This action might not be possible to undo. Are you sure you want to continue?
Electronic commerce, commonly known as e-commerce, eCommerce or e-comm, refers to the buying and selling of products or services over electronic systems such as the Internet and other computer networks. However, the term may refer to more than just buying and selling products online. It also includes the entire online process of developing, marketing, selling, delivering, servicing and paying for products and services. The amount of trade conducted electronically has grown extraordinarily with widespread Internet usage. The use of commerce is conducted in this way, spurring and drawing on innovations in electronic funds transfer, supply chain management, Internet marketing, online transaction processing, electronic data interchange (EDI), inventory management systems, and automated data collection systems. Modern electronic commerce typically uses the World Wide Web at least at one point in the transaction's life-cycle, although it may encompass a wider range of technologies such as e-mail, mobile devices and telephones as well. A large percentage of electronic commerce is conducted entirely in electronic form for virtual items such as access to premium content on a website, but mostly electronic commerce involves the transportation of physical items in some way. Online retailers are sometimes known as e-tailers and online retail is sometimes known as e-retail. Almost all big retailers are now electronically present on the World Wide Web. Electronic commerce that takes place between businesses is referred to as business-to-business or B2B. B2B can be open to all interested parties (e.g. commodity exchange) or limited to specific, pre-qualified participants (private electronic market). Electronic commerce that takes place between businesses and consumers, on the other hand, is referred to as business-to-consumer or B2C. This is the type of electronic commerce conducted by companies such as Amazon.com. Online shopping is a form of electronic commerce where the buyer is directly online to the seller's computer usually via the internet. There is no intermediary service involved. The sale or purchase transaction is completed electronically and interactively in real-time such as in Amazon.com for new books. However in some cases, an intermediary may be present in a sale or purchase transaction such as the transactions on eBay.com. Electronic commerce is generally considered to be the sales aspect of e-business. It also consists of the exchange of data to facilitate the financing and payment aspects of business transactions.
Electronic business, commonly referred to as "eBusiness" or "e-business", or an internet business, may be defined as the application of information and communication technologies (ICT) in support of all the activities of business. Commerce constitutes the exchange of products and services between businesses, groups and individuals and can be seen as one of the essential activities of any business. Electronic commerce focuses on the use of ICT to enable the external activities and relationships of the business with individuals, groups and other businesses. The term "e-business" was coined by IBM's marketing and Internet teams in 1996. Electronic business methods enable companies to link their internal and external data processing systems more efficiently and flexibly, to work more closely with suppliers and partners, and to better satisfy the needs and expectations of their customers. In practice, e-business is more than just e-commerce. While e-business refers to more strategic focus with an emphasis on the functions that occur using electronic capabilities, e-commerce is a subset of an overall e-business strategy. E-commerce seeks to add revenue streams using the World Wide Web or the Internet to build and enhance relationships with clients and partners and to improve efficiency using the Empty Vessel strategy. E-business involves business processes spanning the entire value chain: electronic purchasing and supply chain management, processing orders electronically, handling customer service, and cooperating with business partners. Special technical standards for e-business facilitate the exchange of data between companies. E-business software solutions allow the integration of intra and inter firm business processes. E-business can be conducted using the Web, the Internet, intranets, extranets, or some combination of these.
Basically, electronic commerce (EC) is the process of buying, transferring, or exchanging products, services, and/or information via computer networks, including the internet. EC can also be beneficial from many perspectives including business process, service, learning, collaborative, community. EC is often confused with e-business.
Mobile Commerce, also known as M-Commerce or mCommerce, is the ability to conduct commerce using a mobile device, such as a mobile phone, a Personal Digital Assistant (PDA), a smartphone, or other emerging mobile equipment such as dashtop mobile devices. Mobile Commerce has been defined as follows: "Mobile Commerce is any transaction, involving the transfer of ownership or rights to use goods and services, which is initiated and/or completed by using mobile access to computer-mediated networks with the help of an electronic device."
*Traditional Commerce Vs E-Commerce*
Identity. Customers can easily authenticate the identity of a merchant simply by walking into a bricks-and-mortar store. Stores can be members of a community and neighborhood; they can be part of customers’ daily experience. There is a concreteness about a physical store that no amount of HTML will ever match. Immediacy. Customers can touch and feel and hold the merchandise. Tactile cues can drive the decision to buy. A transaction that is face-to-face is usually unmediated: your communication with the merchant is not in the hands of a third party or technology (as with ordering by phone). Value. The item at the center of the commerce transaction — the product, service, or property that is to be sold/bought — has some kind of value. Its price is determined and validated through the performance of the transaction. The seller agrees to a selling price, and the buyer agrees to a buying price. The value of an item, especially the relative value an item has for the buyer, is much easier to appraise if that item is close at hand. Discourse. Customers can converse with the merchant face-to-face; unmediated conversation is basic to human communication. People want the feedback available from non-verbal behavior, which forms a large part of our judgment process. Community. Customers can interact with other customers and gain feedback about the merchant from other customers, as well as by observing the merchant interacting with other customers. Privacy. Customers can make purchases anonymously with cash; they usually don’t have to give their name or address. They don’t usually have to worry about what a store will do with their personal information, although this is becoming more of an issue with various recent attempts by lawyers to access private sales and rental records. Privacy is often a measure of how much of his or her identity a buyer wants to invest in a transaction; sometimes, we just want to quietly make our purchase and leave with it. An online commerce customer faces mediation in every element and at every stage of the commerce transaction. Customers can’t see the merchant, only the merchant’s website; they can’t touch the merchandise, they can only see a representation; they can’t wander a store and speak with employees, they can only browse HTML pages, read FAQs, and fire off email to nameless customer service mailboxes; they can’t explore the store’s shelves and product space, they can only search a digital catalog. A customer at an online commerce site lacks the concrete cues to comfortably assess the trustworthiness of the site, and so must rely on new kinds of cues. The problem for the online customer is that the web is new — to a large sector of the online audience — and online commerce seems like a step into an unknown experience.
*Types of E-commerce*
Business-to-business (B2B) describes commerce transactions between businesses, such as between a manufacturer and a wholesaler, or between a wholesaler and a retailer. Contrasting terms are business-toconsumer (B2C) and business-to-government (B2G). The volume of B2B (Business-to-Business) transactions is much higher than the volume of B2C transactions. The primary reason for this is that in a typical supply chain there will be many B2B transactions involving sub components or raw materials, and only one B2C transaction, specifically sale of the finished product to the end customer. For example, an automobile manufacturer makes several B2B transactions such as buying tires, glass for windscreens, and rubber hoses for its vehicles. The final transaction, a finished vehicle sold to the consumer, is a single (B2C) transaction. B2B is also used in the context of communication and collaboration. Many businesses are now using social media to connect with their consumers (B2C); however, they are now using similar tools within the business so employees can connect with one another. When communication is taking place amongst employees, this can be referred to as "B2B" communication.
Business 2 Consumer
Retail consists of the sale of physical goods or merchandise from a fixed location, such as a department store, boutique or kiosk, or by mail, in small or individual lots for direct consumption by the purchaser. Retailing may include subordinated services, such as delivery. Purchasers may be individuals or businesses. In commerce, a "retailer" buys goods or products in large quantities from manufacturers or importers, either directly or through a wholesaler, and then sells smaller quantities to the end-user. Retail establishments are often called shops or stores. Retailers are at the end of the supply chain. Manufacturing marketers see the process of retailing as a necessary part of their overall distribution strategy. The term "retailer" is also applied where a service provider services the needs of a large number of individuals, such as a public utility, like electric power. Shops may be on residential streets, shopping streets with few or no houses or in a shopping mall. Shopping streets may be for pedestrians only. Sometimes a shopping street has a partial or full roof to protect customers from precipitation. Online retailing, a type of electronic commerce used for business-to-consumer (B2C) transactions and mail order, are forms of non-shop retailing. Shopping generally refers to the act of buying products. Sometimes this is done to obtain necessities such as food and clothing; sometimes it is done as a recreational activity. Recreational shopping often involves window shopping (just looking, not buying) and browsing and does not always result in a purchase.
Business 2 Employee
Business-to-employee (B2E) electronic commerce uses an intrabusiness network which allows companies to provide products and/or services to their employees. Typically, companies use B2E networks to automate employee-related corporate processes. Examples of B2E applications include: Online insurance policy management Corporate announcement dissemination Online supply requests Special employee offers Employee benefits reporting
just there to match consumers. and web-based communications. in which a consumer posts an item for sale and other consumers bid to purchase it. and the author might receive affiliate revenue from a successful sale. This kind of economic relationship is qualified as an inverted business type. high performance computer. and suppliers respond to them. etc. Sources Sought. The advent of the C2B scheme is due to major changes: Connecting a large group of people to a bidirectional network has made this sort of commercial relationship possible. B2G networks provide a platform for businesses to bid on government opportunities which are presented as solicitations in the form of RFPs in a reverse auction fashion.through integrated marketing communications techniques such as strategic public relations. Decreased cost of technology : Individuals now have access to technologies that were once only available to large companies ( digital printing and acquisition technology. RFI's. A common example is the online auction. marcom. advertising. Public sector organizations (PSO's) post tenders in the form of RFP's. Consumer-to-consumer (C2C) marketing is the creation of a product or service with the specific promotional strategy being for consumers to share that product or service with others as brand advocates based on the value of the product. The sites are only intermediaries.including federal. branding. California's MAS Multiple Award Schedule will recognize the federal government contract holder's prices on a GSA General Services Administration Schedule). It refers to transaction between enterprises (product sellers or any other workers) and professional managers. RFQ's. These can be state.Business 2 Government Business-to-government (B2G) is a derivative of B2B marketing and often referred to as a market definition of "public sector marketing" which encompasses marketing products and services to various government levels . . Business 2 Manager Business-to-Manager or B2M is a new mode of E-business. the third party generally charges a flat fee or commission. We can see this example in blogs or internet forums where the author offers a link back to an online business facilitating the purchase of some product (like a book on Amazon. Government agencies typically have pre-negotiated standing contracts vetting the vendors/suppliers and their products and services for set prices. B2M schema consists of finding out the information on the net and earning commission by providing services for enterprises. local or federal contracts and some may be grandfathered in by other entities (ie.com). This business model is a complete reversal of traditional business model where companies offer goods and services to consumers (business-to-consumer = B2C). state and local . Consumer 2 Business Consumer-to-business (C2B) is an electronic commerce business model in which consumers (individuals) offer products and services to companies and the companies pay them. They do not have to check quality of the products being offered. powerful software) Consumer 2 Consumer Consumer-to-consumer (C2C) (or citizen-to-citizen) electronic commerce involves the electronically facilitated transactions between consumers through some third party. The large traditional media outlets are one direction relationship whereas the internet is bidirectional one. There are multiple social platforms dedicated to this vertical market and they have risen in popularity with the onset of the ARRA/Stimulus Program and increased government funds available to commercial entities for both grants and contracts.
