2.3.2 Discuss in your own orders, why do we need protocols in computer networks?

Also explain how electronic-commerce solutions face many hurdles, including helping clients upgrade their infrastructure. HURDULES IN E - COMMERCE electronic-commerce solutions face many hurdles, including helping clients upgrade their infrastructure. challenges are increasing system performance to handle a more intense E-commerce load and simplifying the consumer experience, said Sean Maloney, Intel Corp. senior vice president, during a keynote presentation at the E-Business Expo, here. Building and deploying an E-commerce site, whether it is a business-to-business infrastructure or a consumer E-commerce site, will not be easy, said Maloney. Setting up a business-to-business site means developing a robust system able to handle vigorous traffic and provide foolproof security, said Maloney. VARs must make sure clients using the site can get information and place orders quickly, regardless of their internal computer foundation, he said. "In business-to-business, the supplier owns all the problems," Maloney said. When Intel, Santa Clara, Calif., launched its business-to-business services in January last year, site developers studied client LAN infrastructures, ISP capabilities and the average number of components on an Internet page to make sure the site would service all of its accounts efficiently, Maloney said. Today, Intel generates about $1 billion per month through Internet business-to-business services, he said. As business-to-business transactions mature, there will be intelligent agents and integrated applications automatically updating the information a customer needs to do day-to-day business, Maloney said. For example, component ordering could be completely automated for manufacturers, Maloney said. Business-to-business links for suppliers would keep a steady stream of pricing and availability coming in, which would automatically update in a spreadsheet, he said. On the consumer side, E-business will need to be expanded to provide a similar set of services but in a more simplified fashion. "The challenge for E-business for the consumer client is that the experience has to be very simple, easy to use, and it has to be compelling enough to get the user to stay on the Web," Maloney said. Over the next few years, more information and transactions will be completed over the Internet using voice recognition. In addition, more products will be presented in 3-D with live sound and other descriptions, he said. If that sounds far-fetched given the computing power of mainstream users and today's 56-Kbit-per-second world, PC performance will increase, as will bandwidth, Maloney said. Both business-to-business and consumer E-commerce site builders need to consider load carefully when implementing sites, Maloney said. Maloney's advice: Remember the Internet is event-driven in nature, and spikes will not be limited to predictable peak-user hours. Any special event or promotion could significantly increase hits, and added multimedia elements or security could drag down the system. QUESTION 2 we can eliminate risk in e commerce process by taking steps given as follows

1------- CRYPTOGRAPHY 2-------VIRTUAL PIN PAYMENT SYSTEM 3-------E CASH PAYMENT SYSTEM you just have to elaborate these given heading above. Why do we need protocols in computer networks? Discuss in your own words? Protocols are like languages. If everyone is not speaking the same language then they won't understand each other. Protocols establish a method of communications without which different platforms couldn't talk. The protocols in human communication are separate rules about appearance, speaking, listening and understanding. All these rules, also called protocols of conversation, represent different layers of communication. They work together to help people successfully communicate. The need for protocols also applies to network devices. Computers have no way of learning protocols, so network engineers have written rules for communication that must be strictly followed for successful host-to-host communication. These rules apply to different layers of sophistication such as which physical connections to use, how hosts listen, how to interrupt, how to say good-bye, and in short how to communicate, what language to use and many others. IT430- E-Commerce GDB CYBER CRIME: Cyber crime is the latest and perhaps the most complicated problem in the cyber world. Cyber crime may be said to be those species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct constituting crime. Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime WAYS OF CYBER CRIME: Virus / worm attacks: Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer's memory. E.g. love bug virus, which affected at least 5 % of the computers of the globe. The losses were accounted to be $ 10 million. The world's most famous worm was the Internet worm let loose on the Internet by Robert Morris sometime in 1988. Almost brought development of Internet to a complete halt. Logic bombs: These are event dependent programs. This implies that these programs are created to do something only when a certain event (known as a trigger event) occurs. E.g. even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date (like the Chernobyl virus). Trojan attacks: This term has its origin in the word Trojan horse. In software field this means an unauthorized programme, which passively gains control over anothers system by representing itself as an authorized programme. The most common form of installing a Trojan is through e-mail. E.g. a Trojan was installed in the computer of a lady film director in the U.S. while chatting. The cyber criminal through the web cam installed in

