Module-1

Introduction of E-Commerce
History of e-commerce
 In 1968 e-commerce got its start through an electronic
data interface which allowed companies the ability to
complete transaction with each others.

 In 1984, one standard called ASCX12 was introduced

for more reliability of data.

 In 1992, Netscape introduced an internet browser that

allowed for point and click capabilities.
Major Component of e-commerce
 Web browser: A software program that allow
people to access the WWW ex-Internet
explorer and Netscape navigator
 Web server: It is the special computers that

store and delivers web pages.

 Transaction Manager: Electronic money
exchanges including via credit cards,
electronic checks, smart card, digital cash .
 Standards: It means to ensure security,

reliability.
Types of E-commerce
 Business to Business (B2B)
 Business to Consumer (B2C)
 Consumer to Business (C2B)
 Consumer to Consumer (C2C)
 Business to Government (B2G)
CONSUMER-TO-BUSINESS(C2B)
 Consumer-to-business (C2B) is a business model where an end
user or consumer makes a product or service that an organization
uses to complete a business process or gain competitive advantage.
 The C2B methodology completely transposes the traditional
business-to-consumer (B2C) model, where a business produces
services and products for consumer consumption.
 In C2B, the companies typically pay for the product or service.
However, it can assume different forms like an idea generated by
an individual (like an innovative business practice) which may be
used and implemented by an organization. 
Security
 E-commerce security refers to the principles
which guide safe electronic transactions,
allowing the buying and selling of goods and
services through the Internet, but with
protocols in place to provide safety for those
involved.
 A weak link in the chain can provide an

opening for a security breach.

Components of Security
 Integrity: sender and receiver want to make sure that the
message are not altered without detection
 No repudiation: prevention against any one party from reneging
on an agreement after the fact
 Authenticity: sender and receiver want to confirm the identity of
each other
 Confidentiality: only sender, intended receiver should
understand message contents;
 Sender encrypts the message
 Receiver decrypts the message.
 Privacy: provision of data control and disclosure
 Availability: prevention against data delays or removal
Features of Security
 Authentication- It verifies the authenticity of the
person logging into the account.

 Authorization- Allows only the authorized

people to manipulate resources in specific ways.

 Encryption- Deals with information hiding.

 Auditing- Merchants use auditing to prove that

a customer bought a specific merchandise.
Security threat in E-commerce
 In e-commerce there are three types of parties. Each party has
to face some kind of threats. The classification is given below:

 Threat to Client
 Threat to Server
 Threat to Communications Channel
Threat to Client
Client threats mostly arise from malicious data or code, malicious code
refers to viruses, worms, Trojan horses & deviant.

 Virus- A computer virus is a program or piece of code that is loaded onto

your computer without your knowledge & runs against your wishes. Virus
can also replicate themselves.

 Trojan House- A program that performs a desired task but also performs
unexpected function.

 Worms - It is a self-replicating program that a self continued & does not

need any host program to execute. Clients must scan for malicious data &
executable program fragment that are transferred from the server to the
client.
Server Threat

Server threat is mostly arises from three things which

are given below:
 Unauthorized eavesdropping
 Denial of services(Dos)
 Modification of incoming data packets
Contd…
 Unauthorized eavesdropping- Watching data or
information as it travels through the internet. Hackers can
use to trap username & unencrypted password sent over
that network.
 Denial of services- A denial of service attack is an effort

to make one or more computer system unavailable. It is

typically targeted at web servers but it can also be used on
mail server, name servers & any other type of computer
system.
The 2 most common types of these attacks are:-
 Service overloading
 Message overloading
Contd…
 Modification of incoming data packets- It is an
integrity threats that involve modifying a message
packet or destroyed the message packet. In many cases,
packet information not only be modified, but its
contents may be destroyed before legitimate users can
see them.
Communication Channel Threat
Messages on the internet travel a random path from a source code to a
destination code. It passes through a number of intermediate computers on
the network before reaching the final destination. It classified into three
categories: Confidentiality threat, Integrity threat, Availability threats.

 Confidentiality threat- It is the prevention of unauthorized information

disclosure. Breaching confidentiality on the internet is not difficult.

 Integrity threat
◦ Integrity means you will get the same response every time.
◦ An integrity threat presents when an unauthorized party can alter the
message stream of information.
◦ Unprotected payment transactions are come in integrity threat. Example-
Cyber vandalism
Contd…
 Availability threats- Every system has defined
availability. It is also known as denial and delay
threat. It bringing down the availability of the system.
Example- ATM/IRCTC
Encryption
 Encryption is the process of converting data to an
unrecognizable or encrypted form. In generic term it
refer to act of encoding data, so that those data can be
securely transmitted via the internet.
 The purpose of converting data that only authorized

person can view it.

