You are on page 1of 35

AKG/ e COMMERCE.

E-Commerce

1

Traditional commerce , an overview Process involved in traditional commerce, before selling and / or buying can be divided into two major parts. They are, manufacturer’s or company’s point of view and customer’s point of view. Financial institutes play a key role by transferring funds between buyers and sellers, also financial support to both there by earning their profit by providing convenience to seller and buyer. Final goal of seller is to sell his/her product with profit and for buyer is to buy the best reliable product for minimum cost. Hence both parties (buyer and seller) must converge at a common point for satisfactory transactions. Before buying consumer must identify the need, search for the product and has to find out the buying options by traditional means. This certainly lot of time and energy which can be saved by digitized transactions. Electronic commerce When one think of the electronic commerce even though final goal remains the same as that of the traditional commerce, but the way in which they function in order to improve the performance is different. It’s basically the change in media, of course, like the transportation has changed from bullock carts to supersonic plane. In today’s fast changing world even the individual customer can conduct business online through internet. As information sharing is the major part of the commerce industries, networking has given boost to e- Commerce. This change in view – point has opened door for new opportunities. Electronic commerce includes transactions that supports revenue generation, such as generating demands, offering sales & supports etc. along with the transactions including buying and selling. Electronic commerce built on the structure of traditional commerce adds flexibility due to networking.

The major advantages of e – commerce • Better departmental interactions. This could be the information sharing within the companies or between the companies working together for better performance. • Improved customer relations . Commercial activities on electronic network eliminates time, place and principal constraints. For ex : if acustomer wants to buy a book of his choice he need not go around searching for the book, instead he can do the same inside the closed doors, thanks to e – Commerce. And also the publishers need not have physical stores to sell their books. Customer support system can be achieved throughout the day. Orders can be placed or accepted at any time, anywhere. Networking facilitates the customer and the manufacturers to come closer wherever they are by eliminating the middle man hurdles. Whole world is a village, Global world in its true sense. The result of this is drastic reduction in overhead cost, instant response there by time, energy and also the money can be saved. COMPARISON BETWEEN TRADITIONAL AND ELECTRONIC COMMERCE Let us examine the simple task when an employee of a company wants to buy a Pc for his office. Company

AKG/ e COMMERCE.
• • Generate request for PC including the specifications.

2

Approval process has to pass through one or more than one person depending upon the cost involved, the position and or right of the person.

• •

Once sanctioned, request passes on to the purchasing department. Identify the item & supplier: Selection of appropriate model & supplier, with the help of office supply catalog. The person in the purchasing department has to check more than one catalog and contact the suppliers to find out the availability, present cost or may be latest version.

Issue a purchase order, fax or mail it to the supplier.

SUPPLIER Verify the credit and sale history of the ordering company. Check the ware house for inventory, find out when it can be delivered to the desired location, within the time frame. Once the supplier is satisfied, then Create an transportation and inform the warehouse. Create an invoice for the PC and mail it. Finally PC reaches the office & the company pays the bill for PC by some standard means. Once the above given processes are digitized (if not, most of the steps) business can be done Online in eCommerce. Certainly e- Commerce results in reduction of procedural overheads, hence better performance at reduced cost and time.

BROAD VIEW OF e- Commerce What is E – Commerce ? E – Commerce in its simplest form can be defined as the application of computer and computer networks for modern business purposes. Or in other words it is a modern business methodology that addresses the needs of • • • Organizations Merchants & Consumers, in order to # reduce cost # Improve the quality of goods & services # Increase the speed of service & delivery # Search and retrieve information in support of human and corporate decision making.

THE INTERNET

HIERARCHY

Networking consists of Internet form a hierarchy. Hierarchy is broadly classified into 5 – stages from the top level to bottom level.

AKG/ e COMMERCE.

3

1) Back Bone : - It is the high speed back bone network, the majority of internet traffic is funneled into the back bone through the network access point (NAPs). 2) Network access points(NAPs):- These are maintained by sprint, MFS, Pac bell & others, located at strategic areas. 3) Regional networks:- Independently created national and/ or regional networks, normally tied into the NAPs but some service providers have made their own arrangements for exchanging internet traffic. Few of the service providers are , Sinet, UU net and SURA net etc. 4 & 5) Lower level consists of regional , district and individual networks found on large organization, ex, university campus, and business complex. Networks share a common communicating protocols known as Transmission Control Protocols & Internet Protocols (TCP/IP) respectively. These standards of rules are formed for smooth and secure operation of internet.

BASIC

BLOCKS

OF e – COMMERCE

Credit card digital cash EDI etc. Security E –mail , web FAQS (Frequently Asked Questions) Services E- mail web Stared databases. Online catalogs Network communities Shipping infrastructure.
Distribution Production

Databases, Multimedia Authority, Information, Production, Manufacturing. Internet Value added networks Cable TV Telephone networks

Network

The success of e- commerce depends on the network infrastructure. The network infrastructure includes , Internets, cable television, telecommunication networks, private corporate networks etc.

Service Infrastructure

Focuses on

payment , Customer support & security

Production Infrastructure Focuses on

Company’s products,whether it is soft or hard goods etc.

HTTP. The layers add to the data found in a packet to perform their assigned tasks. 4 Focuses on Delivery & after sale service to customers. These protocols include • • • How to access the network How to divide the data into packets for transmission through a cable. Packets:. Layer Application Functions Information TCP/IP protocols FTP. SNMP.to – Peer communications: Data created by one layer in the model and transmitted to the other device on the network will not be altered by intervening layers. All such internet technologies forms the network – infrastructure. This model is called OSI reference model. • Peer. UDP IP. Distribution Infrastructure Network : It is the part and parcel of e. rules that determine every thing about the way a network functions. A seven layered model has been created by International Standards Organizations (ISO) that defines basic network functions. ARP Internet. which forms the physical link between the organizations and / or individuals. Session Transport Network Data link Physical Partner ? Where to send ? Route to be followed Each step in the route How to use TCP.commerce. DNS What is the data to be Application messages transferred ? Presentation How does the data Encrypted look like ? compressed Session messages Multiple packets Packets Frames data.This allows exchange of data at that level by two different network systems supporting the functions of a related layer. PPP Physical writing the Bits medium for each step . A pack consists of series of bits that include control informations for transmitting that data.AKG/ e COMMERCE. as well as data itself.Is the fundamental grouping of data for transmission on a digital network. Network layers & TCP/IP protocols Technologies are specified by protocols – means . Important principles of the OSI reference model are • Open systems concept:. How to recognize the electric signals on a network for corresponding data.

how a protocol exchange data with a protocol. IMPA: Post Office Protocol: Internet Mail Access Protocols. layered above or below it are governed by protocol suites.mail transfer between the servers. Transport layer: • UDP : . ? 5 When protocols are designed. World wide web for visible interface on the internet makes use of HTML code. • • SMTP: Simple Mail Transfer Protocol: Used for e. specifications are set. Few important applications are • • FTP :. extends the capabilities of e – mail messaging. HTTP is for world wide web. • SNMP: Simple Network Management Protocol: For controlling the network devices. It is important for secure transfer of different types of commercial transaction on the Internet.File Transfer Protocol used for file transfer. The advantages of Internet . Protocols: TCP/IP: Transmission control protocol/ Internet protocol: It defines. HTTP:.Hyper Text Transfer Protocols: It determines how a file such as HTML document is transferred from server to client. such as routes. • • How data is to be divided into packets for transmission across a network. MIME . HTTP determines how a file (ex. HTML document) is to be transferred from server to client. MIME complaint messages can consists of a) graphics b)video or sound clips & c) other types of multimedia. PoP. How applications can transfer files & send e – mail ? These protocols provide all the necessary functionality for protective network even if they do not fit in to all seven layers of OSI model. This technology is known as HTTP. • HTML: Hyper Text Mark up Language: Is the standard set of codes. bridges & switching hubs. UDP under stringent situations. • DNS: Domain Naming Services: It is responsible for converting numeric IP address into names that can be remembered easily by the users.User Datagram Protocol or TCP can be used to determine the maximum transmission packet size.AKG/ e COMMERCE. are used to handle the retrieval of messages. • MIME: Multimedia Internet Mail Extension even though Pop & IMMe are originally designed for text only mail. Browser looks at HTML to determine type of display (text and / or graphics). TCP is used when 100 percent transmission reliability is required.

