Kuvempu University 6th semester Sample Paper                                                                              E-COMMERCE

1. Explain any three basic needs of consumer oriented e-commerce.

Ans:- Following are the basic needs of consumer oriented e-commerce:--

i) Standrad business practices and processes for the selling and buying of product as well as services need to be established.

ii) Easy to use and well accepted software and hardware implementation of the various stage of e-commerce such as order taking, payment, delivery and so on.

iii) Secure commercial and transport practices that make the parties believe that they are not at the mercy of anybody else for the safety of their information and goods need to be in place.

2. What are EDI and electronic fund transfer?

Ans: EDI stands for Electronic Data Interchange. This is the inter-process communication of business information in standard electronic form. Using EDI, trading partners establish computer-to-computer links that enable them to exchange information electronically.

EFT is the process of fund transforming through internet. These both EDI and EFT are technologies that is used to exchanging the information during the e-transaction.

3. What is mean by integration of data?

Ans: Integrity of data means data and application should be safe from modification without the owner’s consent.

4. Explain secure socket layer (SSL).

Ans: It is a security protocol that provides privacy over the internet. The protocol allows client/server application to communicate in a way that data transmission cannot be disclosed. This is an application independent protocol. SSL employs RSA cryptographic technique to implement data encryption.

5. What is the need for standardization? Explain.

Ans: To the flow of information seamlessly from one source to another or across various hardware and software, the standardization is required.

7. What is the need for seamless connections? Define a Software Agent.

Ans: Seamless connection: - The biggest barrier to electronic trade is having all the pieces work together so that information can flow seamlessly from one source to another. This requires standardization.

Software Agent: -Software agents are encapsulation of user instructions that perform all kinds of tasks in electronic marketplaces spread across networks. It is used to implement information brokerages. It will take a while to solve the problems of inter-agent communication, interoperable agents, and other headaches that come with distributed computing and networking                                                                  

8. What are the categories of consumers?

Ans: categories of consumer: -- i) Impulsive buyers:- They purchase products quickly.

  ii) Patient buyers:- They purchase product after making some comparisons.

  iii) Analytical buyers:-They do substantial research before making the decision to purchase products or services.

9. How does digital signature works? List any two tangible benefits of EDI.

Ans: Digital signature works by providing two keys, one with the public and other privately with the layer. The signature is coded with both.

Tangible benefits of EDI: -- i) It is a cost and time saving system.

ii) It improves problem resolution and customer services.

ii) It expand customer/supplier base.

10. What is Supply Chain Management? Define virtual organization.

Ans: SCM is an integrating process based on the flawless delivery of basic and customized services. It plays an important role in the management of processes that cut across functional and departmental boundaries.

Virtual organization:- It is a organization closely coupled upstream with its suppliers and downstream with its customers. This is a multilayered organization. It allows gaps to exist between employees from different departments.

11. Explain different operations carried out in e-commerce.

Ans: Operations came under e-commerce: -- i) Transactions between a supplier and a buyer or between two companies over a public network such as ISP.

ii) Transaction with the trading partners or between the officers of the company located at different location.

iii) Information gathering needed for market research.

iv) Information processing for decision making at different levels of management.

v) Maintenance of records needed for legal purpose, including taxation, legal suits.

vi) Transaction for information distributions to different retailers, customers including advertising, sales and marketing

12. What is the basic banking services provided in e-commerce?

Ans: Basic Banking services: -- i) Checking his account statements.

ii) Round the clock banking

iii) Payments of bills

iv) Fund transfer and updating of his passbooks.

 

 

13. Explain the three stages of e-commerce architecture on web?

Ans: Stages of e-commerce architecture on the web:- a) Client browser :- It resides on the user’s PC or workstation and provides an interface to the various type of content. It easily understands that what file it is downloading and what browser extension it needs to display the file.

b) Web server: - It retrieves information and data, manage transaction and security.

c) The third party services: - It could be other web server that makes up the digital library, information processing tool, and electronic payment system.

14. What are the desirable characteristics of an electronic market place?

Ans: Following are the desirable characteristics of Electronic Market Place:--

i) Critical mass of buyers and sellers:- The trick is getting a critical mass of corporations and consumers to use electronic mechanisms.

ii)Opportunity for independent evaluation and for customer dialogue and discussion:-  In the market place users not only buy and sell the products or services, they also compare notes on product who has the best and whose prices are less.

iii) Negotiation and bargaining:- Buyers and sellers need to be able to haggle over conditions of mutual satisfaction, including money, terms and conditions, delivery dates, and evaluation criteria.

iv) New product and service;- In a market place consumer can make request for products and services offered currently rather they also offered those product that belongs to their requirement and expectation.

v) Seamless interface:- The biggest barrier to electronic trade is having all the pieces work together so that information can flow seamlessly from one source to another. This requires standardization.

