Srinivas Institute of Management Studies BCA - IV Sem

SUBJECT: BCA404 - ELECTRONIC COMMERCE

FACULTY: MR. VINEETH K

UNIT – I
Chapter 1: Introduction to Electronic Commerce 5 hrs
Session 1: Introduction to Electronic Commerce
Session 2: Benefits and Impact of E Commerce
Session 3: Business to Business and Business to Consumer E-Commerce models
Session 4: Consumer to Business and Consumer to Consumer E-Commerce models
Session 5: Applications of E-Commerce Technologies

Chapter 2: Electronic Commerce Business Models 7 hrs

Session 6: Meaning of a Business model
Session 7: Categories of E-Commerce Business Models
Session 8: Native Content Based Models
Session 9: Transplanted Content Models
Session 10: Native Transaction Models
Session 11: Transplanted Transaction Models
Session 12: Unit Test

UNIT – II
Chapter 3: Electronic Data Interchange (EDI) 4 hrs
Session 13: Meaning of EDI and Conventional Trading Process
Session 14: Building Blocks of EDI system
Session 15: Value Added Networks
Session 16: Benefits & Applications of EDI

Chapter 4: Electronic Commerce: Architectural framework 5 hrs

Session 17: Framework of E-Commerce
Session 18: Network Infrastructure & Information Distribution Technology
Session 19: Networked Multimedia Content Publishing Technology
Session 20: Security and Payment Services
Session 21: Public Policy and Legal Infrastructure

Chapter 5: Information distribution & Messaging in E-Commerce 3 hrs

Session 22: FTP Application & E-mails
Session 23: WWW Server and HTTP
Session 24: Web Server Implementations

UNIT – III
Chapter 6: Electronic Commerce: Network Infrastructure 6 hrs
Session 25: Topologies & LAN
Session 26: Transmission media in LAN: Wired & Wireless LANs

Electronic Commerce Page 1

 Srinivas Institute of Management Studies BCA - IV Sem

Session 27: Ethernet LAN

Session 28: Wide Area Networks (WAN) & Internet
Session 29: TCP/IP Reference Model
Session 30: Domain Naming Systems (DNS)

Chapter 7: Electronic Commerce: Securing the business on Internet 6 hrs

Session 31: Vulnerability of information on Internet
Session 32: Security Breaches & Site Security Policies
Session 33: Security Procedures and Practices
Session 34: Protecting the Network
Session 35: Firewalls
Session 36: Securing the Web (HTTP) Service

UNIT – IV
Chapter 8: Electronic Commerce: Securing Network Transaction 6 hrs
Session 37: Security Services & Cryptography
Session 38: Cryptographic Algorithms
Session 39: Public Key Algorithms
Session 40: Authentication Protocols
Session 41: Digital Signatures & Email Security
Session 42: Security Protocols for Web Commerce

Chapter 9: Electronic Payment System 4 hrs

Session 43: Introduction to Online Payment Systems
Session 44: Pre-paid Electronic Payment Systems
Session 45: Post-paid Electronic Payment Systems
Session 46: Requirement Metrics of a Payment System

Chapter 10: Mobile Commerce: Introduction, Framework & Models 4 hrs

Session 47: Introduction & Benefits of Mobile Commerce
Session 48: Impediments in Mobile Commerce
Session 49: Mobile Commerce Framework
Session 50: Mobile Commerce Applications

Chapter 11: Value Added Chapter - Supply Chain Management 4 hrs

Session 51: Definition & Introduction of SCM
Session 52: Benefits and Goals of SCM
Session 53: Functions of SCM
Session 54: Strategies of SCM

Text Book
Bharat Bhaskar, Electronic Commerce: Framework, Technologies and Applications, 2nd edition,
McGraw Hill Company, 2006

Reference Books
1. David Whiteley, E-Commerce: Strategy, Technologies and Applications, Tata McGraw Hill
Electronic Commerce Page 2
 Srinivas Institute of Management Studies BCA - IV Sem

2. Ravi Kalakota, Andrew B. Whinston, Frontiers of Electronic Commerce, Addison-Wesley

3. C. S. V. Murthy, E-commerce: Concepts, Models, Strategies, Himalaya Publishing House, 2011
Internal Assessment
I Internal + II Internal + Preparatory – 15 marks
Assignment – 3 marks Attendance – 2 marks
Total – 20 marks
**********

CONTENTS

UNIT - I Page No

Chapter 1 Introduction to Electronic Commerce

1.1 Introduction
1.2 Benefits of E-Commerce
1.3 Impact of E-Commerce
1.4 Classifications of E-Commerce
1.5 Applications of E-Commerce Technologies

1.6 Assignment Questions

Chapter 2 Electronic Commerce Business Models

2.1 Meaning of a Business model

2.2 Categories of E-Commerce Business Models
2.2.1 Native Content Based Models
2.2.2 Transplanted Content Models
2.2.3 Native Transaction Models
2.2.4 Transplanted Transaction Models
2.3 Assignment Questions
UNIT - II
Chapter 3 Electronic Data Interchange (EDI)
3.1 Conventional Trading Process
3.2 Meaning of EDI
3.3 Building Blocks of EDI system
3.4 Value Added Networks

Electronic Commerce Page 3

 Srinivas Institute of Management Studies BCA - IV Sem

3.5 Benefits of EDI

3.6 Applications of EDI
Assignment Questions

Chapter 4 Electronic Commerce: Architectural framework

4.1 Framework of E-Commerce
4.1.1 Network Infrastructure

4.1.2 Information Distribution Technology

4.1.3 Networked Multimedia Content Publishing Technology

4.1.4 Security and Encryption

4.1.5 Payment Services

4.1.6 Business Service Infrastructure

4.1.7 Public Policy and Legal Infrastructure

4.2 Assignment Questions

Chapter 5 Information distribution & Messaging in E-Commerce

5.1 FTP Application

5.2 Email

5.3 WWW Server

5.4 HTTP
5.5 Web Servers Implementation

5.6 Assignment Questions

UNIT - III

Chapter 6 Electronic Commerce: Network Infrastructure

6.1 Local Area Networks (LAN)

6.2 Network Topologies

Electronic Commerce Page 4

 Srinivas Institute of Management Studies BCA - IV Sem

6.3 Transmission media in LAN

6.4 Wireless LANs

6.5 Ethernet LAN

6.6 Wide Area Networks (WAN)

6.7 Internet

6.8 TCP/IP Reference Model

6.9 Domain Naming Systems (DNS)

6.10 Internet Industry Structure

6.11 Assignment Questions

Chapter 7 Electronic Commerce: Securing the business on Internet

7.1 Vulnerability of information on Internet

7.2 Site Security Policies

7.2.1 Types of Security breaches
7.3 Security Procedures and Practices
7.4 Protecting the Network
7.5 Firewalls
7.6 Assignment Questions

UNIT - IV

Chapter 8 Electronic Commerce: Securing Network Transaction

8.1 Transaction Security

8.2 Security Services

8.3 Cryptography
8.4 Cryptanalysis
8.5 Digital Signatures

8.6 Email Security

Electronic Commerce Page 5

 Srinivas Institute of Management Studies BCA - IV Sem

8.7 Assignment Questions

Chapter 9 Electronic Payment System

9.1 Introduction to Payment System

9.2 Online Payment Systems

9.3 Pre-paid Electronic Payment Systems

9.4 Requirement Metrics of a Payment System

9.5 Assignment Questions

Chapter 10 Mobile Commerce: Introduction, Framework & Models

10.1 Introduction to Mobile Commerce
10.2 Benefits of Mobile Commerce

10.3 Impediments in Mobile Commerce

10.4 Mobile Commerce Framework

10.4.1 Wireless Network Infrastructure

10.4.2 Security and Encryption

10.4.3 Mobile Commerce Payment Systems

10.4.4 Infrastructure, Legal framework Network/Protocol Standards

10.4.5 Mobile Commerce Revenue Streams

10.4.6 Mobile Commerce Applications

10.5 Assignment Questions

Chapter 11 Supply Chain Management – Value Added Chapter

11.1 Definition of SCM

11.2 Benefits and Goals of SCM

Electronic Commerce Page 6

 Srinivas Institute of Management Studies BCA - IV Sem

11.3 Functions of SCM

11.4 Strategies of SCM

Electronic Commerce Page 7

 Srinivas Institute of Management Studies BCA - IV Sem

UNIT – I

Chapter-1 Introduction to Electronic Commerce

1.1 Introduction

The term Electronic commerce (E-commerce) can be defined as a technology used for
performing a variety of market transactions like delivery of information, products, services
and payments enabled by information technology and conducted over communication
networks or other means.

The emergence of the internet as a vast public network with millions of people connected
online has given rise to a new interactive market place for buying and selling. Thus, for some
electronic commerce simply means the capability to buy and sell goods, information and
services online through public network.

Information Exchange

Marketing

Contract and Order Item

Customer Service

Shipment and Payment

Fig 1.1 E–Commerce Market Elements

There are 5 phases or elements in an E-Commerce Market

Information Exchange: Here the e-commerce system may include banner advertisements,
details of products or services and electronic catalogues providing information on pricing,
quality, delivery and payment terms

Electronic Commerce Page 8

 Srinivas Institute of Management Studies BCA - IV Sem

Contract and Order: In this phase, the order is placed and item is contracted by the
customer.

Shipment and Payment: This stage follows after the exchange of values, which may involve
physical or electronic shipment. Payment in E-commerce can be done through credit cards,
digital cash or any other electronic payment systems.

In addition to these 3 main elements, there are two more supplementary elements- Customer
Service and Marketing. If some of the item parts being delivered are faulty or missing, the
customer can ask for a customer service for the product or replacement of that part or item.

Marketing deals with activities like advertising of the product, product promotion, etc. The
marketing element utilizes the data generated by customer support, along with any other
feedback or feature references. These elements relate to each other in a circular fashion that
over a period of time may promote further economic activity.

1.2 Benefits of E-Commerce

 Reaching a wider market segment irrespective of rich, poor, young, old, etc. Only thing is
you should have an internet connection
 Distances do not matter in carrying out trade. You can reach the customer wherever he is
located in the world, any time you want
 Availability of items 24 hours a day, 7 days a week and 365 days a year.
 Setting up an E-commerce website is cheaper compared to having a brick and mortar retail
outlet.
 Wider choice for the customers
 Flexibility to add & remove items from the list easily
 Reduction in human errors due to automation
 Exposure to previously untapped market segments
 Availability of friendly advice
 Reduction in order processing cost & time
 Faster fund transfer
 Reachability of producer with consumer directly

1.2.1 Drawbacks of E-Commerce

 Inability to touch & feel merchandise

 Computer systems are not 100% safe, someone may hack your private data
 All customer segments cannot be reached over online

Electronic Commerce Page 9

 Srinivas Institute of Management Studies BCA - IV Sem

 Access to internet is yet to reach all the customers

 Trust building with customers with only web presence is difficult  Lack of social
contacts

1.3 Impact of E-Commerce

The cost and availability of price and product information are important determinants of
economic behavior. Buyers often bear substantial costs in order to obtain information about
the prices and products offered by different sellers in a market. There will be various
intermediaries between buyers and sellers, in a vertical market; in the process of reducing the
cost, buyers incur to acquire information about seller prices and products on offer.

Companies like International Airlines, Hotels, Tourism Sites and other reservation
organizations have pioneered in using information technology to their advantage. By using
computers to help customers order supplies or make reservations, such companies have
boosted their profit margins and permanently altered the competitive dynamics of their
industries. These companies are benefited as they reduce the role and layers of intermediaries
such as wholesalers and redistributors in the supply chain. Therefore companies that make
electronic market or those that use them wisely will emerge winners. Those that try to lock
in customers through obsolete arrangements are likely to lose out.

In the new era of emerging electronic communities, marketing organizations have to

understand the strategic impact of electronic communication and learn to cater to the concept
of the one-stop-shop. Consider the role of a business involved in promoting tourism that plans
to cater to an electronic community. The organization must offer the full range of products
and services needed to attract the online community, including travel magazines and e-books
using visuals and text information regarding, hotels, directions, facilities for instant bookings
of travel modes, hotels and attractive and competing destinations.

The selling price of a product consists of three elements-production costs, coordination costs
and profit margin. When production costs are largely minimized, firms can economize on
coordination costs. Electronic markets are more efficient where asset is low or where
products are easy to describe. Thus, with cheap coordination transactions, interconnected
networks and easily accessible databases, electronic markets thrive due to following reasons:

Lower Coordination Costs Favor Electronic Markets

Electronic Commerce Page 10

 Srinivas Institute of Management Studies BCA - IV Sem

Electronically linked producers and retailers are able to lower their costs by reducing
intermediary transactions and unnecessary coordination, due to direct electronic transactions
with the consumer.

Low Computing Cost can Transform and Expand Products to Make them Suitable for the
Electronic Market

Products that are easy to describe also favor electronic markets. Even in asset-specific
transactions the use of information systems and standardization can narrow the gap and make
them amenable to the electronic market.

Electronic Commerce Page 11

 Srinivas Institute of Management Studies BCA - IV Sem

Multiple Choice Preference Based Shopping

Unbiased markets offer tremendous choice to buyers and may lead to the use of expert
systems which search, scan, and rank products based on customer preferences where
customers can use customized helps online in making their choices.
Trade-off in Market Participation

Electronic markets pass on the savings accrued from improved coordination costs and sell at
a discount compared to traditional markets. In addition, the market-makers' profits, from an
increased volume of sales transactions are likely to far exceed the potential profits resulting
from a low sale price, because of the effects on the electronic market.

Minimized Delivery Costs

Delivery costs are minimized in two ways. First, since the information in an e-commerce
transaction is transmitted electronically, the paper based information/document exchange
cost is substituted by much lower electronic distribution costs. Second, as each element of
the industrial value chain is bypassed, a physical distribution link and related inventory
carrying costs are eliminated.

1.3 Classifications of E-Commerce

Electronic commerce has been classified in 5 main categories:

 Business-to-Business (B2B)
 Business-to-Consumer (B2C)
 Consumer-to-Business (C2B)
 Consumer-to-Consumer (C2C)
 Business-to-Employee (B2E)

Sometimes the government may operate with its own set of rules and thus at times the
Business-to-Government (B2G) category is also included.

1) Business-to-Business (B2B) E-Commerce

Business-to-Business electronic commerce facilitates Inter-organizational interaction and

transaction. This type of electronic commerce requires two or more business entities
interacting with each other directly, or through an intermediary.
The intermediaries in Business-to-Business EC may be market makers and directory service
providers, who assist in matching buyers and sellers and striking a deal.

Business to Business transaction between a vendor and a purchaser of goods will be as under:

Electronic Commerce Page 12

 Srinivas Institute of Management Studies BCA - IV Sem

1. A purchase order (P.O) document is entered in the keyboard of a PC by the customers

purchase office and sent by e-mail to the vendor in a standard format for the purchase order
through Electronic Data Interchange (EDI) standard.

2. The P.O. is stored in the vendor data base and is acknowledged electronically through
EDI. No manual transaction of entering the PO at the vendor's side.

3. The vendor physically (in a rail or truck) dispatches the items and the delivery note is sent
through EDI standard. (No need of reentering delivery note manually). Delivery note is
compared with P.O. again through EDI. If no match found, a discrepancy note is released
electronically (through EDI).

4. The items received at the customer end will have a printed delivery note accompanying
them and is sent to the inspection office at customer’s end which physically inspects items
received and compares with the delivery note received electronically.

5. The stores office computer updates the inventory automatically using the note sent by
Inspection office.

6. The accounts office makes the payment for the items accepted through Electronic Funds
Transfer (EFT).Its banker is informed electronically to debit its account by the specified
amount and the same is to be credited to the vendor's bank account.

The business application of B2B electronic commerce can be utilized to facilitate almost all
facets of interactions among organizations, such as supplier management, inventory
management, channel management, distribution management, order fulfillment and delivery,
and payment management. The B2B electronic commerce can be a supplier-centric,
buyercentric, or an Intermediary-centric.

Supplier Management facilitates business partnerships by reducing the purchase order

processing time & cost. In the supplier-centric model, a supplier sets up the electronic
commerce marketplace. Various customer/buyer businesses interact with the supplier at its
electronic commerce marketplace. The supplier may provide customized solutions and
pricing to fit the needs of buyers' businesses. The supplier may also institute different pricing
schemes for buyers which is dependent upon the volume and loyalty discount.

Using Inventory Management, it shortens the order-ship-bill cycle. Improves the auditing
capability for firms and eliminates out of stock occurrences.

Distribution Management facilitates the transmission of shipping documents, bills, purchase

orders, advanced ship notices and enable better resource management by ensuring that the
documents themselves contain more accurate data.

Electronic Commerce Page 13

 Srinivas Institute of Management Studies BCA - IV Sem

Channel Management deals with delivery channels and payments. Product and pricing
information that once required repeated telephone calls and countless labor hours can now
be posted to electronic bulletin boards by electronically linking production-related
information with international distributor and reseller networks, companies can eliminate
thousands of labor hours & ensure accurate information sharing.

Payment Management links companies with suppliers and distributors. Payments can be sent
and received electronically. It also eliminates clerical errors and increases the speed of
processing.
Some examples of B2B websites include banking and financial sites that provide information
for its customers and employees.

2) Business-to-Consumer (B2C) E-Commerce

Business-to-Consumer (B2C) electronic commerce offers consumers the capability to

browse, select, and buy merchandise online, from a wider variety of sellers and at better
prices. The two or more entities that interact with each other in this type of transaction
involve one selling business and one consumer. The selling businesses offer a set of
merchandise at given prices, discounts, and shipping and delivery options. In this type of
electronic commerce the sellers and consumers both benefit through the round the clock
shopping accessibility from any part of the world, with increased opportunity for effective
direct marketing, customizations, and online customer service.

The application of electronic commerce in the retailing segment has seen it evolve from an
online version of catalog selling to accepting orders and payments online and translating zero
inventories into huge discounts on the prices of items. The user makes payments for the
purchased item using digital cash, credit cards or using the newest form of payment - cash
on delivery.

The B2C model of electronic commerce transaction is ideally suited for the following types
of merchandise:
1. Goods that can be easily transformed into digital format, such as books, music clips and
videos, and software packages.
2. Items that follow standard specifications, like printer ribbons, ink cartridges etc.
3. Highly rated branded items or items with return security: such as Dell and Compaq
computers, electronic gadgets from Sony, etc.
4. Items sold in packets that cannot be opened even in physical stores, e.g., Kodak film rolls.
5. Relatively cheap items where savings outweigh risks.
6. Items that can be experienced online, such as music, videos etc.

The B2C electronic commerce opportunity has been utilized by three types of
businessesChannel enhancement, On-line internet based stores, and small businesses trying
to surpass entry barriers.

Electronic Commerce Page 14

 Srinivas Institute of Management Studies BCA - IV Sem

Existing businesses may use it for expanding the market space and revenues by utilizing the
internet as new channel to do business with customers, where customers could place orders
for goods and services online. Also, existing consumer merchandisers with established store
channels adopt B2C electronic commerce to augment sales through a new channel, as well
as to make it easier to reach out to global customers. Some examples of B2C ecommerce
sites are www.dell.com, www.flipkart.com, etc.

3) Consumer-to-Consumer (C2C) E-Commerce

Consumer-to-consumer (C2C) electronic commerce gives the opportunity for consumers to

transact goods or services with other consumers present on the internet. The items like craft,
merchandise and similar items that are normally sold through 'flea' markets or bazaars are
sold in C2C websites, where individuals sell their goods to other individuals at market
determined prices. To many others, it is defined as a financial interaction between
nonbusiness entities using the web.
The C2C in many situations uses models that exchange systems with a modified form of deal
making. For deal making purposes a large virtual consumer trading community is developed.
The customer operates by the rules of this community to compete, check and decide his own
basic selling and/ or buying prices. Traditionally, C2C electronic commerce has been
conducted through both trading forums and intermediaries such as auctions, classified
advertisements, and collectible shows.

It gives small firms and individuals the same opportunity as multi-national corporations. As
a result, many individuals established online organizations that encouraged and assisted
commerce between consumers. EBay's auction service is a great example of C2C e-com
where person-to-person transactions take place everyday. Other examples include sites like
OLX.in, Quikr.com etc where users can sell their second-hand items to other users online.

4) Consumer-to-Business (C2B) E-Commerce

Consumer-to-Business (C2B) e-commerce is also called demand collection model. The C2B
model involves a transaction that is conducted between a consumer and a business
organization. It is similar to the B2C model, however, the difference is that in this case the
consumer is the seller and the business organization is the buyer. In this kind of a transaction,
the consumers decide the price of a particular product rather than the supplier. It enables
buyers to name their own price, often binding, for a specific good or services generating
demand. A consumer posts his project with a set budget online and companies review the
customers’ requirements and bids out the project. Then the customer will review the bids
and selects the company that will complete the project. Eg .Stock market

5) Business-to-Employee (B2E) E-Commerce

It is also called as Intra-organizational Electronic Commerce. Intranets are corporate

networks that utilize internet technology but limit the access only to the internal members of

Electronic Commerce Page 15

 Srinivas Institute of Management Studies BCA - IV Sem

an organization. Typically, they are built by securing the network from the global internet,
through a firewall that limits access to internal authorized members only. The internet has
provided users equipped with a browser, the means to communicate with everyone on the
web, irrespective of what platform they have. The intranets are deployed to incorporate these
advantages of the web into the information systems of the organization.

These applications enable managers to communicate with employees using emails, video
concerning and bulletin boards. The goal is to increase the flow of information, resulting in
better informed employees. These applications enable companies to organize, publish and
spread human resources manuals, product specifications and meeting minutes in their
bulletin board. The flow of information between the production and sales forces, and
between the firms and customers can also be published here.

Thus efficient management of the intellectual assets and resources of a company is crucial
for creating better business value and gaining competitive advantage. The intranet based
business-to-employee applications are often used for implementing improved employee
relationship management initiatives.

1.5 Applications of E-Commerce Technologies

Electronic Auctions

Auctions have been a well established market mechanism for trading items at a market
negotiated price, based upon demand and supply. The internet has added a new dimension
by creating an online mechanism for implementing the auction process. Traditional auctions
had limited participation of people who turned up at the place of auction. Today, the same
auction mechanisms can be implemented using electronic commerce technologies, allowing
people connected through the internet to bid. Electronic auctions potentially encourage
greater participation as internet users can connect to a web site- hosting an auction and bid
for an item.

Electronic Banking

Using E-commerce technologies, bank user records and all financial transactions can be done
using the respective Bank’s website. The user can also use the website to balance his
checkbook, summarize credit card purchases, track stocks and other investments. With the
wide availability and access to internet, electronic banking empowers activities such as
accessing their accounts, carrying out debit and credit transactions, transfer funds, pay bills,
review account history etc. ICICI bank, Citibank, HDFC bank, SBI and other leading
banking companies have been offering Internet banking services for the past few years.

Electronic Searching

The complete functionality offered by a telephone directory service provider can be offered
through a single web interface using HTTP server, where a user can search for any details
like products, person, place or any other information on the web. Companies like

Electronic Commerce Page 16

 Srinivas Institute of Management Studies BCA - IV Sem

Google.com, Bing.com, Whowhere.com and Altavista.com not only serve the purpose but
also contains personal pages, business pages, and general information on almost each and
every topic and subject. In addition to that, it can provide a lot more relevant information
including travel direction and a map of the vicinity.

Education and Learning

The internet today is widely used as a delivery vehicle for training and learning as well. The
web technology provides a uniform delivery mechanism for textual, multimedia and
animated contents called as e-Learning, with the concept of delivering training over the
internet. E-Learning has already taken powerful roots and is emerging most predominantly
in the information technology universe, as IT professionals are more comfortable working
with the new technology and have access to high speed internet connections for the fast
transmission required for media rich lessons.

Training and continuing education in the field of information technology has evolved from
spending hours outside an office in a classroom, or hours in front of a computer, dull
presentations to a flexible anytime anywhere convenience mode. Today internet is
empowering professionals with flexible training and customized learning, with live and
virtual classrooms over the web through innovative electronic training technologies, flexible
delivery methods, engaging multimedia, and live audio.
With the growth of internet technologies and the bandwidth availability today internet based
training is capable of providing content in multiple formats like textual, audio, video and
other emerging formats. E-Learning has matured to the extent that course developers, rather
than being preoccupied with the software and hardware behind the scenes, can pay more
emphasis on providing students a better experience than they might have had even with a
traditional instructor led class in a brick and mortar environment.

With e-learning, we are able to move beyond the novel concept that the person teaching them
is not physically in the same building as they are. The focus in such an e-learning
environment is on engaging them and keeping the learners engrossed in the information
being conveyed. The key benefit of e-learning is that it allows professionals to take classes
according to their time convenience who may have problems with their work schedules and
couldn’t attend regular class room hours. Apart from that it saves time on commuting to the
traditional brick-and-mortar training classes and it is also difficult to be away from the office
for long periods. The online instructor, who is a real teacher, can interact and explain
concepts and clear doubts of anyone attending a course, no matter where the students are
located, as long as they are sitting in designated classrooms or connected online.

Marketing

Traditional marketing practices are being carried upon by companies using e-commerce
technologies because it faces following major challenges:

Electronic Commerce Page 17

 Srinivas Institute of Management Studies BCA - IV Sem

• Higher Costs: The Company incurs costs in producing brochures and product data sheets
and in shipping and mailing them to customers.
• Hit Ratio: Direct mail, even in targeted market places, suffers from extremely low
response rates.
• Time Intensive: Marketing tasks are often time constrained, leading to intense time
pressure in organizing the activity. The preparation of an advertisement or a marketing
communication brochure may require several rounds of revisions, leading to delays.

Internet advertising offers the following salient advantages:

• Cost and Time Savings: Catalogues, brochures, product specifications prepared in the
electronic form and delivered through the internet offer huge savings in copy editing, printing,
packaging and shipping costs and updating as and when required. Also, it cuts the time to put
the information in the customer's hands and up to date information is available to customers
worldwide, continuously through the reach of the internet.

• Lower Barrier to Entry: The size of business, location of business, and the brick and
mortar infrastructure does not matter when you are present on the internet. It offers equal
opportunities to one and all by lowering barriers to access the marketplace.

• Interactivity and Information Richness: Marketing teams can develop interactive rich
media based brochures, product specifications, and 3-D views of products and operating
scenarios, and place them on the web site. Analytical buyers can use the information to get
enough information to make an informed decision through interaction with the site.
• Alternate Channel: For existing businesses, electronic marketing opens up a new channel
that gives customers the opportunity to browse, collect information, analyze and then chose
the standard product or customize it to their taste (e.g., color, size, shipping method) and then
place the purchase order.

Supply Chain Management

The inter-organizational business process that chains the manufacturer, logistics companies,
distributors, suppliers, retailers and customers together to facilitate order generation,
execution, and fulfillment, has evolved over the past quarter of a century. In addition to
product quality, customers deal with businesses depending upon their ability to execute the
handling and delivery reliably and promptly.

Supply chain management deals with three issues:

1. Coordinating all the order processing activities that originate at the customer level, such as
the process of order generation, order acceptance, entry into order processing system,
prioritization, production, and material forecast.
2. Material related activities such as scheduling, production, distribution, fulfillment and
delivery.
3. Financial activities such as invoicing, billing, fund transfer, and accounting.

Electronic Commerce Page 18

 Srinivas Institute of Management Studies BCA - IV Sem

The process of supply chain management enhances the scope of business, beyond the
efficiency and cost reduction perspective to growth in revenues, profit margins and improved
customer service. Electronic commerce technologies assist in linking and managing digitized
products, product information, processes, and inter-communication among organizations.
The primary goal of streamlining the product delivery from the manufacturer to the customer
can be better served with digital communication, sharing of information databases and
coordination across a number of organizations in the 'chain'.