• • user need not belong to any special group. Obviously. of calls. but these fees does not depend on what he / she access to. The client software started by user connects to a home page and then can surf on to other web documents by establishing links on home page and other connected pages. Similarly internet user have to pay fees to ISP (Internet Service Provider) for initial service. The World Wide Web standards are defined by protocol specifications. The world wide web. World Wide Web Is the networked hypertext document? The purpose is to use a markup language to create a document. No special fees. & for contact time. Examine the case of a telephone user. The developers use these protocols to implement the web – browser & web server programs. which results in world wide web of connections between information services on the internet. relaying on function – oriented labels that define how a part of a document behaves (known as tags) instead of traditional word – processing formatting options to control the document display. • • • The internet is an open system The internet itself does not belong to anyone. Not necessary to become anyone’s customer to access any Internet contents. There is no special charge’s based on who contacts whom on phone. without regard to memberships. He / she has to pay 1)initial service charge for connection & commission 2) monthly bill depending on the no. connected to a World Wide Web server. 6 The internet is open: Darwin’s theory of “survival of the fittest” apply here. The results of this competitions are. due to open environment of internet protocols anyone can use them to write software implementations that can be used with other computers & networks running the internet protocols. Web documents can be created in such a way that a person using virtually any brand of computer (character based or graphical user – interface) can access virtually any information. only the best is going to survive long.AKG/ e COMMERCE. • • • • lower cost better performance better affordability & increase in the spread of user Internet does not belong to anyone Advantages of the openness of the Internet. Connectivity through internet allows connected individuals to brows any freely available content. The interaction . The world wide web of connections between information services on the Internet.

certain traffic from Virtual private nets entering the network or server access to another Techniques and solutions for e. Integration of these techniques in the business process will result in safe business transaction maintaining the integrity and confidentiality of data. When data reaches its destination. Encryption is performed with the public key while decryption is done with the private . In public. There are two types of crypto – systems : secret key and public key. Uniform Resource Locator (URL) protocol specifies how individual resources are to be identified with in the World Wide Web.AKG/ e COMMERCE. 7 between browser & server is defined by HTTP. also referred to as symmetric cryptography. & files.key cryptography. The most popular secret – key crypto – system in use today is known as DES. The following section introduce some of the most common solution techniques in e – commerce security. read Encryption or modified illicitly. Message Security Encryption is a cryptographic technology to scramble the data with a key so that no one can make sense of it while its being transmitted. the Data Encryption Standard. IBM developed DES in the middle 1970’s and it has federal standard ever since 1976. the information is unscrambled (decrypted) using same or different key. each user has a public key and a private key. the same key is used for both encryption and decryption. All these techniques and solutions of various vendors are not complementing to each other. SOME SECURITY THREATS & SOLUTIONS Threat Security Function Technology Data intercepted . Locating a specific resource on a computer is complicated the user need to search through the operating system directories. Encoder data to Symmetric Asymmetric encryption and prevent tempering Falsely identity with Authentication an intention of fraud Identity verification of Digital signature both receiver sender & Unauthorized user on Firewall one network gains Filters and prevents Firewalls. folders. In secret key cryptography. number of security techniques and solutions adhering to well and predefined security standards are available in market. The public key is made public while the private key remains secret.Commerce security As security of business transaction is the widely cited issue with online transaction.

How encryption works ? Encrypton or encoding information helps prevent it by unauthorized user. Simple cipher might to be add an arbitrary number of characters to all the character in the message. For example. It is clear from the above example that both the sender & recipient has to know the arbitrary number chosen in order to encrypt & decrypt the original message. chosen is “12”) 1 2 3 4 5 6 7 8 9 10 11 12 ABCDEFGHI JKLMNOPQRST UVWXYZ To decrypt (decode) “Irido”. Key used here is 12. • It is difficult to come up with new. at one stage the lock – gets unlocked. “I” is replaced by “U”. the possible combinations vary from 000 – 999. The number of keys each algorithm can support depends on the number of bits in the key. RSA stands for Rivest. the inventors of the RSA cryptosystem. By using a key. In the above example counting forward (to decrypt) & backward (encrypt) is the algorithm part. Similarly if a 100 bit (binary) key were used on a computer which is capable of guessing one million keys every second could still take many centuries to discover the right key hence the security of the . Both the sender and the receiver have to know what set of rules (called cipher) was used to transform original information in to its cipher text (code) form. start counting from letter “I” & replace the letter “I” in the coded text with the letter which comes after the count 12. one has to try the numbers between zero and nine. But some encryption algorithms does not use a key. 8 key. Cryptographic algorithm combines the plain text or other intelligible information with a string of digit called key’s to produce unintelligible cipher text.say “Udupa” – is the original name “Irida” – is the cipher text (Arbitrary no. First . So. Encryption on key – based system offers two important advantages. Ex:. Ex –8 bit key allows only 256 possible numeric combinations. Hence more the digits (bit – length) more the possible keys and more difficult to crack an encrypted message. The RSA public – key cryptosystem is the most popular form of public key cryptography. each key is called a key of 28. same algorithm can be used with many people with different key for each correspondent. Basically encryption has two parts. • • Algorithm – A cryptographic algorithm is a mathematical function. to unlock a physical number lock of one digit number (0 to 9). similarly for other letters to get back the original name “Udupa” . Shamir. If it is a three digit decimal number.algorithm each time to communicate privately with new correspondent . Key – string of digit. and Adleman. • It is easy to change the key in case of any mal – practice rather than going for a new algorithm.cipher text.AKG/ e COMMERCE.

. Easy to distribute public key. Both can encrypt or decrypt the message. Message confidentiality can be proved :. common key holders can read each other’s mail. the other part. called private key known only by the designated owner. sender & recipient have same secret key identity of originator or recipient cannot be proved.. Data encrypted with private key can only be decrypted with public key. Methods of encryption • • Secret key or symmetric encryption Public key or asymmetric encryption. Secret key : in this scheme . 2. • Symmetric encryption schemes are also subjected to authenticity problems. one of which is used to encrypt the message and only the other one in the pair is used to decrypt. to encrypt and decrypt the data. Because. both the sender and recipient possess the same key. Authenticity of the message originator can be proved : The sender uses his private key to encrypts a message. Draw backs • • Both parties must agree upon a shared secret key.Public key of the pair can be easily distributed . non other. Any one who is using public key to decrypt the message can be sure of messages origin. one part of the key pair. called the public key. Ex: through a server. Strong points of this schemes The key can be used in two different ways:1. Trying each possible key to find the right one to get back original message is called Brute – force method. If the same key is used by more than one correspondent. Encrypting & Decrypting • • Data encrypted with public key can only be decrypted with private key. 3. so that only the private key holder (recipient) can decrypt the message . 9 encryption algorithm correlates with the length of the key. is published widely but still associated with owner. This can be viewed as two part.AKG/ e COMMERCE.The sender uses the recipients public key to encrypt a message.different secret keys. to which only the sender has access. If there are “n” correspondent one have to keep track of n. PUBLIC KEY CRYPTOGRAPHY This scheme operates on double key called pair of keys .