15. Explain electronic tokens present in payment systems.

Ans: i) Cash or real-time: Transactions are settled with the exchange of electronic currency.

ii) Debit or prepaid: User pay in advance for the privilege of getting information. Ex—smart card, and electronic purses

iii) Credit or postpaid: The server authenticate the customers and verify with the bank that funds are adequate before purchase

16. What is E-Commerce? List the various activities carried out in E-Commerce.

Ans: E-Commerce -The process of buying and selling of products and services through web or internet is termed as e-commerce.

Activities came under e-commerce:-- i) Transactions between a supplier and a buyer or between two companies over a public network such as ISP.

ii) Transaction with the trading partners or between the officers of the company located at different location.

iii) Information gathering needed for market research.

iv) Information processing for decision making at different levels of management.

v) Maintenance of records needed for legal purpose, including taxation, legal suits.

vi) Transaction for information distributions to different retailers, customers including advertising, sales and marketing.

17. What is E-cash? Give its properties.

Ans:E-cash:- Electronic cash is a new concept in on-line payment system. It combines computerized convenience with security and privacy that improve on paper cash. It is an attractive alternative way for payment over the internet.

Properties: -- i) It must have a monetary value.       ii) It must be interoperable.            iii) It must be storable and retrievable.         iv) It should not be easy to copy or temper with while being exchanged.

18. List the different layers of EDI implementation.

Ans: i) Business Application Layer- This layer creates a document send it to an EDI translator layer.  

ii) Translator layer- It describe the relationship between the data elements in the business application and the EDI standards.     iii) Internal format conversation   iv) EDI envelop for document messaging

19. What are software agents?

Ans: -- Software agents are encapsulation of user instructions that perform all kinds of tasks in electronic marketplaces spread across networks. It is used to implement information brokerages. It will take a while to solve the problems of inter-agent communication, interoperable agents, and other headaches that come with distributed computing and networking.

20.What is firewall? What are the three types of firewall?

Ans: Firewall is a security device that allows limited access out of and into one network from internet. It is a piece of hardware that is connected to a network to protect it from agents. It only permits approved traffic in and out of one’s local site. It operates at the application, network, and transport layers of Protocol stack.

  There are three type of firewalls:-   i) Packet filter   ii) Application-level gateway    iii) Proxy server

 

                                                                         E-COMMERCE

1.a) Explain different categories of operations come under e-commerce.

Ans:  Operations come under e-commerce: -- i) Transactions between a supplier and a buyer or between two companies over a public network such as ISP.

ii) Transaction with the trading partners or between the officers of the company located at different location.

iii) Information gathering needed for market research.

iv) Information processing for decision making at different levels of management.

v) Maintenance of records needed for legal purpose, including taxation, legal suits.

vi) Transaction for information distributions to different retailers, customers including advertising, sales and marketing.

vii) Information manipulation for operations and supply chain management.

b) What are the desirable characteristics of E-marketing?

Ans: Characteristics of E-marketing: -- i) Critical mass of buyers and sellers:- The trick is getting a critical mass of corporations and consumers to use electronic mechanisms. The e-marketing is the place where customers go to find the product and services they need.

ii)Opportunity for independent evaluation and for customer dialogue and discussion:-  In the market place users not only buy and sell the products or services, they also compare notes on product who has the best and whose prices are less.

iii) Negotiation and bargaining:- Buyers and sellers need to be able to haggle over conditions of mutual satisfaction, including money, terms and conditions, delivery dates, and evaluation criteria.

iv) New product and service;- In a market place consumer can make request for products and services offered currently rather they also say about those product that belongs to their requirement and expectation. They can also ask for modification, upgradation of products and services.

v) Seamless interface:- The biggest barrier to electronic trade is having all the pieces work together so that information can flow seamlessly from one source to another. This requires standardization

vi) Recourse for disgruntled buyers:-- A viable marketing must have a recognized mechanism for resolving disputes among buyer and seller. Market should include a provision for resolving disagreements by returning the product or through arbitrage in other cases.

2.a) List the OMCs (Order Management Cycle) generic steps.

Ans: OMC has eight generic steps which grouped in three phases:--

Phase 1. Presales Interaction:

Customer inquiry and order planning and generation. Cost estimation and pricing of product.

 Phase 2. Product service production and delivery:

Order receipt and entry. Order Selection and Prioritization. Order Scheduling. Order fulfillment and delivery.

Phase 3. Post Sales Interaction:

Order billing and account/payment management. Customer service and support.

2. b) Explain Mercantile models from the merchants perspective.

