MAJOR BASED ELECTIVE I (B)

E-COMMERCE
Objective :
To understand the basics of E-Commerce and it Security

Unit I
E-commerce-Electronic Commerce – E-Commerce types – E-Commerce and world at thelarge-E-
Commerce Case studies : Intel , Amazon.
Unit II

Electronic Mail – The X.400 Message handling system –Internet Addresses –

Multipurpose Internet Mail Extension – X.500 Directory Services – E-mail user agent.

Unit III
EDI- Costs and benefits – Components of EDI Systems – EDI implementation issues –
EDIFACT – EDIFACT Message Structure.

Unit IV
Cyber Security – Cyber Attacks – Hacking- SSL - Authentication and assurance of
data integrity – Cryptographic based solutions – Digital Signatures – VPN.
Unit V
Electronic Payment Systems – payment gateway – internet banking – the SET
Protocol – E-cash – E-Cheque –Elements of electronic payments

Textbook

1. E-Commerce The Cutting Edge Of Business,Kamalesh K Bajaj,Debjani Nag,McGraw

Hill,2011.

Reference Book

1. E-Commerce: Issues, Perspectives and Challenges in the Indian Context, Gupta and
Gupta, Knowledge World Publishers,2010.
 UNIT I

Unit I
E-commerce-Electronic Commerce – E-Commerce types – E-Commerce and world at thelarge-
E- Commerce Case studies : Intel , Amazon.

Introduction to Commerce

• Commerce is basically an economic activity involving trading or the buying and selling of goods.
For e.g. a customer enters a book shop, examines the books, select a book and pays for it. To fulfill the
customer requirement, the book shop needs to carry out other commercial transactions and business
functions such as managing the supply chain, providing logistic support, handling payments etc.
As we enter the electronic age, an obvious question is whether these commercial transactions and
business functions can be carried out electronically.
In general, this means that no paperwork is involved, nor is any physical contact necessary. This often
referred to as electronic commerce (e-commerce).
The earliest example of e-commerce is electronic funds transfer. This allows financial institutions to
transfer funds between one another in a secure and efficient manner.
Later, electronic data interchange (EDI) was introduced to facilitate inter-business transactions.
E-Commerce
• “E-Commerce or Electronic Commerce, a subset of E-Business, is the purchasing, selling and
exchanging of goods and services over computer networks (such as Internet) through which
transactions are performed”.
• “E-Commerce can be defined as a modern business methodology that addresses the needs of
organizations, merchants and consumers to cut costs while improving the quality of goods and services
and increasing the speed of service delivery by using Internet”.
• E-Commerce takes place between companies, between companies and their customers, or between
companies and public administration.
FEW EXAMPLES OF E-Commerce are:
• Amazon.com, an online bookstore started in 1995 grew its revenue to more than 600$ million in
1998.
• Microsoft Expedia, an integrated online travel transaction site helps to choose a flight, buy an
airline ticket, book a hotel, rent a car etc. in only a few minutes.
E-Commerce vs Traditional Commerce
• E- Commerce is about the sale and purchase of goods or services by electronic means, particularly
over the internet. In a pure e-commerce system, transactions take place via electronic means. In this
case, you will access a cyber bookstore and download a digital book from a server computer.
• In a physical or traditional commerce system, transactions take place via contact between humans
usually in a physical outlet such as a bookstore.
For e.g. if you want to buy a book, you will go to a physical bookstore and buy the physical book from a
salesman.
• E-Commerce is more suitable for standard goods, intangible goods; whereas traditional commerce
is more suitable for non standard goods, perishable goods, and expensive goods.
• Complex products such as cars are better served by integrating e-commerce and physical
commerce.
E-Business
• “E-Business is the conduct of business on the Internet, not only buying and selling but also
servicing customers and collaborating with business partners”.
• E-Business means connecting critical business systems directly to customers, vendors and
suppliers- via the Internet, Extranet and Intranets.
• Therefore it means using electronic information to boost performance and create value by forming
new relationships between and among businesses and customers.

• One of the first to use the term was IBM, in October 1997, when it launched a campaign built
around e-business.
E-Business enables organizations to accomplish the following goals:-
• Reach new markets.
• Create new products or services.
• Build customer loyalty
• Make the best use of existing and emerging technologies.
• Achieve market leadership and competitive advantage.
• Enrich human capital.

Advantages of E-Commerce to Customers

• Reduced Prices:- Costs of products are reduced since the stages along the value chain are
decreased. For instance, intermediaries can be eliminated by the company directly selling to the
customers instead of distributing through a retail store.
• 24-Hour Access:- Online businesses never sleep as opposed to brick and mortar businesses. E-
Commerce allows people to carry out businesses without the barriers of time.
• Global Marketplace:- Consumers can stop anywhere in the world. Currently according to World
Trade Organization (WTO) there are no custom duties put on products bought and traded globally
electronically. This also provides wide selection of products and services to consumers.
• More Choices:- Provides consumers with more choices. For e.g. before making any purchase,
customer can study about all the major brands and features of any item. It also provides consumers
with less expensive products and services by allowing them to shop in many places.

Advantages of E-Commerce to Businesses

• Increased potential market share:- The internet enables businesses to have access to international
markets thereby increasing their market share. Companies can also achieve greater economies of scale.
• Low cost Advertising:- Advertising on the internet costs less than advertising on print or television
depending on the extent of advertisement.Advertising on the internet itself is less costly since there is
less cost associated with it in terms of printing and limited television spots.
• Low barriers to Entries:- Anyone can start up a company on the internet. Start-up costs are a lot
lower for companies since there is less need for money for capital.
• Strategic Benefits:- The Strategic benefits of making a business e-commerce enabled is that it helps
reduce the delivery time, labour cost and the cost incurred in document preparation, data entry, error
detection etc.

Disadvantages of E-Commerce
• Hidden Costs:- Although buying online is convenient, the cost of this convenience is not always
clear at the front end. For e.g. on-line purchases are often accompanied by high shipping and re-
stocking fees, a lack of warranty coverage and unacceptable delivery times. In fact, too many e-
commerce companies have developed a reputation of overcharging for shipping and handling.
• Lack of Security:- One of the main roadblocks to the wide acceptance of e-commerce by
businesses and consumers alike is the perceived lack of adequate security for on-line transactions.
For e.g. Consumers are growing increasingly worried about providing credit card information over the
Internet.
During the past few years, the press has been filled with reports about hackers breaking into e-business
and stealing credit card information.
• Lack of Privacy:- Customers also worry about the privacy implications of data gathered by
organizations of all types and sizes. Even at the simplest data level, sales information is stored in
databases connected to web servers, thus exposing the information to cyber criminals. Because data
gathering on the web is so easy, databases routinely contain information about customer purchasing
habits, credit information and so on. In many cases, companies sell customer database information to
marketing companies. In turn, the marketing companies engage in massive e-mail campaigns to attract
new customers. It doesn’t take long for the customer’s email box to be filled with unwanted email (also
known as Spam).
• Network Unreliability:- Although the Internet is designed to overcome the single point of failure
problem, there have been several well-publicized incidents of network failures during the past few
years. Network reliability problems may be generated by such factors as:-
Equipment failure in the network connection provider.
Accidental problems caused by nature-such as lightning, floods, earthquakes that affect
communication lines.
Long response time due to increased network traffic or inadequate bandwidth.
• Low Service Levels:- Another common complaint about doing business online is the low level of
customer service that online companies tend to provide. Although technology has automated business
transactions to a large extent, there remains a real need for the human touch. Therefore e-commerce
websites must provide:-
 A pleasant and problem free pre-ordering and ordering experience. The website design is an
important interface.
Readily available easily used feedback options.
Quick complaint resolution.
Timely and low-cost shipping delivery to customers.

Scope of E-Commerce
• E-Commerce is a general concept covering any form of business transaction or information
exchange executed using information and communication technologies ((ICT’s).
• It includes electronic trading of goods, services and electronic material.
It takes place between companies, between companies and their customers or between companies
and public administrations.

• Electronic Markets:-
An electronic market is the use of information and communication technology to present a range of
offerings available in a market segment so that the purchaser can compare the prices of the offerings
and make a purchase decision
e.g. Airline Booking System
• Electronic Data Interchange:-
It provides a standardized system for coding trade transactions so that they can be communicated
from one computer to another without the need for printed orders and invoices & delays & errors in
paper handling.
It is used by organizations that make a large no. of regular transactions.
e.g. EDI is used in the large supermarket chains for transactions with their suppliers.
• Internet Commerce:-
Information and communications technologies can be used to advertise & make sales of wide range
of goods & services.
This application is both for business to business & business to consumer transactions.
e.g. The purchase of goods that are then delivered by post or the booking of tickets that can be picked
up by the clients

Types of E-Commerce/ E-Commerce Market Models

• There are five types of E-Commerce:-
Business To Business (B2B)
Business To Consumer (B2C)
Consumer To Business (C2B)
Consumer To Consumer (C2C)
Business To Government (B2G)
Business To Business (B2B):- Business to Business or B2B refers to e-commerce activities between
businesses. An E-Commerce company can be dealing with suppliers or distributers or agents. These
transactions are usually carried out through Electronic Data Interchange (EDI). EDI is an automated
format of exchanging information between businesses over private networks.
For e.g. manufacturers and wholesalers are B2B Companies.
By processing payments electronically, companies are able to lower the number of clerical errors and
increase the speed of processing invoices, which result in lowered transaction fees.
In general, B2Bs require higher security needs than B2Cs.
With the help of B2B E-commerce, companies are able to improve the efficiency of several common
business functions, including supplier management, inventory management and payment
management.
Business To Customer (B2C):- Business to Customer or B2C refers to E-Commerce activities that are
focused on consumers rather than on businesses.
For instance, a book retailer would be a B2C company such as Amazon.com. Other examples could also
be purchasing services from an insurance company, conducting on-line banking and employing travel
services.
Customer To Business (C2B):-
Customer to Business or C2B refers to E-Commerce activities which use reverse pricing models where
the customer determines the prices of the product or services.
In this case, the focus shifts from selling to buying. There is an increased emphasis on customer
empowerment.
In this type of E-Commerce, consumers get a choice of a wide variety of commodities and services,
along with the opportunity to specify the range of prices they can afford or are willing to pay for a
particular item, service or commodity.
Customer To Customer (C2C):-
Customer to Customer or C2C refers to E-commerce activities, which use an auction style model. This
model consists of a person-to-person transaction that completely excludes businesses from the
equation.
Customers are also a part of the business and C2C enables customers to directly deal with each other.
An example of this is peer auction giant ebay.
Business To Government (B2G):- It is a new trend in E-Commerce. This type of E-Commerce is used by
the government departments to directly reach to the citizens by setting up the websites.
These websites have government policies, rules and regulations related to the respective departments.
Any citizen may interact with these websites to know the various details. This helps the people to know
the facts without going to the respective departments.
This also saves time of the employees as well as the citizens.
History of E-Commerce
• The history of Ecommerce seems rather short but its journey started over 40 years ago in hushed
science labs
• In the 1960s, very early on in the history of Ecommerce, its purpose was to exchange long distance
electronic data. In these early days of Ecommerce, users consisted of only very large companies, such
as banks and military departments, who used it for command control communication purposes. This
was called EDI, and was used for electronic data interchange.
• Originally, electronic commerce was identified as the facilitation of commercial transactions
electronically, using technology such as Electronic Data Interchange (EDI) and Electronic Funds Transfer
(EFT). These were both introduced in the late 1970s, allowing businesses to send commercial
documents like purchase orders or invoices electronically.
• The growth and acceptance of credit cards, automated teller machines (ATM) and telephone
banking in the 1980s were also forms of electronic commerce
• In 1982 Transmission Control Protocol and Internet Protocol known as TCP & IP was developed.
This was the first system to send information in small packets along different routes using packet
switching technology, like today's Internet! As opposed to sending the information streaming down
one route
• Beginning in the 1990s, electronic commerce would include enterprise resource planning systems
(ERP), data mining and data warehousing
• In 1995, with the introduction of online payment methods, two companies that we all know of
today took their first steps into the world of Ecommerce. Today Amazon and ebay are both amongst
the most successful companies on the Internet

Functions of E-Commerce
• Marketing:- One of the areas it impacts particularly is direct marketing. In the past this was mainly
door-to-door, home parties (like the Tupperware parties) and mail orders using catalogues or leaflets.
This moved to telemarketing and TV selling with the advance in television technology and finally
developed into e-marketing.
• Human Resource Management:- Issues of on-line recruiting, home working and ‘entrepreneurs’
working on a project by project basis replacing permanent employees.
• Business law and ethics:- The different legal and ethical issues that have arisen as a result of a
global ‘virtual’ market. Issues such as copyright laws, privacy of customer information etc.
• Management Information System:- Analysis, design and implementation of e-business systems
within an organization ; issues of integration of front-end and back-end systems.
• Product Operations and Management:- The impact of on-line processing has led to reduced cycle
time. It takes seconds to deliver digitized products and services electronically; similarly the time for
processing orders can be reduced by more than 90 percent from days to minutes.
• Finance and Accounting:- On-line banking ; issues of transaction costs ; accounting and auditing
implications where ‘intangible’ assets and human capital must be tangibly valued in an increasing
knowledge based economy.
• Economy:- The impact of E-commerce on local and global economies; understanding the concepts
of a digital and knowledge based economy and how this fits into economic theory.