Private key is used to encrypt when the authenticity of message originator is important. To quickly generate a short. he (merchant) would use the merchants private key. Only he can read the message sent by person ‘X’. standard procedures are for the buyer to encrypt messages with his private key. Private key is used to encrypt that digest to obtain digital signature.Each message produces a random message digest using the conversion formula. “one – way hash functions” – fast cryptographic algorithm for generating message digests. It does not use a key in fact it is a formula to convert a message of any length into a single string of digits called a message digest. 10 Disadvantages:. a unique representation of message has come up to encrypt and then to use it as digital signature. “message digest”. Or in other words encrypted message digest (private key is used for encryption ) called digital signature. Secret key and Public key length for equal level of security Secret key length Public key length 56 bits 64 bits 80 bits 112 bits 128 bits 384 bits 512 bits 768 bits 1792 bits 2304 bits Fast Cryptography Asymmetric cryptography algorithms are computationally slow. means any one can access to merchants public key and hence able to read it. Digital Signature:. As only person “Y” has the private key. Say for example person ‘X’ would like to send secret message to person ‘Y’ using public key cryptographic.AKG/ e COMMERCE. encrypt (hash function message digest ) with sender private key Digital signature Verification of digital signature .In commercial transactions. while acknowledgements from the merchant. So steps must be taken to ensure the privacy of sensitive information.

But these key pair’s can be generated by any one. • to receive message (Y receives) 11 a) Decrypt the ‘digital signature’ with ‘X’ public key. Asymmetric cryptography allows a merchants distribute his (merchants) public key to all his correspondents. This allows the third person or party to forge the message in the name of merchant.mail . and send it to person ‘Y’ through Internet. The name of certificate authority. privacy is not maintained. these certificate are issued for 6 months to a year long. Certificate authority Digital certificate is defined as amethod to verify (ex. ( person Y uses the same hash – function as that of person X. but cannot have his (X) hash function. b) Encrypt the digest using “X” – private key (digital signature) c) Combine the plain text (X’s message) with signature . This is where a “certificate authority” comes into existence.As the body of the message is sent as plain text. Public key’s) electronically for authenticity. which was agreed upon before. while keeping the private key secure (confined to himself only). or server. Time limit. and the one which is generated by Y) – then it is authentic – if not signature or message has been tempered. b) Calculate the message digest using hash function. Contents of ONES digital certificate It includes • • • • Holder’s name.hand) c) Compare the each message digest’s are same (one which is sent by X. along with some proof of the identity of the merchant who sends it. Public key of the holders for cryptographic use. may be by e. address. which makes the digital signature authentic. third person may generate a pair of key and send that public key to the merchants correspondents. organization. . Others (correspondents) can request for verification of merchant’s public key from the certificate authority. Using hash function. Say person X is sending the message to person ‘Y’ Steps: * To send the message (X sends to Y) a) Develop message digest for each message .AKG/ e COMMERCE. claiming that it has come from the merchant. Disadvantage :. Advantage: Unauthorized person’s can access to the public key of person ‘X’. Need for digital certificate : Basic aim is to conduct secure and safe electronic transaction. To overcome this difficulty when privacy is important one could use symmetric algorithm for plain text. A certificate authority will accept merchant public key.

12 Class : based on degree of verification Class 1: easiest to obtain . user’s position within the organization is added. The CRL doesn’t include expired certificate. (only the name of e – mail address are verified ). RSA Process 1. Social security number & date of birth along with the other (class 1) Class 3 : in addition to class 2 checks . Encrypt session key with RSA using recipient’s public key. user’s credit card check is added. higher the degree of verification and hence higher the fee payable to commercial or governmental certificate authorities. One can use more than one encryption method. • • Class of certificate Digital certificate identification number. Generate has code of messages with MD5 2. Secures socket layer (SSL) . it involves the fewest checks on the user’s back round. One encryption system is not ideal for all situations.AKG/ e COMMERCE. use IDEA with one time session key generated by sender to encrypt message. Digital signature MD5. Encrypt message digest with RSA using sender’s private key.this is when one party masquerades as someone else. RSA FEW SECURITY STANDARDS FOR INTERNET Spoofing :. Class 4 : in addition to class 3 checks. So that the user know which certificates are no longer valid. Table below shows few algorithms for encryption used by PGP (Pretty Good Privacy ) Function Message encryption Algorithms used IDEA . Higher the class. Certificate Revocation List (CRl) is maintained by certificate authority. Class 2 : it includes user’s driver’s licence. because each certificate has a built in expiration. 2. Certificates lost may be revoked. But remember that the firewalls are not the solution for all the internet security problems. 1.

sends its certificate and its cipher preferences. web servers. The SSl protocol is able to negotiate encryption keys as well as authenticate the server before data is exchanged by the higher – level application. The server recovers the master key and authenticates itself to the client by returning a message authenticated with the master key . In the optional second phase. the server sends a challenge to the client. The client then generates a master key. RC4. The MD 5 message – digest algorithm is also used. a number of cipher are used. Subsequent data is encrypted and authenticated with keys derived from this master key. authentication and message authentication codes. A variety of cryptographic algorithms are supported by SSL. IDEA.web servers. allowing protocols like HTTP (Hypertext transfer protocol). FTP (file transfer protocol). and transmits the encrypted master to the server. 509 syntax. as well as its public – key certificate. The ssl protocol is application independent. Virtual private networking Smart cards. and telnet to be layered on top of it transparently. 13 THE SSL (secure sockets layer) Handshake protocol was developed by netscape communications corporation to provide security and privacy over the internet. The public – key certificates follow the X. the server. The client authenticates itself to the server by returning the client’s digital signature on the challenge . SET includes protocols for purchasing . Commonly used security standards are listed in the following section Standard Function Application Secure HTTP (S – http) Secure web transaction Browsers. After the exchange of keys. Major digital certificate vendors use the SSL protocol including veriSign and Thawte. which it encrypts with the server’s public key. Secured Electronic transaction (SET) Visa and mastercard have jointly developed the secure electronic transaction (SET) protocol as a method for secure. cost effective bankcard transactions over open networks. These includes RC2. DES and triple – DES. layer internet applications. the RSA public – key cryptosystem is used. During the “handshaking” process. transaction servers electronic commerce server authentication and an optional client authentication. The protocol supports server and client authentication. Secure sockets layer (SSl) Secure data packets at network Browsers . The SSl protocols maintains the security and integrity of the transmission channel by using encryption. In the first phase. Secure MIME (S/ MIME) Secure e–mail attachments across multiple platforms Secure wide area nets Point-to-print encryption (S/WAN) between firewalls & routers Secure electronic transaction Secure credit card transactions (SET) The SSL Handshake protocol consists of two phases : e-mail packages with RSA encryption & digital signature.AKG/ e COMMERCE. internet applications. in response to a client’s request.