along with G2C. departments. training and learning opportunities and civil rights laws. in contrast to the traditional client–server model where only servers supply (send). Government 2 Government Government-to-Government (abbreviated G2G) is the online non-commercial interaction between Government organizations.The investment into concepting and developing a top of the line product or service that consumers are actively looking for is equatable to a Business-to-consumer (B2C) pre launch product awareness marketing spend. and the UK NHS Connecting for Health Data SPINE. Its use is common in the UK. G2G systems generally come in one of two types: Internal facing . equipotent participants in the application. and local levels. G2E is one out of the four primary delivery models of e-Government. or Government-to-Business networks. rather than private individuals (G2C). directly available to other network participants. G2E services also includes software for maintaining personnel information and records of employees. Peers are equally privileged. and G2B the online non-commercial interaction of local and central Government and the commercial business sector. G2E is an effective way to provide E-learning to the employees. Government 2 Citizen Government-to-Citizen (abbreviated G2C) is the communication link between a government and private individuals or residents. developed to meet the requirements of the Schengen Agreement. External facing . and clients consume (receive). disk storage or network bandwidth. without the need for central coordination by servers or stable hosts. Such G2C communication most often refers to that which takes place through Information and Communication Technologies (ICTs). and authorities and other Government organisations. G2C can take place at the federal. with the purpose of providing businesses information and advice on e-business 'best practices'. state. organisations and authorities . Peer 2 Peer Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are both suppliers and consumers of resources. such as processing power. bring them together and to promote knowledge sharing among them. They are said to form a peer-topeer network of nodes. It also gives employees the possibility of accessing information in regard to compensation and benefit policies. Government 2 Employee Government-to-employees (abbreviated G2E) is the online interactions through instantaneous communication tools between government units and their employees.joining up a single Governments departments. and authorities. departments.an example would include the integration aspect of the Schengen Information System (SIS). Peers make a portion of their resources. the online non-commercial interaction of local and central Government and private individuals. but can also include direct mail and media campaigns.examples include the integration aspect of the Government Gateway. Government 2 Business Government-to-Business (abbreviated G2B) is the online non-commercial interaction between local and central government and the commercial business sector. G2C stands in contrast to G2B. agencies. .joining up multiple Governments IS systems .
a direct communication link from one computer to another. specifying that "in EDI. document format. Point-to-Point ." It distinguishes mere electronic communication or data exchange. the usual processing of received messages is by computer only. for instance.stands for Value Added Network.the standard agreed upon format for the document to be electronically transmitted. In such context. the faster the communications will be.The peer-to-peer application structure was popularized by file sharing systems like Napster. Standard Document Format . Communications Software . Trade Agreement .software used to convert the document your application's format into the agreed upon standard format. One network can act as a gateway to another. from one computer system to another without human intervention. and software used to interpret the documents.a programming tool that enables you to write communications protocols. the transmission of binary or textual data is not EDI as defined here unless the data are treated as one or more data elements of an EDI message and are not normally intended for human interpretation as part of online data processing. Human intervention in the processing of a received message is typically intended only for error conditions. For example. and for special situations. Peer-to-peer networking is not restricted to technology.e. It is more than mere e-mail. but covers also social processes with a peer-to-peer dynamic. VAN ." EDI can be formally defined as the transfer of structured data.a legally binding trade agreement between you and your trading partner. The formatted data representing the documents may be transmitted from originator to recipient via telecommunications or physically transported on electronic storage media. . For optimum performance the translation software should be on the same platform as your business application. including the transmission. the National Institute of Standards and Technology defined electronic data interchange as "the computer-tocomputer interchange of strictly formatted messages that represent documents other than monetary instruments. Trading partners may opt for this method of communication instead of using a VAN. Modem . EDI Translation Management Software . from one trading partner to another trading partner without human intervention. either internal or external. It also refers specifically to a family of standards. organizations might replace bills of lading and even cheques with appropriate EDI messages. EDI is considered to describe the rigorously standardized format of electronic documents. The concept has inspired new structures and philosophies in many areas of human interaction. or a separate application. It can be a module to the translator or a separate software application. for quality review. In 1996. The higher the baud rate. i. message flow. EDI is very useful in supply chain. by agreed message standards. Some trading partners offer a direct connection to their EDI computer. *Electronic Data Interchange (EDI)* Electronic data interchange (EDI) is the structured transmission of data between organizations by electronic means. A network to which you can connect to transmit data from one computer systems to another. EDI implies a sequence of messages between two parties. Components of EDI The following components and tools are necessary for performing EDI. Note that there is a perception that "EDI" constitutes the entire electronic data interchange paradigm. It is used to transfer electronic documents or business data from one computer system to another computer system. social peer-to-peer processes are currently emerging throughout society. either of whom may serve as originator or recipient.a hardware device used to transmit electronic information between computer systems. EDI is considered to be a technical representation of a business conversation between two entities.
VANs provide a number of additional services. o industry group consortia. The EDIFACT standard provides: a set of syntax rules to structure data an interactive exchange protocol (I-EDI) standard messages which allow multi-country and multi-industry exchange Specifications Organizations that send or receive documents between each other are referred to as "trading partners" in EDI terminology. examine the 'from' and the 'to' information. VANs also provide an advantage with certificate replacement in AS2 transmissions. messages may need extra envelopes or may be routed using intelligent VANs which are able to read the EDI message itself. and route the transaction to the final recipient. retransmitting documents. o a large company interacting with its suppliers/vendors. While the standards are analogous to building codes. the specifications are analogous to blue prints. The trading partners agree on the specific information to be transmitted and how it should be used. they may create separate EDI guidelines for each branch/division." but the term mapping is typically reserved for specific machine-readable instructions given to the translation software. and handling telecommunications support.UN/EDIFACT standard United Nations/Electronic Data Interchange For Administration. For other large companies. Value-added networks are the go-between in EDI communications. Commerce and Transport (UN/EDIFACT) is the international EDI standard developed under the United Nations. The VAN is responsible for routing. Interpreting data EDI translation software provides the interface between internal systems and the EDI format sent/received. a VAN (value-added network) acts as a regional post office. This is done in human readable specifications (also called Message Implementation Guidelines). Because each node in a traditionally business-related AS2 transmission usually involves a security certificate. acting as a gateway for different transmission methods.) Larger trading "hubs" have existing Message Implementation Guidelines which mirror their business processes for processing EDI and they are usually unwilling to modify their EDI business practices to meet the needs of their trading partners. Healthcare clearinghouses perform many of the same functions as a VAN. routing a large number of partners through a VAN can make certificate replacement much easier. in the Finance Domain working group UN CEFACT TBG5. Because of these and other services VANs provide. (The specification may also be called a "mapping. They receive transactions.g. providing third party audit information. Value-added networks In the most basic form. businesses frequently use a VAN even when both trading partners are using Internet-based protocols. VANs may be operated by various entities: o telecom companies. storing and delivering EDI messages. The work of maintenance and further development of this standard is done through the United Nations Centre for Trade Facilitation and Electronic Business (UN/CEFACT) under the UN Economic Commission for Europe. Often in a large company these EDI guidelines will be written to be generic enough to be used by different branches or divisions and therefore will contain information not needed for a particular business document exchange. e. EDIFACT has been adopted by the International Organization for Standardization (ISO) as the ISO standard ISO 9735. but have additional legal restrictions that govern. . They also provide delivery reports Depending on the VAN type.
The final step is to import the transformed file (or database) into the company's back-end enterprise resource planning (ERP) system. One very important advantage of EDI over paper documents is the speed in which the trading partner receives and incorporates the information into their system thus greatly reducing cycle times. For an "inbound" document the EDI solution will receive the file (either via a Value Added Network or directly using protocols such as FTP or AS2). faxes. meetings. This can be accomplished by using a custom program. The audit ensures that any transaction (which in reality is a business document) can be tracked to ensure that they are not lost. not the direction of merchandise. For example. if the Purchase Order is "lost" anywhere in the business process. validate that the trading partner who is sending the file is a valid trading partner. If you anticipate multiple documents or trading partners.In EDI terminology "inbound" and "outbound" refer to the direction of transmission of an EDI document in relation to a particular system. The final price you pay depends upon several things: The Expected Volume of Electronic Documents. Costs of EDI Prices for EDI applications vary from free (for very simple one-function products) to several thousands of dollars for full-function applications. EDI can be an important component of just-in-time production systems. The next step is to convert/transform the file that the translator creates into a format that can be imported into a company's back-end business systems or ERP. It is an outbound document in relation to the manufacturer or dealer that transmitted the document. the effect is devastating to both businesses. but handle only a few documents and trading partners. etc. Advantages over paper systems EDI and other similar technologies save company’s money by providing an alternative to. such as shipping and billing errors. e. Midrange EDI packages can be a little more expensive. Typically the translator will either create a file of either fixed length. because EDI eliminates the need to re-key documents on the destination side. reduced customer service and ultimately lowers profits. and that the individual fields of information conform to the agreed upon standards. printed shipping manifests. that the structure of the file meets the EDI standards. take the received EDI file (commonly referred to as a "mailbag"). The translation software will then "validate" the EDI file sent to ensure that it meets the standard agreed upon by the trading partners. convert the file into "EDI" format (adding in the appropriate identifiers and control structures) and send the file to the trading partner (using the appropriate communications protocol). distributing. Another advantage of EDI is reduced errors. . For the retailer. Generally speaking. transform the file to the appropriate format for the translator. variable length or XML tagged format or "print" the received EDI document (for nonintegrated EDI environments). an EDI document that tells a warehouse to perform an outbound shipment is an inbound document in relation to the warehouse computer system. PC products cost less. Even when paper documents are maintained in parallel with EDI exchange. they do not fulfill the order as they have not received it thereby losing business and damaging the business relationship with their retail client. For an "outbound" document the process for integrated EDI is to export a file (or read a database) from a company's back-end ERP. a midrange EDI system is a much better choice. money or other things represented by the document. Another critical component of any EDI translation software is a complete "audit" of all the steps to move business documents between trading partners. For this reason. or replacing information flows that require a great deal of human interaction and materials such as paper documents. an integrated proprietary "mapper" or to use an integrated standard based graphical "mapper" using a standard data transformation language such as XSLT. To the supplier. they have a stock outage and the effect is lost sales.g. and searching paper documents. but handle a much larger volume of EDI. electronic exchange and the use of data from that exchange reduces the handling costs of sorting. organizing. EDI and similar technologies allow a company to take advantage of the benefits of storing and manipulating data electronically without the cost of manual entry. In case of a retailer sending a Purchase Order to a supplier.