Ans:- i) Order planning and Order generation: - Order planning leads intoorder generation. Orders are generated by broadcast ads, sending personalized e-mail to the customer, or creating web pages.

ii) Cost Estimation and Pricing: - Pricing is the bridge between customer needs and company capabilities. Pricing at the individual order level depends on understanding, the value to the customer that is generated by each order, and instituting a system that enables the company to price each order based on its valued and cost.

iii) Order Receipt and Entry:- In this step customer enter his order about services and products that he want to buy. This department is staffed by very experienced employees.

iv) Order Selection and Prioritization: - In this phase CSRs decide that which orders to accept and which to decline and set priorities because some orders are better for business.

v) Order Scheduling: - It means slotting the selected order into an actual production or operational sequence. This is very difficult because the different functional department’s like- sales, marketing, customer service etc may have conflicting their goals.

vi) Order fulfillment and Delivery: -- This is very complex phase where the actual provision of the product or service is made.

vii) Order Billing and Account/Payment Management:-

viii) Post-sales Service:- It play important role in company’s profit equation. Depending upon the specific of the business, it can include element as physical installation of a product, repair and maintenance. Because of the information conveyed and intimacy involved, post sales services can affect customer satisfaction and company profit.

3. What are the three type’s electronic tokens? Explain.

Ans: Following are the three type of Electronic tokens:--

i)Cash or real-time: Transactions are settled with the exchange of electronic currency.

ii)Debit or prepaid: User pay in advance for the privilege of getting information. Ex—smart card, and electronic purses

iii)Credit or postpaid: The server authenticate the customers and verify with the bank that funds are adequate before purchase.

4. Draw the layered architecture of EDI.

Ans:

EDI Semantic Layer Application level servicesEDI Standard Layer EDI FACT business from standards

ANSI X12 business from standardsEDI Transport Layer Electronic Mail X.435, MIME

Point to Point FTP, TELNETWorld Wide Web HTTP

EDI Physical Layer Dial-up lines, Internet, I-way

EDI consists of following layers:- i) Semantic or Application Layer:- It describes the business application that is driving EDI.  The information seen at the EDI semantic layer must be translated from a company specific form to a universal form so that it can be sent to various trading partners, who could be using a variety of software applications at their end.

ii) Standard or Translation Layer:- It consists of some compatible  EDI document translation software such as X12, FACT. When a trading partner sends a document, EDI translator converts the proprietary format into standard format by the processing system. When another trading partner receives this document then EDI translator again changes the standard format into proprietary format so that both companies read easily the documents of each other.

iii) Transport Layer:- This layer provide carrier such as E-mail, HTTP, MIME, FTP, TELNET etc to send information or document from one company to another company.

iv) Physical Layer:- It consists of physical means such as Dial-up lines, Internet, I-way, and modem

this makes a network through which an e-mail can be send to the destination  

5. Describe the steps involved in designing electronic payment systems. 

OR  List the various issues in e-payment system.

Ans: Steps involved in designing electronic payment system: i) Privacy:- A user expects to trust in a secure system to ensure own privacy.

ii) Security:- A secure system verifies the identity of two party transaction through “user authentication” and reserves flexibility to restrict information through access control.

iii) Database integration:- It means joining all types of  databases together and allow customers to access any of them to keep the data update and error free,

iv) Intuitive interface:- The payment interface should be easy to use.

v) Brokers:- In e-payment system, banker play the role of brokers. It facilitates the financial transaction electronically their account holder.

vi) Pricing:- Pricing should be subsidiary. It should be used to encourage users to shift from one form of payment to another such as cash to bank payments, and paper based to e-cash.

vii) Standard:- Standards enable interoperability, giving users the ability to buy and receive information, without regarding the bank which is  managing their money.

6. What do you mean by value added networks (VANS) ? Explain.

Ans: A VAN is a communications network that exchange EDI messages among trading partners. It also provides other services, including holding messages in “electronic mailboxes” interfacing with other VANs and supporting many telecommunications modes and transfer protocols. Business can exchange data either by connecting to each other directly or by hooking into a VAN. VAN can safeguard the transaction network by allowing companies to automatically and securely exchange purchase order, invoices, and payments. When a company sends an EDI transaction, it arrives at a message storehouse on the VAN to await pickup by the destination company.

                             A VANs “electronic mailbox” is a software feature into which a user deposits EDI transactions and then retrieves those messages when convenient. It works much like residential personal mailboxes, and it allows everyone involved to be flexible and cost- effective.