. Some of the VPN implementing vendors are : Cisco systems. once SET is fully adopted. 14 goods and services electronically. suppliers. Timestep corporation (which produces Ipsec – complaint secure virtual private network solutions). privacy and data integrity.commerce business without proper security measures involves high degree of risk. load balancing. and credentials (i. the necessary confidence in secure electronic transactions such as privacy.AKG/ e COMMERCE. permitted. redundancy. Verisign security services. ROLE OF VIRTUAL PRIVATE NETWORK (VPN) Virtual private network is a low cost and flexible alternative to closed and leased – line connections between remote company sits or between vendors. DotPN. As all of us know the internet is not that very stable all the time and reliable. This allows a secure channel to be established between two systems for the purpose of electronic data interchange using complex and proprietary encryption and authentication techniques. and mobile employees and the company using public network internet. Most of the VPN implementing vendors use a specialized form of encrypted internet transaction. And audits method of “queuing” access in a non – threading manner. • • • Thin / thick client. One should choose the appropriate solution keeping in mind which vendor gives the good protection against unauthorized disclosure of data. requesting authorization of payment. reliability in determining the identity of the communicating party and system by which data is protected from unauthorized modification. which are achieved through certification will be in place. There are degrees of paranoia between these positions. • Right architecture based on connectivity between router to router.e certificates). and denied. VPN client. organization should start by figuring out your overall objectives. integrity and authenticity. In addition to above requirements the following the following factors influences the selection of VPN vendors. one can from a checklist of what should be monitored. In other words. and then combine requirement analysis with a risk assessment. to bet on this method for e. AT & T world network and mistral networks. customers and payment gateways to partake in electronic commerce by enabling the encrypted transactions. firewall to firewall. and plan for implement. Encapsulation Encryption types and accelerators. binding public keys to identities etc. Commonly used protocol for this internet protocol security (IPSec) : A set of protocol standard developed by the internet engineering task force (IETF) which provides standards for authentication. allowing merchants . and control organization needs ? Having established the acceptable risk level by resolving the first issue. The second is : what level of monitoring .

When they are hooked into public networks. and allow access control down to the web – page level. solaris. the segments to which it’s attached. A firewall provides not only real security – it often plays an important role as security blanket for management. Cisco PIX is another dedicated firewall appliance provides full protection for a company’s internal network . Lucent intern network’s secure network combines ascends firewall and encryption techniques for network protection. As you see. these include the uses of : • • • • Routers Firewalls Intrusion Detection Systems (IDSs) Vulnerability Assessment Tools (Scanners. To name few of them are : Access master Netwall firewall from Bullsoft provides scalables load balancing and high availability.AKG/ e COMMERCE. and circuit level gateway architecture to control internet communications. Naturally. this makes them sensible . Firewall that protectsnetwork and system vulnerabilities on systems to the Internet. the infrastructure relies upon layers of devices that serve specific purposes. Axent’s raptor enterprise firewall for windows NT. In market lot of software vendors are in this firewall business. Several security methods that are used wherever the Internet and corporate networks intersect. Routers A router is anetwork traffic – managing device that sits in between sub – networks and routes traffic intended for. etc) Basic Security Infrastructures The basic design for a secure network infrastructure. often in real time. detect. This will examine the pieces of the security puzzle to see how to best fit them together for effective defenses and coverage. since it is the embodiment of the corporate policy. and respond to network attacks. NETWORK SECURITY Firewall Introduction Corporate networks are built assuming certain levels of trust in how the information passing through them is accessed and used. Frequently. Internet dynamic’s conclave firewall application protects information on the internet and intranets. a firewall is very important. the hardest part of hooking to the internet. Here is an attempt to explain security technologies used to defend against attacks initiated from both within and without an organization. but convincing management that its safe to do so. and HP – UX. 15 To ensure communications are private and not altered by third party. or emanating from. IBM’S e Network features filtering proxy. is not justifying the expense or effort . a safer – and more intelligent route – leads security administrators to trust no one on the outside. and provide multiple barriers of security that protect. as well as for private networks. Price and features vary. like the Internet.

To enable two – way traffic. They based the book on their experience developing a firewall to protect AT & T connections to the Internet. Packet Filtering Straight Packet Filtering mechanisms allow communication originating from one side or the other. . based on security policies that are already developed for the routing of network traffic. and the system itself is higly resistant to penetration. whereas an FTP request to a host behind the firewall may be dishonored. is allowed to pass through it . two engineers with AT & T who wrote the classic Firewalls and Internet Security (Addison Wesley. the two networks in question are an organization’s internal trusted network and the untrusted network Internet. What is Firewall ? A firewall insulates a private network from a public network using carefully established controls on the types of request they will route through to the private network for processing and fulfillment. Defining firewalls A slightly more specific definition of a firewall comes from William Cheswick and Steven Bellovin. and are needed to protect internal corporate networks.AKG/ e COMMERCE. nothing in the definition of a firewall ties the concept to the Internet. Internet is the world wide network of networks that uses TCP/IP for communications. Packet filtering firewalls identify and control traffic by examining the source. you must specify a rule for each direction. Firewalls typically run monitoring software to detect and thwart external attacks on the site. Typically. an HTTP request for a public Web page will be honored. there are good reasons for using firewalls in any Internet. Cheswick and Bellovin define a firewall as acollection of components or a system placed between two networks and possessing the following properties: • All traffic from inside to outside. usually while still allowing traffic between the two. Although many firewalls are currently deployed between the Internet and internal networks . Internet is define as any connected set of networks. destination and port. such as a company’s WAN. 1994 ). and vice – versa. • • Application level gateways and Proxy servers Other uses of firewalls include technologies such as Virtual Private Network that use the Internet to tunnel private traffic without the fear of exposure. Firewall is a mechanism used to protect a trusted network from an untrusted network. must pass through it • Only authorized traffic. However. or Intranet. as defined by the local security police. For example. Firewalls appear primarily in two flavors. 16 places to implement packet filtering rules.

Network applications present data to TCP. Lying within the range 1 to 65535. IP is technically referred to as an unreliable datagram service. 17 Another approach to firewalls views them as both policy and the implementation of that policy interms of network configuration. it just drops the packet. called packets. The number does not represent a physical port. an FTP program will connect to port 21 on the FTP server. This is where the higher level protocol.AKG/ e COMMERCE. Thus. Ports 1 to 1. In this context. plus other security measures such as advanced authentication in place of static passwords. The intermediate area occupied by the gateway often refer to as the demilitarized zone (DMZ). but is more like a regional memeory address. This is the port number. or IP. and gives each one a number. The TCp/ IP protocol suite. that block transmission of certain classes of traffic. must pass through a firewall. A protocol is aformal description of messages to be exchanged and rules to be followed in order for two or more systems to exchange information in a manner that both parties will understand. TCP uses the sequence numbers to reassemble the packets in the right order and request retransmission of any packets that got lost along the way. or data and the information that the protocol needs to do its work. the address from which the data comes and the address of the system to which it is going. the rather alarming term “unreliable” simply means that upper – level protocols should not depend upon IP to deliver the packet every time. IP always does its best to make the delivery to the requested destination host. in a protcol header. TCP use another piece of information to make ensure that the data reaches the right application when it arrives at asystem. or screens. It can do this even if some of the packets take different routes to reach their their destination. TCP then presents the data to the Internet Protocol. Higher port numbers are dynamically assigned to client applications as needed. These packets could represent text. Thus. TCP . which is a machine or set of machines relaying services between the internal and external networks by means of proxy applications. officially referred to as the Internet Protocol Suite in Internet standards documents. the Transmission Control Protocol. A firewall may consist of several different components. like the serial port to which a modern or mouse might be attached. dat to be transmitted by TCP / IP has a port from which it is coming and a port to which it . IP attaches to the packet. but if it fails for any reason. comes in. each packet consists of content. including filters. gets its name from its two most important protocols. TCP and IP. which makes the combination of TCP/IP a very reliable protocol. and a gateway. graphics. Some applications use standard port numbers. called the protocol header. afirewall comprises one or more host systems and routers. the Purpose of which is to provide basic host – to – host communication. TCP divides the data into chunks. Internet Traffic All Internet traffic (data transported by the TCP/ IP protocol suite) from inside to outside and vice versa . 023 are reserved for server applications. Physically . although servers can use higher port numbersa s well. for example. sound or video – anything digital that the network can reassembled correctly at the receiving end.