For other businesses. Some also bill you for connect time.O. Some base billing on the document (25 cents per document transmitted). the more time it takes to get into production mode. The VANs bill you for transmitting data similar to making a long distance phone call. Many view EDI from the technical perspective that EDI is a data format. For example. . Existing business processes built around slow paper handling may not be suited for EDI and would require changes to accommodate automated processing of business documents. With EDI. standards updates. The preliminary expenses and time that arise from the implementation. but as your EDI needs grow. If your time frame is tight. the implementation of an integrated EDI solution may be necessary as increases in trading volumes brought on by EDI force them to re-implement their order processing business processes. Another significant barrier is the cost in time and money in the initial set-up. and customer service. The Amplitude of EDI Translation Software . Fees vary from Software Company to Software Company. For example. Some applications are easier to learn and use than others. For a business that only receives one P. technical support. you can expect the following ongoing charges: Maintenance Fees. but you'll avoid purchasing overlays and maps in the future. This fee should include software updates. and integrating the data from those documents into the company's internal systems. hidden costs (such as having to purchase new transaction sets) suddenly appear. Barriers to implementation There are a few barriers to adopting electronic data interchange. businesses may implement inexpensive "rip and read" solutions or use outsourced EDI solutions provided by EDI "Service Bureaus". fully integrated EDI may not make economic sense. look for a translator that doesn't require training before implementation. Most VANs charge a monthly fee for maintaining a mailbox on their network. The existing process may therefore assume that goods are typically received before the invoice. You may pay more for a program with an integrated mapper. VAN Charges. The more time you spend in training. it would be more accurate to take the business view that EDI is a system for exchanging business documents with external entities. One of the most significant barriers is the accompanying business process change. customization and training can be costly and therefore may discourage some businesses. The key is to determine what method of integration is right for the company which will determine the cost of implementation. Successful implementations of EDI take into account the effect externally generated information will have on their internal systems and validate the business information received. The key hindrance to a successful implementation of EDI is the perception many businesses have of the nature of EDI. Some products look like a bargain. a business may receive the bulk of their goods by 1 or 2 day shipping and all of their invoices by mail. Others charge based upon the number of characters in each document. Ignoring the hidden costs mentioned above. allowing a supplier to update a retailer's Accounts Payables system without appropriate checks and balances would be a recipe for disaster. Increased efficiency and cost savings drive the adoption of EDI for most trading partners. Mailbox Costs. Most companies charge an annual maintenance fee that is usually a percentage of the translator's list price. Businesses new to the implementation of EDI should take pains to avoid such pitfalls. the invoice will typically be sent when the goods ship and will therefore require a process that handles large numbers of invoices whose corresponding goods have not yet been received. Implementation Time. A fast modem helps to lower transmission costs. In this case. per year from a client.
and other media related to its topic.The first FTP client applications were interactive command-line tools. Blog can also be used as a verb. When instructed. or "aggregator". and instead subscribe to websites such that all new content is pushed onto their browsers when it becomes available. A typical scenario of web feed use is: a content provider publishes a feed link on their site which end users can register with an aggregator program (also called a feed reader or a news reader) running on their own machines. Web Feed A web feed (or news feed) is a data format used for providing users with frequently updated content. thereby allowing users to subscribe to it. and links to other blogs. They benefit readers who want to subscribe to timely updates from favored websites or to aggregate feeds from many sites into one place. although they may appear to push content to the user. Aggregators can be scheduled to check for new content periodically. and provides a user interface to monitor and read the feeds. Web feeds are an example of pull technology. they only include summaries in the web feed rather than the full content itself. A web feed is also sometimes referred to as a syndicated feed. often dubbed Really Simple Syndication) is a family of web feed formats used to publish frequently updated works—such as blog entries. or mobile-device-based. others function as more personal online diaries. A typical blog combines text. Most blogs are interactive. The user subscribes to a feed by entering into the reader the feed's URI or by clicking a feed icon in a web browser that initiates the subscription process. Entries are commonly displayed in reverse-chronological order. which can be web-based. An RSS document (which is called a "feed". The ability of readers to leave comments in an interactive format is an important part of many blogs. the aggregator either makes a note of the new content or downloads it. BLOG A blog (a blend of the term web log) is a type of website or part of a website. RSS feeds can be read using software called an "RSS reader". images. RSS allows users to avoid manually inspecting all of the websites they are interested in. downloads any updates that it finds. Content distributors syndicate a web feed. audio. "web feed". A standardized XML file format allows the information to be published once and viewed by many different programs. or "channel") includes full or summarized text. implementing standard commands and syntax. plus metadata such as publishing dates and authorship. The RSS reader checks the user's subscribed feeds regularly for new work. Often when websites provide web feeds to notify users of content updates. Most blogs are primarily textual. the aggregator asks all the servers in its feed list if they have new content. RSS RSS (originally RDF (Resource Description Framework) Site Summary. news headlines. desktop-based. which is performed by an aggregator. allowing visitors to leave comments and even message each other via widgets on the blogs and it is this interactivity that distinguishes them from other static websites. Graphical user interface clients have since been developed for many of the popular desktop operating systems in use today. RSS feeds benefit publishers by letting them syndicate content automatically. Blogs are usually maintained by an individual with regular entries of commentary. descriptions of events. doing this is usually as simple as dragging the link from the web browser to the aggregator. if so. The kinds of content delivered by a web feed are typically HTML (webpage content) or links to webpages and other kinds of digital media. "feed reader". and video—in a standardized format. Many blogs provide commentary on a particular subject. Making a collection of web feeds accessible in one spot is known as aggregation. although . Web pages. or other material such as graphics or video. meaning to maintain or add content to a blog.
such as direct download. check it for updates. The mode of delivery differentiates pod casting from other means of accessing media files over the Internet. photographs (photoblog). They cannot be programmed. featuring very short posts. and cannot install malware on the host computer. giving simple and convenient access to episodic content. Commonly used audio file formats are Ogg Vorbis and MP3. This process can be automated so that new files are downloaded automatically. Cookies can also be stolen by hackers to gain access to a victim's web account. It may host multiple private websites and constitute an important component and focal point of internal communication and collaboration. videos (video blogging or vlogging).some focus on art (art blog). cannot carry viruses. The term is used in contrast to internet. *Intranet* An intranet is a computer network that uses Internet Protocol technology to securely share any part of an organization's information or network operating system within that organization. Internet technologies are often deployed to provide modern interfaces to legacy information systems hosting corporate data. Extranets extend a private network onto the Internet with special provisions for authentication. Any of the well known Internet protocols may be found in an intranet. along with shared clients. they can be used by spyware to track user's browsing activities – a major privacy concern that prompted European and US law makers to take action. which uses a live stream). SMTP (e-mail). music (MP3 blog). An intranet can be understood as a private analog of the Internet. or streamed web casting. While intranets are generally restricted to employees of the organization. However. but may be a more extensive part of the organization's information technology infrastructure. a network between organizations. or anything else that can be accomplished through storing text data. authorization and accounting (AAA protocol). this is closer to traditional publishing models associated with books and magazines (as opposed to radio. and instead refers to a network within an organization. and download any new files in the series. or other approved parties. The state information can be used for authentication. such as the Internet. extranets may also be accessed by customers. identification of a user session. or as a private extension of the Internet confined to an organization. suppliers. Pod casting A podcast (or non-streamed web cast) is a series of digital media files (either audio or video) that are released episodically and often downloaded through web syndication. The user's text is conveyed over a network. The word replaced webcast in common use with the success of the iPod and its role in the rising popularity and innovation of web feeds. is used for an origin website to send state information to a user's browser and for the browser to return the state information to the origin site. and the listener or viewer employs special client application software known as a pod catcher that can access this web feed. A list of all the audio or video files currently associated with a given series is maintained centrally on the distributor's server as a web feed. shopping cart contents. Instant Messaging (IM) Instant messaging (IM) is a form of real-time direct text-based chatting communication in push mode between two or more people using personal computers or other devices. Intranets have also contrasted with extranets. Files are stored locally on the user's computer or other device ready for offline use. and audio (podcasting). More advanced instant messaging software clients also allow enhanced modes of communication. also known as an HTTP cookie. Cookies are not software. Sometimes the term refers only to the organization's internal website. such as HTTP (web services). web cookie. user's preferences. and FTP (file transfer protocol). Cookies A cookie. Microblogging is another type of blogging. In many respects. . such as live voice or video calling and inclusion of links to media. or browser cookie.
e. Most commonly. or some combination of these. can be accessed using common Internet . intranets are useful to communicate strategic initiatives that have a global reach throughout the organization. anytime and . and with confidence that they have the right information. more accurately. Examples include: employee manuals. A great real world example of where an intranet helped a company communicate is when Nestle had a number of food processing plants in Scandinavia. They have the ability to screen messages coming and going keeping security intact. productivity. and technology teams work together to produce in-house sites.from anywhere within the company workstations. collaboration (to facilitate working in groups and teleconferencing) or sophisticated corporate directories. they quickly realized the savings.. such as 192. For example. that part becomes part of an extranet. intranets are managed by the communications. It also helps to improve the services provided to the users. intranets are being used to deliver tools and applications. Uses Increasingly. using special encryption/decryption and other security safeguards to connect one part of their intranet to another.. however. Intranets and their use are growing rapidly. From a communications standpoint. to advance productivity. The type of information that can easily be conveyed is the purpose of the initiative and what the initiative is aiming to achieve. editorial.. news feeds. intranets are protected from unauthorized external access by means of a network gateway and firewall.*. website traffic is often similar to public website traffic and can be better understood by using web metrics software to track overall activity. increasing employees' ability to perform their jobs faster. intranets of many organizations are much more complex than their respective public websites. With the help of a web browser interface. vertically and horizontally.168. Employees may link to relevant information at their convenience. Intranet user-experience.*. Other security measures may be used. Intranets are also being used as corporate culture-change platforms. intranets may be created simply by using private IP ranges.In many organizations. Businesses can send private messages through the public network. and even training. When part of an intranet is made accessible to customers and others outside the business. who is driving the initiative. benefits documents. For smaller companies. and who to speak to for more information. In these cases. and or blogs. results achieved to date. When Nestle decided to invest in an intranet. Time: Intranets allow organizations to distribute information to employees on an as-needed basis. HR or CIO departments of large organizations. company policies. Communication: Intranets can serve as powerful tools for communication within an organization. business standards. Larger businesses allow users within their intranet to access public internet through firewall servers. Because of the scope and variety of content and the number of system interfaces. users can access data held in any database the organization wants to make available. Web publishing allows cumbersome corporate knowledge to be maintained and easily accessed throughout the company using hypermedia and Web technologies. such as user authentication and encryption. Benefits Workforce productivity: Intranets can help users to locate and view information faster and use applications relevant to their roles and responsibilities. companies may provide access to off-site employees by using a virtual private network. sales and customer relationship management tools. Some examples of communication would be chat. In large intranets.g. User surveys also improve intranet website effectiveness. staff have the opportunity to keep upto-date with the strategic focus of the organization. project management etc. Their central support system had to deal with a number of queries every day. rather than being distracted indiscriminately by electronic mail. By providing this information on the intranet.subject to security provisions . and other corporate issues. email. the intranet can only be directly accessed from a computer in the local network. quality. large numbers of employees discussing key issues in an intranet forum application could lead to new ideas in management.
