Download - Web engineering UNIT V as per RGPV syllabus
Unit-V/Web Engineering Truba College of Sc. Tech., Bhopal
Prepared By: Ms. Nandini Sharma(CSE DEPT.) Page 1
INTRODUCTION
E Commerce stands for electronic commerce and caters to trading ingoods and services through the
electronic medium such as internet, mobile or any other computer network. It involves the use of
Information and Communication Technology (ICT) and Electronic Funds Transfer (EFT) in making
commerce between consumers and organizations, organization and organization or consumer and
consumer. With the growing use of internet worldwide, Electronic Data Interchange (EDI) has also
increased in humungous amounts and so has flourished e-commerce with the prolific virtual internet
bazaar inside the digital world which is righty termed as e-malls.
We now have access to almost every knick-knack of our daily lives at competitive prices on the
internet. No matter one is educated or illiterate, an urbane or a countryman, in India or in U.K; all
you need is an internet connection and a green bank account. With e-commerce then, you can buy
almost anything you wish for without actually touching the product physically and inquiring the
salesman n number of times before placing the final order. Here is a beautiful picture depicting how
has human life evolved to adapt to the digital world and hence trading over the internet. As seen,
from pizza and potted plant to pair of shoes, we have everything on sale on the internet available in
tempting offers..!! Snapdeal.com, Amazon, eBay, Naaptol, Myntra, etc are some of the most popular
e-commerce websites. E-Commerce or Electronics Commerce business models can generally
categorized in following categories.
Business - to - Business (B2B)
Business - to - Consumer (B2C)
Consumer - to - Consumer (C2C)
Consumer - to - Business (C2B)
Business - to - Government (B2G)
Government - to - Business (G2B)
Government - to - Citizen (G2C)
1. Business - to - Business (B2B) - Website following B2B business model sells its product to
an intermediate buyer who then sells the product to the final customer. As an example, a
wholesaler places an order from a company's website and after receiving the consignment,
sells the end product to final customer who comes to buy the product at wholesaler's retail
outlet.
Unit-V/Web Engineering Truba College of Sc. Tech., Bhopal
Prepared By: Ms. Nandini Sharma(CSE DEPT.) Page 2
2. Business - to - Consumer(B2C) - Website following B2C business model sells its product
directly to a customer. A customer can view products shown on the website of
business organization. The customer can choose a product and order the same. Website will
send a notification to the business organization via email and organization will dispatch the
product/goods to the customer.
3. Consumer - to - Consumer (C2C) - Website following C2C business model helps consumer
to sell their assets like residential property, cars, motorcycles etc. or rent a room by
publishing their information on the website. Website may or may not charge the consumer for
its services. Another consumer may opt to buy the product of the first customer by viewing
the post/advertisement on the website.
Unit-V/Web Engineering Truba College of Sc. Tech., Bhopal
Prepared By: Ms. Nandini Sharma(CSE DEPT.) Page 3
4. Consumer - to - Business (C2B) - In this model, a consumer approaches website showing
multiple business organizations for a particular service. Consumer places an estimate of
amount he/she wants to spend for a particular service. For example, comparison of interest
rates of personal loan/ car loan provided by various banks via website. Business organization
who fulfills the consumer's requirement within specified budget approaches the customer and
provides its services.
5. Business - to - Government (B2G) - B2G model is a variant of B2B model. Such websites are
used by government to trade and exchange information with various business organizations.
Such websites are accredited by the government and provide a medium to businesses to
submit application forms to the government.
Unit-V/Web Engineering Truba College of Sc. Tech., Bhopal
Prepared By: Ms. Nandini Sharma(CSE DEPT.) Page 4
6. Government - to - Business (G2B)- Government uses B2G model website to approach
business organizations. Such websites support auctions, tenders and application submission
functionalities.
7. Government - to - Citizen (G2C) - Government uses G2C model website to approach citizen
in general. Such websites support auctions of vehicles, machinery or any other material. Such
website also provides services like registration for birth, marriage or death certificates. Main
objectives of G2C website are to reduce average time for fulfilling people requests for various
government services.
E-COMMERCE INFRASTRUCTURE
Every business requires an infrastructure to support its customers and operations. This includes
facilities, equipment, and processes to support all the functional areas of your business. Choosing the
correct infrastructure to match your business strategies enables your operations to run efficiently.
Conversely, if an element of your infrastructure is out of sync with your strategies, you will likely
feel the pain in every aspect of your business.
Here’s an example. If your value proposition is to provide the highest level of customer service for
premium products, then your infrastructure should include processes to deliver quick and responsive
service, including live chat, self-service tools, and quick turnaround on questions and orders. I
addressed strategies for value propositions earlier, in ―What’s the Value Proposition of Your
Ecommerce Company?‖
If your value proposition is to provide the lowest prices every day, then your infrastructure should be
focused being the low cost provider. You can accomplish this in various ways, but you need to
ensure that your cost of goods sold and overhead expenses — which include infrastructure costs —
are as low as possible.