The typical router is about the same size as a VCR. specifically IP. TCP/IP transmissions differ from LAN communications . which could take over the work of making external connections. often in several hops. plus an IP source and destination address. were incompatible with X. however. into WAN protocols. in accordance . Routers make their routing decisions based on tablets of data and rules. Traffic goes to the gateway instead of directly entering the connected network. and the machine hosting the connection to the WAN tended to get overworked. routers look at the address information in TCP/IP packets and direct them accordingly. Routers at the ISP will send the data to a backbone provider. each of which makes decisions about where to direct the traffic.25. Suppose the Web browser is on a PC on a LAN with a PPP connection to an Internet Service Provider (ISP). In this. Along the way they normally pass through one or more routers. It is possible to manipulate these rules by means of filters so that. only data from certain addresses may pass through the router. the packets seldom go straight from the host system that generated them to the client that requested them. a gateway is a computer that provides relay services between two networks. for example. In effect. and could also convent LAN protocols. LAN protocols. 18 is going. Early efforts to enable computers to communicate with each other over long distances used telephone lines and switches to connect calls from one specific computer to another in a remote location. A connection between two computers might pass through several switches until it reached its final destination. to the ISP that serves the machine that hosts the Web site. Firewalls can use these address to control the flow of information. which will route it. Next came a special type of switch called a router. Routers have since evolved into specialized computers. Firewalls as Filters When TCP/IP sends data packets on their merry way. When LANs emerged. they control access to and from the network. Data packets transmitted over the Internet from the Web browser on a PC in Florida to A Web server in Pennsylvania will pass through numerous routers along the way. or firewall. A router. The gateway machine then passes the data. If the router can generate activity logs. Firewalls as Gateways Internet firewalls are often referred to as secure Internet gateways. A firewall may consist of little more than a filtering router as the controlled gateway. Like the gates in a medieval walled city. Basically. thus creating a WAN. this further enhances its value as security device. although smaller models and rack mounted units for major interconnections have entered the market. In firewall parlance .AKG/ e COMMERCE. will likely the packets out from the LAN to the ISP. it made sense for all the computers on one LAN to have access to the machine that had access to the remote connection. which broadcast over a shared wire. this turns a router that can filter packets into an access-control device. or a computer acting as router .

but the system administrator must not lose sight of the broader definition of a firewall as an implementation of security policy. to the other network or to another with access – control policy. a problem that consistently outranks external hacking in information security surveys. unauthorized access by authorized users. through a filter. a site can create very secure firewall to firewall connections. 19 with access – control policy. in particular.By adding encryption to the services performed by the firewall. internal information. acquisitions. installation and use of a firewall system. reorganizations. Firewalls and policy The various configurations of filters and gateways help when planning a firewall defence.AKG/ e COMMERCE. as well as other security measures such as advanced authentication in place of static passwords. In order to communicate in encryption mode. This even enables wide area networking between remote locations over the Internet. While the phenomenal growth of Internet connections has understandably focused attention on Internet firewalls. must somehow trust each other. In these circumstances. according to different rules. enabling the creation of virtual private networks (VPN) as a lower – cost alternative to a leased line or a value – added network (VAN). Some one outside the organization may suddenly need access to some. Nevertheless it is a powerful feature. to the other network or to another gateway machine connected to the other network. Some firewalls take advantage of this to provide additional security services. A firewall is an approach to security. it helps implement a larger security policy that defines the services and access to be permitted. Multiple networks designed by different people. host systems and routers. In a WAN that must offer any – to –any connectivity. Mergers . firewalls can reduce the threat of internal hacking – that is. firewalls play an important role in enforcing access – control policies between networks and protecting trusted networks from those that are untrusted. . segregating the networks by means of firewalls greatly reduces many of the risks involved. other forms of application – level security can protect sensitive data. In other words. but not all. joint ventures and strategic partnerships all place additional strains on security as the scope of the network’s reach expands. firewalls become a focal point for the enforcement of security policy. Types of Network Policy Two levels of network policy directly influence the design. including traffic encryption and decryption. However. a firewall is both policy and the implementation of that policy in terms of network configuration. Firewalls as Control Points by concentrating access control. modern business practices continue to underscore the importance of internal firewalls. through a filter. Internal Firewalls. the sending and receiving firewalls must use compatible encrypting systems.

The company must design the policy in relation to. As mentioned earlier. 20 Network service access policy is at higher – level. firewalls generally implement one of two basic design policies : • • Permissive approach :. but only if necessary and only when combined with advanced authentication. authenticity. issues such as the firewall’s capabilities and limitations . or Restrictive approach :. and the conditions for exceptions to this policy. Firewall Design Policy The firewall design policy is specific to the firewall and defines the rules used to implement the network service access policy. firewall implement one of two general network service access policies: • Either allowing access to the Internet from the site but allowing no access to the site from the Internet. but only to selected systems such as information servers and email servers. and with full awareness of. • Protecting the confidentiality.Deny any service unless it is expressly permitted. the overall organizational policy might state the following principles: • • Information is vital to the economic well being of the organization Every cost – effective effort will be made to ensure the confidentiality. Firewall design policy :. general access to information systems and specific access to services on those systems. the network service access policy provides a balance between protecting the network from known risks on the one hand and providing users reasonable access to network resources on the other. or • Allowing some access from the Internet. . Issue – specific policy : that defines those services to be allowed or explicitly denied from the restricted network. This policy also proscribes the way in which these services will be used. At the highest level. Typically.Permit any service unless it is expressly denied . integrity. • All information – processing facilities belonging to the organization will be used only for authorized purposes. and the threats and vulnerabilities associated with TCP/IP. The firewall’s network service access policy is formulated at this level. as the company desires .is a lower – level policy that describes how the firewall will actually go about restricting the access and filtering the services as defined in the network service access policy. integrity and availability of these information resources is apriority and a job responsibility for all employees at all levels of the company. For a firewall to function.AKG/ e COMMERCE. Some firewalls also implement network service access policies that allow certain users access from the Internet to selected internal hosts. Below this statement of principles come site – specific policies covering physical access to the property. availability and utility of the organizations information.

For example. mode of payment by traditional and on the internet must look alike. These models of payments are used these days by customers. Firewalls that implement the second policy (the restrictive approach) deny all services by default. theoretically . A look at traditional payment methods A list of few payment methods are • • • • • • • • • Cash Debit cards Traveller’s cheque Credit cards Money orders Barter system Personal cheque Bank draft Tokens etc. privacy. users could access new services not currently addressed by the policy. including purchase orders. But the task of e – commerce to provide electronic payment system to meet all the requiments and yet users must find it simple and familiar or in other words. A layered protocol model for electronic payment Policy Data Flow Mechanism . Established traditional mode of payment schemes are designed to meet this requirements. with the exception of those services that the service access policy has identified as disallowed. With this approach. even though the implementation (media) is totally different . The permissive first policy is less desirable. organizations have their own instruments. integrity and authentication for both form of commerce (traditional and or electronic). they could run denied services at non – standard TCP/ UDP ports that are not specifically mentioned by the policy. This restrictive second policy follows the classic access model used in all areas of information security. Methods for meeting all these requirements on the Internet are not yet in place. so that the user’s adaptability is good. since it offers more avenues for circumventing the firewall. The requirements of financial transaction include confidentiality. lines of credit etc. but then pass those services that have been identified as allowed.AKG/ e COMMERCE. 21 Firewalls that implement the first policy (the permissive approach) allow all services to pass into the site by default.