Electronic Trading

Electronic trading, in short is a mechanism that utilizes the power of electronics and
communication media, such as the internet, to bring together geographically dispersed
buyers and sellers on a virtual common trading platform. It facilitates access to aggregate
information, order booking, and fulfillment. In the context of stock markets, e-trading means
buying and selling equity online through electronic means. The buyers and sellers registered
for electronic trading, rather than relying on phone conversations to track and collect
information to buy or sell, can use the do-it-yourself paradigm. The investors are provided
with up to date market information and may decide to enter a buy or sell order online. Orders
in the electronic trading environment are executed directly without any manual interventions.
The entered order is executed and fulfilled based upon investor-defined constraints.
Electronic trading in stocks is accomplished through brokers. Full service brokers offer
complete investment service-the money is handed over to the brokerage account and the
broker manages the money. It is the broker who decides when and what stocks to buy and
sell on behalf of the client and charges him for the services. In the advisory service account,
the broker offers advice on what to buy, sell or hold in your account but the final decision
rests with client or investor, who is probably the best judge of his money, investments and
risks.
1.6 Assignment Questions
1. What is electronic commerce? How does it differ from traditional commerce (2 marks)
2. Explain the benefits of ecommerce. (4 or 5 marks) (2009, 2011)
3. Explain the advantages and disadvantages of ecommerce. (5 or 6 marks) (2008, 10, 12)
4. Discuss the impact of ecommerce on world business. (4 or 5 marks)
5. Briefly explain the different categories of ecommerce. (7 or 8 marks) (2008, 2012)
6. Explain the B2B ecommerce with all the steps involved in the transaction. (5 or 6 marks)
(2008, 09, 10, 11, 12)
7. Explain the B2C ecommerce with an example. (5 or 6 marks) (2010)
8. What are the applications of ecommerce technologies? (5 or 6 marks) (2009, 2011)

Electronic Commerce Page 19

 Srinivas Institute of Management Studies BCA - IV Sem

Chapter-2

Electronic Commerce Business Models

2.1 Defining a Business Model

A business model is defined as follows:

• A business model describes a set of business entities and interrelationships among them.
The model describes the sources of revenue and potential benefits accruing to the involved
business participants.
• The business model provides the broad perspective necessary for identifying appropriate
solutions at some level of abstraction. The identified solution should be sustainable in terms
of revenue and capable of realizing the stated objective.

Electronic commerce has grown at lightning speed due to growth in high speed internet
connectivity and evolution in publishing, distribution, payment, and security technologies.
To cope with the evolution, business models have been evolving at a meteoric rate. With the
emergence of flat fee based internet service providers, online companies had to adjust their
business model. With millions of web pages worth of information available on the internet,
through flat rate access charges, the metered service became commercially unattractive.

Electronic Commerce Page 20

 Srinivas Institute of Management Studies BCA - IV Sem

With the increase in the number of web page visitors a newer opportunity emerged.
Advertisers discovered a new media, web sites found a new revenue stream. The idea was to
build a site with content that would attract a large number of visitors, while simultaneously
advertising. In this way these companies would be able to add significantly to the revenue
stream. Companies like Yahoo! with over 100 million page views per day and Amazon.com,
with 6 million registered users, became an attractive ground for the advertisers. Companies
like eBay have popularized the age old auction model and broadened its application by
transforming it to a web based auction, transplanted on to the internet.

Some businesses with specialty products found the reach of the internet tempting, which led
to the emergence of a new business model, where the producer of specialty products was
ready to transact the product for real money, over the internet. Businesses evolved over the
internet were content centric in the early days, the later period saw the emergence of
transaction focused sites.

2.2 Categories of E-Commerce Business Models

Over the years, the business models that have emerged on the internet can be broadly
classified into four categories:

• Native Content based Models

• Native Transaction Models
• Transplanted Content based Models
• Transplanted Transaction based Models
The taxonomy of the different business models can be briefly studied in the fig. 2.1

2.2.1 Native Content Based Models

Electronic Commerce Page 21

 Srinivas Institute of Management Studies BCA - IV Sem

Native content based models emerged due to the efforts of many amateurs who set up
informational web sites expecting no financial returns. Also, a whole lot of software programs
and utilities have been available for download-including much of the software that powers the
internet-and world wide web which is available free of cost to users from many sites. Based
on the nature of content the various models that have appeared include:

1) Information Content Model

In this model, the sites attract visitors by offering them information content that is organized
to facilitate search and discovery. Virtual Library (http://www.vlib.org) is the oldest catalog
of the web which is run by a loose confederation of volunteers, who compile pages of key links
for particular areas in which they have expertise. The index pages correspond to a specific area
stored in various servers spread around the world.

The examples of these sites include the National Informatics Center (http://www.nic.in) which
maintains contents for the Indian Government, and many state governments of India. It
provides information on the activities of many government departments, upcoming and current
legislations, and other information related to the Government. Other examples are The
International Council of Museums (ICOM) maintains a virtual library of museum pages
(www.icom.org/vlmp), containing information on museums spread around the globe and
several virtual libraries with information content focused on bio-sciences and medicine
maintained by research centers such as the National Institute of Health, etc.

2) Freeware Model

This is a model which allows the internet users a free download of internet products and
applications. Internet software companies have extensively utilized the freeware model to offer
downloads of their products. Web browsers by Netscape and Microsoft have been available
for free downloads to individual users. Linux, a cooperative operating system development
movement has utilized internet and web technology to connect developers, users and systems
administrators to maintain, download and answer support queries. Apache
(http://www.apache.org.), is an example of a freeware web service that is popular today, which
reaches out to over 50% internet users. The Free Software Foundation (http://www.gnu.org)
develops and maintains archives of UNIX -like operating systems, tools, and utilities available
for free distribution over the internet.

3) Information Exchange Model

This model is based upon the exchange of information between individuals and organizations,
over the internet. The information captured, during the interaction, about a person can be used
for building the profile of individual users. The profile can be later utilized by target marketing
and advertising companies for screening out and creating mailing lists. Users may provide
information voluntarily as a part of registration process, as is the case with sites like
Flipkart.com, Facebook.com and Gmail.com, in order to utilize the services offered by the web
site. Users may also provide the information during interaction, in trying to access some
information related to the product or service, either directly or indirectly through mechanisms

Electronic Commerce Page 22

 Srinivas Institute of Management Studies BCA - IV Sem

such as Cookies. Many of the news delivery services and targeted advertising services indulge
in this model.

2.2.2 Transplanted Content Models

This is a model where companies and other organizations publish the details of their company
and related information on their website. With growing acceptability and audience on the
internet, many traditional economy businesses saw an opportunity to generate revenues on the
internet landscape. The traditional content providers-journals, research databases, directories
and advertising-have moved their content to the internet. As a result, information providers
and brokers have transplanted businesses on the internet to take advantage of the growing
audience.

1) Subscription Model

Content creators and publishers have relied on a subscription based service model.
Entertainment and scientific journals, newsmagazines, and other periodic content have been
offered, on a subscription basis. Leading publishers and creators of digital content have adapted
the subscription based model on the internet. As a consequence, today many journals and
magazines are published in digital form as well. In addition many news services and other
valuable audio and video content are also available in digital format. The examples of these
sites include yahoo.com, udayavani.com, indiatimes.com, etc

2) Advertising Model

Web sites providing content, e-mail, chat sessions, and discussion forums are utilized for
serving advertisements to content viewers. Usually, such sites provide content and services
free of cost and generate revenue through the advertisements they display. It is the basis of the
growth and success of many search engine companies such as Yahoo! The model is derived
from commercial television and print-publications that make their basic revenue from the
advertisement stream. The model has several variations, banner advertisement being the most
popular form. Banner advertisements are served to millions of users visiting one of these
popular sites for content or service. Charges are normally made on the basis of the number of
times a banner is served. When the user clicks on the banner he is taken to the web site of
sponsor, providing him with more detailed information. The process is called the clickthrough
and usually generates additional revenues. The high volume of visitors provide attractive
clientele for advertising and promotion. In search engines, it is possible to target banner
advertisements based upon search keywords and user profiles leading to higher rates of per
million page views. Many specialized portals are based on the advertising model often called
vertical portal or Vortals, offer a focused group for advertisers in the same vertical segment.
For example, Cricinfo (www.cricinfo.com) attracts cricket fans and admirers for gathering
news, information and statistics related to cricket and serves as an ideal source for advertising
products associated with the game of cricket and outside cricket. Other examples include
facebook.com, yahoo.com, msn.com etc

Electronic Commerce Page 23

 Srinivas Institute of Management Studies BCA - IV Sem

3) Infomediary Model

An Infomediary company is the one that collects a personal profile from its users (consumers
and/or suppliers) and subsequently markets that data to interested set of users, while
maintaining the data privacy. In the process it also offers the user a percentage of brokered
deals or other services. Consumers incur substantial interaction costs in trying to locate and
discover the price of products which changes rapidly due to technological or marketing
evolutions. The infomediary model is based on the premise of lowering the interaction cost to
consumers during the process of searching for suitable products/services and prices.
Businesses based on the infomediary model, address the information demand of consumers by
identifying the best deal for them. These new middlemen deliver the value through information
mediation rather than the physical distribution. The infomediary model attracts surfers by
providing them with useful information about the web sites in a particular market segment that
are competing for their money. The infomediary model can also be used to recommend a
suitable product to the consumer by matching the customers profile and desired attributes of
the product, with the product profiles in its database. For example companies like ePinions
(www.epinions.com) facilitate users in exchanging information with each other, about the
quality of products and services or purchase experience with merchants.

4) Affiliate model

The affiliate model achieves traffic aggregation for the e-retailer at almost no risk.The affiliate
companies offer sales of other manufacturers or e-retailers' (sponsoring merchant's) products
on their web sites, for an incentive. The visitors of the affiliate site may choose to click on an
item or service offered by the e-retailer at the affiliate web site. The affiliate site redirects the
sales transaction to the sponsoring e-retailer or manufacturer, where the actual transaction is
carried out. The affiliate sites earn incentive revenue based on the value of each transaction.
Web surfers of various sites, affiliated to the sponsoring web merchant, are aggregated in this
model through financial incentives in the form of a percentage of sales value to affiliated
partner sites. The affiliates provide a click-through area on their sites to the sponsoring
merchant. In the affiliate model the web site generates revenues only if it is able to generate
the transaction for the sponsoring site. Thus affiliated sites incur no fixed carrying cost to
sponsoring merchants. A very popular example of the affiliate model is Amazon.com.

2.2.3 Native Transaction Models

These are the models that are native to the internet and were either born out of necessity on the
Internet or are suited for the IT. These models include-digital product merchandising, internet
access provision, providing software and services for creating and maintaining web sites, and
finally, a new kind of intermediary that aggregates and presents the information to meet the
users objectives rather than those industry segments.

1) Digital Products Merchant Model

Electronic Commerce Page 24

 Srinivas Institute of Management Studies BCA - IV Sem

The World Wide Web is particularly suited for merchandising digital products as these
products can be described, experienced, as well as delivered over the internet. The music, video
recordings, pictures, software products, books, documents and data bases are good examples
of the products that are available or can be easily transformed into digital form. In this model,
also known as the online transaction and delivery model, vendors of digital products or services
offer their goods through a web site on the internet. Interested buyers of these goods and/ or
services visit the site to obtain information about the products. The product information in a
digital goods market may include samples, trial versions and demos, in addition to the usual
product attributes and pricing. The buyer matches the acquired information with personal
requirements and, if an adequate match is found, may decide to buy the product by clicking on
to "buy now" button.

The buyer may select any of the valid online payment mechanisms supported and accepted by
the merchant site, such as cyber cash, Master or Visa card, or other electronic payment modes,
and provide the required payment related information. The seller, after validating the payment,
information and confirming assured payment, initiates the electronic (on-the-wire) delivery of
the digital product. Online delivery usually happens by downloading the digital product on the
buyer's computer. In the case of services, it may offer the buyer access codes to obtain the
service. Examples of these sites include Softwarebuys.com, Brothersoft.com, etc.

2) Internet Access Provision

The basic foundation of electronic commerce rests on the network infrastructure and its growth
depends upon the growth in the number of people with access to the Internet. In this model,
various companies like America Online, VSNL, MTNL, and Satyam in India, have grown by
offering dial up access to the network. In the dial up model the ISP business sets up a server in
the local calling area of its user base and invites users to sign up for an account with the
company-either as a flat rate or on rates based on duration of usage. Users willing to access the
internet dial the phone numbers provided by the ISP and log on with the assigned user id and
password. ISP servers are connected to the backbone of the internet. Larger ISPs may have
servers in several cities with a local number or even may have the interconnectivity through its
own or leased infrastructure. ISPs may offer leased circuits that are dedicated fiber optic
connections for faster and relatively assured speed of access. Other alternatives to the
traditional access mechanisms, that promise faster access and higher bandwidths, include the
cable model and Digital Subscriber Loop (DSL) access. In India Dishnet DSL
(www.ddsl.com) is a prime internet service provider with about 10% of the market share.

3) Web Hosting and Internet Services

Many web-based enterprises, including some ISPs and software services companies, provide
electronic commerce business infrastructure and support services. These services may include
hosting the web pages of the e-businesses and providing them with 24 x 7 availability and
services on the internet. In some cases the entire business operation, starting from web page
hosting to transaction processing and payment processing is supported by a third party

Electronic Commerce Page 25

 Srinivas Institute of Management Studies BCA - IV Sem

company that specializes and bases its entire business on the model of providing hassle free
guaranteed electronic business infrastructure. Several companies such as Yahoo Shops and
Lemonade Stand are based on this model. Domain name registration service, electronic mail
management services, and search and directory engine registration services are some of the
other important service areas that have emerged due to the migration and proliferation of
electronic commerce. For example, Pugmarks (www.pugmarks.net) and Verio
(WWW.Verio.com) provide web hosting services. Register.com offers domain name
registration services and usa.net provides the e-mail management services.

4) Metered Service Model

Software licenses, storage and some computing resources may be required sparingly by
organizations sometimes, but they do have to acquire and manage them. Thus it may offload
all such responsibilities to a third party company with an adequate degree of resources. The
metered service model is built upon providing such an infrastructure to needy companies,
based on their rate of utilization. Similarly, the knowledge-resource rich companies can
employ the metered service model to charge the knowledge-resource consuming companies
based on demand and usage. For example, HP offers Infrastructure on Tap. In this model,
customers pay a monthly fee for the use of off-site servers, storage, software, and services. In
this model the savings will accrue to the customers because it is HP who owns and manages
the infrastructure, maintaining security, ensuring always-on service, scalability during peak
periods and handling of upgrades. Thus, customers do not have to worry about retaining the
knowledge workers, obsolescence of hardware and software, data security, protection and
backup, as well as the round-the-clock availability. One of the most popular and common
metered service models is cloud computing where you can store your personal data and files
in a cloud server stored at a remote site by paying a certain amount. Some of the premium file
download sites also use the metered service model where the user has to register to the site by
paying some money through credit card or other e-payment methods and then he is allowed to
download files using the site’s server for a particular duration (1 month, 3 months, etc).

5) Metamediaries

A new breed of internet intermediaries who provide information mediation as well as

transaction support are called metamediaries. Metamediaries present the information from the
users' viewpoint rather than that of the industry segments. With the information being
organized by the industry, making multiple transactions for multiple products at multiple
business sites inconveniences the users. The metamediary connects customers with providers
of related goods and services that fill this need by offering them a virtual trading space called
the metamarket, where not only can they acquire all the information but also execute
transaction. The revenue model consists of charging a fee on all the transactions that occur of
a metamediary's site. In the electronic market, the metamediary establishes itself as a third
party web site that horizontally integrates industry segments and provides additional services
such as payment settlement, fulfillment, delivery integration, credit offerings and verifications

The role of the metamediary is to provide a multi-vendor catalog that combines product
information from various vendors under a single site, providing buyers with a one-stop

Electronic Commerce Page 26

 Srinivas Institute of Management Studies BCA - IV Sem

shopping experience. It may provide further value addition by including information on

multiple dimensions of product comparison and product details like quality, inventory
availability, as well as the guaranteed delivery dates. The metamediary may adopt the auction
model, for transacting unique products with unknown pricing. The metamediary may also work
as a forum that serves as an exchange for both buyers and sellers.

2.2.4 Transplanted Transaction Models

Storeowners, catalog-based sellers, manufacturers and brokers-financial, service insurance

agents, travel services agents-adapted the traditional business model to increase their reach and
reduce the market friction. Three of these models are described here.

1) Electronic Store Model

Catalog based merchandising and mail order companies had a great presence in branded
merchandise like audio and video systems and photo cameras, where customers were sure of
the nature and quality of the product they were going to receive once they placed a mail/ phone
order. The technological foundation of electronic commerce facilitated the task and was readily
adopted by catalog-based sellers, and phone/mail order companies as they constructed the web
based order business as an additional and more efficient channel. In the web based order
business, customers have flexibility to browse and assimilate information and even place a
customized order at any hour, without waiting for a sales representative to come online. In this
model, customers interact with the seller through a web based interface for gathering and
analyzing the information needed for an informed decision. Once the decision about buying a
product has been made, the customer presses the "buy now" button to initiate the purchase
process and the seller requests the buyer to select the payment mode acceptable to him. On
receiving the payment information, the seller may validate it using payment gateways or the
electronic currency provider, as the case may be. Finally, the seller initiates the delivery
process by alerting the shipping and handling department to fulfill the order. The shipping and
handling of transaction may also be integrated with delivery partners so that pick-ups can be
scheduled from appropriate locations for timely delivery. Amazon.com is an example for this
model, which started out selling books through web based stores over the internet, at deep
discounts compared to traditional brick and mortar bookstore.

2) Brokerage Model

The market makers, also known as brokers, play an important role of facilitating transactions
by bringing buyers and sellers together in traditional commerce. The brokers charge a fee or a
commission on transactions that are facilitated by them. The brokerage model of traditional
commerce has also been adopted in the electronic commerce and has been applied in all the
types of e-commerce. In the traditional economy, the brokerage functionality has been
pervasive in stock trading, commodity exchange markets, auction markets and multi-level

Electronic Commerce Page 27

 Srinivas Institute of Management Studies BCA - IV Sem

market distributions. The stock market operates through agents, who take orders for buying
and selling on behalf of their customers and place them on the stock exchange for matching
and fulfilling requests. The process based on phone, fax, and paper has a certain degree of
market inefficiency and friction related to the information flow, resulting in a higher
transaction commission charged by brokers. The financial brokerage firms like eTrade have
grown by going online, incurring lower business costs that in turn result in lower transaction
commissions charged to customers by placing the buy or sell order in financial instruments. In
general, in the exchange model, brokers earn revenue by charging the seller a transaction fee
based on the value of the sale. The auction model can be utilized by businesses to sell excess
inventory to consumers or by consumers to sell it to other consumers. The electronic auction
provides an internet-based mechanism and generates revenue by usually charging a fee or
commission from sellers. BaZee.com, AuctionIndia.com, eBay.com and OLX.in are examples
of some good businesses based on this model.

3) Manufacturer Model

In a typical distribution system from the time products are manufactured to the time they reach
consumers, it passes through several layers of intermediaries, such as the whole distributor,
and local store. Each layer adds to the market friction, thus adding to cost the consumer pays
and reducing the profit margin that the manufacturer may get. The manufacturer model is
similar to the electronic store model, except here the seller happens to be the manufacturer
himself. The manufacturer as a direct seller to the customer through the web offers numerous
advantages in the area of customer support and service, product marketing and fulfillment of
guarantees. Manufacturers have a better sense of customers' requirements, viewpoints,
suggestions, and complaints with regards to the existing products, leading to improved product
offerings and newer products. Dell Computers is an example for this model which started out
as a direct seller through the phone order mechanism and transformed itself to harness the
powers and advantages offered by the web.

2.3 Assignment Questions

1. What is a business model? (2 marks)

2. Explain the different categories of business model with a neat diagram (6 to 10 marks)
3. Differentiate between infomediary and metamediary business models. (5 to 7 marks) 4.
What is an affiliate model? Explain any 2 ecommerce businesses that use this model. (5 to
8 marks)
5. Explain the different categories of Native Content Models with an example (6 to 8 marks)
6. Explain the different categories of Transplanted Content Models with example (6 to 8
marks)
7. Explain the different categories of Native Transaction Models with an example for each.
(6 to 8 marks)
8. Explain the different categories of Transplanted Transaction Models with an example for
each. (6 to 8 marks)
9. What is the electronic store model? What are the major challenges faced by the model in
less developed countries? (6 to 8 marks)

Electronic Commerce Page 28

 Srinivas Institute of Management Studies BCA - IV Sem

10. What are the major advantages of the manufacturer model? Describe how the model
reduces market friction and costs? (6 to 8 marks)

UNIT – II

Chapter-3 Electronic Data Interchange

3.1 Conventional Trading Process

A typical trading process defines the relationship between a manufacturing organization and a
consumer organization. A conventional trading process consists of the following steps:

1. Either the inventory management system-based on a re-order policy following the

examination of the stock levels-raises the purchase requisition for the item or a department
raises the requirement for some items. The information on the requisition forms is entered
into the purchase processing system. Many a time there are transcription errors in the
process. Thus, it is necessary to edit and correct the data.

2. Once the correct requisition information has been updated in the computerized purchase
system, the purchase management system scans the suppliers' databases for potential
suppliers and prints the purchase requisitions (PRs), requesting the price and delivery
quotation in the name of screened suppliers.

3. The purchase requests are transmitted to the suppliers, either through phone/fax or through
mail / courier service.

4. The information printed on the purchase requests may be keyed in by the suppliers in their
computerized systems for processing, and a quotation against the purchase request may be
prepared and printed.

5. The quotation from the supplier is transmitted using traditional paper transmission
mechanisms such as fax/ courier / mail service.

6. All quotations, received from suppliers against a purchase request, are entered into the
manufacturer's automated system and edited and corrected to remove any transcription
errors.

Electronic Commerce Page 29

 Srinivas Institute of Management Studies BCA - IV Sem

7. The order is then printed on a standardized order form along with the terms and conditions
for delivery and payment.

8. The printed order is mailed, couriered, or faxed to the supplier.

9. The supplier, on receiving the order, enters it into the computer system and matches the
order with the quotation that has been submitted.

10. If everything is found in order, it raises an internal sales order which requires data entry /
editing of the information from the received purchase order, matching and processing of the
order, and then printing of the internal sales order.

11. The appropriate stock is thus picked and packed for sending it to the buyer along with the
packing list and advance shipping note and advice. The process, at times, may lead to a
partial fulfillment of the order. In that case, the customer needs to be informed of the short-
delivery and order-status in writing.
12. With the goods, the internal sales-order processing system also prepares a delivery note
which is sent to the buyer using postal mail/ courier / fax services.

13. The buyer or receiver, on receiving the goods and advices, compares and inspects the
goods, and prepares a goods receipt note containing the purchase order number against
which the goods are received, and marks the acceptance and rejection of the items shipped.
The information on the goods receipt note is transcribed at the computer department, edited,
and matched against the outstanding purchase-order. In case of partial delivery, steps 9-13
are repeated several times until the quantities on the order are fulfilled.

14. The supplier's computer, on completion of the order fulfillment, also generates an invoice
by printing it, which, in turn, is dispatched to the buyer/manufacturer.

15. The supplier's computer also generates a financial statement at the end of the trading
month for the payments. At times it also keeps sending reminders for the payment till the
complete payment have been received from the buyer.

16. The buyer's computer enters the information on the payment (demand) statement, matches
it against the purchase order, and also matches it against the information provided by goods
receipt note or, in other words, ensures that the order has been fulfilled and has been
inspected and accepted. If everything is found to be in order the buyer's computer processes
the order payment.

3.2 Electronic Data Interchange (EDI)

EDI is the exchange of business documents between any two trading partners in a structured,
machine-readable form. It can be used to electronically transmit documents such as
purchaseorders, invoices, shipping bills, receiving advices and other standard business
correspondence between trading partners. EDI can also be used in exchanging financial
information and payments in electronic form.

Electronic Commerce Page 30

 Srinivas Institute of Management Studies BCA - IV Sem

The Electronic Fund Transfer (EFT) systems used by financial institutions are a prime
example of the application of EDI in the banking and financial sector. EFT is defined as any
transfer of funds initiated through an electronic terminal, telephonic instrument, or computer
to order, instruct or authorize a financial institution to debit or credit an account. It deals with
moving funds from one financial institution to another

EDI should not be viewed as simply a way of replacing paper documents and traditional
methods of transmission such as mail, phone, or in-person delivery with electronic
transmission. Rather, it should be seen as a means to streamline procedures and improve
efficiency and productivity.

EDI covers wide and varied application areas and, depending upon the perspective, has been
defined in several ways.
According to the Data Interchange Standards Association (DISA), "Electronic Data
Interchange (EDI) is the computer-to-computer exchange of business data in standard formats.

The Webopedia says that, "Electronic data interchange, is the transfer of data between different
companies using networks, such as the Internet.
According to the EDI University, a training provider in EDI, "EDI stands for Electronic Data
Interchange, a method of transporting all types of information, such as purchase orders,
invoices, payments and even graphics, to another party electronically.

The National Institute of Standards and Technology says that, "EDI is the computer-
tocomputer interchange of strictly formatted messages that represent documents other than
monetary instruments.

EDI implies a sequence of messages between two parties, either of whom may serve as
originator or recipient. The formatted data representing the documents may be transmitted from
originator to recipient via telecommunications or physically transported on electronic storage
media."

3.3 Building Blocks of EDI system: Layered Architecture

The two key concepts in an e-commerce system are electronic document exchange and
electronic messages that need to be addressed for an EDI system to evolve. The electronic
messages/documents that can be interpreted and understood by various purchase and order
processing the systems deployed at different vendors are heterogeneous in nature. Thus,
evolution of a general purpose EDI system requires addressing of the problem of heterogeneity
at two levels-exchanging documents over heterogeneous networks and the heterogeneity of
document formats.
The general architecture of the EDI system consists of four layers:
 The Application-conversion layer

Electronic Commerce Page 31

 Srinivas Institute of Management Studies BCA - IV Sem

 Standard message formats layer

 The Data Transport layer
 The Interconnection layer

The layered architecture of an EDI system is shown in Fig. 3.1

Application/Conversion Layer

Standard Formats Layer

EDIFACT or ANSI X12

Data Transport Layer Email,

FTP, Telnet, HTTP, MIME

Interconnection Layer Dial-

Up lines, Internet, I-way, WAN

Fig 3.1 Layered architecture of EDI systems

1) Application/Conversion Layer

The application layer consists of the actual business applications that are going to be connected
through the EDI systems for exchange of electronic information. These applications may use
their own electronic record formats and document formats for storing, retrieving, and
processing the information within each company's systems. Since each company's system may
have its own proprietary format, which would be used by their system(s), for EDI to operate,
they need to convert the internal company document format to a format that can be understood
by the system used by the trading partner. When the trading partners are small in number,
converters for various partners’ formats can be built. But, as the number of partners with
different internal formats increase, the task of building converters for each proprietary format
to other formats becomes overwhelming.
The problem of heterogeneity of formats can be better addressed using a common standard
format for documents/messages transferred within the EDI system. The internal processing
systems continue to use the proprietary formats, but, for transmission over the wire, they adopt
a common document/message format. In this case the conversion program learns to translate
the common message format to the proprietary message format used by a system, and vice-
versa. The approach greatly simplifies the problem posed by heterogeneity of proprietary
message formats, as depicted in Fig. 3.2.

Electronic Commerce Page 32

 Srinivas Institute of Management Studies BCA - IV Sem

Fig 3.2 Common formats approach in EDI

2) The Standard Formats Layer

The important and critical building block of the EDI system is standards for business
documents/forms. Since the sender and receiver in the EDI systems have to exchange business
documents that can be interpreted by all parties, it has necessitated the development of form
standards in EDI. EDI form standards are basically data standards in that they lay down the
syntax and semantics of the data being exchanged. Some of the early and dominant adopters
of EDI, like the transport industry in the United States, took the lead in developing these
standards. The large retailers also saw the benefits of adopting EDI and went on to develop
unique standards suited to their individual requirements. The shipping industry devised a set
of standards called Data Interchange for Shipping (DISH), the automobile sector came up with
a standard under the umbrella of Organization for Data Exchange by Tele Transmission in
Europe (ODETTE). The need for an industry-wide EDI standard was widely felt and this lead
to the formation of a Standard Committee X12 under the auspices of American National
Standards Institute (ANSI).

Document Standards

The cross-industry standardization of documents is at the core of smooth functioning of EDI

systems. The interconnection among trading partners only serves the purposing of exchanging
information, but a document exchanged between two trading partners needs to be recognized
and interpreted correctly by the corresponding software systems running at various partners'
computers. For example, a purchase order needs to be identified by all the EDI applications
running on trading partners' computers as being a purchase order from a particular
organization. Over a period of time, two major EDI standards have evolved.
The first, commonly known as X12, was developed by the Accredited Standards
X12committee of the American National Standards Institute (ANSI) and the second, the
International standard, was developed by the United Nations known as EDI for Administration,
Commerce and Trade (EDIFACT).

