You are on page 1of 18

Page |1

1. Define e-commerce. Name any two areas which are reasons of worry in e-commerce. E-commerce, in the popular sense, can be defined as: the use of the Internet and the Web to conduct business transactions. A more technical definition would be: e-commerce involves digitally enabled commercial transactions between and among organizations and individuals. Some reasons of worrying in e-commerce are:  several areas of security and safety against fraud  taxation and state controls 2. Explain the concept of Commerce and e-commerce. / How is commerce and e-commerce related? Commerce is normally associated with the buying and selling of items. Commerce is one of the oldest activities of human beings and the concept of traders selling and buying items is a part of history. Markets are a common place where the buyers and sellers meet along with their products. Money is also an essential part of the market place. The concept of money, we have several concept of banking, various methods of representing and transferring money like cheques, MOUs, Draft etc. The key element of e-commerce is information processing. Every stage of commerce, except of route production of goods and their physical delivery can be automated. The tasks that can be automated include information gathering, processing, and manipulation and information distribution. 3. What are the categories of operations under e-commerce? Explain. /Explain different operations carried out in e-commerce. /Name a few operations performed by e-commerce. Explain. /List the various activities carried out in E-Commerce.

The following are the categories of operation that come under e-commerce:  Transactions between a supplier/a shopkeeper and a buyer or between two companies over a public network like the service provider network (like ISP).  Transactions with the trading partners or between the officer of the company located at different locations.  Information gathering needed for market research.  Information processing for decision making at different levels of management.  Information manipulation for operations and supply chain management.  Maintenance of records needed for legal purposes, including taxation, legal suits etc.  Transactions for information distributions to different retailers, customers etc. including advertising, sales and marketing. 4. List any three basic needs of consumer oriented e - commerce? Explain. Three basic needs of consumer oriented e-commerce are:  Standard business practices and processes for buying and selling of products as well as services need to be established.  Easy to use and well accepted software and hardware implementations of the various stages of e-commerce like order taking, payment, delivery, after sales interactions etc. need to be established.  Secure commercial and transport practices that make the parties believe that they are not at the mercy of anybody else for the safety of their information and goods need to be in place. 5. What is the role of encryption in e-commerce? Explain. /What is the role of encryption in data transfer?

The success or failure of an e-commerce operation hinges on the security of data transmissions and storage. Data security has taken on heightened importance since a series of high-profile "cracker" attacks have humbled popular Web sites, and the misuse of credit card numbers of customers at business-to-consumer e-commerce destinations. Security is on the mind of every e-commerce entrepreneur who solicits, stores, or communicates any information that may be sensitive if lost. An arms race is underway: technologists are building new security measures while others are working to crack the security systems. One of the most effective means of ensuring data security and integrity is encryption.

6. List and explain the various encryption techniques. There are three basic encryption methods: hashing, symmetric cryptography, and asymmetric cryptography. People use encryption to change readable text, called plaintext, into an unreadable secret format, called ciphertext. Encrypting data protects the confidentiality of a message and ensures that messages have not been altered during transit and verifying the identity of the sender.