Typically, ecommerce businesses try to maintain a high degree of flexibility in their infrastructure to
keep fixed costs low and to be able to react quickly to market changes or competitive pressures. A
key infrastructure decision is whether to outsource or manage operations in house.
Most ecommerce businesses are small, with fewer than 25 employees. If you look at all the
functional areas of the business that must be managed on a daily basis, it will be hard to find and
afford an in house staff with all the skills required be successful. When deciding on your business
infrastructure and operations, be sure to evaluate what your core strengths are. Know what you do
Unit-V/Web Engineering Truba College of Sc. Tech., Bhopal
Prepared By: Ms. Nandini Sharma(CSE DEPT.) Page 5
well and know what you do not do well. They are equally important. Look to outsource part time
activities or ones that require high levels of skill or specialization.
Here are seven important infrastructure decisions that ecommerce businesses face.
1. Marketing - Of all the infrastructure elements, marketing may be the most important. To succeed,
your website must be found. Once visitors are on your site, you need to keep them there and compel
them to buy from you. That’s the job of your marketing team. Whether it’s website design, social
media, search marketing, merchandising, email, or other forms of advertising, it’s all about
marketing.
To effectively manage marketing activities in-house is very challenging. Most small ecommerce
businesses outsource some element of marketing.
2. Facilities - A key competitive advantage that ecommerce businesses have over brick-and-mortar
stores is the investment in their physical offices and warehouses. In many cases, you can host your
business out of a home office and your basement or garage. If you drop ship or outsource fulfilment,
you may be able to do that for a long period of time. Even when you grow to have many employees,
you can set up your offices in class B or C space, as you have no need for a fancy store in the right
location.
A word of advice is to keep your options flexible. Try to find an office park that has a wide variety of
spaces in different sizes. You may be able to start in a smaller space and move up to a larger one
without penalty, as your needs change.
3. Customer Service - There are many choices today for delivering high-quality customer service.
You can manage those activities in-house or outsource to a third party. Basic customer service for
sales and post-sales activities can be handled using email, and by providing an 800 number for more
extensive phone support. A customer-management system will make those activities easier, but for
smaller companies it is not a requirement.
Live chat will impact your operations as someone needs to be available during specified hours of
operation. Be sure to gauge the impact of that on your organization, if you decide to handle those
activities in house.
4. Information Technology - Choosing the right ecommerce platform is one of the most important
decisions you will make in your business. Do you want to build and host your own system, outsource
the development and then manage the system going forward, or use a hosted, software-as-a-service
platform that is more turnkey and externally managed?
If you build and host your own system, you may need more cash up front and skilled administrators
and developers on your staff. By using a SaaS platform, you will not need to host or manage the
system in-house, but you may still need web developers on staff. Choosing to outsource the
development and hosting will reduce your staffing costs, but you will incur higher costs for any
future enhancements or changes to your websites.
Unit-V/Web Engineering Truba College of Sc. Tech., Bhopal
Prepared By: Ms. Nandini Sharma(CSE DEPT.) Page 6
There are pros and cons to any approach. Just be sure to think through the impacts on both your
staffing and your cash flow and bottom line before you move forward.
5. Fulfilment - Another key decision is whether you will manage your own inventory or outsource
those activities to a fulfilment house or through drop shipping arrangements with your supBpliers.
Managing your own inventory will provide you with a high level of control, but you will tie up your
cash in inventory, warehouse space, and your own fulfilment staff. In some industries — like the
jewellery supply industry that my previous business was in — managing your own inventory was the
most logical choice. We had no alternative for drop shipping, and most items were purchased in bulk
and were very small. We did not trust preparation and fulfilment to an outside service.
Select the best fulfilment option to meet your needs. Be sure to understand the costs involved and
analyze the other options before moving forward.
6. Finance and Administration - As with other business operations, you will need to decide if you
want to manage your finance and administration activities in-house, outsource, or a hybrid of the
two. If your ecommerce platform is tightly integrated to your accounting system, you may have very
little need for an in-house bookkeeper. If you use separate systems for your website, order
management and accounting, you may need more help for data entry and making sure that the
information is properly managed Many ecommerce companies use outside services for vendor
payments, payroll, and other basic accounting activities. They decide to focus on the sales,
marketing, and customer service. This allows them to maintain a focus on growing their businesses,
instead of paying an internal accountant — or doing that work yourself as the business owner.