laws. Since Intranets are user-specific (requiring database/network authentication prior to access). which enables teamwork. Business requirements analysis. and UNIX. . However organizations are now starting to think of how their intranets can become a 'communication hub' for their team by using companies specializing in 'socializing' intranets. in turn. the most recent version is usually available to employees using the intranet. Planning and creation Most organizations devote considerable resources into the planning and implementation of their intranet as it is of strategic importance to the organization's success. may allow Intranet developers to write applications that only have to work on one browser (no cross-browser compatibility issues). including through benchmarking against other intranets. page layouts. Flash files. Essentially they are a shared drive. Intranets are often static sites. CGI applications). Being able to specifically address your "viewer" is a great advantage. information architecture. Built for one audience: Many companies dictate computer specifications which. This can potentially save the business money on printing. on-line forms) desired Is the input of new data and updating of existing data to be centrally controlled or devolved These are in addition to the hardware and software decisions (like content management systems). for example a time keeping system. department) or individual ("Congratulations Jane. Some of the planning would include topics such as: The purpose and goals of the intranet Persons or departments responsible for implementation and management Functional plans. confidentiality). internal phone list and requisition forms. Promote common corporate culture: Every user has the ability to view the same information within the Intranet. you know exactly who you are interfacing with and can personalize your Intranet based on role (job title. Supports a distributed computing architecture : The intranet can also be linked to a company’s management information system. Installation of web server and user access network. on your 3rd year with our company!"). harassment. Cost-effective: Users can view information and data via web-browser rather than maintaining physical documents such as procedure manuals. standards (Acrobat files. and parameters can change. Creation of document framework for the content to be hosted. Identify users' information needs. Immediate updates: When dealing with the public in any capacity. Because each business unit can update the online copy of a document. Cross-platform capability: Standards-compliant web browsers are available for Windows. and features to be supported. serving up centrally stored documents alongside internal articles or communications (often one-way communication). Installing required user applications on computers. and the environment as well as document maintenance overhead. duplicating documents. Mac. wikis. design Implementation schedules and phase-out of existing systems Defining and implementing security of the intranet How to ensure it is within legal boundaries and other constraints Level of interactivity (e. Ongoing measurement and evaluation. The actual implementation would include steps such as: Securing senior management support and funding. specifications. Enhance collaboration: Information is easily accessible by all authorized users. participation issues (like good taste.g. Business operations and management: Intranets are also being used as a platform for developing and deploying applications to support business operations and decisions across the internet worked enterprise. Intranets make it possible to provide your audience with "live" changes so they are kept up-to-date. User involvement in testing and promoting use of intranet. which can limit a company's liability.
where "registered users" can navigate. RFC 4364 states "If all the sites in a VPN are owned by the same enterprise. the term "site" refers to a distinct networked environment. In contrast." Thus. for specific business or educational purposes. but rather simply an authentication mechanism to a web server. a small company in a single building can have an "intranet. the VPN is a corporate intranet. when we use the term VPN we will not be distinguishing between intranets and extranets. It has also been described as a "state of mind" in which the Internet is perceived as a way to do business with a selected set of other companies (business-to-business. One of the differences that characterize an extranet. social networking can be done through a forum for users to indicate what they want and what they do not like. in an intranet and several extranets. but managed by more than one company's administrator(s). customers. Similarly. The term "site" does not mean "website. *Extranet* An extranet is a computer network that allows controlled access from the outside. military networks of different security levels may map onto a common military radio transmission system that never connects to the Internet. With respect to Internet Protocol networks. Even if this argument is valid. in isolation from all other Internet users. or other companies.Another useful component in an intranet structure might be key personnel committed to maintaining the Intranet and keeping content current. usually partners. and suppliers. An extranet requires network security. B2B). Any private network mapped onto a public one is a virtual private network (VPN). server management. A site can be in more than one VPN. For decades. Advantages Exchange large volumes of data using Electronic Data Interchange (EDI) Share product catalogs exclusively with trade partners Collaborate with other companies on joint development efforts Jointly develop and use training programs with other companies . enabled by authentication mechanisms on a "login page". If the various sites in a VPN are owned by different enterprises. For feedback on the intranet. In this sense." In the quote above from RFC 4364. for smaller." but to have a VPN. These can include firewalls. however. they would need to provide tunneled access to that network for geographically distributed employees. often using special security protocols. geographically united organizations. the VPN is an extranet. communicating with previously unknown consumer users. Two sites connected to each other across the public Internet backbone comprise a VPN. Such access does not involve tunneling. An extranet is like a DMZ in that it provides access to needed services for channel partners. the term "extranet" is still applied and can be used to eliminate the use of the above description. an "extranet" designates the "private part" of a website. An extranet can be viewed as an extension of a company's intranet that is extended to users outside the company. business-to-consumer (B2C) models involve known servers of one or more companies. and the use of virtual private networks (VPNs) that tunnel through the public network. e. without granting access to an organization's entire network. We regard both intranets and extranets as VPNs. "extranet" is a useful term to describe selective access to intranet systems granted to suppliers. is that its interconnections are over a shared network rather than through dedicated physical lines. For example.. institutions have been interconnecting to each other to create private networks for sharing information. encryption of messages. In general.g. Relationship to an intranet An extranet can be understood as an intranet mapped onto the public Internet or some other transmission system not accessible to the general public. vendors. the issuance and use of digital certificates or similar means of user authentication.
software. Provide or access services provided by one company to a group of other companies. .g. employee training costs). Security of extranets can be a concern when hosting valuable or proprietary information. such as an online banking application managed by one company on behalf of affiliated banks Disadvantages Extranets can be expensive to implement and maintain within an organization (e.. if hosted internally rather than by an application service provider. hardware.
and Canada must be able to handle EAN13 bar codes so that international manufacturers do not have to worry about printing a different bar code for their products destined for North America. Compare the original UPC-A symbol (top) to the EAN-13 symbol (bottom): . would be "0075678164125". which is essentially a country code. but now renamed International Article Number even though the abbreviation EAN has been retained) is a 13 digit (12 data and 1 check) barcoding standard which is a superset of the original 12-digit Universal Product Code (UPC) system developed in the United States.*E-commerce Indentification and Tracking Tools* European Article Number (EAN) An EAN-13 barcode (originally European Article Number. The EAN-13 barcode is defined by the standards organization GS1. As already mentioned. take the UPC-A code "075678164125". we just slapped a leading "0" in front. Otherwise your design will be restricted to the U. it is recommended that all new designs implement EAN-13 rather than UPC-A. expressed as an EAN-13 symbol. Bar code and EDI Supply information on the standards and the evolution of the system. Their main responsibilities are: Allocating Numbers Providing training on numbering. 2005. and the check digit is calculated in exactly the same way. Visually. regarding the encoding itself. the human-readable check digit is placed below the bar code instead of to the right of it. this guarantees compatibility with UPC-A but also will make your software/hardware appealing to the international community. technically speaking. all bar code systems in the U. As you can see. The only difference between EAN-13 and UPC-A is that the number system code in UPC-A is a single digit from 0 through 9 whereas an EAN-13 number system code consists of two digits ranging from 00 through 99. Each country has a numbering authority which assigns manufacturer codes to companies within its jurisdiction. This means that any software or hardware capable of reading an EAN-13 symbol will automatically be able to read an UPC-A symbol. EAN-13 is a superset of UPC-A. For example. NOTE: Since EAN-13 is a superset of UPC-A and requires very little additional effort to handle than an UPC-A code. Additionally. and Canada. This same code.S. A typical EAN-13 bar code looks something like this: The only difference between a UPC-A symbol and an EAN-13 symbol is that the number system code is 2-digits long in EAN-13 as opposed to 1 digit in UPC-A.S. the UCC Council has announced that as of January 1. but this does not make any difference. as is the product code. The manufacturer code is still five digits long. Presently one million member companies in the world are using EAN system through an international network of 96 member organizations representing 98 countries. NOTE: In reality. an UPC-A symbol is an EAN-13 symbol with the first number system digit set to 0.
or a host of other problems. 3) the product code. and the numbers below the bar code consist of two groups of 6 digits each. . All products produced by a given company will use the same manufacturer code.999 product codes-and many manufacturers don't have that many products. 2) The manufacturer code. Logically. there is no check digit to the right of the bar code. This results in more efficient use of the available manufacturer and product codes.At first glance." Assigning fixed-length 5-digit manufacturer codes. and 4) the check digit. the manufacturer need only make sure that they do not repeat their own product codes. leaving less space for the product code. In UPC-A there is a number to the left and right of the bar code (a 0 number system and a 5 check digit). and below the bar code are two groups of 5 digits each (the manufacturer code and the product code). Product Code: The product code is a unique code assigned by the manufacturer. EAN may issue it a longer manufacturer code. Check Digit: The check digit is an additional digit used to verify that a bar code has been scanned correctly. Number System: The number system consists of two digits (sometimes three digits) which identify the country (or economic region) numbering authority which assigned the manufacturer code. that is. as the UCC has done until recently. Any number system which starts with the digit 0 is a UPC-A bar code. the EAN-13 representation of a UPC-A symbol must be identical. Unlike the manufacturer code. look closely at the bar codes themselves. Normally the first number system digit is printed just to the left of the bar code. the bars and spaces themselves are identical in both UPC-A and EAN-13. Thus if a potential manufacturer knows that it is only going to produce a few products. Since the UCC will already have guaranteed that the manufacturer code is unique. EAN uses what is called "variable-length manufacturer codes. and the check digit is the last digit on the right-hand side below the bar code. the manufacturer code is the next five digits on the left-hand side below the bar code. The only difference is where the "human-readable" numbers are placed. print imperfections. if a UPC-A bar code is a subset of EAN-13. In the EAN-13 symbol. Since a scan can produce incorrect data due to inconsistent scanning speed. which means hundreds or even thousands of potential product codes are being wasted on manufacturers that only have a few products. the product code product code is the first five digits on the right-hand side below the bar code. the two bar codes look different. the manufacturer is free to assign product codes to each of their products without consulting any other organization. means that each manufacturer can have up to 99. As you can see. which must be assigned by the UCC. EAN Components An EAN-13 bar code is divided into four areas: 1) The number system. Manufacturer Code: The manufacturer code is a unique code assigned to each manufacturer by the numbering authority indicated by the number system code. the second number system digit is printed as the first character of the group of six numbers on the left-hand side below the bar code. look at the bars and spaces the make up the two bar codes. However.