                    The disadvantage of VANs for EDI is that they are slow and high priced, charging by the number of characters transmitted. With connect time and mailbox charges factored in, companies incur charges of many thousands of dollars

7. List the four advantages of internet.

Ans: Following are the advantage of internet:-

a)Flat pricing means cost is not dependent on the amount of transferred information. The internet flat model is better for the customer as opposed to the VAN which changes per character.

b) Cheap access with low cost of connection means business users can access commercial and non-commercial Internet services in few cost as compared to leased line or dial-up connection.

c) Common mail standards and proven networking and interoperable systems handle congestion and message routing exceptionally well that’s why an e-mail takes few second to reach its destination, while in VAN sometime it takes hours and days to reach.

d) Internet provides secure messaging or mailing through public-key encryption. It enables system to ensure the privacy of EDI messages and give users a way to verify the sender or recipient.

8. Give the characteristics of supply chain management.

Ans: Characteristics of SCM: i) An ability to source raw material or finished goods from anywhere in the world.

ii) A centralized, global business and management strategy with flawless local execution.

iii) On-line, real-time distributed information processing to the desktop, providing total supply chain information visibility.

iv) The ability to manage information across industries and enterprises.

vi) The seamless integration of all supply chain processes including third-party suppliers, information systems, cost accounting etc.

vii) The development and implementation of accounting models such as activity based costing that link cost to performance are used as tools for cost reduction.

viii) A reconfiguration of the supply chain organization into high performance team.

8.b) What are the security threats to E-commerce?

Ans: Security threats to E-commerce are: i) Passive Attack:- In this attack the goal of opponent is to obtain information that is being transmitted. It exists in two ways. One is release of message content that is easily understood. E-mail, sms and a transferred file may contain sensitive or confidential information. It is necessary to prevent the opponent from learning the content of the transmission. Another one is traffic analysis is more subtle and often is more applicable to military situation. It is used to guessing the nature of the communication taking place.

ii) Active Attack:- It divided into four categories.

a) Masquerade: This takes place when on entity pretends to be a different than other entity.

b) Replay: This involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.

c) Modification of messages: It means that some portion of the message is altered or that messages are delayed or reordered to produce an unauthorized effect.

d) Denial of service: It prevents or inhibits the normal use or management of communication facilities.

9. Explain secure electronic payment protocol.

Ans: SEPP is a joint development of IBM, Netscape, GTE, Cyber cash, and MasterCard. It is an open, vendor-neutral, nonproprietary, license free protocol for secure on-line transaction. It addresses following business requirements:-- i) To enable confidentiality of payment information.

ii) To ensure integrity of all payment data transmitted.  iii) To provide authentication that a cardholder is the legitimate owner of a card account.  iv) To provide authentication that a merchant can accept MasterCard, branded card payments with an acquiring member financial institution.

SEPP is the electronic equivalent of the paper charge slip, signature and submission process. It takes input from the negotiation process and cause the payment to happen via three way communications among the cardholder, merchant, and acquirer.

 The SEPP system is composed of a collection of elements involved in e-commerce such as Card holder, Merchant, Acquirer, Certificate management system, and Banknet.

10. List the six layers of E-Commerce architecture and what are the four types of purchases?

Ans: Following are the six layer of E-commerce:--

i) Application Service:- The application service layer of E-commerce will be comprised of existing and future applications built on the innate architecture. This application can be distinguished between customer-to-business, business-to-business, and intra organization.

ii) Information Brokerage and Management:- This layer provides service integration through the notion of information brokerages, the development of information resource fragmentation. This layer is used to represent an intermediary who provides price, fast service, or profit maximization for a client. It also addresses the issue of adding value to the information that is retrieved.

iii) Interface and Support Service:- It will provide interfaces for electronic commerce application such as interactive catalogs and will support directory services- function necessary for information search and access.

iv) Secure Messaging and Structured Document Interchange Service:- Messaging is the software that sits between the network infrastructure and the clients or e-commerce application.

            This service offers solutions for communicating non-formatted data-letters, memos, and reports as well as formatted data such purchase orders, shipping notice, and invoices. It supports delayed and immediate message delivery and processing and not associated with any communication protocol.

v) Middleware services:- Middleware is the ultimate mediator between diverse software programs that enables them talk to one another. It is the computing shift from application centric to data centric.

vi) Transparency:- Transparency implies that users should be unaware that they are accessing multiple systems. It is essential for dealing with higher-level issues then physical media and interconnection that the underlying network infrastructure is in charge of.

       There are four types of purchases:--

a) Specifically planned purchases     b) Generally planned purchases        c) Reminder purchases     

d) Entirely unplanned purchases.

11. What is EFT ? List any four components of EDI implementation.

Ans: EFT stands for Electronic Fund Transfer. It is the way of automatic transfer of funds among banks and other organizations.