ANSI X12 Standards

The X12 standard developed by ANSI sets the framework and rules for electronic data
interchange. It describes the format for structuring the data, the types of documents that should
be transmitted electronically and the content of each document. The identification numbers for
various forms, codes for a variety of fields, and types of information is also defined in the
standard. The standard also defines the sequence of information flow. The X12 devised the
standards to deal with transactions such as purchase order placement, order processing,

Electronic Commerce Page 33

 Srinivas Institute of Management Studies BCA - IV Sem

shipping, invoicing, and payments, to name a few. In the X12 standard, paper documents related
to particular business activities are mapped into a transaction set. Each transaction set is given
a numeric code and each transaction set is used and for defining the transfer of a single document
(purchase order, manifest etc.) between the computers of two trading partners. The X12
document can be thought of as containing three distinct types of information-header, detail, and
summary.

EDIFACT -An International Standard

In 1987, the United Nations announced an international standard called EDI for Administration,
Commerce, and Transport (EDIFACT). The EDIFACT standard is promoted by the United
Nations Economic Commission, which is responsible for the adoption and standardization of
messages. The International Standards Organization (ISO) has been entrusted with the
responsibility of developing the syntax and data dictionary for EDIFACT. EDIFACT serves the
purpose of trans-border standardization of EDI messages. EDIFACT combines the efforts of
American National Standards Institute's ASC X12, Trade Data Interchange (TDI) standards
developed and deployed by much of Europe and the United Kingdom.

3) Data Transport Layer

In a typical purchase process, once a purchase order has been prepared and printed in the
standard format, it is placed in an envelope and dispatched through postal or courier services to
the supplier. The content and structure of the purchase order is defined in the standards layer
(as described in preceding section) and is separate from the transport/carrier mechanism. The
layer utilizes any of the available network transport services such as Electronic mail (Email),
File Transfer Protocol (FTP), Telnet based remote connection and transfer or even the Hyper
Text Transfer Protocol (HTTP) that drives the World Wide Web. Electronic mail has emerged
as the dominant means for transporting EDI messages. EDI documents/messages are exchanged
through the network infrastructure as electronic mail messages. Electronic mail is used only as
a carrier for transporting formatted EDI messages by the EDI Document Transport Layer. The
structured message, delivered by the electronic mail, is interpreted by the receiving software,
which is capable of comprehending the structure of the EDI standard information. ITU-T has
adopted X.435 (X.400-based) standards to support electronic data interchange (EDI) messaging.
Unlike the normal electronic mail message transfers, EDI messages are used for business
transactions and security acquires paramount importance. The integrity of the message ensuring
that the message has not been tampered with, intentionally or inadvertently, during the transit-
and the non-repudiation-ensuring that neither party can deny sending the EDI business form
once it has been sent or received-have to be in-built in the transport standards, structure and
processes.

4) Interconnection Layer

The interconnection layer refers to the network infrastructure that is used for the exchange of
information between trading partners. In the simplest and most basic form it may consist of dial-
up lines where trading partners dial-up through modems to each other and connect to exchange
messages. In case of the direct dial-up connections, partner computers have to be available for

Electronic Commerce Page 34

 Srinivas Institute of Management Studies BCA - IV Sem

online connectivity and ready to receive the data at all times. Additionally, direct connections
between partners have further problems as each partner has to establish a number of direct
connections with all the partners.

Leased lines and I-way, Internet or any reliable network infrastructure that can provide
interconnection can be used. Through interconnection, EDI partners are able to achieve
document exchanges between themselves. The information entered by the trading partner on
his/her computer screen, or the document transfer request initiated by some process in the
trading partner's computer travels to the receiving partner's computer through the network
routes and pathways. EDI messages received on the partner's computer are processed for
correctness of format, interpretation, and then inserted for processing into the internal system.
The receiving partner's computer has to carry out a variety of tasks, such as identifying the
standards, translation from standards to local systems, and then initiating the request/order
processing from the local system.

3.4 Value Added Networks

Value-added network or VAN is a convenient method for conducting EDI which provides
functionalities related to connectivity and common services such as continuous presence for
receiving and sending documents often implemented through mailboxes, protocol conversion,
implementation assistance, security and auditing are handled by the value added network
provider.
In other words, value added networks (VANs) are third-party communication networks
established for exchanging EDI traffic amongst partners. Various businesses (trading partners)
subscribe to VAN services. For every subscriber, the VAN maintains an account, which serves
as an electronic post box for the subscriber, for sending and receiving EDI messages. There
are a number of third-party value added network providers in the market place. Many
VANs today also offer document exchange ability of EDI documents with other VANs.
Typically a company subscribes to a VAN to give some network services like EDI
translation, encryption, secure e-mail, management reporting and other extra services for
their customers. The typical services provided by value added networks are as follows:

1. Document conversion from one standard to another; typically required when two trading
partners use different standards for EDI exchanges, i.e., ANSI ASC X12 to EDIFACT or
TDCC to ANSI ASC X12.

2. The sender may follow certain conventions that are different from the receiver. VANs can
also provide translation from a sender's conventions of a standard document to the receiver's
conventions; i.e.
• translate field separators
• discard unwanted characters
• Format translation from EDI standard to or from flat file, flat file to flat file, XML and other
formats
• Data translation among the PDF, XLS, MDB, or other web- based documents.

Electronic Commerce Page 35

 Srinivas Institute of Management Studies BCA - IV Sem

3. The appropriate customer data can be saved in the VAN account and later appended on
messages where required.

4. The VAN provider's computers also store data such as customer profiles, repetitive waybill
codes, etc. which can be used for filling up the EDI transaction document with the help of
the customer profile code. The customer profile stored on the VAN can be accessed using
the customer profile code and the data from the profile stored on the VAN can be used for
completing the EDI transaction.

5. Subscribers can interactively enquire about the status of any EDI transaction made by them.

6. Subscribers can receive "verify acknowledgments" in the mailbox even when they are not
online.

7. The VAN can alert the subscriber (receiver) that there is data in their mailbox to be picked
up:
• By sending a fax notification
• By calling a pager or other alerting devices that signal users about the waiting mail in the
mailbox.

8. The VAN can capture the specified data from transactions which, in turn, can be used for
generating customer-specified reports.

9. The subscriber may specify the editing requirements, which can be edited by the VAN for
completeness and correctness, as per requirements. For example, it can verify that the line item
charges on an invoice add up to the total value shown on the EDI invoice.

10. In situations where such missing or mismatching data is found during the edit process, the
VANs usually send messages to the originator informing it about the missing/ mismatched data
and the request re-transmission of the same. For example, the ASC X12, upon receipt of the
shipment status message (214) with missing data, sends a status inquiry (213) transaction to
the carrier requesting correction and re-transmission.
11. Validate and verify the information stored in customers' databases for missing data and
send messages to appropriate firms requesting correction of the missing data.

Electronic Commerce Page 36

 Srinivas Institute of Management Studies BCA - IV Sem

Fig 3.3 Typical VAN Example

There are many third party VAN providers the marketplace. Some of them are listed here:

1. GEIS - Operated by General Electric of USA, GEIS has presence in over 50 countries, GE
as the major trader (buyer as well as supplier) of goods from top corporations of the world
has brought major trade partners on a VAN.

2. Cable & Wireless - Highly reliable, with a subscriber base of over 2000 top companies of
the world, cable and wireless holds nearly 8 per cent market share of the global VAN
market.

3. GNS - It is one of the largest value added network, and has presence in around 36 countries.

4. Transpac - A France based EDI VAN provider, Transpac owns the largest domestic VAN
market share and has a strong presence in Europe. It uses the Infonet for offering VAN
services outside the domestic domain.

5. Infonet - It is a VAN service jointly owned and operated by WorldComm, Singapore

Telecom and Transpac. The owning organizations themselves offer VAN services in the
local domains and cover rest of the world through the Infonet.

6. Satyam Infoway - Satyam is first private national Internet Service Provider (ISP) to offer
EDI VAN services in India, in association with the Sterling Software of USA. In addition
to the standard VAN services, it offers Web EDI VAN services as well.

7. NICNet - The National Informatics Center, an arm of Indian Ministry of Information

Electronic Commerce Page 37

 Srinivas Institute of Management Studies BCA - IV Sem

Technology has established connectivity through 600 points in India. The NIC's network
(NICNet) interconnects all the state capitals and district headquarters through its network. The
NICNet in late 1999 also started offering value added network (VAN) services to facilitate and
encourage EDI adoption in India. Some of the largest implementations of EDI in India, such
as Indian Customs, Port Trust and Apparel Export Promotion Council use the NICNet VAN.

3.5 Benefits of EDI

1. Reduces Lead Time

In the EDI environment, the exchange of documents among trading partners happens
electronically through interconnected computers. The process of transferring the
documents/information is instantaneous, offering weeks of time savings compared to the
traditional environment that used postal/courier based exchange of printed documents. Also,
the direct electronic transfer of documents between inter-organizational systems eliminates the
chances of error due to re-entry of data on paper from one system to another

2. Improves Coordination with Suppliers

Traditional trading environments are often burdened with the problem of mismatched invoices,
un-matching terms in quotations and purchase orders, missing invoices even after the bill for
payment is received and many similar inter-business problems. On careful examination, it will
be evident that much of these problems are caused either by delays in the transmission of
printed documents, loss of documents in transition, or due to errors in the transcription of the
printed information into the electronic form. The instantaneous transfer of business documents
over the network in electronic form and confirmation of the same addresses makes it nearly
impossible for documents to arrive in wrong sequence.

3. Reduces Redundancy

As all the documents exchanged between trading partners are stored in an electronic mailbox,
documents can be accessed, retrieved, and examined at any point of time. Either trading partner
can access, examine, and make a copy of the document from the electronic box instantly.
Contrast it with the non-EDI system; it may take hours, or even days, to locate and retrieve a
printed business document from the past. Many a time, trading partners file copies of the same
document at multiple places. The EDI environment eliminates the need for multiple copies and
reduces redundancy without compromising the accessibility and retrieval of old documents.

4. Expands the Market Reach

Most large manufacturers like General Motors deal with EDI-enabled suppliers only. In the
process of streamlining the purchase process they often institute a value-added network. By
being a part of their value added network, many opportunities open up for supplying the
material to some other larger suppliers who are also a part of the network. Also, with the growth
of electronic commerce and further integration of EDI with electronic commerce, the creation
of an electronic marketplace by large manufacturers who buy supplies from many large and

Electronic Commerce Page 38

 Srinivas Institute of Management Studies BCA - IV Sem

small suppliers, has become a reality. By, participating in this large market place you are likely
to pick many orders from other suppliers who are a part of the market/network.

5. Increases Revenue and Sales

Many large organizations use EDI and trade with other EDI-enabled suppliers. The efficiency
brought about by EDI reduces the total transaction friction by eliminating paperwork and
related errors that ensue. It also leads to quicker settlement of accounts. The reduced
transaction friction saves money and the supplier is in a better position to offer the items at
cheaper costs, leading to improved revenue realizations and sales.
6. Minimizes Transcription Errors

Since the documents are sent and received in electronic form, the need to write the data on
paper is not there and, as a result, hand-written transcription errors are totally eliminated.

Direct Benefits of EDI

• Since the transfer of information from computer to computer is automatic, there is no need
to re-key information. Data is only entered at the source.
• The cost of processing EDI documents is much smaller than that of processing paper
documents.
• Customer service is improved. The quick transfer of business documents and marked
decrease in errors allow orders to be met faster. Information is managed more
effectively.

Strategic Benefits of EDI

• Customer relations are improved through better quality and speed of service.
• Competitive edge is maintained and enhanced.
• Reduction in product costs can be achieved.
• Business relations with trading partners get improved.
• More accurate sales forecasting and business planning is possible due to availability of
information at the right place at the right time.
• There is improved job satisfaction among data entry operators, clerks, etc. when they are
re-deployed in more creative activities.

3.6 Applications of EDI

• The ability to exchange business documents electronically has been found to facilitate
coordination between business partners, reduce the lead-time and thus reduce inventory.
• Although, large manufacturing and transportation companies were the early birds who
recognized the advantages, any of the other industry segments also stand to benefit from
electronic document exchange.

Electronic Commerce Page 39

 Srinivas Institute of Management Studies BCA - IV Sem

• The health care, financial sectors and cross-border trade facilitated through electronic
document exchanges are some other sectors that adopted and derived the returns from
EDI.
• Banking and financial payments like Large-scale or wholesale payments (e.g., bank-
tobank transfer), Small-scale or retail payments (e.g., automated teller machines and cash
dispensers) and Home banking (e.g., bill payment) are also facilitated through EDI.

• Retailing payments through Credit cards (e.g., VISA or MasterCard), Charge cards (e.g.,
American Express), Smart cards or debit cards (e.g., Mondex Electronic Currency Card),
Token-based payment systems through Electronic cash (e.g., Digi Cash), Electronic
checks (e.g.Net Cheque) etc are also done through with widely used EDI-based electronic
ordering and billing processes.

• EDI software can also be used in e-mail and network services in order to send electronic
purchase orders, invoices and payments back and forth.

3.7 Assignment Questions

1. Explain the different steps in a Conventional Trading Process. (7 to 10 marks)

2. What is electronic data interchange? Give an example (2 marks) (2008)
3. Define EDI. (2 marks) (2009, 2010, 2011, 2012)
4. Define EFT. (2 marks) (2009, 2012)
5. Explain the different concepts of EDI. (4 or 5 marks)
6. Discuss the benefits of EDI. (5 or 6 marks) (2008, 2009, 2010, 2012)
7. Explain the direct and strategic benefits of EDI. (5 or 6 marks) (2008, 2009, 2010, 2012)
8. Explain the basic building blocks of an EDI system with a neat diagram. (6 to 10 marks)
9. Explain the layered architecture of an EDI system with a neat diagram. (6 to 10 marks)
10. Explain the different standard formats of an EDI system. (4 or 5 marks)
11. What is EDIFACT? (2 marks)
12. What is a value added network? Explain the various services provided by VAN. (6 to 10
marks)
13. Explain the different third party VAN providers available in the electronic marketplace (5
or 6 marks)
14. Explain the different benefits of EDI. (5 or 6 marks) (2008, 2009, 2010) 15. Explain the
different applications of EDI. (4 or 5 marks) (2011, 2012)

Chapter-4

Electronic Commerce: Architectural framework

4.1 Framework of E-Commerce

Electronic Commerce Page 40

 Srinivas Institute of Management Studies BCA - IV Sem

Electronic commerce applications require a reliable network infrastructure to move the

information and execute a transaction in a distributed environment. These applications rely
upon two key component technologies i.e., the publishing technology necessary for the
creation of digital content and distribution technology to universally move the digital contents
and transactions information. Thus, in the framework network infrastructure forms the very
foundation while publication and distribution technologies are the two pillars that support the
creation of distributed electronic commerce applications. In addition to technological
infrastructure and applications, for electronic commerce to flourish, it is essential to have a
business service infrastructure. The business service infrastructure comprises of directory
services; location and search services; and a trust mechanism for private, secure, reliable, and
non-deniable transactions, along with an online financial settlement mechanism.

The multi-layered architecture of electronic commerce, comprising essential blocks has been
shown in Fig. 4.1.

The framework describes various building blocks, enabled by technology, for creating new
markets and market opportunities. The building elements of electronic commerce architecture
are described as follows

Electronic Commerce Page 41

 Srinivas Institute of Management Studies BCA - IV Sem

4.1.1 Network Infrastructure

The network infrastructure forms the very basis of the electronic commerce, playing the role,
in many ways, analogous to road/transport highways in the traditional commerce. Information,
information goods and transactions move between the clients and commerce provider, through
network highways. The network infrastructure, known as internet, consists of heterogeneous
transport systems. These different transport networks interconnect using common network
protocol standards called TCP/IP. TCP/IP is concerned with the issue of providing a reliable
data transmission mechanism for applications. All the computers connected / accessible on the
internet share a common name and address space which uniquely identifies the machine

The common name space is implemented using the Domain Name System (DNS) and ensures
that each machine on the internet has a unique name. The name here refers to the combination
of the host and domain name. TCP/IP named after its two primary protocols - Transmission
Control Protocol (TCP) and Internet Protocol (IP), has emerged as a de facto standard of
connectivity. In TCP / IP networks, the internet protocol layer delivers the IP packets from end
to end in a connectionless format. The IP layer receives packets from the upper layers and
injects them into underlying networks. In IP layers each packet is delivered independent of all
other packets, thus in the process it may deliver packets out of the sequence in which they were
sent.

The transmission control protocol (TCP) provides a connection-oriented reliable delivery

mechanism. It insures that a byte-stream, emanating at one machine destined for the other
machine, is delivered without any errors, duplication and in the original sequence. TCP layer
at the originating machine divides the incoming byte-stream from applications into multiple IP
packets and adds sequence numbers to them. The receiving TCP process at the destination
machine combines the packets together and orders them by the original sequence number
assigned to them prior to delivery.

The transport layer in addition to TCP also supports a User Datagram Protocol (UDP). UDP
is an unreliable connectionless protocol. It is often used in applications, such as video and
audio streaming, where prompt and constant delivery of data is more important than the in
sequence and reliable delivery offered by TCP. It is also utilized by single packet requestreply
applications, where speed of delivery is more important.

The construction of a reliable network infrastructure requires two types of

hardwaretransmission media and components such as routers, switches, hubs, and bridges. The
network bandwidth is usually dependent upon the quality of transmission media. The coaxial
cables, copper wire, fiber optical cables, radio, microwave, and satellite based transmission
mechanisms are some modes utilized for the physical transmission of data. Data transmission
or the bandwidth has been provided by telecom companies operating telephone lines, cable TV
systems with coaxial cables, direct broadcast systems (DBS), wireless network providers,
computer networking providers, satellite transponders, and fiber optical infrastructure
providers. Access to the network requires devices that are referred to as Data Terminal
Equipment (DTE).

Electronic Commerce Page 42

 Srinivas Institute of Management Studies BCA - IV Sem

4.1.2 Information Distribution Technology

Information distribution and messaging technologies provide a transparent mechanism for

transferring information content over a network infrastructure layer. It is accomplished through
software systems that implement File Transfer Protocol (FTP), Hypertext Transfer
Protocol (HTTP) and Simple Mail Transfer Protocol (SMTP) for exchanging multimedia
contents consisting of text, graphics, video, and audio data. For electronic commerce,
challenges exist in providing a secure, reliable, and portable mechanism that can inter-operate
over a variety of devices such as personal computers, workstations, palmtops, set-top boxes
and wireless communicators.

Once delivery message content has been created and stored on a server, messaging and
information distribution methods, it carries that content across the network. The messages
which are sent from one site to another site include purchase orders, shipping notices, invoices
and other product delivery data. The messaging vehicle is called middle ware software that sits
between the Web servers and the end-user applications and masks the peculiarities of the
environment. Messaging and information distribution also includes translators that interpret
and transform data formats.

The HTTP protocol permitted the transparent delivery of hyper-linked documents, residing on
remote computers, consisting of multimedia information. The messaging service offered by
SMTP servers have been implemented by the various software programs that ensure a message
composed and dispatched for a specified destination address is delivered reliably. Some of the
commonly used and available implementations of the SMTP services are Sendmail and Qmail
programs. Similarly, various implementations of FTP protocols have also existed for quite
some time and have been in use for reliably transferring files from one computer to another
over the network.

4.1.3 Networked Multimedia Content Publishing Technology

The information distribution protocol, HTTP, delivers the documents written in the Hypertext
Markup Language (HTML), to the client program. The language offers an easy way for
integrating multimedia content, residing in a variety of computers connected on the internet.
HTML makes it possible to integrate the multimedia content in a document form and the
integrated content then can be published using the HTTP servers. Clients can make requests,
for the published information residing on HTTP servers. Clients submit requests to servers
using the Hypertext Transfer Protocol. The servers respond to requests by locating and
delivering the HTML document or error message to the client. The client programs, also known
as browsers, parse and render the delivered HTML documents on the screen of the client
machine. All published documents on the internet can be uniquely identified and located by a
Uniform Resource Locator (URL) address. The URL address effectively serves as a unique
name of the published document, worldwide.

Electronic Commerce Page 43

 Srinivas Institute of Management Studies BCA - IV Sem

The URL is made up of three parts: the protocol name, machine name, and the name of
document on the machine. The machine name part of URL identifies the machine and protocol
name determines the distribution server that will serve the document and the rules and format
in which the document will be served. The document name of the URL points to a specific
document on the machine. Thus, a URL is capable of addressing as well as locating documents
in the entire universe of internet.

The HTML is tag-based language and provides a rich set of tags that are used for designing
the page layout, embedding multimedia objects, hyperlinking documents residing on the same
as well as other internet connected machines. A simple HTML document can be developed in
any standard text editor. In addition to HTML, the Extensible Markup Language (XML) has
also emerged as a language for developing pages for the web. HTML is more concerned about
how a page is formatted and displayed, while XML describes the actual content of a page. It
simplifies the task of describing and delivering structured data from any application, thus,
providing users with the ability to share and search the data in XML documents, in much the
same way as we share and search data from databases and files. The actual multimedia content,
i.e., the graphics, video clips, audio clips, and animated content can be developed by tools and
editors available in the respective areas. Web technology, consisting of information
distribution (HTTP) and publishing as well as integration (HTML and multimedia content
editors), provides the two basic pillars on which electronic commerce applications are built.

4.1.4 Security and Encryption

Wide connectivity and ready access to information also opens up sites to unwanted intruders.
For electronic commerce to be viable, two important issues need to be addressed: protection
of the source of information that is being made available online, and protection of the
transaction that travels over the network. The first issue is addressed by deploying strong site
security measures that constantly monitor the site for authenticated and authorized activities,
virus detection and elimination systems, and intrusion detection systems and firewalls. The
second issue of securing the transaction, carried out over the network, requires addressing
several security and confidentiality related issues. The confidentiality or privacy of the
transaction data can be addressed by using various encryption techniques. The shared key as
well as the public/private key pair based encryption techniques can be used for the purpose.
In addition to the confidentiality of the transaction issue, the other important issues is to ensure
that the messages exchanged between two parties in a transaction have not been tampered with
and assure that neither of the parties will repudiate the transaction.

The process of identifying and authenticating transacting parties is essential in the electronic
commerce environment. The task of authentication can be accomplished with the help of
Digital Certificates signed/issued by a trusted certification authority. Encryption and digital
signatures are used for ensuring message integrity and non-repudiation. The issue of protecting
the information available on the electronic commerce site: Privacy, Secrecy and Tamper-
proofing of information flow from one site to another. Encryption technologies based on shared
key mechanisms such as Data Encryption Standard (DES) or public-private keys such as
RSA algorithms have been utilized for addressing the issues of authentication, authorization,
privacy and non-repudiation.

Electronic Commerce Page 44

 Srinivas Institute of Management Studies BCA - IV Sem

4.1.5 Payment Services

Online payment is fundamental to the acceptance of electronic commerce as a viable

alternative to traditional commerce. It is a mechanism that facilitates an online financial
exchange between concerned parties and helps users to pay for an item they have bought
online. In the case of large and established businesses deploying Electronic Data Interchange
(EDI) for transactions, banks have been supporting the electronic payment mechanism through
the Electronic Fund Transfer (EFT) channel. Several scalable and flexible electronic
payment mechanisms-cash, cheques and credit cards have emerged, essentially imitating
traditional payment mechanisms. Electronic payment mechanisms represent currency in the
form of digital bits and require security and encryption mechanisms to ensure that it cannot be
duplicated, reused or counterfeited and yet can be freely exchanged. In addition, these
electronic payment systems also offer the confidentiality, integrity, and privacy of traditional
payment systems. The electronic payment mechanisms evolved can be classified in to three
major categories-pre-paid, instant-paid, and post-paid. The instant-paid mechanism requires
equivalence to Government/Central Bank backed cash transactions. None of the electronic
payment systems offer the equivalence to a Government/Central Bank guarantee like cash.
Debit cards come closest to instant-paid electronic payment systems. The various electronic/
digital cash mechanisms are in fact prepaid payment systems.

In these systems the physical currency is used for acquiring digital cash that in turn can be
spent in an electronic payment environment. Post-paid mechanisms are equivalent to credit
card and cheque based transactions Ecash, Digicash, NetBill, Micromint, Netfare and Mondex
are some examples of payment systems that fall in the pre-paid category. The FSTC electronic
cheque, Netcheck, and Cybercash systems are some examples of post-paid electronic payment
systems. Traditional credit card majors have come up with Secure Electronic Transaction
(SET) protocol. The protocol provides a secure mechanism for using standard credit cards,
over the network, for electronic payment purposes.

4.1.6 Business Services Infrastructure

Business service infrastructure includes directories and catalogues. These are essential for
identifying and locating businesses that meet customer requirements. The directories and
catalogs refer to Business Directories and Yellow Pages used by customers to identify and
locate businesses that are likely to provide the service or fulfill product demand in traditional
commerce. Search engines and directory service providers like AltaVista, Google, Yahoo!
Infospace, Bing, etc are identified and capitalized on the need by providing the service.

Search engines compile their databases by employing "robots", often called spiders, to crawl
through the web space. The crawling is done by picking a page and then visiting all the links
referred to in that page and in the process identifying and perusing the pages. Once the spiders
get to a web site, they typically index words on the publicly available pages at that site. The
engine scans its index for matching the key words and phrases typed by the user. The search

Electronic Commerce Page 45

 Srinivas Institute of Management Studies BCA - IV Sem

engine maintains a database that contains correspondence between text terms and document
URLs. Finally the search engines return the relevant URLs for the keywords or search terms
entered by users. With millions of web pages on the internet, a simple search for any term or
phrase may result in thousands of URLs. Thus, it is important for web site designers that their
URL is ranked amongst the top few for the relevant terms and keywords.

A hierarchical directory structure that classifies web sites based on the content in various
categories, subcategories and further granularity of the same has been alternatively used for
successfully locating the relevant information. Many a time the entry in the directory and
within that appropriate category is done after reviewing the content of a web site. This allows
users to locate the relevant web site by navigating through the hierarchy.

4.1.7 Public Policy and Legal Infrastructure

The access to network infrastructure and legal framework, for the protection of transactions
conducted over the network, play important role in the viability and the growth of electronic
commerce. In many of the countries the government is the only provider of telecommunication
access, which has inhibited the growth of the network infrastructure in many countries. The
telecommunication infrastructure designed for the voice data can carry data traffic only to a
limited extent. Universal access at an affordable cost is important for the growth of the digital
economy and electronic market. The Organization of Economic Cooperation and Development
(OECD) have been putting together several initiatives and policy guidelines to address
communication infrastructure development throughout the world.

Although, security and encryption technology can help in ensuring the secrecy and integrity of
data, to ensure that the transaction is conducted on behalf of two acclaimed parties, an
authentication infrastructure has to be put in place. Authentication is offered by a third party
that certifies the identity of the transacting parties. In traditional commerce people usually
prefer doing business within the neighborhood or at well known shopping centers with
businesses whose reputations they trust. To provide a legal framework for ecommerce
transactions, the General Assembly of the United Nations adopted a Model Law on Electronic
Commerce in 1997 which recommended that all the member states should favorably consider
the Model Law in the exchange and storage of business transaction information.

The Controller of Certification Authorities (CCA) is responsible for issuing licenses to and for
regulating the certification authorities in India and maintains a directory of all the certificates
as well. Thus the certification authority, based on public key infrastructure of CCA provides
legal policies and framework provided with digitally signed contract that ensures
nonrepudiation of contracts, purchase orders and agreement repositories.

4.2 Assignment Questions

Electronic Commerce Page 46

 Srinivas Institute of Management Studies BCA - IV Sem

1. Briefly explain the framework of e-commerce with a neat diagram. (6 to 10 marks) 2.

Explain the different protocols and their services in the network service infrastructure. (5
or 6 marks)
3. Explain the services provided by networked multimedia content publishing in e-commerce
(5 or 6 marks)
4. What are the essential technologies for ensuring security in an e-commerce environment?
(5 or 6 marks)
5. What is the role of online payment systems in e-commerce? (5 or 6 marks)
6. What is meant by business service infrastructure? Explain its role in e-commerce. (5 or 6
marks)
7. What is the role of certification authority in the e-commerce framework? (5 or 6 marks)
8. What are the requirements of creating a trust environment in e-commerce? (5 or 6 marks)

Chapter-5

Information distribution & Messaging in E-Commerce

5.1 FTP Application

FTP or File Transfer Protocol is the protocol used for exchanging files over the Internet. FTP
works in the same way as HTTP for transferring Web pages from a server to a user's browser
and SMTP for transferring electronic mail across the Internet in that, like these technologies,
FTP uses the Internet's TCP/IP protocols to enable data transfer.

FTP is most commonly used to download a file from a server using the Internet or to upload a
file to a server (e. g., uploading a Web page file to a server). FTP is used to transfer data from
one computer to another over the Internet, or through a network. Specifically, FTP is a
commonly used protocol for exchanging files over any network that supports the TCP/IP
protocol (such as the Internet or an intranet).