E-Commerce Applications
• E-Marketing
• E-Advertising
• E-Banking
• E-Learning
• Mobile Commerce
• Online Shopping
• Entertainment
• E-Marketing:-

E-Marketing also known as Internet Marketing, Online Marketing, Web Marketing.

It is the marketing of products or services over the internet.
It is consider to be broad in scope because not refers to marketing on the internet but also done in
Email and wireless media.
 E-Marketing ties together the creative and technical aspects of the internet, including design
development, advertising and sales.
Internet marketing is associated with several business models i.e., B2C, B2B, C2C.
Internet marketing is inexpensive when examine the ratio of cost to the reach of the target.

• E-Advertising:-
It is also known as online advertising it is a form of promotion that uses internet and World Wide
Web to deliver marketing messages to attracts customers.
Example: Banner ads, Social network advertising, online classified advertising etc.
The growth of these particular media attracts the attention of advertisers as a more productive
source to bring in consumers.

• E-Banking:-
Means any user with a personal computer and browser can get connected to his banks, website to
perform any of the banking functions. In internet banking system the bank has a centralized data base
i.e., web-enabled.
Best example for E-Banking is ATM.
An ATM is an electronic fund transfer terminal capable of handling cash deposits, transfer, Balance
enquiries, cash withdrawals, and pay bills.
• SERVICES THROUGH E-BANKING:
Bill Payment Service
Fund Transfer
Investing through Internet Banking
Shopping

• E-Learning:-
E-Learning comprises all forms of electronically supported learning and teaching.
E-Learning applications and processes include web-based learning, computer-based learning.
Content is delivered via. The internet, intranet/extranet, audio, or video tape, satellite TV.
E-Learning is naturally suited to distance and flexible learning, but can also be used conjunction with
face-to-face teaching.
E-Learning can also refer to the educational website such as those offering learning scenarios worst
and interactive exercises for children.
A learning management system (LMS) is software used for delivering, tracking, and managing training
/education.

• Mobile Commerce:-
Mobile Commerce also known as M-Commerce, is the ability to conduct, commerce as a mobile
device, such as mobile phone.
Banks and other financial institutions use mobile commerce to allow their customers to access
account information and make transactions, such as purchasing, withdrawals etc.,
Using a mobile browser customers can shop online without having to be at their personal computer.
• SERVICES ARE:
1. Mobile ticketing
2. Mobile contract purchase and delivery mainly consumes of the sale of ring tones, wallpapers and
games of mobile phones.
3. Local base services
• Local discount offers
• Local weather
4. Information services
• News
• Sports, Scores

• Online Shopping:-
Online shopping is the process whereby consumers directly buy goods or services from a sell in real
time, without intermediary services over the internet.
An online shop, e-shop, e-store, internet shop web shop, web store, online store, or virtual shop
evokes the physical analogy of buying products or services in a shopping center.
In order to shop online, one must be able to have access to a computer, a bank account and debit
card.
Online shoppers commonly use credit card to make payments , however some systems enable users
to create accounts and pay by alternative means ,such as
• Cheque.
• Debit cards.
• Gift cards
Online stores are usually available 24 hours a day

• Entertainment:-
The conventional media that have been used for entertainment are
1. Books/magazines.
2. Radio.
3. Television/films.
4. Video games.
Online books /newspapers, online radio, online television, online firms, and online games are common
place in internet where we can entertain.
Online social networking websites are one of the biggest sources of E-entertainment for today’s
tech-savvy generation.

Unit II
Electronic Mail – The X.400 Message handling system –Internet Addresses – Multipurpose Internet
Mail Extension – X.500 Directory Services – E-mail user agent.

X.400 is a suite of ITU-T Recommendations that define standards for Data Communication Networks for
Message Handling Systems (MHS) — more commonly known as email.
At one time, the designers of X.400 were expecting it to be the predominant form of email, but this
role has been taken by the SMTP-based Internet e-mail. Despite this, it has been widely used within
organizations and was a core part of Microsoft Exchange Server until 2006; variants continue to be
important in military and aviation contexts.

X.400 Message-Handling System

The ITU (formerly CCITT) defined the X.400 MHS standard, an electronic system for exchanging
messages among store-and-forward mail systems. In ISO terminology, X.400 is called MOTIS (Message-
Oriented Text Interchange System). The goal of the standard is to provide compatibility among multi-
vendor products and interfaces as well as public and private message services.

X.400 was first introduced in 1984 and has been through several enhancements. It outlines the
protocols, procedures, components, terminology, and testing methods required to build interoperable
e-mail systems. X.400 is based on a distributed client/server model. Internet mail has now become the
de-facto mail standard.

What is X.400?

A set of standards defined in 1984 and 1988 by the International Telecommunication Union (ITU) for
computer-based handling of e-mail. The X.400 standard is based on the Open Systems Interconnection
(OSI) reference model and other protocols developed by theInternational Organization for
Standardization (ISO). X.400 provides global standards that enable users to send e-mail between any
X.400-compliant messaging systems. X.400 is widely considered to be the standard framework for
global messaging, although the Simple Mail Transfer Protocol (SMTP) for Internet e-mail might have an
even better claim to the title. X.400 is widely implemented in Europe by most post, telephone, and
telegraph (PTT) authorities. Microsoft Exchange Server supports messaging connectivity with X.400
mail systems through the X.400 Connector, an optional component available with the Enterprise
Edition of Exchange Server 5.5.

How X.400 Works

X.400 defines a global Message Handling System (MHS) that consists of a number of messaging
components. From an administrative point of view, the building blocks of the MHS are management
domains (MDs). (MDs are not the same as DNS domains - the Domain Name System [DNS] is used for
SMTP mail, not X.400 messaging services.) A management domain is a collection of messaging systems
with at least one Message Transfer Agent (MTA)managed by a specific organization. X.400
management domains come in two varieties:

 Administrative Management Domains (ADMDs):

Messaging systems managed by an administrator or a registered private agency. These are the top-
level management domains that handle third-party messaging traffic. An example is a telephone carrier
service company such as AT&T.

 Private Management Domains (PRMDs):

Unique subscriptions to an ADMD, such as telephone numbers of users. PRMDs can send or receive
messages from an ADMD, but PRMDs cannot communicate directly with each other.

An X.400 MHS consists of the following five kinds of messaging components:

Message Transfer Systems (MTS’s):

Collections of one or more MTAs that function together to provide message forwarding services for a
particular X.400 domain.
Message Transfer Agents (MTAs):
Route and deliver transport messages to and from User Agents (UAs) and with other MTAs. An MTA
corresponds to a mail server in a typical LAN–based messaging system. MTAs maintain a database of all
UAs registered in their domain and routing tables that indicate how messages should be forwarded to
other domains.
Messages Stores (MS’s):
Temporarily store messages that an MTA has received until they can be processed and forwarded for
delivery. X.400 thus uses a store-and-forward method of message delivery.
User Agents (UAs):
Provide messaging functionality directly to users. From a practical point of view, a UA can be identified
as the e-mail client software that a user is running; from an abstract point of view, a UA is a domain
belonging to a user and consisting of additional subcomponents. The goal of an X.400 MHS is to
facilitate exchange of messages between different UAs.
Access Units (AUs):
Gateways between an X.400 MHS and another messaging system such as a telex or fax system.

Graphic X-2. X.400. The X.400 Message Handling System.

Each UA in an X.400 MTS is identified by a special X.400 address called an Originator/Recipient (O/R)
address. The O/R address is the e-mail address of the X.400 user and can be quite complex compared
to an SMTP e-mail address. (This is one reason that SMTP is overtaking X.400 in popularity.) An O/R
address consists of a series of VALUE=ATTRIBUTE pairs separated by semicolons. Not all fields need to
be complete - only those that uniquely identify the recipient are required. Here is an example of an
X.400 address:

C=US;A=MCI;P=MICROSOFT;O=SALES;S=SMITH;G=JEFF;
The individual address fields are as follows:

 Country (C) is United States

 ADMD (A) is MCI
 PRMD (P) is Microsoft (company name)
 Organization (O) is Sales Department of Microsoft
 Surname (S) is Smith
 Given name (G) is Jeff
An X.400 message consists of a P1 envelope and its P2/22 message contents. The envelope contains
the e-mail address information needed for routing the message to its destination. The X.400 protocol
for a message envelope includes support for message tracking and delivery priority features. The X.400
protocol for the message content includes a header and body part for the message.
What typically happens in the message transfer process is that a UA sends a message addressed to
another UA in the MHS. The message is forwarded to an MTA in the local MTS, which either delivers
the message locally or forwards it to a remote MTA for handling, depending on where the destination
UA is located. The message is passed from MTA to MTA until it reaches the MTS of the destination UA,
whereupon it is either delivered if the destination UA is connected or stored in an MS until the UA can
retrieve it.

Multipurpose Internet mail extension (MIME)

Multipurpose Internet Mail Extension (MIME) is a standard which was proposed by Bell
Communications in 1991 in order to expand limited capabilities of email.
MIME is a kind of add on or a supplementary protocol which allows non-ASCII data to be sent through
SMTP. It allows the users to exchange different kinds of data files on the Internet: audio, video, images,
application programs as well.

Why do we need MIME?

Limitations of Simple Mail Transfer Protocol (SMTP):
• SMTP has a very simple structure
• It’s simplicity however comes with a price as it only send messages in NVT 7-bit ASCII format.
• It cannot be used for languages that do not support 7-bit ASCII format such as- French, German,
Russian, Chinese and Japanese, etc. so it cannot be transmitted using SMTP. So, in order to make
SMTP more broad we use MIME.
• It cannot be used to send binary files or video or audio data.
• Purpose and Functionality of MIME –
Growing demand for Email Message as people also want to express in terms of Multimedia. So,
MIME another email application is introduced as it is not restricted to textual data.

