UNIT-III:CONSUMER ORIENTED E-COMMERCE APPLICATIONS: Introduction - Mercantile Process Model: Consumers Perspective and Merchant’s Perspective - Electronic Payment Systems: Legal Issues & Digital Currency - E-Cash & E-Cheque - Electronic Fund Transfer (EFT) - Advantages and Risks - Digital Token-Based E-Payment System - Smart Cards.
UNIT-IV:ELECTRONIC DATA INTERCHANGE: Introduction - EDI Standards - Types of EDI - EDI Applications in Business – Legal - Security and Privacy issues if EDI - EDI and E-Commerce - EDI Software Implementation.
Unit-II
Architectural
framework of E-commerce
1Q).Explain
Architecture Framework of E-Commerce?(VIMP)
Architectural framework should focus on
synthesizing the diverse resources already in place incorporation to facilitate
the integration of data and software for better use and application.
The E-commerce applications
architecture consists of 6 layers of functionality or services. They are
1. Application Services
2. Brokerage Services
3. Interface support layer
4. secure messaging & EDI
5. Middleware, structured document
interchange.
6. Network infrastructure and providing communication services.
1. Application services: It will be
composed of existing and future applications based on innate architecture. The
three distinct classes of E-commerce applications can be distinguished as
(a) Consumer to Business
(b) Business to Business
(c) Intra organization.
(a) Consumer to Business: We call this enterprise market place transaction. In market place transaction customer learn about product differently through Electronic publishing by them differently using Electronic cash and secure payment and have them developed differently.
(b) Business to Business: This is called as market link transaction. Here business, govt and other organizations depend on computer to computer communication as a fast, economical dependable way to conduct business transactions. They include the use of EDI and E-mail for Purchasing goods and services, buying information and consulting services, submitting requests for proposals and receiving proposals.
(c) Intra Organizational transactions: This is called
as market driven transaction. A company becomes market driven by dispersing
throughout the firm information about his customers and competitors by
spreading strategic and tactical decision making so that all units can
participate and by continuously monitoring their customer commitment.
Three major components of market driven
transactions are
(i) Customer orientation through product and service
customization
(ii) Cross functional coordination through enterprise
integration, marketing and advertising.
(iii) Customer service.
Information Brokerage and management: Information brokerage is used to represent an intermediary which provides service integration between customer and information providers, given some constraints such as low price, fast service, profit maximization for a client. Information brokerage addresses the issue of adding value to the information that is retrieved. Brokerage function can support data management and traditional transaction services. Brokerage may provide tools to accomplish more sophisticated tasks such as time delay updates or feature comparative transaction.
Interface support service: The third
layer interface and support services will provide interface for e-commerce
applications such as interactive catalogues and will support directory services
etc., functions necessary for information search and access. Interactive
catalogues are customized interface to consumer applications such as home
shopping. An interactive catalogue is an extension of paper based catalogues
and incorporates additional features such as sophisticated graphics and video
to make advertising more attractive. Directories on the other hand operate
behind the scenes and attempt to organize the huge amounts of information and
transactions generated to facilitate electronic commerce. Directory services
databases make data from any server appear as a local file. Thus directories
play an important role in information management functions.
4. Secure messaging and structure document interchange service: The importance of fourth layer is secured messaging. Messaging is a software that sits between the network infrastructure and the clients or e-commerce applications. Messaging services offer solutions for communicating non formatted data such as letters, memo, reports etc as well as formatted data such as purchase order, shipping notices and invoice etc. messaging support both for synchronous (immediate) and asynchronous (delay) messaging. When a message is sent work continuous (software does not wait for response). This allows the transfer of messages through store and forward methods. With messaging tools people can communicate and work together more effectively, no matter where they are located. The main disadvantages of messaging are the new types of applications it enables , which appear to be more complex especially to traditional programmers.
5. Middleware services: Middleware is
a mediator between diverse software programs that enable them to talk with one
another. It solves all the interface, translation, transformation and
interpretation problems that were driving application programmers crazy.
Another reason for Middleware is the computing shift from application centric
to data centric. i.e., remote data controls all of the applications in the network
instead of applications controlling data.
To achieve data centric computing
middleware services focus on three elements.