A key feature of card payment systems is that every transactions carries insurance. Cheque :. .Card payment schemes provide a payment mechanism through the existing credit card payment infrastructure.AKG/ e COMMERCE. which may be authenticated independently by the issues. merchants and financial institutions. Helper applications (such as wallet) can be incorporated with the browser to handle special types file and applications. This is achieved through the use of self – automating tokens on temper proof hardware. An understanding of credit cards payment schemes on internet What is Web – browser ? A software program that allows one to connect with the network servers in order to access HTML documents and their associated medis files and to follow links from document to document. SSL :. Such schemes have many structural similarities to cheque models except that solutions are constrained by that structure. Before transferring . since policy depends on data flow and data flow depends on mechanism.Secure Socket Layer. account enquiries and settlements. Normal payment protocol models Cash :. The server may be a network or Internet. Gateway :.Cheques are payment instruments.The methods by which the necessary security requirements for messages and stored data are achieved. All three levels are interdependent .this includes refund policies and liabilities included by customers. • Mechanisms :.It consists of a token. like S – HTTP. 22 • Policy :.The requirements for storage of data communication between the parties. whose validity requires reference to the issuer. the program converts the data into protocol compatible form. Card :. • Data Flow :. or page to page. This includes not only the data flow for payments themselves but also for refunds.It is a software program used to connect two networks using different protocols so that they can transfer data between the two.

Verifone and First Virtual Payment Schemes As row data transmitted across a network is not secure. but only authenticates. Two distinguishing features of these systems are • • The level of security they provide for transactions. (Encryption level) CGI (Common Gateway Interface) is aform of scripting on the server side. If the entire transmission is encrypted. maintained by the credit company (ex : Like cyber cash or veritone) for authentication or approval. System is designed to work with HTTP web – server. Over the Internet also. The merchant then uses this endorsed slip to collect funds from the bank.A software program that manages data at the web site. And a next billing cycle the consumer receives a statement from the bank with a record of transaction. Cyber cash and Verifone use a helper wallet for the web – browser. Web – Server :. Hence only third party (authorization agency) have the customer credit card number who does not give his number to the merchant. and pass encrypted credit card number through the merchant to its own processor / server for . The credit card transaction sequence • The consumer presents preliminary proof of his ability to pay by presenting his credit card number to the merchant. It gives the protection against the fraud. A trusted third party can be used to separately decrypt the credit card information for authorization of the purchase. The scripts. Cyber cash. This has led to a variety of systems for using credit cards over Internet. normally written in the Perl coding language are often used to exchange data between a web – server and database. control access to that data. security protocols such as SSL are used on the network for secure communication. This also sub – divided according to what is encrypted . Verifone or First virtual are some of them who provides the systems to protect against merchant fraud. credit card payment follows the same sequence with added steps to provide safe and secure transactions and authentication of both buyer and seller. 23 Wallet :. Credit cards can be handled intwo ways • • Sending unencrypted credit card numbers over Internet (Non secure) Encrypting the credit card numbers before sending over Internet. the merchant has to decrypt to complete a purchase order. and creates a purchase slip for the consumer to endorse. & The software required on both (customer and seller ) sides of the transactions. and responds to requests from web – browsers. Cyber cash.AKG/ e COMMERCE. • • • The merchant verifies this with the bank.A helper application for a web browser used to pass an encrypted credit card number from a buyer through the sales merchants.

if not “not – ok”. SET and JEPI There are two significant standards in the works that will make the interoperability of electronic wallet and credit card transactions simpler. Bank gives the authorization to credit card processors. first virtual converts to the virtual PIN to the credit card account number to clear the purchase. From the customer. 6. it acts between the network and transport layers to pass off the incoming transactions to the proper transport protocol.AKG/ e COMMERCE. On the merchant side (server side). It uses digital certificates to ensure the identities of parties involved in purchase and also encrypts credit card and purchase information before transmission on the internet.Developed by a consortium led by master card and visa. Verified information is sent to merchant by third party. [Digital signature => Message digest + encryption ] 2. 5. Joint Electronic Payments Initiative (JEPI) :-By world Wide Web consortium and commerce net it is an attempt to standardize the payment negotiations. Steps involved 1. Credit card processors ask for verification (check requested by step 3 from customers bank ). to use a variety of protocols. First virtual issues a virtual PIN to the customer who then uses it in place of the credit card number. First Virtual uses E – mail to obtain the customers approval of the purchase before issuing are authorization to the merchant. After receiving the sales information from the merchant . . It is a combination of protocol designed for use by other applications (such as web – browsers) and recommended procedures (standards) for handling credit card transactions over Internet. merchants. it serves as an interface that enables web – browser and wallets. banks and other card processors. Credit card processors give the signal to the third party (processor) – ok in case of correct credit card number and sufficient funds to make a purchase of his/ her desire. Advantage • • JEPI makes it easier for the buyer to use a single application and single interface. 8. 7. 4. and proper payment protocl. It is designed for cardholders. From the merchants encrypted message is sent to third party encryption software. 3. It is easier for the merchant to support the variety of payment systems that are in use. like E – mail vs HTTP. Merchant sends the purchase information to customer only after receiving the “OK” signal from the third party. On client side. like SET. encrypted credit card number and the digital signature are sent to the merchant . Secured Electronic Transactions (SET):. It is used on client and merchant side. Third party requests for check (credit card authenticity and A/C position ) from credit card processors. 24 authentication.

Financial Services Technology Corporation (FSTC) Cyber Cash. FSTC System It is a consortium of banks and cleaning houses that has designed an electronic cheque. Electronic Cheque 25 Basically a paper cheque is a message to a consumer’s bank to transfer funds from his / her account to someone to someone else account. Paying authority verify the message and identity before transferring the fund. who inturn endorses the cheque and presents it to the bank to obtain funds. DD etc) is sent through the receiver to the paying authority (bank like). the message is given to the receiver.AKG/ e COMMERCE. The cyber cash electronic cheque system does not provide multiple payment options. It functions as a message to the sender’s bank to transfer funds. through. existing banking channels can clear payments over their network. DD etc) is returned to the sender and can be used as proof of payment. The model is based on traditional paper cheque. Paper cheque procedure:• • • The message (cheque . business could use the FSTC scheme to pay invoices from other businessers. Electronic cheque has all the same features as a paper cheque. In both case. Cancelled paper massage (cheque. Following two provides the electronic cheque for online payment. cyber cash will not serve as an internediate party for processing cheques. unlike the cyber cash credit card system. . Electronic cheques can be delivered either by direct transmission over a network or by e – mail. (SET protocol) Cyber Cash Electronic cheque It is an extrension of their wallet for credit cards. This leads to a convenient integration of the existing banking infrastructure and the Internet. FSTC offer users a choice of payment instruments that allow them to designate an electronic cheque as a certified cheque or an electronic charge card slip for greater flexibility. payer’s bank and bank account. FSTC plans for electronic cheques including money transfer and transactions involving the national automated clearing house association for transferring funds between banks. Superiority of electronic cheque over paper cheque: • Customer (sender of cheque to web – merchant to pay for his item) can encrypt his/ her account number with banks public key there by not revealing account number to the web – merchant. • Digital certificates can be used to authenticate the payer. Electronic cheque works electronically with a digital signature for signing and endorsing. instead these functions will be handled directly by banks.