Following are the four components of EDI implementation layer:--

a)Common EDI standards:- It dictates syntax and standardize on the business language. It basically specifies transaction sets- complete sets of business documents.

 b) Translation software:- It sends messages between trading partners, integrates data into and from existing computer application, and translate among EDI message standards.

c) Trading partners:- These are a firm’s customers and suppliers with whom business is conducted.

d) EDI (Value-Added Network services) VANs:- A VAN is a third party service provider that manages data communications networks for business that exchange electronic data with other businesses.

e) Banks:- It facilitate payment and remittance.

12.What are the disadvantages of VANs for EDI? List the main costs of VAN.

Ans: The disadvantage of VANs for EDI is that they are slow and high priced, charging by the number of characters transmitted. With connect time and mailbox charges factored in, companies incur charges of many thousands of dollars.

 Following are the main costs of VAN:--

i)Account Starts-UP Costs:- Opening an account with a VAN incurs start-up costs. The start-up cost vary depending on the EDI readiness of the organization and trading partner, the number of trading partners, line attachment options, and software application options.

ii) Usage or Variable Costs:- VANs charge session fee based on the of their services. If a user agrees to cover all of the costs, the VAN can charge twice for each transaction. 1) when the user sends or receives, and 2) when a trading partner sends or receives. Some VANs allow users to “bundle” several transaction set into a single envelop while other open the “interchange” and charge for each transaction set in the envelope. Other support and software cost are hidden.

iii) Interconnect Costs:- It charges by  VANs when a company exchanges EDI data with a trading partner that subscribes to a different VAN. Most VANs offer interconnects, but they charge monthly fees for using them. If no transaction are sent, there is only the monthly charge for the mailbox and interconnect fee.

13. What is the main difference between horizontal and vertical organization? What are the two main categories of SCM?

Ans: Horizontal organization:-The structure of a horizontal organization is two-tiered a core group of senior management responsible for strategic decisions and policies, and a stratum of employees in process teams. The objective of a horizontal structure is to change the staff’s focus from coordinating and reporting to improving flow managements and work quality and increasing value for customers.

      In horizontal organization, information is processed at each local level by process teams. Process team can resolve problems quickly, and in this way permit the company to operate with flexibility in changing environment.

    The principle goal of this organization is to facilitate the smooth transition of intermediate products and services through its various functions to the customer.

Vertical Organization:- This is a multilayered organization. It allows gaps to exist between employees from different departments. The lower the level in the hierarchy, the larger the gap. These gaps expand with geographic dispersion and corporate growth.

    The vertical approach to corporate management poses two problems to smooth operations. First, it creates boundaries that discourage employee in different department. Second, department goals are typically set in a way that could cause friction among departments.

     The drawback of this organization is its failure to provide an environment that fosters understanding and cooperation between departments.

The two main categories of SCM are: - i) push based supply chain    ii) pull based supply chain

14. What are the two approaches of virtual organization and what are the primary elements of SCM?

Ans: Two approaches of virtual organization: - i) Downward networking:- It is initiated by a large, vertically integrated company seeking to reduce its overhead by outsourcing. Outsourcing breaks down the company’s vertical structure. It has two purposes: To reduce costs associated with fixed assets and to maintain a focus on key operations.

ii) Literal: - This approach is observed in small, specialized firms that, in the interest of seeking strategic alliances, from partnerships along a value added chain. Each such core firm can benefit by modeling the adaptively and responsiveness of a small, specialized company and the scale economies of a large and integrated firm.

Primary elements of SCM: - a) Logistics and distribution:- Logistics is a relatively new discipline that deals with the integration of materials management and physical distribution. Logistics and SCM are sometimes interchanged.

b) Integrated marketing and distribution: - In e-commerce, the order process could be initiated by marketing information systems such as point-of-sale systems. Today, aids of technology integrated the customer directly and react to change in demand by modifying the supply chain.

c) Agile manufacturing: - Consumers and manufactures are stressing quality and speed. One of the most influential visions of production goes by the name of agile manufacturing.

15. What are the two basic types of physical data security? Name two types of threats to data.

Ans: Security implies safety, including assurance of data integrity, freedom from unauthorized access or snooping or wiretapping, and disruption of service.

  There are two basic type of data security:-  i) Data Integrity:- It means protecting information from an unauthorized change.

ii) Data Availability:- It means guaranteeing that outsiders cannot prevent legitimate data access by saturating a network. 

  Following are two threats to data:-  i) Active threat:- It involves some modification of the data stream or the creation of a false stream in documents or files or information. It is difficult to ultimately prevent active attacks because this would require physical protections of all hosts and or communications facilities all the time. It grouped into three categories: message-stream modification, denial of message of service, and masquerade.

ii) Passive threat:- It involves monitoring the transmission data of an organization. The goal of attack is to obtain information that is being transmitted. This is difficult to detect because it does not involve alteration of the data. But it is feasible to prevent this attack from being successful.