the computer obtained her nude photographs. He further harassed this lady. Internet time thefts: Normally in these kinds of thefts the Internet surfing hours of the victim are used up by another person. This is done by gaining access to the login ID and the password. E.g. Colonel Bajwas case- the Internet hours were used up by any other person. This was perhaps one of the first reported cases related to cyber crime in India. However this case made the police infamous as to their lack of understanding of the nature of cyber crime. Measurements: Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them. History is the witness that no legislation has succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties (to report crime as a collective duty towards the society) and further making the application of the laws more stringent to check crime. Undoubtedly the Act is a historical step in the cyber world. Further I all together do not deny that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crime. I would conclude with a word of caution for the pro-legislation school that it should be kept in mind that the provisions of the cyber law are not made so stringent that it may retard the growth of the industry and prove to be counter-productive 2.3.1 Draft the importance of public key cryptography for the following with the examples: a) DSS Digital Signature Standard based on DSA (Digital Standard Algorithm) b) RSA c) Elliptic Curves As you have studied some popular public key algorithms: 1) DSS Digital Signature Standard based on DSA (Digital Standard Algorithm) 2) RSA 3) Elliptic Curves You are required to provide answers for the given below questions: 1) Differences among the above listed Public Key Algorithms. Note: One of the differences must contain information that describes the practical usage of the particular Algorithm currently. 2) Advantages and disadvantages for the most common and efficient public key Algorithm applied now a days. DSA/DSS The Digital Signature Standard (DSS) was developed by the U.S. National Security Agency and adopted as a Federal Information Processing Standard (FIPS) by the National Institute for Standards and Technology. DSS is based on the Digital Signature Algorithm (DSA). Although DSA allows keys of any length, only keys between 512 and 1,024 bits are permitted under the DSS FIPS. As specified, DSS can be used only for digital signatures, although it is possible to use some DSA implementations for encryption as well. RSA RSA is a well-known public key cryptography system developed in 1977 by three professors at MIT: Ronald Rivest, Adi Shamir, and Leonard Adleman. RSA can be used both for encrypting information and as the basis of a digital signature system. Digital signatures can be used to prove the authorship and authenticity of digital information. The key can be any length, depending on the particular implementation used. Elliptic curves Public key systems have traditionally been based on factoring (RSA), discrete logarithms

(Diffie-Helman), and the knapsack problem. Elliptic curve cryptosystems are public key encryption systems that are based on an elliptic curve rather than on a traditional logarithmic function; that is, they are based on solutions to the equation y2 = x3 + ax + b. The advantage to using elliptic curve systems stems from the fact that there are no known subexponential algorithms for computing discrete logarithms of elliptic curves. Thus, short keys in elliptic curve cryptosystems can offer a high degree of privacy and security, while remaining easily calculatable. Elliptic curves can be computed very efficiently in hardware. Certicom (http://www.certicom.com) has attempted to commercialize implementations of elliptic curve cryptosystems for use in mobile computing. Advantages for Public Key Encryption Two of the most common uses for public key cryptography are encrypted messaging and digital signatures: With encrypted messaging, a person who wishes to send an encrypted message to a particular recipient encrypts that message with the individual's public key. The message can then be decrypted only by the authorized recipient. With digital signatures, the sender of the message uses the public key algorithm and a private key to digitally sign a message. Anyone who receives the message can then validate the authenticity of the message by verifying the signature with the sender's public key. http://docstore.mik.ua/orelly/other/puis3rd/0596003234_puis3-chp-7-sect-3.html >>> 7.3 Public Key Algorithms The existence of public key cryptography was first postulated in print in the fall of 1975 by Whitfield Diffie and Martin Hellman. The two researchers, then at Stanford University, wrote a paper in which they presupposed the existence of an encryption technique in which information encrypted with one key (the public key) could be decrypted by a second, apparently unrelated key (the private key). Robert Merkle, then a graduate student at Berkeley, had similar ideas at the same time, but because of the vagaries of the academic publication process, Merkle's papers were not published until the underlying principles and mathematics of the Diffie-Hellman algorithm were widely known. Since that time, a variety of public key encryption systems have been developed. Unfortunately, there have been significantly fewer developments in public key algorithms than in symmetric key algorithms. The reason has to do with how these algorithms are created. Good symmetric key algorithms simply scramble their input depending on the input key; developing a new symmetric key algorithm requires coming up with new ways for performing that scrambling reliably. Public key algorithms tend to be based on number theory. Developing new public key algorithms requires identifying new mathematical equations with particular properties. The following list summarizes the public key systems in common use today: Diffie-Hellman key exchange A system for exchanging cryptographic keys between active parties. DiffieHellman is not actually a method of encryption and decryption, but a method of developing and exchanging a shared private key over a public communications channel. In effect, the two parties agree to some common numerical values, and then each party creates a key. Mathematical transformations of the keys are exchanged. Each party can then calculate a third session key that cannot easily be derived by an attacker who knows both exchanged values. DSA/DSS The Digital Signature Standard (DSS) was developed by the U.S. National Security Agency and adopted as a Federal Information Processing Standard (FIPS) by the National Institute for Standards and Technology. DSS is based on the Digital Signature Algorithm (DSA). Although DSA allows keys of any length, only keys between 512 and 1,024 bits are permitted under the DSS FIPS. As specified, DSS can be used only for digital signatures, although it is possible to use some DSA implementations for encryption as well. RSA