a "private" key and a "public key. ii. fixed-length signature for a message or data set. Explain in detail the e-commerce architecture.Page |2 Hashing Encryption It creates a unique. The use of two keys overcomes a major weakness in symmetric key cryptography. Two concepts of TV based home entertainment are:  Movie on Demand  Playing interactive games online or after downloading 9. or functionality. What is E-Banking? Explain. It is possible for a user to select a movie/CD online and make his cable operator play the movie exclusively for him. Symmetric Methods Symmetric cryptography. Once the data is encrypted. It may include of any transactions related to online usage 11. Asymmetric Forms Asymmetric or public key cryptography uses two keys. and electronic commerce. and non-repudiation. brokerage services. network infrastructure and basic communications services . or services: i. This is the concept of movie on demand. the process cannot be reversed or deciphered. computer passwords. Payment can be either online/ billed to his account. against payment. interface and support layers iv. What is movie on demand? Name any two concepts of TV based home entertainment." to perform encryption and decryption. /List any three basic banking activities? /List the banking services. List the activities of banking system for business. secure messaging. it is about constructing and analyzing protocols that overcome the influence of adversaries and which are related to various aspects in information security such as data confidentiality. even minor changes to that message result in a dramatically different hash. applications. credit union or building society. A sender encodes a message into ciphertext using a key. thereby alerting a user to potential tampering. What is Cryptography? Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries). The electronic commerce application architecture consists of six layers of functionality. /Explain the architecture frame work of e-commerce? /List the six layers of E-Commerce architecture. Online banking (or Internet banking or E-banking) allows customers of a financial institution to conduct financial transactions on a secure website operated by the institution. which can be a retail or virtual bank.  Fund transfer and  Updating of pass books etc. /Which are the basic Banking services under E . data integrity. and electronic document interchange v. also called secret-key cryptography. and the receiver uses the same key to decode it. 8.Commerce? The basic banking activities are:  Checking his accounts statements  Round the clock banking (ATM)  Payment of bills etc. More generally. Since a hash is unique to a specific message. since a single key does not need to be securely managed among multiple users. middleware and structured document interchange vi. data or transaction management iii. authentication. 7. security. 10. The term "private key" comes from the fact that the key used to encrypt and decrypt data must remain secure because anyone with access to it can read the coded messages. Applications of cryptography include ATM cards.

Explain block diagram depicting electronic commerce architecture.  Information Brokerage and Management: This layer provides service integration through the notion of information brokerages. masking the peculiarities of the environment. Transparency is essential for dealing with higher-level issues than physical media and interconnection that the underlying network infrastructure is in charge of.  Interface and Support Services: This will provide interfaces for electronic commerce applications such as interactive catalogs and will support directory services functions necessary for information search and access.Page |3  Electronic Commerce Application Services: This layer of e-commerce will be comprised of existing and future applications built on the innate architecture. business-to-business.  Secure Messaging and Structured Document Interchange Services: Messaging is the software that sits between the network infrastructure and the clients or electronic commerce applications. customer-to-business. Three district classes of electronic commerce applications can be distinguished. .  Transparency: Transparency implies that users should be unaware that they are accessing multiple systems. and intra-organization. 12.  Middleware Services: It is the ultimate mediator between diverse software programs that enables them talk to one another. which acts as an intermediary in the interaction with third-party services. /Explain the three stages of e-commerce architecture on web? The architecture is made up of three primary entities:  client browser  Web server  third-party services The client browser usually interacts with the WWW server. the development of which is necessitated by the increasing information resource fragmentation.

18. this assumption of interoperability has not been supported by the realities of practical computing.Commerce. So the WWW is significant to e-commerce. What are the four types of purchases? The four types of purchase are:  Specifically planned purchases: The need was recognized on entering the store and the shopper bought the exact item planned.  17.  Generally planned purchases: The need was recognized. music downloading. It is a global collection of networks. connected to share information using a common set of protocols.Page |4 13. Common Gateway Interface (CGI)  File transfer  Spamming 19. It allows people from all over the world to get connected inexpensively and reliably. Two stages of commerce that cannot be automated are:  production of goods  their physical delivery 15. This shopper is influenced by instore advertisements and can substitute products readily. Which is the key element of e-commerce? The key element of e-commerce is information processing. And it is based on open standards.. e. after sales interactions etc.  Secure commercial and transport practices that make the parties believe that they are not at the mercy of anybody else for the safety of their information and goods need to be in place. . and business partners access to information about these businesses and their products and services that would lead to purchase.use existing materials found on the Internet without the owner's permission.  Reminder purchases: The shopper was reminded of the need by some store influence. Lower costs involved than previous methods. 14. delivery. What are the desirable characteristics of e-commerce? The desirable characteristics of e-commerce are:  Standard business practices and processes for buying and selling of products as well as services need to be established.    List four advantages of Internet for E . Significance of WWW on e-commerce Electronic commerce depends on the unspoken assumption that computers cooperate efficiently for seamless information sharing. need to be established. payment. prospects. It allows businesses to showcase and sell their products and services online and gives potential customers.  Entirely unplanned purchases: The need was not recognized entering the store.  Easy to use and well accepted software and hardware implementations of the various stages of e-commerce like order taking. but the shopper decided in-store on the actual manufacturer of the item to satisfy the need. Name two stages of commerce that cannot be automated. domain name (cybersquatting). 16. Unfortunately. software pirating  Client computer threats  Trojan horse  Active contents  Viruses  Communication channel threats  Sniffer program  Backdoor  Spoofing  Denial-of-service  Server threats  Privilege setting  Server Side Include (SSI). The Web community of developers and users is tackling these complex problems. What are the security threats to E-commerce? The security threats to e-commerce are:  Intellectual property threats -.g.