On the administration side, you need a leadership team and provide direction to them. Good
communication is important, whether you have 3 or 100 employees. Whether you choose to be more
authoritative or democratic in your management style is up to you. But choose a style and stay
consistent. Be sure that everyone understands their roles, as well as the overall business strategies.
You may need to adjust your approach as your business evolves.
7. Human Resources - Many small-business owners avoid the human resources function. Recruiting,
setting up compensation, maintaining compliance and other HR activities are specialized and time
consuming. You may choose to bring the resources in-house to manage those activities, but also
evaluate outsourcing them. There are many individuals and agencies well equipped to take on your
HR activities.
ELECTRONIC COMMERCE ENVIRONMENT AND OPPORTUNITIES
Electronic commerce includes all forms of business transactions, such as the purchase of goods or
services, undertaken through electronic means, such as telephones, televisions, computers, and
the Internet. It is believed to be the means through which most business will be conducted in the
future. With the growing numbers of people connecting to the Internet, electronic commerce is
gaining rapid acceptance. Many people think of electronic commerce in terms of shopping on the
Internet, or shopping on-line, but it's really much more than that. Electronic commerce impacts our
lives in more ways than we realize.
Unit-V/Web Engineering Truba College of Sc. Tech., Bhopal
Prepared By: Ms. Nandini Sharma(CSE DEPT.) Page 7
A manufacturer checking inventory on parts at a supplier's warehouse through the
Internet in evolved in electronic commerce.
A direct deposit transaction, such as the direct deposit of a paycheck or a tax
refund into a bank account, is an electronic commerce transaction.
A person advertising a seldom used exercise bike on-line is engaging in electronic
commerce.
Each time someone takes money out of an ATM, or uses a debit or credit card to
purchase goods or services, that person is taking part in electronic commerce.
A catalogue shopper placing an order over the telephone is also participating in
electronic commerce.
Electronic commerce may be in the form of business to business activities, business to consumer, or
direct consumer to consumer contacts. Links to governments, educational institutions, libraries and
not-for-profit organizations are all a part of the electronic commerce environment. Goods, services,
and information are the content of electronic commerce; the whole world is its venue.
Evolution of the Internet and Electronic Commerce
Although electronic commerce encompasses all forms of electronic commercial transactions, the
recent commercialization of the Internet has greatly facilitated the growth of electronic commerce.
The basis of today's Internet was initially developed through U.S. Government investment
in computer networking technology dating back to the 1960's. The Internet was originally used for
linking and transmitting information among scientists and universities doing government sponsored
research in diverse locations. In the 1990's, however, the network was commercialized. Since then,
the number of business transactions taking place electronically has grown at an astronomical pace. In
fact, the volume of electronic commerce is projected to grow from just $8 billion in 1997 to well
over $327 billion in the year 2002.
Electronic Commerce Environment
For the purpose of this bulletin we will concentrate primarily on the purchase of goods and services
on-line, a form of electronic commerce using the Internet that is becoming very popular with
consumers. In fact, a recent study found that 10 million people in the U.S. and Canada have actually
purchased something on-line, up from 7.4 million just six months earlier.(1)
To shop on-line, consumers need a computer or network device that is connected to the Internet
through an Internet service provider (ISP). Generally, most ISPs provide local access numbers that
home computer owners can dial into directly through telephone lines. ISPs not only act as a
"gateway" or "on ramp" to the Internet, but many also provide their own information and
entertainment services and shopping outlets. Once connected to the Internet, web
browsers and search engines help consumers locate specific destinations on the network, such as
the web site for a particular store or product manufacturer. Consumers can either type in the specific
Internet addresses or search for locations by entering keywords that describe what they are looking
for.
Unit-V/Web Engineering Truba College of Sc. Tech., Bhopal
Prepared By: Ms. Nandini Sharma(CSE DEPT.) Page 8
Products and services are arranged in a variety of ways on the Internet. For example, many retail
stores and catalogue companies now offer their goods on-line for selection and purchase by
customers. New on-line or "virtual" stores selling everything from books and CDs to computer
equipment and used automobiles are now open for business on the World Wide Web. Providers of
services such as real estate brokers, insurance companies and travel agents also have an on-line
presence. Some airlines, for example, offer discounted "cyberfares" to consumers who book their
arrangements via the Internet.
However, an Internet shopper need not go directly to an on-line store in order to buy something.
Some media sites, ISPs, and search engines prominently feature retailers and provide direct links to
their sites. Specialty retailers, large discounters, service companies, and mall/marketplaces from
around the world have their place on-line.