(1) Transparency
(2) Translation security management
(3) Distributed object management and services
(1) Transparency: Transparency implies that users should be unaware that they are accessing multiple systems. Transparency is essential for dealing with higher level issues than physical media interconnections that the underlying network infrastructure is in charge of. Transparency is accomplished using middleware that facilitates a distributed computing environment. This gives users and applications transparent access to data, computation and other resources across collection of multivendor heterogeneous systems.
(2) Transaction security management: The two broad
categories of security ( management ) services for transaction processing are
(a) Authentication
(b) Authorization.
Transaction integrity must be given for business that cannot afford any loss or inconsistency in data. For E-commerce , middleware provides qualities expected in a standard transaction processing ( T.P) system i,e. the so called ACID ( Atomocity, consistency, isolation, Durability ).
(3)
Distributed Object Management: Object orientation is proving fundamental
to the proliferation of network based application for the following reasons.
It is hard to write a network based
application without either extensive developer retaining or technology that
adopts the difficulties of the network. objects are defined as combination of
data and instructions acting on the data. objects are an evolution of more
traditional programming concept of functions and procedures. A natural instance
of an object in E-commerce is a document. A document carries data and often
carries instructions about the action to be performed on the data.
Middleware acts as an integrator for various standard protocols such as TCP(transmission control protocol) IP (Internet protocol), OLL
Q.2) Explain Firewall and Types?
Ans:
FIREWALL: A firewall is a network security system, either hardware- or software-based, that uses rules to control incoming and outgoing network traffic. A firewall acts as a barrier between a trusted network and and an entrusted network. A firewall controls access to the resources of a network through a positive control model. This means that the only traffic allowed onto the network is defined in the firewall policy; all other traffic is denied.
Types of Firewall
1.Packet firewalls
The earliest firewalls functioned as packet filters, inspecting the packets that are transferred between computers on the Internet. When a packet passes through a packet-filter firewall, its source and destination address, protocol, and destination port number are checked against the firewall's rule set. Any packets that aren't specifically allowed onto the network are dropped (i.e., not forwarded to their destination).
2. Stateful firewalls
In order to recognize a packet's connection state, a firewall needs to record all connections passing through it to ensure it has enough information to assess whether a packet is the start of a new connection, a part of an existing connection, or not part of any connection.
3. Application-layer firewalls
As attacks against Web servers became more common, so too did the need for a firewall that could protect servers and the applications running on them, not merely the network resources behind them. Application-layer firewall technology first emerged in 1999, enabling firewalls to inspect and filter packets on any OSI layer up to the application layer. The key benefit of application-layer filtering is the ability to block specific content, such as known malware or certain websites, and recognize when certain applications and protocols -- such as HTTP, FTP and DNS -- are being misused.
4. Proxy firewalls Firewall proxy servers also operate at the firewall's application layer, acting as an intermediary for requests from one network to another for a specific network application. A proxy firewall prevents direct connections between either sides of the firewall; both sides are forced to conduct the session through the proxy, which can block or allow traffic based on its rule set. A proxy service must be run for each type of Internet application the firewall will support, such as an HTTP proxy for Web services.
Q.3) Explain TCP/IP Reference Model?(VIMP)
Ans:
The TCP/IP Reference Model TCP/IP means Transmission Control Protocol and Internet Protocol. It is the network model used in the current Internet architecture as well. Protocols are set of rules which govern every possible communication over a network. These protocols describe the movement of data between the source and destination on the internet. They also offer simple naming and addressing schemes.
Overview of TCP/IP reference model TCP/IP that is Transmission Control Protocol and Internet Protocol was developed by Department of Defence's Project Research Agency (ARPA, later DARPA) as a part of a research project of network interconnection to connect remote machines.
The overall idea was to allow one
application on one computer to talk to(send data packets) another application
running on different computer.
Below we have discussed the 4 layers
that form the TCP/IP reference model:
Layer 1: Host-to-network Layer
1. Lowest layer of the all.
2. Protocol is used to connect to the
host, so that the packets can be sent over it.
3. Varies from host to host and network
to network.
Layer 2: Internet layer
1. Selection of a packet switching
network which is based on a connectionless internetwork layer is called a
internet layer.
2. It is the layer which holds the
whole architecture together.
3. It helps the packet to travel
independently to the destination.
4. Order in which packets are received
is different from the way they are sent.
5. IP (Internet Protocol) is used in
this layer.
6. The various functions performed by
the Internet Layer are:
o Delivering IP packets
o Performing routing
o Avoiding congestion
Layer 3: Transport Layer
1. It decides if data transmission
should be on parallel path or single path.