The check digit is calculated based on the rest of the digits of the bar code. computer worms. . Typically. Spyware programs can collect various types of personal information. such as installing additional software and redirecting Web browser activity. even if only by consuming bandwidth. however. resulting in slow connection speeds. Viruses are sometimes confused with worms and Trojan horses. and can be difficult to detect. Some viruses and other malware have symptoms noticeable to the computer user. Trojan horses. Spyware Spyware is a type of malware that can be installed on computers. DVD. Normally. spywares such as keyloggers are installed by the owner of a shared. The presence of spyware is typically hidden from the user. may harm a computer system's data or performance. While the term spyware suggests software that secretly monitors the user's computing. most rootkits. A worm can exploit security vulnerabilities to spread itself automatically to other computers through networks. like viruses. or USB drive. This is due to security shortcomings on the target computer. different home pages. the functions of spyware extend well beyond simple monitoring. Worms and Trojan horses. spyware. for instance because a user sent it over a network or the Internet. or public computer on purpose in order to secretly monitor other users. or carried it on a removable medium such as a floppy disk.it is useful to verify that the rest of the data in the bar code has been correctly interpreted. corporate. such as Internet surfing habits and sites that have been visited. but can also interfere with user control of the computer in other ways. but many are surreptitious or simply do nothing to call attention to them. while a Trojan horse is a program that appears harmless but hides malicious functions. if the check digit is the same as the value of the check digit based on the data that has been scanned. Sometimes. including true viruses. Some viruses do nothing beyond reproducing themselves. CD. which uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. A true virus can spread from one computer to another (in some form of executable code) when its host is taken to the target computer. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer. Worms almost always cause at least some harm to the network. spyware is secretly installed on the user's personal computer. even those that do not have the reproductive ability. the term "computer virus" is sometimes used as a catch-all phrase to include all types of malware. whereas viruses almost always corrupt or modify files on a targeted computer. *Internet Bandwidth & Technology Issues* Virus A computer virus is a computer program that can replicate itself and spread from one computer to another. a more formal classification of its included software types is provided by the term privacy-invasive software. Worm A computer worm is a self-replicating malware computer program. and which collects small pieces of information about users without their knowledge. it does not need to attach itself to an existing program. including but not limited to adware and spyware programs that do not have the reproductive ability. The term "virus" is also commonly but erroneously used to refer to other types of malware. Spyware is known to change computer settings. Malware includes computer viruses. In an attempt to increase the understanding of spyware. dishonest adware and other malicious and unwanted software. Unlike a computer virus. and/or loss of Internet connection or functionality of other programs. As stated above. there is a high level of confidence that the bar code was scanned correctly. which are technically different.
crimeware. Operations that could be performed by a hacker on a target computer system include: Use of the machine as part of a botnet (e. software that has a legitimate purpose but contains harmful bugs. Trojan horses do not replicate themselves. Malware Malware. Running antispyware software has become a widely recognized element of computer security practices for computers. such as McAfee may call malware "potentially unwanted programs" or "PUP".g. they are rarely used in . or because of the challenge. worms. Unlike viruses. especially those running Microsoft Windows. spyware. A number of jurisdictions have passed anti-spyware laws. While other uses of the word hacker exist that are not related to computer security. is software that appears to perform a desirable function for the user prior to run or install. retrieving passwords or credit card information) Installation of software. but (perhaps in addition to the expected function) steals information or harms the system. Once a Trojan has been installed on a target computer system. One of the most insidious types of Trojan horse is a program that claims to rid a computer of viruses but instead introduces viruses onto the computer. limited by user privileges on the target computer system and the design of the Trojan. The expression is a general term used by computer professionals to mean a variety of forms of hostile. or annoying software or program code. malware is disguised as genuine software. a hacker is someone who breaks into computers and computer networks. Malware is not the same as defective software. active content. most rootkits. Sometimes. Though a computer virus is malware that can reproduce itself. including profit.In response to the emergence of spyware. that is.g. Hackers may be motivated by a multitude of reasons. The term is derived from the Trojan Horse story in Greek mythology. Software is considered to be malware based on the perceived intent of the creator rather than any particular features. and other software) designed to disrupt or deny operation. Trojan Horse A Trojan horse. Trojan may allow a hacker remote access to a target computer system. a small industry has sprung up dealing in anti-spyware software. to perform automated spamming or to distribute Denial-of-service attacks) Data theft (e. Trojan horses. including third-party malware Downloading or uploading of files on the user's computer Modification or deletion of files Keystroke logging Watching the user's screen Crashing the computer Anonymizing internet viewing Hacking In computer security and everyday language. and may come from an official site. scripts. protest. and other malicious and unwanted software or program. Therefore. scareware. consists of programming (code. which usually target any software that is surreptitiously installed to control a user's computer. a hacker may have access to the computer remotely and perform various operations. gain unauthorized access to system resources. intrusive. Malware includes computer viruses. or Trojan. some security programs. dishonest adware. and other abusive behavior. gather information that leads to loss of privacy or exploitation. the term is often used erroneously to refer to the entire category. but they can be just as destructive. short for malicious software. The subculture that has evolved around hackers is often referred to as the computer underground but it is now an open community.
Phishing is an example of social engineering techniques used to deceive users. Many routers that pass data between networks contain firewall components and. The file extension was hidden by default. computer science. But the hook inside it takes the complete fish out of the lake. Upon opening the attachment. in which case their financial information and passwords may then be stolen. Modern cryptography intersects the disciplines of mathematics.mainstream context. thus. C for confidentiality. and technical security measures. Phishing Phishing is a way of attempting to acquire sensitive information such as usernames. computer passwords. and exploits the poor usability of current web security technologies. passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Cryptography is a framework of methodologies used to ensure the CIA triad for our information. Applications of cryptography include ATM cards. the worm sent a copy of itself to everyone in the Windows Address Book and with the user's sender address. 2000 with the simple subject of "ILOVEYOU" and an attachment "LOVE-LETTER-FORYOU. Some white hat hackers claim that they also deserve the title hacker. The term is a variant of fishing.". Many personal computer operating systems include software-based firewalls to protect against threats from the public Internet. user training. leading unsuspecting users to think it was a normal text file. and the first recorded use of the term "phishing" was made in 1996. many firewalls can perform basic routing functions. not making a difference between computer criminals ("black hats") and computer security experts ("white hats"). *Cryptography* Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries). data integrity. More generally. and electronic commerce. Phishing is typically carried out by e-mail spoofing or instant messaging. and that only black hats should be called crackers. also known as Love Letter. and alludes to "baits" used in hopes that the potential victim will "bite" by clicking a malicious link or opening a malicious attachment. Firewall A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass. the term hacker is reclaimed by computer programmers who argue that someone breaking into computers is better called a cracker. is a computer worm that successfully attacked tens of millions of computers in 2000 when it was sent as an attachment to a user with the text "ILOVEYOU" in the subject line. The worm arrived email on and after May 4. and authentication. It also made a number of malicious changes to the user's system. Attempts to deal with the growing number of reported phishing incidents include legislation. I for Integrity and A for authenticity. A phishing technique was described in detail in 1987. public awareness. auction sites. . and electrical engineering. online payment processors or IT administrators are commonly used to lure the unsuspecting public. Communications purporting to be from popular social web sites. They are subject to the long standing hacker definition controversy about the true meaning of the term hacker. probably influenced by phreaking. and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. conversely. pretending to be a genuine food for fish. This is similar to Fishing. where the fisherman puts a bait at the hook. In this controversy. ILoveYou ILOVEYOU. it is about constructing and analyzing protocols that overcome the influence of adversaries and which are related to various aspects in information security such as data confidentiality.
each pair will use two keys one of them is public for others and a private key for himself.e. Simple versions of either have never offered much confidentiality from enterprising opponents.. computers have also assisted cryptanalysis. to achieve a secure communication between N points. Modern Cryptography The development of digital computers and electronics after WWII made possible much more complex ciphers. the conversion of information from a readable state to apparent nonsense. The main classical cipher types are transposition ciphers. Asymmetric key encryption is up to 1000 times slower than symmetric key encryption. unlike classical and mechanical schemes. letters and digits) directly. it could be implemented manually. There exist information-theoretically secure schemes that provably cannot be broken—an example is the one-time pad—but these schemes are more difficult to implement than the theoretically breakable but computationally secure mechanisms. Furthermore. making such algorithms hard to break by an adversary. Cryptology prior to the modern age was almost synonymous with encryption. both the communicating parties needs to know about the keys before proceeding into the communication. which generally manipulate traditional characters (i. which systematically replace letters or groups of letters with other letters or groups of letters (e. required actual cryptography. good modern ciphers have stayed ahead of cryptanalysis. or literate opponents. less commonly. 'hello world' becomes 'ehlol owrdl' in a trivially simple rearrangement scheme).e. Asymmetric key encryption systems are incredibly complex. in which their keys are different. mechanically or even electronically. Computer use has thus supplanted linguistic cryptography.. Symmetric key encryption suffers from scalability issues. but related in an easily computable way).g. fast and requiring few resources. the sender will use a key to encrypt the message and the receiver will use a different key to decrypt the message . the methods used to carry out cryptology have become increasingly complex and its application more widespread. More literacy.. and substitution ciphers. Classic cryptography The earliest forms of secret writing required little more than local pen and paper analogs. Many computer ciphers can be characterized by their operation on binary bit sequences (sometimes in groups or blocks). computers allowed for the encryption of any kind of data representable in any binary format. and that complexity will surely impact the performance. Types of Cryptography Symmetric-key cryptography refers to encryption methods in which both the sender and receiver share the same key (or. The sender retained the ability to decrypt the information and therefore avoid unwanted persons being able to read it. because. in case we have a bidirectional communication . unlike classical ciphers which only encrypted written language texts.g. However. we will need to generate (N (N-1))/2 different keys. and designs cryptographic algorithms around computational hardness assumptions. and vastly larger than that required for any classical cipher. which rearrange the order of letters in a message (e. Since World War I and the advent of the computer. this was new and significant. Asymmetric cryptography . 'fly at once' becomes 'gmz bu podf' by replacing each letter with the one following it in the Latin alphabet). while breaking it requires an effort many orders of magnitude larger. making cryptanalysis so inefficient and impractical as to be effectively impossible. such as memory or CPU capability). Various methods were used to adopt this purpose. which has compensated to some extent for increased cipher complexity. Such systems are not unbreakable in theory but it is infeasible to do so by any practical means. it is typically the case that use of a quality cipher is very efficient (i. Symmetric key encryption requires “out of band “secure exchange of keys. both for cipher design and cryptanalysis. as most people could not read.. . These schemes are therefore computationally secure. Modern cryptography follows a strongly scientific approach.Cryptography was known anciently as Encryption which means: Hiding the information from unauthorized entities. Nonetheless.