It is grouped into two categories: release of message contents, traffic analysis.

16. What is IP spoofing and Telnet? Explain the basic principle of Kerberos.

Ans: IP spoofing: It is technique that can lead to root access on a system. It is the tool that intruders often use to take over open terminal and login connections after they get root access. Intruders create packet with spoofed source IP address. There are two type of IP spoofing:  User in the middle attack, Source routing attack.

Telnet:- It enables user to log on to remote computers. Telnet does little to detect and protect against unauthorized access. It is generally supported either by using an application gateway or by configuring a router.

Basic Principle of Kerberos:  i) Both one-way and two-way authentication are supported.

ii) Authentication should be achieved without transmitting unencrypted passwords over a network.

iii) Clear text passwords entered by client users should be retained in memory for shortest time.

iv) Each authentication should have a finite lifetime.

v) Network authentication should be nearly unnoticed by users.

vi) No unencrypted password should be stored in the KDC.

vii) Authentication should be limited to the length of the user’s current login sessions.

16.b) What is non-repudiation? List the four basic goals of electronic security.

Ans: Non-repudiation: It means a person cannot deny after having sent or received a message.

Basic Goal of Electric Security: i) Privacy:- It means keep private documents private, using encryption, password, and access-control systems.

ii) Integrity:- It means data and applications should be safe from modification without the owner’s consent.

iii) Authentication:- It ensure that people using the computer are the authorized users of that system.

iv) Availability:- The end system (host) and data should be available when needed by the authorized user.

17. What is meant by integrity of data? Explain the encryption Algorithm on which SSL depends.

Ans: Integrity of data means data and application should be safe from modification without the owner’s consent. The content of information should not be changed by any unauthorized users.

                          SSL depends on RSA encryption for exchange of the session key and client/server authentication and for various other cryptographic algorithms. A/C to the algorithm, when a customer submits a request to purchase merchandise over the internet, the company responds with a public key that the customer’s computer uses to encrypt sensitive information. The information is sent to the company, which then uses a private key to decrypt the information. The process is transparent to customers, hence it is easy to use the shopper enter their credit card numbers, SSL encrypts them and sends the encrypted files to the merchant the transmission proceeds as soon as SSL decrypts the files.  

18. Explain four objectives of SET and what are the seven major business requirements addressed by SET ?

Ans: Objectives of SET: i) Motivation:- The primary motivation for the bankcard association to provide specification for secure payments are:- a) To have the bankcard community take a leadership position in establishing secure payment.

b) To respect and preserve the relationship among merchant, Acquirer and cardholder, Issuer.

ii) Payment security:- It focusing on providing authentication of cardholders, merchants and acquirers. It preserves the integrity of payment data and defines the algorithms and protocols necessary for these security services.

iii) Interoperability:- It clearly define the detailed information to ensure that application developed by one vendor will interoperate with application developed by other vendors. It creates and supports an open payment card standard and also defines exportable technology throughout, in order to encourage globally interoperable software.

iv) Market acceptance:- This allows for “bolt-on” implementation of the protocol to existing client applications and minimize change to the relationship between acquirers and merchant, and cardholders and issuers. It achieves global acceptance, via ease of implementation and minimal impact on merchant and cardholder and user.

Major Business Requirements:  i) It provides confidentiality of payment information and order information that is transmitted along with the payment information.

ii) It ensures integrity for all transmitted data.

iii) It facilitates and encourages interoperability across software and network providers.

iv) It provides authentication that a cardholder is a legitimate user of a branded payment card account.

v) It ensures the use of the best security practice and system.

vi) It provides authentication that a merchant can accept branded payment.

vii) This ensures the creation of a protocol that is neither dependent on transport security mechanism nor prevent their use.

19. Explain the stages of E-Commerce architecture on Web?

Ans: There are three stages of e-commerce architecture on Web:-

              Client browser                             WWW Server Function                 Third-Party Services

Local and company specific dataMosaic/WWW browserBrowser ExtensionsDigital library of document/Data serverInformation retrievalData and transaction managementSecure messagingThird party information processing toolsElectronic payment servers

 

 

 

 

 

 

 

 

 

 

 

a) Client browser: - It resides on the user’s PC or workstation and provides an interface to the various type of content. It easily understands that what file it is downloading and what browser extension it needs to display the file.

b) Web server: - It retrieves information and data, manage transaction and security.

c) The third party services: - It could be other web server that makes up the digital library, information processing tool, and electronic payment system.