X500 Directory Service

X.500 is a directory service used in the same way as a conventional name service, but it is primarily
used to satisfy descriptive queries and is designed to discover the names and attributes of other users
or system resources. Users may have a variety of requirements for searching and browsing in a
directory of network users, organizations and system resources to obtain information about the
entities that the directory contains. The uses for such a service are likely to be quite diverse. They range
from enquiries that are directly analogous to the use of telephone directories, such as a simple ‘white
pages’ access to obtain a user’s electronic mail address or a ‘yellow pages’ query aimed, for example, at
obtaining the names and telephone numbers of garages specializing in the repair of a particular make
of car, to the use of the directory to access personal details such as job roles, dietary habits or even
photographic images of the individuals.
Standard of ITU and ISO organizations

Organized in a tree structure with name nodes as in the case of other name servers

A wide range of attributes are stored in each node

Directory Information Tree (DIT)
Directory Information Base (DIB)

X.500 service architecture

The data stored in X.500 servers is organized in a tree structure with named nodes, as in the case of the
other name servers discussed in this chapter, but in X.500 a wide range of attributes are stored at each
node in the tree, and access is possible not just by name but also by searching for entries with any
required combination of attributes. The X.500 name tree is called the Directory Information Tree (DIT),
and the entire directory structure including the data associated with the nodes, is called the Directory
Information Base (DIB). There is intended to be a single integrated DIB containing information provided
by organizations throughout the world, with portions of the DIB located in individual X.500 servers.
Typically, a medium-sized or large organization would provide at least one server. Clients access the
directory by establishing a connection to a server and issuing access requests. Clients can contact any
server with an enquiry. If the data required are not in the segment of the DIB held by the contacted
server, it will either invoke other servers to resolve the query or redirect the client to another server.

Directory Server Agent (DSA)

Directory User Agent (DUA)

In the terminology of the X.500 standard, servers are Directory Service Agents (DSAs), and their clients
are termed Directory User Agents (DUAs). Each entry in the DIB consists of a name and a set of
attributes. As in other name servers, the full name of an entry corresponds to a path through the DIT
from the root of the tree to the entry. In addition to full or absolute names, a DUA can establish a
context, which includes a base node, and then use shorter relative names that give the path from the
base node to the named entry.

An X.500 DIB Entry

Part of the X.500 Directory Information Tree

The data structure for the entries in the DIB and the DIT is very flexible. A DIB entry
consists of a set of attributes, where an attribute has a type and one or more values. The type of each
attribute is denoted by a type name (for
example, countryName, organizationName, commonName, telephoneNumber, mailbox,objectClass).
New attribute types can be defined if they are required. For each distinct type name there is a
corresponding type definition, which includes a type description and a syntax definition in the ASN.1
notation (a standard notation for syntax definitions) defining representations for all permissible values
of the type.

DIB entries are classified in a manner similar to the object class structures found in object-oriented
programming languages. Each entry includes an objectClass attribute, which determines the class (or
classes) of the object to which an entry refers. Organization, organizationalPerson and document are all
examples ofobjectClass values. Further classes can be defined as they are required. The definition of a
class determines which attributes are mandatory and which are optional for entries of the given class.
The definitions of classes are organized in an inheritance hierarchy in which all classes except one
(called topClass) must contain an objectClass attribute, and the value of the objectClass attribute must
be the names of one or more classes. If there are several objectClass values, the object inherits the
mandatory and optional attributes of each of the classes.

Administration and updating of the DIB • The DSA interface includes

operations for adding, deleting and modifying entries. Access control is provided for both queries and
updating operations, so access to parts of the DIT may be restricted to certain users or classes of user

Lightweight Directory Access Protocol • X.500’s assumption that organizations

would provide information about themselves in public directories within a common system has proved
largely unfounded. group at the University of Michigan proposed a more lightweight approach called
the Lightweight Directory Access Protocol (LDAP), in which a DUA accesses X.500 directory services
directly over TCP/IP instead of the upper layers of the ISO protocol stack.
Mail User Agent
A Mail User Agent (MUA), also referred to as an email client, is a computer application that allows you
to send and retrieve email. A MUA is what you interact with, as opposed to an email server, which
transports email. MUAs can be software applications, such as Outlook Express and Lotus notes, or they
can be webmail services such as those provided by Yahoo!, Microsoft Outlook.com, and Gmail.
MUAs are the component within the Simple Mail Transfer Protocol (SMTP) system responsible for
creating email messages for transfer to a Mail Transfer Agent (MTA).
A Mail Transfer Agent (MTA), also referred to as a message transfer agent, mail server, or a mail
exchanger (MX), is a computer program or software agent that sends and receives email messages
from one computer to another computer.
Email is based around the use of electronic mailboxes. When an email is sent, the message is routed
from server to server, all the way to the recipient's email server. More specifically, the message is sent
to the mail server tasked with transporting emails (called the MTA, for Mail Transport Agent) to the
recipient's MTA. On the Internet, MTAs communicate with one another using the protocol SMTP, and
so are logically called SMTP servers (or sometimes outgoing mail servers).

The recipient's MTA then delivers the email to the incoming mail server (called
the MDA, for Mail Delivery Agent), which stores the email as it waits for the user to accept it. There are
two main protocols used for retrieving email on an MDA: POP3 (Post Office Protocol), the older of the
two, which is used for retrieving email and, in certain cases, leaving a copy of it on the server;
and IMAP(Internet Message Access Protocol), which is used for coordinating the status of emails (read,
deleted, moved) across multiple email clients. With IMAP, a copy of every message is saved on the
server, so that this synchronization task can be completed.

For this reason, incoming mail servers are called POP servers or IMAP servers, depending on which
protocol is used:

To use a real-world analogy, MTAs act as the post office (the sorting area
and mail carrier), which handle message transportation, while MDAs act as mailboxes, which store
messages (as much as their volume will allow) until the recipients check the box. This means that it is
not necessary for recipients to be connected in order for them to be sent email.

To keep everyone from checking other users' emails, MDA is

protected by a user name called a loginand by a password.
Retrieving mail is done using a software program called an MUA (Mail User Agent). When the MUA is a
program installed on the user's system, it is called an email client (such as Mozilla Thunderbird,
Microsoft Outlook, Eudora Mail, Incredimail or Lotus Notes).
When it is a web interface used for interacting with the incoming mail server, it is called webmail.

Open Relay
By default, it is not necessary to authenticate oneself to send email, which means that it is very easy to
falsify one's own address when sending mail. For this reason, nearly all Internet service providers lock
down their SMTP servers so that only their subscribers can use them, or more precisely, only machines
whose IP address belongs to the ISP's domain. This explains why users must modify the outgoing server
settings in their email clients each time they move to a new home or business.
When an organization's email server is improperly configured and allows third-party users on any
network to send emails, this is called an open relay. Open relays are generally used by spammers, as
using them hides the true origins of their messages. As a result, many ISPs keep an up-to-date
blacklist of open relays to keep subscribers from receiving messages from such servers.
UNIT III
EDI- Costs and benefits – Components of EDI Systems – EDI implementation issues – EDIFACT –
EDIFACT Message Structure.

E-Commerce Trade Cycle

• E-Commerce can be applied to all, or different phases of the trade cycle.
• The trade cycle varies depending on:-
The nature of the organization (or individuals) involved.
The nature and type of goods or services being exchanged.
The frequency of trade between the partners to the exchange process.
• The trade cycle has to support:-
Finding goods or services appropriate to the requirement and agreeing the terms of trade often
referred to as search and negotiation.
Placing the order, taking delivery and making payment i.e., execution & settlement of transaction.
After sales activity such as warrantee, service etc.
There are numerous categories of trade cycles depending on the factors outlined above and, for
many transactions, further complicated by the complexities of international trade.
• Three generic trade cycles can be identified:-
1. Regular, repeat transactions between commercial trading partners (Repeat Trade Cycle).
2. Irregular Transactions between commercial trading partners where execution and settlement are
separated (Credit Transactions)
3. Irregular transactions in once-off trading relationships where execution and settlement are
typically combined (Cash Transactions)
• Electronic Markets:-
It increases the efficiency of the market.
It reduces the search cost for the buyer and makes it more likely that buyer will continue the search
until the best buy is found.
It exists in financial markets & they are also used in airline booking system.
It is irregular transaction trade.

• Electronic Data Interchange:-

It is used for regular repeat transactions.
It takes quite a lot of work to set up systems.
Mature use of EDI allows for a change in the nature of the product or service.
e.g. Applications are sending test results from the pathology laboratory to the hospital or dispatching
exam results from exam boards to school.

• Internet Commerce:-
 The first stage
• Advertising appropriate goods and services.
• Internet sites offer only information & any further steps down the trade cycle are conducted on
the telephone.
The Second stage
• An increasing no. of sites offer facilities to execute & settle the transaction.
• Delivery may be electronic or by home delivery depending on the goods and services.
The final stage
• After-sales service.
• On-line support & On-Line services.

Tools & Technologies for E-Commerce

• Electronic data interchange (EDI)
• Bar codes
• Electronic mail
• Internet
• World Wide Web
• Product data exchange
• Electronic forms
• Electronic Data Interchange (EDI)
EDI is the computer-to-computer exchange of structured business information in a standard
electronic format. Information stored on one computer is translated by software programs into
standard EDI format for transmission to one or more trading partners. The trading partners’ computers,
in turn, translate the information using software programs into a form they can understand.
• Bar Codes
Bar codes are used for automatic product identification by a computer. They are a rectangular
pattern of lines of varying widths and spaces. Specific characters (e.g. numbers 0-9) are assigned
unique patterns, thus creating a "font" which computers can recognize based on light reflected from a
laser.
The most obvious example of bar codes is on consumer products such as packaged foods. These
codes allow the products to be scanned at the checkout counter. As the product is identified the price
is entered in the cash register, while internal systems such as inventory and accounting are
automatically updated.
• Electronic Mail
Messages composed by an individual and sent in digital form to other recipients via the Internet.
• Internet
 The Internet is a global network of millions of diverse computers and computer networks. These
networks can all "talk" to each other because they have agreed to use a common communications
protocol called TCP/IP. The Internet is a tool for communications between people and businesses. The
network is growing very, very fast and as more and more people are gaining access to the Internet, it is
becoming more and more useful.
• World Wide Web
The World Wide Web is a collection of documents written and encoded with the Hypertext Markup
Language (HTML). With the aid of a relatively small piece of software (called a "browser"), a user can
ask for these documents and display them on the user’s local computer, although the document can be
on a computer on a totally different network elsewhere in the world.
HTML documents can contain many different kinds of information such as text, pictures, video,
sound, and pointers, which take users immediately to other web pages.
It is this ability to jump from site to site that gave rise to the term "World Wide Web." Browsing the
Web (or "surfing the Net") can be a fascinating activity, especially to people new to the Internet. The
World Wide Web is by far the most heavily used application on the Internet.
• Product Data Exchange
Product data refers to any data that is needed to describe a product. Sometimes that data is in
graphical form, as in the case of pictures, drawings and CAD files. In other cases the data may be
character based (numbers and letters), as in the case of specifications, bills of material, manufacturing
instructions, engineering change notices and test results.
Product data exchange differs from other types of business communications in two important ways.
First, because graphics are involved users must contend with large computer files and with problems
of compatibility between software applications. (The difficulty of exchanging CAD files from one system
to another is legendary).
Second, version control very quickly gets very complicated. Product designs, even late in the
development cycle, are subject to a great deal of change, and because manufacturing processes are
involved, even small product changes can have major consequences for getting a product into
production.
• Electronic Forms
Electronic form is a technology that combines the familiarity of paper forms with the power of storing
information in digital form. Imagine an ordinary paper form, a piece of paper with lines, boxes, check-
off lists, and places for signatures. To the user an electronic form is simply a digital analogue of such a
paper form, an image, which looks like a form but which appears on a computer screen and is filled out
via mouse, and keyboard.
Behind the screen, however, lie numerous functions that paper and pencil cannot provide. Those
extra functions come about because the data from electronic forms are captured in digital form, thus
allowing storage in data bases, automatic information routing, and integration into other applications.
Framework of E-Commerce
• This framework, first developed by Kalakota and Whinston, Professors of Information Systems and
prolific authors on the subject, takes a holistic view and identifies the different components of business
and technology that make up e-commerce. Using the analogy of the architecture of a building
illustrated in Fig., they explain how the different components fit and interact together, emphasizing the
relative importance of each component.
• Kalakota and Whinston use the analogy of a traditional transportation company to describe the
complexity of the network and how the different components that make up the technology
infrastructure are interlinked.
The network infrastructure is like the network of roads that are interconnected and are of different
widths, lengths and quality – for example, the Internet, local area networks, intranets. Network
infrastructures also take different forms such as telephone wires, cables, wireless technology (such as
satellite or cellular technology).
The publishing infrastructure (including the WWW, Web servers) can be seen as the infrastructure of
vehicles and warehouses, which store and transport electronic data and multimedia content along the
network. Multimedia content is created using tools such as HTML and JAVA. This content can be very
different with varying degrees of complexity similar to different vehicles travelling on the roads. For
example, text only, or more complex is an application, such as a computer game, containing audio,
video, graphics and a programme.
Messaging and information distribution infrastructure are the engines and fuel, which transport the
data around the network. Once the multimedia content is created, there has to be a means of sending
and retrieving this information, for example by EDI, e-mail, Hyper Text Transfer Protocol.
Once content and data can be created, displayed and transmitted, supporting business services are
necessary for facilitating the buying, selling and other transactions safely and reliably. For example,
smart cards, authentication, electronic payment, directories/catalogues.
• The next components which facilitate and enable e-commerce and which are built on the
foundations of technology are:
Public policy, regulations and laws that govern issues such as universal access, privacy, electronic
contracts and the terms and conditions that govern e-commerce.
Universal agreement of technical standards dictate the format in which electronic data is transferred
over networks and is received across user interfaces, and the format in which it is stored. This is
necessary so that data can travel seamlessly across different networks, where information and data can
be accessed by a whole range of hardware and software such as computers, palmtops, and different
kinds of browsers and document readers.
The interaction of people and organizations to manage and coordinate the applications,
infrastructures and businesses are all necessary to make e-commerce work.
All these elements interact together to produce the most visible manifestation of e-commerce.
These applications include on-line banking and financial trading; recruitment; procurement and
purchasing; marketing and advertising; auctions; shopping are just a few examples.
 This is a particularly useful framework for managers to understand the importance of technology
and business, both within the organization and external to it, in the planning and development of any
e-commerce or e-business solution.