The number of keys required increases as the square of the number of network members. share a different key. . A significant disadvantage of symmetric ciphers is the key management necessary to use them securely. though a message or group of messages may have a different key than others. also presents a chicken-and-egg problem which is a considerable practical obstacle for cryptography users in the real world. The difficulty of securely establishing a secret key between two communicating parties. which very quickly requires complex key management schemes to keep them all straight and secret.Public key cryptography: Symmetric-key cryptosystems use the same key for encryption and decryption of a message. Each distinct pair of communicating parties must. ideally. when a secure channel does not already exist between them. and perhaps each cipher text exchanged as well.
in a chosenciphertext attack. Of course.g.. the cryptanalyst has access only to the ciphertext (good modern cryptosystems are usually effectively immune to ciphertextonly attacks). and of equal or greater length than the message. trying approximately half of the possible keys.g. but the amount of effort needed may be exponentially dependent on the key size. Schnorr signature. thus permitting its subversion or evasion. But this may not be enough assurance. Cryptoanalysis The goal of cryptanalysis is to find some weakness or insecurity in a cryptographic scheme. apart from the one-time pad.. as the distinction between primitives and cryptosystems is somewhat arbitrary. More complex cryptosystems include electronic cash systems.. A common distinction turns on what an attacker knows and what capabilities are available. called a cryptographic system. etc. most security properties of most cryptosystems were demonstrated using empirical techniques. There are a wide variety of cryptanalytic attacks. In a ciphertext-only attack. Some more 'theoretical' cryptosystems include interactive proof systems. systems for secret sharing. This means it must be shown that no efficient method (as opposed to the time-consuming brute force method) can be found to break the cipher.. chosen-plaintext attack (CPA) security in the random oracle model). signcryption systems.g.g. never reused. It is a common misconception that every encryption method can be broken. The most famous of these is integer factorization (e. In a known-plaintext attack.e. Since no such proof has been found to date. or cryptosystem. El-Gamal encryption. kept secret from all possible attackers. etc. cryptographically protected backup data). In many cases. Much public-key cryptanalysis concerns numerical algorithms for solving these computational . can be broken with enough computational effort by brute force attack. as compared to the effort needed to make use of the cipher. Public-key algorithms are based on the computational difficulty of various problems. used by the British during WWII. the cryptanalyst has access to a ciphertext and its corresponding plaintext (or to many such pairs). Cryptosystems use the properties of the underlying cryptographic primitives to support the system's security properties. provided the key material is truly random. the RSA algorithm is based on a problem related to integer factoring). Most ciphers. Some widely known cryptosystems include RSA encryption. to any adversary). Recently. Such cryptosystems are sometimes called cryptographic protocols.g. PGP. Claude Shannon proved that the one-time pad cipher is unbreakable. the cryptanalyst may choose a plaintext and learn its corresponding ciphertext (perhaps many times). in Shannon's terms) is beyond the ability of any adversary. public key encryption) while guaranteeing certain security properties (e.Cryptosystems One or more cryptographic primitives are often used to develop a more complex algorithm. the one-time-pad remains the only theoretically unbreakable cipher. El-Gamal encryption) are designed to provide particular functionality (e. etc. the cryptosystem's structure involves back and forth communication among two or more parties in space (e. In a chosen-plaintext attack. this has been generally called provable security. In such cases. and they can be classified in any of several ways. Finally. (like zero-knowledge proofs). but the discrete logarithm problem is also important. a sophisticated cryptosystem can be derived from a combination of several more primitive cryptosystems. effective security could be achieved if it is proven that the effort required (i. or using ad hoc reasoning.. The general idea of provable security is to give arguments about the computational difficulty needed to compromise some security aspect of the cryptosystem (i. there has been considerable effort to develop formal techniques for establishing the security of cryptosystems. "work factor".e. For example. In connection with his WWII work at Bell Labs. between the sender of a secure message and its receiver) or across time (e. Until recently.This is a considerable improvement on brute force attacks. to reach a point at which chances are better than even the key sought will have been found.g. a simple brute force attack against DES requires one known plaintext and 255 decryptions. Cryptosystems (e. the cryptanalyst may be able to choose ciphertexts and learn their corresponding plaintexts Cryptanalysis of symmetric-key ciphers typically involves looking for attacks against the block ciphers or stream ciphers that are more efficient than any attack that could be against a perfect cipher. a linear cryptanalysis attack against DES requires 243 known plaintexts and approximately 243 DES operations. an example is gardening.
at least for problems of more or less equivalent size. and other attacks against the personnel who work with cryptosystems or the messages they handle (e. If a cryptanalyst has access to. The most important aspect of integrity violation is that the target of the attack is not aware about the violation occurrence. Roscoe Moore. David (and so forth) A search for any name would first consist of computing the hash value (using the same hash function used to store the item) and then comparing for a match using that value.. Hashing is used to index and retrieve items in a database because it is faster to find the item using the shorter hashed key than to find it using the original value. It would. blackmail.probably the term is derived from the idea that the resulting hash value can be thought of as a "mixed up" version of the represented value. the amount of time the device took to encrypt a number of plaintexts or report an error in a password or PIN character. (They should be the same. Wilfred 8822 Smith. But if each of the names were hashed. Hashing Hashing is the second component of the cryptographic framework. will make any system vulnerable.e. the receiver derives a message-digest from the signature and compares it with the messagedigest it also received. be much faster to find a match across four digits. such as permitting too short keys. Poor administration of a cryptosystem. in a practical time). its role is to ensure the integrity of a message. An attacker might also study the pattern and length of messages to derive valuable information. regardless of other virtues. Wilfred Smith. a group of people could be arranged in a database like this: Abernathy. For instance. extortion. Roscoe 1990 Moore. hashing is also used to encrypt and decrypt digital signatures (used to authenticate message senders and receivers). of course. public-key cryptosystems based on elliptic curves have become popular since their invention in the mid1990s.g. or some of them. this is known as traffic analysis. In addition to faster data retrieval. efficiently (i. and can be quite useful to an alert adversary. It is also used in many encryption algorithms. it might be possible (depending on the number of names in the database) to generate a unique four-digit key for each name. other attacks on cryptosystems are based on actual use of the algorithms in real devices. each having only 10 possibilities. the best known algorithms for solving the elliptic curve-based version of discrete logarithm are much more time-consuming than the best known algorithms for factoring.. While pure cryptanalysis uses weaknesses in the algorithms themselves. Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. . he may be able to use a timing attack to break a cipher that is otherwise resistant to analysis. to achieve an equivalent strength of attack resistance. factoring-based encryption techniques must use larger keys than elliptic curve techniques. espionage. than across an unpredictable value length where each character had 26 possibilities. Thus. For example: 7864 Abernathy. And. The hashing algorithm is called the hash function-. Sara. social engineering. As a simple example of the using of hashing in databases. Sara 9802 Epperdingle. other things being equal.. A database search mechanism would first have to start looking character-by-character across the name for matches until it found the match (or ruled the other entries out). Using the same hash function as the sender. bribery. Epperdingle.. simply. The digital signature is transformed with the hash function and then both the hashed value (known as a message-digest) and the signature are sent in separate transmissions to the receiver. for example.) may be the most productive attacks of all.) . if he knew he will request for a retransmission. David (and many more sorted into alphabetical order) Each of these names would be the key in the database for that person's data. For this reason. in general. and are called side-channel attacks. torture.problems.
There's no need to "reverse engineer" the hash function by analyzing the hashed values. adds the parts together. might not work as for cryptographic or errorchecking purposes. and so forth. however. There are several well-known hash functions used in cryptography. that makes a larger (60-bit) message digest and is similar to MD4. Thus.The hash function is used to index the original value or key and then used later each time the data associated with the value or key is to be retrieved. MD4. the number base (or radix) can be changed resulting in a different sequence of digits. A hash function that offers an extremely low risk of collision may be considered acceptable. Digit rearrangement method: This is simply taking part of the original value or key such as digits in positions 3 through 6. and then uses the last four digits (or some other arbitrary number of digits that will work) as the hashed value or key.) High-order digits could be discarded to fit a hash value of uniform length. this is known as a collision. and MD5. hashing is always a one-way operation. the signatures on a certificate are attestations by the certificate signer that the identity information and the public key belong together. These include the message-digest hash functions MD2. any search mechanism would have to be able to recognize a collision and offer an alternate search mechanism. and the Secure Hash Algorithm (SHA). (For example. the signature is of either the user (a self-signed certificate) or other users ("endorsements"). (Since this method is liable to produce a number of collisions. the ideal hash function can't be derived by such analysis. A good hash function also should not produce the same hash value from two different inputs. Radix transformation method: Where the value or key is digital. a standard algorithm. The remainder is the hashed value. In fact. a decimal numbered key could be transformed into a hexadecimal numbered key. That number is then used as a divisor into each original value or key to extract a quotient and a remainder. If it does. In a typical public key infrastructure (PKI) scheme. reversing their order. A hash function that works well for database storage and retrieval. Here are some relatively simple hash functions that have been used: Division-remainder method: The size of the number of items in the table is estimated. their address. In either case. the signature will be of a certificate authority (CA). and then using that sequence of digits as the hash value or key.) Folding method: This method divides the original value (digits in this case) into several parts. a public key certificate (also known as a digital certificate or identity certificate) is an electronic document which uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization. In a web of trust scheme. The certificate can be used to verify that a public key belongs to an individual. *Digital Certificates* In cryptography. used for hashing digital signatures into a shorter value called a message-digest. .
Structure of a certificate The structure of an X. An example of reuse will be when a CA goes bankrupt and its name is deleted from the country's public list. In the X. IETF recommends that no issuer and subject names may be reused.509 system. The IETF-approved way of checking a certificate's validity is the Online Certificate Status Protocol (OCSP). However.. . expressed as Object identifier. after some time another CA with the same name may register itself although it is unrelated with the first one. Opera. X. An organization's trusted root certificates can be distributed to all employees so that they can use the company PKI system.509 specifies. A certificate-using system MUST reject the certificate if it encounters a critical extension it does not recognize or a critical extension that contains information that it cannot process. in effect the browsers' developers determine which CAs are trusted third parties for the browsers' users. X. Netscape/Mozilla. or to an alternative name such as an e-mail address or a DNS-entry.509 also includes standards for certificate revocation list (CRL) implementations. but MUST be processed if it is recognized.500 tradition. X. Certificate Signature Algorithm Certificate Signature Each extension has its own id. so SSL certificates from larger vendors will work instantly. a certification authority issues a certificate binding a public key to a particular distinguished name in the X. and a certification path validation algorithm. ITU-T introduced issuer and subject unique identifiers in version 2 to permit the reuse of issuer or subject name after some time.509 certificates In cryptography. standard formats for public key certificates. attribute certificates. Browsers such as Internet Explorer.509 v3 digital certificate is as follows: Certificate o Version o Serial Number o Algorithm ID o Issuer o Validity Not Before Not After o Subject o Subject Public Key Info Public Key Algorithm Subject Public Key o Issuer Unique Identifier (optional) o Subject Unique Identifier (optional) o Extensions (optional) .. certificate revocation lists. Safari and Chrome come with root certificates pre-installed. a set of values and either critical or non-critical indication.509 is an ITU-T standard for a public key infrastructure (PKI) and Privilege Management Infrastructure (PMI).X. A non-critical extension MAY be ignored if it is not recognized. Firefox 3 enables OCSP checking by default along with versions of Windows including Vista and later. version 2 is not widely used in the Internet. Therefore. amongst other things. an often neglected aspect of PKI systems.