like the cash one get from bank (or from any other source) does not bear the names of the recipient on it. especially for commercial transactions differ from the way a consumer conducts the business on the Internet. Business – to – business [B2B] commerce :. The bank has to honor the token when it receives from the merchant because of the validation stamp it attached. • Consumer only has to deal with his bank. called blind signature.Transactions between the business communities 2. Business – to – Business use of the Internet. Disadvantages • String encryption scheme adds to the processing overheads of the system. Who pay’s is not important as long as an merchant gets his payment. where security needs are high. and may slow it down – Hence for large transaction. • Authentication is not an issue. allows the buyer to obtain e – cash from a bank without the bank being able to correlate the buyer’s named with the issued tokens. Anonymity can preserved using blind signature.Transactions between the business communities (say merchant) and consumer. this system (digital cash) is not effective. Anonymity can be preserved Scheme (developed by Digicash). depending upon the types of transactions one can broadly classify it into 1. Digital cash can be issued in very small denominations that can be used to pay for very small transactions.AKG/ e COMMERCE.Commerce market The market. certified cheque. Advantages • • • Best suited for small transactions. Classification of e. but bank cannot tell who made the payment. Business – to – consumer [B2C] :. not a number of financial institutions to make these different types of payments. • The low cost of e – transactions makes it feasible for merchants to charge small amount without losing profits. This . consumers can have variety of different payments (cheques. Business buyers are typically time – constrained to accomplish a job or task in hand or in other words business buyers have little time for online browsing. 26 Advantages of FSTC • FSTC system. ATM and so on ) using a single interface that gathers all transactions in to a single account log.

Business can adopt their value – adding processes to the virtual value chain in three stages: • • • Viewing or keeping an eye on the physical operations by means of information. improve the customer relations. information is used as part of the support structure to help other activities to add value and it remains internal to the company . Amount of merchandise purchased electronically by business through EDI. Mirroring or substituting virtual value activities for physical one.Each of the activities that add value to the product and service that is provided by the firm is called value chain. Because of the early accessibility of information in the world of e – commerce. resulting in indirect gain. Forming new relations. Business to consumer market is larger than the online consumer market . Virtual Value Chain:. Facility provided to share the information.means the activities performed with information rather than something physical like the raw materials used to manufacture bicycle. has led to new type of value chain “virtual value chain”. • • • • Procurement Human Resource Management Technology development Firm infrastructure Value Chain :. search able questions with customer support. e – mail . • • • • • design production marketing fulfillment customer support These activities depend upon support structure which include. 27 market is relatively established as compared to business – to – consumer market. These activities enhance the company performance by adding value based on new type of information sharing Virtual Value chain.For example hard goods. Some of the activities to meet the above requirements are.AKG/ e COMMERCE. manager can now use information in their virtual value chain which helps to add value in new ways. such as Frequently Asked Questions (FAQ). Value Chain and Market space Any company to survive in the market has to improve its performance continuously as per the need of the hour and keeping further developments in mind. and propriety order entry is much greater than online commercial networks. . Traditional Value Chains :. voice mail or web site (if Internet is used).

• • Gathering Organizing . the Internet enables intermediaries to lower their transaction costs & also a global base of operations.an intermediary might focus on a particular market in a comprehensive way and would therefore deal only with certain companies. Framework for business values Combined value chains = Physical value chain + Virtual value chain. By participating in the market space. business can establish tighter and more dynamic links with partners. such as utilizing only virtual value chains and the product they create. CAD/CAM (Computer assisted deviser/ Computer assisted manufacture) can be used to realize a physical system. Role of Intermediaries (Middlemen) Intermediaries have played a valuable economic role. Assist in after sale support. even before the rise of the Internet and electronic commerce. Two ways to build relationships that are important to electronic commerce are. Work in information driven market. Execute the business transaction. tracking their products and inventories. distance is not the barrier. • • • • Support buyers in identifying their needs and in finding an appropriate seller. Provide an efficient means of exchanging between both the parties. its activities can be divided into five groups. It consists of the transition from physically defined markets to markets based on. For ex:. Via electronic means Intermediate and integrators to help both buyers and sellers with large number of possible interactions found on the Internet. 28 This virtual value chain helps to visualize relationships between links in the value chain. When it comes to virtual value chain. But with the rise of e – commerce / or Internet has provided new potential for middlemen. Intermediaries form virtual value chain Intermediaries serve an integrating function for customers and business alike.AKG/ e COMMERCE. Marketing :The Internet can become an ideal vehicle for initiating and strengthening relationships between business and their customers. and controlled by the information. As Internet grows. By providing communication and transaction infrastructure. • • On line community where groups of users interact with each other largely. Main roles of intermediaries are. has led to a new term for the market where electronic market is conducted called the market space. web site proliferates & the role of intermediaries and integrators expand.

A good look at the value chain matrix. customer services. For ex: hand coding HTML pages works for small web – site in their initial stages of availability but as the web grows. Maintaining flexibility. which will result in saving money and time while improving the performance. a two way gain. Planning for expansion & rapid growths using data warehouses. Inorder to do so changes are for. Information sharing. • • • Implementation of e – commerce technology require infrastructure charges. direct savings. and hence the need for automated procedures to create web – pages. • • • Selecting Synthesizing Distributing 29 Each of these activities adds value to the physical value chain resulting in a combined value chains or value chain matrix. Implementations issue:Using pilot projects. Early prediction of some problems may be obtained by pilot projects but not all the problems. • • Use of electronic systems to share data and avoid duplication of efforts. A comprehensive communication network makes it possible for a flexible organization to respond. Intermediaries. Certainly this change is the result of virtual value chain. organizational learning. indicate that there are number of locations in any business process to add value oe to improve the process. The very idea is to adopt the virtual value chain to extract maximum value from the market space. • • Transform the organization – customer relations. E – commerce business issues As one plan his/her strategy to incorporate electronic commerce into business. • to improve the organization – product promotions. • Some problems will be apparent only on full – scale implementation then one need automated procedure to tackle the problem. Redefine the organization – new products. Intermediaries can help to restore incompatibilities avoiding the need for frequent short term changes.AKG/ e COMMERCE. he/she should be prepared for a number of issues. . new business models or organization. Flattening the organization. setting up work flow applications. new Sales channels. • Relational databases and object-oriented approaches can help expansion and growth.Building infrastructure for sharing information. These issues are : Organizational issue :. • The Internet brings new considerations for information systems. Information management is crucial and may necessitate changes in the information infrastructure. new features are included. Automation processes. Knowledge management. Intermediaries can also handle data access control.

and its jurisdiction is with the commerce department. Build customer loyalty by creating communities of interest. Detailed profiles can be used to make promotions relevant to customers. the Internet has been able to meet the demands of its users. Video and video conferencing. Marketing issues:. or RSVP. The objectives of effective marketing are listed below : • • • • • Able to reach at small groups and online communities. • It is necessary to integrate the process with existing accounting systems whether one support micro – transactions & or subscriptions. bringing into question the robustness of the Internet for business uses. The most sophisticated issues of all ! Legal issues are still remain to be resolved.AKG/ e COMMERCE. Legal issue:. • Checklists are helpful to support customer initiated information pull. Taxation issues are complicated by the decentralized nature of the Internet. Advertising through medium. part of the Internet. the Resource reservation Protocol. and for prioritized traffic. 30 Propriety solutions are created when necessary and can be replaced with commercial solutions when available. such as Netcom. Effective marketing needs consumer information with good scope for privacy. Encryption export laws. defining and maintaining communities of interest. Customer & Corporate privacy. for example. Export controls on cryptographic products etc. has been developed to help reserve bandwidth for multimedia transmissions such as streaming audio. requires a different approach from traditional print and broadcasting advertising. Stability of Internet must be considered.Promoting two way interactive communications. this same protocol can be . As the Internet has become a powerful interactive communication medium. Private Nets So far. but 1996 was the first year when some began to question whether the Internet was capable of scaling up further. segmentations. such as Internet. and whether it could reliably meet the communications demands that will be placed upon it. Highly publicized service outrages from respected Internet service providers. At & Torldnet etc. push and pull information flow. traditional push and pull marketing is transformed on to net. • • • Privacy issues have legal as well as marketing ramifications. • • Use of data warehousing and data mining techniques helps to facilitate customization.Taxation. profiling customers. • Law enforcement and government officials are concerned about the use of encryption & anonymous methods of payment. The protocols are being developed to allow Internet users to reserve bandwidth for applications. The Internet vs.