There are two computers involved in an FTP transfer: a FTP server and a FTP client. The FTP
server, running FTP server software, listens on the network for connection requests from other
computers. The client computer, running FTP client software, initiates a connection to the
server. Once connected, the client can do a number of file manipulation operations such as
uploading files to the server, download files from the server, rename or delete files on the
server and so on.

Electronic Commerce Page 47

 Srinivas Institute of Management Studies BCA - IV Sem

The FTP client can browse through the list of files and directories available under the login
account. It can request to transfer a file from the server machine to the client's machine
(download), or transfer a file from client's machine to server's machine (upload a file). The FTP
supports both batch as well as interactive uses. The protocol only specifies the mode of
interaction between the FTP server and clients running on two computers; the user interface is
left completely to the client designer.

There are various user interfaces, ranging from the command line interface to window versions.
The typical command line version of the interface can be invoked by typing the command FTP
at the prompt. The FTP client responds by requesting the login information. The FTP client
reads the commands, types at the prompt, prepares a FTP packet and writes it to the FTP server
running at a well known port of the connected machine. The server prepares a response protocol
packet and sends it to the client.

The file transfer application operates through two connections, as control connection needs to
be established prior to attempting any file transfers. On making the control connection the FTP
server requests authorization information in the form of a user name and password. The
authorization information determines whether the files can be accessed by the FTP user. Subject
to access permissions, users can transfer files in either direction through "Get" or "Put"
command. The files transfer application opens a new connection for the data transfer.

The FTP Architecture is shown in fig. 5.1

Fig 5.1 File Transfer Architecture

5.2 Electronic Mail (E-mail)

Electronic Commerce Page 48

 Srinivas Institute of Management Studies BCA - IV Sem

Electronic mail or Email is the transmission of messages over communications networks. An

e-mail system is concerned with the ability to compose messages, move messages from the
originator’s site to the recipient’s site, report the delivery status to originators, browse
messages by the recipients and finally the dispose off the messages. Most e-mail systems
include a rudimentary text editor for composing messages, but many allow you to edit your
messages using any editor you want. You then send the message to the recipient by specifying
the recipient's address. You can also send the same message to several users at once. This is
called broadcasting. Sent messages are stored in electronic mailboxes until the recipient
fetches them. To see if you have any mail, you may have to check your electronic mailbox
periodically, although many systems alert you when mail is received. A typical architecture of
the e-mail system (Fig. 5.2) consists of two components to accomplish the functionality- a user
interface program and the message transfer server.

The user interface, also often called mail reader, is a program that offers users an interface to
compose a new message, read a message, reply to senders and delete or file the message. The
user interface program (mail reader) provides three functions, i.e. composing, browsing, and
disposition. There are a variety of mail readers available. They are built on a character based
interface, i.e. a Graphical User Interface (GUI) which is menu and icon driven and accepts
inputs from the mouse and keyboard. Message Transfer Agent (MTA) programs accomplish
the function of transferring the message to the destination. These programs communicate with
each other using a standard protocol. A user agent composes a message which contains the
destination mailbox address. The message transfer agent connects to the other message transfer
agent running on the machine specified in the destination address of the composed message
and delivers it through the standard message transfer protocol. In the internet environment the
Simple Message Transfer Protocol (SMTP) has been widely adopted and message transfer
agents using the protocol are often referred to as SMTP servers.

Electronic Commerce Page 49

 Srinivas Institute of Management Studies BCA - IV Sem

Fig 5.2 Architecture of the E-mail System

As stated earlier, the composed message is communicated to the MTA, which in turn is
responsible for transferring it to the destination. The transfer agent uses the information
contained in the message to find out the address of the machine and mailbox id (or username)
for the final delivery. In the internet environment the message, handed over by the user agent
to the message transfer agent, follows a standard format described in RFC 822 and servers using
SMTP accomplish the message transfer.

Message Format

The format of an e-mail message, composed by the user agent, is described in RFC-822,
available on the internet. The original RFC 822 format was designed for handling text only
mails, but later was enhanced to use multimedia extensions, by supplementing the header fields.
The message consists of standard lines of text messages in the "memo' format. As in a memo,
it has a header portion that follows a rigid specification and the body of the message portion
that is a free flowing text. The header portion consists of two types of field-the rigidly formatted,
and the user defined. Some of the rigidly formatted fields contain information regarding the
message transport and delivery and are used by message transfer agents, while the rest of them
are used by the user agents or recipients. Some of the fields used in RFC 822 message format
are shown in Table 5.3.

Header Field Name Description

To E-mail addresses of primary recipients

From E-mail addresses of message creator
CC E-mail addresses of carbon copy recipients’ E-mail
addresses

Electronic Commerce Page 50

 Srinivas Institute of Management Studies BCA - IV Sem

BCC Blind of carbon copy recipients

Sender E-mail addresses of actual message sender

Reply To E-mail addresses to which reply should be sent

Subject Short Title of the message
Date The date and time message was sent
Return path Identifies the return path to the sender
Message Id A unique identifier for referencing this message later

Electronic Commerce Page 51

 Srinivas Institute of Management Studies BCA - IV Sem

Message Transfer

Message transfer agents (MTA) are responsible for delivering the message to the destination
machine. In the Internet environment, the SMTP is widely used by message transfer agents.
Simple Mail Transfer Protocol (SMTP) is an ASCII based protocol. In a typical message
transfer between two SMTP daemons, the sender makes a TCP based connection to the daemon
running at port 25 of the machine specified in address field of the header. On successful
establishment of connection, the message is transferred to the destination daemon using SMTP.
The message transfer follows the envelope and content model. The envelope is constructed from
the "From:" and "To:" fields of message format. In a typical session between two SMTP
daemons, the receiving daemon accepting a connection request from the sender responds by
sending a welcome message. For example the sender daemon responds with the 'HELLO'
command and informs it about its own domain. After the handshake phase, the address on the
envelope is used by the sender daemon to establish the data transfer to the right user on the
receiving side. The sender daemon communicates, to the receiver, the protocol packet
containing a 'From' address followed by the recipients' addresses one at a time. The receiving
daemon responds each of the protocol packets, either with an "Okay", or with a specific error
message.

One generic application that offers information / file management and delivery services is called
Mail Server. A mail server accepts all the incoming messages destined for a specific userid
processes the body of message as a list of commands. Typically, the subject line is blank and
the mail server ignores it. The mail server running at the machine sends back the files available
at the site locating a useful file, the user may send another mail with the message body
containing 'file <filename>' and will receive the file by e-mail.

5.3 World Wide Web Server (WWW Server)

The concept of the World Wide Web (WWW) was born, out of an experimental system
developed at CERN (European Laboratory of Particle Physics) with the objective of enabling
document sharing among scientists, in 1989. A prototype system offering the ability to inter
link multimedia documents, distributed over the network through the concept of hyperlinks,
was developed at CERN. The developed system offered an intuitive and logical interface that
makes it easier to browse textual, graphical, audio and video information integrated on the same
screen.
The original architecture proposed by Tim Berner Lee consisted of documents stored and
managed on server machines and client processes, running on distant or even the same machine.
The server software was envisaged to be a process that receives requests from the client
processes and replies to them by delivering appropriate documents. In the proposed system the
client and server processes run on machines connected on the same network. The

architecture consisted of two building blocks - the server and the client processes,
communicating on the same network.

The World Wide Web became extremely popular as the client programs or browsers available
offered an easy to use graphical user interface and the ability to point and click in order to access
Electronic Commerce Page 52
 Srinivas Institute of Management Studies BCA - IV Sem

any hyper-linked information. The server accepts browser requests and manages the delivery
of documents to the browser. The documents contain hyper-links, rich text and multimedia
information.

The World Wide Web is the combination of four basic ideas:

• Hypertext: A format of information which allows, in a computer environment, one to

move from one part of a document to another or from one document to another through internal
connections among these documents (called "hyperlinks").

• Resource Identifiers: Unique identifiers used to locate a particular resource (computer

file, document or other resource) on the network - this is commonly known as a URL. In the
World Wide Web, unique Uniform Resource Locator (URL) defines each published
document. A URL consists of the three components. The first component, prefixed and
separated by / /, describes the protocol server; for the web it is 'http'. The second component,
the text starting after / / and ending with the' /' or end of string, describes the domain name of
the server, for example www.google.com. The third component, beginning with the / and
finishing with the end of string or ':', describes the document name at the server. The web
server waits for client connections and requests at the port 80, as a standard convention.
Examples of a URL: http://www.w3shools.com
http://www.w3schools.com/index.html
http://www.w3schools.com/index.html:8080

• Markup language: Characters Codes embedded in text which indicates structure,

semantic meaning, or advice on presentation. The Hypertext Markup Language HTML is used
for constructing these documents. An HTML file is a text file containing small markup tags
which tells the Web browser how to display the webpage on the internet. The request-reply
paradigm between the browser and the server follows a standard protocol, called HyperText
Transfer Protocol (HTTP).

• The Client-server model of computing: A system in which client software or a client

computer makes requests of server software or a server computer that provides the client with
resources or services, such as data or files

In normal operation, a user types the URL on the address bar of the browser. The browser
parses the URL to determine the domain name, document name and the port number at which
to contact the server. The browser contacts the servers and uses HTTP to retrieve the specified
document from the server. The retrieved HTML document is then parsed and rendered on the
screen by the browser. The interaction between the browser and web servers take place in the
format described in HTTP.

Electronic Commerce Page 53

 Srinivas Institute of Management Studies BCA - IV Sem

5.4 Hypertext Transfer Protocol (HTTP)

Hypertext Transfer protocol is set of rules that World Wide Web clients and servers use to
communicate over the network. It is a connectionless protocol, meaning that browsers and
servers do not establish a permanent connection. A client opens a connection and submits a
request message to a server. The server on receiving a message processes and responds to it
and closes the connection. It is also a stateless protocol, implying that the server does not
maintain any information on the state of the process. Thus, the server treats each
request/message independent of any previous requests/messages. The protocol is based on the
request/response model.

The client, usually a web browser, submits a request to a web server. The server reads the
incoming protocol packet, processes it and sends the response. The content type is built as part
of the protocol's response packet. The browser has to be aware of the type of multimedia
content delivered to it as a response. The content types used in the protocol are a subset of the
standard MIME types. The browser connects to the server machine, specified by domain
name/IP address, at the specified or standard port. On making a successful connection, the
browser submits an HTTP request. A typical HTTP session between the client and server is
depicted in Fig. 5.4. The session consists of two phases: the first phase consists of the client's
request submission, while the second phase consists of the server’s response. The client
submission, depicted in three steps, involves opening a connection, sending the request and
header information.

Fig 5.4 Typical interaction in an HTTP session

Following are the steps that take place in a typical interaction of an HTTP session

Electronic Commerce Page 54

 Srinivas Institute of Management Studies BCA - IV Sem

Step 1: HTTP packets can be transmitted only after the client has established a connection with
the server. In this step the browser parses the URL for identifying the domain name. It uses the
services of Domain Name Server (DNS) to resolve the name into an IP address. Using the
services offered by the TCP layer, it opens a connection to the IP address, at a standard web or
URL specified port. On the successful opening of a connection, the browser starts the HTTP
session.

Step 2: The browser submits HTTP packets containing the request command to the connected
server. The common HTTP request commands are "get", "post", and "head". The request in
HTTP is made up of three components: the command method, resource identifier and the
protocol version number. An example of the "GET" command is as follows:
GET /index.html http/l.0
The method describes the type of request and determines the response at the server end. The
second component is a resource identifier, such as the name of a file to be retrieved. Parsing
the URL and stripping out the protocol name, domain name, and port number (if present),
derives the resource identifier from the URL. The last component of the request specifies the
version number of protocol being used.

In case of an interactive session, that uses forms for submitting the data to be processed by the
common gateway interface (CGI) mechanism of the HTTP server, the request line also
contains data as a part of the resource identifier (URL). The 'post method' is devised as an
alternative mechanism for submitting the form data entered at the browser end, to the server
for processing. Unlike the' get method' that appends the form data to the URL, the post method
sends the data as a part of the header information along with the data.

Step 3: In this step the browser submits the header information to the server. The header
information includes the browser identity, its capability to handle various types of content and
the referring URL. The header information follows a standard format of header name and the
value pair, separated by the colon (:) sign. The header information is read and processed by the
server and is made available at the server end as environment variables. In case of the 'post
method' the browser as part of the header information also submits the form-data, content-type
and content-length.

Step 4: On receiving the client request and header information, the server processes the request
and sends the response to the client. If the request was processed and can be delivered, the
server sends an OK response. Some common errors that it may send as responses include
forbidden document, 'not found', 'internal server error', 'or' 'unauthorized access'. The format
of the response sent by the server includes the protocol version followed by the response code.
The protocol version informs the client about the kind of syntax used in responses. Examples
of server responses are as follows:
HTTP/1.0 200 OK
HTTP/1.0 404 Not Found
HTTP/1.0 401 Unauthorized
HTTP/1.0 403 Forbidden

Electronic Commerce Page 55

 Srinivas Institute of Management Studies BCA - IV Sem

The clients use the code part for interpreting the response and acting accordingly. The message
part is displayed to users. For example on receiving the response code of "200 OK" the browser
understands that the request was processed successfully and proceeds to receive the data that
it had requested.

Step 5: Prior to sending the requested data, the server sends information about the data, such
as the type of content and length of content as well as information about the server itself, as
part of the response phase. The response headers sent by servers are also used at times, for
accomplishing authentication and setting up cookies. The response header information follows
the same syntax as request headers. The following example shows typical response header
information.

Date: Tue, 04 Sept 2001, 10:40:05 GMT

Server: Apache/2.1.2
Last-Modified: Sun, 02 Sept 2001, 08:05:10 GMT
Content-Length: 8455 Content-Type: text/html
The above header information informs the browser of the date and time at which the server
response was sent and the name and version of the server software. It also informs the browser
of document-related information. The Last-Modified date tells the user when the requested
document was last updated. The last two headers tell the browser about the length of the
requested documents, in bytes and the type of content.

Step 6: The server, after sending the last response header information, sends a blank line to
indicate the completion of header portion the response and to mark the beginning of the
response data. The server sends the response data to the browser in the format indicated in the
content-type response header.

Step 7: The web server, on completing the data transmission, is done with responding to the
client request. At this stage, it would ordinarily close the TCP connection. However, an HTML
document may contain online images and embedded objects required for rendering it on the
browser screen. Although the browser can submit a request for retrieving each of these objects,
by opening a new connection to the same as follows:
Connection: keep-alive
In this case the server keeps the TCP connection open even after the response data has been
sent. The browser uses the same connection for the subsequent request.

5.5 Web Servers Implementation

There are several implementations of web servers on the internet. The original implementation
done by Tim Berner-Lee's team came to be known as the CERN implementation. The CERN
implementation of web server (CERN httpd) was maintained and supported for full features
up till 1996. The CERN version has also been known as the World Wide Web Consortium
(W3C) httpd. With the release of the Jigsaw web server by W3C the CERN httpd is no longer
supported. The W3C Jigsaw web server is also a public domain, open source project of W3C.

Electronic Commerce Page 56

 Srinivas Institute of Management Studies BCA - IV Sem

It supports the full version of HTTP 1.1, with advance features, and is implemented in JAVA
unlike the CERN httpd that was implemented in C and supported HTTP 1.0 protocol.

The other public domain implementation was by Rob McCool's team at the National Center
for Supercomputing Applications (NCSA) and was widely deployed in a short period of time.
The server was a public domain, open source software and was supported and enhanced up till
1994 at the NCSA. Most commercial implementations of web servers have been based on one
of these two architectures. The Netscape web server is based on the NCSA httpd architecture.
Using the NCSA httpd version 1.3 as the code base, all known bug fixes and enhancements
were incorporated by the core team and it was released as the Apache version 0.6.2, around
April 1995. Then the Apache version 1.0 based on the new architecture was released in
December 1995. The Apache development is managed by group of volunteers, around the
world, connected through the internet. The team uses the internet and the web for
communicating, planning, developing, bug-fixing, reporting and documenting the web server.

Today, web servers provide the following four major functions.

• Serving static web pages
• Serving web pages generated by running gateway programs
• Controlling access to the server
• Logging server access and error statistics

NCSA Web Server

The NCSA web was the most deployed server till the emergence of the Apache server, based
upon the NCSA HTTPD version 1.3. The NCSA server was ported and made available on a
variety of UNIX versions including Linux, Irix, IBM AIX, Solaris, SunOS, Ultrix, etc. In the
location of the installed files is guided by the value of environment variable "Server root".
The Server Root Directory Contains conf, logs, cgi-bin, and support sub directories. On startup
the HTTPD looks for the file conf/httpd.conf in the Server Root directory. The 'cgibin'
directory stores executable binary sHipts that can be executed from the HTTPD server. The
'htdocs' directory holds the starting document, i.e., home page and other related documents.
The 'logs' directory maintains server logs showing access requests and errors. The 'conf'
directory stores the main configuration files for the server and customizes the server through
the three configuration files, viz. httpd.conf, access.conf and srm.conf.

The HTTPD server configuration file ‘httpd.conf’ controls the server configuration through a
slew of directives. The configurable parameters include the IP address, port number, number
of children the server will launch at one time, maximum number of children processes it will
have at any time. Log files are stored in the logs directory as per the name specified in the
httpd.conf. The server is capable of logging document transfer, errors, accessing agents and
referrers related information. The access.conf file manages the access control. The file contains
directives to control access for setting up controls over the types of requests and transfers. It
can also set up user / password based authentication on the server. The third configuration file
maintains the server resource map in srm.conf.

Electronic Commerce Page 57

 Srinivas Institute of Management Studies BCA - IV Sem

Apache Web Server

The Apache software foundation distributes the web server under a public domain software
license policy. It can be freely downloaded and installed from the Apache web site
(www.apache.org). The latest version of source files for installing the apache web server can
be downloaded by browsing the location http://www.apache.org/dist/httpd/httpd -2 0
NN.tar.gz Files can be extracted, compiled, and configured through the 'makefile' provided as
a part of the download.
Apache supports a variety of operating system platforms, including versions of Unix, such as
AIX, BS200-0SD, Dgux, Digitalunix, Freebsd, Hpux, Irix, Linux, Netbsd, Netware, Openbsd,
Osf/l, Solaris, and Sunos. Apache web server binaries are also available for Macosx,
Macosxserver, Os/2, and Win32 environments.

Once the binary version has been compiled and created or downloaded, the installation process
requires customizing configuration files for the server. The Apache server configuration
directives reside in three main configuration files. The installation process sets up the
environment to run the httpd from the default directory defined by the Server Root. The
configuration files are located in the conf sub directory and are called srm.conf, access.conf
and httpd.conf. The conf directory also contains sample configuration files named
srm.confdist, access.conf-dist and httpd.conf-dist. These files can be copied and and edited to
provide custom values for the directives. Inappropriate or erroneous setting of values for
directives may lead to misconfiguration of the server or may even cause the server not to
function, or still worse may lead to security gaps.

5.6 Assignment Questions

1. Explain the use and working of FTP protocol with a neat diagram. (5 to 8 marks) (2010)
2. Write a short note on e-mail. (4 to 6 marks)
3. Explain the architecture of an e-mail system with a neat diagram. (6 to 10 marks)
4. Explain the different components of an e-mail system. (5 to 8 marks)
5. Discuss the different concepts related to the WWW server. (4 to 6 marks)
6. Write a short not on HTTP. (4 to 6 marks)
7. With a neat diagram explain the different steps in a typical interaction of an HTTP session
(6 to 8 marks)
8. Write a short note on web server implementations. (4 to 6 marks)
9. Explain the evolution of different types of web servers on the internet. (4 to 6 marks)

Electronic Commerce Page 58

 Srinivas Institute of Management Studies BCA - IV Sem

UNIT – III

Chapter-6 Electronic Commerce: Network Infrastructure

6.1 Local Area Networks (LAN)

A local area network is a group of computing devices interconnected in such a way that they
share a common transmission media and enable people using these devices to share
information and resources. The local area network fulfills the need of two or more people in
an organization trying to share data or resources, such as printers, backup systems and disk
drives, with each other. In other words, a LAN lets you share the resources of other computers.
In an office environment, instead of attaching a printer to every computer, a single high quality
printer can be connected to the LAN and it will be available to all the computer users who are
part of the local area network. Similarly computers on the LAN can also share disk drives, i.e.,
data residing in various computers. Resource sharing on LAN not only facilitates availability
of information, leading to efficiency and better decision making, but also saves costs by
reducing the extra equipment required in a non-networked environment.

Local area networks connect computers in buildings or campuses spanning a few kilometers
distance. Since local area networks use broadcast transmission media for communication, the
message transmitted is available to everyone but needs to be processed only by the intended
receiver. However, due to the shared transmission channel it is possible for more than one
device to start transmitting simultaneously, leading to garbling of both messages. To avoid the
possibility of colliding messages on shared transmission channels a set of rules should be laid
down, i.e., protocol among all connected devices that ensures that collisions are avoided or in
such eventualities users can recover from it. Local area networks can be further characterized
by topology, transmission media and the medium access layer interface and protocol. The

Electronic Commerce Page 59

 Srinivas Institute of Management Studies BCA - IV Sem

choice of topology, media, and media access layer utilized for a LAN is interdependent in
many a ways.

6.2 Topologies

There are different topologies in which computers can be connected to one another over the
networks. The various topologies using which the networks can be designed are given below:

1) Bus Topology

This topology is commonly used to build LANs. The bus topology is the simplest of all the
topologies. In this topology, all the devices on the network are connected to each other through
a central cable called the bus. Every node connected on a bus network is allowed to receive
every transmission on that network. The main problem faced in implementing this topology is
the fact that only one communication channel exists to serve the entire network. As a result, if
this channel fails, then the whole network will go out of operation. If the number of devices
goes above 20 computers, the network slows down to a crawl since only one machine can send
data.
The bus topology is economical because it uses a single coaxial cable, instead of several cables
for connecting all the computers. The bus topology uses a single length of cable and does not
use a concentrator (hub or switch). Therefore, the cost is further reduced. The tradeoff is low
speeds and any failure in the cable at any point can halt the entire network. A typical bus
topology structure is shown in fig 6.1.

Fig 6.1 Bus Topology

2) Ring topology
In the ring topology, all the devices on the network are connected to each other to form a
ring. Each device has a receiver and transmitter that act as a repeater and send the signal to
the next computer. In this topology, the signal travels in a circle, passing through each
computer on the network because there are no terminated ends to the cable.
The ring topology makes use of two concentric rings to transmit the signal around the network
Ring topology uses the token passing method to provide media access to the devices in the
network. A computer that needs to transmit data waits for the token. When the token arrives,
it adds the data and the address of the destination computer, and sends the data along the ring.
On receiving the signal, the destination computer sends an acknowledgement signal to the
source computer. Then, the source computer releases the token so that it can be used by other

Electronic Commerce Page 60

 Srinivas Institute of Management Studies BCA - IV Sem

computers in the network. The ring topology supports coaxial, twisted-pair as well as fiberoptic
cables. Figure 6.2 shows the ring topology.

Fig 6.2 Ring topology

3) Star Topology

In the star topology, all the network devices are connected to each other through a central
concentrator forming a star-like structure. The common devices used as the central
concentrators are hubs or switches. The computers can be connected to the hub or switch using
UTP, STP, or optical fiber cables.
The cost incurred to set up a star network is high compared to a bus network since each device
on the network will utilize an individual length of cable from the concentrator to its location.
Due to this layout, failure of a single device (except the concentrator) does not halt the entire
network, and troubleshooting is very easy. On the downside, failure of the concentrator can halt
the entire segment connected to it.
The star topology is the most popular topology used to connect computers and devices in a
network. In star topology, the data signal is transmitted from the source computer to the
destination computer through a concentrator. Concentrators may amplify or regenerate the
signal, which helps the signal travel a longer distance.

A typical star topology network is depicted in Figure 6.3

Electronic Commerce Page 61

 Srinivas Institute of Management Studies BCA - IV Sem

Fig 6.3 Star topology

4) Mixed Topology

In large organizations and campuses a combination of the above topologies may coexist due
to historical growth. A cascade of hubs may be used to connect a large number of nodes in the
organization, where each hub resembles a star with connection to 8-16 machines. The overall
network may look like cluster of stars, yet logically operates like a broadcast bus.

The commonly used physical transmission media choices for the local area network include
baseband coaxial cables, broadband coaxial cables, twisted pairs, fiber optics and wireless
transmission devices like radio based, infrared based or Wi-Fi devices.
6.3 Transmission Media in LAN

Coaxial Cable

Coaxial cable, often referred to as coax, was the first predominant medium for data
transmission. The coax cable consists of two cylindrical conductors with a common axis,
separated by a dielectric material. The single inner wire conductor, called the core, is
surrounded by dielectric insulating material. A woven braided mesh covering the insulator
material forms the outer cylinder and finally the outer conductor is covered by a protective
plastic shield (Fig. 6.4). The construction and shielding of the coaxial cable provides it with
better noise immunity and thus can carry signals over longer distances. The size of the coaxial
or the RG of the cable is usually printed on the jacket of the cable for easy identification. RG
stands for Radio Government and is the military identification for the size and electrical
characteristics of the coaxial cable. Connectors used with the RG-58/59 coaxial cable are called
BNC connectors. These connectors use a "half-twist" locking shell to attach the connector to
its mate. The coaxial cable is relatively immune to electromagnetic and radio frequency
interference (EMI/RFI) and is able to carry signals over a significant distance. It has a higher
bandwidth than twisted-pair and a lower bandwidth than fiber optic cables.

Fig 6.4 Coaxial Cable

Twisted-Pair

Twisted-pair cable is used in houses and buildings for telephone connectivity in telephone
network. The twisted-pair cable consists of one or more twisted-pairs of sheathed wire. The
pair is twisted so that the electrical field around one conductor will be cancelled as much as
possible by the equal but opposite (balanced) electrical fields around the other conductor. This
reduces the interference emitted by the pair and, reciprocally, reduces the interference by the
pair's susceptibility to external fields. Twisted-pair can be used for analog as well as the digital

Electronic Commerce Page 62

 Srinivas Institute of Management Studies BCA - IV Sem

signaling. The bandwidth of a twisted-pair depends upon the thickness and the length of the
wire. It can attain mega bits per second rate for a few kilometers of length.

There are two versions of the twisted-pair cable: Unshielded twisted-pair (UTP) and
Shielded twisted-pair (STP). The unshielded twisted-pair is the normal telephone wire and is
the least expensive transmission media but is prone to interference from nearby wires, external
electromagnetic and radio signals. To improve the characteristics of the unshielded wire at
times it is shielded with a metallic braid or by wrapping a foil around the twisted-pairs, to
provide shielding from electromagnetic and radio frequency interference. This provides it with
a higher immunity to interference compared to the ordinary unshielded twisted-pair. The
shielded twisted-pair is more expensive compared to the unshielded twisted-pair. Today, the
unshielded twisted-pair has become the most commonly used medium for LANs because of its
low cost and ease of installation. Twisted-pair is frequently used for station connectivity to the
backbone because it is inexpensive and easy to install compared to coaxial or fiber optic cables.
Of the three types of cable (i.e. coax, twisted-pair and fiber), twisted-pair is most susceptible
to interference and should not be used in environments where substantial EMI/RFI exists. A
twisted-pair is made up of two insulated wires that are twisted together to minimize
interference. The category 3 cable groups four such twisted-pairs together in a plastic covering.
Thus a single cable is capable of handling four regular telephone connections. The category 3
cable has three to four twists per foot. On the other hand, the category 5 cable has three to four
twists per inch giving it much better immunity to interference. Better immunity to cross talk
and other interference enables it to transmit a better quality signal over a longer distance as
compared to the category 3 cable.

Fig 6.5(a) Unshielded Twisted Pair Cable Fig 6.5(b) Shielded Twisted Pair Cable

Fiber Optic Cable

An optical fiber is a thin strand of glass or plastic. The higher performance fibers are usually
composed of the extremely pure fused silica. Signal transmission in fiber optic cables is based
upon encoded pulses of light. Each pulse of light is inserted at one end of the fiber optic cable
by a light source, i.e., either a laser or a light emitting diode. The light pulse thus transmitted
is received at the other end of the fiber cable by a photo detector. Light transmission in the
cable is governed by the principle of total internal refraction. The cable consists of three layers:
the innermost called the Core, the middle layer called Cladding, and the outer called the
Protective jacket. The inner two layers are made up of two different types of glass or fused
silica, with different refraction indexes.