In short. government organizations. Benefits of EDI:  Reduced paper-based systems  Improved problem resolution and customer service  Expanded customer/supplier base  Ability to exchange huge amounts of data in a fast and effective manner to speed up business processes 22. The EDI documents are more structured than e-mail and typically are manipulated or processed more than e-mail messages by the sending and receiving software. EDI communicates information pertinent for business transactions between the computer systems of companies. Explain. To facilitate the transfer of computer files between two “trading partners” requires that the computer applications of both sender and receiver use a compatible format for EDI document exchange. EDI architecture specifies four layers:  the semantic ( or application ) layer  the standards translation layer  the packing ( or transport) layer  the physical network infrastructure layer The EDI semantic layer describes the business application that is driving EDI. how information flows with EDI? . small businesses. What is EDI? EDI is defined as the interprocess communication (computer application to computer application) of business information in a standardized electronic form.Page |5 20. and banks. When the trading partner sends a document. 21. Explain the four layers of EDI architecture and list the benefits of EDI (tangible). the EDI translation software converts the proprietary format into a standard mutually agreed on by the processing systems.

 Step4: Transport company’s computer sends Booking Confirmation to seller’s Computer.  Step2: Seller’s computer sends Purchase Order Confirmation to buyer’s computer.  Step5: Seller’s computer sends Advance Ship Notice to buyer’s computer.Page |6 Information flows through EDI via the following steps:  Step1: Buyer’s computer sends Purchase Order to seller’s computer. What is EDI and electronic fund transfer (EFT)? Electronic Funds Transfer (EFT) is the automatic transfer of funds among banks and other organizations. The working of Edi business layer application can be described with the following diagram: And the preparation processes followed by the application process are: 24. .  Step3: Seller’s computer sends Booking Request to transport company’s computer. This was achieved by traditional EDI before but nowadays rapid transactions and processing are required so Open EDI is preferred.  Step7: Buyer’s computer sends Receipt Advice to seller’s computer.  Step6: Transport company’s computer sends status to seller’s computer. 23.  Step9: Buyer’s computer sends Payment to seller’s computer. Explain EDI business application layer with a diagram.  Step8: Seller’s computer sends Invoice to buyer’s computer.

