E-Commerce Consumer applications: Consumer applications will include video-on-demand.

Transport providers are principally telecommunications, cable, & wireless industries.People needs
entertainment on demand including video, games, news on-demand, electronic retailing via catalogs
etc.
Consumer Applications and Social Interaction:
• The most successful technologies are those that make their mark socially.
• Penetration was slower for Telephone than for TV because of the effort needed to set up the wiring
infrastructure
The impact of both was good on business, social, consumer behavior and entertainment habits
What do Consumers really want?
1. They want quality and cost of service
2. If a new system requires more steps to do essentially the same things, consumers may resist it
3. Some people fit that mold, but most of public prefers to lay back and just watch television and let
someone else do the work of figuring out the sequence of television programming
What are Consumers willing to spend?
1. According to the video on-demand, consumers get the cable bill at basic charge they will buy
2. If it is doubled they will not buy and at the service provider economics will increased then network
operators might look to advertises to fill the gap
Delivering products to Consumers
1. Packing and distribution must be considered
2. Blockbuster video collects the information and shows the typical consumer
3. Spends on home video expenditures
4. Go to video store to select video on limited budget
5. Only periodically expends a large sum of money
Consumer Research and E-Commerce
Consumer opinion about interactive television is
Some are willing to pay
Some would pay for movies on-demand
Some would pay for Television shows on-demand
Some are worry about it is that they will pay for something that they previously received free of
charge
Some think privacy issues
Some think it is too confusing to use

1
E-Commerce Organization Applications:
Changing business Environment
1. The traditional business environment is changing rapidly
2. Many companies are looking outside and within to shape business strategies
3. These activities include private electronic connections to customers, suppliers, distributors, industry
groups etc
4. The Information superhighway will expand this trend so that it allow business to exchange
information.
E-Commerce and the retail Industry
1. Conditions are changing in the “new economy” with respect to the retail industry
2. Consumers are demanding lower prices, better quality, and a large selection of in-season goods.
3. Retailers are filling their order by slashing back-office costs, reducing profit margins, reducing
cycle times. buying more wisely and making huge investments in technology
4. Retailers are in the immediate line of fire and were first to bear the brunt of cost cutting
Marketing and E-Commerce
1. E-commerce is forcing companies to rethink the existing ways of doing target marketing and even
event marketing.
2. Interactive marketing is in electronic markets via interactive multimedia catalogs
3. Users find moving images more appealing than still image and listening more appealing than
reading text on a screen
4. Consumer information services are a new type of catalog business
Inventory Management and Organizational Applications
1. As international borders opening up and companies facing stiff global competition
2. Adaptation would include moving to computerized by reducing paper work
3. Once targeted business process is inventory management, solutions for these processes known with
different names
4. In manufacturing industry they are known as just-in-time inventory systems, in the retail as quick
response programs, and in transportation industry as consignment tracking systems
Just-in-Time (JIT) Manufacturing
1. It is viewed as an integrated management system consisting of a number of different management
practices dependent on the characteristics of specific plants
2. The first principle is elimination of all waste (time, materials, labour & equipment)
3. The following management practices are: focused factory, reduced set-up times, group technology,
total productive maintenance, multifunction employees, uniform workloads, IT purchasing, total
quality control & quality circles

2
Quick Response Retailing (QR)
1. It is a version of JIT purchasing tailored for retailing
2. To reduce the risk of being of out of stock, retailers are implementing QR systems
3. It provides for a flexible response to product ordering and lowers costly inventory levels
4. QR retailing focuses on market responsiveness while maintaining low levels of stocks
5. It creates a closed loop consisting of retailer, vendor, & consumer chain, & as consumers make
purchases the vendor orders new deliveries from the retailer through its computer network
Supply Chain Management
1. QR and JIT address only part of the overall picture
2. Supply Chain Management (SCM) is also called “extending”, which means integrating the internal
and external partners on the supply and process chains to get raw materials to the manufacturer and
finished products to the consumer
3. It includes following functions