2. Functions such as multiplexing,
segmenting or splitting on the data is done by transport layer.
3. The applications can read and write to
the transport layer.
4. Transport layer adds header
information to the data.
5. Transport layer breaks the message
(data) into small units so that they are handled more efficiently by the
network layer.
6. Transport layer also arrange the packets to be sent, in sequence.
Layer 4: Application Layer
The TCP/IP specifications described a lot of applications that were at the top of the protocol stack. Some of them were TELNET, FTP, SMTP, DNS etc.
1. TELNET is a two-way communication protocol which allows connecting to a remote machine and run applications on it.
2. FTP(File Transfer Protocol) is a
protocol, that allows File transfer amongst computer users connected over a
network. It is reliable, simple and efficient.
3. SMTP(Simple Mail Transport Protocol)
is a protocol, which is used to transport electronic mail between a source and
destination, directed via a route.
4. DNS(Domain Name Server) resolves an
IP address into a textual address for Hosts connected over a network.
5. It allows peer entities to carry
conversation.
6. It defines two end-to-end protocols:
TCP and UDP
o TCP(Transmission Control Protocol):
It is a reliable connection-oriented protocol which handles byte-stream from
source to destination without error and flow control.
o UDP(User-Datagram Protocol): It is an unreliable connection-less protocol that do not want TCPs, sequencing and flow control. Eg: One-shot request-reply kind of service.
Q4.) Explain Hypertext Transfer
Protocol ( HTTP )?
Ans:
It is the simple request response
protocol that is currently run over TCP and is the basis of WWW. HTTP is a
protocol for transferring information efficiently between the requesting client
and server. The data transferred may be plain text , hypertext images or
anything else. When a user browses the web objects are retrieved in rapid
succession from often widely dispersed servers.
HTTP is used for retrieving documents
in an unbounded & extensible set of formats. It is an internet protocol. It
is similar in its readable, text based style to the file transfer ( FTP ) &
the network news (NNTP) protocols that have been used to transfer files and
news on the internet for many years.
When objects are transferred over network, information about them is transferred in HTTP Header. The set of headers is an extension of the multi purpose internet mail extension ( MIME ) set. This design decision was taken to open the door to integration of hypermedia mail , news and information access.
5.What is URL?
Ans: The documents
that the browsers display are hypertext that contains pointers to other documents. The
browser allows us to deal with the pointer in a transparent way that is select
the pointer we are presented with a text to which it points. This pointer
is implemented by using a concept
known as URL.
URL’s are address of objects (documents, images etc) on the web. URL marks the unique location of a file or a service on the internet. In an URL, the first part describes the type of the resources, second part gives the name of the server posting the resources and the third part gives the full name of resources.
Example : FTP://server.address / complete filename
6.Explain about FTP.
Ans: FTP stands for File Transfer Protocol.
FTP is a standard protocol used to
transfer files from one host to another on a network. FTP is commonly used to
download programs and other files to
your computer from other servers.
We can use FTP from command line
interface or with a GUI. Web
browsers also make FTP requests to download programs. Anonymous FTP
allows to access publicly available
files from a FTP server. TCP/IP suite provides basic FTP support. FTP data is
sent and received through computer’s port 21 under the TCP protocol.
Objectives of FTP:
· To promote sharing of
files.
· To encourage implicit
use of remote computers.
· To transfer data reliably and efficiently.
7. Explain about SMTP.
Ans: SMTP is a TCP/IP protocol used in
sending and receiving e-mail. SMTP
is used with two other
protocols.POP3 or IMAP. Users generally use SMTP for sending e-mail and either POP3 or IMAP for receiving e-mail. Sendmail is a most widely used SMTP server for e-mail on a Unix system.
Microsoft
Exchange includes an SMTP server and also includes POP3 support.
Simple
Mail Transfer Protocol(SMTP) includes three standards:
- A standard for exchange of mail between two computers (STD10/RFC821).
- A standard for the format of the mail messages( STD11)
- A standard for the routing of mail message (DNS-MX).
How
SMTP works:
SMTP is based on end-to-end delivery. An SMTP client contacts the destination host’s SMTP server directly on port 25 to deliver the mail. It keeps the mail item until it has been successfully copied to the recipient’s SMTP.
Mail-Exchange:
In an
SMTP design, as a result of a user mail request, the sender SMTP establishes a
two-way connection with a receiver SMTP. The sender SMTP will generate
commands that are replied to by the
receiver SMTP.