26. Most VANs offer interconnects. 28. List the main costs of VAN.Page |7 25.  VAN Usage or Variable Costs VANs charge session fees based on their services. It is not decided as yet who will be liable if an EDI network fails to deliver the message. What is value added networks (VAN)? Explain the functions of VAN. It also provides other services. Open EDI facilitates revisions and aids in more speedy agreement on a final version.  EDI Value Added Network services (VANs). The customer pays according to volume of usage. The different layers of EDI implementation are:  Common EDI standards dictate syntax and standardize on the business language. /Describe the VAN pricing system. whether or not the services are used. Usage is defined as the number of transactions sent and received by the customer or the trading partner. most VANs charge to both send and receive data. What is an Electronic Purse? Who is liable if an EDI network fails to deliver the message? Banks. and translates among EDI message standards. A VAN is a communications network that typically exchanges EDI messages among trading partners. invoices. The network usage fee is a flat monthly rate that applies. Unlike the postal service.  Trading partners are a firm’s customers and suppliers with whom business is conducted. Explain any four components of EDI implementation? /List the different layers of EDI implementation. credit card companies. VANs bill in various ways for services rendered. 29. 30. 27. What is the need for open EDI? Explain. charging by the number of characters transmitted. and it allows everybody involved to be flexible and cost-effective. companies incur charges of many thousands of dollars.  Account Start-UP Costs Opening an account with a VAN incurs start-up costs as well as other variable costs such as mailbox/network fees. What are the disadvantages of VANs for EDI? The disadvantage of EDI enabling VANs is that they are slow and high priced. It acts as middlemen between companies. and even government institutions are racing to introduce “electronic purses” which are wallet-sized smart cards embedded with programmable microchips that store sums of money for people to use instead of cash. They have allowed companies to automatically and securely exchange purchase orders. which charges only to send a letter.  Translation software sends messages between trading partners.  Proprietary hardware and networking if it is a hub company. The big difference between the traditional EDI model and the needs of today is that business today has a much larger component of rapid project based partnerships that are created and dissolved in time scales too small to permit a full-blown standards process to play out its consensus building. but they often charge monthly fees for using them and may have other charges as well.  Banks facilitate payment and remittance. VAN works much like residential personal mailboxes. With connect time and mailbox charges factored in. and payments .  Interconnect Costs A company that exchanges EDI data with a trading partner that subscribes to a different VAN will pay a VAN interconnect fee. including holding messages in “electronic mailboxes. The increased interest in open EDI is a result of dissatisfaction with traditional EDI.” interfacing with other VANs and supporting many telecommunications modes and transfer protocols. integrates data into and from existing computer applications.

The digital signature provides a means for a third party to verify that the notarized object is authentic. data encrypted with either key can only be decrypted with the other. The legal. When combined with message digests.  Digital Signatures and EDI Messages are being time-stamped by digital signatures. No rules exist that indicate how electronic messages may be considered binding in business or other related transactions.  Digital signatures: relationship of keys Because of the mathematical relationship between the public and private keys. This allows the sender of a message to encrypt it using the sender’s private key. Integrity and authentication are ensured by the use of digital signatures. If digital signatures are to replace handwritten signatures. Digital signatures are a means by which messages might be time-stamped or digitally notarized to establish dates and times at which a recipient might claim to have had access or even read a particular message. security and privacy aspects of EDI are:  Legal Status of EDI Messages There has been considerable debate concerning the legal status of EDI messages and electronic messages in general.Page |8 31. Explain the legal and security aspects of EDI. encryption using the private key allows users to digitally sign messages. How does digital signature works? /Explain digital signature technique. they must have the same legal status as handwritten signatures. 32. 33. They should have greater legal authority than handwritten signatures. Importance of digital signature:  Merchant authentication is ensured by the use of digital signatures . What is digital signature? Explain its importance in E-commerce. And the recipient can be sure that the message was not changed after the message digest was generated.  Digital signatures: using message digests When combined with message digests. /What are the issues of EDI in Connection with security & privacy? Explain. encryption using the private key allows users to digitally sign messages. The recipient of the digital signature can be sure that the message really came from the sender.