 Supplier management: The goal is to reduce the number of suppliers and get them to partners
 Inventory management: The goal is to shorten the order-ship-bill cycle. When a majority of
partners are electronically linked, information can be 1faxed or mailed
 Distribution management: The goal is to move documents (accurate data) related to shipping
 Channel management: The goal is to quickly disseminate information about changing
operational conditions ( technical, product, and pricing information) to trading partners
 Payment management: The goal is to link company and the suppliers and distributors so that
payments can be sent and received electronically
 Financial management: The goal is to enable global companies to manage their money in
various foreign exchange accounts
 Sales force productivity: The goal is to improve the communication flow of information
among the sales, customer & production functions In sum, the supply chain management
process increasingly depends on electronic markets
Work group Collaboration Applications:
1. An internetwork that enables easy and inexpensive connection of various organizational segments
2. It is to improve communications and information sharing and to gather and analyse competitive
data in real-time
3. Videoconferencing, document sharing and multimedia e-mail, are expected to reduce travel and
encourage telecommunication
4. Improves the distribution channel for documents and records to suppliers, collaborators and
distributors

ARCHITECTURAL FRAMEWORK OF E COMMERCE

In general a framework is intended to define and create tools that integrate the information found in
today’s closed systems and allow the development of e-commerce applications. It is important to
understand that the aim of the architectural frame-work itself is not to build new database
management systems, data repository, computer languages, software agent based transaction
monitors, or communication protocols Rather, the architecture should focus on synthesizing the

3
diverse resources already in place in corporations to facilitate the integration of data and software for
better applications. The electronic commerce application architecture consists of six layers of
functionality, or services:
(1) Application Services
(2) Brokerage services, data or transaction management
(3) Interface, and support layers
(4) Secure messaging Services
(5) Middle ware Services
(6) Network infrastructure and basic communications services

Application services Customer- to- business

Business- to- business
Intra-organizational
Brokerage and data management Order processing
Payment advances-electronic cash
Virtual mail
Interface layer Interactive catalogues
Directory support functions
Software agents
Secure messaging Encrypted e-mail, EDI
Remote programming
Middle ware services Structured documents (SCML,HTML)
Compound documents
Network infrastructure Wireless - cellular, radio, PCs
Wire line – POTS, coaxial, fibre optic

These layers cooperate to provide a seamless transition between today’s computing resources and
those of tomorrow by transparently integrating information access and exchange within the context
of the chosen application. As seen in table above, electronic commerce applications are based on
several elegant technologies. But only when they are integrated do they provide uniquely powerful
solutions.
Electronic Commerce Application Services
Three distinct classes of electronic commerce application can be distinguished:
Customer to business,
Business-to-business, and
Intra organization.
Consumer-to-Business Transactions
This category is also known as marketplace transaction. In a marketplace transaction, customers learn
about products differently through electronic publishing, buy them differently using electronic cash
and secure payment systems, and have them delivered differently. Also, how customers allocate their
loyalty may also be different. In light of this, the organization itself has to adapt to a world where the
traditional concepts of brand differentiation no longer hold-where “quality” has a new meaning,

4
where “content” may not be equated to “product,” Where “distribution” may not automatically mean
“physical transport.” In this new environment, brand equity can rapidly evaporate forcing firms to
develop new ways of doing business.
Business-to Business Transactions
This category is known as market-link transaction. Here, businesses, governments, and other
organizations depend on computer –to- computer communication as a fast, an economical, and a
dependable way to conduct business’ transactions. Small companies are also beginning to see the
benefits of adopting the same methods. Business-to-business transactions include the use of EDI and
electronic mail for purchasing goods and services, buying information and consulting services,
submitting requests for proposals, and receiving proposals. The current accounts payable process
occurs through the exchange of paper documents. Each year the trading partners exchange millions of
invoices, checks, purchase orders, financial reports, and other transactions. Most of the documents are
in electronic format their point of origin but are printed and key-entered at the point of receipt. The
current manual process of printing, mailing is costly, time consuming, and error-prone. Given this
situation and faced with the need to reduce costs, small businesses are looking toward electronic
commerce as a possible saviour.
Intra-organizational Transactions
This category is known as market-driven transactions. A company becomes market driven by
dispersing throughout the firm information about its customers and competitors; by spreading
strategic and tactical decision making so that all units can participate; and by continuously monitoring
their customer commitment by making improved customer satisfaction an ongoing objective. To
maintain the relationships that are critical to delivering superior customer value, management must
pay close attention to service, both before and after sales. In essence, a market-driven business
develops a comprehensive understanding of its customers’ business and how customers in the
immediate and downstream markets perceive value.
Three major components of market-driven transactions are
· Customer orientation through product and service
· Customization; cross-functional coordination through enterprise
· Integration; and advertising, marketing, and customer service.
Information Brokerage and Management
The information brokerage and management layer provides service integration through the notion of
information brokerages, the development of which is necessitated by the increasing information
resource fragmentation. The notion of information brokerage is used to represent an intermediary who
provides service integration between customers and information providers, given some constraint
such as a low price, fast service, or profit maximization for a client. Information brokers are rapidly
becoming necessary in dealing with the voluminous amounts of information on the networks. As on-
line databases migrate to consumer information utilities, consumers and information professionals
will have to keep up with the knowledge, and owner-ship of all these systems. With all the complexity
associated with large numbers of on-line databases and service bureaus, it is impossible to expect
humans to do the searching. It will have to be software programs information brokers or software
agents, to use the more popular term-that act on the searcher’s behalf. Information brokerage does
more than just searching. It addresses the issue of adding value to the information that is retrieved. For
instance, in foreign exchange trading, information is retrieved about the latest currency exchange rates
in order to hedge currency holdings to minimize risk and maximize profit. With multiple transactions
being the norm in the real world, service integration becomes critical. Taking the same foreign

