer the document
exchange ability of EDI documents with other VANs
The vast majority of EDI still occurs via EDI Networks,
which in the days prior to the Internet were referred to as
Value-Added Networks (VANs). The growth of flexible,
low-cost approaches, such as Web EDI or EDI via AS2,
has begun to change this situation but the EDI Network is
still the preferred option due to the value- added services
that these providers can deliver. Often companies look to
implement a hybrid strategy in which different types of
EDI are implemented as appropriate to the business, but
the EDI Network remains the core to these installations.
The EDI Network is simply a secure network where EDI
documents can be exchanged between business partners.
An organization will be provided with a mailbox.
Documents are sent and received from there and the
organization checks the mailbox periodically to retrieve its
documents. Most EDI Network Services providers offer an
alerting service that informs the sender when messages
have been sent successfully and also notifies the recipient
that a new message is waiting.
The enduring appeal of EDI Networks is based upon the
value-added services that the EDI Network Services
provider delivers
 Community and business partner enablement
 Back-office integration
 Management information
 Fully managed services (EDI Outsourcing)
In addition to secure communications, EDI Networks
deliver:
 Full mailbox service. Messages are automatically
routed to the correct mailbox. Business partners
connect to the EDI Network to retrieve their
messages
 Inspection and authentication of all EDI messages.
The EDI Network will verify the identity of the
business partner and validity of the message
 Full audit trail. All EDI messages are tracked and
recorded
 Message notification. Business partners are notified
when message enters their mailbox
 Ancillary services. EDI Network Service providers
offer an extensive range of services including data
backup and recovery, document mapping and
compliance
Benefits and application of EDI
 Reduces Lead Time
In the EDI environment, the exchange of documents
among trading partners happens electronically through
interconnected computers. The process of transferring the
documents is instantaneous, offering weeks of time savings
compared to the traditional environment that used postal /
courier based exchange of printed documents. Also, the
direct electronic transfer of documents between inter-
organizational systems eliminates the chance of error due
to re-entry of data printed on paper from one system to
another system. As it streamlines the information flow, the
cycle time is reduced drastically. In the environment,
order-processing, shipping of goods, and invoice-
preparation and transmission can all be done within a
matter of a few hours compared to the days/ weeks it takes
in a non-EDI environment.
 Improves Coordination with Supplies
Traditional trading environments are often burdened with
the problem of mismatched invoices, un-matching terms in
quotations and purchase-orders, missing invoices even
after the bill for payment is received and many similar
inter-business problems. On careful examination, it will be
evident that much of these problems are caused either by
delays in the transmission of printed documents, loss of
documents in transition, or due to errors in the
transcription of the printed information into the electronic
form. The instantaneous transfer of business documents
over the network in electronic form and confirmation of
the same addresses the first problem, thereby making
nearly impossible for documents to arrive in wrong
sequence. Also, since the documents are received in
electronic form, the need to re-enter the same data is not
there and, as a result, transcription errors are totally
eliminated.
 Reduces Redundancy
As all the documents exchanged between trading partners
are stores in an electronic mailbox, documents can be
accessed, retrieved, and examined at any point of time.
Either trading partner can access, examine, and make a
copy of the document from the electronic box instantly.
Contrast it with the non-EDI system; it may take hours, or
even days, to locate and retrieve a printed business
document from the past. Many a time, trading partners file
copies of the same document at multiple places. The EDI
environment eliminates the need for multiple copies and
reduces redundancy without compromising the
accessibility and retrieval of old documents.
 quicker settlement of accounts. The reduced transaction
 Expands the Market Reach friction saves money and the supplier is in a better
position to offer the items at cheaper costs, leading to
Most large manufacturers like General Motors deal
improve revenue realizations and sales.
with EDI-enabled suppliers only. In the process of
streamlining the purchase process they often institute a
Applications of EDI:
value-added network. By being a part of their value-
The ability to exchange documents electronically has
added network, many opportunities open up for
been found to facilitate coordination between the
supplying the material to some other larger supplies
partners, reduce the lead time and thus reduce
who are also a part of the network. Also, with the
inventory. Although, large manufacturing and
growth of electronic commerce and further integration
transportation companies were the early birds who
of EDI with electronic commerce, the creation of an
recognized the advantages, any of the other industry
electronic marketplace by large manufacturers who buy
segments also stand to benefit from electronic
supplies from many large and small suppliers, has
document exchange. The health care, and financial
become a reality. By participating in this large market
sectors and cross-border trade facilitated through
place you are likely to pick many orders from other
electronic document exchanges including customs
suppliers who are a part of the market/ place / network.
service – have been some other sectors that adopted and
The General Electric initiated Trade Process Network
derived the returns from EDI.
(tpn.com) is a prime example of such a marketplace.

