1. Introduction, IT and business, E-commerce: Concepts Electronic Communication, Internet and intranets. 2. EDI to E-commerce. Concerns for E-commerce Growth, Technical issues, Security issues. 3. Security Technologies: Cryptography, Public Key Algorithms, Private Key Algorithms, Hashing techniques, Cryptographic Applications, Encryption, Digital Signature. 4. Protocols for Transactions. SSL-Secure Socket Layer, SET-Secure Electronic Transaction. Cyber Cash, Dig cash.

1. E – Commerce
•By: Prof. Ganesh Ingle

2. 2
Course Outline
Overview of e-commerce
The Internet and the WWW
E-commerce software building blocks and tools
Scalability, high-performance servers, web
caching
Basic cryptography
Security, watermarking, firewalls
Payment systems
Current and future directions

3. 3
Electronic Commerce (E-Commerce)
Commerce refers to all the activities the
purchase and sales of goods or services.
Marketing, sales, payment, fulfillment,
customer service
Electronic commerce is doing commerce
with the use of computers, networks and
commerce-enabled software (more than
just online shopping)

4. 4
Brief History
 1970s: Electronic Funds Transfer (EFT)
 Used by the banking industry to exchange account information over
secured networks
 Late 1970s and early 1980s: Electronic Data Interchange (EDI) for
e-commerce within companies
 Used by businesses to transmit data from one business to another
 1990s: the World Wide Web on the Internet provides easy-to-use
technology for information publishing and dissemination
 Cheaper to do business (economies of scale)
 Enable diverse business activities (economies of scope)

5. 5
E-commerce applications
Supply chain management
Video on demand
Remote banking
Procurement and purchasing
Online marketing and advertisement
Home shopping
Auctions

7. Ecommerce infrastructure
7
Information superhighway infrastructure
Internet, LAN, WAN, routers, etc.
telecom, cable TV, wireless, etc.
Messaging and information distribution
infrastructure
HTML, XML, e-mail, HTTP, etc.
Common business infrastructure
Security, authentication, electronic payment,
directories, catalogs, etc.

8. The Main Elements of E-commerce
8
 Consumer shopping on the Web, called B2C (business to
consumer)
 Transactions conducted between businesses on the
Web, call B2B (business to business)
 Transactions and business processes that support selling
and purchasing activities on the Web
Supplier, inventory, distribution, payment
management
Financial management, purchasing products and
information

9. Advantages of Electronic Commerce
9
Increased sales
Reach narrow market segments in geographically
dispersed locations
Create virtual communities
Decreased costs
Handling of sales inquiries
Providing price quotes
Determining product availability
Being in the space

10. 10
Disadvantages of Electronic Commerce
Loss of ability to inspect products from
remote locations
Rapid developing pace of underlying
technologies
Difficult to calculate return on
investment
Cultural and legal impediments

11. The process of e-commerce
11
1. Attract customers
 Advertising, marketing
2. Interact with customers
 Catalog, negotiation
3. Handle and manage orders
 Order capture
 Payment
 Transaction
 Fulfillment (physical good, service good, digital good)
4. React to customer inquiries
 Customer service
 Order tracking

12. Web-based E-commerce Architecture
12
•Client
•Tier 1
•Web Server
•Tier 3•Tier 2 •Tier N
•Application
Server
•Database
Server
DMS

13. 13
E-commerce Technologies
 Internet
 Mobile technologies
 Web architecture
 Component programming
 Data exchange
 Multimedia
 Search engines
 Data mining
 Intelligent agents
 Access security
 Cryptographic security
 Watermarking
 Payment systems

14. Infrastructure for E-commerce
14
 The Internet
 system of interconnected networks that spans the globe
 routers, TCP/IP, firewalls, network infrastructure, network
protocols
 The World Wide Web (WWW)
 part of the Internet and allows users to share information
with an easy-to-use interface
 Web browsers, web servers, HTTP, HTML, XML
 Web architecture
 Client/server model
 N-tier architecture; e.g., web servers, application servers,
database servers, scalability