5
exchange, further, service integration allows one to link the hedging program (offered on a time-
sharing basis by a third party) with the search program (could be another vendor) that finds the
currency rates from the cheapest on-line service to automatically send trades to the bank or financial
services company. In effect, a personalized automated trading system can be created without having
to go to any financial institution. This is just one example of how information brokerages can add
value. Another aspect of the brokerage function is the support for data management and traditional
transaction services. Brokerages may provide tools to accomplish more sophisticated, time-delayed
updates or future compensating transactions. These tools include software agents, distributed query
generator, the distributed transaction generator, and the declarative resource constraint Base which
describes a business’s rules and-environment information. At the heart of this layer lies the work-flow
scripting environment built on a software agent model that coordinates work and data flow among
support services. Software agents are used to implement information brokerages. Software agents are
mobile programs that have been called “healthy viruses,” “digital butlers” and “intelligent agents.”
Agents are encapsulations of users’ instruction that perform all kinds of tasks in electronic
marketplaces spread across networks. Information brokerages dispatch agents capable of information
resource gathering, negotiating deals, and performing transactions. The agents are intelligent because
they have contingency plans of action. They examine themselves and their environment and if
necessary change from their original course of action to an alternative plan.
Interface and Support Services
The third layer, interface and support services, will provide interfaces for electronic commerce
applications such as interactive catalogues and will support directory services-functions necessary for
information search and access. These two concepts are very different. Interactive catalogs are the
customized interface to consumer applications such as home shopping. An interactive catalog is an
extension of the paper-based catalog and incorporates additional features such as sophisticated
graphics and video to make the advertising more attractive. Directories, on the other hand, operate
behind the scenes and attempt to organize the enormous amount of information and transactions
generated to facilitate electronic commerce. Directory services databases make data from any server
appear as a local file. In the case of electronic commerce, directories would play an important role in
information management functions. The primary difference between the two is that unlike interactive
catalogs, which deal with people, directory support services interact directly with soft-ware
applications. For this reason, they need not have the multimedia glitter and jazz generally associated
with interactive catalogs. From a computing perspective, we can expect that there will be no one
common user interface that will glaze the surface of all electronic commerce applications, but
graphics and object manipulation will definitely predominated. Tool developers and designers might
incorporate common tools for interface building, but the shape of catalogs or directories will depend
on the users’ desires and functional requirements.
Secure Messaging and Structured Document Interchange Services
Electronic messaging is a critical business issue. Consider a familiar business scenario in Integrated
Messaging a group of computer services that through the use of a network send, receive, and combine
messages, faxes, and large data files. Some better-known examples are electronic mail, enhanced fax,
and electronic data interchange. Broadly defined, messaging is the software that sits between the
network infrastructure and the clients or electronic commerce applications, masking the peculiarities
of the environment. Others define messaging as a framework for the total implementation of portable
applications, divorcing you from the architectural primitives of your system. In general, messaging
products are not applications that solve problems; they are more enablers of the applications that solve
problems. Messaging services offer solutions for communicating non formatted (unstructured) data-
letters, memos, and reports as well as formatted (structured) data such as purchase orders, shipping
notices, and invoices. Unstructured messaging consists of fax, e-mail, and form-based systems like