Most on-line shopping outlets try to make the electronic shopping experience as familiar and easy for
consumers as possible. Physical goods such as flowers, clothing, and household products are often
described with detailed product information, pricing and size information, and are represented with
photographs of the product. When ready to make a purchase, the customer has only to decide
whether to complete the transaction on-line or not. To purchase on-line, a customer selects the
product, enters basic name and address information along with a credit card number, depresses the
enter key on the computer, and the transaction is completed. Some consumers, however, prefer to use
the Internet primarily as an information resource, comparing prices and then making their purchases
through traditional means.
Advantages of Electronic Commerce for Consumers
There are numerous advantages for consumers who shop on-line. These include:
Access to a truly global marketplace with an availability of sources from around the
world.
Access to products, services and information at any time of day or night.
The convenience and speed of shopping without leaving home.
Easier price comparisons and often discounted prices for goods purchased directly on-
line.
An interactive opportunity to learn more about products and how to use them.
Security of Information
How safe is it to provide credit card information over the Internet? Will someone else be able to steal
and use credit card information provided? Is ordering through the Internet as safe as ordering by
phone or mail?
Most Internet purchases are currently made by entering credit card and delivery information on a
computerized form and transmitting it electronically to the retailer. Even though consumers are
accustomed to giving credit card information over the telephone, many are reluctant to give it on-line
for fear that it will be stolen or misused. This reluctance is often cited as the largest barrier to the
growth of retail sales on the Internet.
Unit-V/Web Engineering Truba College of Sc. Tech., Bhopal
Prepared By: Ms. Nandini Sharma(CSE DEPT.) Page 9
Internet retailers, however, are using technology and standards for safeguarding sensitive information
that consumers provide as part of an electronic transaction. Before completing on-line transactions,
consumers should take time to become familiar with methods the retailer uses for protecting their
information.
To reassure potential customers, many on-line retailers offer descriptions of the technology used to
protect credit card transactions. As with traditional transactions, there is always some risk involved
with exchanging personal data over the Internet. However, as technology develops and more people
shop on-line and have trouble-free experiences, concerns about security should lessen.
Privacy
Consumers are also concerned about who is going to see the information that is provided and about
the use of the information once the transaction is completed. Will others have access to their personal
information? Will lists of personal information be sold to providers of similar or related products?
The privacy rights of individuals must be balanced with the benefits derived from the free flow of
information. But, a certain amount of personal privacy must be assured to increase consumer
confidence in the use of the system.
In order to empower consumers to have control of their own personal information, the U.S.
Government is encouraging the private sector to establish codes of conduct and self-regulation for
the protection of consumer privacy. Effective self-regulation involves substantive rules, as well as
the means to ensure that consumers know the rules, that companies comply with them, and that
consumers have appropriate recourse when there is non-compliance.
The Role of Government in Electronic Commerce
Commerce on the Internet promises to total tens of billions of dollars by the turn of the century. For
this potential to be realized fully, the U.S. Government believes that governments must adopt a non-
regulatory, market-oriented approach to electronic commerce, one that facilitates the emergence of a
predictable legal environment to support global business and commerce. The U.S.Government's
approach to electronic commerce policy making is that:
The private sector should lead.
Governments should avoid undue restrictions on electronic commerce.
Where government involvement is needed, its aim should be to support and enforce a
predictable and simple legal environment for electronic commerce.
Governments should recognize the unique qualities of the Internet.
Electronic commerce over the Internet should be facilitated globally.
Governments around the world are participating in the creation of legal frameworks that will
facilitate electronic transactions nationally and globally. The challenge is to provide an adequate
level of protection for consumers and businesses without stifling competition and technological
development through excessive or unnecessary regulation. Mechanisms should be established that
give consumers assurances that their on-line transactions carry the same legal rights and
responsibilities as off-line transactions. Questions regarding customs and taxes, protection of
Unit-V/Web Engineering Truba College of Sc. Tech., Bhopal
Prepared By: Ms. Nandini Sharma(CSE DEPT.) Page 10
intellectual property rights as they affect consumers, privacy and security, and protection against
fraud are under discussion in a variety of fora--both national and international. For example:
Through the World Trade Organization, the U.S. Government is seeking to have the
Internet declared a tariff-free environment.
The Treasury Department is debating tax issues and the development of electronic
payment systems through the Organization for Economic Cooperation and
Development.
Uniform Commercial Codes are now being considered at the international level.
The Department of Commerce is working with U.S. industry and foreign governments
to develop self-regulatory mechanisms that protect consumer privacy and the
collection, storage and re-use of personal data.
The Federal Government is also working to encourage technological developments to
expand Internet capabilities and the further development of the global
telecommunications infrastructure.
The Role of Security for E-commerce
E-commerce has many standardized security services. These services deal with the control and flow
of information so that the information’s integrity remains as its originator intended. These services
protect E-commerce transactions by:
Authentication: Identities such as users, computers, and files can be uniquely identified.
Control of Access: Controlling unwanted access to realms of the internetwork.