 Increases Revenue and Sales

Many large organizations use EDI and trade with other
EDI-enabled suppliers. The efficiency brought about by
EDI reduces the total transaction friction by eliminating
paperwork and related errors that ensure. It also leads to
Architectural framework of Electronic
Commerce:
Apply computer technology to improve business process
and information exchange both within the an organization
and across the organization. E-commerce is used to devote
proper exchange of business information using EDI,
E-mail, Electronic bulletin boards, EFT(electronic fund
transfer) and other similar technologies.
E-Commerce is used to describe a new online approach to
perform traditional function such as payment and fund
transfer, order entry and processing inventory management
involving cargo tracking, electronic catalogue etc.
Advertising, marketing and customer support functions are
also a part of E-commerce application. No single
technology can provide the full potential of E-commerce.
Therefore we require an integrated architecture which is
revolving in the form of WWW as E-commerce is
becoming more matured. Thus we need
To develop sophisticated applications on WWW.
Architectural framework of E-commerce:
A Frame Work is intended to define and create tools that
integrate the information found in today’s closed system
and allows the development of E-commerce applications.
Architectural framework should focus on synthesizing the
diverse resources already in place incorporation to
facilitate the integration of data and software for better use
and application.
The E-commerce applications architecture consists of 6
layers of functionality or services. They are
1. Application Services
2. Brokerage Services
3. Interface support layer
4. secure messaging & EDI
5. Middleware, structured document interchange.
6. Network infrastructure and providing communication
services.
1. Application services:
It will be composed of existing and future applications
based on innate architecture. The three distinct
classes of E-commerce applications can be distinguished
as
a) Consumer to Business
(b) Business to Business
(c) Intra organization.
(a) Consumer to Business:
We call this enterprise market place transaction. In market
place transaction customer learn about product differently
through Electronic publishing by them differently using
Electronic cash and secure payment and have
themdeveloped differently.
(b) Business to Business:
This is called as market link transaction. Here business,
govt and other organizations depend on computer to
computer communication as a fast, economical dependable
way to conduct business transactions. They include the use
of EDI and E-mail for Purchasing goods and services,
buying information and consulting services, submitting
requests for proposals and receiving proposals.
(c) Intra Organizational transactions:
This is called as market driven transaction. A company
becomes market driven by dispersing throughout the firm
information about his customers and competitors by
spreading strategic and tactical decision making so that all
units can participate and by continuously monitoring their
customer commitment. To maintain relationships that are
critical, to deliver superior customer value management,
most pay close attention to both before and after sales. A
market driven business develops a comprehensive
understanding of its customer business and how customers
in the immediate and downstream markets perceive value.
Three major components of
market driven transactions are
(i) Customer orientation through product and service
customization
(ii) Cross functional coordination through enterprise
integration, marketing and advertising.
(iii) Customer service.
2. Information Brokerage and management:
This layer provides service integration through the notion
of information brokerages. Information brokerage is used
to represent an intermediary which provides service
integration between customer and information providers,
given some constraints such as low price, fast service,
profit maximization for a
client. Information brokerage addresses the issue of adding
value to the information that is retrieved. Brokerage
function can support data management and traditional
transaction services. Brokerage may provide tools to
accomplish more sophisticated tasks such as time delay
updates or feature comparative
transaction.
At the heart of this layer lies the work flow scripting
environment that built on software agent model that
coordinate work and data flow among support services.
Software agents are mobile programmers that have been
called as “healthy viruses” , “digital butlers” , and
“intelligent agents”. Agents are encapsulations of users
instructions that perform all kinds of tasks in electronic
market places spread across the network.
3. Interface support service:
The third layer interface and support services will provide
interface for e commerce applications such as interactive
catalogues and will support directory services etc.,
functions necessary for information search and access.
Interactive catalogues are customized interface to
consumer applications such as home
shopping. An interactive catalogue is an extension of paper
based catalogues and incorporates additional features such
as sophisticated graphics and video to make advertising
more attractive.
Directories on the other hand operate behind the scenes
and attempt to organize the huge amounts of information
and transactions generated to facilitate electronic
commerce. Directory services databases make data from
any server appear as a local file. Thus directories play an
important role in information
Management functions.
4. Secure messaging and structure document
interchange service:
The importance of fourth layer is secured messaging.
Messaging is a software that sits between the network
infrastructure and the clients or e-commerce applications.
Messaging services offer solutions for communicating non
formatted data such as letters, memo, reports etc as well as
formatted data such as purchase order, shipping notices
and invoice etc. messaging support both for synchronous
(immediate) and asynchronous (delay) messaging. When a
message is sent work continuous (software does not wait
for response). This allows the transfer of messages through
store and forward methods. With messaging tools people
can communicate and work together more effectively, no
matter where they are located. The main disadvantages of
messaging are the new types of applications it enables ,
which appear to be more complex especially to traditional
programmers.
5. Middleware services:
Middleware is a relatively new concept that emerged only
recently. Middleware is a mediator betweendiverse
software programs that enable them to talk with one
another. It solves all the interface, translation,
transformation and interpretation problems that were
driving application programmers crazy. Another reason for
Middleware is the computing shift from application centric
to data centric. i.e., remote data controls all of the
applications in the network instead of applications
controlling data. To achieve data centric computing
middleware services focus on three elements.
(1) Transparency
(2) Translation security management
(3) Distributed object management and services
(1) Transparency:
Transparency implies that users should be unaware that
they are accessing multiple systems. Transparency is
essential for dealing with higher level issues than physical
media interconnections that the underlying network
infrastructure is in charge of. Transparency iaccomplished
using middleware that facilitates a distributed computing
environment. This gives users and applications transparent
access to data, computation and other resources
across collection of multi vendor heterogeneous systems.
(2) Transaction security management:
The two broad categories of security ( management )
services for transaction processing are(a) Authentication
(b) Authorization.
Transaction integrity must be given for business that
cannot afford any loss or inconsistency in data. For E-
commerce , middleware provides qualities expected in a
standard transaction processing ( T.P) system i,e. the so
called ACID ( Atomicity, consistency, isolation, Durability
(3) Distributed Object Management:
Object orientation is proving fundamental to the
proliferation of network based application for the
following reasons. It is hard to write a network based
application without either extensive developer retaining or
technology that adopts the difficulties of the network.
objects are defined as combination of data and instructions
acting on the data. objects are an evolution of more
traditional programming concept of functions and
procedures. A natural instance of an object in E-commerce
is a document. A document carries data and often carries
instructions about the action to be performed on the data.
Middleware acts as an integrator for various standard
protocols such as TCP(transmission control protocol) IP
(Internet protocol), OLL
Hyper text Publishing
Web provides a functionality necessary for e-commerce.
The web has become an umbrella for wide range of
concepts and technology that differ markedly in purpose
and scope which include hypertext publishing concept, the
universal reader concept and the client server concept.
Hypertext publishing promotes the idea of seamless
information world in which all online information can be
accessed and retrieved. In a constant and simple way
hypertext publishing is a primary application of web
interest in hypermedia. On the internet ( called distributed
or global hypermedia). As accelerated shortly following
the success of web media and browser. This success has
been aided by more powerful work station high resolution
graphic display faster network communication and
decreased cost for large online service.
Electronic Commerce: Information distribution and
messaging:
FTP(file transfer protocol) application:
FTP is both a program and the method used transfer
files between computers on the internet. FTP permits a
user to traverse distant computers directory structure,
uploading and downloading copies of files to the local
computer.
File transfer applications provides the ability to
download/upload files between connected computers.
the application comprises of two components, the ftp
server and the client
The protocol requires the client login to the ftp server. on
successful login ,client can browse through the list of files
and directories available under the login account. it can
request to transfer a file from the server machine to the
clients’ machine(downloading) or transfer a file from
clients machine to servers machine(uploading) file. the ftp
supports both batch as well as interactive uses. the protocol
only specifies mode of interaction between ftp server and
clients running on two computers. So file type like ASCII
AND image(binary).
E-mail:
E-mail is an internet application that offers the ability to
exchange message among users on remote computer. a
system for exchanging written, voice and video messages
through computer network.