6
Lotus Notes. Structured documents messaging consist of the automated interchange of standardized
and approved messages between computer applications, via telecommunication .Another advantage of
messaging is that it is not associated with any particular communication protocol. No pre-processing
is necessary, although there is an increasing need for programs to interpret the message. Messaging is
well suited for both client server and peer-to-peer computing models. In distributed systems, the
messages are treated as “objects” that pass between systems. Messaging is central to work-group
computing that is changing the way businesses operate. The ability to access the right information at
the right time across diverse work groups is a challenge. Today, with the messaging tools, people can
communicate and work together more effectively-no matter where they are located. The main
disadvantages of messaging are the new types of applications it enables-which appear to be more
complex, especially to traditional programmers and the jungle of standards it involves. Because of the
lack of standards, there is often no interoperability between different messaging vendors leading to
islands of messaging. Also, security, privacy, and confidentiality through data encryption and
authentication techniques are important issues that need to be resolved for ensuring the legality of the
message-based transactions themselves.
Middleware Services
Middleware is a relatively new concept that emerged only recently. Users in the 1970s, when vendors,
delivered homogeneous over the years, there developed the need to solve all the interface, translation,
transformation, and interpretation problems that were driving application developers crazy. With the
growth of networks, client-server technology, and all other forms of communicating between/among
unlike platforms, the problems of getting all the pieces to work together grew from conflicting to
extreme. As the cry for distributed computing spread, users demanded interaction between dissimilar
systems, networks that permitted shared resources, and applications that could be accessed by
multiple software programs. Middleware is the ultimate mediator between diverse software programs
that enables them talk to one another. Another reason for middleware is the computing shift from
application centric to data centric i.e. remote data controls all of the applications in the network
instead of applications controlling data. To achieve data-centric computing, middleware services
focus on three elements: transparency, transaction security and management, and distributed object
management and services
Transparency
Transparency implies that users should be unaware that they are accessing multiple systems.
Transparency is essential for dealing with higher-level issues than physical media and interconnection
that the underlying network infrastructure is in charge of. The ideal picture is one of a “virtual”
network: a collection of workgroup, departmental, enterprise, and inter enterprise LANs that appears
to the end user or client application to be a seamless and easily accessed whole. Transparency is
accomplished using middleware that facilitates a distributed computing environment. This gives users
and applications transparent access to data, computation, and other resources across collections of
multi-vendor, heterogeneous systems. The strategic architectures of every major system vendor are
now based on some form of middleware. The key to realizing the theoretical benefit of such
architecture is transparency. Users need not spend their time trying to understand where something is.
Nor should application developers have to code into their applications the exact locations of resources
over the network. The goal is for the applications to send a request to the middleware layer, which
then satisfies the request any way it can, using remote information.
Transaction Security and Management
Support for transaction processing (TP) is fundamental to success in the electronic commerce market.
Security and management are essential to all layers in the electronic commerce model. At the
transaction security level, two broad general categories of security services exist: authentication and

7
authorization. Transaction integrity must be a given for businesses that cannot afford any loss or
inconsistency in data. Some commercial sites have had gigantic centralized TP systems running for
years. For electronic commerce, middleware provides the qualities expected in a standard TP system:
the so-called ACID properties (atomicity, consistency, isolation, and durability).
Distributed Object Management and Services
Object orientation is proving fundamental to the proliferation of network-based applications for the
following reasons: It is too hard to write a net-work-based application without either extensive
developer retraining or a technology that cover the complexity of the network. Objects are defined as
the combination of data and instructions acting on the data. Objects are an evolution of the more
traditional programming concept of functions and procedures. A natural instance of an object in
electronic commerce is a document. A document carries data and often carries instructions about the
actions to be performed on the data. Today, the term object is being used interchangeably with
document resulting in a new form of computing called document oriented computing. Here, the trend
is to move away from single data-type documents such as text, pictures, or video toward integrated
documents known as com-pound document architectures.
Network Infrastructure
Network infrastructure is required for e-commerce to transport content. I-way is a high-capacity,
interactive electronic pipeline used to transfer content in case of ecommerce. I-way can transfer any
type of context like, text, graphics, audio, and video. In other words, multimedia contents are easily
transported through I-way. Components of I-way: - Consumer access equipment. - Local on-ramps,
and - Global information distribution networks. Consumer access equipment are devices used by
consumers to access the multimedia interactive contents of e-commerce. In this segment, hardware
and software vendors are also included.
A network can be defined as

 Building block of E-commerce.