For instance. the customer enters the order receipt and entry phase of OMC. 36.  Order Scheduling During the ordering scheduling phase the prioritized orders get slotted into an actual production or operational sequence. a their party can verify that not one byte of the contract has been altered. they must have the same legal status as handwritten signatures. upgradations etc. This is the Order Management Cycle. OMC has the following generic steps:  Order Planning and Order Generation The business process begins long before an actual order is placed by the customer. The recipient can also be sure that the message was not changed after the message digest was generated.  Opportunity for independent evaluations and for customer dialogue and discussion.  Order Selection and Prioritization Customer service representatives are also often responsible for choosing which orders to accept and which to decline. one cannot be sure that the first nine pages have not been altered. connectivity etc.  A scope for interactions Interactions include trial runs of the products.Page |9   The recipient of a digitally signed message can be sure that the message really came from the sender. The trick is getting a critical mass of corporations and consumers to use electronic mechanisms.  A seamless connection to the marketplace. ability to compare different products and of course scope for negotiations and bargaining. 34. It is a way to digitally notarize messages to establish dates and time. if a ten-page contract is signed by hand on the tenth page. Can the digital signature fully replace handwritten signature? Explain. below which it is not profitable to operate. The customer need not buy only what is available. 35. The digital signature provides a means for a third party to verify that the notarized object is authentic. This should not be a hindrance.  Scope for designing new products. not only do users buy and sell products or services. (List the OMC’s generic steps) The order-to-delivery cycle from the merchant’s perspective has been managed with an eye toward standardization and cost.  Negotiation and bargaining. however. The supplier must be able to accept these. Give the desirable characteristics of e-marketing. details of after sales services. . If the contract was signed by digital signatures. 37. It is obvious that each customer will be operating with a different type of computer. In the marketplace. (Seamless connections / market place interacts / settling disputes) Desirable characteristics of e-marketing:  A minimal size of the place Obviously for any such place to thrive there is a critical size. they also compare notes on who has the best products and whose prices are outrageous. No market place is complete if it does not support negotiation. If digital signatures are to replace handwritten signatures. Describe the mercantile models from the merchant’s perspective.  Recourse for disgruntled users There should be a standard recourse to settle such disputes.  Order Receipt and Entry After an acceptable price quote. classifications of doubts on the part of the customers. What are the desirable characteristics of an electronic marketplace? Desirable characteristics of electronic marketplace are:  Critical mass of buyers and sellers. software.  Cost Estimation and Pricing Pricing is the bridge between customer needs and company capabilities. He can ask for modifications.

Explain mercantile models from the consumer's perspective. and post-purchase interaction. who view their job as getting the bill out efficiently and collecting quickly. product returns.  Order Billing and Account / Payment Management After the order has been fulfilled and delivered. billing is typically handled by the finance staff.  Post-sales Service This phase plays an increasingly important role in all elements of a company’s profit equation: customer value. and cost. price. and product defects. purchase consummation.P a g e | 10  Order Fulfillment and Delivery During the order fulfillment and delivery phase the actual provision of the product or service is made. (Name three broad phases of consumer’s perspective) The business process model from a consumer’s perspective consists of seven activities that can be grouped into three phases: prepurchase phase. 38.  .  The pre-purchase preparation:  searching and discovering product  comparison of products based on various attributes  negotiating terms  The purchase consummation:  placing order  authorizing payment  receiving product The post-purchase interaction phase includes customer service and support to address customer complaints.

Transactions are settled with the exchange of electronic currency. (Compare and contrast push and pull based supply chain management) Electronic tokens are the form of electronic cash/money or checks. The server authenticates the customers and verifies with the bank that funds are adequate before purchase. Supply chain management (SCM) is an integrating process based on the flawless delivery of basic and customized services. Simply put. What are the three types of electronic tokens? Explain. Users pay in advance for the privilege of getting information. electronic tokens are equivalent to cash that is backed by a bank.  40. Electronic tokens are of three types:  Cash or real-time. to purchase of raw materials. . to delivery and consumption of finished goods. Electronic tokens are designed as electronic analogs of various forms of payment backed by a bank or financial institution.P a g e | 11 39.  Debit or prepaid. Simply stated. Credit or postpaid. There are two primary models of supply chain management: push versus pull. These models contain three primary elements:  Logistics and distribution (integrated logistics). SCM optimizes information and product flows from the receipt of the order. What is Supply Chain Management (SCM)? Explain main categories of SCM in detail.  Integrated marketing and distribution:  Agile manufacturing.