15. 15
Internet vs Intranet

16. Types of e-commerce
16
 B2B: E-commerce that is conducted between businesses is referred to as Business-to-
business
 (1) open to the entire public or (2) limited to a group of businesses who have
been part of the specific group
 Transaction cost reduced through reduction in
 search costs
 costs of processing transactions (e.g. invoices, purchase orders and
payment schemes)
 cost in trading processes
 eliminating intermediaries and distributors
 increase in price transparency
 creates supply-side cost-based economies of scale

17. Types of e-commerce..contd…
 B2C Commerce
 commerce between companies and consumers
 involves customers gathering information; purchasing physical goods or
information goods
 online retailing companies such as Amazon.com, Drugstore.com, Beyond.com,
Flipkart.com, Lenskart.com
 reduces transactions costs
 increasing consumer access to information
 reduces market entry barriers
17

18. ..Contd…
 B2G e-commerce
 commerce between companies and the public sector
 use of the Internet for public procurement
 licensing procedures
18

19. ..Contd…
 C2C e-commerce
 commerce between private individuals or consumers
 online auctions
 auctions facilitated at a portal, such as eBay, which allows online real-time bidding on
items being sold in the Web;
 peer-to-peer systems, such as the Napster model (a protocol for sharing files between
users used by chat forums similar to IRC) and other file exchange and later money
exchange models; and
 classified ads at portal sites such as Excite Classifieds and eWanted (an inter- active,
online marketplace where buyers and sellers can negotiate and which features “Buyer
Leads & Want Ads”).
 Consumer-to-business (C2B) transactions involve reverse auctions, which empower the
consumer to drive transactions. A concrete example of this when competing airlines
gives a traveler best travel and ticket offers in response to the traveler’s post that she
wants to fly from New York to San Francisco.
 There is little information on the relative size of global C2C e-commerce. However, C2C
figures of popular C2C sites such as eBay and Napster indicate that this market is quite
large. These sites produce millions of dollars in sales every day
19

20. M-Commerce
20
 buying and selling of goods and services through wireless technology
 handheld devices such as cellular telephones and personal digital assistants
(PDAs) are used
 m-commerce will become the choice for digital commerce transactions
 bill payment and account reviews can all be conducted from the handheld
devices
 consumers are given the ability to place and pay for orders on-the-fly
 delivery of entertainment, financial news, sports figures and traffic updates to a
single mobile
 different server than that accessed by the regular online users
 allow users to book and cancel rail, flight, movie tickets through their mobile
devices

21. M-Commerce..contd..
 critical considerations for this strategy is the software solution that the organization
uses
 ‘all in one’ device strategy vs individual device based technology
 banks can use cost effective virtual distribution channel
 Financial inclusion
 Greater reach across the population
 convenience without compromising security
 benefits are in terms of usage, reach, cost of installation, efforts and money for
maintenance, upgradeability and sustainability
21

22. M commerce..contd..
 address the needs of all the players (including regulatory requirements)
 solution is adopted that can be deployed fast, and can be scalable
 care of disparate systems, customized solutions and maintenance cost
 a platform that easily integrates new services and allows banks to be flexible
 allowing the bank to reap benefits from the full potential of the mobile commerce
 M commerce strategy requires a clear vision and objectives and not ‘one size fits all’
approach
22

23. Factors affecting e-commerce
 Major forces fuelling e-commerce
 economic forces,
 marketing and customer interaction forces, and
 Technology
 communications costs,
 low-cost technological infrastructure,
 speedier and more economic electronic transactions with suppliers,
 lower global information sharing and advertising costs, and
 cheaper customer service cost
 networking of corporations, suppliers, customers/clients, and independent
contractors into one community
 Networking of the various departments within a corporation, and of business
operations and processes
23

24. Factors affecting e-commerce..contd..
 critical business information to be stored in a digital form
 retrieved instantly
 transmitted electronically
 connecting businesses (small, medium or large) to trading partners
 sourcing out supplies, buying and selling goods and services online in real time
 center for management of content and the processing of business transactions
 support services such as financial clearance and information services
 regional, vertical and industry-specific interoperable B2B e-markets across the globe
24