Electronic Data Interchange (EDI)

• Electronic data interchange (EDI) is the process used by organizations in order to transmit the data
between organizations by electronic means. It is used to transfer electronic documents or business
data from one computer system to another computer system, i.e. from one trading partner to another
trading partner without human intervention.

• Here, are two major parties i.e. Customer & Merchant,

• Customer firstly order for the required product. Trading party then give confirmation, Delivery
note, Invoice & Acknowledgements for the product status. At the end, customer pays for the product.
• Here, We have shown the basic overview but EDI is somewhat complex.
EDI is used by organizations for transactions that occur on regular basis to a predefined format.
• Organizations that send or receive documents between each other are referred to as "trading
partners" in EDI terminology. The trading partners agree on the specific information to be transmitted
and how it should be used.
• EDI is also known as paperless trading.
• EDI is basically-
• “The transfer of structured data, by agreed message standards, from one computer system to
another, by electronic means.”
EDI has four elements, each of them essential to an EDI system:
• Structured Data: EDI transactions are composed of codes, & short pieces of text. Each Element
with a strictly defined purpose. Fore.g An order has codes for the customer & product & values such as
quantity ordered.
• Agreed Message Standards: The EDI transaction has to have a standard format. The standard is not
just agreed between the trading partners but is a general standard agreed at national or international
level. A purchase order will be one of a number of agreed message standards.
• From one computer system to another: The EDI message sent is between two computer
applications. There is no requirement for people to read the message or re-key it into a computer
system. For e.g. The message is directly between the customer’s purchasing system & the supplier’s
order processing system.
• By electronic means: Usually this is by data communications but the physical transfer of magnetic
tape or floppy disc would be within the definition of EDI. Often networks specifically designed for EDI
will be used.
Main Features of EDI:
• EDI’s use structured formatted messages that are based on agreed standards - in this way the
messages can be read by any system that understands the rules they are governed by. However, this is
not always as simple as it seems, as there are also the provision of EDI translation software packages.
• Required to set up an interface between the company computer and the EDI sent/received
document.
• EDI provides a relatively fast delivery of electronic documents from sender to receiver.
• EDI provides direct communication between applications, rather than between computers.
• EDI includes data management and networking capabilities, data processing, the efficient capture
of data into electronic form, the processing and retention of data, controlled access to it, and efficient
and reliable data transmission between remote sites.
Benefits of EDI:
• Reduced paperwork: Even when paper documents are maintained in parallel with EDI exchange,
e.g. printed shipping manifests, electronic exchange and the use of data from that exchange reduces
the handling costs of sorting, distributing, organizing, and searching paper documents.
• Cost cutting: The use of EDI can cut costs. These include the costs of stationary & postage but
these will probably be fully matched by the costs of running the EDI service.EDI and similar
technologies allow a company to take advantage of the benefits of storing and manipulating data
electronically without the cost of manual entry.
• Reduced Errors: Another advantage of EDI is reduced errors, such as shipping and billing errors,
because EDI eliminates the need to rekey documents on the destination side. Keying an information
into the computer system is a source of errors & keying paper orders into order processing system is no
exception.EDI eliminates this source of errors. On the down side, there is no order entry clerk who
might have spotted errors made by the customer- the customer will get what the customer asked for.
• Faster Response: With paper orders it would be several days before the customer was informed of
any supply difficulty, such as the product is out of stock. With EDI the customer can be informed
straight way giving time for an alternative product to be ordered or an alternative supplier to be used.
• Improved funds transmission: Due to this increased efficiency of non-paper accounts, cash flow
will improve as electric fund transmission is able to begin much earlier than previously.
• Improved Shipping Service: Shipping is also improved as EDI provides quick and efficient
information as it relies on barcode information to communicate. It is able to track inventory and
eliminates the incidence of lost packages due to their isolation from the larger shipping order. EDI
greatly improves accuracy of data as it is all automated.
• EDI payment: Payment can also be made by EDI. The EDI payment system can also generate an EDI
payment advice that can be electronically matched against the relevant invoices, again avoiding query
& delay.
EDI System

Difference between EDI & Email:

• EDI sounds similar to electronic mail (email), but is actually quite different. While email allow for
free unstructured test messages to be sent from one computer to another (or multiple) computers, EDI
supports structured business messages to be transmitted between partners. Previously these would
have been hard copy documents or printed business documents. So rather than having documents pass
from person to person, they go from computer to computer.
EDI: THE NUTS AND BOLTS
EDI Standards:
• At the heart of any EDI application is the EDI standard. The essence of EDI is the coding &
structuring of the data into a common & generally accepted format.
• Documents sent via EDI can serve as input for a receiving a company's business application
because they are formatted according to standards that stipulate where certain information should be
located, such as where net total amount should appear on an invoice.
• These standards also define how individual pieces of information should be represented. For
example, in the standards for an electronics industry purchase order, there are specific codes defined
to identify the type of product or service being requested, e.g. PN (company part number), BY (buyers
part number), VP (vendors part number), PW (part drawing), etc.

Components of EDI
1. Application service
2. Translation service
3. Communication service
1. Application Services :-
It provides the link between application and EDI. It allows you to send documents from an EDI system.
The set of callable routine is used to transfer document from the business application into EDI
document, destination can be either intra-company or to the external companies.

2. Translation service:-
Converts the outgoing documents from an internal format file to an agreed external format. Translates
internal document from external format to EDI internal format file.

3. Communication service:-
The communication service sends and receives transmission files to and from the trading partners
either directly or by using party service called a valued added network (VAN).
File Types
EDI creates following files as a document passes through the system:
1. Internal format file (IFF):-
It contains single document for single trading partner.
2. External format file (EFF):-
It contains same data as the internal format file translated into the appropriate standard document
format.
3. Transmission file:-
It contains one or more document for the same trading partner. Documents of same format are packed
into functional groups. The functional groups going to one trading partner are packaged into an
interchanged set.

EDI software
1. Translators:-
Every EDI sender and receiver should have EDI translator. It varies based on the computer on which it is
going to reside. The computer may be a micro computer or a midrange or a mainframe. Translator
reads the fixed length file and generates valid EDI standard and maintains control information.
2. Application link software:-
Application link software is used to collect information from the business application and then it
formats into fixed length computer file and passes it onto translators.
Types of EDI standards:
• Proprietary standard - EDI standard developed for a specific company or industry. This is also
called a non-public or private standard.
• Public standard - EDI standard developed for use across one or more industries.

EDIFACT
• Electronic Data Interchange for Administration, Commerce, and Transport is the international set
of EDI standards
• Became a UN standard in 1987
• Maintenance and further development is the responsibility of the United Nations Centre for Trade
Facilitation and Electronic Business (UN/CEFACT)
• Includes syntax rules and implementation guidelines, message design guidelines, data elements,
code sets, and other definitions
• Used for business-to-business (B2B) communication rather than business-to-consumer (B2C)
• Allows multi-country and multi-industry exchange
The four pillars of EDIFACT

• Syntax
• Rules for the definition of a message structure
• Data elements
• Smallest data unit
• Include codes & the values for items such as date & address code
• Segments
• Groups of related data elements
• Messages
• Ordered sequence of segments
• Defines a business transaction

• United Nations/Electronic Data Interchange For Administration, Commerce and

Transport (UN/EDIFACT) is the international EDI standard developed under the United Nations.

EDIFACT Structure Chart

• For EDIFACT each document type is referred to as a message. For trade purposes the documents
include order, dispatch advice, invoice, payment order & remittance advice. Other sectors include their
own documentation requirements, sectors using EDIFACT include:
• Transport
• Customs
• Finance
• Construction
• Statistics
• Insurance
• Tourism
• Healthcare
• Social Administration
• Public Administration

EDIFACT subsets

EDI Layered Architecture

EDI Semantic layer:-

Describes the business application
Procurement example
• Requests for quotes
• Price quotes
• Purchase orders
• Acknowledgments
• Invoices
 Specific to company & software used
EDI Standard Layer:-
Specifies business form structure so that information can be exchanged it also influence the content
at application layer.
The most competing standards are:
• American National Standards Institute(ANSI)X12
• EDIFACT developed by UN/ECE, Working Party for the Facilitation of International Trade
Procedures
EDI Transport Layer:-
It corresponds with non electronic activity of sending business from one company to another
company.

It can send via postal service, registered and certified mail & email etc.

Generally, EDI transport layer chooses email as the carrier service.

EDI Physical Layer:-

It describes physical devices which are involved in transaction.

Dial-up lines, Internet, Value-Added Networks etc.