Whenever you send a piece of e-mail, your e-mail client

interacts with the SMTP server to handle the sending. The
SMTP server on your host may have conversations with
other SMTP servers to deliver the e-mail.
Let's assume that I want to send a piece of e-mail. My e-
mail ID is brain, and I have my account on
howstuffworks.com. I want to send e-mail to
jsmith@mindspring.com.  You send an email with your webmail or mail client from
your address (e.g. mark@website.com) to a given recipient
(e.g. jane@domain.com). In jargon, the webmail or client
is called Message User Agent, or MUA.
 The message is sent normally via port 25 to an SMTP
server (named for instance mail.website.com) which is
given to your client when you set it up and acts as a
 Message Transfer Agent or MTA. Client and server start a WWW SERVER:
brief "conversation" where the latter checks all the data
concerning the message's transmission (sender, recipient,
domains, etc.). Note that SMTP language defines only the
message's transmission, and doesn't deal with its body
content.
 Then, if the domain where your recipient has his account is
directly connected to the server, the email is immediately
delivered. If it's not the case, the SMTP hands it to
another incoming server closer to the recipient (in jargon
these passages are called relays). In our example, the
Website server connects with the Domain server, which (if
everything has gone right) receives the email and stores it.
 What if the recipient's server is down or busy? The SMTP
host simply drops the message to a backup server: if none The World Wide Web (WWW) is an information
of them is available, the email is queued and the delivery is space where documents and other web resources are
retried periodically. After a determined period, however,
identified by URLs, interlinked by hypertext links, and can
the message is returned as undelivered.
be accessed via the Internet. The World Wide Web was
 If there are no issues, however, the final segment is invented by English scientist Tim Berners-Lee in 1989. He
controlled by POP, another protocol that picks up the wrote the first web browser in 1990 while employed
email from the receiving server and puts it into the
at CERN in Switzerland.
recipient's inbox.
It has become known simply as the Web. The World Wide
Web was central to the development of the Information
Age and is the primary tool billions of people use to
interact on the Internet. The terms Internet and World Wide
Web are often used without much distinction. However, the
two are not the same. The Internet is a global system of
interconnected computer networks. In contrast, the World
Wide Web is one of the services transferred over these
networks. It is a collection of text documents and other
resources, linked by hyperlinks and URLs, usually
accessed by web browsers, from web servers. Viewing
a web page on the World Wide Web normally begins
either by typing theURL of the page into a web browser, or
by following a hyperlink to that page or resource. The web
browser then initiates a series of background
communication messages to fetch and display the
requested page. In the 1990s, using a browser to view web
pages and to move from one web page to another through
hyperlinks came to be known as 'browsing,' 'web surfing'
(after channel surfing), or 'navigating the Web'. Early
studies of this new behavior investigated user patterns in
using web browsers. One study, for example, found five
user patterns: exploratory surfing, window surfing, evolved
surfing, bounded navigation and targeted navigation.
The following example demonstrates the functioning of a
web browser when accessing a page at the
URL http://www.example.org/home.html . The browser
resolves the server name of the URL ( www.example.org )
into an Internet using the globally distributed Domain
Name System (DNS). This lookup returns an IP address
such as 203.0.113.4 or 2001:db8:2e::7334. The browser
then requests the resource by sending an HTTP request
across the Internet to the computer at that address. It
requests service from a specific TCP port number that is
well known for the HTTP service, so that the receiving
host can distinguish an HTTP request from other network
protocols it may be servicing. The HTTP protocol
normally uses port number 80.
HTTP:
The Hypertext Transfer Protocol (HTTP) is an application
protocol fordistributed,collaborative, hypermedia informati
on systems. HTTP is the foundation of data
communication for the Web. Hypertext is structured text
that uses logical links (hyperlinks) between nodes
containing text. HTTP is the protocol to exchange or
transfer hypertext. The standards development of HTTP
was coordinated by the Internet Engineering Task request and may also contain requested content in its
Force (IETF) and the World Wide Web message body.
Consortium (W3C), culminating in the publication of a
series of Requests for Comments (RFCs).
HTTP is a set of rules that World Wide Web clients and
servers use to communicate over the network. http is
request/response protocol between clients and servers
A web server is a computer system that processes requests
via HTTP, the basic network protocol used to distribute
information on the World Wide Web. The term can refer to
the entire system, or specifically to the software that Sender request line:
accepts and supervises the HTTP requests. HTTP functions A request line (e.g., GET /images/logo.png HTTP/1.1,
as a request–response protocol in the client–server which requests a resource called /images/logo.png from
computing model. A web browser, for example, may be the server).
the client and an application running on a Request header fields (e.g., Accept-Language: en).
computer hosting a website may be the server. The client An empty line.
submits an HTTP request message to the server. The An optional message body.
server, which provides resources such as HTML files and
other content, or performs other functions on behalf of the Response message:
client, returns a response message to the client. The A status line which includes the status code and reason
message (e.g., HTTP/1.1 200 OK, which indicates that
response contains completion status information about the
the client's request succeeded).
 Response header fields (e.g., Content-Type: text/html).
An empty line.
An optional message body.
WEB SERVERS IMPLEMENTATION:
Web server on the internet ,the original implementation
done by Tim Berner-Lee’s team came to be known as the
CERN implementation.
Web client is the sending and receiving of information
where the web server is storing the in Web server software
(e.g. Apache, IIS, NGINX, Lighttpd) usually is used to
deliver content and most of times it runs on servers located
in data centers. Web client is an application (e.g. Internet
Explorer, Firefox, Chrome, Safari, Opera) running on a
local device (desktop, notebook, cell phone) used to
interact mainly with Web servers even though you can use
your Web client to access servers running protocols others
than HTTP and HTTPS.
Today, web servers provide the following four major
features.
1. Serving static web pages
2. Serving web pages generated by running gateway
programs.
3. Controlling access to the server.
4. Logging server access and errors statistics.
Example:
APACHE software foundation distributed the web server
under public domain software license policy. It can be
freely downloaded and installed from the apache
website.(http:/www.apache.org) Apache is a freely
available Web server that is distributed under an "open
source" license. Version 2.0 runs on most UNIX-based
operating systems (such as Linux, Solaris, Digital UNIX,
and AIX), on other UNIX/POSIX-derived systems (such as
Rhapsody, BeOS, and BS2000/OSD), on Amiga OS, and
on Windows 2000.
NCSA HTTPd was a web server originally developed at
the NCSA by Robert McCool and others. First released in
1993, It was among the earliest web servers developed,
following Tim Berners-Lee's CERN httpd, Tony Sanders'
Plexus server, and some others. Web Documents that you
view on the Internet are stored on different Web servers.
Web servers are computers on which Web documents
reside and run HTTP software to permit Web transactions.
CERN and NCSA are the two organizations that provide
Web Server software, such as CERN http and NCSA httpd,
respectively.
 UNIT-3
Electronic Commerce:
Network infrastructure:
LAN(local area network):
Local area networks, generally called LANs, are privately-
owned networks within a single building or campus of up
to a few kilometres in size. They are widely used to
connect personal computers and workstations in company
offices and factories to share resources (e.g., printers) and
exchange information. LANs are distinguished from other
kinds of networks by three characteristics:
(1) Their size,
(2) Their transmission technology, and
(3) Their topology.
LANs are restricted in size, which means that the worst-
case transmission time is bounded and known in advance.
Knowing this bound makes it possible to use certain kinds
of designs that would not otherwise be possible. It also
simplifies network management. LANs may use a
transmission technology consisting of a cable to which all
the machines are attached, like the telephone company
party lines once used in rural areas. Traditional LANs run
at speeds of 10 Mbps to 100 Mbps, have low delay
(microseconds or nanoseconds), and make very few errors.
Newer LANs operate at up to 10 Gbps Various topologies
are possible for broadcast LANs. Figure1 shows two of
them. In a bus (i.e., a linear cable) network, at any instant
at most one machine is the master and is allowed to
transmit. All other machines are required to refrain from
sending. An arbitration mechanism is needed to resolve
conflicts when two or more machines want to transmit
simultaneously. The arbitration mechanism may be
centralized or distributed. IEEE 802.3, popularly called
Ethernet, for example, is a bus-based broadcast network
with decentralized control, usually operating at 10 Mbps to
10 Gbps. Computers on an Ethernet can transmit whenever
they want to; if two or more packets collide, each
computer just waits a random time and tries again later.
 WAN(wide area network):
ETHERNET LAN: A wide area network, or WAN, spans a large geographical
Ethernet is the most widely-installed local area network (
area, often a country or continent. It contains a collection
LAN) technology. Specified in a standard, IEEE
of machines intended for running user (i.e., application)
802.3, Ethernet was originally developed by Xerox from
programs. These machines are called as hosts. The hosts
an earlier specification called Alohanet (for the Palo Alto
are connected by a communication subnet, or just subnet
Research Center Aloha network) and then developed
for short. The hosts are owned by the customers (e.g.,
further by Xerox, DEC, and Intel. Well, the computer has
people's personal computers), whereas the communication
as ethernet port on it, into which you plug a patch cord,
subnet is typically owned and operated by a telephone
which plugs into the ethernet jack on the wall. There's a
company or Internet service provider. The job of the
wire behind that thing that runs back to the wiring closet
subnet is to carry messages from host to host, just as the
where it is attached to the patch panel.
telephone system carries words from speaker to listener.
Separation of the pure communication aspects of the
network (the subnet) from the application aspects (the
hosts), greatly simplifies the complete network design. In
most wide area networks, the subnet consists of two
distinct components: transmission lines and switching
elements. Transmission lines move bits between machines.
They can be made of copper wire, optical fiber, or even
radio links. In most WANs, the network contains
numerous transmission lines, each one connecting a pair of
routers. If two routers that do not share a transmission line
wish to communicate, they must do this indirectly, via
other routers.
When a packet is sent from one router to another via one or
more intermediate routers, the packet is received at each
intermediate router in its entirety, stored there until the
required output line is free, and then forwarded. A subnet
organized according to this principle is called a store-and-
forward or packet-switched subnet. Nearly all wide area
networks (except those using satellites) have store-and-
forward subnets. When the packets are small and all the
same size, they are often called cells.
The principle of a packet-switched WAN is so important.
Generally, when a process on some host has a message to
be sent to a process on some other host, the sending host
first cuts the message into packets, each one bearing its
number in the sequence. These packets are then injected
into the network one at a time in quick succession. The
packets are transported individually over the network and
deposited at the receiving host, where they are reassembled
into the original message and delivered to the receiving notable internet is called the Internet (uppercase letter I), a
process collaboration of more than hundreds of thousands of
interconnected networks

THE INTERNET :

The Internet has revolutionized many aspects of our daily

lives. It has affected the way we do business as well as the
way we spend our leisure time. Count the ways you've
used the Internet recently. Perhaps you've sent electronic
mail (e-mail) to a business associate, paid a utility bill,
read a newspaper from a distant city, or looked up a local
movie schedule-all by using the Internet. Or maybe you
researched a medical topic, booked a hotel reservation,
chatted with a fellow Trekkie, or comparison-shopped for
a car. The Internet is a communication system that has
brought a wealth of information to our fingertips and
organized it for our us A network is a group of connected
communicating devices such as computers and printers. An
Private individuals as well as various organizations such as
internet (note the lowercase letter i) is two or more government agencies, schools, research facilities,
networks that can communicate with each other. The most corporations, and libraries in more than 100 countries use
the Internet. Millions of people are users. Yet this
extraordinary communication system only came into being
in 1969.In the mid-1960s, mainframe computers in
research organizations were standalone devices.
Computers from different manufacturers were unable to
communicate with one another. The Advanced Research
Projects Agency (ARPA) in the Department of Defense
(DoD) was interested in finding a way to connect
computers so that the researchers they funded could share
their findings, thereby reducing costs and eliminating
duplication of effort.
In 1967, at an Association for Computing Machinery
(ACM) meeting, ARPA presented its ideas for ARPANET,
a small network of connected computers. The idea was that
each host computer (not necessarily from the same
manufacturer) would be attached to a specialized
computer, called an inteiface message processor (IMP).
The IMPs, in tum, would be connected to one another.
Each IMP had to be able to communicate with other IMPs
as well as with its own attached host. By 1969, ARPANET
was a reality. Four nodes, at the University of California at
Los Angeles (UCLA), the University of California at Santa
Barbara (UCSB), Stanford Research Institute (SRI), and
the University of Utah, were connected via the IMPs to
form a network. Software called the Network Control
Protocol (NCP) provided communication between the
hosts.
In 1972, Vint Cerf and Bob Kahn, both of whom were part
of the core ARPANET group, collaborated on what they
called the Internetting Projec1. Cerf and Kahn's landmark
1973 paper outlined the protocols to achieve end-to-end
delivery of packets. This paper on Transmission Control
Protocol (TCP) included concepts such as encapsulation,
the datagram, and the functions of a gateway. Shortly
thereafter, authorities made a decision to split TCP into
two protocols: Transmission Control Protocol (TCP) and
Internetworking Protocol (lP). IP would handle datagram
routing while TCP would be responsible for higher-level
functions such as segmentation, reassembly, and error
detection. The internetworking protocol became known as
TCP/IP.
The Internet has come a long way since the 1960s. The
Internet today is not a simple hierarchical structure. It is
made up of many wide- and local-area networks joined by
connecting devices and switching stations. It is difficult to
give an accurate representation of the Internet because it is
continually changing-new networks are being added,
existing networks are adding addresses, and networks of
defunct companies are being removed. Today most end
users who want Internet connection use the services of
Internet service providers (lSPs). There are international
service providers, national service providers, regional
service providers, and local service providers. The Internet
today is run by private companies, not the government.