Data Confidentiality: Protection of privacy.
Data Integrity Assurance: Protection of data from modifications.
Transaction Non-Repudiation: Reliability of transactions.
These security services are provided to ensure basic E-commerce requirements. Security services
provide a way for safe, authentic, and reliable communications between two or more
parties. Security not only includes that the information stays within the communicating parties but
also it can be verified and noted as authentic. Signing of contracts, registration of mail, disclosures,
anonymity, and authorization schemes of the real world must be able to be replicated and done in
the electronic world.
APPROACHES TO E-COMMERCE
The following three approaches to e-commerce are common among Australian online merchants.
1. For real time e-commerce the merchant establishes the internet merchant facility with their
bank, integrates the payment gateway, and uses either a shopping cart or order form for
information capture. In most circumstances it will be easier and more cost effective for the
merchant to charge in Australian dollars only.
Unit-V/Web Engineering Truba College of Sc. Tech., Bhopal
Prepared By: Ms. Nandini Sharma(CSE DEPT.) Page 11
From a security point of view the advantage of using a payment gateway means that the
customer’s details (name, address, credit card number) are not captured (or seen) by the
merchant but rather are captured by the payment gateway provider only. Also the transfer of
the customer’s details from the merchant’s website to the payment gateway is secure
(encrypted) and cannot be intercepted.
2. Another approach is where the merchant uses a third party hosted solution such as Paypal,
Worldpay or Paymate who look after some or all of the key components of e-commerce. The
advantage is the ease in which the Australian company can charge the customer in different
currencies without having to establish dedicated currency bank accounts.
3. The last approach and the least preferred from a security perspective is where the merchant
uses either a shopping cart or order form for information capture and then manually re-keys
the credit card number into an EFTPOS facility they have leased from a bank. Essentially the
website captures the order information and the transaction is processed manually off-line.
With this approach the company does not require a payment gateway service because the
transaction is not in real time.
This approach is not preferred for a number reasons relating to security. The problem is that once the
customer details (name, address, credit card number) are entered into the online order form in order
for the merchant to access them, they are either emailed or stored in a back-end database for
retrieval. If emailed they are generally unsecured (not encrypted). If they are stored in the database,
behind password access, they are still potentially vulnerable to a hacker who knows a thing or two
about data bases.
ELECTRONIC PAYMENT
Traditionally, all payment transaction involved some form of paper, whether a check, an invoice, a
credit card slip or cash. Now you can pay all of your monthly bills with a few clicks of the mouse,
purchase products without leaving your desk or sofa and have your paycheck directly deposited into
your bank account.
Characteristics of e-payments
An electronic payment is a payment that is transmitted electronically either over
telephone lines or between web sites on the internet.
No tangible currency such as a bank note or check changes hands.
Any information required to make the payment such as a credit card number or Personal
Identification Number (PIN), exists only in digital form.
Projected growth - The use of electronic methods to pay bills and purchase products online is
growing as the internet grows.
Electronic Payment Categories - Most e-payments is for B2B and B2C. You can divide e-payments
for B2C into two categories –:
Unit-V/Web Engineering Truba College of Sc. Tech., Bhopal
Prepared By: Ms. Nandini Sharma(CSE DEPT.) Page 12
Payments made for goods and services purchased online. For example, the consumer selects
a product, completes an online form and selects a payment method, such as credit card, debit
card, e-cash or e-check.
Payments made in response to bills or invoices. For example, a consumer authorizes a bank
to transfer money from a bank account to specified recipients such as the telephone
company or a utility company.
Electronic Payment Process
A customer who decides to purchase an item from an online business is transferred to a
secure server where he or she enters a credit card number into a form.
The information entered into the secure server is encrypted using security technologies.
The payment information moves to the online transaction server where the payment is
authorized (or declined), depending on whether the credit card number is valid and the
customer has sufficient credit to cover the purchase.
If the credit card information is valid and funds are available, the information is
transmitted to the institution or organization that receives payments owed to the merchant
and a deposit is made to the merchant’s bank account.
The customer is informed that the transaction has been processed and shipping the goods
has been initiated.
If the goods are shipped electronically such as a downloadable computer game, then the
entire process could take no more than a minute or two from the time the customer
submits the payment to the time that the file appears on the customer’s hard drive,
depending on the size of the file and the computer’s download speed. Figure 6.1
illustrates the process.
Figure 6.1: Electronic payment process
Unit-V/Web Engineering Truba College of Sc. Tech., Bhopal
Prepared By: Ms. Nandini Sharma(CSE DEPT.) Page 13
Four parts involved in e-payments:
Issuer – the bank or a financial institution which issues the credit card and sets the limit
based on the customer’s credit history.
Customer – Person who purchase a product and made an electronic payment.