25. Factors affecting e-commerce..contd..
 provide their target consumers with more detailed product and service information
using e-commerce
 logistical and technological infrastructure to other retailers
 expertise in credit analysis
 tracking orders
 product comparison systems
 digitizing content, compression and the promotion of open systems technology
 convergence of telephone services, television broadcast, cable television, and
Internet access
25

26. E-commerce components
 A corporate Web site with e-commerce capabilities
 A corporate intranet so that orders are processed in an efficient manner
 IT-literate employees to manage the information flows and maintain the e-commerce
system
 Banking institutions that offer transaction clearing services
 National and international logistics
 cost-efficient transport of small and big packages
 critical mass of the population with access to the Internet and disposable income
 Firms/Businesses with order fulfilling capability
26

27. E-commerce components..contd..
 A legal framework governing e-commerce transactions
 Legal institutions that would enforce the legal framework
 A robust and reliable Internet infrastructure;
 A pricing structure that doesn’t penalize consumers for spending time on and buying
goods over the Internet
 global collection of networks connected to share information
 common set of protocols
27

28. E-commerce components
28
 Important component of e-commerce based firm is the website
 website should have technology that will make it easier for its customers to
navigate
 site should offer every single feature necessary
 fully-functional and sustainable ecommerce web site
 stable server for hosting
 provide customer specific services
 technology partners who constantly upgrade the features as well as technology
 help business partners such as logistics partners and suppliers to share and
exchange business data
 Alternatively SaaS can be used for running these services (reduce cost)

29. Business transformation through e-commerce
 Linking stakeholders through e-commerce
 Supply chain management integration
 The product flow
 The information flow
 The finances flow
 Shared data in diverse database systems, data warehouse
 Sharing data “upstream” (with a company’s suppliers) and “downstream” (with a
company’s clients)
 shared digital business infrastructure
 including integrated value chains
 e-business management model
 business policies consistent with e-commerce laws, teleworking/virtual work,
distance learning, incentive schemes
29

30. E-COMMERCE APPLICATIONS: ISSUES AND PROSPECTS
 e-banking, e-tailing and online publishing/online retailing
 telephone banking, credit cards, ATMs
 E-commerce in developing countries
 Cash-on-delivery
 Bank payments
 electronic payment system
 Security issues in e-payment
 Factors the growth of e-banking in developing countries
 access to the Internet
 Inclination for banking over the internet
 access to high-quality products
 Security over internet
30

31. E-Commerce Software
31
 Content Transport
 pull, push, web-caching, MIME
 Server Components
 CGI, server-side scripting
 Programming Clients
 Sessions and Cookies
 Object Technology
 CORBA, COM, Java Beans/RMI
 Visual Studio .NET 2005 (ORCAS, ASP.NET, … etc)
 Technology of Fulfillment of Digital Goods
 Secure and fail-safe delivery, rights management

32. System Design Issues
32
Good architectural properties
Functional separation
Performance (load balancing, web caching)
Secure
Reliable
Available
Scalable

33. 33
Cryptography
 Keeping secrets
 Privacy: interceptor cannot use information
 Authentication: sender’s identity cannot be forged
 Integrity: data cannot be altered
 Non-repudiation: sender cannot deny sending
 How to evaluate cryptography
 Secret key (symmetric) cryptography; e.g., DES
 Public key (asymmetric) cryptosystems; e.g, RSA
 Digital signatures, digital certificates
 Key management; e.g., PKI

34. 34
Public-Key Cryptography
Encrypting and decrypting a message using public-key
cryptography.