TCP/IP REFERENCE MODEL:

The TCP/IP reference model was developed prior to OSI

model. The major design goals of this model were,
1. To connect multiple networks together so that they
appear as a single network.
2. To survive after partial subnet hardware failures.
3. To provide a flexible architecture.

Unlike OSI reference model, TCP/IP reference model has

only 4 layers. They are,
1. Host-to-Network Layer
2. Internet Layer
Host-to-Network Layer:
The TCP/IP reference model does not really say much
about what happens here, except to point out that the host
has to connect to the network using some protocol so it can
send IP packets to it. This protocol is not defined and
varies from host to host and network to network.
Internet Layer:
This layer, called the internet layer, is the linchpin that
holds the whole architecture together. Its job is to permit
hosts to inject packets into any network and have they
travel independently to the destination (potentially on a
different network). They may even arrive in a different
order than they were sent, in which case it is the job of
higher layers to rearrange them, if in-order delivery is
desired. Note that ''internet'' is used here in a generic sense,
even though this layer is present in the Internet.
The internet layer defines an official packet format and
protocol called IP (Internet Protocol). The job of the
internet layer is to deliver IP packets where they are
supposed to go. Packet routing is clearly the major issue
here, as is avoiding congestion. For these reasons, it is
reasonable to say that the TCP/IP internet layer is similar
in functionality to the OSI network layer. Fig. shows this
correspondence.
The Transport Layer:
The layer above the internet layer in the TCP/IP model is
now usually called the transport layer. It is designed to
allow peer entities on the source and destination hosts to
carry on a conversation, just as in the OSI transport layer.
Two end-to-end transport protocols have been defined
here. The first one, TCP (Transmission Control Protocol),
is a reliable connection-oriented protocol that allows a byte
stream originating on one machine to be delivered without
error on any other machine in the internet. It fragments the
incoming byte stream into discrete messages and passes
each one on to the internet layer. At the destination, the
receiving TCP process reassembles the received messages
into the output stream. TCP also handles flow control 26 to
make sure a fast sender cannot swamp a slow receiver with
more messages than it can handle. The second protocol in
this layer, UDP (User Datagram Protocol), is an unreliable,
connectionless protocol for applications that do not want
TCP's sequencing or flow control and wish to provide their
own. It is also widely used for one-shot, client-server-type
request-reply queries and applications in which prompt
delivery is more important than accurate delivery, such as
transmitting speech or video. The relation of IP, TCP, and
UDP . Since the model was developed, IP has been
implemented on many other networks.
The Application Layer:

The TCP/IP model does not have session or presentation

layers. On top of the transport layer is the application
layer. It contains all the higher-level protocols. The early
ones included virtual terminal (TELNET), file transfer
(FTP), and electronic mail (SMTP). The virtual terminal
protocol allows a user on one machine to log onto a distant
machine and work there. The file transfer protocol
provides a way to move data efficiently from one machine
to another. Electronic mail was originally just a kind of file
transfer, but later a specialized protocol (SMTP) was
developed for it. Many other protocols have been added to
these over the years: the Domain Name System (DNS) for
mapping host names onto their network addresses, NNTP,
the protocol for moving USENET news articles around,
and HTTP, the protocol for fetching pages on the World
Wide Web, and many others. DOMAIN NAME SYSTEMS(DNS):

The Internet Domain Name System (DNS) is used to

provide a mapping between these two alternative
identification approaches: the human-oriented domain
name and the delivery-oriented IP address. Its most
common usage is to look up the IP address corresponding
to a known domain name.
The DNS Namespace is based on a "tree" structure, with a 1. A name server provides domain-name-to-IP-
small number of generic Top Level address mappings (and a few other functions, but
Domains (eg, .com, .edu, .org) and a large number of "looking up" IP addresses is the most common) for
country-based domains (eg .au, .my, .uk). Each TLD one or more zones, which are sub-trees of the
supports a group of "second-level" domains, and so on, all domain name space. For example, sheoak is a
the way down to individual hosts. nameserver for the
zone bendigo.latrobe.edu.au. This means that if I
want to look up a particular IP address in that zone,
I can ask sheoak.
2. Exactly which server is responsible for a particular
zone is specified in start of authority (SOA) RRs.
An SOA RR specifies, for the particular name
server, the zones for which it has authority. It also
has the email address of the site administrator, a
unique serial number.

There are a limited number of top-level domains (TLDs),

including:
1. A domain name is a dotted sequence describing a
path through the name hierarchy from the root, • .edu, educational
maybe with a trailing dot, thus:
bindi.bendigo.latrobe.edu.au. • .com, commercial
2. An individual name component must be less than • .gov, government
63 characters, must begin with a letter, etc... • .org, non profit
3. Upper and lowercase may be used, although name • .net, networking organizations
lookups are case insensitive by definition.