 Technologies to integrate Business Process

 Mediator for Digital transmission of Digital

 Content/Message/File/DATA

 The interaction between Entities of business

 A framework with security & ease.

World Wide Web as the Architecture

Electronic commerce depends on the unspoken assumption that computers cooperate efficiently for
seamless information sharing. Unfortunately, this assumption of interoperability has not been
supported by the realities of practical computing. Computing is still a world made up of many
technical directions, product implementations, and competing vendors. This diversity, while good for
innovation, causes problems as the e-commerce applications try to impose a certain discipline on the
proliferating computers and networks. It is ironic that the real effect of computing is all too often the
prevention of data sharing due to incompatibilities: architectures, data formats, and communication
protocols.
The Web community of developers and users is tackling these complex problems. The initial proposal
outlined a simple system of using networked hypertext to quickly disseminate documents among
people. There was no intention of supporting sound, video, or images in this proposal. By the end of

8
1990, an implementation of the web was placed. The software had the capability to serve documents
to other people on the internet and came with the capability to edit documents on the screen using a
very primitive line mode browser. The browser quickly expanded beyond all imagination as others
understood the potential for global information sharing.
The architecture is made up of three primary entities:
Client browser
Web server
Third party services
The client browser usually interacts with the WWW server, which acts as an intermediary in the
interaction with third-party services.

The client browser resides on the user’s PC or workstation and provides an interface to the various
types of content. Web server functions can be categorised into information retrieval, data and
transaction management and security. The third party services that makeup the digital library,
information processing tools, and electronic payment systems.

Web background
Hypertext Publishing
Web provides a functionality necessary for e-commerce. The web has become an umbrella for wide
range of concepts and technology that differ markedly in purpose and scope which include hypertext
publishing concept, the universal reader concept and the client server concept. Hypertext publishing
promotes the idea of seamless information world in which all online information can be accessed and
retrieved. In a constant and simple way hypertext publishing is a primary application of web interest
in hypermedia on the internet (called distributed or global hypermedia). This success has been aided
by more powerful work station high resolution graphic display faster network communication and
decreased cost for large online service.
Hypertext Vs. hypermedia: Hypertext is an approach of information management in which data are
shared in the network of document connect by links, this link represents relationship between nodes.
A hypermedia system is made up of nodes (documents) and links (pointers). A node generally

9
represents a simple concept and idea. Nodes can contain texts, graphics, audio, video images etc.
nodes are connected to other nodes by links. The movement between nodes is made by activating
links which connect related concept or nodes links can be bidirectional. Hypertext is a simple context
based on the association of nodes through links. A node from which a link is originated is called the
reference or the anchor link and a node at which a link ends is called referent. The movement between
the links is made possible by activating links. The promise of hypertext lies in the ability to produce
large complex richly connected and crossed reference bodies of information.
Benefits of Hypermedia:
1. Hypermedia documents are much more flexible than conventional documents.
2. Hypermedia documents offer video sequences animation and even compute programs.
3. Its power and appeal increases when it is implemented in computing environments that include
network, micro computers, work stations, high resolution displays and large online storage.
4. It provides dynamic organization.
5. Hypermedia systems provides non-linear innovative way of accessing and restricting network
documents.