pull passed SCM 41. form partnerships along a value added chain. specialized firms that. in the interest of seeking strategic alliances.P a g e | 12 Push based vs. . Downward networking is initiated by a large. What are the two approaches of virtual organization? Two major approaches are used to form virtual organizations: downward and lateral. vertically integrated company seeking to reduce its overhead by outsourcing. The lateral approach is observed in small.

merchant. and acquirer. who do substantial research before making the decision to purchase products or services. and mastercard have cooperatively developed SEPP. nonproprietary. /Describe the (SEPP) Secure Electronic Payment Protocol. SEPP is the electronic equivalent of the paper charge slip. consumers can be categorized into three types:  Impulsive buyers.P a g e | 13 42. Cybercash. signature. SEPP takes input from the negotiation process and causes the payment to happen via a three-way communication among the cardholder. Give categories of consumers. There are several major business requirements addressed by SEPP. GTE. 44. who purchase products quickly. Netscape. IBM. who purchase products after making some comparisons.  Analytical buyers.an open.  Patient buyers. In general.  To provide authentication that a cardholder is the legitimate owner of a card account.  To enable confidentiality of payment information  To ensure integrity of all payment data transmitted. license free specification for securing on-line transactions. . branded card payments with an acquiring member financial institution.  To provide authentication that a merchant can accept mastercard. Explain the SEPP in detail. vendor-neutral. Mention some hacking techniques. and submission process. 43.

 Security A secure system verifies the identity of two-party transaction through “user authentication” and reserves flexibility to restrict information / service through access control. Specifically. . Issues addressed by e-payment systems are:  Privacy A user expects to trust in a secure system. Name any four issues addressed by e-payment systems. of exchanges  no.  Managing Credit Risk Credit or systemic risk is a major concern in net settlement systems because a bank’s failure to settle its net position could lead to a chain reaction of bank failures. for example.  Brokers A “network banker” – someone to broker goods and services.P a g e | 14 45. privacy issues.  Pricing One fundamental issue is how to price payment system services. settle conflicts. of exchanges within a time period. Electronic cash (e-cash) is a new concept in on-line payment systems because it combines computerized convenience with security and privacy that improve on paper cash.  Intuitive interface The payment interface must be as easy to use as a telephone.  Managing Information Privacy The electronic payment system must ensure and maintain privacy. What are the risks in Electronic payment system? Explain. and facilitate financial transactions electronically – must be in place. separate accounts have been stored on separate databases. e-cash must have the following four properties:  monetary value  interoperability  retrievability  security. 47. Operation of the payment systems incurs three major risks: fraud or mistake. One essential challenge of e-commerce is risk management. What is e-cash? Give the properties of e-cash. 48. To date. What are the normal constraints put on e-cash? The normal constraints put on e-cash are:  A validity limit  the more amount that can be stored  more no. / Describe the steps involved in designing electronic payment systems. The challenge before banks is to tie these databases together and to allow customers access to any of them while keeping the data up-to-date and error free.  Database integration With home banking. a customer wants to play with all his accounts. E-cash focuses on replacing cash as the principal payment vehicle in consumer-oriented electronic payments. and credit risk.  Risks from Mistake and Disputes  Consumer Protection: All systems need to keep the records of the consumers safe.  Standard Without standards. the welding of different payment users into different networks and different systems is impossible. 46. /List the various issues in e-payment system.