DNS Servers and Resolvers

INTERNET INDUSTRY STRUCTURE In 1986,the national science foundation(NSF) of USA
created a nationwide backbone interconnecting the six
supercomputer centres.the original backbone was handed
over for five years to the leading communication company
(MCI)for upgrading and operating it. moreover four
network access providers(NAP)were created as central
points to interconnect commercial backbones. These four
NAPs are located in san Francisco,Chicago,Washington
DC,and new jersey, operated by
pacbell,amertitech,worldcom etc.. network access
points(NAP’S) are central points, which interconnect many
different national backbones and internet service
providers(ISP’S).these ISP’s offer connectivity through the
local internet point of presence(IPOP)to other internet
service providers who operate locally and thus have local
IPOP.business organizations and home users connect to the
local IPOP provider, which in turn is connected to the
backbone and ultimately to NAP. The private network
access points(PNAP) are technically identical to a NAP,
but interconnect peer backbone ISPs are even peer local
ISPs.
Electronic Commerce:
SECURING THE BUSINESS ON INTERNET:
VULNERABILITY OF INFORMATION ON INTERNET:
The internet offers tremendous cost savings and
productivity gains, as well as significant for generating
revenue, to the business, however, along with the
convenience and easy access to information come new
risks. Among them is the risk that valuable data or
information may be lost, stolen, corrupted, or misused.
Information recorded electronically, and available on
networked computers, is more vulnerable compared to the
same information being printed on paper and locked in a
file cabinet.
In the increasingly competitive environment, getting
access to his competitors’ financial, design and other
transactional information. Cyber intrusions between Indian
and Pakistani hackers, assaulting and defacing web sites
controlling by other sides, and Taiwanese and Chinese
hacking into sites supporting view points , other than there
are some common examples of this vulnerability . The
websites of Bhabha Atomic Research Center ( BARC) ,
National Informatics Center( NIC) of India , Microsoft ,
NASA, Whitehouse , FBI, CNN , EBay, and Amazon have
all have been hacked and defaced by intruders at one point
or the other.
In the Internet based business environment, business and
transaction information is hosted on a site that runs
services such as web and mail. Thus, Comprehensive
handling of the security of an internet based business
required addressing the security issue at the following
three levels:
1. Site Security – Security of the host computer
2. Services Security - Security of information
distribution services such as HTTP servers , SMTP
servers , FTP servers
3. Transaction Security – Since the transaction
information travels over the wire, it needs to secured
from intruders trying to access and comprehend or
tamper with it.
SECURITY POLICY , PROCEDURES AND
PRACTICES:
SECURITY POLICY:
A security policy is a formal statement of the rules by
which people with access to an organization’s technology
and information assets must abide, to ensure the security of
these assets. It provides a framework for making specific
decision such as which defense mechanisms to use and
how to configure services . It is the basis for developing
secure programming guidelines and procedures , for users
and system administrators to follow .
A security policy generally covers the following aspects:
 High-level description of the technical environment
of the site, the legal environment ( governing
laws),the authority of the policy , and the basic
philosophy to be used when interpreting the policy .
 Risk analysis to identity the site’s assets , the threats
existing against those assets and the costs of assets
loss
 Guidelines for system administrators on how to
manage the systems
 Definition of acceptable use for users
 Guidelines for reacting to site compromise ( e.g
whether to trace intruder or shutdown and rebuild
the system)
Technological support for the security policy includes
options like :
 Challenge/response systems for authentication
 Encryption systems for confidential storage and
transmission of data
 Network tools such as firewalls and proxy servers
 Auditing systems for accountability and event
reconstruction
SECURITY RELATED PROCEDURES AND PRACTICES:
Procedures are specific steps to be followed, based on the
security policy. Procedures address such as connecting to
the site’s system from home or while travelling, retrieving
programs from the network using encryption,
authentication for issuing accounts, configuration and
monitoring.
SECURITY PRACTICES:
System administration practices play a key role in network
security. some commonly recommended practices are:
 Implement a one-time password system,ensure that
all accounts have a password and these passwords
are difficult to guess.
 Use strong cryptographic techniques to ensure the
integrity of system software on a regular basis.
 Use safe programming techniques when writing
software.
 Make appropriate changes to the network
configuration when vulnerabilities become known.
 Keep the system current with upgrade and patches.
 Check for security alerts and technical advice
regularly
 Audit systems and networks,and regularly check
logs for detecting an intrusion.
SITE SECURITY, PROTECTING THE NETWORK:
A site is any organization that has network-related
resources like host computers that users routers, terminal
servers, PCs,or other devices that are connected to internet.
A site may be service provider such as mid-level network
or an end user of internet services. It is important that the
services hosted by the site provide the intended
functionality to legitimate clients, without any
breakdown.occasionally,a hacker may try to break-in and
disrupt the services or alter the contents of the site which
may be embarrassing to the organization.
A site may be wish to provide many services to its users,
some of which may be external. Services which are
essential to the security or smooth operation of a site
would be better off being places on the dedicated machine
wit very limited access, rather than on a machine thatis
used for providing greater access ability and other services
that may be prone to security lapses.
There are two conflicting, underlaying philosophies that
can be adopted when defining a security plan. The choice
between them depends on the site and its needs for security
 The “deny all” model suggests turning all services
and them selectively enabling services on a case by
case basis as required.however,more work and a
better understanding of services is required to
successfully implement a “deny all” configuration.
 The “allow all” model is based on the logic of
simply turning on a services.
Usually with the host level,and allowing all
protocols to travel across network boundries,usually
with the default at router level. Each of these model
 can be applied to different portions of the
site,depending on factors like
functionality,requriments ,administrative control,and
the site policy. For example an “allow all” policy
may be adopted for traffic between aLAN’s internal
to the site ,but a “deny all” policy can be adopted
between the site and the internet.
PROTECTING THE NETWORK:
1) Denial service:
The denial service attack brings the network to a state in
which it can no longer carry legitimate users data. the two
common weaknesses that the “denial of service” attackers
exploit in carrying out the attack on a site are as follows:
 Attacking routers: an attack on the router is
designed to cause it to stop forwarding packets, or
forward them improperly.
 A flood attack on a network involves the broadcast
of flood packets.
An ideal flood attack would be injection of a single
packet which exploits some known flaw in the
network nodes, causing them to retransmit the
packet to generate error packets each of which is
picked up and repeated by another host.
The solutions to most of these problems are to protect the
routing update packets sent by the routing protocols in use.
There are three levels of protection :
 Clear text password
 Cryptographic checksum
 Encryption
2) Sniffing:
Sniffing uses network interface to receive data intended for
other machines in the network. Sniffing data from the
network leads to leakage of several kinds of information
that should be kept secret for a computer network to be
secure. Sniffing can be prevented at least its effects can be
mitigated,through the proper understanding of thse devices
and deploying them in an appropriate configuration
.encrypting all the message traffic on the network ensures
that the sniffer will only be able to get encrypted text
rather than the clear text information. The information will
reamin protected ,provided the encryption mechanism
deployed is strong enough and cannot be easily broken.
FIREWALL:
A firewall is a network security system, either hardware-
or software-based, that uses rules to control incoming and
outgoing network traffic.
A firewall acts as a barrier between a trusted network and
and an entrusted network. A firewall controls access to the
resources of a network through a positive control model.
This means that the only traffic allowed onto the network
is defined in the firewall policy; all other traffic is denied.
A Firewall is a controlled access point between domains,
usually with different levels of trust. It acts as a gateway
through which all traffic to and from the protected network
and systems passes. It helps to build a wall between one
part of a network and another part. For example placing
limitations on the amount and type of communication that
takes place can separate a company’s internal network and
the internet. Firewalls can be a highly effective tool in
implementing a network security policy if they are
configured and maintained correctly. They provide a
certain level of protection and are, in general a way of
implementing security policy at the network level.
History and types of firewalls
Computer security borrowed the term firewall from
firefighting and fire prevention, where a firewall is a
barrier established to prevent the spread of fire.
When organizations began moving
from mainframe computers and dumb clients to the client-
server model, the ability to control access to the server
became a priority. Before firewalls emerged in the late
1980s, the only real form of network security was
performed by access control lists (ACLs) residing
on routers. ACLs determined which IP addresses were
granted or denied access to the network.
The growth of the Internet and the resulting increased
connectivity of networks meant that this type of filtering
was no longer enough to keep out malicious traffic as only
basic information about network traffic is contained in
the packet headers. Digital Equipment Corp. shipped the
first commercial firewall (DEC SEAL in 1992) and
firewall technology has since evolved to combat the
increasing sophistication of cyber attacks.
1.Packet firewalls
The earliest firewalls functioned as packet filters,
inspecting the packets that are transferred between
computers on the Internet. When a packet passes through a
packet-filter firewall, its source and destination
address, protocol, and destination port number are checked
against the firewall's rule set. Any packets that aren't
specifically allowed onto the network are dropped (i.e., not
forwarded to their destination). For example, if a firewall
is configured with a rule to block Telnet access, then the
firewall will drop packets destined for TCP port number
23, the port where a Telnet server application would be
listening.
Packet-filter firewalls work mainly on the first three layers
of the OSI reference model (physical, data-link and
network), although the transport layer is used to obtain the
source and destination port numbers. While generally fast
and efficient, they have no ability to tell whether a packet
is part of an existing stream of traffic. Because they treat
each packet in isolation, this makes them vulnerable
to spoofing attacks and also limits their ability to make
more complex decisions based on what stage
communications between hosts are at.
2. Stateful firewalls
In order to recognize a packet's connection state, a firewall
needs to record all connections passing through it to ensure
it has enough information to assess whether a packet is the
start of a new connection, a part of an existing connection,
or not part of any connection. This is what's called "stateful
packet inspection." Stateful inspection was first introduced
in 1994 by Check Point Software in its FireWall-1
software firewall, and by the late 1990s, it was a common
firewall product feature.
This additional information can be used to grant or reject
access based on the packet's history in the state table, and
to speed up packet processing; that way, packets that are
part of an existing connection based on the firewall's state
table can be allowed through without further analysis. If a
packet does not match an existing connection, it's
evaluated according to the rule set for new connections.
3. Application-layer firewalls
As attacks against Web servers became more common, so
too did the need for a firewall that could protect servers
and the applications running on them, not merely the
network resources behind them. Application-layer to conduct the session through the proxy, which can block
firewall technology first emerged in 1999, enabling or allow traffic based on its rule set. A proxy service must
firewalls to inspect and filter packets on any OSI layer up be run for each type of Internet application the firewall will
to the application layer. support, such as an HTTP proxy for Web services.

The key benefit of application-layer filtering is the ability

to block specific content, such as known malware or
certain websites, and recognize when certain applications
and protocols -- such as HTTP, FTP and DNS -- are being
misused.