Merchant – Party that receives payment form customer via electronically.
Regulator – Governmental agency which controls the electronic payment process according
to law.
Electronic Payment Issues
The increasing dependence on using electronic methods to process payments has its benefits
and its challenges.
On the other hand, electronic payments can be less expensive to process than paper
payments.
But the perceived risk of fraud might worry some vendors, while concerns about the
security of electronic transactions and the buying pattern they divulge might discourage
some consumers.
Costs and Benefits Issues
Electronic payments are intended to lower transaction costs significantly.
Since less paper resources are used to process an online payment, the environment may
benefit from a decreased demand for paper products.
On the other hand, significant technical resources, such as high-speed internet
connections, secure servers and computers capable of processing high volume
transactions, are required.
Public Key Crytography
Public key cryptography, also known as asymmetric cryptography, is a form of
cryptography in which a user has a pair of cryptographic keys - a public key and a private
key.
The private key is kept secret, while the public key may be widely distributed.
The keys are related mathematically, but the private key cannot be practically derived
from the public key.
A message encrypted with the public key can be decrypted only with the corresponding
private key.
Conversely, Secret key cryptography, also known as symmetric cryptography uses a
single secret key for both encryption and decryption.
The two main branches of public key cryptography are:
Unit-V/Web Engineering Truba College of Sc. Tech., Bhopal
Prepared By: Ms. Nandini Sharma(CSE DEPT.) Page 14
Public key encryption — a message encrypted with a recipient's public key cannot be
decrypted by anyone except the recipient possessing the corresponding private key. This is
used to ensure confidentiality.
Digital signatures — a message signed with a sender's private key can be verified by anyone
who has access to the sender's public key, thereby proving that the sender signed it and that
the message has not been tampered with. This is used to ensure authenticity.
An analogy for public-key encryption is that of a locked mailbox with a mail slot. The mail slot is
exposed and accessible to the public; its location (the street address) is in essence the public key.
Anyone knowing the street address can go to the door and drop a written message through the slot;
however, only the person who possesses the key can open the mailbox and read the message. An
analogy for digital signatures is the sealing of an envelope with a personal wax seal. The message
can be opened by anyone, but the presence of the seal authenticates the sender.
A big random number is used to make a public-key pair.
Anyone can encrypt using the public key, but only the holder of the private key can decrypt. Secrecy
depends on the secrecy of the private key. By combining your own private key with the other user's
public key, you can calculate a shared secret that only the two of you know. The shared secret can be
used as the key for a symmetric cipher. A central problem for public-key cryptography is proving
that a public key is authentic, and has not been tampered with or replaced by a malicious third party.
The usual approach to this problem is to use a public-key infrastructure (PKI), in which one or more
third parties, known as certificate authorities, certify ownership of key pairs..
Infrastructure and Security of Electronic Payment
Secure Socket Layer (SSL) - Transport Layer Security (TLS) and its predecessor,
Secure Sockets Layer (SSL), are cryptographic protocols which provide secure
communications on the Internet for such things as web browsing, e-mail, Internet
faxing, instant messaging and other data transfers. The TLS protocol(s) allow
applications to communicate across a network in a way designed to prevent
eavesdropping, tampering, and message forgery. TLS provides endpoint
authentication and communications privacy over the Internet using cryptography.
Typically, only the server is authenticated (i.e., its identity is ensured) while the client
Unit-V/Web Engineering Truba College of Sc. Tech., Bhopal
Prepared By: Ms. Nandini Sharma(CSE DEPT.) Page 15
remains unauthenticated; this means that the end user (whether an individual or an
application, such as a Web browser) can be sure with whom they are communicating.
The next level of security—in which both ends of the "conversation" are sure with
whom they are communicating—is known as mutual authentication. Mutual
authentication requires public key infrastructure (PKI) deployment to clients.
Secure Electronic Transactions (SET) - Secure Electronic Transaction (SET) is a
standard protocol for securing credit card transactions over insecure networks,
specifically, the Internet. SET is not itself a payment system, but rather a set of
security protocols and formats that enables users to employ the existing credit card
payment infrastructure on an open network in a secure fashion. SET specification lists
the following business requirements for secure payment processing with credit cards
over the Internet and other networks:
Provide confidentiality of payment and ordering information
Ensure the integrity of all transmitted data
Provide authentication that a cardholder is a legitimate user of credit
card account
Provide authentication that a merchant can accept credit card
transactions through its relationship with a financial institution
Ensure the use of the best security practices and system design
techniques to protect all legitimate parties in an electronic commerce
transaction
Create a protocol that neither depends in transport security mechanisms
nor prevents their use
Facilitate and encourage interoperability among software and network
providers
Digital Signatures - A digital signature or digital signature scheme is a type of
asymmetric cryptography used to simulate the security properties of a signature in
digital, rather than written, form. Digital signature schemes normally give two
algorithms, one for signing which involves the user's secret or private key, and one for
verifying signatures which involves the user's public key. The output of the signature
process is called the "digital signature." Digital signatures, like written signatures, are
used to provide authentication of the associated input, usually called a "message.