The following figure shows an SMTP model:
- SMTP is very popular and supported by many platforms
- SMTP has low implementation and administration costs
- SMTP has a simple addressing scheme.
8.Explain about SHTTP.
Ans: Secure Hypertext Transfer protocol
(S-HTTP) was designed by E. Rescorla and A. Schiffman to secure HTTP
connections. SHHTP is an extension to the HTTP protocol to support sending data securely over the
World Wide Web. S-HTTP provides a wide variety of mechanisms to provide for
confidentiality, authentication, and integrity.
S-HTTP is a superset of HTTP, which
allows messages to be encapsulated
in various ways. Encapsulations can include encryption, signing, or MAC based
authentication. S-HTTP also includes header definitions to provide key
transfer, certificate transfer, and similar administrative functions. S-HTTP is
extremely flexible to the programmers.
S-HTTP does not rely on a particular key certification scheme. Key certifications can be provided in a message, or obtained elsewhere.
9.Explain about SSL.
Ans: SSL stands for
Secure Sockets Layer. SSL is a protocol
developed by Netscape for transmitting private documents via the
Internet. SSL uses a cryptographic system
that uses two keys to encrypt data − a public key known to everyone and
a private or secret key known only to
the recipient of the message. Both Netscape Navigator and Internet
Explorer support SSL. URLs that
require an SSL connection start with https:
To create an SSL connection a web
server requires an SSL Certificate.
An SSL Certificate will contain your domain name, your company name, your
address, your city, your state and
your country. It will also contain the expiration date of the Certificate and
details of the Certification
Authority. When a browser connects to a secure site it will retrieve the site's
SSL Certificate and check for its
validity. If it fails in validation, then the browser will display a warning to
the end user that the site is not
secured by SSL.
10.Explain about NNTP.
Ans: NNTP stands for Network News Transfer
Protocol. NNTP is a protocol used by
USENET to transfer postings between clients and servers. NNTP is defined in
RFC 977 and is assigned to port 119.
Usenet was originally designed based on the UUCP network, with most article transfers taking place over direct
point-to-point telephone links between news servers, which were powerful time-sharing systems.
Readers and posters logged into these
computers reading the articles
directly from the local disk. A newsreader, also known as a news client, is a
software application that reads
articles on Usenet, either directly from the news server's disks or via the
NNTP.
11.
Explain Security issues faced when using an E-commerce website?(VIMP)
Ans:
In order to conduct electronic commerce on the internet, messages must be electronically transmitted in some manner. Several security services are required to ensure reliable transmission of business messages.
The primary security services are divided into five categories:
1. Confidentiality 2. Integrity 3. Non-Repudiation 4. Authentication 5.Authorization
Confidentiality:
When a message is sent electronically, the sender and receiver may desire that the message remain confidential and thus not be read by any other parties. For e-commerce, keeping order details and credit card information confidential during transmission is a major security concern. Further trading partners are also want confidentiality of their messages. Encryption is the most effective technique for masking a message.
Integrity:
When a message is sent electronically, the sender and receiver want to ensure the message received is exactly the same as the message transmitted by the sender. A message that have not been altered in any way is said to have maintained its integrity.
Hashing is an effective cryptographic means of ensuring message integrity. The hash value is sent along with the message. A hash is calculated by the recipient by using hashing algorithm.
Authentication:
When an electronic message is received by a user or a system, the identity of the sender needs to be verified. To identify a user one of the following types of information is generally required:
- Something you have( Ex: a token)
- Something you know ( Ex: a PIN)
- Something you are ( Ex: fingerprints or signatures)
Credit card companies are trying to reduce fraudulent use of stolen credit cards by asking the users to have a photograph on the credit card for verification by the merchant. In some cases trusted third-party services are used to authenticate the user.
12.Explain
below terms ?
Ans:
a) Cryptography:(VIMP)
Cryptography
is a method of transforming the plain text into an unreadable form. This unreadable form can
only be read by the authorized users. It is derived from 'kryptos' which is a
Greek word whose meaning is hidden or secret. It employs techniques like
encryption and decryption.
In
encryption the plain text transformed
into ciphertext. Decryption is the reverse process of encryption where the encrypted text can be transformed back to
plain text. The transformations are performed by using a cryptographic key.
No comments:
Post a Comment