Firewall technology is now incorporated into a variety of

devices; many routers that pass data between networks
contain firewall components and most home computer
operating systems include software-based firewalls. Many
hardware-based firewalls also provide additional
functionality like basic routing to the internal network they
protect.

4. Proxy firewalls
Firewall proxy servers also operate at the firewall's
application layer, acting as an intermediary for requests
from one network to another for a specific network
application. A proxy firewall prevents direct connections
between either sides of the firewall; both sides are forced
 Analogies can be drawn to traditional mail and phone
UNIT-4
systems. In regular mail systems, the sender uses an
ELECTRONIC COMMERECE:
envelope to conceal the inside contents rather than writing
SECURING NETWORK TRANSACTION
the information on a post card.
For E-commerce, keeping order details and credit
TRANSACTION SECURITY SERVICES
information confidential during the transmission is a major
security concern. Further, trading partners sharing design
Confidentiality Privacy of messages Encryption Message
specifications also want to ensure the confidentiality of
Intermit Detecting message tamer in Hashing
their messages so that proprietary design specifications can
Authentication Origin verification Digital signatures
be viewed only by the sender and the intended receiver of
challenge- Response passwords Biometric devices Non-
the information. The most effective technique for masking
Repudiation Proof of Origin, receipt, and contents( sender
a message is encryption.
cannot falsely deny sending or receiving the message) Bi-
2. Integrity: when a message is sent electronically, both
directional hashing Digital signatures Transaction
the sender and receiver want to ensure that the message
certificates Time Stamps Confirmation services. Access
received is exactly the same as the message transmitted by
controls Limiting entry to authorized users Firewalls
the sender. A message that has not been altered in any
Passwords Biometric devices.
way, either intentionally or unintentionally, is said to have
1. Confidentiality: when a message is sent electronically,
maintained its integrity. For electronic commerce
the sender and receiver may desire that the message remain
verifying that the order details sent by purchaser have not
confidential, and thus not read by any other parties.
been altered is one major security concern. An effective
cryptographic means
of ensuring message integrity is through the use of
hashing , where a “hash” of the message is computed
using an algorithm and the message contents. The hash
value is sent along with the message; then, upon receipt, a
hash is calculated by the recipient using the same hashing
algorithm. The two hash values ( received and calculated)
are compared, and a match can indicate that the message is
the same as that sent.
3. Authentication: when an electronic message is received
by a user or a system, the identity of the sender needs to be
verified( i.e. authenticated ) in order to determine if the
sender is who he claims to be. To identify a user at least
one of the following types of information is generally
required.
Something you have(e.g., a token)
Something you know( e.g., a PIN) or
Something you are (e.g., fingerprints or signatures)
4. Non-Repudiation: the term repudiates means to accept
as having rightful authority or obligation as in refusing to
pay a debt because one refuses to acknowledge that the
debt exists.
For business transactions, unilateral repudiation of a
transaction by either party un acceptable and can result in
legal action. Well designed electronic commerce system
provide for no repudiation, which is the provision for
irrefutable proof of the origin receipt, and contents of an
electronic message.
5. Access Controls: Electronic commerce systems,
particularly those using the internet and the WWW, require
a certain amount of data sharing. Limiting access to data
and systems only to authorized users is the objectives of
access controls. Some form of authentication procedure is
typically employed in access controls in order to gain entry
into the desired part of the system. The emerging attribute
certificate or “privilege management” technology promises
to be a highly effective form of access control provided it
is implemented correctly. Firewalls can also be used to
implement additional screening mechanisms.

Encryption Techniques:
Confidentiality of electronic messages is a necessity of
electronic commerce application. The primary method of
achieving confidentiality is encryption . messages are
Encryption is defined as the transformation of data, via a
initially created in a form that is readable and
cryptographic mathematical process into a form that is
understandable by the sender, and by any other individuals
unreadable by anyone who does not possess the
as well if they have access to the message. The message,
appropriate secret key. That data in this unreadable form is
when it is in this form is commonly reffered to as clear
commonly referred to as cipher text. If a message is
text or plaintext .
intercepted and read, it will be useless since the cipher text
message is unintelligible to any party not possessing the
secret key. In order to be able to read and understand the
message, the encrypted message must be transformed back
to its original state- the clear text. The process so restoring
cipher text to clear text is called decryption.
The key contains the binary code used to mathematically The cryptographic algorithm.
transform a message, two types of cryptographic The length of the key(s) used for
mechanisms can be used to provide an encryption encryption/decryption.
capability: Symmetric cryptography where entities share a The protocol used to manage/generate those keys.
common secret key; and a public key cryptography ( also The storage of secret keys( key management keys and
known as Asymmetric cryptography ) where each encryption keys).
communicating entity has a unique pair ( a public key and The strength of a system usually increases as the key
a private key ). length increases. This is because a longer key length
For symmetric and asymmetric encryption, the relative implies a larger number of possible keys, which makes
strength of the cryptography is most commonly measured searching for the correct key a more time consuming
by length of the key, in bits. However it should be noted process. Any key length less than 64-bits is no longer
that the true strength of the confidentiality service may considered to be secure.
depend on a number of variables associated with the Symmetric Encryption Keys:
encryption function : In symmetric key systems, both the sender and the receiver
of the message must have access to the same key. This
The security protocol used to invoke the encryption shared secret key is used to both encrypt and decrypt the
function. message.
The trust in the platform executing the protocol or
application.

CRYPTOGRAPHY:
Cryptology, the study of cryptosystems, can
subdivided into two branches −
 Cryptography
 Cryptanalysis
What is Cryptography?
Cryptography is the art and science of making a
cryptosystem that is capable of providing information
security.
Cryptography deals with the actual securing of digital
data. It refers to the design of mechanisms based on
mathematical algorithms that provide fundamental
information security services. You can think of
cryptography as the establishment of a large toolkit
containing different techniques in security applications.
What is Cryptanalysis?
The art and science of breaking the cipher text is known
as cryptanalysis.
be
Cryptanalysis is the sister branch of cryptography and
they both co-exist. The cryptographic process results in
the cipher text for transmission or storage. It involves the
study of cryptographic mechanism with the intention to
break them. Cryptanalysis is also used during the design
of the new cryptographic techniques to test their security
strengths.
Note − Cryptography concerns with the design of
cryptosystems, while cryptanalysis studies the breaking of
cryptosystems.
Security Services of Cryptography
The primary objective of using cryptography is to provide
the following four fundamental information security
services. Let us now see the possible goals intended to be
fulfilled by cryptography.
Confidentiality
Confidentiality is the fundamental security service
provided by cryptography. It is a security service that
keeps the information from an unauthorized person. It is
sometimes referred to as privacy or secrecy.
Confidentiality can be achieved through numerous means
starting from physical securing to the use of mathematical
algorithms for data encryption.
Data Integrity
It is security service that deals with identifying any
alteration to the data. The data may get modified by an
unauthorized entity intentionally or accidently. Integrity
service confirms that whether data is intact or not since it
was last created, transmitted, or stored by an authorized
user. Data integrity cannot prevent the alteration of data,
but provides a means for detecting whether data has been
manipulated in an unauthorized manner.
Authentication service has two variants −
 Message authentication identifies the originator of
the message without any regard router or system
that has sent the message.
 Entity authentication is assurance that data has
been received from a specific entity, say a
particular website.
In 1976, a concept referred to as public key cryptography
was introduced by Whitefield Diffie and martin Hellman,
called the Diffie-hellman technique. The public-key
method allows a sender and a receiver to generate a shared,
secret key over an insecure telecommunications line.

Authentication
Authentication provides the identification of the
originator. It confirms to the receiver that the data
received has been sent only by an identified and verified
sender.