Technology behind the web:

Information providers (publishers) run programs called servers from which the browsers can obtain
information. These programs can either be web servers that understand the hypertext transfer protocol
(HTTP), “gateway” programs that convert an existing information format to hypertext, or a non-
HTTP server that web browsers can access i.e. FTP or Gopher servers. Web servers are composed of
two major parts.
1. The hypertext transfer protocol (HTTP) for transmitting documents between servers and clients.
2. HTML format for documents.
The link between HTML files & HTTP server is provided by Uniform Resource Locator (URL).
Uniform Resource Locator:
The documents that the browsers display are hypertext that contains pointers to other documents. The
browser allows us to deal with the pointer in a transparent way that is select the pointer we are
presented with a text to which it points. This pointer is implemented by using a concept which is
central to web browser known as URL. URLs are streams used as address of objects (documents,
images etc.) on the web. URL marks the unique location on the internet so that a file or a service can
be found. URL’s follow a consistent pattern that the first part describes the type of the resources,
second part gives the name of the server posting the resources and the third part gives the full name of
resources. e.g.: FTP://server.address / complete file.name URL are central to web architecture. That
fact is that it is easy to address an object anywhere on the internet is essential for the system to scale
& for the information space to be independent as network and server topology.
Hypertext Transfer Protocol (HTTP):
It is the simple request response protocol that is currently run over TCP and is the basis of WWW.
HTTP is a protocol for transferring information efficiently between the requesting client and server.
The data transferred may be plain text, hypertext images or anything else. When a user browses the
web objects are retrieved in rapid succession from often widely dispersed servers. HTTP is used for
retrieving documents in an unbounded & extensible set of formats. It is an internet protocol. It is
similar in its readable, text based style to the file transfer (FTP) & the network news (NNTP)

10
protocols that have been used to transfer files and news on the internet for many years. When objects
are transferred over network, information about them is transferred in HTTP Header. The set of
headers is an extension of the multipurpose internet mail extension (MIME) set. This design decision
was taken to open the door to integration of hypermedia mail, news and information access.
HTTPD Servers (Hypertext transfer protocol domain)
The server that are used to publish information via WWW servers are called HTTPD servers. While
choosing a web server flexibility, ease of administrator, security features, familiarity and performance
are considered. It is important to evaluate the tasks for which the web server is used. A server used for
internet based marketing & technical support task will need more powerful server than the web server
used internally within a firewall for distributing memos and bulletins. HTTPD servers are ideal for
companies that want TP provide multitude of services ranging from product information to technical
support.
HTML (Hypertext mark-up language)
At the heart of the web a simple page description language called HTML. It is a common basic
language of interchange for hypertext that forms the fabric of the web. It is based on an international
electronic document standard called Standard generalized mark-up language (SGML). HTML enables
document orientation for the web by embedding control codes in ASCII (American standard code for
information interchange) text to designate titles, headings, graphics and the hypertext links, making
links of SGML’s powerful linking capabilities. HTML was meant to be a language of communication
which actually flows over the network .HTML was designed to be sufficiently simply as to be
produced easily by the people and automatically generated by the programs.
HTML Forms:
Forms support is an important element for doing online business. Forms are necessary for gathering
user information conducting surveys and also providing interactive services. Forms make web
browsing an interactive process for the user and the provider. They provide the means to collect and
act upon the data entered by end users. Forms also open up a number of possibilities for online
transactions such as restricting specific news articles, specifying such as request, soliciting customer
feedback or ordering products. The number of features are available for building forms including text
boxes, radio buttons, and check boxes.
Common Gateway Interface Services (CGI)
An important aspect of web server development is application gateways. More specifically it is CGI.
CGI is a specification for communicating data between web server and other application server. CGI
is used whenever web server needs to send or receive data from another application. A CGI script is a
program that negotiate the movement between web server and an outside application. CGI scripts may
be written virtually any high level language such as C, Perl (Practical extraction and reporting
language), Java scripts etc.

Security on the web:

Security and confidentiality are essential before business conduct financial transactions over the
internet has become a big problem due to the increasing number of application oriented towards
commerce. Therefore commercial application requires that the client and server be able to
authenticate each other and exchange data confidentiality. This exchange has three basic properties.
1. Clients are confident about servers they are communicating with server authentication.
2. Client conversation with server is private using encryption.

11
3. Client conversation cannot be tampered or inter separated with data integrity.