EDI in India
EC/EDI Council of India:
Chairman: Secretary Department of Commerce
Secretariat: EC/EDI Division Department of Commerce
Udyog Bhawan, New Delhi - 110011
EC/EDI council is the apex body consisting of all the key government departments and representatives
of trade and industry. It is responsible for laying down the policy frame work and direction for:-
• promotion and propagation of EDI and Electronic Commerce.
• creating awareness and education among the potential EC/EDI functionaries and users
• streamlining procedures and practices attending to legal issues
• human resource development
• any other issue connected with EDI and Electronic Commerce
India EDIFACT Committee:
Chairman: Additional Secretary Department of Commerce
Secretariat: EC/EDI Division Department of Commerce
Udyog Bhawan, New Delhi - 110011
The India EDIFACT Committee (IEC) is responsible for formulatin standards, streamlining the
procedures in line with UN/EDIFACT and maintain liaison with UN/EDIFACT bodies.
To address all the information needed on different sectors and its interface with UN/EDIFACT standards
following Message Development Groups are working –
Ports Message Development Group under Indian Ports Association (IPA)
Airports Message Development Group under Airports Authority of India (AAI)
Financial Message Development Group under Indian Banks Association (IBA)
Customs Message Development Group under Central Board of Excise & Custom (CBEC)
Private Sector Message Development Group under Federation of Indian Export Organisations (FIEO)
 Working Group: The working group is responsible for motivating various functionaries in the
government and ensure scheduled implementation of program.
Technical Assessment Group: The Technical Assessment Group is responsible for assessing the
messages developed by the various agencies for structure and syntax conformance, to review the
Implementation Guidelines prepared by various agencies for the respective messages developed by
them and to prepare and circulate the EDIFACT Message Directory.
Chairman : Senior Technical Director, NIC Department of Commerce Secretariat : EC/EDI Division
Department of Commerce Udyog Bhawan, New Delhi - 110011
Education and Awareness: The Department of Commerce has identified key areas where immediate
attention was required such as user awareness and human resource development. For creating
awareness in respect of EC/EDI, four organizations have been identified namely Federation of Indian
Export Organizations (FIEO), All Indian Management Association (AIMA), National Informatics Centre
(NIC) and Indian Institute of Foreign Trade(IIFT). The course contents for awareness and training
programmes have been structured and programmes for various level of management have been
devised. This Ministry also organizes EDICON (An international conference and exhibition on Trade
Facilitation (TF/EC/EDI) every year along with special session for CEOs of top Indian companies.
VAN Service Providers: Department of Telecom has already licensed a number of operators for Value
Added Network (VAN) services. National Informatics Centre (NIC) and Videsh Sanchar Nigam
Limited(VSNL) are the two major companies/organizations providing high speed information highway
for EC/EDI services within the country and connectivity to foreign networks. A number of other
companies also recognized the emerging EC/EDI market and approached the Department of
Telecommunications, which is the licensing authority for (VAN) Value Added Network operations in
India. Companies such as Global Electronic Commerce Services Ltd., Mahindra Network Services,
Satyam Infosys, CMC Ltd., Manipal Control Data Electronic Commerce Systems etc.., have started
EC/EDI services.
Co-ordinated EC/EDI implementation project
To facilitate international trade a co-ordinated EC/EDI implementation project is underway in
following departments/organisations :
– Customs
– Directorate General of Foreign Trade (DGFT)
– Apparel Export Promotion Council/Cotton & Textile Export Promotion Council etc.
– Port Trusts
– Airport Authority of India (AAI)
– Container Corporation of India (CONCOR)
– Reserve Bank of India (RBI)
– Scheduled Banks
– Airlines
– Indian Railways
– CHA/Freight Forwarders
– Export Promotion Organization

EDI IMPLEMENTATION
• The First Technical element of the EDI system is the EDI software. It is a complete suite of software
for creating, transmitting, receiving, managing and tracking EDI documents. It contains the tools
needed to fine-tune EDI invoicing, from EDI document editing, to document review, to document
selection.
• The system design is comprehensive and can convert invoices, returns, change notices,
statements, purchase orders, and title catalogues into the EDI format.
• If pens & things is to send an order from its production control system to packaging solutions it
needs to code that order into the agreed EDI standard &’squirt’ it into the chosen VADS. To pickup the
order at the other end, packaging solutions has a similar need to extract the data from the network &
to decode the data from EDI message into its order processing system. The coding/Decoding of EDI
messages & interfacing with VADS in normally achieved using EDI software as shown in Fig.
Sending an order using EDI software

• Technically EDI comes down to imports/exports to/from your system and some data
communication. It is good practice to keep this import/export as simple as possible, and to concentrate
on the impact of EDI on your system and organization. You will want ONE import/export in your system
(for each information flow).You don't want to handle all the EDI details in the import/export module,
like you don't want to handle the logic of printer drivers in your application.

EDI Enabled Procurement Process

PROCUREMENT
Procurement is the process whereby companies purchase goods and services from various suppliers.
These include everything from indirect goods like light bulbs, uniforms, toilet paper, and office supplies,
to the direct goods used for manufacturing products.
Procurement also involves the purchase of temporary labor, energy, vehicle leases, and more.
Companies negotiate discount contracts for some goods and services, and buy others on the spot.
Procurement can be an important part of a company's overall strategy for reducing costs.
Historically, the individuals or departments responsible for purchasing a company's goods and
services relied on various methods for doing so. The most basic included placing orders via telephone,
fax, or mail.
E-PROCUREMENT
Electronic procurement methods, generally referred to as e-procurement, potentially enable the
procurement process to unfold in a faster, more efficient manner, and with fewer errors. These
methods include electronic data interchange (EDI), online marketplaces or e-marketplaces, and various
blends of the two.
EDI deals more with the way information is communicated during procurement than it does with the
act of linking buyers and suppliers.
By definition, EDI is the electronic exchange of business information—purchase orders, invoices, bills
of lading, inventory data, and various types of confirmations—between organizations or trading
partners in standardized formats.
 EDI also is used within individual organizations to transfer data between different divisions or
departments, such as finance, purchasing, and shipping. Two characteristics set EDI apart from other
ways of exchanging information.
First, EDI only involves business-to-business transactions; individual consumers do not directly use
EDI to purchase goods or services.
Secondly, EDI involves transactions between computers or databases, not individuals. Therefore,
individuals sending e-mail messages or sharing files over a network does not constitute EDI.
EDI can occur point-to-point, where organizations communicate directly with one another over a
private network; via the Internet (also known as open EDI); and most commonly, via value-added
networks (VANs), which function like telephone lines by allowing for the transfer of information.
In the early 2000s, although many companies still relied on VANs, the Internet was playing a larger
role in EDI. It is possible for companies to translate the files used during EDI and send them to another
company's computer system over the Internet, via e-mail, or file transfer protocol (FTP).
Because it is an open network and access is not terribly expensive, using the Internet for EDI can be
more cost effective for companies with limited means.
It has the potential to provide them with access to large companies who continue to rely on large,
traditional EDI systems.
The low cost associated with open EDI also means that more companies are likely to participate. This
is important because the level of value for participants often increases along with their number.
E-procurement tools and applications:
Some e-procurement tools and applications include:
Electronic systems to support traditional procurement
EDI (electronic data interchange)
ERP systems
Internet as a support or complement to traditional procurement
Electronic mail (e-mail)
Web enabled EDI
Extensible markup language (XML)
World wide web (www)
Internet tools and platforms that replace traditional procurement
EDI (Electronic Data Interchange)
EDI is an application whereby electronic messages can be exchanged between computer programs of
two separate organizations. Some features of EDI include:
Messages are exchanged in groups, known as batches.
Messages can automatically be sent, transmitted and stored between computers without retyping or
keying data.
EDI has to be implemented by each pair of organizations (sender and receiver) who wish to use it.
This means that the implementation costs of EDI are relatively high.
EDI is mostly used where the messages exchanged concern such matters as orders, confirmations,
transport information and invoicing.

EDI traditionally runs on so-called, “Value Added Networks”, which are closed networks (unlike open
networks like the Internet).
The figure below illustrates the categories of electronic communication exchange between people and
computers:-
Internet tools and platforms that replace traditional procurement: Some internet tools and platforms
that replace traditional procurement include:
E-sourcing
E-tendering
E- auctioning
E-ordering and web-based ERP
E-informing
E-Sourcing: E-sourcing supports the specification phase; it can be used to pre-qualify suppliers and
also identifies suppliers that can be used in the selection phase. For suppliers the benefit is:
“marketing” and for the buying organizations the benefit is facilitating the sourcing of suppliers. The
UN Global Market Place (UNGM www.ungm.org) is an example of an E-sourcing tool.
E-tendering: E-tendering supports the selection stage and acts as a communication platform
between the procuring organization and suppliers. It covers the complete tendering process from REOI
via ITB/RFP to contracting, usually including support for the analysis and assessment activities; it does
not include closing the deal with a supplier but facilitates a large part of the tactical procurement
process. It results in equal treatment of suppliers; transparent selection process; reduction in (legal)
errors; clear audit trial; more efficiency in the tactical procurement process and improved time
management of tendering procedures. Some UN organizations such as UNDP-IAPSO and UNHCR have
used E-tendering in the formulation of long-term agreements for vehicles, tents, motorcycles and
pharmaceuticals through an in-house developed tendering portal.
E-auctioning: E-auctioning supports the contract stage. It enables the closing of a deal with a supplier
if parties agree on price. They operate with an upward or downward price mechanism e.g. e-auctioning
with upward price mechanism for the selling organization and e-reverse auctioning with a downward
price mechanism for the buying organization. They can be made in accordance with traditional ITB/RFP.
They are internet based using open or closed systems.
E-ordering and web-based ERP: E-ordering and web-based ERP is the process of creating and
approving procurement requisitions, placing purchase orders, as well as receiving goods and services
ordered, by using software systems based on the Internet.
E-informing: E-informing is not directly associated with a stage in the procurement process; it is the
process of gathering and distributing procurement information both from and to internal and external
parties using Internet technology.
E-procurement in the procurement cycle: The figure below shows the six forms of e-procurement
plotted in the procurement process
Each of these forms can be explained as follows:
E-sourcing supports the specification phase; it identifies suppliers that can be used in the selection
phase.
E-tendering supports the selection phase; it facilitates the REOI and ITB/RFP activities, usually
including support for the analysis and assessment activities.
E-reverse auctioning supports the contract phase; it enables closing a deal with a supplier;
E-ordering and web-based ERP is the process of creating and approving procurement requisitions,
placing purchase orders, as well as receiving goods and services ordered, by using a software system
based on the Internet.
E-informing is not directly associated with a phase in the procurement process; it is the process of
gathering and distributing procurement information both from and to internal and external parties
using Internet technology.
Unit IV

Cyber Security – Cyber Attacks – Hacking- SSL - Authentication and assurance of data integrity –
Cryptographic based solutions – Digital Signatures – VPN.

What is Cyber Security?

Cyber security consists of technologies, processes and controls designed to protect systems, networks
and data from cyber attacks. Effective cyber security reduces the risk of cyber attacks and protects
against the unauthorised exploitation of systems, networks and technologies.
Robust cyber security involves implementing controls based on three pillars: people, processes and
technology. This three-pronged approach helps organisations defend themselves from both organised
attacks and common internal threats, such as accidental breaches and human error.

The three pillars of cyber security

People:

Every employee needs to be aware of their role in preventing and reducing cyber threats, and
specialised technical cyber security staff need to stay fully up to date with the latest skills and
qualifications to mitigate and respond to cyber attacks.
Processes:
Processes are crucial in defining how the organisation’s activities, roles and documentation are used to
mitigate the risks to the organisation’s information. Cyber threats change quickly, so processes need to
be continually reviewed to be able to adapt alongside them.
Technology:
By identifying the cyber risks that your organisation faces you can then start to look at what controls to
put in place, and what technologies you’ll need to do this. Technology can be deployed to prevent or
reduce the impact of cyber risks, depending on your risk assessment and what you deem an acceptable
level of risk.

Why is cyber security important?

 The costs of data breaches are soaring

With the EU GDPR (General Data Protection Regulation) now in force, organisations could be faced
with fines of up to €20 million or 4% of annual global turnover for certain infractions. There are also
non-financial costs to be considered, such as reputational damage and loss of customer trust.