Elements of Encryption
 Encryption algorithm
 Encryption keys
 Keys length
 Plain text
 Cipher text
Types of Encryption
 Secret-Key Encryption
 Public-Key Encryption
Secret-Key Encryption

 It is also known as symmetric or private key

encryption.

 In this encryption one key is used for both

encrypting and decrypting the data.

 The best known secret key algorithm is DES

(Defense’s Data Encryption Standard).
Elements of Secret-Key Encryption

 Plaintext
 Encryption algorithm
 Secret key
 Cipher text
 Decryption algorithm
Advantage of Secret Key Encryption
 It is extremely secure.
 Encrypting and decrypting the data from secret key is

relatively easy.
 In this system only secret key can decrypt the message.
Disadvantage of Secret Key
Encryption
 It cannot provide digital signature that can be
repudiated.
 The only secure way of exchanging keys would be

exchanging them personally.

 The secret key is to be transmitted to the receiving

system before the message to be transmitted.

Public Key Encryption
 It is also known as asymmetric encryption. It uses two
keys, one key to encrypt the message and a different
key for decrypt the data.
 In this encryption pairs of key is used, one is public key

and another private key.

 In this private key must be kept confidential.
 The best known public key algorithm is RSA(Rivest

Shamir Adleman).
Elements of Public Key Encryption
 Plaintext
 Encryption algorithm
 Public and private key
 Cipher text
 Decryption algorithm
Advantage of Public Key Encryption
 Only one part must be kept secret.
 It can serve as a digital signature.
 The pair of keys can be used with any other entity.
 There is no need for initial key exchange.
Disadvantage of Public Key
Encryption
 It is not efficient for long message.
 Keys must be long (at least 1024 bits).
 Slow do the enormous amount of computation

involved.
 Association between an entity and its public key must

be verified.
Digital Signature
 A digital signature is an electronic rather than a written
signature that can be used by someone to authenticate
the identity of the sender of the message or of the
signer of a document.
 It is also referred as electronic signature or e- signature.
 It is used to validate the authenticity and integrity of

message.
 It confirms that the information originated from the

signer and has not been altered.

Significance of Digital Signature
 It can be used to ensure that the original content of the
message has been conveyed.
 It is easily transportable.
 It can not be repudiated by the originator.
 It is automatically time-stamped.
Purpose of Digital Signature
 Authenticity- It refers to positively establishing an
individual’s identity in an electronic transaction.
 Data Integrity- It refers to ensuring that data is in its

original form and it not tampered/ altered in any

form.
 Non-repudiation- An entity that has signed some

information cannot at a later time deny having signed

it.
Advantage of Digital Signature
 Speed
 Cost
 Security
 Authenticity
 Non-Repudiation
Disadvantages of Digital Signature
 Institutional overhead
 Expiry
 Compatibility
Digital Certificate
 It is a certificate issued by the CA to verify the identity of the
certificate holder.
 It actually uses a digital signature to attach a public key with
a particular entity.
 Digital certificates authenticates the web credentials of the
sender. Similar to identification cards such as passports and
drivers licenses. Digital certificates are issued by recognized
(government) authorities. When someone requests a
certificate, the authority verifies the identity of the requester,
certifies that the requester meets all requirements to receive
the certificate, and then issues it.
Contd…
A digital certificate contains the following information:
 A serial number
 Organization identified by the certificate
 Algorithm that is used to create the signature
 A CA that verifies the information in the certificate
 Expiry date
Advantage of Digital Certificate
 It is used as an attachment to an electronic mail
message for security purpose and to verify the
authenticity of the senders.
 Restricting access to a department web site or set of

pages.
 It enables encryption of sensitive information on e-

commerce sites.
 Digital certificate negate the increasing perils and

threats of online fraud and identity theft.