Categories of Internet data & Transaction:

Several categories of data must be encrypted making internet data security an interesting challenge.
Public Data:
Public data have no security distinctions and can be read by anyone. Such data should be protected
from unauthorized tampering or modification because a reader may perform damaging actions on its
contents.
Copyright Data:
Copyright data have content that is copyrighted but not secret. The Owner of the data is willing to
provide it but wishes to ensure that the user has paid for it. The objective is to maximize the revenue
and security.
Confidential Data:
Confidential data contains material that is secret but whose existence is not secret such data include
bank account systems, personal files etc. such material may be referenced by public or copyright data.
Secret Data:
Secret data existence is a secret such data might include algorithms which is necessary to monitor,
log all access to secret data.
Despite the variety of data, security and verification are necessary for all types because of the
sensitivity of information being transferred and to protect the consumer form, various forms of fraud
and misconduct.
WWW based security schemes:
Several methods can provide security in the web framework. This includes the following.
1. SHTTP: - (Secured Hypertext Transfer Protocol)
SHTTP will enable the incorporation of various cryptographic messages, formats such as digital
signature Algorithms (DSA) & RSA standards into the both their client & servers.
2. SSl :- (Security Socket Layer )
SSL uses RSA security to wrap security information around TCP/IP based protocols. The benefits of
security socket layer over secured HTTP is that SSl is not restricted to HTTP. But can also be used for
security for FTP & TELNET.
3. SHEN:
It is the security scheme for the web sponsored by www. It is not non-commercial or more research
oriented security & is similar to SHTTP.
SHEN Security scheme for the web:
SHEN provides for three separate security – related mechanisms.

12
1. Weak authentication with low maintenance overhead and without patent or export restrictions. A
user identity must be established as genuine. Unauthorized access must be improbable but need not be
secure from all possible forms of attack.
2. Strong authentication via public key exchange. A user identity must be established as genuine.
Unauthorized access must be impossible except by random chance or by access to unknown
technology.
3. Strong encryption of message content. The data must not be transmitted in a form comprehensible
to a third party, an identified party acts as guarantor in this respect.
Messaging Security Issues:
In order to conduct electronic commerce on the internet, including the WWW, messages must be
electronically transmitted in some manner. In addition to the general concern of data security, a
primary concern is the non-refutable linking of message contents to individuals and businesses.
Several important security services are required to ensure reliable, trustworthy electronic transmission
of business messages. The primary security services are interrelated.
The five security services are:

SECURITY ISSUE SECURITY OBJECTIVE SECURITY TECHNIQUES

Confidentiality Privacy of messages Encryption
Message Integrity Detecting message tampering Hashing
Authentication Origin verification Digital signatures challenge-
Response passwords Biometric
devices
Non-Repudiation Proof of Origin, receipt, and Bi-directional hashing Digital
contents( sender cannot falsely signatures Transaction
deny sending or receiving the certificates Time Stamps
message) Confirmation services.
Access controls Limiting entry to authorized Firewalls Passwords Biometric
users devices

Confidentiality:
When a message is sent electronically, the sender and receiver may desire that the message remain
confidential, and thus not read by any other parties. Analogies can be drawn to traditional mail and
phone systems. In regular mail systems, the sender uses an envelope to conceal the inside contents
rather than writing the information on a post card. For E-commerce, keeping order details and credit
information confidential during the transmission is a major security concern. Further, trading partners
sharing design specifications also want to ensure the confidentiality of their messages so that
proprietary design specifications can be viewed only by the sender and the intended receiver of the
information. The most effective technique for masking a message is encryption.
Integrity:
When a message is sent electronically, both the sender and receiver want to ensure that the message
received is exactly the same as the message transmitted by the sender. A message that has not been
altered in any way, either intentionally or unintentionally, is said to have maintained its integrity. For
electronic commerce verifying that the order details sent by purchaser have not been altered is one
major security concern. An effective cryptographic means of ensuring message integrity is through
the use of hashing, where a “hash” of the message is computed using an algorithm and the message
contents. The hash value is sent along with the message then, upon receipt, a hash is calculated by the