 Cyber attacks are becoming increasingly sophisticated

Cyber attacks have become more sophisticated with attackers using an ever-growing variety of tactics
to exploit vulnerabilities, such as social engineering, malware and ransomware (as was the case
with Petya, WannaCry and NotPetya).

 Cyber security is a critical board issue

New regulations and reporting requirements make cyber security risk oversight a challenge. The board
will continue to seek assurances from management that their cyber risk strategies will reduce the risk
of attacks and limit financial and operational impacts.

A strong cyber security stance is a key defence against cyber-related failures and errors and malicious
cyber-attacks, so it’s vital to have the right cyber security measures in place to protect your
organisation.

What are the consequences of a cyber attack?

 Cyber attacks can disrupt and cause considerable financial and reputational damage to even
the most resilient organisation. If you suffer a cyber attack, you stand to lose assets, reputation and
business, and potentially face regulatory fines and litigation – as well as the costs of remediation.

The cybersecurity industry is constantly striving to stay well prepared and well ahead of new threats.
Data protection was in the spotlight all through 2018. It’s a common practice for applications to collect
user data like the user’s personal information, location, and other personal preferences. Such
important data is vulnerable and, if left unprotected, can be stolen and misused by hackers.
UK enacted the General Data Protection Regulation (GDPR) that forced companies to state and comply
with data privacy policies. GDPR gives the users control over their data and the freedom to decide
whether the data can be shared or not.
Newsworthy breaches and hacks

Despite these new measures being in effect, data breaches continue to be the biggest security threat.
According to a study conducted by First Data, almost 34% of consumers had their data compromised
last year. The following are some of the incidents that made the news last year.

Facebook security breach

Millions of user accounts were hacked in September 2018 when hackers exploited a vulnerability in
Facebook. The breach exposed user data, including personal information, and was the worst cyber
attack in the social media company’s history.

Airline industry data hacked

Data breaches were not limited to social media applications, the airline industry also suffered. British
Airways was subjected to multiple cyber attacks between August 21 and September 6th. Financial data
of customers, including credit and debit card details, were stolen. There was a similar data breach
targeting a major Asian airliner.

Marriot data breach

In November 2018, Marriot announced that it was also a victim of a massive data breach. An
“unauthorized” party accessed its reservation database exposing guest’s personal information,
including passport numbers. Almost 327 million users were impacted.

Quora data breach

Quora was another platform attacked last year. As soon as the breach was detected, Quora logged out
all its users and notified them of the security issue. 100 million accounts were at risk as user emails,
passwords and other personal information were leaked.

New technologies create vulnerability

The above breaches are just a few of the notable cyber attacks from 2018. The cybersecurity industry
had a lot to learn from these attacks and has implemented measures to mitigate the impact of such
attacks. But technology continues to evolve—creating more vulnerabilities that can be exploited easily.
Let’s look at some of the current technology trends and the impact they have on cybersecurity.
Cryptocurrency

Bitcoin and other cryptocurrencies gained massive popularity in recent years. As more and more
consumers use cryptocurrencies for online transactions, there’s been a steady increase in hackers
targeting such transactions. Based on a study by CipherTrace, almost 927 million dollars were stolen by
hackers throughout the initial nine months of 2018. Cybersecurity can only combat these threats with
tools that are advanced enough to detect cryptojacking and cryptocurrency mining. Consumers need to
be educated about the risks involved when transacting with cryptocurrency while the cybersecurity
industry implements stricter protocols around cryptocurrency exchanges.

Artificial Intelligence

The wide use of IoT and advanced automation made way for artificial intelligence. The same technique
used to build programs that are “intelligent” can be used to build smarter malware and hacking
methods. The current set of cybersecurity tools is not designed to detect such malicious code. These
tools need to evolve with technology to handle threats posed by artificial intelligence.

Cloud Security

In recent years, most applications migrated to the cloud and enterprises have adopted Software as a
Service (SaaS) as the preferred application delivery model. Data management has also transitioned
from local servers to the cloud. But this transition comes with its own set of vulnerabilities. The data
needs to be protected from hackers; a breach can put millions of users at risk. For example,
Ransomware attacks directed at cloud providers can compromise sensitive and critical data. Such an
attack would leave major enterprises completely at risk. Data protection must be a priority for cloud
providers—and cybersecurity tools that can detect ransomware and other types of cyber attacks—
should be implemented.
Cybersecurity is only effective when it keeps pace with current innovations and trends in the IT
industry. Companies should deploy the right security tools and protocols to prevent data breaches and
to ensure user privacy is maintained.

SSL monitoring

Catchpoint’s monitoring services do more than evaluate performance. The different monitors we offer
provide a comprehensive understanding of the different components that make up the application
delivery chain. We introduced an SSL monitor as part of our commitment to help you deliver optimal
end-user experience.
SSL plays a critical role in securing data exchange. A compromised SSL certificate can leave the
application vulnerable to cyberattacks and impact application performance. Recently, the mobile
application of Softbank and O2 suffered outages. The outage was caused by an expired SSL provided by
Ericsson. SSL monitoring is an additional measure that ensures the security protocols implemented are
working uncompromised.

What is SSL?

SSL was introduced to secure the server-client connection and adds a layer of protection during data
transactions. It encrypts sensitive data, protecting it from potential threats on the information
superhighway.
We explained the basics of SSL and how it works in our Web Performance 101 blog series. SSL was
renamed to TLS and standardized by IETF. A website that is secured using SSL is protected from cyber-
attacks and data breaches. It protects user privacy and prevents hackers or intruders from
compromising the server-client connection. SSL provides three important security features:

 Data encryption: Encrypt the data so only the recipient can decipher it.
 Data integrity: Ensure the data is not corrupted.
 Data authentication: Authentication is mandatory to access the secured data.

Securing end-user experience with SSL Monitoring

The Catchpoint SSL monitor ensures that you keep track of the security configuration of your
application. It allows you to monitor the following security features that are critical such as:

 Certificate revocation: Monitoring the validity of the certificate against the Certificate
Revocation List (CRL).
 Certificate pinning and public key pinning: The test checks the certificate thumbprint or
public key against the original certificate and alerts if there are any changes to it.
 Certificate signing algorithm: Test the signing algorithm used by a certificate to ensure you
are using the right type of certificate for your website.
 Certificate validity: Check the certificate expiration and set reminders as the renewal date
approaches so that you are prepared in advance and avoid compromising security with an expired
certificate.

SSL is just one of the ways you can protect your application against malicious attacks. And
Catchpoint’s SSL monitor lets you track any malicious changes to the certificate. In addition to
deploying SSL, the cybersecurity industry offers a range of tools to detect threats and mitigate
the impact of a cyber attack. With evolving technologies, proactive and innovative measures are the
need of the hour and leaders in the cybersecurity industry are taking action.
Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide
policies for information security within an organization. The model is also sometimes referred to as the
AIC triad (availability, integrity andconfidentiality) to avoid confusion with the Central Intelligence
Agency. The elements of the triad are considered the three most crucial components of security.
In this context, confidentiality is a set of rules thatlimits access to information, integrity is the assurance
that the information is trustworthy and accurate, and availability is a guarantee of reliable access to the
information by authorized people.
Confidentiality:
Confidentiality is roughly equivalent to privacy. Measures undertaken to ensure
confidentiality aredesigned to prevent sensitive information from reaching the wrong people, while
making sure that the right people can in fact get it: Access must be restricted to those authorized to
view the data in question. It is common, as well, for data to be categorized according to the amount
and type of damage that could be done should it fall into unintended hands. More or less stringent
measures can then be implemented according to those categories.
Sometimes safeguarding data confidentiality may involve special training for those privy to such
documents. Such training would typically include security risks that could threaten this information.
Training can help familiarize authorized people with risk factors and how to guard against them.
Further aspects of training can include strong passwords and password-related best
practices and information about social engineering methods, to prevent them from bending data-
handling rules with good intentions and potentially disastrous results.
A good example of methods used to ensure confidentiality is an account number or routing number
when banking online. Data encryption is a common method of ensuring confidentiality. User IDs
and passwords constitute a standard procedure; two-factor authentication is becoming the norm.
Other options include biometric verification and security tokens, key fobs or soft tokens. In addition,
users can take precautions to minimize the number of places where the information appears and the
number of times it is actually transmitted to complete a required transaction. Extra measures might be
taken in the case of extremely sensitive documents, precautions such as storing only on air
gapped computers, disconnected storage devices or, for highly sensitive information, in hard copy form
only.
Integrity:
Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life
cycle . Data must not be changed in transit, and steps must be taken to ensure that data cannot be
altered by unauthorized people (for example, in a breach of confidentiality). These measures include
file permissions and user access controls. Version control maybeused to prevent erroneous changes or
accidental deletion by authorized users becoming a problem. In addition, some means must be in place
to detect any changes in data that might occur as a result of non-human-caused events such as an
electromagnetic pulse (EMP) or server crash. Some data might include checksums, even cryptographic
checksums, for verification of integrity. Backups or redundancies must be available to restore the
affected data to its correct state.
Availability:
Availability is best ensured by rigorously maintaining all hardware, performing hardware repairs
immediately when needed and maintaining a correctly functioning operating system environment that
is free of software conflicts. It’s also important to keep current with all necessary
system upgrades. Providing adequate communication bandwidth and preventing the occurrence
of bottlenecks are equally important. Redundancy, failover, RAID even high-availability clusters can
mitigate serious consequences when hardware issues do occur. Fast and adaptive disaster recovery is
essential for the worst case scenarios; that capacity is reliant on the existence of a comprehensive
disaster recovery plan (DRP). Safeguards against data loss or interruptions in connections must include
unpredictable events such as natural disasters and fire. To prevent data loss from such occurrences,
a backup copy may be stored in a geographically-isolated location, perhaps even in a fireproof,
waterproof safe. Extra security equipment or software such as firewalls and proxy servers can guard
against downtime and unreachable data due to malicious actions such as denial-of-service (DoS)
attacks and network intrusions.

Digital signatures are the public-key primitives of message authentication. In the

physical world, it is common to use handwritten signatures on handwritten or typed messages. They
are used to bind signatory to the message.
Similarly, a digital signature is a technique that binds a person/entity to the digital data. This binding
can be independently verified by receiver as well as any third party.
Digital signature is a cryptographic value that is calculated from the data and a secret key known only
by the signer.
In real world, the receiver of message needs assurance that the message belongs to the sender and he
should not be able to repudiate the origination of that message. This requirement is very crucial in
business applications, since likelihood of a dispute over exchanged data is very high.
Model of Digital Signature
As mentioned earlier, the digital signature scheme is based on public key cryptography. The model of
digital signature scheme is depicted in the following illustration –

The following points explain the entire process in detail −

 Each person adopting this scheme has a public-private key pair.
 Generally, the key pairs used for encryption/decryption and signing/verifying are different.
The private key used for signing is referred to as the signature key and the public key as the verification
key.
 Signer feeds data to the hash function and generates hash of data.
 Hash value and signature key are then fed to the signature algorithm which produces the
digital signature on given hash. Signature is appended to the data and then both are sent to the
verifier.
 Verifier feeds the digital signature and the verification key into the verification algorithm.
The verification algorithm gives some value as output.
 Verifier also runs same hash function on received data to generate hash value.
 For verification, this hash value and output of verification algorithm are compared. Based on
the comparison result, verifier decides whether the digital signature is valid.
 Since digital signature is created by ‘private’ key of signer and no one else can have this key;
the signer cannot repudiate signing the data in future.
It should be noticed that instead of signing data directly by signing algorithm,
usually a hash of data is created. Since the hash of data is a unique representation of data, it is
sufficient to sign the hash in place of data. The most important reason of using hash instead of data
directly for signing is efficiency of the scheme.