Disadvantage of Digital Certificate
 It always come with a expiry time.
 The certificate revocation process is costly.
 Difference Between Digital Signature
and Digital Certificate
Digital Signature Digital Certificate

A digital signature is to ensure that A certificate binds a digital

a data/information remain secure signature to an entity.
from the point it was issued.
Digital signatures are used to verify Digital certificates are used to
the trustworthiness of the data verify the trustworthiness of a
being sent. person (sender).
These are issued primary for These are issued mainly for entities.
individual.
Cryptography

 Cryptography or cryptology is the practice and study of

techniques for secure communication in the presence of third
parties called adversaries.
 Cryptography is a method of protecting information and
communications through the use of codes so that only those
for whom the information is intended can read and process it.
 In computer science, cryptography refers to secure
information and communication techniques derived from
mathematical concepts and a set of rule-based calculations
called algorithms to transform messages in ways that are hard
to decipher.
Objectives of Cryptography
 Authentication: The sender and receiver can confirm each
other's identity and the origin/destination of the
information.
 Integrity: The information cannot be altered in storage or
transit between sender and intended receiver without the
alteration being detected.
 Non-repudiation: The creator/sender of the information
cannot deny at a later stage his or her intentions in the
creation or transmission of the information.
 Confidentiality: The information cannot be understood by
anyone for whom it was unintended
Types of Cryptography
 Secret Key Cryptography- Use a single key for both encryption
and decryption.

 Public Key Cryptography- Use one key for encryption and

another key for decryption.

 Hash Function- It is known as message digests or one –way

encryption, are algorithms that, in essence, use no key. Instead, a
fixed-length hash value is computed based upon the plaintext
that makes it impossible for either the contents or length of the
plaintext to be recovered. Normally it is used to ensure that the
file has not been altered. It is also used for passwords encryption.
Differences between Cryptography vs. Encryption

Cryptography is the study of concepts Encryption is the process of encoding

like Encryption, decryption, used to a message with an algorithm.
provide secure communication.
Cryptography can be considered as a Encryption is more of a mathematical
field of study, which encompasses a and algorithmic in nature.
whole lot of techniques and
technologies.
Cryptography, being a field of study Encryption is one of the aspects of
has broader categories and ranges, Cryptography can encode
encryption is one such technique. communication process efficiently.
Cryptography involves two major Encryption is a process of
components called Encryption and safeguarding an information to
Decryption. prevent unauthorized and illegal
usage.
 Secure Socket Layer
 It was designed by NETSCAPE for secure client–server communication over the
internet.
 It is the method of providing security for web based application.

 It uses public key cryptography and digital certificate in such a way that client
and server can authenticate each other and engage in secure communication.

 In the initial phase client and server select a key crypto scheme to use. Client then
sends the secret key to server using the server public key from the server
certificate. To see that information exchange between client and server being
encrypted.
 In order for SSL connection to be made it is mandatory to have a digital
certificate installed on the web server.

 SSL implementation is easier as it can be plugged at the socket layer. There is no

impact on application layer.
Significance of Secure Socket Layer
 SSL should be used to establish a secure connection between
two parties.
 Independent programmers can make a secure connection
without the knowledge of one another code.

 SSL seeks to provide a framework into which new public key

and bulk encryption methods can be incorporated as
necessary.

 Cryptographic operation tends to be highly CPU intensive,

particularly public key operation.
Secure Socket Layer Protocol
 It is a security protocol that provides communication privacy over the
internet.
 It allows client and server application to communicate in such a way that
is designed to prevent eavesdropping, tampering and message forgery.
 It is developed by Netscape for transmitting private documents via the
internet.
 SSL is a transparent protocol which requires little interaction from the
end user when establishing a secure session.
 SSL protocol includes two sub-protocols:
 SSL handshake protocol- it comes into pictures when client and server
want to establishing secure connection.
 SSL record protocol- it is mainly used when data transaction take place.
Benefits of Secure Socket Layer
 Authentication
 Message privacy
 Message integrity
 Increasing business
Uses of SSL
It is mainly used to secure:
 Online credit card transaction
 System login and sensitive information exchanged

online
 E-mail exchanges
 Transfer of files
 Remote login
Smart Card
 A smart card is a device with the dimensions of a credit card
that uses a small microchip to store and process data. In many
cases, smart cards have replaced old magnetic cards because
they can handle more information and provide more
functionality. Smart cards are now in use in many industries,
including retail, transit systems and security services.
 It is plastic card with embedded microprocessor chip,
electronic memory and a battery.
 It is used for information storage, authentication and payment
mechanism.
Features
 Small plastic card embedded with an IC chip.
 Chip can be either a memory or microprocessor type.
 Useful for storing and transacting data.
 Data is associated with either value, information or both.
Types of Smart Card
 Contact smart cards are the most common type of smart card. Contact
smart cards are inserted into a smart card reader that has a direct
connection to a conductive contact plate on the surface of the card.

 Contactless smart cards require only close proximity to a card reader to

be read; no direct contact is necessary for the card to function. The card
and the reader are both equipped with antennae and communicate using
radio frequencies over the contactless link. A contactless smart card
functions by being put near the reader to be read.