20. What are the desirable characteristics of e-commerce?

Ans: Some desirable characteristics of e-commerce are following:-

i) Global reach : An e-commerce website is accessible to a global audience. Only an Internet connection is required to connect to an e-commerce website. Therefore, billions of users who browse the Internet have access to the products and services displayed on an e-commerce website.

ii) Instant availability: An e-commerce website is available 24 hours a day and 365 days a year. However, in traditional way of conducting commerce, customers can purchase the products only during working hours.

iii) Systematic communication: An e-commerce website displays the information of the products it is selling in a systematic and organized manner. For example, if you are looking for information about a book on a website, you can get additional information such as the contents of the book, the reviews of the book, and the author’s views etc on the book.

iv) Reduced paperwork: Earlier when a business organization exported its products overseas, it was required to fill in several pages of information, which was not only time-consuming but also frustrating. However, with the evolution of e-commerce where limited information is required, which is transferred electronically, the paperwork has reduced significantly.

v) Easier entry into new markets: E-commerce enables new business houses to easily enter into new geographical areas and start selling. For this, the business house doesn’t need to set up branch offices at all geographic locations. Business organizations can now present corporate data online.

vi) Lower transaction cost: The overall cost involved is less because most of the transactions take place online. In addition, customer service can be provided over e-mail. When a business house plans to go online, it needs to invest money in setting the infrastructure that includes creating and maintaining a website.

vi) Flexibility : An e-commerce website gives organizations the flexibility to build an order over several days, compare prices offered by other shops, and search large catalogs.

vii) Larger catalogs : An e-commerce website has large catalogs, which a customer can browse through. The large catalogs on an e-commerce site provide you with extensive and organized information about the product. In addition, you can compare similar products from catalogs of several vendors

21.a) What are the normal constraints put on e-cash?

Ans: The normal constraints puts on e-cash are: -- i) The time over which a given electronic money is valid.

ii) Limit of amount that can be stored on and transferred by e-money.

iii) The number of exchanges that can take place before money needs to be redepositing with a bank.

iv) The number of transaction that can be made during a given period of time.

21.b) What is e-cash give the properties of e-cash ?

Ans: E Cash:- Electronic cash is a new concept in on-line payment system. It combines computerized convenience with security and privacy that improve on paper cash. It is an attractive alternative way for payment over the internet.

Properties of E-Cash: i) It must have a monetary value. It must be backed by a bank-authorized credit, or a bank –certified cashier’s check.

ii) E-Cash must be interoperable means it is exchangeable as payment for other e-cash, paper cash, deposits in banking accounts etc.

iii) E-cash must be storable and retrievable. The cash could be stored on a remote computer’s memory and easily transported into standard or special purpose devices.

iv) E-Cash should not be easy to copy or tamper with while being exchanged. This includes preventing or detecting duplication and double spending. Detection is essential in order to audit whether prevention is working.

22. What is electronic purse? Explain. If an EDI network fails to deliver the message who is responsible for that?

Ans: Electronic Purse: -- It is a type smart card. Electronic purse is a wallet –sized smart cards embedded with programmable microchips that store sums of money for people to use instead of cash. Electronic purse is also known as electronic money and Debit card.

          Working of Electronic purse :-  When the purse is loaded with money, at an ATM or through the use of an expensive telephone. It can be used to pay. For example:- If you want to buy a candy in a vending machine equipped with a card reader. First, insert the card in the vending machine, the vending machine verifies that card is authentic and there is enough money to buy a candy. If yes, the machine deducts the cost of candy from the balance on the card and adds it to an e-cash box. The remaining balance is displayed on the card.  

          When the balance on an electronic purse is depleted, the purse can be recharge with more money.

If an EDI network fails to deliver the message, who is responsible for that is not decided as yet.

23.a) What is E-Banking ? List the banking services.

Ans: E-Banking: The process of providing all possible banking services through the internet is called E-banking.

  Banking services : -- i) Checking his account statements.

ii) Round the clock banking

iii) Payments of bills

iv) Fund transfer and updating of his passbooks

b) What is SCM? Explain the primary elements of SCM.

Ans: SCM- SCM stands for Supply Chain Management. It is an integrating process based on the flawless delivery of basic and customized services. SCM optimizes information and product flows from the receipt of the order, to purchase of raw materials, to delivery and consumption of finished goods. It plays an important role in the management of processes that cut across functional and departmental boundaries.

Primary elements of SCM: - a) Logistics and distribution:- Logistics is a relatively new discipline that deals with the integration of materials management and physical distribution. Logistics and SCM are sometimes interchanged because SCM as an umbrella that incorporates the logistics function.

b) Integrated marketing and distribution: - In e-commerce, the order process could be initiated by marketing information systems such as point-of-sale systems. Today, aids of technology integrated the customer directly and react to change in demand by modifying the supply chain.

c) Agile manufacturing: - Consumers and manufactures are stressing quality and speed. One of the most influential visions of production goes by the name of agile manufacturing.