Let us assume RSA is used as the signing algorithm. As discussed in public key encryption chapter, the
encryption/signing process using RSA involves modular exponentiation.
Signing large data through modular exponentiation is computationally expensive and time consuming.
The hash of the data is a relatively small digest of the data, hence signing a hash is more efficient than
signing the entire data.
Importance of Digital Signature

Out of all cryptographic primitives, the digital signature using public key cryptography is considered as
very important and useful tool to achieve information security.
Apart from ability to provide non-repudiation of message, the digital signature also provides message
authentication and data integrity. Let us briefly see how this is achieved by the digital signature −
 Message authentication − When the verifier validates the digital signature using public key
of a sender, he is assured that signature has been created only by sender who possess the
corresponding secret private key and no one else.
 Data Integrity − In case an attacker has access to the data and modifies it, the digital
signature verification at receiver end fails. The hash of modified data and the output provided by the
verification algorithm will not match. Hence, receiver can safely deny the message assuming that data
integrity has been breached.
 Non-repudiation − Since it is assumed that only the signer has the knowledge of the
signature key, he can only create unique signature on a given data. Thus the receiver can present data
and the digital signature to a third party as evidence if any dispute arises in the future.
By adding public-key encryption to digital signature scheme, we can create a cryptosystem that can
provide the four essential elements of security namely − Privacy, Authentication, Integrity, and Non-
repudiation.
Encryption with Digital Signature
In many digital communications, it is desirable to exchange an encrypted messages than plaintext to
achieve confidentiality. In public key encryption scheme, a public (encryption) key of sender is
available in open domain, and hence anyone can spoof his identity and send any encrypted message to
the receiver.
This makes it essential for users employing PKC for encryption to seek digital signatures along with
encrypted data to be assured of message authentication and non-repudiation.
This can archived by combining digital signatures with encryption scheme. Let us briefly discuss how to
achieve this requirement. There are two possibilities, sign-then-encrypt and encrypt-then-sign.
However, the crypto system based on sign-then-encrypt can be exploited by receiver to spoof identity
of sender and sent that data to third party. Hence, this method is not preferred. The process of
encrypt-then-sign is more reliable and widely adopted. This is depicted in the following illustration −
The receiver after receiving the encrypted data and signature on it, first verifies the signature using
sender’s public key. After ensuring the validity of the signature, he then retrieves the data through
decryption using his private key.

A virtual private network (VPN) is programming that creates a safe and encrypted connection over a
less secure network, such as the public internet. A VPN works by using the shared public infrastructure
while maintaining privacy through security procedures and tunnelingprotocols. In effect, the protocols,
by encrypting data at the sending end and decrypting it at the receiving end, send the data through a
"tunnel" that cannot be "entered" by data that is not properly encrypted. An additional level of security
involves encrypting not only the data, but also the originating and receiving network addresses.
In the early days of the internet, VPNs were developed to provide branch office employees with an
inexpensive, safe way to access corporate applications and data. Today, VPNs are often used by remote
corporate employees, gig economy freelance workers and business travelers who require access to
sites that are geographically restricted. The two most common types of VPNs are remote access VPNs
and site-to-site VPNs.

Remote access VPN

Remote access VPN clients connect to a VPN gateway server on the organization's network. The
gateway requires the device to authenticate its identity before granting access to internal network
resources such as file servers, printers and intranets. This type of VPN usually relies on either IP
Security (IPsec) or Secure Sockets Layer (SSL) to secure the connection, although SSL VPNs are often
focused on supplying secure access to a single application rather than to the entire internal network.
Some VPNs provide Layer 2 access to the target network; these require a tunneling protocol like
the Point-to-Point Tunneling Protocol or the Layer 2 Tunneling Protocol running across the base IPsec
connection. In addition to IPsec and SSL, other protocols used to secure VPN connectivity and encrypt
data are Transport Layer Security (TLS) and OpenVPN.
Site-to-site VPN

In contrast, a site-to-site VPN uses a gateway device to connect an entire network in one location to a
network in another location. End-node devices in the remote location do not need VPN clients because
the gateway handles the connection.
Most site-to-site VPNs connecting over the internet use IPsec. It is also common for them to use
carrier MPLS clouds rather than the public internet as the transport for site-to-site VPNs. Here, too, it is
possible to have either Layer 3 connectivity (MPLS IP VPN) or Layer 2 (virtual private LAN service)
running across the base transport.

Mobile VPN

In a mobile VPN, a VPN server still sits at the edge of the company network, enabling secure tunneled
access by authenticated, authorized VPN clients. Mobile VPN tunnels are not tied to physical IP
addresses, however. Instead, each tunnel is bound to a logical IP address. That logical IP address sticks
to the mobile device no matter where it may roam. An effective mobile VPN provides continuous
service to users and can seamlessly switch across access technologies and multiple public and private
networks.

Hardware VPN

Hardware VPNs offer a number of advantages over the software-based VPN. In addition to enhanced
security, hardware VPNs can provide load balancing to handle large client loads. Administration is
managed through a Web browser interface. A hardware VPN is more expensive than a software VPN.
Because of the cost, hardware VPNs are a more realistic option for large businesses than for small
businesses or branch offices. Several vendors, including Irish vendor InvizBox, offer devices that can
function as hardware VPNs.

VPN appliance

A VPN appliance, also known as a VPN gateway appliance, is a network device equipped with enhanced
security features. Also known as an SSL (Secure Sockets Layer) VPN appliance, it is in effect
a router that provides protection, authorization, authentication and encryption >for VPNs.

Dynamic multipoint virtual private network (DMVPN)

A dynamic multipoint virtual private network (DMVPN) is a secure network that exchanges data
between sites without needing to pass traffic through an organization's headquarter virtual private
network (VPN) server or router. A DMVPN essentially creates a mesh VPN service that runs on VPN
routers and firewall concentrators. Each remote site has a router configured to connect to the
company’s headquarters VPN device (hub), providing access to the resources available. When two
spokes are required to exchange data between each other -- for a VoIP telephone call, for example --
the spoke will contact the hub, obtain the necessary information about the other end, and create a
dynamic IPsec VPN tunnel directly between them.

VPN Reconnect

VPN Reconnect is a feature of Windows 7 and Windows Server 2008 R2 that allows a virtual private
network connection to remain open during a brief interruption of Internet service. Usually, when a
computing device using a VPN connection drops its Internet connection, the end user has to manually
reconnect to the VPN. VPN Reconnect keeps the VPN tunnel open for a configurable amount of time so
when Internet service is restored, the VPN connection is automatically restored as well. The feature
was designed to improve usability for mobile employees.

Unit V
Electronic Payment Systems – payment gateway – internet banking – the SET Protocol – E-cash – E-
Cheque –Elements of electronic payments

An e-payment system is a way of making transactions or paying for goods and services through an
electronic medium, without the use of checks or cash. It’s also called an electronic payment system or
online payment system. Read on to learn more.
The electronic payment system has grown increasingly over the last decades due to the growing spread
of internet-based banking and shopping. As the world advances more with technology development,
we can see the rise of electronic payment systems and payment processing devices. As these increase,
improve, and provide ever more secure online payment transactions the percentage of check and cash
transactions will decrease.
Electronic payment methods
One of the most popular payment forms online are credit and debit cards. Besides them, there are also
alternative payment methods, such as bank transfers, electronic wallets, smart cards or bitcoin wallet
(bitcoin is the most popular cryptocurrency).
E-payment methods could be classified into two areas, credit payment systems and cash payment
systems.
 1. Credit Payment System
• Credit Card — A form of the e-payment system which requires the use of the card issued by a financial
institute to the cardholder for making payments online or through an electronic device, without the
use of cash.
• E-wallet — A form of prepaid account that stores user’s financial data, like debit and credit card
information to make an online transaction easier.
• Smart card — A plastic card with a microprocessor that can be loaded with funds to make
transactions; also known as a chip card.
• 2. Cash Payment System
• Direct debit — A financial transaction in which the account holder instructs the bank to collect a
specific amount of money from his account electronically to pay for goods or services.
• E-check — A digital version of an old paper check. It’s an electronic transfer of money from a bank
account, usually checking account, without the use of the paper check.
• E-cash is a form of an electronic payment system, where a certain amount of money is stored on a
client’s device and made accessible for online transactions.
• Stored-value card — A card with a certain amount of money that can be used to perform the
transaction in the issuer store. A typical example of stored-value cards are gift cards.
• Pros and cons of using an e-payment system
• E-payment systems are made to facilitate the acceptance of electronic payments for online
transactions. With the growing popularity of online shopping, e-payment systems became a must for
online consumers — to make shopping and banking more convenient. It comes with many benefits,
such as:
• Reaching more clients from all over the world, which results in more sales.
• More effective and efficient transactions — It’s because transactions are made in seconds (with one-
click), without wasting customer’s time. It comes with speed and simplicity.
• Convenience. Customers can pay for items on an e-commerce website at anytime and anywhere. They
just need an internet connected device. As simple as that!
• Lower transaction cost and decreased technology costs.
• Expenses control for customers, as they can always check their virtual account where they can find the
transaction history.
• Today it’s easy to add payments to a website, so even a non-technical person may implement it in
minutes and start processing online payments.
• Payment gateways and payment providers offer highly effective security and anti-fraud tools to make
transactions reliable.

• Sounds great, so are there any drawbacks?

• E-commerce fraud is growing at 30% per year. If you follow the security rules, there shouldn’t be such
problems, but when a merchant chooses a payment system which is not highly secure, there is a risk
of sensitive data breach which may cause identity theft.
• The lack of anonymity — For most, it’s not a problem at all, but you need to remember that some of
your personal data is stored in the database of the payment system.
• The need for internet access — As you may guess, if the internet connection fails, it’s impossible to
complete a transaction, get to your online account, etc.
 • E-commerce, as well as m-commerce, is getting bigger year after year, so having an e-payment system
in your online store is a must. It’s simple, fast and convenient, so why not have one?
• Still, one of the most popular payment methods are credit and debit card payments, but people also
choose some alternatives or local payment methods. If you run an online business, find out what your
target audience needs and provide the most convenient and relevant e-payment system.

A payment gateway is a merchant service provided by an e-commerce application service provider that
authorizes credit card or direct payments processing for e-businesses, online retailers, bricks and clicks,
or traditional brick and mortar.[1] The payment gateway may be provided by a bank to its customers,
but can be provided by a specialised financial service provider as a separate service, such as a payment
service provider.
A payment gateway facilitates a payment transaction by the transfer of information between a
payment portal (such as a website, mobile phone or interactive voice response service) and the front
end processor or acquiring bank.