 Dual-interface cards are equipped with both contactless and contact

interfaces. This type of card enables secure access to the smart card's
chip with either the contactless or contact smart card interfaces.
 Hybrid smart cards contain more than one smart card technology. For
example, a hybrid smart card might have one embedded processor chip
that is accessed through a contact reader as well as an RFID-enabled chip
used for proximity connection. The two different chips may be used for
different applications linked to a single smart card, as when the proximity
chip is used for physical access to restricted areas while the contact smart
card chip is used for single sign-on authentication.

 Memory smart cards contain memory chips can only store, read and
write data to the chip; the data on memory smart cards can be over-written
or modified, but the card itself is not programmable so data can't be
processed or modified programmatically. Memory smart cards can be read-
only and used to store data such as a PIN, password or public key; they can
also be read-write and used to write or update user data.
 Microprocessor smart cards are cards with a
microprocessor and memory.
 This smart card contains a small microchip that can
process and store thousands of bits of electronic data. 
 This type of chip is similar to those found inside all
personal computers and when implanted in a smart card,
manages data in organized file structures, via a card
operating system (COS).
Examples of Smart Card
 Transit cards can be used by local and regional transit systems to
process payments as well as give riders points on their
purchases( Metro card).
 Smart cards are used as ID cards issued by schools, corporations
and government entities to control access to physical locations.
 Medical institutions use smart cards to securely store patient
medical records.
 Loyalty Card
 Simcard
 Gift voucher
 Memory card
Advantages
 More secure – these card use encryption and
authentication technology which is more secure than
previous method.
 Safe to transport- these card give the freedom to

carry large sums of money around without feeling

anxious about having the money stolen.
 Double as an ID Card- Driver license
 Prevent fraud- it can be used by government to

prevent benefits and social welfare fraud to ensure

the right person is receiving the welfare benefit.
Disadvantages
 Easily Lost
 Possible Risk of Identify Theft
 Expensive
EDI(Electronic Data Interchange)
 Electronic Data Interchange (EDI) a major part of Electronic
Commerce (EC), is the computer-to-computer exchange of business
data in a standard, machine - processable format without human
intervention.
 It is a electronic exchange of business data/documents between two
organizations using pre-defined transaction formats.
 A process which allows one company to send information to another
company electronically rather than with paper.
 It can handle the high volume transactional traffic between companies.

 It is a technology that enables the automated exchange of electronic

business documents between an organization and its trading partners.
Constituents of EDI process
 Hardware
 Software
 Standards
HISTORY
 In 1968, the transportation industry recognized that the abundance of
paperwork was beginning to present a problem.
 Transportation Data Committee (TDCC),is formed to develop
standard formats for exchanging business information electronically
 But, all the standards that were developed at this time supported only
transportation related issues
 In 1978, The American National Standards Institute (ANSI) used the
pioneering work of TDCC to charter a committee known as the ASC
(Accredited Standard Committee) X12
 The main objective was to develop uniform standards for inter-
industry electronic interchange of business transactions
Contd..
 In 1983, ANSI published the first five American National Standards
for EDI. Using X12 standards, users ran into problems when
communicating electronically outside of their national boundaries
 In 1988, the United Nations chartered UN/EDIFACT (Electronic
Data Interchange For Administration, Commerce and Trade) to
develop international EDI standards
 These standards take the form of United Nations Standard
Messages (UNSMs), which are analogous to what ANSI X12 calls
Transaction Sets
 Users involved in EDI will reap various benefits: overseas
expansion, expense control and the elimination of support for
multiple formats
Data Processing
EDI Standards
A set of rules, agreed upon, accepted, and adhered to by two
entities, through which data is structured into electronic formats
for exchange of information.
Common standards requirements
 Compatible hardware and software

 Agreed data exchange templates

Common standards
 ANSI X12 is the standard that any industry can use

 (UN/EDIFACT) is the standard for international EDI transactions

EDI Benefits
Cost Reduction
 Manpower, resources, reduced inventory (JIT inventory

management)
Speed
 Electronic transfer Vs mail/ courier

Accuracy
 Avoids duplicate data entry and error margin

Security
 Information less susceptible to interception/ falsification
 EDI Issues
 Initial and operative costs
 Need to share master data with external partners

Security Concerns
 Confidentiality of information
 Authenticity of information
 Requires continuous maintenance and resources
EDI APPLICATIONS IN
BUSINESS
Four different scenarios in industries that use EDI
extensively:
 International or cross-border trade
 Electronic funds transfer
 Health care EDI for insurance claims processing
 Manufacturing & retail procurement