24. Describe the VAN pricing system.

Ans: VAN pricing system consists of following:-  

i)Account Starts-UP Costs:- Opening an account with a VAN incurs start-up costs. The start-up cost vary depending on the EDI readiness of the organization and trading partner, the number of trading partners, line attachment options, and software application options.

ii) Usage or Variable Costs:- VANs charge session fee based on the of their services. If a user agrees to cover all of the costs, the VAN can charge twice for each transaction. 1) when the user sends or receives, and 2) when a trading partner sends or receives. Some VANs allow users to “bundle” several transaction set into a single envelop while other open the “interchange” and charge for each transaction set in the envelope. Other support and software cost are hidden.

iii) Interconnect Costs:- It charges by  VANs when a company exchanges EDI data with a trading partner that subscribes to a different VAN. Most VANs offer interconnects, but they charge monthly fees for using them. If no transaction are sent, there is only the monthly charge for the mailbox and interconnect fee.

25. What is the purpose of Kerberos?

Ans: Purpose of Kerberos:- It is designed for following purposes:--

i)To provide both one-way and two-way authentication.

ii) Authentication should be achieved without transmitting unencrypted passwords over a network.

iii) Clear text passwords entered by client users should be retained in memory for shortest time.

iv) Each authentication should have a finite lifetime.

v) Network authentication should be nearly unnoticed by users.

vi) Minimal effort should be required to modify existing application that formerly used other, less secure authentication schemes.

vii) Authentication should be limited to the length of the user’s current login sessions.

26. Explain the secure socket layer in detail.

Ans: SSL is a security protocol developed by Netscape communications. It provides privacy over the internet. This protocol allows client/server applications to communicate in a way that’s why data transmission can’t be disclosed or altered.

    SSL uses three-part process. First, information is encrypted to prevent unauthorized disclosure. Second, the information is authenticated to make sure that the information is being

sent and received by the correct party. Third, it provides message integrity to prevent the information from being altered during interchanges between the source and sink.

SSL depends on RSA encryption for exchange of the session key and client/server authentication and for various other cryptographic algorithms.

    The strength of SSL is that it is application independent. SSL provides channel security through encryption and reliability through a message integrity check. To implement the SSL a merchant to use the Netscape server and the buyer to use Netscape browser software.

27. What is spoofing ? Explain with the help of an example.

Ans: Spoofing is also known as IP spoofing. It is technique that can lead to root access on a system. It is the tool that intruders often use to take over open terminal and login connections after they get root access. Intruders create packet with spoofed source IP address.

 There are two type of IP spoofing:-- i) User in the middle attack means the attacker is able to send you packet and when you reply they intercept that packet.

ii) Source routing attack means attacker exploit the IP header’s source routing option to dictate about the route of packets.

Ex- Creating a duplicate website with copying or using the IP address of original website.

28. What is the role of encryption in E-commerce ? Explain. Name any two concepts of TV based home entertainment.

Ans: Encryption plays a very important role in e-commerce. Encryption provides security to data or information transmitted through internet. Data can be protected through two types of encryption. First one is secret key encryption in which, the same key is used to encrypt and decrypt the messages. So the sender and receiver must share that secret key. Another one is public key encryption in which, two keys are uses, one for encrypt and other for decrypt the messages. So each user has two keys a public key is distributed to all because it is used to encrypt the message and a private key only known by user that is used to decrypt the message.

Two concepts of TV based home entertainment are movie on demand means playing movie exclusively for him cause against payment, and on-line game means providing facility to play interactive game online.

29. Explain public key and secret key cryptography techniques.

Ans: There are two types of cryptography:-  i) secret-key cryptography:- In secret key cryptography, the same key is used to encrypt and decrypt the messages. So the sender and receiver must share that secret key. This type of cryptography is impractical for exchanging messages with a large group of previously unknown correspondents over a public network. The

well known cryptography algorithm is the Data Encryption Standard (DES), which is used by financial institutions to encrypt PINs.

ii) Public key cryptography:- In this, two keys are uses, one for encrypt and other for decrypt the messages. So each user has two keys a public key is distributed to all because it is used to encrypt the message and a private key only known by user that is used to decrypt the message. These two keys are mathematically related such that data encrypted with either key only be decrypted using the other. It is also known as asymmetric cryptography. The well known public key encryption algorithm is Rivest, Shamir and Adleman (RSA).

b) Explain digital signature technique.

Ans: It is technique of encryption. Integrity and authentication of data or information are ensured by the use of digital signature. This is a combination of keys, data encrypted with one key and decrypted