13
recipient using the same hashing algorithm. The two hash values (received and calculated) are
compared, and a match can indicate that the message is the same as that sent.
Authentication:
When an electronic message is received by a user or a system, the identity of the sender needs to be
verified (i.e. Authenticated) in order to determine if the sender is who he claims to be. To identify a
user at least one of the following types of information is generally required
· Something you have (e.g., a token)
· Something you know (e.g., a PIN) or
· Something you are (e.g., fingerprints or signatures)
Non-Repudiation:
The term repudiate means to accept as having rightful authority or obligation as in refusing to pay a
debt because one refuses to acknowledge that the debt exists. For business transactions, unilateral
repudiation of a transaction by either party unacceptable and can result in legal action. Well-designed
electronic commerce system provide for nonrepudiation, which is the provision for irrefutable proof
of the origin receipt, and contents of an electronic message.
Access Controls:
Electronic commerce systems, particularly those using the internet and the WWW, require a certain
amount of data sharing. Limiting access to data and systems only to authorized users is the objectives
of access controls. Some form of authentication procedure is typically employed in access controls in
order to gain entry into the desired part of the system. The emerging attribute certificate or “privilege
management” technology promises to be a highly effective form of access control provided it is
implemented correctly. Firewalls can also be used to implement additional screening mechanisms.
Encryption Techniques:
Confidentiality of electronic messages is a necessity of electronic commerce application. The primary
method of achieving confidentiality is encryption. Messages are initially created in a form that is
readable and understandable by the sender, and by any other individuals as well if they have access to
the message. The message, when it is in this form is commonly referred to as clear text or plaintext .
Encryption is defined as the transformation of data, via a cryptographic mathematical process into a
form that is unreadable by anyone who does not possess the appropriate secret key. That data in this
unreadable form is commonly referred to as cipher text. If a message is intercepted and read, it will be
useless since the cipher text message is unintelligible to any party not possessing the secret key. In
order to be able to read and understand the message, the encrypted message must be transformed back
to its original state- the clear text. The process of restoring cipher text to clear text is called
decryption. The key contains the binary code used to mathematically transform a message, two types
of cryptographic mechanisms can be used to provide an encryption capability: Symmetric
cryptography where entities share a common secret key; and a public key cryptography (also known
as asymmetric cryptography) where each communicating entity has a unique pair (a public key and a
private key). For symmetric and asymmetric encryption, the relative strength of the cryptography is
most commonly measured by length of the key, in bits. However it should be noted that the true
strength of the confidentiality service may depend on a number of variables associated with the
encryption function:
· The security protocol used to invoke the encryption function.
· The trust in the platform executing the protocol or application.
· The cryptographic algorithm.

14
· The length of the key(s) used for encryption/decryption.
· The protocol used to manage/generate those keys.
· The storage of secret keys (key management keys and encryption keys).
The strength of a system usually increases as the key length increases. This is because a longer
key length implies a larger number of possible keys, which makes searching for the correct key
a more time consuming process. Any key length less than 64-bits is no longer considered to be
secure.
Symmetric Encryption Keys:
In symmetric key systems, both the sender and the receiver of the message must have access to
the same key. This shared secret key is used to both encrypt and decrypt the message.
Asymmetric Cryptography:
In 1976, a concept referred to as public key cryptography was introduced by Whitefield Diffie
and martin Hellman, called the Diffie-hellman technique. The public-key method allows a
sender and a receiver to generate a shared, secret key over an insecure telecommunications line.
This process uses an algorithm based on the sender’s and receiver’s public and private
information. The following steps are used
1. The sender determines a secret value a.
2. A related value, A, is derived from a. A is made public.
3. The receiver determines a secret value b.
4. A related value, B is derived from b. B is made public.
5. The Diffie-Hellman algorithm is used to calculate a secret key corresponding the key pairs (a,
B) and (b, A). the sender knows his private value, a and the receiver’s public value, B. the
receiver knows her private value, b , and the sender’s public value, A. the secret key is generated
from (a, B) and (b, A) by an algorithm that makes it computationally infeasible to calculate the
secret key from solely knowing the two public values, A and B. In order to generate the secret
key, one of the secret values must be known. The secret key is shared avoiding the problem of
transmitting it over an insecure telecommunications line.
Good encryption practices:
The following are the few good encryption practices that foster stronger security.
1. Password maintenance: Never share your secret password. A password can be used to
protect your private key, and therefore your digital signature.
2. Key length: Use an appropriate key length whenever possible. The longer the key length, the
greater the security. For domestic use a key length of at least 64-bits should be used.
3. Compressed files: In order to reduce transmission time, data compression is frequently used
to reduce the size of a file. Most loss less data compression techniques are based on removing
redundancy from the file.

15