The ray travelling in the inner glass core gets refracted as it passes from inner medium to the
external medium. The core of the fiber is surrounded by a cladding with an index of refraction

Electronic Commerce Page 63

 Srinivas Institute of Management Studies BCA - IV Sem

lesser than that of the core, to ensure total internal reflection of light. Generally, the core and
cladding are actually a single piece of glass. The fiber core and cladding are covered by an
absorbent material or coating to isolate the inner core from the surrounding fibers. To
strengthen the cable, making it capable of bearing stress during pulling and installation of fiber
optic cables, either steel or composite stress materials mixed with fibers or a Kevlar sheath is
added. There is usually more than one fiber in a single cable.

Often fibers are grouped with a number of twisted-pair copper wires in what is called a
composite cable. The light source and detector are located within transceivers, each interfacing
with an electrical medium. Fiber optic cable systems offer much higher bandwidth and lower
signal attenuation in comparison to coaxial cables and twisted-pairs. Fiber is generally
preferred for backbone connectivity between floors or buildings because of the advantages
offered by the medium in performance, distance, reliability, and signal integrity. Optical fiber
a more secure medium than either copper or wireless, as an intruder taps into the fiber
somewhere between the optical transmitter and receiver to extract data, the intensity of light at
the intended destination decreases. Thus, the intruder is easily detected. In the case of a
lightning strike, fiber will not conduct current, unless the sheath has steel members in it.

6.4 Wireless LANs

Local area networks can also use wireless transmission media like radio and infrared light
transmissions for communication. These networks are easy to set up, as they do not require
wiring and fix point interfaces for connecting devices. Additionally, the reconfiguration and
moving around of devices is far simpler and less expensive compared to local area networks
utilizing the guided media. Wireless LANs are often used to support rapid deployment where
a temporary setup is required and low bandwidth can be tolerated. Both the radio and infrared
LANs require that all computers are within the vicinity, like a room or small building and other
objects do not block transmission. Walls degrade radio frequencies and even a person walking
between two points of connectivity can interfere with the operation.

Radio Based Transmission

The radio wave transmission is omni directional in nature, thus every computer device fitted
with the antenna can utilize it as a broadcast channel of the local area network in an office
complex or a building. Radio waves used as carriers of digital information deliver the encoded
bits in the form of radio energy to remote receivers. The data being transmitted is modulated
on the radio carrier and on reception it is demodulated to extract the information. The
modulated signal occupies a band of frequency spread around the carrier frequency. In any
case the transmitter power is limited to 1 watt or less, limiting the range to which a signal can
travel without being indistinguishable from the atmospheric noise. Also, it ensures that the
distant transmitters will not interfere in each other's operations. In radio based transmission,
various technologies based on narrow band, spread spectrum, frequency hopping spread
spectrum and direct sequence spread spectrum has been used.

Infrared Based Transmission

Electronic Commerce Page 64

 Srinivas Institute of Management Studies BCA - IV Sem

Light frequencies can be used for data transmission as well. The light within the infrared band
is invisible to the human eye. Infrared transmission can be used for broadcasting signals to
computer devices placed within a room. Over the years, infrared light has been the utilized for
motion sensors and remote controls for televisions and home entertainment centers. Infrared
transmission based local area networks are immune to radio and electrical interference. These
frequencies are not allocated by any government agency, and operating licenses are not
required. The disadvantage of the infrared based transmission is that it is truly limited to the
line of sight, as these waves are incapable of travelling through walls and other objects.

6.5 Ethernet LAN (IEEE Standard 802.3)

One of the popular implementations of broadcast based local area network in various
organizations is often referred to as Ethernet. The Ethernet Local Area Network standard uses
the CSMA/CD media access protocol method.

Media Access Protocol

The media access rules in which stations detect the carrier on the channel prior to transmission
are called Carrier Sense protocols. These protocols offer better channel utilization as they
reduce the number of collisions. There are 2 types of Carrier Sense Protocol:
1) Carrier Sense Multiple Access (CSMA)

In CSMA protocol the medium (channel) is shared between stations and only one station at a
time can use it. There are several versions of Carrier Sense Multiple Access (CSMA)
protocols that sense the carrier prior to transmission. These versions include 1-persistent, non
persistent CSMA and p-persistent CSMA protocols.

In the 1-persistent CSMA protocol, a station senses the carrier activity on the shared channel
to find out if any transmission is in progress. If the channel is being used, it waits for the
channel to become idle. If no transmission is taking place on the channel, it starts transmission
of its own data frame and starts sensing further collision. Although, the station had sensed that
the channel was idle, collision may still occur. Consider a scenario where more than one station
has the data frame ready for transmission and senses the carrier at the same time. If collision
occurs then the station waits for a random amount of time and starts all over again. The protocol
is named 1-persistent because on finding an idle channel it starts transmission with the
probability of 1.

The non-persistent CSMA protocol also senses the channel for availability prior to starting the
transmission. On finding an idle channel, it starts transmission of a data frame. If the channel
is found busy, unlike the persistent CSMA that continuously senses the channel waiting for it
to become idle, it waits for a random amount of time and starts all over again. In case of
collision, these protocols retransmit the whole data frame. The protocol of abrupt termination
of data frame transmission on detecting the collision is referred to as CSMA/CD (Carrier Sense
Multiple Access / Collision Detect). It is an important protocol and a version of this protocol
is widely used in a local area network often referred to as Ethernet.

Electronic Commerce Page 65

 Srinivas Institute of Management Studies BCA - IV Sem

2) ALOHA

The second type of protocols is based upon the assessment of the channel or optimistically
starts the transmission and then listen for the collision to occur. In case they detect the collision
transmissions aborted and corrective action is taken. Various proposed and designed protocols
include ALOHA and Slotted ALOHA Access protocols. The ALOHA protocol relies purely
on the collision detection capability of broadcast networks. The ALOHA protocol was
developed at the University of Hawaii to address the channel allocation problem in network
based on radio broadcasting. The ALOHA protocol permits competing nodes to start
transmission as and when they desire. The message is heard by all the stations sharing a
common channel tuned to that radio frequency, including the transmitting station. The
transmitting station can detect collisions, if any, by comparing it with the originally transmitted
message. If the message had a collision and was deformed as a result, the transmitting station
waits for a random amount of time and retransmits the message. The ALOHA and even its
improved version, slotted ALOHA, perform poorly as far as the channel utilization is
concerned.

The IEEE 802.3 standard evolved from the original specification developed for the ethernet
and specifies media standards that are used for interconnections, signaling schemes and media
access layer protocol. The various cabling systems used in the IEEE 802.3 LAN include
10Base2, 10Base5, 10BaseT, 100BaseT, 10BaseF and, 100BaseF.

10Base5 (Thick Coaxial Cable)

10Base5 is an ISO specification for running ethernet through thick coaxial cables. The suffix
5 signifies that the maximum length of a single segment can be only 500 meters. 10Base5
cabling based local area network can span a maximum of 2.5 kilometers. Using five segments,
interconnected by four repeaters, it can cover the total span of 2500 meters. Each segment can
have a maximum number of 100 stations, with an inter station spacing of 2.5 meters. The Media
Access Unit (MAU) cable is connected to these 2.5-meter markings by inserting a pin halfway
into the core of the coaxial cable. The external end of the MAU is an IS pin male AUI connector
which is used for connecting the external MAU and the ethernet interface of the station. The
ethernet interface (DTE) is equipped with a female IS-pin connector that is typically provided
with a sliding latch connecting to the AUI cable.

Electronic Commerce Page 66

 Srinivas Institute of Management Studies BCA - IV Sem

Fig 6.6 Thick Coaxial Cable

10Base2 (Thin Coaxial Cable)

10Base2 is the specification for ethernet over thin coaxial cables. The thin coaxial ethernet
system uses a flexible cable, making it easier to connect the cable directly to the ethernet
interface located inside the computer. Each segment in the 10Base2 system can be 185 meters
long the suffix 2 refers to the segment length of 200 meters (rounding of 185 meters). The
connections are made using the standard BNC connectors that form a T junction at the ethernet
interface of the computer. The MAU is built into the ethernet interface itself; therefore it does
not require external AUI cable. The ethernet interface has a female BNC connector. The T
junction is directly attached to the interface and the coaxial cable is connected to the two sides
of the T (Fig. 6.7). A shared channel is formed through the segments of coaxial cable connected
through the T junctions. The system offers a flexible and inexpensive way of networking
computers, but suffers from the drawback that a single loose connection breaks down the
operation of the network.

Fig 6.7 Thin Coaxial Cable

10BaseT (Twisted-pair)

A new system of wiring pattern and interfaces has been used to avoid the difficulties associated
with the maintenance of the coaxial cable. The 10BaseT system specifies ethernet over
Unshielded Twisted-pair (UTP). The 10BaseT operate at 10 Mbps over the twisted-pair of
wires. The system supports 100 meter long segments using the voice grade, i.e., at least
category 3 twisted-pair. Depending upon the quality of the wire, the maximum segment length
may be shorter or longer. For example, the category 5 UTP can have a segment length of up to
150 meters. The better quality category 5 cables, connectors, and termination devices not only
work well for 10BaseT but can also carry the signal for the 100 Mbps Ethernet systems.

Electronic Commerce Page 67

 Srinivas Institute of Management Studies BCA - IV Sem

The 10BaseT system supports the physical star topology. The end-points of the link segments,
Cat-3 or Cat-5 UTP cable, are made up of RJ-45 plugs. The Ethernet interface in the computing
device has a built-in internal MAU and RJ-45 socket for connecting an end of the link segment.
The system uses a special device called 'Hub' for connecting the other end of the link segment.
These hubs are available in the range of 4 to 24 ports, in the market. A 16 port hub interconnects
16 Ethernet interface cards of computing devices at the other end of the link segments,
emanating from these 16 ports. The hubs can be cascaded together to interconnect a larger
number of devices in the local area network.

Fig 6.8 Twisted Pair Ethernet

10BaseF (Optic Fiber Cable)

The optical fiber based system for ethernet, referred to as 10BaseF, uses light pulses for
signaling. The light based transmission in the optical fiber cable offers better insulation from
electrical and magnetic interference. The 10BaseF system operates at 10 million bits per
second rate and the suffix F stands for the fiber optic media. The system, like 10BaseT, often
uses the physical star topology. The 10BaseF alternative is quite expensive and is usually used
for backbones and inter-building connectivity. Two strands of fiber, one for transmitting and
other for receiving the data, are used in a single connection segment.

There are three variations of the 10BaseF systems. These variants define three new and
different specifications, 10Base-FL (which modifies the old FOIRL, spanning 1 kilometer),
10Base-FB, and 10Base-FP. The 10Base-FL specifies a repeater to desktop link; 10Base-FB
specifies a backbone or repeater to repeater link; 10Base-FP specifies a passive optical link
connection, based on a star coupler device. The maximum segment length for both 10Base-FB
and 10Base-FL is 2 km, while the maximum segment length for 10Base-FP is 1 km. Also, as
the fiber optic cable can operate at much higher speeds than 10 Mbps, the backbone can be
upgraded to 100 Mbps simply by connecting it to 100 Mbps devices such as hubs.

6.6 Wide Area Networks (WAN)

A wide area network (WAN) is made up of a collection of interconnected machines spanning

a large territorial area. A wide area network has no upper limit of the distance it can span and
thus the machines located in different countries and continents can communicate with each
other. The wide area network relies upon the point to point interconnection for exchanging
information between machines. The wide area networks have host machines connected to
switching nodes that are part of the communication subnet. The transmission, originating at
any of the host nodes, is routed through one of the switching nodes. The switching node, also

Electronic Commerce Page 68

 Srinivas Institute of Management Studies BCA - IV Sem

known as Router, places these packets on appropriate outgoing lines, leading toward the
destination node, depending upon the availability and traffic congestion. A host node trying
to send a message to another host node connected on the WAN accomplishes the operation
through the use of the communication software stack. One layer of the software splits the
message into multiple packets with the source, destination and sequence numbers marked on
them.

Various component packets may follow different routes and thus may arrive out of sequence
at the destination node. The communication software stack at the destination host may put it
in sequence and deliver the message in the original form to the application running on the host.
The International Standards Organization (ISO) proposed a seven layer model to
interconnect open systems and form a wide area network. The model is often referred to as
Open Systems Interconnection (OSI) Reference Model. Another model that was developed
by the Advanced Research Project Agency (ARPA), which was a research project funded
by the Department of Defense, USA known as ARPANET, later came to be known as the
TCP / IP Reference Model. The ARPANET interconnected hundreds of computers located
in various universities and research organizations using the existing switching infrastructure
of telephones. Later newer transmission media such as satellite and radio communication and
digital transmission lines were added, speeding up the performance of the network and the
original protocols of the ARPANET were found inadequate. The new architecture capable of
seamlessly interconnecting multiple networks is named after the two fundamental protocols
Transmission Control Protocol (TCP) and Internet protocol (IP).

6.7 Internet

The ARPANET protocol, after adoption of TCP/IP, was capable of interconnecting and
communicating across multiple networks. With the popularity of ARPANET and the
associated benefits that emanated to the academic and scientist community, the number of
networks and hosts grew exponentially. Adoption of the TCP/IP reference model made it easier
to interconnect the ARPANET, NSFNet, Space Physics Analysis Network (SPAN) of NASA,
High Energy Physics Network (HEPNet), European Academic and Research Network
(EARN), and BITNET. The early backbone of the internet was formed by the ARPANET
backbone and that is why many times confusion exists between ARPANET and internet.
Today, the internet is characterized by the TCP / IP Reference Model, the unique addressing
scheme, called IP Address and the Domain Naming System (DNS) that makes it possible to
uniquely address every host connected on the internet. A machine is said to be on the internet,
if it has an IP address, runs TCP/IP software and can exchange IP packets from all other
machines on the internet.

6.8 TCP/IP Reference Model

The TCP/IP reference model, shown in Fig. 6.9, consists of four layers. The host-to-network
access layer, internet layer, the transport layer, and the application layer.

Electronic Commerce Page 69

 Srinivas Institute of Management Studies BCA - IV Sem

Fig 6.9 TCP/IP Reference model

Host-to-Network Access Layer

The Host-to-Network Access Layer is a combination of physical layer and data link layer. The
physical layer is responsible for movements of individual bits from one node to the next. The
data link layer is responsible for moving frames from one hop (node) to the next. The main
function of this layer is to ensure that the packets inserted by the IP layers are exchanged
transparently. The IP layer runs on either existing networks or on modems on dial-up lines.
Home PC users can dial up the ISP's computer and log on to an account using the ISP provided
users id and password. The TCP/IP stack on the PC can communicate with the router as a
regular internet host and utilize full-blown internet access and services. The other functions of
this layer include framing, physical addressing, flow control, error control and access control.

This layer has two important protocols that are important in a dial up environment for providing
data link layer functionality to ensure that the IP layer is able to exchange packets with other
hosts. These two protocols are Serial Line IP (SLIP) and Point to Point Protocol (PPP).
SLIP was the first protocol to support data link services on the dial-up lines. It uses the raw
dial-up line and sends IP packets by framing them. The framing is done by putting a special
byte long flag at end of the packet to mark the end of a frame. SLIP was soon replaced by PPP
as it did not support any form of error detection and correction. There is no provision for
authentication in SLIP; hence neither party really knows whom are they talking to. The
Internet Engineering Task Force (IETF) devised a new data link protocol for the point to
point lines for addressing these problems, which has a frame format known as PPP frame that
can carry multiple types of protocol packets. The PPP also addresses the issue of dynamic IP
address assignment, error detection & correction and also supports authentication.

Internet Layer

The internet layer provides all the same functions, which are assigned to the network layer of
the OSI seven layer model. The internet layer is the key layer that glues the whole TCP / IP

Electronic Commerce Page 70

 Srinivas Institute of Management Studies BCA - IV Sem

architecture together by providing it with the capability to exchange its packets over various
other networks. The layer accomplishes the task through a key protocol-Internet Protocol (IP).
The protocol is based on a connectionless packet switched environment. It takes care of the
addressing and routing of packets by providing them with a common name and address space
across a variety of networks whose services it operates. The internet protocol offers unreliable
(connectionless) service across the internet as it does not guarantee the delivery nor does it
inform the sender about lost or damaged packages. It provides no error checking or tracking.
IP assumes the unreliability of the underlying layers and does its best to get a transmission
through to its destination, but with no guarantees. IP transports data in packets called
datagrams, each of which is transported separately. The packet contains important
information including the routing and addressing. Datagrams can travel along different routes
and can arrive out of sequence or be duplicated. Therefore the receiver cannot make out the
exact sequence of the message packets or datagrams. Thus it is the responsibility of the upper
layers to rearrange the packet in sequence and build reliability into the delivery.

The upper layers running TCP or UDP may try sending messages larger than the frame sizes
permitted by the underlying network. The IP layer fragments these messages into smaller
packets so that they can be framed within the size limits of the underlying networks. On the
receiving end the IP layer is responsible for reassembling these fragments into original packets,
prior to delivering it back to the upper layers. It is this flexibility of IP, to package, fragment,
frame, reassemble and map IP addresses to carrier network addresses that make it possible to
interconnect many different networks.

The data link layer is used to carry out framing by collecting and passing all the information
along with the IP packet to the data link layer. The IP layer require the Ethernet address of the
destination machine, when operating over Ethernet, even if it is familiar with its IP address.
The issue that requires to be addressed is a mechanism through which the IP layer can
dynamically map the IP address to the physical address of the interface. The task, in the
broadcast based physical networks, is accomplished by an internet support protocol, called
Address Resolution Protocol (ARP). ARP provides the mechanism for finding the physical
address of the node when its Internet (IP) address is known. If two devices connected on a
local area network want to communicate with each other at the application level, using TCP/IP,
then the applications must set up a TCP connection for exchange of messages.

Transport Layer

The objective of the transport layer in the TCP/IP model is to offer efficient service for carrying
out communication between hosts on the internet. It uses the internet layers IP service for
exchanging information between any two internet hosts and offers the applications services of
establishing connection oriented communication or the connectionless exchange of
information. The transport layer of the TCP/IP model supports two protocols- Transmission
Control Protocol (TCP), for providing a reliable, connection oriented byte stream service and
User Datagram Protocol (UDP), for providing connectionless and unreliable but faster
service.

Electronic Commerce Page 71

 Srinivas Institute of Management Studies BCA - IV Sem

Transmission Control Protocol (TCP)

The TCP supports a reliable delivery of a byte stream between two end points, over an
unreliable network. TCP is a reliable and connection-oriented transport protocol. A connection
must be established between both ends of transmission by creating communication end points,
also known as sockets. The socket address consists of two components- the IP address and a
16-bit number, called port. A port is a transport layer service access point. The connection is
established between the two sockets of the peer machines, using the service primitives of the
TCP. TCP divides a stream of data into smaller units called segments. Each segment includes
a sequence number for reordering after receipt, together with an acknowledgment number for
the segments received. Segments are carried across the internet inside of IP datagrams. At the
receiving end, TCP collects each datagram as it comes in and reorders the transmission based
on sequence numbers. The TCP connection is point-to-point and full duplex, ensuring that the
traffic can move in both directions simultaneously. Once the two machines have established a
connection through sockets, the byte stream can be transmitted from one end point to another
end point.

User Datagram Protocol (UDP)

UDP is a connectionless protocol which supports a connectionless packet delivery from a

source to destination unlike TCP which requires establishing a connection prior to attempting
any exchange of information. The user datagram protocol facilitates quick packet delivery
between hosts using almost raw IP packets. Thus it is an unreliable transport protocol. The
UDP header carries only the port numbers as additional information so that the delivery can be
made to the appropriate application listening at the destination port. It relies on the IP layers
best effort delivery. It does not support acknowledgement service and thus offers no guarantee
of reliable delivery. The packet has a much smaller header compared to the TCP and as it does
not worry about sequencing of packets, the delivery of packets to the application tends to be
comparatively faster. Since UDP is an unreliable protocol, the packets may be lost, arrive out
of sequence or damaged, the responsibility of ensuring any degree of reliability falls on the
applications themselves.

Application Layer

The transport layer protocols of the TCP /IP reference model also support a programming
interface, thus, making it easier to build distributed application, using the client server and
peer-to-peer communication paradigm. The application layer of the reference model deals with
different application standards which use the communication. Some of these applications are
the remote terminal service or Telnet, the electronic mail or Simple Mail Transfer Protocol
(SMTP), Domain Name System (DNS), File Transfer Protocol (FTP) and Hypertext Transfer
Protocol (HTTP). The Telnet, an early application, permits users and machine to log on to
distant machines and work on those machines. The SMTP protocol facilitates sending and
receiving of emails over the internet. The file transfer protocol defines a way to move files
between various distant computer systems. The Domain Name System (DNS) is a distributed

Electronic Commerce Page 72

 Srinivas Institute of Management Studies BCA - IV Sem

application that allows mapping of symbolic host names to IP addresses. The Hypertext
Transfer Protocol facilitates the fetching of pages from the World Wide Web.

6.9 Domain Naming Systems (DNS)

As we have seen earlier, IP addresses are an essential element of the Internet for determining
routes and locating machines. In order to connect to an internet host or to send/receive
information from a host, the IP address of the host is required. The IP addresses, a 32-bit binary
numbers, even in dotted decimal notation, are hard to remember and work with. For human
beings it is natural and easier to remember symbolic names; while for machines it is more
efficient to work with the 32-bit binary addresses as they are of a fixed length and compact and
easier to manipulate. The domain name system is made up of three components- Name Space,
Name Servers and Resolvers.

Name Space
In a constantly changing environment, consisting of millions of hosts, managing the domain
name space is a complex issue. In order to manage the dynamic environment the entire name
space is organized in a hierarchy. The name space is divided into many top-level generic
domains such as com, edu, net, gov, org and country specific domains such as in, jp, nl, za.
The top-level domains are further divided into sub domains, which in turn may be partitioned
again. An illustrative name space organization is shown in Fig. 6.10. A domain name is read
from leaf to root. The rectangular boxes represent the domain and sub domain names, while
the elliptical nodes are the names of host machines. Each domain name is read from leaf to the
root. The root, a virtual name, it is not added in the path. Thus, the domains of Sun, IBM and
IIML are read as sun.com, ibm.com and iiml.ac.in. Domain names are case insensitive, and
can be used in small and capital letters, i.e., com and COM imply the same top-level domain.
The host name added to the domain name translates to an IP address and identifies a machine
on the internet. Each domain controls the creation of sub domains under it, meaning the owner
of IN domain will be in a position to create CO and AC sub-domains.

Electronic Commerce Page 73

 Srinivas Institute of Management Studies BCA - IV Sem

Fig 6.10 Hierarchical Organization of Name Space

Name Servers

The name server is a program that manages a zone of the internet name space. The name servers
perform multiple roles such as cache management, primary name server and secondary name
server. The name space in the internet is organized in a hierarchical tree, where leaves represent
host names, also known as 'fully qualified domain names', and the intermediate names own
everything underneath them. In the simplest form, an organization may run a single DNS server
to manage all domains and hosts within the hierarchy. That is each of these intermediate nodes
is capable of managing a database of entries under them. A domain name server manages a
sub-tree rooted at any of the intermediate nodes called as a zone. For eg., a name server
managing the sub-tree rooted at the node labeled IN manages a zone consisting of ac.in, and
co.in subdomains and the node labeled iiml (iiml.ac.in) manages a zone containing hosts
Ganga, Gomti and Kaveri. The zone manager (name server) is responsible for maintaining the
zone database/file that contains information regarding host names, IP addresses. A host name
can be added, deleted, or modified by the name server managing the zone in which it resides,
making the change visible to the whole name space. It also distributes the workload and
provides immunity from a single point of failure.

The root servers manage the top-level domains such as .com, .net and .in. The root servers
maintain information about hosts in a particular domain or other DNS servers that have
information about the hosts. For example, sun.com may put all domain names in a single zone
and manage it, or it may run another name server for the engineering division (eng.sun.com)
to manage domains in that zone, while all other domains like sales.sun.com may be managed
directly by the DNS server at the sun.com level.

Fig 6.11 Two different ways of managing the domains within an organization

Resolver

The translation of a domain name to an equivalent IP address is called name resolution and is
carried out by a software library function called resolver. All the applications using the domain
name make use of the resolver to translate it to an IP address that is used for making the
connections or forming the packets for transmission. When an application calls the library

Electronic Commerce Page 74

 Srinivas Institute of Management Studies BCA - IV Sem

function resolver (in the Unix gethostbyname function), the resolver contacts the DNS server
from the configuration file and sends a request as a client, for translation. If the domain name
specified falls within the zone (authority) managed by the contacted DNS server, it sends back
the response containing the IP address. Each DNS server is equipped with a list of root DNS
servers. For domain names not in the zone managed by the server, it contacts one of these root
servers as a client and waits for the response, on receiving the response it sends it back to its
client. In order to optimize the performance DNS servers use caching. Every time a name is
translated the local DNS server puts the mapping in the local cache and answers the subsequent
requests from the local cache.

6.10 Internet Industry Structure

In 1986, the National Science Foundation (NSF) of USA created a nationwide backbone
network interconnecting the six supercomputer centers using a 56 Kbps line. The backbone
was upgraded to T1 (1.544 Mbps) lines and many regional backbone networks that connected
to the national backbone were created. As a result people working in organizations were able
to access the internet. In 1990, the first ISP that provided the TCP/IP based connectivity to
home users over telephone lines came up. Many Network Access Providers (NAP) were
created as central points to interconnect commercial backbones all over the world. The NSF
backbone was upgraded and was established as the Very high-performance Backbone Network
Service (vBNS) that interconnects many research organizations and Universities. Network
Access points (NAPs) are central points, which interconnect many different national
backbones and Internet Service Providers (ISPs). Backbone ISPs are interconnected at a NAP.

Each national internet service provider connects to one or more NAP and operates national
backbone. These ISPs offer connectivity through the local Internet Point Of Presence (IPOP)
to other internet service providers who operate locally and thus have local IPOP. Business
organizations and home users connect to the local IPOP provider, which in turn is connected
to the backbone and ultimately to a NAP. Countries around the world have created many of
their own national backbone ISPs. The traffic between to two users located in the same city
but accessing the internet through two different ISPs will be exchanged through the NAP,
which may be located in a third city. To address the problem the concept of Peer / Private
Network Access Points (PNAP) was introduced. Peering offers better and more efficient routes
and enhances the overall efficiency. Traffic between two local ISPs operating in the same city
need not visit a network access point in another city.

6.11 Assignment Questions

1. Explain the different types of topologies in a LAN. (4 or 5 marks)

2. Explain the various transmission media used in LANs? (5 or 6 marks)
3. Explain the different wireless transmission modes used in LANs? (4 or 5 marks)
4. Describe the IEEE 802.3 standard and its importance. (6 to 10 marks)
5. Explain the CSMA/CD protocol. (5 or 6 marks)
6. Explain the different cabling systems used in the IEEE 802.3 LAN. (5 or 6 marks)
7. Write a note on Wide Area Network. (5 or 6 marks)
8. Explain the TCP/IP reference model with a neat diagram. (6 to 10 marks)

Electronic Commerce Page 75

 Srinivas Institute of Management Studies BCA - IV Sem

9. Explain the working of the internet layer of the TCP/IP reference model. (5 or 6 marks)
10. Explain the different protocols used in the transport layer. (6 to 8 marks)
11. Describe the domain name system and how it manages the name space. (5 or 6 marks)
12. Explain the different components of a DNS server with an example for each (6 to 8 marks)
13. Discuss the role and purpose of NAP and PNAP in Internet Industry Structure. (5
marks)

Chapter-7

Electronic Commerce: Securing the business on Internet

7.1 Vulnerability of information on Internet

A fundamentally insecure infrastructure and an extremely dynamic environment in terms of

both topology and emerging technology-make network defense extremely difficult. Because
of the inherent openness of the internet and the original design of the protocols, internet attacks
in general are quick, easy, inexpensive, and many a time hard to detect or trace. Attacks can
be launched readily from any remote corner of the world, with the location of the attacker being
easily hidden. Anyone can "break-in" to a site and gain privileges on that site to compromise
confidentiality, integrity, or availability of its information or services. In spite of this, it is
common for sites to be ignorant of the risks or unconcerned about the amount of trust they
place in the internet. They are blissfully unaware of what can happen to their information and
systems, and are under the illusion that their sites will not be targeted, or that precautions they
have taken are sufficient. Because technology is constantly changing and intruders are
constantly developing new tools & techniques, solutions do not remain effective indefinitely.