This
process uses an algorithm based on the sender’s and
receiver’s public and private information. The following
steps are used
1. The sender determines a secret value a.
2. A related value, A, is derived from a. A is made public.
3. The receiver determines a secret value b.
4. A related value, B is derived from b. B is made public.
5. the Diffie-Hellman algorithm is used to calculate a
secret key corresponding the
key pairs (a, B) and (b, A). the sender knows his private
value, a and the receiver’s public value, B. the receiver
knows her private value, b , and the sender’s public value,
A. the secret key is generated from (a, B) and (b, A) by an
algorithm that makes it computationally infeasible to
calculate the secret key from solely knowing the two
public values, A and B. In order to generate the secret key,
one of the secret values must be known. The secret key is
shared avoiding the problem of transmitting it over a
insecure telecommunications line.
Good encryption practices:
The following are the few good encryption practices that
foster stronger security.
1. Password maintenance: never share your secret
password. A password can be used to protect your private
key, and therefore your digital signature.
2. key length: use an appropriate key length whenever
possible. The longer the key length, the greater the
security. For domestic use a key length of at least 64-bits
should be used .
3. compressed files: in order to reduce transmission time,
data compression is frequently used to reduce the size of a
file. Most loss less data compression techniques are based
on removing redundancy from the file.
DIGITAL SIGNATURE:
The digital signature is to the electronic world what the
handwritten signature is to the commerce.
Or
A digital code (generated and authenticated by public key
encryption) which is attached to an electronically
transmitted document to verify its contents and the sender's
identity. Or
A digital signature is a mathematical technique used to
validate the authenticity and integrity of a message,
software or digital document. The digital equivalent of a
handwritten signature or stamped seal, a digital signature
offers far more inherent security, and it is intended to solve
the problem of tampering and impersonation in digital
communications
it must incorporate the following properties:
 The signature must be a bit pattern that is
independent on the message being signed.
 To prevent forgery and denial, the signature must
use some information unique to the sender.
 The digital signature must easy to generate.
 The storage of a copy of the digital signature must
be simple.
 Forging the signature must be computationally
infeasible, i e either by constructing a fraudulent
signature for a given message or constructing a new
message with an existing signature.
 The signature must be easy recognize and verify
E-MAIL SECURITY:
Secure email uses set cryptographic tools to encapsulate a
message into a specially formatted envelope. Cryptography
is a method of storing and transmitting data in a particular
form so that only those for whom it is intended can read
and process it. Encryption Means of hiding a message
through substitution or rearranging Decryption is the
process of converting encrypted data back into its original
form, so it can be understood. Encryption and decryption
internet standard simple mail transfer protocol(smtp) but
can beused with any electronic scheme.
PEM provides the following capabilities :
 Confidentiality

should not be confused with encoding and decoding, in  Message Integrity

which data is converted from one form to another but is  Sender Authentication

not deliberately altered so as to conceal its content.  Protection

Two schemes that are extensively used to ensure the

privacy of e-mails are:

1)pretty good privacy(PGP)

2) privacy enhanced mail(PEM)
Pretty good privacy(PGP) is a e-mail security package that
address privacy, authentication, confidentially, digital
signature and compression issues.

Privacy enhanced mail(PEM) is a draft internet standard

that provides security related services for electronic mail
applications.its most common use is in conjuction with the
ELECTRONIC ONLINE PAYMENT SYSTEM: card via card readers. When a customer purchases a
product via credit card, credit card issuer bank pays on
INTRODCTION TO PAYMENT SYSTEM: behalf of the customer and customer has a certain time
period after which he/she can pay the credit card bill. It is
ONLINE PAYMENT SYSTEM: usually credit card monthly payment cycle. Following are
the actors in the credit card system. The card holder –
E-Commerce or Electronics Commerce sites use electronic Customer The merchant - seller of product who can accept
payment where electronic payment refers to paperless credit card payments. The card issuer bank - card holder's
monetary transactions. Electronic payment has bank The acquirer bank - the merchant's bank The card
revolutionized the business processing by reducing paper brand - for example , visa or MasterCard.
work, transaction costs, labour cost. Being user friendly
and less time consuming than manual processing, helps
business organization to expand its market reach
/expansion. Some of the modes of electronic payments are
following.
1) Credit Card Credit card payment process
2) Debit Card
3) Smart Card Step Description
4) E-Money Step 1 Bank issues and activates a credit card to customer
5) Electronic Fund Transfer EFT on his/her request.
Step 2 Customer presents credit card information to
Credit Card
merchant site or to merchant from whom he/she want to
Payment using credit card is one of most common mode of purchase a product/service.
electronic payment. Credit card is small plastic card with a Step 3 Merchant validates customer's identity by asking for
unique number attached with an account. It has also a approval from card Brand Company.
magnetic strip embedded in it which is used to read credit
Step 4 Card brand company authenticates the credit card
and paid the transaction by credit. Merchant keeps the
sales slip.
Step 5 Merchant submits the sales slip to acquirer banks
and gets the service chargers paid to him/her.
Step 6 Acquirer bank requests the card brand company to
clear the credit amount and gets the payment.
Step 6 Now card brand company asks to clear amount
from the issuer bank and amount gets transferred to card
brand company.
Debit Card
Debit card, like credit card is a small plastic card with a
unique number mapped with the bank account number. It
is required to have a bank account before getting a debit
card from the bank. The major difference between debit
card and credit card is that in case of payment through
debit card, amount gets deducted from card's bank account
immediately and there should be sufficient balance in bank
account for the transaction to get completed. Whereas in
case of credit card there is no such compulsion. Debit
cards free customer to carry cash, cheques and even
merchants accepts debit card more readily. Having
restriction on amount being in bank account also helps
customer to keep a check on his/her spending.
Smart Card
Smart card is again similar to credit card and debit card in
appearance but it has a small microprocessor chip
embedded in it. It has the capacity to store customer work
related/personal information. Smart card is also used to
store money which is reduced as per usage. Smart card can
be accessed only using a PIN of customer. Smart cards are
secure as they stores information in encrypted format and
are less expensive/provides faster processing.Mondex and
Visa Cash cards are examples of smart cards.
E-Money
E-Money transactions refer to situation where payment is
done over the network and amount gets transferred from
one financial body to another financial body without any
involvement of a middleman. E-money transactions are
faster, convenient and save a lot of time. Online payments
done via credit card, debit card or smart card are examples
of e-money transactions. Another popular example is e-
cash. In case of e-cash, both customer and merchant both
have to sign up with the bank or company issuing e-cash.
Electronic Fund Transfer:
It is a very popular electronic payment method to transfer
money from one bank account to another bank account.
Accounts can be in same bank or different bank. Fund
transfer can be done using ATM AutomatedTellerMachine
or using computer.
Now a day, internet based EFT is getting popularity. In this
case, customer uses website provided by the bank.
Customer logins to the bank's website and registers another
bank account. He/she then places a request to transfer
certain amount to that account. Customer's bank transfers
amount to other account if it is in same bank otherwise
transfer request is forwarded to ACH Automated
Clearinghouse to transfer amount to other account and
amount is deducted from customer's account. Once amount
is transferred to other account, customer is notified of the
fund transfer by the bank.
PRE-PAID ELECTRONIC PAYMENT
SYSTEMS:
E-CASH: e-cash is a purely software based anonymous
untraceable, online token payment system, available on
unix, windows as well as Macintosh platforms. Customers
as well as merchants require graphical wallet software that
can also be accessed via a command line interface. e Cash
allows bi-directional payments. there is no distinction
between customers and merchants with regards to
payments. however ,since the system is coin based ,it
requires clearing of coins by it issuing bank. the
implementation of various transactions with eCash are as
follows:
Withdraw: there are two participants’ in the withdrawal
transaction the bank and the customer. A customer
connects to an eCash issuer and purchases electronic coins
of the required value.
Purchase: once the customer has some eCash on his hard
drive ,he can buy things from the merchants shop. if the
customer shows intent to purchase a product ,he receives a
payment request from the merchant ,which he has to
confirm.
MONDEX:
The mondex purse is a smart card alternative to cash. The
mondex purse ,a self-standing value store, requires no
remote approval of individual transactions. rather ,the
mondex value equivalent to cash is stored in the card ‘s
microchip. The purse also stores secure programs for
manipulating that value and for interfacing with other
mondex cards or terminals.
MILICENT:
Millicent digital microcommercesystem from digital
equipment provides a way to buy and sell content in very
small amounts, over the internet. who acts as
intermediaries between vendors and customers.
MICROMINT: Microment is a payment mechanism for
making purchases over the internet. the main goal is to
minimize the number of public key operations required per
payment.
NETBILL:
Netbill has been conceived to address the problem of
buying information goods over the internet. As opposed to
the physical goods purchased on the internet and shipped
later by the merchant, the information goods are
themselves transferred over the internet to the customer.
REQUIREMENT METRICS OF A PAYMENT
SYSTEM:
The actual of individual characteristics is determined by
the actual need of the transacting parties. Transaction in
the context of payment systems ,refers to the actual
exchange of currency with the goods(documents) being
transferred .transaction the following characteristics:
Atomicity: it refers to the system ability to ensure that no
partial transactions or exchange can take place . Transfer
funds: this should not be any currency loss in the
transaction.
Complete transfer: this is a applicable in the case of
digital goods transfers over the internet. The complete
exchange of currency with the corresponding digital goods
should take place.
Durability: durability becomes important in case the
system crashes during the transfer. even after a system
crashes, the system should recover to a state ,where
transactions and status information is consistent.
Security:
Security in the context of payment systems refers to the
system’s ability to protect all parties from frauds, due to
interception of online transmission and storage.
Fraud protection: digital payment system must be tmper
resistant and should have built in mechanism to prevent
illegal use of digital cash.
No double spending: since digital cash is represented by
bytes that can be easily copied and respent,the digital
payment system should safeguard against reuse of
currency.
MOBILE COMMERCE: M-COMMERCE FRAME WORK DIAGRAM:

Generally speaking, the EA framework defines the scope

INTRODUCTION:
M-commerce is all about wireless e-commerce, that is of the resulting architecture, which typically includes a
where mobile devices are used to do business on the business view, information integration, application-level
internet. views, and technology infrastructures. Definitions of each
view may include more refined constructs and
"Mobile Commerce is any transaction, involving the
relationships at a lower level of granularity. The
transfer of ownership or Rights to use goods and services,
application of an EA approach is considered relevant and
which is initiated and/or completed by using mobile access
appropriate since the ecosystem within which the
to compute mediated networks with the help of an
development of m-commerce solutions occurs comprises a
electronic device."
set of interrelated perspectives based upon the integration
DEFINITION
of mobile devices, technologies, and business processes.
"Mobile Commerce is the use of information technologies
and communication Technologies for the purpose of
mobile integration of different value chains an

Business processes, and for the purpose of management of

business relationships
 research has shown that integration of core EA approaches
with m-commerce is relatively sparse, whereas literature in
both contributing areas is substantial.

The increasing attention to business underpinned by

mobility, mobile services, mobile applications, and
technologies has become a major driver for the
development of m-commerce systems. This growing trend
has become a focus for a significant number of
organizations. This paper proposes that in developing m-
commerce systems organizations need to establish an
Therefore, an EA framework for mobile commerce can be
enterprise architecture for m-commerce. The rationale for
considered to address, at least, the scope of architecture
this is rooted in the need to develop a holistic and
covering the business level/view, the application level and
integrated view of strategic direction relating to
the technology infrastructure level. In each level of our
mcommerce which will enable a coordinated and
proposal, core components have been identified. These are:
controlled approach that reduces complexity and yields
a business model of m-commerce (business level), supply
effective systems based on the structured integration of
chain of m-commerce (supply chain level), m-commerce
services, practices and technology resources. mobility is
applications (application level) and technology
harnessed to produce and organizational asset to drive the
infrastructure for m-commerce (technology level). Our
development of m-commerce. The next section proposes a
framework to establish such an enterprise architecture for
mobile commerce. Firstly, an enterprise architecture
framework for mobile commerce is presented followed by
a brief view of associated issues concerned with method. 2.
An Enterprise Architecture (EA) Framework for Mobile
Commerce An EA framework provides the basis or
template for the creation and establishment of enterprise
architecture. Zachman . is credited with developing the
discipline of enterprise architectures as a concern for both
researchers and practitioners. An enterprise architecture
framework is essentially a meta-construct used to define
the scope of the associated architecture and how the areas
of the architecture relate to each other. An architecture can
be considered analogous to a blueprint or plan of a
building structure, where different perspectives may exist
and each perspective contains structures that demonstrate
inter-relationships based upon some predefined constraint
and yield a solid foundation and approach upon which the
building is constructed. Generally speaking, the EA
framework defines the scope of the resulting architecture,
which typically includes a business view, information
integration, application-level views, and technology
infrastructures. Definitions of each view may include more
refined constructs and relationships at a lower level of
granularity. The application of an EA approach is
considered relevant and appropriate since the ecosystem
within which the development of m-commerce solutions
occurs comprises a set of interrelated perspectives based
upon the integration of mobile devices, technologies, and
business processes.Therefore, an EA framework for mobile
commerce can be considered to address, at least, the scope
of architecture covering the business level/view, the
application level and the technology infrastructure level. In
each level of our proposal, core components have been
identified. These are: a business model of m-commerce
(business level), supply chain of m-commerce (supply
chain level), m-commerce applications (application level)
and technology infrastructure for m-commerce (technology
level). Our research has shown that integration of core EA MOBILE COMMERCE APPLICATION:
approaches with m-commerce is relatively sparse, whereas
Travel and Ticketing: By utilizing the B CODE
literature in both contributing areas is substantial.
technology or NFC1 technology we coulduse the mobile
Furthermore, Leist & Zellner state that “as information
phone as a means receiving E-Tickets. B CODE tech
systems grown in complexity and scope the need for a
consists of sending text SMS which is scan able from the
comprehensive and consistent approach in modelling these
mobile phone display screen through the related set. So by
systems becomes of paramount importance.” Basole
receiving the chosen SMS, the ticket is practically received
recognises that businesses are “just beginning to recognise
and we could present the mobile phone to the scanning
the importance and potentially transformative impact of
machine at the ticket receipt spot.
enterprise mobility.” Given this our approach to applying
Commerce: Commerce is the exchange or buying and
EA principles to m-commerce appears well-grounded. A
selling of commodities on a largescale involving
proposed Enterprise Architecture Framework for mobile
transportation of goods from place to place. It is boosted
commerce is shown in Figure .
by the convenience and ubiquity conveyed by mobile
commerce technology. There are many examples
showinghow mobile commerce helps commerce. For
example, consumers can buy products from avending
machine or pay a parking fee by using their cellular
phones, and mobile users cancheck their bank accounts
and perform account balance transfers without needing to
go to abank. (Hu, 2005)
Education: Similar to other wired technologies, mobile
wireless technologies have first beenused in industry
sectors such as business. The movement of mobile wireless
technologies ineducation is a recent trend, and it is now
becoming the hottest technology in highereducation
(Levine, 2002; McGhee & Kozma, 2001; McKenzie,
2005).
Enterprise Resource Planning (ERP): In the coming
mobile commerce era, users will want tobe able to have
access to the right resources and work as efficiently as
possible– whether theyare traveling, seeing a customer or
working at other remote locations– with their ERP
systems(Siau et al., 2001). Many ERP vendors are
currently researching for means to provide mobilityto ERP
users. They attempt to connect employees to their work
more effectively than ever before by enabling mobile
phones and other wireless devices to become a new kind of
tool toseamlessly exchange information, automate data
entry and perform a range of transactionsanytime,
anywhere .
Entertainment: Entertainment has always played a crucial
role in Internet applications andis probably the most
popular application for the younger generation. Mobile
commerce makes it possible to download
game/image/music/video files at anytime and anywhere,
and it also makes on-line games and gambling much easier
to access and play. It is projected that by2005, 80 percent
of all mobile users in the United States and Western
Europe will play mobilegames at least occasionally
(Leavitt, 2003).
Health Care: The cost of health care is high and mobile
commerce can help to reduce it. By using the technology
of mobile commerce, physicians and nurses can remotely
access and update patient records immediately, a function
which has often incurred a considerable delay in the past.
This improves efficiency and productivity, reduces these technologies to their business operations worldwide
administrative overheads, and with great success.
enhances overall service quality. Mobile technologies such Traffic: Traffic is the movement of vehicles or pedestrians
as PDAs, Laptops or Tablet PCscan be of great value in through an area or along a route. The passengers in the
hospitals and healthcare facilities by allowing better access vehicles and the pedestrians are all mobile objects, ideal
to critical information – e.g. patient status, staff and patient clients of mobile commerce. Also, traffic control is usually
location and facilities availability (Larkin 2001; Banitsas, a major headache for many metropolitan areas. Using the
2002; Chau et al. 2004; Varshney 2004; Rowley 2005). technology of mobile commerce can easily improve the
Healthcare facilities that choose to adopt such technologies flow of traffic in many
may be able to not only perform better but ultimately
provide more efficient and better quality of care for
patients (Bahlman et al. 2005).
Inventory Tracking and Dispatching: Just-in-time
delivery is critical for the success of today‘s businesses.
Mobile commerce allows a business to keep track of its
mobile inventory and make time-definite deliveries, thus
improving customer service, reducing inventory, and
enhancing a company‘s competitive edge. Major delivery
services such as UPS and FedEx have already applied