Messages may be anything, from electronic mail to a contract, or even a message sent
in a more complicated cryptographic protocol. Digital signatures are used to create
public key infrastructure (PKI) schemes in which a user's public key (whether for
public-key encryption, digital signatures, or any other purpose) is tied to a user by a
digital identity certificate issued by a certificate authority. PKI schemes attempt to
unbreakably bind user information (name, address, phone number, etc.) to a public
key, so that public keys can be used as a form of identification.Digital signatures are
often used to implement electronic signatures, a broader term that refers to any
electronic data that carries the intent of a signature, but not all electronic signatures
use digital signatures.
Unit-V/Web Engineering Truba College of Sc. Tech., Bhopal
Prepared By: Ms. Nandini Sharma(CSE DEPT.) Page 16
ISSUES IN ADVERTISING OF INTERNET.
Over the next several weeks, we will highlight some of the important legal issues that advertisers and
agencies face when advertising through social media platforms. In this series of articles, we will
examine:
1. Controlling and monitoring social media to protect a brand
2. The Federal Trade Commission’s (FTC) March 2013 guidelines regarding effective online
disclosures and the Securities and Exchange Commission’s (SEC) guidance regarding the use
of social media to disclose material information
3. The Twitter and Facebook terms of use regarding advertising, promotions and data
collection and use
4. The Digital Millennium Copyright Act as it relates to social media
5. The industry self-regulatory side of digital place-based advertising
As a starting point, it is important to remember that the same rules and regulations that govern traditional
advertising apply in the social media context. This means that the advertisement must be truthful (and not
misleading or deceptive), the claims made in the advertisement must be substantiated (backed by
evidence), and the advertisement cannot be unfair. The FTC recently made clear that the rules as
expressed in its new guidance are platform and device neutral and that it ―will continue to enforce
its consumer protection laws,‖ and ―evaluate online advertising, using traditional criteria, while
recognizing the challenges that may be presented by future innovations.‖ In our next column, we will
explore how companies can protect their brand when advertising through social media. Advertisers must
ensure the proper use of their intellectual property by internal and external teams and protect against the
improper use of that intellectual property by a third parties. Agencies responsible for creating and
deploying social media content must also understand what they can and cannot do. Protecting the brand
in the social media space is challenging and requires proactive measures.
ELECTRONIC PUBLISHING
The 'deliberative purchasing' model of electronic commerce represents a conventional 'industrial
revolution' / 'rationalist management' view: resources are allocated efficiently through the use of a
structured process of sequential steps. This perspective was applied to electronic publishing in Clarke
(1997g), which perceives electronic publishing to be a defined sub-set of electronic commerce:
“electronic publishing is electronic commerce in digital goods and services that are intended for
consumption by the human senses”
It encompasses a wide range of formats, including:
text;
structured data;
image, both raster/bit-map and vector;
moving image (animation and video);
sound; and
combinations of the above ('multi-media').
Unit-V/Web Engineering Truba College of Sc. Tech., Bhopal
Prepared By: Ms. Nandini Sharma(CSE DEPT.) Page 17
The following are examples of the kinds of digital goods and services that are encompassed
by that definition:
documents in electronic form, including articles and books;
data, such as statistical tables;
low-volatility reference information, such as dictionaries and encyclopaedias;
high-volatility reference information, such as news, sports reports and weather forecasts;
speeches;
musical performances;
cartoons;
films and video-clips; and
entertainment, infotainment, edutainment and education.
Software publishing requires essentially the same infrastructure as electronic publishing. Moreover,
software is increasingly an intrinsic component of electronic publications, particularly in the form of
Javascript and Java applets.
Conventional Publishing
Desk-Top Publishing
During the mid-1980s, it became feasible to prepare quite sophisticated layouts, using a PC of the
kinds affordable not only by small businesses, but also by individuals. This substantially increased
the speed of production, enabled higher quality presentation, and began to undermine the justification
of large publishing houses' dominance of the publishing process.
Electronic Publishing
Desk-top publishing essentially electronised aspects of the production process for conventionally
printed materials. During the early-to-mid-1990s, it became increasingly feasible to publish materials
using media other than sacrificial arborea (aka dead trees). CD-ROMs were an early mover, but
various forms of Internet-reticulated soft-copy emerged, and the explosion of the World Wide Web,
commencing in 1993, quickly settled the argument about the medium of choice.