Since much of the traffic on the internet is not encrypted, confidentiality and integrity are
difficult to achieve. This situation undermines not only applications, but also more
fundamental mechanisms such as authentication and non-repudiation. As a result, sites may be
affected by a security compromise at another site, over which they have no control. Another
factor that contributes to the vulnerability of the internet is the unplanned growth and use of
the network, accompanied by rapid deployment of network services, and involving complex

Electronic Commerce Page 76

 Srinivas Institute of Management Studies BCA - IV Sem

applications. The swift emergence of new products, in the rush to capture a share of the
lucrative market, has compromised the security, because these services are not designed,
configured, or maintained securely. Finally, the explosive growth of the internet has expanded
the lack of well-trained and experienced people to engineer and administer the network in a
secure manner, opening up opportunities for the intruder community.

7.2 Site Security Policies

The following classification helps in identifying the technical failures behind successful
intrusion techniques as well as the means of addressing these problems.

1) Flaws in Software or Protocol Designs

Protocols define the rules and conventions for computers to communicate on a network. A
protocol having a fundamental design flaw is inherently vulnerable to exploitation, no matter
how well it is implemented. An example of this is the Network File System (NFS), which
allows systems to share files. This protocol does not provide for authentication; there is no way
of verifying that a person logging in really is whom he or she claims to be. This security lapse
makes NFS servers targets of the intruder community. When software design specifications
are written, security is often left out of the initial description and is added to the system at a
later stage resulting in unexpected vulnerabilities.

2) Weaknesses in Implementation of Protocols and Software

Even when a protocol is well designed, it can be vulnerable because of the way it is
implemented. For example, an electronic mail protocol may be implemented in a way that
permits intruders to connect to the mail port of the victim's machine and fool the machine into
performing a task not intended by the service. If intruders supply certain data to the "To:" field,
instead of a correct e-mail address, they may be able to fool the machine into sending them
confidential information about the user and password as well as access to the victim's machine,
with privileges to read protected files or run programs on the system. This type of vulnerability
enables intruders to attack the victim's machine from remote sites, without access to an account
on the victim's system. Many a time bugs in the software are detected only after the software
is released, making the systems, on which the applications are being run, vulnerable. This
provides the intruders with a range of opportunities for exploiting the weaknesses, using
various attack tools. By exploiting program weaknesses, intruders at a remote site can gain
access to a victim's system. Even if they have access to a non-privileged user account on the
victim's system, they can often gain additional unauthorized privileges and wreak the system.

3) Weaknesses in System and Network Configurations

Vulnerabilities in the category of system and network configurations may not be caused by
problems inherent in protocols or software programs. Rather, vulnerabilities are a result of the

Electronic Commerce Page 77

 Srinivas Institute of Management Studies BCA - IV Sem

way these components are set up and used. Products may be delivered with default settings that
intruders can exploit. System administrators and users may neglect to change the default
settings, or they may simply set up their system to operate in a way that leaves the network
vulnerable. An example of a faulty configuration that has been exploited is anonymous File
Transfer Protocol (FTP) service. Secure configuration guidelines for this service stress the need
to ensure that the password file, archives tree, and ancillary software are separate from the rest
of the operating system, and that the operating system cannot be reached from this staging area.
When sites misconfigure their anonymous FTP archives, unauthorized users can get
authentication information and use it to compromise the system.

7.2.1 Types of Security breach incidents

There are different types of Security Breaches that may occur at a site. Some of the common
network security incidents are defined as follows:

Probe: A probe is characterized by unusual attempts to gain access to a system, or to discover

information about the system. One example is an attempt to log in to an unused account.

Scan: A scan is simply a large number of probes, done by using an automated tool like
continuously generating some random password and trying to login to a system.

Account Compromise: An account compromise is the unauthorized use of a computer account

by someone other than the account owner, without involving system level or root level
privileges. It might expose the victim to serious data loss, data theft, or theft of services.
Root Compromise: A root compromise is similar to an account compromise, except that the
account that has been compromised has special privileges on the system. The term 'root' is
derived from an account on UNIX systems, that typically has unlimited, or "superuser",
privileges. Intruders who succeed in a root compromise have the entire system at their mercy
and can do just about anything on the victim's system, including running their own programs
and even changing the way the system works.

Packet Sniffer: A packet sniffer is a program that captures data from information packets, as
they travel over the network. This data may include user names, passwords, and proprietary
information that travels over the network in unencrypted format. With perhaps thousands of
passwords captured by the sniffer, intruders can launch widespread attacks on systems.

Denial of Service: The goal of the denial-of-service attack is to prevent legitimate users from
using a service. A denial-of-service attack can come in many forms. Attackers may "flood" a
network with large volumes of data, or deliberately consume a scarce or limited resource such
as process control blocks or pending network connections. They may also disrupt the physical
components of the network or tamper with data in transit, including encrypted data.

Exploitation of Trust: Computers connected via networks enjoy privileges or trust

relationships with one another. For example, the computer checks a set of files that specify
which other computers, on the network are permitted to use those commands before executing

Electronic Commerce Page 78

 Srinivas Institute of Management Studies BCA - IV Sem

some commands. If attackers can forge their identity, appearing to be using the trusted
computer, they may be able to gain unauthorized access to other computers.

Malicious Code: Malicious code is a generic term for programs that cause undesired results
on a system when executed. Such programs are generally discovered after the damage is done.
Malicious code includes Trojan horses, viruses, and worms. Trojan horses and viruses are
usually hidden in legitimate programs or files that the attackers have altered. These altered files
produce unintended additional effects whenever they are rendered or executed. Worms are
self-replicating programs that spread without any human intervention, after they are started.
Viruses are also self-replicating programs, but usually require some action on the part of the
user to spread inadvertently to other programs or systems. These of programs can lead to
serious implications like data loss, denial of service, and other types of security incidents.

Internet Infrastructure Attacks: These attacks involve the key components of the internet
infrastructure rather than the specific systems on it. Such attacks are rare, but have serious
implications on a large portion of the internet. Examples of these infrastructure components
are network name servers, network access providers, and large archives sites on which many
users depend. Widespread automated attacks that threaten the infrastructure affect a large
portion of the internet and seriously hinder day-to-day operation of many sites.

7.3 Security Policy, Procedures and Practices

A security policy is a formal statement of the rules by which people with access to an
organization's technology and information assets must abide, to ensure the security of. There
are two conflicting, underlying philosophies that can be adopted when defining a security plan.
The choice between them depends on the site and its needs for security.
1. The "deny all" model suggests turning off all services and then selectively enabling
services on a case by case basis as required. This can be done at the host or network level, as
appropriate. This model is generally more secure than the next one. However, more work and
a better understanding of services is required to successfully implement a "deny all"
configuration.

2. The "allow all" model is based on the logic of simply turning on all services, usually with
the default at the host level; and allowing all protocols to travel across network boundaries,
usually with the default at the router level. As security gaps become apparent, they are
restricted or patched at either the host or network level. This model is much easier to
implement, but is generally less secure than the "deny all" model. Each of these models can be
applied to different portions of the site, depending on factors like functionality requirements,
administrative control, and site policy. For example, an "allow all" policy may be adopted for
traffic between a LAN's internal to the site, but a "deny all" policy can be adopted between the
site and the internet.

7.4 Protecting the Network

As stated earlier, networks are vulnerable to several types of security attacks. The following
are some of the common attacks and prevention mechanism associated with them.

Electronic Commerce Page 79

 Srinivas Institute of Management Studies BCA - IV Sem

1) Denial of Service (DOS)

The denial of service attack brings the network to a state in which it can no longer carry
legitimate users' data. The two common weaknesses that the "denial of service" attackers
exploit in carrying out the attack on a site are as follows:
1. Attacking routers
2. Flooding the network with extraneous traffic
An attack on the router is designed to cause it to stop forwarding packets, or forward them
improperly. In a flood attack, the router is bombarded with unroutable packets, causing its
performance to degrade.

How to Prevent Denial of Service?

The solution to most of these problems is to protect the routing update packets sent by the
routing protocols in use. There are three levels of protection

1. Clear-text password: Passwords only offer minimal protection against intruders who do
not have direct access to physical networks. Passwords also offer some protection against
misconfigured routers. The advantage of passwords is that they have very low overheads, in
both bandwidth and CPU consumption.

2. Cryptographic checksum: Checksums are some codes which you can add to the message
which can only be identified by the receiver of the message. If the receiver gets the correct
checksum after calculation, he is confirmed that the message has not been changed by any
intruder or hacker. This helps to protect against the injection of spurious packets, even if the
intruder has direct access to the physical network.
3. Encryption: Maximum security is provided by complete encryption of sequenced or
uniquely identified, routing updates. This prevents an intruder from determining the topology
of the network. The disadvantage of encryption is the overhead involved in processing updates.

2) Sniffing

Sniffing uses network interface to receive data intended for other machines in the network. For
example a bridge connects two network interfaces by retransmitting the data frames received
on one interface to the other. Thus, in this process it examines all the frames. The "network
analyzer" is a device that can receive all the traffic on the network for diagnostic and analytical
purposes or diagnosing a variety of problems. This performs a useful function; but the same
capability can be exploited by a person with malicious intentions, to tap the information.

Sniffing data from the network leads to leakage of several kinds of information that should be
kept secret for a computer network to be secure. Through the use of sniffers the critical
information such as passwords, financial account numbers, confidential or sensitive data and
low level protocol information can be tapped. Although, computer systems mask the password
when the user types it on the screen, they are often sent as clear text over the network which

Electronic Commerce Page 80

 Srinivas Institute of Management Studies BCA - IV Sem

can be easily seen by any ethernet sniffer providing the intruder access to confidential or
sensitive data. In businesses that conduct electronic funds transfers over the internet, many
transactions involving the transmission of financial account numbers, such as credit card
numbers and account numbers can be picked up by the sniffer device. The interceptor can use
this information to access or even transfer funds from user's account.

How to Prevent Sniffing?

Sniffing can be prevented or at least its effects can be mitigated, through the proper
understanding of these devices and deploying them in an appropriate configuration. Encrypting
all the message traffic on the network ensures that the sniffer will only be able to get the
encrypted text (cypher text) rather than the clear text information. The information will remain
protected, provided the encryption mechanism deployed is strong enough and cannot be easily
broken. In an environment where all computers are connected on a single LAN segment, we
can define a secure LAN segment, whose data frames do not reach other LAN segments. Active
hubs can also be configured to send only frames meant for a specific machine and line. In this
configuration, no machine gets an opportunity see the frames meant for other machines.

Kerberos is another package that encrypts account information going over the network. It
comes with a stream-encrypting remote login (rlogin) shell and stream-encrypting remote
terminal (telnet) program. This prevents intruders from capturing the actions of the user, after
he logs in. Some drawbacks of kerberos are that all the account information is held on one host,
and if that machine is compromised, the whole network is rendered vulnerable.

The information can also be protected from sniffing based attacks by employing a
zeroknowledge authentication technique. This method is used for secure authentication
without password usage. Networks that use this system have a client and a server that share a
very long sequence of digits. During the client request for connection to a server, the server
asks the client for a set of digits, in a small set of positions in the sequence. Since the no. of
digits in the sequence is very long, the knowledge of a few digits is not sufficient for using it
in a future attack, as the server inquires a different set of positions each time the client connects.

7.5 Firewalls

A firewall is a controlled access point between security domains, usually with different levels
of trust. It acts as a gateway through which all traffic to and from the protected network and/
or systems passes. It helps to build a wall between one part of a network and another part. For
example, placing limitations on the amount and type of communication that takes place
between a company's internal network and the internet. The unique feature about this wall is
that there needs to be way for some traffic, with particular characteristics, to pass through
carefully monitored doors ("gateways"). The difficult part is establishing the criteria by which
the packets are allowed or denied access through the doors.

Firewalls can be a highly effective tool in implementing a network security policy if they are
configured and maintained correctly. The level of security that a firewall provides can vary
depending on the level of security required on a particular machine. There are other

Electronic Commerce Page 81

 Srinivas Institute of Management Studies BCA - IV Sem

considerations as well, like the traditional trade-off between security, ease of use, cost, and
complexity.

Types of Firewall

Firewalls can have variety of configurations, depending upon the security requirements and
availability of resources for a site. Broadly speaking, there are four types of firewalls which
accomplish controlled access, using following methods:
1. Packet Filtering
2. Circuit Level Gateway
3. Application Level Gateway
4. Stateful Inspection

Instead of all these advantages of a firewall, there are some things that a firewall cannot do:
1) If one of the servers in the trusted network supports a dial-in access to remote users and the
traffic between these machines does not go through the firewall, it cannot offer protection
against any attacks emanating from such connections.
2) Firewalls do not protect against threats emanating from internal users i.e., those who are
part of the trusted network.
3) Firewalls are concerned with monitoring the traffic and permitting only authenticated and
legitimate traffic flow. It does not concern itself with integrity issues related to applications
and data.
4) Firewalls cannot protect very well against viruses. That is, a firewall cannot protect against
a data-driven attack - attacks in which something is mailed or copied to an internal host.

7.7 Assignment Questions

1. Why is the internet vulnerable to hackers? Describe various sources of vulnerabilities. (5

or 6 marks) (2011, 2009)
2. What is meant by security policy? Distinguish it from security procedures. (5 or 6 marks)
3. Explain the different types of security problems or threats in e-commerce. (5 or 6 marks)
(2012, 2011, 2010, 2009)
4. What do you mean by denial of service? (2 marks) (2009)
5. What are the major threats posed by a sniffing attack? How do you deter from it? (5 or 6
marks)
6. What is a firewall and how does it protect a site? (4 or 5 marks) (2012, 2009) 7. Briefly
describe the various types of firewalls. (6 to 10 marks) (2010, 2011)

Electronic Commerce Page 82

 Srinivas Institute of Management Studies BCA - IV Sem

UNIT - IV Chapter-8 Electronic Commerce: Securing Network

Transaction

8.1 Transaction Security

In the electronic commerce environment the transaction take place over the network. During
various phases of an electronic transaction the information such as product specification, order
details, payment and delivery information travels over the Internet. The transaction
information transmitted over the public internet can be tapped, intercepted, diverted, modified
and fabricated by an intruder trying to gain some benefit or cause damages to competing
business. The intruder may be interested in seeking the confidential information about the
competing business entities or may even be interested in misguiding to cause losses to
competing business or gain benefit from such an act. The intruding activities can be broadly
classified in two categories- passive and active intrusion.

In passive intrusion, transmissions on the network are eavesdropped on or monitored. The

motive of the attacker is to obtain the information being transmitted. Passive attackers intercept
the information, resulting in the loss of confidentiality and privacy of the data. Passive attacks
are difficult to detect, as the data is not altered. For example, data can be scrambled using an
encryption technique so that even if the intruder is able to intercept the message, no meaningful
information can be extracted from it. Active attacks involve mutation of data or generation of
counterfeit messages. The motive of the attacker is prevent messages from reaching their
intended destination; to masquerade as another entity and get access to restricted information.
Active attacks are easier to detect as compared to their passive counterparts. If the message is
altered during the passage in any manner, the tampering can be detected because of the
violation of the checksum.

Network Transaction Security Issues

In the context of the communication over a network, the following attacks can be identified

Disclosure: Release of message contents to any person not authorized to see them or not
possessing the appropriate cryptographic key.

Traffic Analysis: It refers to the discovery of the pattern of traffic between parties. In a
connection-oriented application, the frequency and duration of connections could be
determined. In either a connection-oriented or connectionless environment, the number and
length of messages between parties could be determined.

Masquerade: It refers to insertion of messages into the network, from a fraudulent source.
This includes the creation of messages by an opponent that are purported to come from an
authorized entity. Also included are fraudulent acknowledgments of message receipt or
nonreceipt by someone other than the message recipient.

Electronic Commerce Page 83

 Srinivas Institute of Management Studies BCA - IV Sem

Content Modification: Changes to the contents of a message, including insertion, deletion,

transposition, or modification.

Sequence Modification: It refers to modification of the sequence of messages between parties,

including insertion, deletion, and reordering of some sequenced packets, by the intruder, during
transmission.

Timing Modification: It refers to delayed messages, or also replay of old message sequences
that were recorded by intruder in an earlier transaction. In a connection-oriented application,
an entire session or sequence of messages corresponding to a full session could be recorded by
an intruder, and later replayed. The destination may think of it as a valid session and carry out
the indicated transactions one more time.

Repudiation: It refers to the denial of the receipt of message by the destination or the denial
of transmission of message by the source.

8.2 Security Services

In the transactional internet environment, it is important to ensure the security of transactions

as they travel over the network. As stated above, transactions may be subjected to passive or
active intrusion. Passive intrusion threatens the loss of privacy and confidentiality of data and
active intrusion may result in the intruder assuming someone else identity and creating
transactions on their behalf, through fabrication. For developing trust in the electronic
commerce environment, for transactions to take place, the following five issues are important.

1) Authentication

Authentication is the process of verifying the identity of a person from whom the
communication message originated. In the case of a single message, authentication assures the
recipient that the communication partner is not an imposter, and that the text of the message
itself has not been altered.

In the case of an ongoing interaction, such as the connection of a remote terminal to a host,
there are two aspects of this service:
1. At the time of initiation of a connection, the verification of the two participating entities,
i.e., establishing that each of them is the same entity what they claim to be.
2. The connection is not interfered with, in such a way that a third party can masquerade as one
of the two legitimate parties, for purposes of unauthorized transmission or reception

2) Integrity

Integrity means that it should be possible for the receiver of a message to verify that the
message has not been tampered with, while in transit. An intruder should not be able to add,
delete or modify any part of the message during transmission. The receiver should be in a

Electronic Commerce Page 84

 Srinivas Institute of Management Studies BCA - IV Sem

position to verify, in case any tampering has taken place in the message stream. The integrity
of the message prevents any intentional or unintentional modification of the message through
the use of error detection codes, checksums and sequence numbering, time-stamping and
encryption, and hashing techniques. Error detection codes and checksums computed on fields,
or entire messages help in detecting & sometimes even correcting errors during transmission.
Sequence numbering and time-stamping protects against reordering, replaying, and loss of part
of the message. Encryption techniques can be used for detecting the tampering of messages,
by generating unique codes computed by the encryption algorithms. In order to ensure integrity
the sender may send the message and the computed hash code as well. In case of a tampered
message, the two hash codes - the one computed at receiver's end and the one provided by
sender, will not match.

3) Non-repudiation

Non-repudiation prevents either the sender or the receiver from denying a transmitted message
and files or data, when in fact they did. When a message is sent, the receiver can prove that the
message was in fact sent by the alleged sender by verifying the digital signature of the sender
on the message. Similarly, when a message is received, the sender can prove that the message
was in fact received by the alleged receiver. An agreement should be signed by both the parties
so that either of the parties cannot deny later that the message was not sent by them

4) Confidentiality

Confidentiality is the protection of transmitted data, from passive attacks. When a message is
transmitted over the communication channel it can be intercepted at any point in between,
through wiretapping or computer programs. Confidentiality ensures that the contents of a
message are not leaked or revealed to a hacker as it travels to its destination. In the electronic
commerce environment, the confidentiality of payment information and ordering details are of
utmost concern. Similarly, in case of business partners and associates sharing sensitive
information over the network, a competitor may like to have access to the information.
Confidentiality is usually ensured by encrypting information.

5) Authorization

Systems connected on the internet share information over the network, among a variety of
users. The authentication process ensures the correct identification of the user and letting
him/her in, but all the information on a system may not be shared with all users. Authorization
pertains to the permission granted to a person or a process to do certain things. Privileges are
associated with sensitive information stored on hosts. Authentication ascertains that the user is
who he claims to be, while authorization ascertains the rights of the claimant to access the
information, before presenting the data to him.

8.3 Cryptography

Cryptography, or the encrypting and decrypting of messages, for sharing secret messages
among a group of users or any two persons, has existed for thousands of years. One of the

Electronic Commerce Page 85

 Srinivas Institute of Management Studies BCA - IV Sem

earliest uses of cryptography was by Julius Caesar, who did not want messages carried by his
couriers to fall into the wrong hands. Caesar used a simple substitution cipher, now known as
the Caesar Cipher, to do this. Its operation was simple-each letter was rotated by three. Thus,
A became D, B became E, and so on. Later better algorithms were devised and put to use. The
security of the early algorithms depended on keeping its operation a secret and in ensuring its
restricted usage in order to prevent the enemy from even knowing where to start. In modern
encryption techniques, the secrecy of algorithms is a self-defeating proposition. Instead, it is
better to publicize the algorithms far and wide. So that, any loopholes can be found.

Cryptographic systems can be classified along three independent dimensions

1. The methodology employed in transforming the plaintext to ciphertext.

The message that is generated after encrypting a text to a non-readable format is called as a
Cipher-Text. It can only be decrypted by an intended receiver with a valid decryption key.

Encryption algorithms are based on two general principles:

• Substitution: Individual elements in the plaintext are mapped into another element or a group
of elements by employing a chart or a fixed pattern in order to disguise them. The order of
the plaintext symbols is preserved.
• Transposition: The individual elements of the plaintext are rearranged but not disguised.

2. The number of keys employed by the algorithm.

• Symmetric, Shared-key or Conventional encryption: The same key is shared by both
the sender and the receiver, i.e., the same key is used for encryption and decryption.
• Asymmetric, two key or public key encryption: The sender uses one key for encryption
and the receiver uses another complementary key for decryption.

3. The manner in which the original plaintext is processed.

• Stream cipher: The individual elements of the stream of data are processed continuously,
and the output is generated accordingly.
• Block cipher: The input being processed is a block of elements, and the output generated
is a block corresponding to each input block

8.4 Cryptanalysis

A cryptosystem or cipher system is a method of disguising messages so that only certain people
can see through the disguise. It is usually a whole collection of algorithms. Cryptanalysis is
the art of breaking cryptosystems and seeing through the disguise. Simply put, cryptanalysis is
the process of attempting to discover the plaintext message P or the key K or both. The strategy
employed by the cryptanalyst depends on the nature of the encryption scheme and the
information available to him. There are 2 types of Cryptosystems:

1) Conventional or Symmetric Encryption Model

Electronic Commerce Page 86

 Srinivas Institute of Management Studies BCA - IV Sem

In the conventional encryption model depicted in Figure 8.1 the original intelligible message
(plaintext) is converted into a coded message (ciphertext).

Fig 8.1 Simplified Model of Conventional Encryption

The encryption process consists of an algorithm and a key. The key is a value, which is
independent of the plaintext that controls the algorithm. The output of the algorithm is
dependent on the specific key being employed at the time of deciphering.

The ciphertext generated is transmitted over the network. At the receiving end, the ciphertext
can be transformed back to the original plaintext by using a decryption algorithm, and the same
key that was used for encryption. Mathematically, this model can be explained as follows:

• The plaintext P is encrypted by algorithm E and the key K to ciphertext C. The key K is kept
secret. C = EK (P).
• The decryption algorithm is used to translate the ciphertext to plaintext using same key K.
P = DK (C).
• E & D are mathematical functions or algorithms that encrypt and decrypt for the given key
K
• Since the same key is being used to encrypt and decrypt original messages. It implies that P
= DK (EK (P)).

2) Public Key or Asymmetric Cryptosystems

Public Key cryptosystems are also called asymmetric two key algorithms because two
different keys are used for encryption and decryption of the messages. It is computationally
infeasible to determine the decryption key given only the knowledge of the cryptographic
algorithm and the encryption key. In short, for each public key there is a corresponding private
key and the two keys together form a unique pair. Each end system in a network has a pair of
keys to be used for encryption and decryption of messages that it is going to receive. Each
system publishes its encryption key known as public key by placing it in a public register or
file where it is accessible to all. The companion key to be used for decryption is known as the
Private Key and is kept a secret.

Electronic Commerce Page 87

 Srinivas Institute of Management Studies BCA - IV Sem

Fig 8.2 Simplified Model of Public Key Encryption

The steps in a communication sequence are as follows:

• A wants to send the plaintext P to B. B has a related pair of keys: a public key EB which is
available publicly, and a private key DB, known only to B. A encrypts P with EB to generate
ciphertext C = EEB (P), and sends the result to B.
• B, on receiving this message, decrypts it with his private key DB to retrieve the plaintext P =
EDB(C)

• Since the original message P is retrieved from the ciphertext by the decryption operation, it
follows that P = EDB (EEB (P)).

Electronic Commerce Page 88

 Srinivas Institute of Management Studies BCA - IV Sem

Comparison of Conventional and Public Key Encryption System

Conventional Encryption Public Key Encryption

In order to work it needs: In order to work it needs:

1. The same algorithm with the same key to 1. One algorithm to be used for
be used for both encryption and decryption. encryption and decryption with a pair of
2. The sender and the receiver sharing the keys - one for encryption and other for
algorithm and the key. decryption.
2. The sender and the receiver each to
be in possession of one of the matched pair
In order to ensure security: of keys.
1. The key must be kept secret.
2. To decipher a message if no other In order to ensure security:
information is available should be impossible 1. One of the two keys must be kept secret. 2.
3. Algorithm knowhow and samples of the To decipher a message, if no other
ciphertext must not compromise on the key. information is available, should be
impossible 3. Algorithm knowhow along
with one of the keys and samples of the
ciphertext must not lead to the determination
Problems:
of the other key.
1. Keys distribution is a problem. The
secrecy of entire algorithm lies on the key
Problems:
remaining a secret. For encryption systems
all over the world, secure distribution 1. Public Key cryptosystems are slow
amounts to an impossible task. and symmetric algorithms have been
observed to perform times faster than public
key systems.
2. Unmanageable key space. If the use of a
separate key for each pair of users in the
network is assumed then the total number of 2. It is vulnerable to chosen plaintext
keys is proportional to n2 which is very large attacks. If C = E(P), when P is one plaintext
when n gets large texts, then a cryptanalyst has to encrypt all n
possible plaintexts and compare the results
to C. This way one cannot get the decryption
key but he surely can get P.

Electronic Commerce Page 89

 Srinivas Institute of Management Studies BCA - IV Sem

8.5 Digital Signatures

The digital signature is to the electronic world what the handwritten signature is to the traditional
commerce. It must incorporate the following properties:
• It must be able to verify the author, the date, and the time of the signature.
• It must be able to authenticate the contents, at the time of the signature.
• It must be verifiable by third parties, in case of any dispute.

The above properties place the following requirements on the digital signature:
• The signature must be a bit pattern that is dependent on the message being signed.
• To prevent forgery and denial, the signature must use some information unique to the sender.
• The digital signature must be easy to generate.
• The storage of a copy of the digital signature must be simple.
• Forging the signature must be computationally infeasible, i.e., either by constructing a
fraudulent signature for a given message or constructing a new message with an existing
signature.
• The signature must be easy to recognize and verify.

In this method the hash algorithm, which is a public information is used to generate a unique
message digest or hash value, which is used to encrypt the data. Anyone may be able to alter
the data and recalculate a new 'correct' message digest .To rectify this situation, the message
digest is encrypted using a private key of the sender. This encryption of the message digest is
called a 'digital signature'. Because a digital signature is created by using public key
cryptography, it is possible to identify the sender of the payment information. Since the
encryption is done by using the private key of a public/private key pair, this means only the
owner of that private key can encrypt the message digest. Therefore, if the decryption's digital
signature equals the message digest calculated by the receiver, then the payment information
could not have come from anyone but the owner of the private key.

Secret Key Signatures

This approach involves a central authority that is trusted by everybody. Each user shares his/her
secret key with the Certification Authority (CA).

Electronic Commerce Page 90

 Srinivas Institute of Management Studies BCA - IV Sem

Alice wants to send a signed plaintext to Bob. She generates the string (B, RA, t, P) where B is
the receiver Bob, P is the plaintext, t is the time-stamp and RA is the random number and then
encrypts it with her secret key KA. This, along with her identity, is sent to CA as message 1.

The CA, on observing the message from Alice, decrypts it with her key K A and extracts the
plaintext P, time-stamp t and the random number RA. CA then combines these strings and signs
it with its own signature KCA. This encryption, along with A, RA, t and P, is again scrambled
using Bob's secret key to form the message 2 and this is sent to Bob.

Bob decrypts it with his secret key, KB to extract P and KCA (A, t, P). The signed message from
CA is stored by Bob as a proof that Alice had sent P to Bob. In case of any dispute, when Bob
claims to have received the message from Alice and she denies it, the CA can decrypt the KCA
(A, t, P) portion of the message received by Bob and verify the fact that the message was
indeed sent by Alice to Bob.