53. Network security measures are needed to protect data during its transmission.P a g e | 15 49. On-line. The ability to manage information not only within a company but across industries and enterprises. providing total supply chain information visibility. Computer and network security can be defined as the protection of network-connected resources against unauthorized disclosure. 50. Explain reason for information security? The requirements of information security in an organization have undergone major changes in the last several decades. The generic name for the collection of tools designed to protect data is computer security. and measurement systems. incapacitation. or destruction. List the four basic goals of electronic security. real-time distributed information processing to the desktop. . cost accounting standards.        What are the characteristics of SCM? An ability to source raw material or finished goods from anywhere in the world. be compromised by a single penetrable host. Security is needed for both external and internal threats. the security of an entire network can. What are security strategies and list the security tools. It requires physical and administrative controls. global business and management strategy with flawless local execution. as well as automated tools. In an enterprise network. A reconfiguration of the supply chain organization into high – performance teams going from the shop floor to senior management. The second major change that affects security is the introduction of distributed systems and the use of networks and communication facilities for transporting data between the user and computer (client and server) and between computers. modification. The four basic goals of electronic security are:  Privacy  Integrity  Authentication  Availability 54. restriction. A centralized. There are basic security strategies that can be utilized to combat the threats:  access to control  integrity  confidentiality  authentication SECURITY TOOLS  Secure transport stacks  KERBEROS  UNIX SECURITY  PASSWORD SECURITY SYSTEM 51. The seamless integration of all supply chain processes and measurements. utilization. The development and implementation of accounting models such as activity-based costing that link cost to performance are used as tools for cost reduction. information systems. What are the basic types of physical data security and threats to data? Types of physical data security:  Data integrity  Data availability The threats to data are:  Active threats  Passive threats 52. in principle. including third-party suppliers. What is non-repudiation? Non-repudiation is the fact that a person cannot deny after having sent / received a message.

and payments back and forth. /What is the main difference between horizontal and vertical organization? The traditional approach views the organization as a collection of vertical departments or business units.  Organized and internal attempts to obtain economic or market information from competitive organizations in the private sector. file encryption.  One-time passwords: One time passwords provide greater security because they can only be used once.  Payments using encrypted credit card details It would make sense to encrypt our credit card details before sending them out. UNIX provides various built-in security features. such as user passwords. Some of the threats that stimulated the upsurge of interest in security include the following. 56. and data about individuals.  Smart Cards: A smart card is a portable device that contains some nonvolatile memory and a microprocessor. This is accomplished via an authentication scheme.P a g e | 16 55. Once an attacker has obtained a password.  Payment using third party verification One solution to security and verification problems is the introduction of a third party. a company that collects and approves payments from one client to another.  Government intrusion on the rights of individuals  Invasion of individuals’ rights by the intelligence community. This requires standardization. Password Security System. On the corporate side. 58. directory access. and security on password files. there is little or no controlling what damage may be done or what proprietary information could be leaked out. 57. The protocol allows client/server applications to communicate in a way that data transmissions cannot be altered or disclosed. Explain horizontal & vertical organization with the help of a diagram. 61. The strength of SSL is that it is application independent. The biggest barrier to electronic trade is having all the pieces work together so that information can flow seamlessly from one source to another. invoices. Explain secure socket layer. (SSL) The secure socket layer (SSL) protocol developed by Netscape communications is a security protocol that provides privacy over the Internet. This is achieved through Seamless interface. We can break credit card payment on on-line networks into three basic categories:  Payments using plain credit card details The easiest method of payment is the exchange of unencrypted credit cards over a public network such as telephone lines or the Internet. companies need compatible EDI software and network services in order to send electronic purchase orders. What are the three ways in which payment through credit cards can be made over the net? Explain. economic data. Servers are always authenticated and clients are exchanged algorithms and hardware tokens.  The vertical organization . and then are no longer valid. This card contains some kind of and encrypted key that is compared to a secret key contained on the user’s processor.  Organized and intentional attempts to obtain economic information from government agencies. Passwords and password information files are often the target for many attackers. Security threats.  Inadvertent acquisition of economic or market information  Inadvertent acquisition of information about individuals  Intentional fraud through illegal access to computer repositories including acquisition of funding data. 59. file access. Secure transport is of little use if the host from which the transmission originates can be broken into the credit card file or other financial files can be stolen. UNIX security. What is the need for standardization? Explain. 60. law enforcement data. This is UNIX security. Passwords are the most widely used security measure in existence today.