RSA is a well-known public key cryptography system developed in 1977 by three professors at MIT: Ronald Rivest, Adi Shamir, and Leonard Adleman. RSA can be used both for encrypting information and as the basis of a digital signature system. Digital signatures can be used to prove the authorship and authenticity of digital information. The key can be any length, depending on the particular implementation used. Elliptic curves Public key systems have traditionally been based on factoring (RSA), discrete logarithms (Diffie-Helman), and the knapsack problem. Elliptic curve cryptosystems are public key encryption systems that are based on an elliptic curve rather than on a traditional logarithmic function; that is, they are based on solutions to the equation y2 = x3 + ax + b. The advantage to using elliptic curve systems stems from the fact that there are no known subexponential algorithms for computing discrete logarithms of elliptic curves. Thus, short keys in elliptic curve cryptosystems can offer a high degree of privacy and security, while remaining easily calculatable. Elliptic curves can be computed very efficiently in hardware. Certicom (http://www.certicom.com) has attempted to commercialize implementations of elliptic curve cryptosystems for use in mobile computing. 2.3.3 What will be the role of e-commerce in competitive strategy, in terms of customization? How e-cash bank made and illustrate its security? E-Cash Electronic Money, E-Cash, is changing the way currency is perceived. While the change seems as revolutionary as the conversion from value-based mediums of exchange (e.g. gold, silver) to paper currency, it is actually only an evolution from current paper-based mediums. There are a number of benefits of E-Cash over greenbacks, but there are also new issues with which to contend. In addition to new issues, there are also new forms of old problems which E-Cash will not solve. In its current state electronic cash is a necessary innovation in the financial markets. However, it is highly doubtful that E-Cash will actually replace paper currency. What is e-cash: While many different companies are rushing to offer digital money products, currently ecash is cash is represented by two models. One is the on-line form of e-cash (introduced by DigiCash) which allows for the completion of all types of internet transactions. The other form is off-line; essentially a digitially encoded card that could be used for many of the same transactions as cash. This off-line version (which also has on-line capabilities) is being tested by Mondex in partnership with various banks. The primary function of e-cash is to facilitate transactions on the Internet. Many of these transactions may be small in size and would not be cost efficient through other payment mediums such as credit cards. Thus, WWW sites in the future may charge $0.10 a visit, or $0.25 to download a graphics file. These types of payments, turning the Internet into a transaction oriented forum, require mediums that are easy, cheap (from a merchants perspective), private (see Privacy), and secure (see Security). Electronic Cash is the natural solution, and the companies that are pioneering these services claim that the products will meet the stated criteria. By providing this type of payment mechnism, the incentives to provide worthwhile services and products via the Internet should increase. Another prospective beneficiary from these developments would be Shareware providers, since currently they rarely receive payments. To complete the digital money revolution an offline product is also required for the pocket money/change that most people must carry for small transactions (e.g. buying a newspaper, buying a cup of coffee, etc...). The concept of electronic money is at least a decade old. [Hewitt 1994] demonstrates that check writing is a pre-cursor to E-cash. When one person writes a check on his bank account and gives the check to another person with an account at a different bank, the banks do not transfer currency. The banks use electronic fund transfer. Electronic money, removes the middleman. Instead of requesting the banks to transfer the funds through the mechnism of a check, the E-cash user simply transfers the money from his bank account to the account of the receiver.