Fig 8.11 Digital Signature Using Central Authority

Public Key Signatures

If Alice wants to send the plaintext message P to Bob, by encrypting it with her private key
DA and then encrypting it with Bob's public key EB, the message generated will be EB(
DA(P)), and this is transmitted over the network to Bob.
Bob, on receiving this message, first decrypts the message using his private key, DB, to extract
DA(P). This is then decrypted using Alice's public key, EA, to retrieve the original plaintext P.
If Alice subsequently denies having sent the message, Bob can produce both P and D A (P). It
can be easily verified that Bob has a valid message encrypted by DA, by applying, EA, to it.
The only way Bob could have received a message encrypted by DA is by Alice sending it.

Fig 8.12 Digital Signature Using Public Key Cryptography

Electronic Commerce Page 91

 Srinivas Institute of Management Studies BCA - IV Sem

8.6 Email Security

Electronic mail, better known as e-mail, is the most widely used network based application on
the internet. It is widely used across all architectures and vendor platforms. With the
explosively growing reliance on e-mail for every conceivable purpose, the demand for
authentication and confidentiality services has also grown. Two schemes that are extensively
used to ensure the privacy of e-mails are:
(i) Pretty Good Privacy (PGP)
(ii) Privacy Enhanced Mail (PEM)

PGP

Pretty Good Privacy is a comprehensive e-mail security package that addresses privacy,
authentication, confidentiality, digital signatures and compression issues.
Mechanism of PGP: Alice intends to send the plaintext message P, to Bob, in a secure manner.
The public and private keys of Alice are EA and DA, respectively. For Bob the corresponding
keys are EB and DB.

Alice types the message P and runs the PGP program on her workstation. The program hashes
the message P using MD5 and then encrypts the result with Alice's private RSA key, DA. The
encrypted hash and the original message are concatenated into a single message P' and
compressed using the ZIP program, resulting in output P'.zip. Alice, on being prompted by the
PGP program enters a random input. The content and the typing speed are used to generate a
128-bit IDEA message key, KM. The P'.zip is encrypted using the newly generated key, with
IDEA in cipher feedback mode. KM is encrypted with Bob's public key, EB. The two
components are concatenated and converted to base-64. The resulting message then contains
letters, digits and the symbols like +, / and =, and is sent unmodified.

Bob, on receiving the message, reverse the base-64 encoding and decrypts the IDEA key using
his private RSA key, DB. This IDEA key is then used to decrypt P'.zip. After decompression,
Bob separates the plaintext from the encrypted hash, decrypts the hash with Alice's public key,
and verifies the integrity of the hash. If the plaintext is in agreement with his MD5
computation, it confirms that the message was correct and was sent by Alice. PGP provides
the user with several RSA key size options, depending on the desired level of confidentiality:
• Casual (384 bits): known to be breakable, but with much effort.
• Commercial (512 bits): possibly breakable by three-letter organizations.
• Military (1024 bits): generally believed to be unbreakable

Electronic Commerce Page 92

 Srinivas Institute of Management Studies BCA - IV Sem

Fig 8.13 Use of PGP in Encrypting a Message

PEM

Privacy Enhanced Mail is a draft internet standard that provides security related services for
electronic mail applications. Its most common use is in conjunction with the internet standard
Simple Mail Transfer Protocol (SMTP), but can be used with any electronic mail scheme.
The PEM specification consists of the following four RFCs:
(i) RFC 1421: Message Encryption and Authentication Procedures
(ii) RFC 1422: Certificate Based Key Management
(iii) RFC 1423: Algorithms, Modes and Identifiers
(iv) RFC 1424: Key Certification and Related Services

PEM is an end-to-end service that is transparent to intermediate mail forwarding elements. The
underlying mail system need not be altered to accommodate PEM. It provides protection in
SMTP as well as other mail transport environments. PEM also supports the use of advance
manual distribution of keys, centralized key distribution based on symmetric encryption and
the use of public key certificates. This requires the communicating end systems to share the
same key distribution mechanism.

Specifically, PEM provides the following capabilities:

• Disclosure protection
• Originator authenticity
• Message integrity
• Non-repudiation of origin

Messages sent using PEM is first converted to a canonical form, so that they have the same
conventions about white spaces (tabs, trailing spaces etc.), use of carriage returns and line
feeds. This transformation ensures that message transfer agents are unable to modify the
contents. A hash message is then computed using MD2 or MOS. The combination of the hash
and the message is encrypted using DES. The output is then delivered to the recipient. Each
message is encrypted with a one-time key, which is enclosed along with the message. At the
receiving end, the reverse process for decryption takes place.

On the other hand the PEM does not address security related concerns such as access control,
confidentiality of traffic flow, routing control, issues relating to the serial reuse of PCs by
multiple users, assurance of message receipt, detection of duplicate messages and prevention
from replay attacks.

8.7 Assignment Questions

1. What are the different types of network security issues? (4 or 5 marks)

2. What are the different network services to ensure the security of a message? (4 or 5 marks)

Electronic Commerce Page 93

 Srinivas Institute of Management Studies BCA - IV Sem

3. What is meant by the integrity of a message? Describe a technique to ensure the integrity
of an e-mail message. (4 or 5 marks)
4. Define a cipher-text. What is the principle of Cryptography? (2 marks) (2012, 11, 09, 08)
5. What do you mean by cryptanalysis? Describe a conventional encryption model. (5 or 6
marks)
6. Explain the symmetric key cryptosystem with a neat diagram. (6 or 7 marks)
7. Explain the public key cryptosystem with a neat diagram. (6 or 7 marks) (2012, 11, 09)
8. Compare conventional and public key cryptosystem. (5 or 6 marks)
9. What is a digital signature? How does it work? (2011, 10, 09)
10. Explain the working of secret key signatures with the help of a neat diagram. (6 marks)
11. Explain the different steps in encrypting and decrypting a message using public key digital
signatures. (6 marks)
12. Explain the PGP model used in email security with a neat diagram. (5 or 6 marks) 13.
Explain the PEM model of email security with a neat diagram. (5 or 6 marks)

CHAPTER-9

Electronic Payment System

9.1 Introduction to Payment System

With the growth of the internet economy, a variety of transactions, some of extremely low
value, while others of high value need to be handled. Based on the size of payment, all payment
transactions can be classified in the following three categories:

• Micro Payments: These transactions usually involve ones that have very low payment
value. At times, the value of a transaction may be a fraction of a currency unit. Typically,

Electronic Commerce Page 94

 Srinivas Institute of Management Studies BCA - IV Sem

transactions that are of five or lesser currency units, in case of dollars and fifty in case of the
rupee, are treated as micro payments. Since, the transactions are of such a low value, even a
small overhead or a minimum overhead may become unbearable. Thus, systems for micro
payments have to ensure near zero overhead in order to make them viable.

• Consumer Payments: These payments typically involve values of five to five hundred
currency units, in the case of dollars and euros, and may be 50-5000 units, in case of the rupee.
These are the dominant form of payment transactions, as most of the consumers buying in a
single shopping trip fall under this category.

• Business Payments: Usually transactions that are of higher amounts-five hundred and
above in case of dollars or five thousands and above in case of rupee-are treated as business
payments. Businesses payments usually have an invoice associated with them. Business-
toBusiness payment transactions are in the higher range, and fall in this category.

9.2 Online Payment Systems

Various methods have been used for online payments. In general, the various payment
mechanisms can be broadly classified in to three categories – E-Cash, Cheques and Credit
cards. Many virtual shops on the internet accept payment through digital cash, electronic
cheques or the credit card mechanism. Digital cash is the electronic equivalent of physical
cash, with all the inherent properties of cash embedded in it. Digital cash represents, in a
sequence of binary numbers, an intrinsic value in a chosen currency. As the payment systems
involve direct financial transaction, dealing with the movement of actual money, they become
prime targets for defrauders all over the world. During transmission from the buyer to the
seller, the binary numbers are susceptible to interception by packet sniffing programs and
hence resultant fraud. Thus, the issue of ensuring integrity, confidentiality and non-refutability
acquire an added significance. Encryption offers solutions to some of these problems.

In the real world, we have three distinct types of payment systems - Pre paid, Instant-raid and
Post-paid. On the electronic payment front too, payment systems that have evolved can be
placed in the above three categories. None of the electronic payment systems are as of now
equivalent to or carry the Government/ Central Bank guarantee, like physical cash; debit cards
come closest to instant-paid electronic payment systems.

9.3 Pre-paid Electronic Payment Systems

eCash

eCash is a purely software based, anonymous, untraceable, online token payment system
available on Unix, Windows, as well as Macintosh platforms eCash attempts to replace paper
cash as the principal payment vehicle in online payments. It combines computerized
convenience with security and privacy that improve on paper cash eCash can be held and used
by anyone, even those without a bank account. eCash allows for bi-directional payments. There

Electronic Commerce Page 95

 Srinivas Institute of Management Studies BCA - IV Sem

is no distinction between customers and merchants with regards to payments. Both sides can
give and receive payments. However, since the system is coin or currency based, it requires
clearing of coins by its issuing bank. The implementations of various transactions with eCash
are as follows:

Withdrawal: There are two participants in the withdrawal transaction, the bank and the
customer. A customer connects to an eCash issuer and purchases electronic coins of the
required value. These coins are generated, involving the blind signature scheme to make the
tokens anonymous. The customer generates the token ids, blinds them, determines their
denominations, transmits them to the issuer that blind signs them and returns them to the
customer, who in turn unblinds them and stores them on his PC, in a wallet. No physical coins
are involved in the actual system; the messages include strings of digits and each string
corresponds to a different digital coin, with each coin having a denomination or value. The
wallet of digital coins is managed automatically by the customer's eCash software. It decides
which denominations to withdraw and which to spend in particular payments.

Purchase: Once a customer has some eCash on his hard drive, he can buy things from the
merchant's shop. If the customer shows the intent to purchase a product, he receives a payment
request from the merchant, which he has to confirm. His eCash software chooses coins with
the desired total value from the wallet on his hard disk. It then removes these coins and sends
them over the network, to the merchant's shop. When it receives the coins, the merchant's
software automatically sends them on to the bank and waits for acceptance before sending the
goods to the customer, along with a receipt. To ensure that each coin is used only once, the
bank records the serial number of each coin in its spent-coin database. If the coin serial number
is already recorded, the bank detects that someone is trying to spend the coin more than once
and informs the merchant or else the bank stores it and informs the merchant that the coin is
valid and the deposit is accepted.

Customer-to-Customer: When a customer receives a payment, the process would be the

same. The only difference between payment from a customer to another customer and the
earlier one is what happens after the bank accepts the cash. Once the second consumer has
configured his software, he requests the bank to withdraw the eCash just deposited, and send
it back to his PC as soon as the coins are accepted.

Privacy Protection (Blind Signature): In a simple withdrawal the bank creates unique blank
digital coins, validates them with its special digital stamp and supplies them to the customer.
This would normally allow the bank to recognize the particular coins when they are later
accepted in a payment and also tells exactly which payments were made by the customer.

Electronic Commerce Page 96

 Srinivas Institute of Management Studies BCA - IV Sem

Fig 9.1 Transaction Flow in eCash System

Security: By using 'blind signatures', the bank is able to validate coins without tracing them
to a particular account. Instead of the bank creating a blank coin, the customer's computer
creates the coin itself at random. Then it hides the coin in a special digital envelope and sends
it off to the bank. The blind signature mechanism lets the validating signature be applied
through the envelope. But the bank cannot tell who made the payment. When the customer's
computer removes the envelope, it has obtained a coin validated by the bank's stamp. When he
spends the coin, the bank must honor it and accept it as a valid payment because of the stamp.

Mondex (E-Wallet)

The Mondex purse or eWallet is a smart card alternative to cash. The Mondex purse, a
selfstanding value store, requires no remote approval of individual transactions. Rather, the
mondex value equivalent to cash is stored in the card's microchip. The purse also stores secure
programs for manipulating that value and for interfacing with other Mondex cards or terminals.
After withdrawal from an ATM, the value (money) can be transferred from one card to another
via a special, password protected, electronic wallet. The first implementation of Mondex
supports upto five different currencies, each separately accounted for by the card.

The Mondex system uses the following hardware:

• Mondex smart card
• Mondex retailer terminal: to transfer funds from the customer card to merchant terminal.
• Mondex wallet: a pocket sized unit to for storing larger sums of digital money than the card.
• Mondex balance reader: a small device to reveal the balance remaining on the Mondex
Card.
• Mondex hotline: to access the bank account, to transfer money to the card, to check the
balance, and to transfer money to other cardholders.

Electronic Commerce Page 97

 Srinivas Institute of Management Studies BCA - IV Sem

• Mondex ATM: to recharge cards or to transfer money back into the account.

Transaction: The sequence of steps in a particular transaction is:

1. Customer loads value (money) onto the card either from an ATM machine or from a phone.
2. On purchase of an item, the customer provides his card to the merchant's point of sale device
and authorizes the transfer of a certain value.
3. The amount is electronically deducted from the chip inside the customer's card and added
to the amount on the retailer's chip.

All this is accomplished without accessing the customer's bank balance or checking his or her
credit worthiness.

Fig 9.2 Transaction flow in Mondex System

For use over the internet, a Mondex compatible card reader will be attached to the computer.
When a transaction takes place, computer talks to the card through an interface. An electronic
handheld device lets cardholders check their balances.

Security: Just like cash, if a smart card is lost or stolen, the cardholder loses real money.
However, the Mondex card has a unique feature that allows cardholders to lock the value on
the card with a four digit personal number, thereby safeguarding the value held on the card.
The system uses special purpose hardware on smart cards to ensure its cryptographic security.
An important point about Mondex transactions is that value can only move from one Mondex
card to another and can only be stored on Mondex cards.

NetBill

NetBill has been conceived to address the problem of buying information goods over the
internet. As opposed to the physical goods purchased on the internet, and shipped later by the
merchant, the information goods are themselves transferred over the internet, to the customer.
Preferably, this transfer should take place immediately after purchase. Hence, the issues to be
addressed in such a transaction are very different from these on transactions involving physical
goods.

Transaction: The transaction flow is depicted in Fig. 9.4 and the sequence of transactions
using NetBill is described as follows:

1. The customer buys information goods from the merchant.

2. The Merchant sends goods, in encrypted form, to the customer.

Electronic Commerce Page 98

 Srinivas Institute of Management Studies BCA - IV Sem

3. The customer software verifies that the goods were received correctly & sends verification
of this to the merchant software.
4. The merchant submits the verification message received from customer, the account
information provided by customer and the decryption key to the NetBill server.
5. The NetBill server verifies that the customer has sufficient money in the account to pay for
the goods. In case of sufficient funds, it transfers funds, stores the decryption key and sends
the report to the merchant software.
6. The merchant then sends the customer decryption key, which the software on the customer
machine uses to decrypt the goods. In case the merchant server fails to deliver the decryption
key, the software on customer server can acquire the key from the NetBill server.

The NetBill server keeps accounts for all merchants and customers. The accounts are linked to
accounts at a traditional bank. The NetBill server operates transitionally, to ensure that the
consumer does not get billed for goods he cannot decrypt or receive goods without paying for
them.

Fig 9.3 Transaction Flow in NetBill System

Security: NetBill uses a combination of public key cryptography and symmetric key
cryptography to make sure that all NetBill communications are secure and all transactions are
authorized. NetBill's approach is based on the well tested Kerberos protocol, which is a
network authentication system for that allows entities communicating over networks to prove
their identity to each other, while preventing eavesdropping. It also provides for data stream
integrity (detection of modification) and secrecy (preventing unauthorized reading) using
cryptography systems such as DES (Data Encryption Standard).

9.4 Requirement Metrics of a Payment System

1) Transaction
Transaction, in the context of payment systems, refers to the actual exchange of currency with
the goods or documents being transferred. Every transaction should exhibit the following
characteristics.
• Atomicity: It refers to the system's ability to ensure that no partial transactions or
exchanges can take place. In other words, if system failure takes place in the middle of a
transaction, the effect of the transaction will be fully erased and system will be restored to the
original state. That is, either a transaction should occur completely or it should not occur at all.

Electronic Commerce Page 99

 Srinivas Institute of Management Studies BCA - IV Sem

• Transfer of Funds: There should not be any currency loss in the transaction. Either a
full transfer, in which the account of the payer is debited and the account of the payee credited
with the corresponding amount-should take place or no change of accounts should occur at all.
• Complete Transfer: This is applicable in the case of digital goods transfers over the
net. A complete exchange of currency with the corresponding digital goods should take place.
If a digital goods delivery is linked to its payment, then either both should happen or none at
all. This is also referred to as the fair exchange protocol.
• Consistency: There should be no ambiguity in the transaction. All parties concerned
must agree on the relevant facts, i.e., amount and reason of transfer, of the transaction.
• Isolation: Transactions must be independent of each other. The result of a set of
concurrent transactions must be equivalent to a sequential arrangement of these transactions.
• Durability: Durability becomes important in case the system crashes during the
transfer. Even after a system crashes, the system should recover to a state, where transactions
and status information is consistent. If the crash occurred prior to transfer than the system
should reflect the prior state, otherwise it should show the durable effect of the transfer.

2) Security

Security, in the context of payment systems, refers to the system's ability to protect all parties
from frauds, due to interception of online transmission and storage. The payment system
should be secure enough to offer the following:

• Fraud Protection: Digital payment systems must be tamper resistant and should have
builtin mechanisms to prevent illegal use of digital cash. It must also provide the means for
detection and punishment of misuse, after the fraud.
• No Double Spending: Since digital cash is represented by bytes that can be easily
copied and re-spent, the digital payment system should safeguard against reuse of currency.
• No Counterfeiting: The system should be able to detect fake currency. It should be
easy to distinguish between legal money tokens and unauthorized illegal money.
• No Overspending: The system should have the means to ensure that the user is unable
to spend beyond the money represented by token, or held in the purse.
• Non-refutability: The parties involved should be able to verify that the payment
transaction has taken place, along with the amount and the purpose of transaction
• Hardware Tamper Resistance: Some digital payment systems rely on tamper resistant
hardware like smart cards to prevent double spending and forgery, and can be used offline.
• Unauthorized Use: The tokens stored in soft format/ digital data are easy to steal, a
good payment system should prevent the stealer from being able to spend the tokens.
• Privacy Control: The payment system should make it possible for customers to keep
their spending habits private from observers, merchants, and banks.
• Confidentiality: The grants of confidentiality by the payment system are essential to
the user. In an ideal situation, the payment transaction should be carried out in such a manner

Electronic Commerce Page 100

 Srinivas Institute of Management Studies BCA - IV Sem

that it maintains confidentiality of all the intermediate information and yet ensures the value
transfer.
• Non-traceability: Payment systems should ensure ruling out any possibility of two
different payments, by the same user, being linked together. The transaction should also
maintain anonymity and non-traceability, similar to cash payments in a shop.
3) Interoperability

The interoperability of the payment systems refers to its ability to operate in multiple online
as well as offline payment environments. The various issues involved under interoperability
are:
• Divisibility: Money should allow for both low value and high value transactions. Hence,
it should be possible for users to replace a single high denomination transaction by several low
denomination transactions as and when desired.
• Bi-directionality: The payment system should not only allow the regular merchants to
receive payments, but also customers to receive refunds. The payment instrument should work
both ways, without either party being required to attain registered merchant status.
• Re-spendibility: The receiver or the owner, of digital money should be able to transfer
it to any other person as in the case of normal cash, without the intervention of a third party.
• Acceptability: In interest of long term viability, the payment system should not be
restricted to any particular financial institution. All institutions and banks should also accept
the electronic cash issued by an institution.
• Multi-currency Support: Since electronic commerce has a global reach, a single
national currency support impedes worldwide acceptance. Hence, the payment system should
support multiple currencies and a reasonable mechanism for converting one currency into
another. Of course, this requirement is not very easy to implement, given the volatility in
exchange rates and limited/restricted convertibility of many currencies around the world.
• Exchangeability: It should be possible for electronic payments of one digital payment
system to be exchanged for payments of another digital payment system, or for any other
bankable instrument.
• Portability: Security and usability of a payment system should not be dependent on a
certain physical location, e.g., on a particular computer. The owner of the digital currency
should be able to spend it from any location, even when on move.

4) Scalability

Scalability refers to the level of operations possible within a certain payment system. The
payment systems should be able to support many consumers buying goods at the same time
from many merchants, even under peak conditions. The service should be scalable for the load
performance, and efficient for the micro payments as well as general payments.

• Offline Operation: Usually, the payment systems involve a trusted third party who is
online for validation and authorization. It should also support offline operations where the third

Electronic Commerce Page 101

 Srinivas Institute of Management Studies BCA - IV Sem

party is not necessarily available online all the times. This reduces delays and increases
availability of the payment system.
• Micro Payments: Micro payments refer to payments for services that are offered even
at fractions of the basic unit of currency. These services are normally are made available on a
pay per use basis. A payment system should make low value transactions economically
feasible. Therefore micropayment techniques need to be both inexpensive and fast.
• Low Costs: The cost of executing a payment transaction should be low enough to render
low value transactions economical.
• Efficiency: Digital payment systems must be able to perform micro payments without
noticeable loss of performance.
• Macro Payment: These payments refer to transactions that usually start from multiple
units of the basic currency unit. The system should be able to handle these payments in a secure
and efficient fashion.

5) Economy Issues

In order to become an accepted economical instrument, a digital payment system needs to

provide a trusted, reliable and economically feasible service to a sufficiently large user
community.
• Operational: A system should be deployable immediately, i.e., the testing of the
payment system should not be so protracted as to render the mass use impossible.
• Large User Base: The payment system should be used by a large number of customers.
The size of customer base using the digital payment system affects the merchant's attraction to
it, while currency acceptance by large number of merchants affects the size of user base.
• Low Risk: The electronic payment system should minimize the risk of financial loss
associated with the use of such payments systems. It should at best be limited and controlled.
To develop trust, users should be protected from financial losses by system misuse.
• Reliability: An electronic payment system must be highly reliable in its operation. It
should ensure high availability as a temporary failure can cause uncontrollable losses to its
user base.
• Conservation: It refers to the conservation of value stored in digital currency, over a
period of time. It should be easy to store and retrieve the value. The value of money should be
lasting in nature, it should diminish when spent, rather than become invalid with the passage
of time.
• Ease of Integration: The electronic payment system should be easily integratable with
applications that conduct the electronic commerce process over the network.

9.5 Assignment Questions

1. Explain the different categories of payment systems. (5 marks)

2. Discuss the basic requirements of an online payment system. (5 or 6 marks)
3. Write a note on micropayments. (5 or 6 marks) (2011, 10, 09)

Electronic Commerce Page 102

 Srinivas Institute of Management Studies BCA - IV Sem

4. Explain the different types of prepaid electronic payment systems. (6 to 8 marks)

5. Write a note on E-Cash ( 5 or 6 marks) (2012, 11, 10, 09, 08)
6. Explain the working of Mondex electronic payment system (6 marks)
7. Explain the working of NetBill electronic payment system (6 marks)
8. Explain the requirement metrics of a payment system. (6 to 8 marks)

Chapter-10

Mobile Commerce: Introduction, Framework & Models

10.1 Introduction

The term Mobile Commerce or M-Commerce has been used to describe a variety of
transactions conducted through mobile devices connected through the wireless network.
Wireless networks like GSM, GPRS, TDMA, CDMA, and UMTS enable the mobile device
user to access variety information stored on databases on connectivity providers, other service
providers, and information providers, including information stored on web servers. Here,
mobile devices refer to all such devices that connect to wireless networks and are capable of
accessing, interacting, answering and displaying the information on the screen. The term
mobile device is used here to refer to devices like: Cellular phones, Hand-held computers such
as palmtops, tablets PCs and PDAs or Messaging/pager devices.

Mobile Commerce can be defined as any electronic commerce activity conducted over the
wireless network through mobile devices. It is the exchange of information, goods, and
services through the use of mobile technology.

The different activities that can be performed using M-Commerce are as follows: •
Paying for and downloading ring tones, mp3 music, news or information services
• Receiving parking meter expiry, alerts on handheld devices and paying for additional parking
time
• Enquiring the airlines, train or dynamic bus arrival schedules
• Enquiry, reservation and purchase of airlines tickets through mobile wireless devices
• Enquiring about stock market conditions and placing a stock purchase or sales order through
the mobile devices
• Receiving the location-specific information regarding restaurants, entertainment complexes
through mobile device

Electronic Commerce Page 103

 Srinivas Institute of Management Studies BCA - IV Sem

• Receiving location-specific advertisement and product discount coupons in the current

neighborhood

10.2 Benefits of Mobile Commerce

 Since the consumer using the handheld device comes through a specific wireless network
through which the location can be identified. The location identifiable connectivity offered
by mobile commerce not only enhances the benefits made available by the electronic
commerce but additionally helps in providing more relevant content.

 The round the clock (24x7) availability offered by the Internet is also available to mobile
commerce users, anytime & anyplace. This benefited many users of electronic commerce
as they could conduct their business and access information at convenient times and from
the confines of their homes or any other place, provided it had internet connectivity.

 A mobile user trying to locate an ATM teller can contact the banking service provider
which in turn can download the location of the nearby ATM center.
 Mobile commerce offers a greater deal of flexibility in accessing the information through
a personalized mobile environment.

 Timely information such as flight availability and flight schedules can be obtained even at
the last minute.

 The last minute on-the-move access offered by mobile commerce extends electronic
markets further as the last minute availability information often leads to immediate
purchase.

 Mobile devices, as they remain connected all the time and in possession of the user, can
also be used for delivering time critical as well as emergency information.

 SMS based notification and alert services can be put to use to inform users of changes in
flight schedules, stock prices, etc.

 The very nature of wireless infrastructure assists in identifying mobile users in certain
specified geographic regions. Thus, region specific promotion or information distribution
can be easily accomplished in the mobile commerce environment.

 Mobile commerce offers better opportunity for personalization of information and delivery
of content that is relevant to the mobile user.

 If the user requests information regarding certain products, the advertiser can deliver the
information about the stores that stock the targeted products. In other words, mobile
commerce offers advertisers an opportunity to deliver time sensitive, geographical region
specific information along with promotional discount coupons anytime, anywhere.

 Electronic commerce payment models require third party mechanisms such as credit cards.
Mobile commerce, on the other hand, can utilize the mobile device itself for payment

Electronic Commerce Page 104

 Srinivas Institute of Management Studies BCA - IV Sem

purposes and payments made on the device can appear as part of the phone bills. Users can
thus pay for parking meters, taxis, petrol, etc. through the mobile device.

10.3 Impediments (Issues) in Mobile Commerce

Mobile Screen Resolutions: Mobile handheld devices commonly used today include phones
and palm-sized computers. The very nature and purpose of these devices offers a limited screen
size. In web browsing users can get a rich experience of browsing the product details on 800x
600 pixel sized screens with rich colors and a tool set to offer 3-D and even video experience.

User Interface: The graphic user interface of the web browser offers the point and click
interface. Although, handheld devices provide a great deal of flexibility and mobility in
accessing the information, they have far lesser convenient user interface when compared to
personal computers. In contrast, mobile devices offer menu based scroll and click interface. The
physical lightness and small-size of the device poses limitations in the development of
convenient input and display interfaces.

Memory: Mobile devices also have limited computing power and memory and storage
capacity. As a result, they are unable to run and support complex applications.
Incompatible Networks: The cellular networks evolution in the past decade has created
multiple competing protocol standards. In the United States much of the mobile networks
deployed have been using Time Division Multiple Access (TDMA) and Code Division Multiple
Access (CDMA). On the other hand, many European nations and the Asia-Pacific region
adopted the General System for Mobile Communication (GSM). Later in India, most of the
cellular phone operators adopted the Reliance Info Com., which used CDMA for wireless
networks. Although the interconnect arrangements do exist between the multiple players, yet
mobile commerce application builders have to be aware of the heterogeneity of the network
protocols and ensure that the application is able to operate seamlessly in any network.

Bandwidth Access: Wireless networks use frequency spectrum for exchanging information. In
order to promote healthy competition amongst wireless operators and judicious use of limited
spectrum, regulatory bodies control the spectrum. In India, frequency spectrums were initially
allocated and regulated by the Department of Telecommunication (DoT). The Telecom
Regulatory Authority of India (TRAI) was later set up to manage the spectrum.

Security Concerns: Mobile commerce operates over wireless networks making it more
vulnerable to intruders compared to wired infrastructure. In the wired network, the intruder has
to gain physical access to the wired infrastructure while in the wireless network the intruder can
be anyone with the ability to receive signals on his wireless intrusion device.
Also, from the technology standpoint, the wireless infrastructure is faced with the following
security related concerns.
• Since handheld devices have limited computing power, memory and storage capacity, it
is difficult to deploy encryption schemes without severe degradation in performance.