Typical transaction processes

When a customer orders a product from a payment gateway-enabled merchant, the payment gateway
performs a variety of tasks to process the transaction.[2]

1. A customer places an order on website by pressing the 'Submit Order' or equivalent button,
or perhaps enters their card details using an automatic phone answering service.
2. If the order is via a website, the customer's web browser encrypts the information to be sent
between the browser and the merchant's webserver. In between other methods, this may be done
via SSL (Secure Socket Layer) encryption. The payment gateway may allow transaction data to be sent
directly from the customer's browser to the gateway, bypassing the merchant's systems. This reduces
the merchant's Payment Card Industry Data Security Standard (PCI DSS) compliance obligations without
redirecting the customer away from the website.
3. The merchant then forwards the transaction details to their payment gateway. This is
another (SSL) encrypted connection to the payment server hosted by the payment gateway.
4. The payment gateway converts the message from XML to ISO 8583 or a variant message
format (format understood by EFT Switches) and then forwards the transaction information to
the payment processor used by the merchant's acquiring bank.
5. The payment processor forwards the transaction information to the card association (I.e.:
Visa/MasterCard/American Express). If an American Express or Discover Card was used, then the card
association also acts as the issuing bank and directly provides a response of approved or declined to
the payment gateway. Otherwise [e.g.: MasterCard or Visa card was used], the card association routes
the transaction to the correct card issuing bank.
6. The credit card issuing bank receives the authorization request, verifies the credit or debit
available and then sends a response back to the processor (via the same process as the request for
authorization) with a response code (I.e.:: approved, denied). In addition to communicating the fate of
the authorization request, the response code is also used to define the reason why the transaction
failed (I.e.: insufficient funds, or bank link not available). Meanwhile, the credit card issuer holds an
authorization associated with that merchant and consumer for the approved amount. This can impact
the consumer's ability to spend further (because it reduces the line of credit available or it puts a hold
on a portion of the funds in a debit account).
7. The processor forwards the authorization response to the payment gateway.
8. The payment gateway receives the response, and forwards it onto the website, or whatever
interface was used to process the payment, where it is interpreted as a relevant response, then relayed
back to the merchant and cardholder. This is known as the Authorization or "Auth."
9. The entire process typically takes 2–3 seconds.[3]
10. The merchant then fulfills the order and the above process can be repeated but this time to
"Clear" the authorization by consummating the transaction. Typically, the "Clear" is initiated only after
the merchant has fulfilled the transaction (I.e. shipped the order). This results in the issuing bank
'clearing' the 'auth' (I.e. moves auth-hold to a debit) and prepares them to settle with the merchant
acquiring bank.
11. The merchant submits all their approved authorizations, in a "batch" (end of the day), to
their acquiring bank for settlement via its processor. This typically reduces or "Clears" the
corresponding "Auth" if it has not been explicitly "Cleared."
12. The acquiring bank makes the batch settlement request of the credit card issuer.
13. The credit card issuer makes a settlement payment to the acquiring bank (the next day in
most cases).
14. The acquiring bank subsequently deposits the total of the approved funds into the
merchant's nominated account (the same day or next day). This could be an account with the acquiring
bank if the merchant does their banking with the same bank, or an account with another bank.
15. The entire process from authorization to settlement to funding typically takes 3 days.

Internet Banking or otherwise known as online banking is among the convenient e-banking modes,
which caused the change in banking operations and provides virtual banking facilities to its customers
continuously. In this method, the clients can access their bank account details, no matter where they
are located, with the help of bank’s website

Difference Between Mobile Banking and Internet Banking

Internet Banking or otherwise known as online banking is among the convenient e-banking modes,
which caused the change in banking operations and provides virtual banking facilities to its customers
continuously. In this method, the clients can access their bank account details, no matter where they
are located, with the help of bank’s website.
Internet Banking is not similar to mobile banking, which implies a wireless, internet-based facility
provided by the banks to their customers, to operate their bank accounts, through handheld devices
such as smartphones, tablets and so forth, with the help of a website or a mobile application.

Definition of Internet Banking

Internet Banking can be understood as the banking method, in which the financial transactions are
conducted with te help of internet. It is like a revolution, in the era of the traditional banking system,
which does not require customers to visit the bank branch to proceed a simple bank transaction.
Put simply; internet banking is an electronic payment system, that allows the bank account holder to
execute the monetary transaction, such as bill payments, fund transfer, stop payment, balance
enquiries, etc. anytime and anywhere using the bank’s website. Online banking is part and parcel of the
core banking system handled by the bank.
Secure Electronic Transaction (SET) Protocol

Secure Electronic Transaction or SET is a system which ensures security and integrity of electronic
transactions done using credit cards in a scenario. SET is not some system that enables payment but it
is a security protocol applied on those payments. It uses different encryption and hashing techniques to
secure payments over internet done through credit cards. SET protocol was supported in development
by major organizations like Visa, Mastercard, Microsoft which provided its Secure Transaction
Technology (STT) and NetScape which provided technology of Secure Socket Layer (SSL).
SET protocol restricts revealing of credit card details to merchants thus keeping hackers and thieves at
bay. SET protocol includes Certification Authorities for making use of standard Digital Certificates like
X.509 Certificate.
Before discussing SET further, let’s see a general scenario of electronic transaction, which includes
client, payment gateway, client financial institution, merchant and merchant financial institution.

Requirements in SET :
SET protocol has some requirements to meet, some of the important requirements are :
 It has to provide mutual authentication i.e., customer (or cardholder) authentication by
confirming if the customer is intended user or not and merchant authentication.
 It has to keep the PI (Payment Information) and OI (Order Information) confidential by
appropriate encryptions.
 It has to be resistive against message modifications i.e., no changes should be allowed in the
content being transmitted.
 SET also needs to provide interoperability and make use of best security mechanisms.
DEFINITION of eCash
eCash is an internet-based system that facilitates the transfer of funds anonymously. Similar to credit
cards, eCash historically has been free to users, while sellers have paid a fee. Due to
certain security concerns, however, eCash remains more of an idea and less of an fully realized,
widespread payment system.

BREAKING DOWN eCash

eCash uses blind signatures (a type of digital signature, in which the message's content is invisible prior
to signing); no user is then able to create a link between withdrawal and spend transactions. The
system was used by one bank in the United States, the Mark Twain bank; however, the system was
dissolved in 1997 after the bank Mercantile Bank's purchasing it. eCash was a trademark of DigiCash, a
firm that went bankrupt in 1998. Following this, eCash technologies purchased DigiCash. InfoSpace
acquired eCash Technologies in 2002.
eCash began with a form of micropayments (smaller sized transactions).

eCash and Online Security

Financial information, stored on a computer or electronic device, or on the Internet more generally
(e.g. the cloud) is vulnerable to hackers. Threats to this data can come from:
 Backdoor attacks (e.g. an alternate method for assessing an organization’s system, which
bypasses usual authentication methods). Some systems come with these backdoors by design, while
others result from error.
 Denial-of-service attacks. These prevent the correct users from accessing the system, a
common method being entering a wrong password enough times so that the user’s account is locked.
 Direct-access attacks, including bugs and viruses. These forms of attacks are able to gain
access to a system, copy its data, and/or modify it.
Forms of security to protect financial and other sensitive online data (e.g. which a financial technology
or fintech company might store) could include multi-factor authentication (bringing in an additional
tool, such as a one-time, time-sensitive text message, sent to a user’s phone for an extra layer of
protection) and/or employing a password manager.

eCash and Other Forms of Online Financial Services

Many fintech companies now work with their customers exclusively online, without physical branch
locations. These companies range from online wealth management platforms and advisors, to quant-
oriented trading platforms (employing strategies, similar to some hedge funds). Some traditional
financial institutions offer the same services in both the physical and online realms,
including checking and savings accounts, transfers, and more

E-Cheque in E-commerce
E-Checks
Electronic checks are designed to accommodate the many individuals and entities that might prefer to
pay on credit or through some mechanism other than cash. Electronic checks are modelled on paper
checks, except that they are initiated electronically, use digital signatures for signing and endorsing,
and require the use of digital certificates to authenticate the payer, the payer’s bank, and bank
account. The security/authentication aspects of digital checks are supported via digital signatures using
public-key cryptography. Ideally, electronic checks will facilitate new online services by: allowing new
payment flows (the payee can verify funds availability at the payer’s bank); enhancing security at each
step of the transaction through automatic validation of the electronic signature by each party (payee
and banks); and facilitating payment integration with widely used EDI-based electronic ordering and
billing processes.
Electronic checks are delivered either by direct transmission using telephone lines, or by public
networks such as the Internet. Electronic check payments (deposits) are gathered by banks and cleared
through existing banking channels, such as automated clearing houses (ACH) networks.
E-checks:
 contain the same information as paper checks contain
 are based on the same rich legal framework as paper checks
 can be linked with unlimited information and exchanged directly between parties
 can be used in any and all remote transactions where paper checks are used today
 enhance the functions and features provided by bank checking accounts
 expand on the usefulness of paper checks by providing value-added information
Benefits of Electronic Checks
Electronic checks have the following advantages:
Electronic checks work in the same way as traditional checks, thus simplifying customer education. By
retaining the basic characteristics and flexibility of paper checks while enhancing the functionality,
electronic checks can be easily understood and readily adopted.
 Electronic checks are well suited for clearing micro payments; the conventional
cryptography of electronic checks makes them easier to process than systems based on public-key
cryptography (like digital cash). The payee and the payee’s and payer’s banks can authenticate checks
through the use of publickey certificates. Digital signatures can also be validated automatically.
Electronic checks can serve corporate markets. Firms can use electronic checks to complete payments
over the networks in a more cost-effective manner than present alternatives. Further, since the
contents of a check can be attached to the trading partner’s remittance information, the electronic
check will easily integrate with EDI applications, such as ac-counts receivable. Electronic checks create
float, and the availability of float is an important requirement for commerce. The third-party
accounting server can earn revenue by charging the buyer or seller a transaction fee or a flat rate fee,
or it can act as a bank and provide deposit accounts and make money from the deposit account pool.
 Electronic check technology links public networks to the financial payments and bank
clearing networks, leveraging the access of public net-works with the existing financial payments
infrastructure.
How do Electronic Check works?
Electronic checks are another form of electronic tokens. They are designed to accommodate the many
individuals and entities that might prefer to pay on credit or through some mechanism other than cash.
Buyers must register with a third-party account server before they are able to write electronic checks.
The account server also acts as a billing service. The registration procedure can vary depending on the
particular account server and may require a credit card or a bank account to back the checks. Once
registered, a buyer can then contact sellers of goods and services. To complete a transaction, the buyer
sends a check to the seller for a certain amount of money. These checks may be sent using e-mail or
other transport methods. When deposited, the check authorizes the transfer of account balances from
the account against which the check was drawn to the account to which the check was deposited.
The e-check method was deliberately created to work in much the same way as a conventional paper
check. An account holder will issue an electronic document that contains the name of the payer, the
name of the financial institution, the payer’s account number, the name of the payee and amount of
the check. Most of the information is in uncoded form. Like a paper check, an e-check will bear the
digital equivalent of a signature: a computed number that authenticates the check as coming from the
owner of the account.
And, again like a paper check, an e-check will need to be endorsed by the payee, using another
electronic signature, before the check can be paid. Properly signed and endorsed checks can be
electronically exchanged between financial institutions through electronic clearinghouses, with the
institutions using these endorsed checks as tender to settle accounts. The specifics of the technology
work in the following manner: On receiving the check, the seller presents it to the accounting server for
verification and payment. The accounting server verifies the digital signature on the check using any
authentication scheme. A user’s digital “signature” is used to create one ticket-a checkwhich the
seller’s digital “endorsement” transforms into another-an order to a bank computer for fund transfer.
Subsequent endorsers add successive layers of information onto the tickets, precisely as a large
number of banks may wind up stamping the back of a check along its journey through the system.
Why do we use e-checks?
E-Checks have important new features. They offer:
 the ability to conduct bank transactions, yet are safe enough to use on the Internet
 unlimited, but controlled, information carrying capability
 reduces fraud losses for all parties
 automatic verification of content and validity
 traditional checking features such as stop payments and easy reconciliation
 enhanced capabilities such as effective dating
The E-Check:
 can be used by all account holders, large and small, even where other electronic payment
solutions are too risky, or not appropriate
 is the most secure payment instrument available today
 provides rapid and secure settlement of financial obligations
 can be used with existing checking accounts
can be initiated from a variety of hardware platforms and software application s
An electronic payment system helps in cash transfer that takes place over the internet. The various
components of an effective electronic payment system are as follows:

• Buyers
• Sellers
• A gateway through which payment is done
• The bank of the buyer through which the payment instrument is issued
• The bank of the seller which is also regarded as the acquirer’s bank
***************************************************************************