Many developers of security products have been focusing narrowly on either their individual applications or on a limited range of applications. EDI is a standardized way of transferring purchase and financial information. intended to be the digital equivalent of real cash. each bank issues its own electronic cash tokens that are not compatible with systems used by other banks. allowing for communication with other partners and customers without requiring special set ups. Defacto standards are evolving rapidly. ISPs are also starting to offer their own end – to. but not for business – to – business commerce. Nevertheless. Security There are many options for securing communications on the Internet. Security market has yet to determine the most appropriate level to implement security options. these networks can be used to speed along summer internet traffic.AKG/ e COMMERCE. Private networks also offer another advantage that they link to the internet.mail and the web). Digital cash. SSL for protecting data transmitted over the Web and S/MIME and PGP for protecting e – mail messages. the time required to set up EDI has been one of the reasons for it rather limited usage). This incompatibility of digital cash systems will remain a problem for consumer – to –business commerce for the next few years at least. At the moment solutions are available for use at the application level (such as security protocols for e. 31 used to priority e – mail for EDI messages or FTP for file transfers. Smart cards Digital cash. one that is usually negotiated between business partners before any transactions occur (Of course. These private commercial networks also make it easier for companies to form virtual private networks (VPNs) with added security. at the session level (SSL. More application using cryptography for electronic commerce. for example and at lower levels in that network ( securing IP packet – level transmissions on the Internet . have to face multiple digital certificates in different formats – at least until some standard is developed. for instance). Aimed at businesses. but still link to it is needed. This approach of negotiating procedures will extend to other businesses as they use EDI over the Internet.end networks across the United States independently of the Internet’s main backbone. replacing private corporate networks can be less costly than leased – line net-works. Worrying about exchanging digital cash between banks even within the same country would be intolerable. like Crypto API and Intel’s Common Data Security Architecture (CDSA) are an attempt to provide layered security services that make it easier to share encryption algorithms and digital certificates between applications rather than write the required software from scratch. Routers supporting RSVP are only now becoming available it ‘ll be sometime before a great deal of the internet routinely supports RSVP. A great deal of work is being done with public key cryptography. and this will continue to lead in the market place. Initiatives. there is no single dominant solution in a wide field of options and proposals. and these businesses are likely to follow similar procedures with payment systems . even with the additional rates incurred.

Everything needed for the distribution and verification of digital certificates is being built from the ground up. Nortel. Customers visit a company’s web site to find out details about the products and services it offers. These smart cards will not only be used for Internet based purchase. Online Catalogs Online catalogs are likely to continue to be an important part of electronic commerce. The Mondex smart cards use the digital cash system developed by David Chaum and Digicash. which will be crucial and standard way of doing things for sometime. & Micro transactions EDI . and is. as more than one public key algorithm can be. Electronic mail. Dynamically generated custom catalogs search and draw data from corporate database. intermediaries such as Nets Inc. But the real impact of electronic commerce especially tied to the internet. and they have been ramping up their efforts with electronic commerce on the Internet in mind. will come with the development of smart cards that include an embedded microprocessor. 32 other than EDI. for both business – to – consumer commerce and business – to – business commerce. Pre – paid or stored – value cards are currently in use for public telephones. so that they can take their decision. but the procedures are generally the same.AKG/ e COMMERCE. EDI. and Verisign are issuing digital certificates to individuals as well as businesses. they have not yet seen widespread use. furthermore . things might be done little differently. Commercial firms like Cyber Trust. Custom catalogs dynamically generated from corporate databases will be the norm. The technology to support electronic commerce using smart cards is still being developed and it being filed – tested on a limited basis. interoperability between certificate authorities is not guaranteed. Smart Cards Although smart cards have been around for more than a decade. However a fully developed hierarchy of certificate authorities has yet to be established. employed. When they visit a different Web site. Digital certificates and public key systems have no pre – existing trust network comparable to existing financial infrastructures. but will also be able to serve as electronic purses that can be used for everyday purchases at stores. and mass transit systems in the United States and overseas. And also Infrastructures must be built to handle a high volume of digital certificates and key pairs. In the absence of suitable infrastructures for these other payment systems. tollbooths. will continue to provide standardized methods of handling financial transactions between buyers and sellers.

business have been reluctant to use Internet – based e – mail for electronic commerce because it lacks the necessary security. The protocol for this is still being reviewed by the IETF. such as electronic mail. can be equally important to electronic commerce. on the Internet. but it will help to further the acceptance of EDI. EDI VAN’s routinely use e – mail for transferring EDI data between partners. But that’s changing as newer protocols are being developed by the IETF. with its Cyber coin software is the first company to offer a commercial system that supports micro transactions. Funds for these cash transactions typically from 25 are drawn from a consumer’s existing bank account. Using the Internet for EDI is less expensive than private networks . The Internet offers a low – chains and the handling of their financial transactions. Micro transactions Although micro transactions and micro payment schemes have been mentioned a number of times. and other options businesses have come to rely on. Electronic mail Although the world Wide Web has received a lot of focus. such as EDI documents . Cyber cash. other Internet – based services.AKG/ e COMMERCE. and they are routinely using it with their suppliers to simplify management of their supply chains and the handling of their financial transactions. EDI is being integrated with other software. The Internet offers a low – cost alternative for transmitting EDI data with VAN. Two of immediate interest to electronic commerce are retrieving selected product information and negotiating the sale of an item. because they would still need to integrate EDI data with their internal systems. . In the past. self – learning programs that users can instruct to perform acts on their behalf. 33 The original electronic commerce applications using networks are commonly referred to as EDI. Finally VANs themselves are supporting Internet access for conducting EDI. Many large corporations have implemented EDI. Limited pilot projects are now underway to test some of the technologies proposed for micro payments. For example. Micro transactions using Cyber coin software are also being tested. A variety of uses for software agents have been proposed. they are both certainly technologies that are still in their infancy. By itself. More vendors are offering products to conduct EDI over the Internet. Software Agents One of the hot and perhaps over – hyped technologies advanced over the past few years has been software agents. directory services . this won’t make EDI more appealing to smaller businesses. For instance S/MIME is becoming an ad hoc standard for securing multi – part e –mail. One option that’s been missing from Internet e – mail is a standardized way to acknowledge receipt of a message. Standard bodies and developers for EDI are extending the standards to simplify negotiations between business partners and to add support for real time EDI. Cyber cash has already initiated a number of strategic alliances to support the system.

34 An internet software agent developed by Arthur Anderson Inc.AKG/ e COMMERCE. has already demonstrated the first task : their software agent accesses data from various Web – based audio CD dealers to find the best price for a particular selection. Similar agents could be constructed to visit numerous online catalogs extract information on selected products and present that data to the user in a personalized buyer’s catalog. Sales negotiations are a more complex process and agents capable of performing such tasks are still in the research phase. .

AKG/ e COMMERCE. 35 .