Electronic Commerce Page 105

 Srinivas Institute of Management Studies BCA - IV Sem

• The atmospheric interference and fading of signal in wireless channels causes frequent
data errors and sometimes even disconnection. A disconnection in middle of a financial
transaction can leave the user unsure and distrustful and may also lead to vulnerability.
• Authentication of mobile devices prior to carrying out any transaction is a major issue.
The network is capable of authenticating the SIM, but a SIM user cannot authenticate the
network. Therefore, a sound commerce environment requires that both sides should be able to
authenticate each other.
• The disconnection and hand-off issues pose additional problems in trying to maintain
the identity of the mobile device and authentication of it being in order.
•The encryption mechanism may make it harder to decipher but inability to use higher key
lengths for encryptions increases the degree of vulnerability

Competing Web Language: Mobile devices cannot handle full-fledged HyperText Markup
Language (HTML) documents. In order to offer web access and offer similar services, two
competing but incompatible standards have emerged. The mobile devices that adopt Wireless
Access Protocol use Wireless Markup Language (WML) for mobile commerce applications,
while the NTT DoCoMO's iMode devices use a condensed version HTML (CHTML). In order
to enable voice access and interface for displaying web content, VoiceXML, a new markup
language, has also emerged. Incompatible standards make the task of mobile commerce
application and service providers even more complex.
10.4 Mobile Commerce Framework

Mobile commerce applications require a reliable wireless network infrastructure to move

the information and execute transaction in a distributed environment. These applications also
rely upon two key component technologies, i.e., the information publishing technology
necessary for the creation of suitable digital content that can be browsed through handheld
devices with limited memory, storage, and processing capabilities; and information
distribution technology to move digital contents and transaction information over wireless
networks. Thus, in the mobile commerce framework, network infrastructure forms the very
foundation while publication and distribution technologies are the two pillars that support the
creation of distributed mobile commerce applications. In addition to technological
infrastructure and applications, for electronic commerce to flourish it is essential to have a
business service infrastructure. The business service infrastructure comprises of directory
services, location and search services, and trust mechanism for private, secure, reliable and
non-repudiable transactions along with online financial settlement mechanism, that operate
over the wireless network.

The multi-layered architecture of electronic commerce, comprising of essential blocks has

been shown in Fig. 10.1. The framework describes various building blocks enabled by
technology for creating new market and market opportunities. The building elements of the
mobile commerce architecture are described as follows:

Electronic Commerce Page 106

 Srinivas Institute of Management Studies BCA - IV Sem

Fig 10.1 Architectural Framework of Mobile Commerce

10.4.1 Wireless Network Infrastructure

This layer is also called as the Information Superhighway, as it is used to move and execute
the transactions in the mobile commerce environment using dedicated network cables which
may be wired or wireless cables. It is the combination of several technologies such as the
availability of digital communication through hand held devices, embedded operating software
for processing information and digital connectivity through wireless networks which are
essential requirements for mobile commerce applications to operate.
Wireless networks have evolved from the basic voice only radio based analog transmission and
have acquired the digital voice and data transmission capability. Wireless networks today are
capable of achieving 2 Mbps data rates. The following Table 10.2 describes the evolution of
the wireless networks.

Fig 10.2 Evolution of Mobile Networks

In the cellular mode of communication large geographical regions are identified and allocated
to service providers. The Telecom Regulatory Authority of India (TRAI) handles the allocation
and other regulatory issues, such as how many players can operate within a specific area. Each
of service provider is allotted a separate frequency sub-bands within the overall frequency
allotment. Service providers operating in a particular region divide the entire region into smaller
area called cells.

The cellular communication system consists of three components: the handheld device, the
transceiver within a cell, and the mobile telephone switching office (MTSO). The service
provider places an antenna at the center of the cell. The transmission and reception pattern of
the antenna, also called antenna pattern or footprint, is such that it covers the entire cell.

Electronic Commerce Page 107

 Srinivas Institute of Management Studies BCA - IV Sem

In a wired internet environment, FTP, HTTP, SMTP and other protocols are used for
exchanging multimedia contents consisting of text, graphics, audio and video data, whereas in
wireless devices like digital mobile phone, the Wireless Access Protocol (WAP) is the most
commonly used standard for exchanging multimedia content and information services between
wireless mobile devices. WML (Wireless Markup Language) is the language used to create
the pages in a WAP browser. WAP is the bridge that assists in developing technology
independent access to the internet and telephony services from wireless devices.

10.4.2 Security and Encryption

In the mobile commerce environment, since the information is made available through the
WAP gateway or through iMode, the information source security depends upon the security
provided by the appropriate gateway protocols. In case of WAP gateways, the Wireless
Transport Layer Security (WTLS) implements the information source security to block
unauthorized access and modification of information content.

The second issue of securing the transaction carried out between the information server and
the mobile user requires addressing of several security and confidentiality related issues that
are present in the case of wired electronic commerce as well. Obviously, in order to build trust
amongst mobile device users to carry business transactions through the mobile devices in an
open, wireless, universally accessible environment, it is important that the security of the
transaction is ensured. The four fundamental issues that need to be addressed to create a
trustworthy business environment are the following:
1. Authentication
2. Non-repudiation
3. Integrity
4. Confidentiality

Encryption techniques such as shared/ symmetric key as well as the public/private key pair
based encryption techniques along with the pubic key infrastructure (PKI) supported digital
certificates, have been used for addressing transaction security issues in electronic commerce.
Mobile commerce operates through wireless devices over broadcast-based radio transmission
or other wireless networks. The additional weaknesses, emanating due to the wireless network
environment, become a source of attack on transaction security by unwanted intruders.

Authentication: In a mobile environment, during the transaction itself the mobile device user
may change its location, resulting in change of IP address; in case of an IP based network or
handling base station identity change may be in case of phone-based connections. In case of
the phone-based connection, the mobile user location change in addition to resulting, in
handling base-station identity change, may also result in loss of connection as the use may
move out of the coverage area. Thus, authentication in the mobile commerce requires more
involved protocols that address the issues raised here.

The Wi-Pi Protection Access (WPA) Security specification has been developed for mobile
commerce systems and gradually many networks have adopted it. The WPA specification
describes the protocol for user authentication. There are several extensible authentication

Electronic Commerce Page 108

 Srinivas Institute of Management Studies BCA - IV Sem

protocols (EAP) such as Transport Layer Security (TLS), Tunneled Transport Layer Security
(TTLS), Protected Extensible Authentication Protocol (PEAP), and Extensible Authentication
Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST) for mobile networks,
which prevent unauthenticated or unauthorized access and rogue access point creation in the
wireless network.

Integrity and Reliability: The fading of the signal in a radio-based transmission and
interference from the other transmission sources and noise are common phenomenon. In the
wireless environment, the content of the message may often be lost due to the above
phenomenon. Thus, the integrity of the message may be lost quite frequently due to intended
as in case of active intruder or through the interference and unreliability of the transmission
network. The mobile nature of the device will lead to frequent location changes of the client,
due to which often messages may arrive from different locations; the problem may further be
compounded due to dropped calls. In a wired network users have come to rely on the
consistency of their transactions, that is, once the transaction is committed its impact will be
complete and final and in case of abortion, or partially computation, and transaction
abandonment, the impact will not be seen. In case of dropped calls, the mobile user is left in
lurch about the status of the transaction as he/she may not know the commitment status of the
transaction. The call hand-offs from one handling station to another also may lead to unreliable
states at times. The mobile commerce environment had to address these issues as well in order
to establish a trustworthy business environment. The Temporal Key Integrity Protocol (TKIP)
and Message Integrity Check (MIC) protocols have been developed for ensuring integrity and
validation of data.

Confidentiality: Wireless networks transmit radio signal through the air, making it possible
for anyone and everyone to access, record, or intercept them. Thus, any message transmitted
in the clear can be easily intercepted and interpreted by any intruder. Therefore, encryption of
all the transmission is of paramount importance not only for the actual transaction but also for
common information exchange in order to ensure privacy. Encryption and decryption is a
computation intensive process. Mobile devices have limited computing, processing, and
memory power and, thus encryption and decryption of every message puts a demand on
already limited resources. Based on the power of the currently available devices, it is not
possible to support encryption standards higher than the 256 bits.

10.4.3 Mobile Commerce Payment Systems

Online payment is fundamental to the acceptance of mobile commerce as a viable alternative.

It is a mechanism that facilitates an online financial exchange between concerned parties. In

Electronic Commerce Page 109

 Srinivas Institute of Management Studies BCA - IV Sem

the expanded scenario of mobile commerce with geographically dispersed retail buyers and
suppliers unknown to each other, mechanisms based upon limited number of well-known
participants do not have flexibility to scale-up to the emerging electronic markets. Several
scalable and flexible mobile payment mechanisms have emerged, which essentially imitate
traditional payment mechanisms, such as cash, checks and credit cards. Electronic payment
mechanisms represent currency in the form of digital bits and require the security and
encryption mechanism to ensure that the information cannot be duplicated, re-used or
counterfeited, yet they need to be freely exchanged.

Some of the factors that are essential of newer payment systems are:

Simplicity and Usability: Obviously, friendly user interface is an important factor in adoption
of any service. The availability of a wide range of goods and services, geographical availability
of the service and reliable and effective delivery of goods are other important factors that make
a payment system usable and simple. The low barrier to learning and adoption of payment
system and ease of use/ convenience to the consumer, personalization of the service makes it
possible to integrate any system in to daily payment activities.

Universality: A single integrated platform of payment service that can satisfy the need any
systems in of person-to-person (P2P), business-to-consumer (B2C), and business-to-business
(B2B) payments in geographically spread out markets that are domestic, regional and global.

Interoperability: In any financial payment system, the user should be ensured of

interoperability amongst the multiple payment systems, as the world is going to remain
heterogeneous in nature and many modes of payments may remain in existence.
The objective of achieving Interoperability is often conflicting. Standardization and
interoperable protocols for interconnection of networks and systems have made this a
technically easy and cost-effective problem to be addressed.

Security, Trust, and Privacy: Trust is the most important aspect of any payment system.
Anyone adopting mobile payment mechanism is expected to place inherent trust in the system
by granting access to personal bank accounts to the software owned and operated by a
nonbanking company. The trust can be build by technology-based assurance against fraud and
other security issues. Unless, users are assured that the mobile payment system follows tried,
tested and true secure banking practices, it is unlikely that users will adopt it. The user should
also have option to assure the privacy while making payments.

Cross-Border Payments: In the emerging global market place, a good payment system that
is likely to find a wider adoption is one in which it is possible to make cross-border payments
almost as easily as local payments. The user should be able to make multicurrency crossborder
payments irrespective of his own location.

Cost Effective: The mobile payment system should be cost effective compared to the existing
payment systems. Since the cost of per payment transaction is dependent on the overheads,
infrastructure, and operational cost, the technology and economy of scale are important factors.

Electronic Commerce Page 110

 Srinivas Institute of Management Studies BCA - IV Sem

Also, the cost of fraud is indirectly passed on to the per transaction costs a system that can
minimize fraud can also reduce cost.

Speed: Mobile and technology savvy users are looking for speed of transaction. A mobile
payment method should decrease transaction time and automate transactions.

Mobile Payment Models

The mobile payment models can be classified in one of the following categories. But, in the
long term the successful implementation of a model will be a hybrid of these, which requires
the cooperation and coexistence of the main players.

Acquirer-Centric Models: In the acquirer-centric model all the interactions with the mobile
devices are handled by the merchant or his/her agent. The models require specific protocols
and certain minimum level of capabilities in the mobile devices of the users. The dual chip or
dual slot based payment system typically fall in this category.

Issuer-Centric Models: In issuer-centric models the issuer and the customer who is using the
mobile device interacts directly or through agents and handles the whole process. The merchant
is not concerned about the processes being followed at the issuers end for processing a
payment. The existing electronic payment protocols operating on the wired infrastructure are
usually deployed for transferring and processing payment from the issuer to the merchant.
Essentially, the interaction between the customer and the issuer use the mobile payment
mechanism. The customer operating the mobile device drives the interaction processes.

Mobile Network Operator Centric: Mobile network operators have the billing system to
manage customers' phone accounts with them. The billing systems of mobile network
operators had been designed for billing mobiles services such as calls and messaging services,
utilized by the subscribers. With the introduction of data services where the content may be
offered by the third party, billing systems of mobile network operators have become more
sophisticated to in order to take care of billings related to the data services utilization and
collection of the payment for third party services, in case the third party content was being
offered as an integrated service by the mobile network operator. Thus, the pre-paid mechanism
can be extended to deduct the charges for integrated and partner third party services, in addition
to the call related services of the mobile network operator.

Therefore, in the mobile network operator centric model the mobile network operator performs
the billing either on the pre-paid user account or through the phone bill for their post paid users.
Revenue-sharing arrangement among multiple mobile network operators and third party
content providers are becoming common in order to broaden the their customer base.

10.4.4 Infrastructure, Legal framework and Network/Protocol Standards

Electronic Commerce Page 111

 Srinivas Institute of Management Studies BCA - IV Sem

Earlier access to the ecommerce activities like sales, purchase and auctioning was limited to
those users who had the wired internet connection and operated from fixed locations in their
houses or offices. The emergence of wireless networks further enhanced the reach of online
access and users were able to reach out to the global digital marketplace on internet, while on
the move. As mobile telephony began to mature and acquire data transmission and reception
capabilities, access to online information was no longer limited to the wireless Internet. As
mobile users across the globe have been growing at an astonishing pace, mobile telephony
infrastructure came up with 2.5G and 3G capabilities, which provided viable data rates for
transactions to be carried out over mobile phone networks.

Digital markets require technology transparency and uniform access across information
sources. With the standardization of TCP/IP network protocols like FTP and HTTP along with
other related information access, distribution and delivery protocols, electronic commerce was
able to address infrastructural issues. Various competing mobile network operators have built
the infrastructure around competing technologies. Even within the infrastructure of the single
mobile operator several generations of technologies may exist. Thus the mobile commerce
requires standard mechanism or protocols that make seamless access across technologies and
generations possible. Standards and protocols, such as the Wireless Access Protocol and
iMode, have addressed the gap in this area. The wider adoption of interoperable standards is
needed for making mobile commerce a barrier-less marketplace.

In addition to the standards for network and information access and distribution protocols, the
technology framework for offering secure, authenticated transaction and its legal protection,
and an open competitive market for mobile network access is important for the growth of the
marketplace. Under the current policy guided by the Telecom Regulatory Authority, today an
Indian consumer has the choice of opting for a multiple mobile connectivity through at least 4
mobile network operators in a single zone. Several major mobile network operators have
established networks nationwide, namely, BSNL, Bharati, BPL, Airtel, TATA Telecom,
Reliance and HFCL, who have become prominent players in the mobile network operations.

To provide the legal framework to electronic commerce transactions, the General Assembly of
the United Nations adopted a Model Law on Electronic Commerce in 1997. The Information
Technology Act 2000, based on the Model Law, forms the legal framework of electronic
commerce in India. The IT Act 2000 provides for the office of Controller of Certification
Authorities (CCA) responsible for setting up the Public Key Infrastructure (PKI) in India
through certifying authorities. The IT Act defines the concept of an electronic record as that
which can be used as a substitute for paper records. The emergence of mobile commerce has
given rise to several issues related to the nature of transactions conducted over the wireless
network, mainly due to computing capabilities available in the client (handheld) devices.
Several important lighter weight, card-based authentication mechanisms have been proposed
and deployed in the mobile commerce arena. This means that the IT ACT 2000 may require
certain modifications to expand its scope to include some of these new emerging technologies.
Finally, as of today most of elements described in the framework are in operation, but are still
evolving with advances in the technology and business requirements. As a result, the mobile
commerce applications for conducting business to consumer (B2C) and business to business

Electronic Commerce Page 112

 Srinivas Institute of Management Studies BCA - IV Sem

(B2B) transactions have evolved. These businesses have been based on various business
models, some transplanted from the traditional world, others born as a result of technology.

10.4.5 Mobile Commerce Revenue Streams

With the growth in the number of mobile users with data access, several sources of revenue
streams have become possible. Some of the important revenue streams that are possible in the
mobile commerce value chain are as follows:

1. Mobile Connect-time Communications - Subscription to the mobile basic connectivity

services, short messaging services, and other add-ons come at a charge. Also, the charges
accrue with the extent of usage of the particular service as well.

2. Mobile Equipment and Device Providers - Mobile infrastructure builder and equipment
providers operating the network and manufacturing handheld devices are major source of
revenue generation in the mobile commerce economy. As more and more digital applications
grow on the network, the corresponding equipment and device market also becomes
sophisticated and grows with more users and traffic coming in.

3. Value-Added Services - Subscriptions to specific services such as news headlines, sports

score, entertainment related information, downloading of ring-tones, bill payments, stock
market ticker information, and notification services are some the services that are often
provided through mobile services. These services may themselves come at a charge and they
also increase the network traffic, thus increasing the operators’ revenue.

4. Mobile Application Developers - Early adopters of mobile technology and its

applications had to develop their own application services and incurred heavy expenses.
Generic mobile applications have appeared in the marketplace as larger numbers of businesses
are adopting mobile commerce. IBM, Microsoft and Oracle already provide mobile
applications software. Many other applications for the vertical markets have also emerged.

5. Mobile Commerce Applications Service Providers (MASP) - The evolution in

information technology and wireless networks is quite swift, making it difficult for even best
of businesses to keep up with the rapid changes. MASPs are the new intermediaries that
quickly enable mobile commerce in these businesses and help them, in keeping up with the
evolution. A MASP free corporate clients by hosting their content using its own infrastructure
and offers, anytime anywhere access.

6. Portals - A portal in this context usually refers to web sites that serve as entry points for
accessing the content and services available on the Internet. Portals aggregate a large number
of users and content providers. In the context of mobile commerce, a portal is also an entry
point that has been optimized for mobile access. A mobile portal, like its counterpart the
Internet portals, act as a gateway to content and transaction-based services. It provides services
like content creation, content aggregation and content distribution.

Electronic Commerce Page 113

 Srinivas Institute of Management Studies BCA - IV Sem

10.4.6 Mobile Commerce Applications

As a result of the potential offered by revenue streams several prominent mobile commerce
applications have been deployed. Some of these applications are given below:

Mobile Advertising: Advertising has become a major source of revenue for most of the portals
through banners and other search specific targeted advertising capability. Mobile infrastructure
and access has grown at a faster pace than the Internet and has created a huge market space for
advertisements. The mobile market space displays advertisements not only based on the
information available with the wireless service providers but also based on the current location
of the user. Thus, an advertisement placed on the mobile devices can be made location-specific.
The advertisement can update users about the various activities and discounts available to the
user in the surrounding area of the current location of the user.

Mobile Auctions: With the growth of eBay, OLX and Baazee, the popularity of auctions over
the internet has already been proven. Mobile devices further increase the reach of electronic
auction markets. A user on the move can access specific auction site, make a bid, monitor bids,
or even, on set alarm to get an SMS as and when he/ she has been outbid in order to take a
timely action on the bidding process.

Mobile Entertainment: Today, mobile devices are capable of playing audio, video, games
etc, but are not capable of storing a huge library due to limitations in memory and storage
capacity. Businesses using applications that offer entertainment services such as these on a
pay-per-event, pay-per-download, or on subscription basis can cater to a vast number of users
who carry mobile devices today and are willing to pay for such services. Mobile device users
can subscribe to entertainment libraries. Subscribers these libraries can search for songs, video
clips, or games and download them in the device memory for playing.

Mobile Financial Services: In addition to accessing banking services, stock market and other
financial information from mobile devices, some applications have been developed to make
the mobile device suitable for the payment purposes. The micro-payments through mobile
devices is the newest application, where the mobile device is able to communicate with
automatic dispensing & vending machines using the wireless network in order to purchase an
item stocked by the vending machine. Payment is made through the mobile device to the
vending machine and on receiving the payment the machine dispenses the product.

Location and Search Service: The Internet increased the market access of customers by
making it possible for them to search for a product, service or a person based upon the
specifications and attributes that they are looking for. The search of the product, service or a
person is global in nature. A consumer interested in buying a digital camera within a certain
price range with specifications could locate its website all over the world. Some other
consumers may like to collect the information and search the product through the Internet, but
would like to visit the show room to experience the product before purchasing it. In all these
cases, it is important that the location and search service should be able to point to providers
who offer the product or service in the city of the mobile user's current location.

Electronic Commerce Page 114

 Srinivas Institute of Management Studies BCA - IV Sem

Mobile devices can be also used for getting the directions to restaurants, movie complexes, and
other addresses while on the move. The map and directory services offered by Google and
Yahoo! between any two points can be delivered to the mobile device itself. The location of
the mobile device provided by wireless network operators can be used as the source location.

10.5 Assignment Questions

1. What is mobile commerce? (2 marks)

2. Explain the advantages of mobile commerce over traditional e-commerce. (5 or 6 marks)
3. List and explain the major impediments faced by the mobile commerce environment. (5 or
6 marks)
4. Explain the architectural framework of m-commerce with a neat diagram. (6 to 10 marks)
5. Discuss the role of wireless network architecture in the m-commerce activities. (5 or 6
marks)
6. How do you provide security to the data in an m-commerce environment? (5 or 6 marks)
7. What are the online payment issues in mobile commerce? (5 or 6 marks)
8. Which are the different types of payment models used in m-commerce? (4 to 6 marks)
9. What are the important revenue streams in developing business in m-commerce? (4 or 5
marks)
10. Explain the different applications of m-commerce. (5 or 6 marks)

CHAPTER – 11

Supply Chain Management (SCM) – Value Added Chapter

11.1 Definition of SCM

Supply chain is the entire process of accepting a customer order through to the delivery to the
customer inclusive of supply procurement and production of the product. A supply chain is a
collection of inter-dependent steps, when thoroughly followed gives rise to a certain objective
as meeting customer requirements. SCM is a generic term, encompassing
• The coordination of order generation
• Order taking
• Offer fulfillment/distribution of products, services or information.

Mostly independent firms and customers are involved in a supply chain such as component /
part suppliers, parcel shippers, senders, receivers, wholesalers, retailer etc. Supply chain is
simply the combination of tasks wherein any company would like move services or products
from suppliers to customers. Eg., Software selling company with a tractor manufacturer. It has
different categories like Physical supply chains and Vertical supply chains the former type

Electronic Commerce Page 115

 Srinivas Institute of Management Studies BCA - IV Sem

physical product moves through an organization and in the latter case no physical product
moves (no inventory, but website connect, buyers and sellers)

Supply chain management (SCM) is integrating management practices and information

technology to optimize information and production flows among the processes and business
partners within a supply chain. SCM is a management concept that integrates the management
of supply chain process.

Supply chain management (SCM) focuses more on those tasks that add real value to the product
and at the same time results in maximum profits to the firm by leaving everything on the
shoulders of the suppliers. In fact, the big companies would force the vendors to supply better
designed products to them, which they themselves would not have designed, if they had taken
the design themselves.

Supply chain management is a generic term that encompasses the coordination of order
generation, order taking, and order fulfillment of distribution of products, services, or
information.

11.2 Benefits and Goals of SCM

Electronic Commerce Page 116

 Srinivas Institute of Management Studies BCA - IV Sem

Benefits of SCM

Electronic Commerce Page 117

 Srinivas Institute of Management Studies BCA - IV Sem

Get the right product at the right place at the least cost.
Keeps inventory as low as possible and still offer superior customer service.
Reduce cycle times supply chain management seeks to simplify and accelerate operations
that deal with how customer orders are processed through the system and ultimately filled
as well as how raw materials are required and delivered for manufacturing process.

Goals of SCM

To cut costs.
To increase profits
Improve Performance in relationships with customers and suppliers.
Develop value added services that give a company a competitive edge.

11.3 Functions of SCM

Supplier Inventory Distribution

Management Management Management

Supply Chain Sales force

Management Productivity

Financial Payment Channel

Management Management Management

Fig 11.1 Functions of SCM

Goals of Supplier Management:

 To reduce the number of inefficient suppliers.
 Get some of them to become partners in business.
Benefits of Supplier Management :
 Reduced purchase order (PO) processing costs.
 Increase number of POs processed by fewer employees.
 Reduced order processing cycle times.

Goal of Inventory Management:

 Shorten the order-ship-bill cycle.
Benefits of Inventory Management:
 When a majority of partners are electronically linked, information faxed or mailed
past can now be sent immediately.
Electronic Commerce Page 118
 Srinivas Institute of Management Studies BCA - IV Sem

 Documents can be tracked to ensure they were received

 Reduction of inventory levels, improve inventory turns, eliminate out-of-stock.

• Goals of Distribution Management:

 To move documents related to shipping (bills of lading, POs, advanced ship notices
and manifest claims).
• Benefits of Distribution Management:
 Paper work that typically took days to cycle in the past is now fast with more accurate
data allowing improved resources planning.

• Goals of Channel Management:

 To quickly disseminate information about changing operational conditions to trading
partners.
• Benefits of Channel Management:
 Technical, product & pricing information, repeated telephone calls and innumerable
number of labor hours. Instead, electronic bulletin boards are used allowing instant
access. Electronically linking production with international distributor and reseller
networks eliminates thousands of labor hours per week in the process.

• Goals of Payment management:

 To link the company and the suppliers and distributors so that payments can be sent
and received electronically.
• Benefits of Payment Management:
 Increases the speed at which companies can compute invoices.
 Clerical errors get reduced.
 Lowers transaction fees and costs.
 Increasing the number of invoices processed (productivity)

11.4 Strategies of SCM

These are four aspects worth considering in SCM.

• Strategy 1:
Prepare the firm to continuously reconfigure the supply chain on the basis of internal and
external factors that influence the company. Hence strategies are bound to vary for different
companies in different industries which depend on the stage whether it is early stage or growth
stage or the mature stage of the companies, where they are placed.

• Strategy 2:
This is related to the customization of the product. Here SCM plays a very important role to
deliver wide range of products catering to a large and varied type of customers at minimum
cost and at the same time not sacrificing the quality of the products.

• Strategy 3:

Electronic Commerce Page 119

 Srinivas Institute of Management Studies BCA - IV Sem

Concentrating on the business deals between the purchasers and suppliers, in a dynamic market
environment, there can not by any long term relationships, and it is only the competition that
would decide who is the seller and who has to buy.

• Strategy 4:
SCM very much depends on the communication flow from the customer's end to the company
to ensure that the specifications of the customers or the customers’ ultimate needs are met by
the various links in the supply chain.

BCACAC 263

Credit Based Second Semester B.C.A. Degree Examination, April/may 2015

(New Syllabus) (2012-13 Batch Onwards) E-Commerce

Time: 3 Hours Max. Marks : 80

Note: Answer any ten questions from Part-A and one full question from each Unit of Part-B

PART-A
1
a) Define B2B E-commerce. Give an example. 10*2=20
b) What is freeware model?
c) Give any two benefits of EDI.
d) Give the general formal of URL.
e) What are the services of FTP?
f) What is sniffing?
g) Give any two drawbacks of ring topology.
h) Expand: 1) ARP 2) IPOP
i) What is digital signature?
j) What is Micro payment?
k) What is WPA?
l) What is E-cash?

PART-B

UNIT-I
2
a) Explain C2B and C2C E-Commerce.
b) Explain Digital Products Merchants Model.
c) Explain benefits of E-commerce. (5+5+5)

Electronic Commerce Page 120

 Srinivas Institute of Management Studies BCA - IV Sem

3
a) Explain different phases of E-commerce market elements.
b) Explain any two applications of E-Commerce.
c) Explain electronic store model. (5+5+5)

UNIT-II
4
a) Briefly explain interconnection layer of EDI system.
b) Explain interaction in HTTP session with diagram.
c) Write a note on Value Added Network (5+6+4)

5
a) Explain benefits of EDI.
b) Briefly explain the framework of e-Commerce with a neat diagram.
c) Explain WWW server. (5+6+4)

UNIT-III
6
a) Explain 10 Base T (Twisted pair) with diagram.
b) What is spoofing? Explain any two types of spoofing.
c) Write a note on twisted pair cable. (6+5+4)

7
a) Explain Domain name system.
b) Explain 10 Base 5 (Thick coaxial cable)
c) Write a note on fibre optic cable. (5+6+4)

UNIT-IV
8
a) What are the different issues of network transaction security?
b) Explain public key cryptosystem.
c) Explain impediments in mobile network. (5+5+5)

9
a) Explain the different network security services to ensure the security.
b) Write a note on 3G network.
c) Write a note on Mondex. (5+5+5)

Electronic Commerce Page 121

 Srinivas Institute of Management Studies BCA - IV Sem

Electronic Commerce Page 122

 Srinivas Institute of Management Studies BCA - IV Sem

Electronic Commerce Page 123

 Srinivas Institute of Management Studies BCA - IV Sem

Electronic Commerce Page 124