have in recent years begun to move into "standards track" processes with one or more of the relevant standards organizations (notably. CA can utilize extensions to issue a certificate only for a specific usage (e. despite the name. . Digital signatures are commonly used for software distribution. the serial number MUST be unique for each certificate issued by a specific CA *PKCS* In cryptography. The algorithm outputs the private key and a corresponding public key. produces a signature. In some countries. in a significant sense. had an interest in promoting and facilitating the use of public-key techniques. They retained control over them. properly implemented digital signatures are more difficult to forge than the handwritten type. given a message and a private key. and in other cases where it is important to detect forgery or tampering. financial transactions. announcing that they would make changes/improvements as they deemed necessary. while also claiming their private key remains secret. Some. somewhat confused. or a message sent via some other cryptographic protocol. a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. laws concerning electronic signatures do not always make clear whether they are digital cryptographic signatures in the sense used here.g. Digital signatures are often used to implement electronic signatures. To that end. For messages sent through a nonsecure channel. on the other hand. RSA Data Security Inc (founded in 1982) was assigned the licensing rights for the patent (which expired in 2000) on the RSA asymmetric key algorithm and acquired the licensing rights to several other key patents as well (the Schnorr patent. However. including the United States. only for signing digital object). A digital signature scheme typically consists of three algorithms: A key generation algorithm that selects a private key uniformly at random from a set of possible private keys. Digital signatures employ a type of asymmetric cryptography. and so their importance. they developed (from the early 1990s onwards) the PKCS standards. Each extension can be critical or non-critical. meaning that the signer cannot successfully claim they did not sign a message. the signature is valid nonetheless. so that even if the private key is exposed. and so the PKCS standards were not. but not all electronic signatures use digital signatures. As such. In all versions. RSA Labs. the IETF PKIX working group).Extensions were introduced in version 3. A non-critical extension. Digital signatures can also provide nonrepudiation. leaving the legal definition. Digital signature schemes in the sense used here are cryptographically based. If an extension is critical and the system processing the certificate does not recognize the extension or cannot process it. RSA Security and its research division. for example). Digital signatures are equivalent to traditional handwritten signatures in many respects. contracts. PKCS refers to a group of public-key cryptography standards devised and published by RSA Security. Digitally signed messages may be anything representable as a bitstring : examples include electronic mail.. some non-repudiation schemes offer a time stamp for the digital signature. further. a broader term that refers to any electronic data that carries the intent of a signature. electronic signatures have legal significance. can be ignored while the system processes the rest of the certificate. and members of the European Union. the system MUST reject the entire certificate. A signing algorithm that. India. and that it was not altered in transit. A valid digital signature gives a recipient reason to believe that the message was created by a known sender. *Digital Signatures* A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. but not all. and must be implemented properly to be effective. actual industry standards.
there is no efficient way to modify a message and its signature to produce a new message with a valid signature. known as nonmalleable ones. First. access to the public key only does not enable a fraudulent party to fake a valid signature. Uses of digital signatures As organizations move away from paper documents with ink signatures or authenticity stamps. if a message is digitally signed. Digital signatures vs. Digital signatures can be applied to an entire document.) However. and congressional bills with digital signatures. Although encryption hides the contents of a message. For example. The United States Government Printing Office (GPO) publishes electronic versions of the budget. Non-repudiation Non-repudiation. a signature generated from a fixed message and fixed private key should verify the authenticity of that message by using the corresponding public key. the sender and receiver of a message may have a need for confidence that the message has not been altered during transmission. Integrity In many scenarios. A signature verifying algorithm that. ink on paper signatures An ink signature can be easily replicated from one document to another by copying the image manually or digitally. When ownership of a digital signature secret key is bound to a specific user. any change in the message after signature will invalidate the signature. suppose a bank’s branch office sends instructions to the central office requesting a change in the balance of an account. Below are some common reasons for applying a digital signature to communications: Authentication Although messages may often include information about the entity sending a message. By this property an entity that has signed some information cannot at a later time deny having signed it. Secondly. Digital signatures can be used to authenticate the source of messages. and Stanford are publishing electronic student transcripts with digital signatures. such that the digital signature on the last page will indicate tampering if any data on any of the pages have been altered. If the central office is not convinced that such a message is truly sent from an authorized source. Paper contracts often have the ink signature block on the last page. either accepts or rejects the message’s claim to authenticity. it may be possible to change an encrypted message without understanding it. *Public Key Infrastructure (PKI)* . identity. public and private laws. and status of an electronic document as well as acknowledging informed consent and approval by a signatory. Furthermore. it should be computationally infeasible to generate a valid signature for a party who does not possess the private key. or more specifically non-repudiation of origin. (Some encryption algorithms. digital signatures can provide added assurances of the evidence to provenance. Digital signatures cryptographically bind an electronic identity to an electronic document and the digital signature cannot be copied to another document. public key and a signature. that information may not be accurate. Similarly. Universities including Penn State. but others do not. and the previous pages may be replaced after a signature is applied. Two main properties are required. is an important aspect of digital signatures. prevent this. because this is still considered to be computationally infeasible by most cryptographic hash functions (see collision resistance). a valid signature shows that the message was sent by that user. acting on such a request could be a grave mistake. given a message. University of Chicago. The importance of high confidence in sender authenticity is especially obvious in a financial context.
people. The merchant sends a copy of its certificate so that the customer can verify that it's a valid store 6. The merchant does not need to know the customer's credit card number.Public Key Infrastructure (PKI) is a set of hardware. The binding is established through the registration and issuance process.509v3 digital certificate signed by the bank. The term PKI is sometimes erroneously used to denote public key algorithms. The customer receives a X. In this case. policies. The customer places an order 5. The purpose of the dual signature is the same as the standard electronic signature: to guarantee the authentication and integrity of data. The merchant requests payment authorization 8. software. store. The user identity must be unique within each CA domain. 3. distribute. depending on the level of assurance the binding has. it failed to gain traction. However. but rather a set of security protocols and formats that enable users to employ the existing credit card payment infrastructure on an open network in a secure fashion. a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The merchant requests payment Dual signature An important innovation introduced in SET is the dual signature. *SET Protocol* Secure Electronic Transaction (SET) was a standard protocol for securing credit card transactions over insecure networks. the customer wants to send the order information (OI) to the merchant and the payment information (PI) to the bank. and procedures needed to create. Key features To meet the business requirements. The merchant ships the goods or provides the service to the customer 10. The link is needed so that the customer can prove that the payment is intended for this order. and the bank does not need to know the details of the customer's order. The PKI role that assures this binding is called the Registration Authority (RA). It links two messages that are intended for two different recipients. use. The order and payment are sent 7. and revoke digital certificates. the Internet. specifically. SET was not itself a payment system. The merchant confirms the order 9. The customer obtains a credit card account with a bank that supports electronic payment and SET 2. or under human supervision. The RA ensures that the public key is bound to the individual to which it is assigned in a way that ensures non-repudiation. manage. may be carried out by software at a CA. In cryptography. which do not require the use of a CA. The term trusted third party (TTP) may also be used for certificate authority (CA). VISA now promotes the 3-D secure scheme. which. SET incorporates the following features: Confidentiality of information Integrity of data Cardholder account authentication Merchant authentication Transaction The sequence of events required for a transaction is as follows: 1. . Merchants have their own certificates 4.
E-Cash. The various factors that have lead the financial institutions to make use of electronic payments are: Decreasing technology cost: The technology used in the networks is decreasing day by day. Many new technologies. These business houses need faster transactions everywhere. These transfers are done through Automated Transfer Houses. We will now briefly enumerate these innovations based on whom they affected: Affecting the consumers: Credit cards. innovations have lead to use of E-Commerce for the common man also. A very simple reason to prove this is the fact that in electronic transactions we save both paper and time. This is not possible without the bank having branch near all of the companies offices. The Company can now directly deposit money into its employee’s bank account. The content of this exchange is usually some form of digital financial instrument (such as encrypted credit card numbers. ATMs (Automated Teller Machines). Debit Cards. EBanking. they span many countries or states. Enabling online commerce: Digital Cash. The dual signature is the encrypted MD (with the customer's secret key) of the concatenated MD's of PI and OI. *Electronic Payment System* Electronic Payment is a financial exchange that takes place online between buyers and sellers. Its MD does not reveal the content of the OI or PI. which is not encrypted. Each has its own benefits and shortcomings: Electronic Tokens: An electronic token is a digital analog of various forms of payment backed by a bank or financial institution. Some of them are enumerated below: Lack of Convenience: Traditional payment systems require the consumer to either send paper cheques by snail-mail or require him/her to physically come over and sign papers before performing a transaction. The dual signature can be verified using the MD of the OI or PI. Lack of Coverage: When we talk in terms of current businesses. Smart cards (or Electronic Purse) and encrypted Credit cards. Increasing online commerce: The above two factors have lead many institutions to go online and many others are following them. Affecting Companies: The payment mechanisms that a bank provides to a company have changed drastically. There are two types of tokens: . We will now focus attention on the various ways available to pay online these methods of payment are still new even when seen as a technology. Lack of Eligibility: Not all potential buyers may have a bank account. Stored value cards. Reduced operational and processing cost: Due to reduced technology cost the processing cost of various commerce activities becomes very less. electronic cheques or digital cash) that is backed by a bank or an intermediary.The message digest (MD) of the OI and the PI are independently calculated by the customer. It doesn't require the OI or PI itself. or by a legal tender. The dual signature is sent to both the merchant and the bank. Lack of support for micro-transactions: Many transactions done on the Internet are of very low cost though they involve data flow between two entities in two countries. This may lead to annoying circumstances sometimes. that too by post where it may be read by anyone. this was primarily for large business houses not for the common man. Lack of Security: This is because the consumer has to send all confidential data on a paper. The protocol arranges for the merchant to see the MD of the PI without seeing the PI itself. We began E-Commerce with EDI. and the bank sees the MD of the OI but not the OI itself. which is evident from the fact that computers are now dirt-cheap and Internet is becoming free almost everywhere in the world. This statement is self-explanatory. and thus privacy is preserved. There are also many problems with the traditional payment systems that are leading to its fade out. The same if done on paper may not be feasible at all.