35. Basic terminology
1. Plaintext: original message to be encrypted
2. Ciphertext: the encrypted message
3. Enciphering or encryption: the process of
converting plaintext into ciphertext
4. Encryption algorithm: performs encryption
5. Two inputs: a plaintext and a secret key

36. Symmetric Cipher Model

37. Deciphering or decryption: recovering plaintext from
ciphertext
Decryption algorithm: performs decryption
Two inputs: ciphertext and secret key
Secret key: same key used for encryption and
decryption. Also referred to as a symmetric key
Symmetric Cipher Model

38. Cipher or cryptographic system :
A scheme for encryption and decryption
Cryptography:
Science of studying ciphers
Cryptanalysis:
Science of studying attacks against
cryptographic systems
Cryptology: cryptography + cryptanalysis
Symmetric Cipher Model

39. Ciphers
Symmetric cipher: same key used for
encryption and decryption
Block cipher: encrypts a block of plaintext at a
time (typically 64 or 128 bits)
Stream cipher: encrypts data one bit or one
byte at a time
Asymmetric cipher: different keys used
for encryption and decryption

40. Security
40
 Concerns about security
 Client security issues
 Server security issues
 Security policy, risk assessment
 Authentication methods
 Something you know: passwords
 Something you have: smart card
 Something you are: biometrics
 Firewalls, proxy servers, intrusion detection
 Denial of service (DOS) attacks, viruses, worms

41. 41
Payment Systems
 Role of payment
 Cash
 properties: wide accept, convenient, anonymity, un-
traceability, no buyer transaction cost
 Online credit card payment, Smart Cards
 Secure protocols: SSL, SET
 Internet payment systems
 Electronic cash, digital wallets
 Micro-payments
 Wireless devices

42. Transactions Processing
42
Transactions and e-commerce
Overview of transaction processing
Transaction processing in e-commerce
Keeping business records, audit, backup
High-availability systems
Replication and scaling
Implementation

43. 43
Other System Components
Taxes
Shipping and handling
Search engines
Data mining
Intelligent agents
Inventory management, enterprise
resource planning (ERP)
Customer relation management (CRM)

44. 44
• SSL was first developed by Netscape in 1994 and
became an internet standard in 1996 ( RFC 2246
– TLS V1.0)
• SSL is a cryptographic protocol to secure network
across a connection-oriented layer
• Any program using TCP can be modified to use
SSL connection
Encryption and its types SSL Facts

45. 45
• SSL connection uses a dedicated TCP/IP
socket(e.g. port 443 for https)
• SSL is flexible in choice of which symmetric
encryption, message digest, and authentication
can be used
• SSL provides built in data compression
SSL Facts

46. 46
• Authenticate the server to the client
• Allow the client and server to select
cryptographic algorithms, or ciphers, that they
both support
• Optionally authenticate the client to the server
• Use public key encryption techniques to
generate shared secret
• Establish an encrypted SSL connection
SSL Usage

47. 47
SSL is a secure protocol which runs
above TCP/IP and allows users to
encrypt data and authenticate
servers/vendors identity securely
Application
layer
Transport
layerTCP/IP layer
SMTPSFTPSHTTPS
SECURE SOCKET LAYER
SSL

48. 48
SSL

49. 49
SSL Record Protocol Operation

50. 50
Digital Signature

51. 51
Digital Signature

52. 52
Cyber Cash

53. 53
Digital Cash

54. 54
Digital Cash

55. 55
SSL vs SET

56. 56
Hashing
Hashing is an algorithm that calculates a fixed-size bit string value
from a file. A file basically contains blocks of data. Hashing
transforms this data into a far shorter fixed-length value or key
which represents the original string. The hash value can be
considered the distilled summary of everything within that file.
A good hashing algorithm would exhibit a property called the
avalanche effect, where the resulting hash output would change
significantly or entirely even when a single bit or byte of data within
a file is changed. A hash function that does not do this is
considered to have poor randomization, which would be easy to
break by hackers.

57. 57
Hashing
A hash is usually a hexadecimal string of several characters.
Hashing is also a unidirectional process so you can never work
backwards to get back the original data.
A good hash algorithm should be complex enough such that it
does not produce the same hash value from two different inputs. If
it does, this is known as a hash collision. A hash algorithm can
only be considered good and acceptable if it can offer a very low
chance of collision.
Types of Hashing
There are many different types of hash algorithms such as
RipeMD, Tiger, xxhash and more, but the most common type of
hashing used for file integrity checks are MD5, SHA-2 and CRC32.

58. 58
Hashing Tecnique

59. 59
Hashing Tecnique