Information brokerages are needed for three reasons:  comparison  shopping  reduced search costs and integration Today. The objective of a horizontal structure is to change the staff’s focus from coordinating and reporting to improving flow managements and work quality and increasing value for customers. What should be covered in the policy? The following is a list of topics that should be covered in the policy. On what factors can negotiations take place? Negotiations take place:  over money  over terms and conditions  over delivery dates  over evaluation criteria 66.  Restrictions on disclosure of information that may be proprietary. not all customer orders are created equal. What is order selection? Explain. In fact. and so on.  Policy on electronic communications. Why are information brokerages and management needed? Explain with an example. Finally.  The organization’s policy concerning controversial mail or postings to mailing lists or discussion groups. 64. Advantages of internet:  Flat pricing  cheap access  common standards  secure . it creates boundaries that discourage employees in different departments from interacting with one another. departmental goals are typically set in a way that could cause friction among departments.P a g e | 17 The vertical approach to corporate management poses two problems to smooth operations. 63. The principal goal of horizontal management is to facilitate the smooth transition of intermediate products and services through its various functions to the customer. The vertical organization allows gaps to exist between employees from different departments and lacks a channel to facilitate interaction and communication. many on-line information providers are moving to a consumer services model. 65. where they provide not only inexpensive access but lots of free information. This is order selection and prioritization. improving communication. three key ingredients are missing from the vertical organizations chart: The product. and eliminating unnecessary work. the process. Customer service representatives are also often responsible for choosing which orders to accept and which to decline. First. and the customer. Operating in a fast changing environment without a clear picture of such components. List the advantages of Internet.  What guidelines you have regarding resource use  What might constitute abuse  Whether users are permitted to share accounts or let others use their accounts  How users should keep their passwords secret  How often users should change their passwords and any password restrictions or requirements.  Statement or electronic mail privacy. mail forging.  The Horizontal Organization The structure of a horizontal organization is two-tiered instead of multilayered. as seen in vertical organizations: a core group of senior management responsible for strategic decisions and policies. This is achieved by empowering employees. 62. and a stratum of employees in process teams. some are simply better for the business than others. it would be difficult for top management to run a business effectively. Second. Companies that put effort into order selection and link it to their business strategy stand to make more money.

Explain software agent and middleware. What is the purpose of Kerberos? Kerberos provides an authentication means in an open (unprotected) network. It means that the contents should not get changed.  Ensure the creation of a protocol that is neither department on transport security mechanisms no prevents their use.  Ensure the use of the best security practices and design techniques to protect all legitimate parties in an electronic commerce transaction.  Facilitate and encourage interoperability across software and network providers. 68. American Express) bankcard account.  Provide authentication that a merchant can accept bank card payments through its relationship with an appropriate financial institution. Visa.P a g e | 18 67. SSL depends on the RSA algorithm 72. What is IP spoofing and Telnet? IP spoofing is a tool that intruders use to take over an open terminal and login connections after they get root access. What are the two desirable properties in any e-transaction? The two desirable properties in any e-transaction are:  anonymity  security 69. Middleware is a mediator between diverse application programs that talk to each other. 71. 73. Kerberos performs authentication under these conditions as a trusted third party authentication service by using conventional (shared-secret key) cryptography. Master Card. . The basic principle of keyboards is that it provides authentication to messages in an open network.g. What does ATM stands for? ATM stands for Automated Teller Machine. Telnet enables users to log in to remote computers. 70. 74. What are the seven major business requirements addressed by SET (Secure Electronic Transaction)? Seven major business requirements addressed by SET:  Provide for confidential payment information and enable confidentiality of order information that is transmitted with payment information  Ensure integrity for all transmitted data  Provide authentication that a buyer is a legitimate user of a branded (e. Explain the basic principle of keyboards. What is meant by integrity (integration) of data? What is the encryption algorithm on which SSL depends? The specifications must guarantee that message content is not altered during the transmission between originator and recipient. Software agent is an encapsulation of users’ instructions.