They are not legal tender Their usage requires an account relationship and authorization system. due to negative real interests rates on bank deposits. Debit Cards. payee is obligatory to take it. paper cash.e. Electronic purse etc.e. Must be interoperable or exchangeable as payment for other digital cash. possession is proof of ownership. their users pre-pay for tokens that serve as currency. It places no risk on part of acceptor.These are exchanged between buyer and seller. Should not be easy to copy or tamper with while it is being exchanged. The non-cash transactions are inefficiently cleared. Digital cash is based on cryptographic systems called "Digital Signatures" similar to the signatures used by banks on paper cheques to authenticate a customer. Properties of Digital Cash Must have a monetary value: It must be backed by cash (currency). can be given or traded to someone else. Purchase of digital cash from an online currency server (or bank) involves 2 steps: Establishment of an account in this step we are given a unique digital number which also becomes our digital signature. which may be done in paper cheques becomes very difficult. Credit card data etc. Benefits of electronic Cheques: . electronic benefit transfers and the like. As it is a number known only to the customer and the bank. lines of credit. Cash is still the dominant form of payment as: The consumer still mistrusts the banks. the payer’s bank and bank account. Examples of these are DigiCash. except that they are initiated electronically. or on other easily transported standard or special purpose devices. Electronic Cheques The electronic cheques are modeled on paper checks. Maintenance of sufficient money in the account is required to back any purchase. bank authorized credit or a bank certified cashier’s check. bank notes or obligations. They are delivered either by direct transmission using telephone lines or by public networks such as the Internet. Transactions are settled with the exchange of these tokens. Now we will enumerate some qualities of cash: Cash is a legal tender i.o Real Time: (or Pre-paid tokens) . goods or services.e. these are nothing but new and very efficient versions of the old art of cryptography. It is negotiable i. o Post Paid Tokens: These are used with fund transfer instructions between the buyer and seller. In addition. even those without a bank certificate. It is a bearer instrument i. It can be held & used by anyone. The following are the limitations of Debit and Credit Cards: They are identification cards owned by the issuer & restricted to one user i. cannot be given away. Electronic or Digital Cash: This combines computerized convenience with security and privacy that improve upon paper cash. Remote storage or retrieval would allow users to exchange digital cash from home or office or while traveling. They use digital signatures for signing and endorsing and require the use of digital certificates to authenticate the payer. This is achieved by using the following technologies. Must be storable and retrievable: Cash could be stored on a remote computer’s memory. forgery. in smart cards.e. Examples – Electronic cheques.
is the basic underlying idea of BPR. and patterns of collaboration within and between organizations. The concept of business processes .organization. These processes are characterized by a number of attributes: Process ownership. Business strategy is the primary driver of BPR initiatives and the other dimensions are governed by strategy's encompassing role. it now plays a role as enabler of new organizational forms. The approach can be graphically depicted by a modification of "Leavitt’s diamond". In BPR. They create float and the availability of float is an important requirement of Commerce. and people . In order to achieve the major improvements BPR is seeking for.Several basic security measures are being used to solve this security problem.you add security software add-on modules to your web browser. For being able to reap the achievable benefits fully. Digital Wallet . Secure Electronic Payments: When you make an online purchase on the Internet. SET is expected to become the dominant standard for secure electronic payments on the Internet *Business Process Reengineering* Reengineering is the fundamental rethinking and radical redesign of business processes to achieve drmatic improvements in critical. Conventional cryptography of e-cheques makes them easier to process than systems based on public key cryptography (like digital cash).automatically encrypts data passing between your web browser and a merchant’s Server. value adding. Secure Electronic Transaction (SET) .They include: Encrypt (code and scramble) the data passing between the customer and merchant Encrypt the data passing between the customer and the company authorizing the credit card transaction Take sensitive information offline Security methods developed include: Secure Socket Layer (SSL) .where a process view is used as common framework for considering these dimensions. software that easily recognizes credit card number formats. technology. contemporary measures of performance such as cost. it was used for increasing organizational efficiency. the change of structural organizational variables. and the distribution of work between them. your credit card information is vulnerable to interception by network sniffers. This enables your browser to encrypt your credit card data in such a way that only the bank that authorizes credit card transactions for the merchant can see it. and other ways of managing and performing work is often considered as being insufficient. customer focus.interrelated activities aiming at creating a value added output to a customer . the composition of organizational units. and cross-functionality. information technology is generally considered as playing a role as enabler of new forms of organizing and collaborating. The organization dimension reflects the structural elements of the company. rather than supporting existing business functions. . While IT traditionally has been used for supporting the existing business functions. service and speed. such as hierarchical levels. Firms can use them in more cost-effective manner. motivation and reward systems. strategy. i. They can serve corporate markets.e. the use of information technology (IT) is conceived as a major contributing factor. quality. and four major areas can be identified as being subjected to change in BPR .software encrypts a digital envelope of digital certificates specifying the payment details for each transaction. Well suited for clearing micro payments. Technology is concerned with the use of computer systems and other forms of communication technology in the business. BPR derives its existence from different disciplines. training. The people / human resources dimension deals with aspects such as education.
AcceptEncoding.this the actual response which is rendered in the client window (the browser window). URI. it's version.the client or the server can prematurely stop the transfer by terminating the TCP connection. over the Internet.this part contains the actual request being sent to the HTTP Server. Similarly. HTTP is a stateless protocol means the HTTP Server doesn't maintain the contextual information about the clients communicating with it and hence we need to maintain sessions in case we need that feature for our Webapplications. The HTTP Request Header and Body are separated by a blank line (CRLF sequence. which are used to communicate information about the client environment. As we just saw that HTTP is a request-response based protocol.this should always be the first line of an HTTP Request. a status code of '404' means the file requested was not found at the HTTP Server at the expected location and the description in this case is 'File Not Found'. Let's move on to discussing how an HTTP Request or an HTTP Response does look like? Both the Request and the Response have a pre-defined format and it should comply with that so that both the client (the Web Browser) and the server (HTTP/Web Server) can understand and communicate properly with each other. This protocol has three well-known versions so far: HTTP/0. and Protocol Version . Status Code. Read more about this concept in the articles .e. HTTP Response Headers also contain useful information. HTTP Response Headers . and the HTTP protocol name with the version being used. Similar to HTTP Request. HTTP Response Body .this section of an HTTP Request contains the request headers. Content-Length. The same happens in case a Web Server needs to send back an HTTP Response to a client. Last-Modified. isn't it? The names are quite self-explanatory.0 came next. How a client can terminate the connection is pretty easy to visualize. Few of these HTTP Response headers are: Server. and now we normally use the HTTP/1. an HTTP Response also has three main components.9 being the first version. it contains the HTTP Request method being used for that particular request. Few of these headers are: Content-Type. • • . in this case also the Body and the Headers components are separated by a mandatory blank line (CRLF sequence). Host. As it's quite evident from the name itself. This is easy to understand as HTTP Requests are formed at the client machine whereas HTTP Responses are formed at the server machine. and its Description .HTTP/1. Content-Length. User-Agent.1' where the request method being used is 'GET'. which are:• Protocol/Version. the URI. Content-Type. etc. status code of the request. HTTP Request Headers . • • Format of an HTTP Response Similar to an HTTP Request. It may look like ' GET /servlet/jspName. The only difference is that HTTP Request Headers contain information about the environment of the client machine whereas HTTP Response Headers contain information about the environment of the server machine. It's used to send and receive data on the Web i.similar to HTTP Request Headers.jsp'. HTTP Request Body .the very first line of a valid HTTP Response is consists of the protocol name.org. isn't it? It can be done simply by clicking the 'Stop' button of the browser window (or by closing the browser window itself :-)). it first establishes a TCP reliable connection with the Web Server and then transfer the request via this connection. where CR means Carriage Return and LF means Line Feed).HTTP - HyperText Transfer Protocol It's a stateless request-response based communication protocol. The content of the body will be HTML code. Everytime a client needs to send the request. This blank line is a mandatory part of a valid HTTP Request. Interested in more details of these versions? Refer to the RFC2616 defined by w3.1 version. Any of the two parties .Need for Session Tracking and Session Tracking Implementation in Servlets. A status code of 200means the processing of request was successful and the description in this case will be ' OK'. and the protocol (with version) is 'HTTP/1. This protocol uses reliable TCP connections either for the transfer of data to and from clients which are Web Browsers in this case. etc. That means the client will initiate the communication by sending a request (normally called an HTTP Request) and the HTTP Server (or Web Server) will respond back by sending a response (usually called an HTTP Response). Very obvious to understand what info do these headers carry.. the URI is '/servlet/jspName. Format of an HTTP Request It has three main components.1'. and a short description of the status code. Accept-Language. which are:• HTTP Request Method.jsp HTTP/1.
if supported.Cookies are stored at the client side (in the browser's cache) and they are used to maintain the current session.This approach of maintaining sessions requires an extra peice of data to be appended to each URL.for example. In other words. retrieving/saving data which the client may require in subsequent steps. client authorization. These HttpSession objects live on the server and ther are just automatically associated with the client requests either with the help of Cookies or URL-Rewriting.. • Using Hidden Form Fields . Putting it differently. This happens because every HTTP request is treated as an altogether new request. The advantage of this approach is that it works even in those cases where the user has disabled cookied for their browsers. This interface helps identifying a user during various page requests by storing information about that user. • As we can easily imagine that such a behavior can cause so many problems . There are two main disadvantages of this approach: One.. one can easily see all the data (maybe some secret info) by looking at the HTML Source of the page and Two. • Using URL Rewriting .it just looks for an already existing session object for the current request and if it find then it simply uses the information stored in that session object otherwise if it's the first request then it creates a new session object. . you may obviously lose the session information (the session would have been invalid due to timeout) if you bookmark an URL first and then try to access that later on. we can easily imagine how difficult will it be to develop a Web-Application without maintaining contextual information about the clients. This extra info is used to identify the session and the server associates this identifier with the data it has stored for that particular session. Every cookie object stores contextual information for that particular session and it's always associated with a unique Session ID. Session Tracking in Servlets Servlets use the interface HttpSession to maintain sessions. SO. Three ways of session tracking in servlets are:• Using Cookies . The HttpSession interface provies various methods to interact with the session object.• Why do we need to maintain sessions? Plainly because HTTP is a stateless protocol. That means a Web Server handling HTTP requests doesn't maintain contextual info about the client requests coming to it. Cookies may be a security threat as the Session ID may be used to track the particular cookie and then to retrieve secure information from it. which is sent to the server on creation of the cookie.This is another approach of maintaining session where the contextual data travels via hidden form fields (<INPUT TYPE="hidden" . if a user has logged into his Bank Account and after a successful login if he wishes to go to the Funds Transfer page then he would be required to login again as Funds Transfer would be a login-protected page and the Web Server doesn't have any built-in support for recognizing if the clinet requesting this page is the one who is alraedy logged in or if it's coming from a new client. You can simply disable Cookies by updating your browser options.). There are three ways of tracking sessions. the Web Server doesn't have a built-in way to recognize whether the current request is coming from a new client or from a client which has been communicating with it for a while now. In this approach nothing is actually stored at the client side and all the sessio tracking info travels via URLs back and forth. there are three ways of maintaining contextual information about clients as a session is nothing but a collection of various information about the particular client the session has been built and maintained for. A timeout period for the cookie objects can be set after which they will become expired. etc. The beauty of the HttpSession objects is that the servlet writer doesn't need to bother about whether the browser is supporting cookies or not as the servlet internally handles this either by creating and maintaining cookies. This is just a simple example. The process is pretty simple in case of servlets . this approach will probaly work only for dynamic web pages (how would we maintain different session with unique identifiers otherwise?). This is the reason why all the browsers provide options to either enable or disable cookies at the user's discretion. otherwise it automatically uses URL-Rewriting approach (Read more about all the session tracking mechanism here). The server uses that Session ID to locate the cookie at the clinet machine and then it uses the contextual information stored in that cookie object for various purposes including client authentication. Sessions are also Java objects only and hence the process of retrieval or add/update of information is very simple...
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.