The reality of E-cash is only slightly more complicated, and these complications make the transactions both secure and private. The user downloads electronic money from his bank account using special software and stores the E-cash on his local hard drive. To pay a WWW merchant electronically, the E-cash user goes through the software to pay the desired amount from the E-cash "wallet" to the merchants local hard drive ("wallet") after passing the transaction through an E-cash bank for authenticity verification. The merchant can then pay its bills/payroll with this E-cash or upload it to the merchant's hard currency bank account. The E-cash company makes money on each transaction from the merchant (this fee is very small, however) and from royalties paid by banks which provide customers with E-cash software/hardware for a small monthly fee. Transactions between individuals would not be subject to a fee. E-cash truly globalizes the economy, since the user can download money into his cyberwallet in any currency desired. A merchant can accept any currency and convert it to local currency when the cybercash is uploaded to the bank account. To the extent a user wants E-cash off-line, all that is necessary is smart card technology. The money is loaded onto the smartcard, and special electronic wallets are used to offload the money onto other smartcards or directly to an on-line system. Smartcards have been used successful in other countries for such transactions as phone calls for a number of years. The money could also be removed from a smartcard and returned to a bank account. Visa is developing a related product, the stored value card. This card comes in a variety of denominations, but functions more like a debit card than E-cash. In essence, E-cash combines the benefits of other transaction mediums. Thus, it is similar to debit/credit cards, but E-cash allows individuals to conduct transactions with each other. It is similar to personal checks, but it is feasible for very small transactions. While it appears superior to other forms, E-cash will not completely replace paper currency. Use of E-cash will require special hardware, and while most people will have access, not all will. However, E-cash presents special challenges for the existing "middlemen" of the current paper currency society. More and more, banks and other financial intermediaries will serve simply as storehouses for money, lenders, and processing/verifying electronic transactions. Personal interaction with a teller, or even visits to a bank ATM will become obsolete. All one will have to do is turn on his computer. e-cash security: There are several aspects to security when dealing with E-cash. The first issue is the security of the transaction. How does one know that the E-cash is valid? Encryption and special serial numbers are suppose to allow the issuing bank to verify (quickly) the authenticity of E-cash. These methods are suseptible to hackers, just as paper currency can be counterfeited. However, promoters of E-cash point out that the encryption methods used for electronic money are the same as those used to protect nuclear weapon systems. The encryption security has to also extend to the smartcard chips to insure that they are tamper resistant. While it is feasible that a system wide breach could occur, it is highly unlikely. Just as the Federal Government keeps a step ahead of the counterfeiters, cryptography stays a step ahead of hackers. Physical security of the E-cash is also a concern. If a hard drive crashes, or a smartcard is lost, the E-cash is lost. It is just as if one lost a paper currency filled wallet. The industry is still developing rules/mechanisms for dealing with such losses, but for the most part, Ecash is being treated as paper cash in terms of physical security. Companies are making some exceptions when it comes to a software/hardware failure, but these are supposed to be rare. To help customers get used to this concept, most companies are limiting Ecash wallets to $500, reflecting the primary use of E-cash for low value transactions. There is a benefit to E-cash in the area of theft, however. A mugger or pickpocket would not be able to make use of another's smartcard without the appropriate password. Merchants should also lose less cash to employee theft, since the electronic cash will be inaccessible (or, at a minimum, traceable). The ultimate area of security is faith in the currency. This, however, would still be the responsibility of the Federal Government on a systemic basis. Essentially, the E-cash is merely a representation of hard currency on deposit at banks. Thus, faith in the system should not falter. e-cash privacy:

As information technologies expand, privacy becomes of greater concern. People are realizing that with every credit card transaction, corporate databases are becoming larger and larger. By using paper currency, people are able to exclude themselves from these databases. Therefore, for e-cash to be effective, it must maintain this privacy function. DigiCash claims it has developed a system that provides privacy for the user without sacraficing security for the receiver. If a system is completely private, the merchant has no way of verifying the validity of the electronic money. The user would also be unable to have a receipt for the transaction. However, DigiCash utilizes a one-sided signiture. Basically, the user keeps record of payments made, but the merchant only receives enough information to allow his bank to verify the authenticity of the E-cash. This signiture process is also suppose to deter the criminal element of cash transactions. Since a record of the transaction is created and kept (by the payee), extortion, bribes, or other illegal transactions should occur less frequently. e-cash regulation: The legal challenges of E-cash entail concerns over taxes and currency issuers. In addition, consumer liability from bank cards will also have to be addressed (currently $50 for credit cards). E-cash removes the intermediary from currency transactions, but this also removes much of the regulation of the currency in the current system. Tax questions immediately arise as to how to prevent tax evasion at the income or consumption level. If cash-like transactions become easier and less costly, monitoring this potential underground economy may be extremely difficult, if not impossible, for the IRS. The more daunting legal problem is controling a potential explosion of private currencies. Large institutions that are handling many transactions may issue electronic money in their own currency. The currency would not be backed by the full faith of the United States, but by the full faith of the institution. This is not a problem with paper currency, but until the legal system catches up with the digital world, it may present a problem with cybercash.

2.4 Internet & Java Programing 1) Java program that creates three threads.First thread displaysGood Morning class Frst implements Runnable { Thread t; Frst() { t=new Thread(this); System.out.println("Good Morning"); t.start(); } public void run() { for(int i=0;i<10;i++) { System.out.println("Good Morning"+i); try{ t.sleep(1000); } catch(Exception e) { System.out.println(e); }

} } } class sec implements Runnable { Thread t; sec() { t=new Thread(this); System.out.println("hello"); t.start(); } public void run() { for(int i=0;i<10;i++) { System.out.println("hello"+i); try{ t.sleep(2000); } catch(Exception e) { System.out.println(e); } } } } class third implements Runnable { Thread t; third() { t=new Thread(this); System.out.println("welcome"); t.start(); } public void run() { for(int i=0;i<10;i++) { System.out.println("welcome"+i); try{ t.sleep(3000); } catch(Exception e) { System.out.println(e); } } } } public class Multithread { public static void main(String arg[])

{ new Frst(); new sec(); new third(); } } Write a Java program that creates three threads. First thread displays Good Morning every one second, the second thread displays Hello every two seconds and the third thread displays Welcome every three seconds. class A extends Thread { synchronized public void run() { try { while(true) { sleep(10); System.out.println("good morning"); } } catch(Exception e) {} } } class B extends Thread { synchronized public void run() { try { while(true) { sleep(20); System.out.println("hello"); } } catch(Exception e) {} } } class C extends Thread { synchronized public void run() { try { while(true) { sleep(30); System.out.println("welcome"); }

} catch(Exception e) {} } } class ThreadDemo { public static void main(String args[]) { A t1=new A(); B t2=new B(); C t3=new C(); t1.start(); t2.start(); t3.start(); } } 2) import java.util.*; public class Computer{ static String name; static int size; static int speed; static String make; static double price; static int quantity; public Computer(String n,int s,int sp,String m,double p,int q){ name=n; size=s; speed=sp; make=m; price=p; quantity=q; } public String getName(){ return name; } public int getSize(){ return size; } public int getSpeed(){ return speed; } public String getMake(){ return make; } public double getPrice(){ return price; } public int getQuantity(){ return quantity;

} public void valid(){ if((price==0)||(price<0)){ System.out.println("Please enter price"); System.exit(0); } else if((quantity==0)||(quantity<0)){ System.out.println("Please enter quantity "); System.exit(0); } else{ displayData(); } } public void displayData(){ List<Computer> list = new ArrayList<Computer>(); list.add(new Computer(name,size,speed,make,price,quantity)); for (Computer s : list){ System.out.println("Computer Name: "+s.getName()+ "\nRAM Size :"+s.getSize() +"\nProcessor Make: "+s.getMake()+"\nProcessor Speed: "+s.getSpeed() +"\nQuantity: "+s.getQuantity()+"\nTotal Price of Computers: "+s.getPrice()); } } public static void main(String[]args){ System.out.println("Enter details"); Scanner input=new Scanner(System.in); name=input.next(); size=input.nextInt(); speed=input.nextInt(); make=input.next(); price=input.nextDouble(); quantity=input.nextInt(); Computer c=new Computer(name,size,speed,make,price,quantity); c.valid(); } } 2.1 Financial Management 2) b)