Unit-V/Web Engineering Truba College of Sc. Tech., Bhopal
Prepared By: Ms. Nandini Sharma(CSE DEPT.) Page 18
Cross-Media Publishing
During the latter part of the 1990s, maturation has been taking place at both ends of the production
chain. At the content-originator's end, there is a drift away from specialised software in which to
prepare electronic publications, as mainstream 'word processing' packages are migrated towards
'document processing' tools. Meanwhile, the infrastructure is being developed to enable storage in
one, master-format (most convincingly XML), with delivery to the consumer in any of multiple
formats (e.g. HTML, Word, PDF, Postscript, XML).
Interactive Publishing
The conventional models described above provide a valuable basis for analysis. But they represent
recent and current conventionalism, and miss the revolutionary impacts of the channels and media on
which electronic publishing is built. Each model described so far has involved a production-line or
industry value-chain, with a series of providers passing materials to an ultimate consumer of content.
Publishing has assumed a mass medium, broadcast, one-way.
E-COMMERCE MARKETING CONCEPTS
Marketing Concepts has become a leader in the direct commerce industry by using the
knowledge that comes from a 20-year history in direct marketing. Our philosophy is simple; we
apply the knowledge and experience of our professional team to provide our customers with the
services they need for maximum success and profitability.
Contact Center - Marketing Concepts provides a 24/7 full-service Customer Contact Center. Our
Midwest based Contact Center team is trained and motivated to increase sales and treat your
customers with the utmost respect and care. We understand the value of treating your customers
right each and every time they make contact. Our Contact Center services include Call Center,
Mail, Email, and Chat.
Web Design & Development
Design - Today, establishing a look for your business, your website and all your communications
is important in the challenge to be recognized by consumers. A lasting image is the key to
customer recognition. Marketing Concepts' talented team of design professionals can create or
enhance your company image to make sure your customers know and recognize you across
Unit-V/Web Engineering Truba College of Sc. Tech., Bhopal
Prepared By: Ms. Nandini Sharma(CSE DEPT.) Page 19
channels.
Development - Even the most robust software products do not provide every functionality
suitable or necessary to keep up with today's fast paced web marketing needs. Marketing
Concepts' team of web programmers can help you create a website with the functionality you
want and need to run your business.
Marketing - Demanding consumers require companies to focus on the expanding challenges of
multi-channel marketing. Integrated systems with integrated strategies require insight into
creating the best marketing solutions and techniques to generate and track consumer response
and loyalty. Marketing Concepts knows how to create and manage those strategies and solutions
across channels.
Technical Solutions - Marketing Concepts offers a range of web hosting solutions from shared
servers to dedicated servers with full-redundancy. Our hosting packages include managing your
telecommunications and 24/7 customer support. Some companies need help in handling systems
integration and some companies simply want to outsource it all. Marketing Concepts has
different levels of "co-location" for Ecometry customers. From simple "house and maintaining"
to handling your HP to the max including testing code, setting up offers, or generating order and
credit card processing, we can do it all! The rapid growth of today's technology requires skill and
knowledge to provide complete and fluid service. Let the professionals at Marketing Concepts
help you manage your technology needs.
Professional Services & Consulting - Marketing Concepts provides project management
services for operational projects of every description from implementing a new software system,
to helping you move your entire operation. We also offer consulting services available in almost
every area of direct commerce.
The Information Technology Rules
The Government had notified four sets of Rules under the Information Technology Act, 2000 on
April 11, 2011. A copy of the Rules as notified and the PRS Rules and Regulations Review can be
downloaded here.
Key Features of the Rules
Four sets of Rules have been introduced under the Information Technology Act, 2000, as
amended by the Information Technology (Amendment) Act, 2008.
The Security Practices Rules require entities holding sensitive personal information of users
to maintain certain specified security standards.
The Intermediary Guidelines Rules prohibit content of specific nature on the internet. An
intermediary, such as a website host, is required to block such content.
The Cyber Café Rules require cyber cafés to register with a registration agency and maintain
a log of identity of users and their internet usage.
Under the Electronic Service Delivery Rules the government can specify certain services,
such as applications, certificates, licenses etc, to be delivered electronically.
Issues and Analysis
Unit-V/Web Engineering Truba College of Sc. Tech., Bhopal
Prepared By: Ms. Nandini Sharma(CSE DEPT.) Page 20
The Security Practices Rules require sensitive personal information to be disclosed to
government agencies. The safeguards against such disclosure differ from those under other
laws. Also, these Rules may be superseded by an agreement.
The Intermediary Guidelines Rules that allow blocking of content on the internet may violate
the right to free speech. These Rules differ from the requirements governing content of other
media like newspapers and television.
The Cyber Café Rules may have negative implications for privacy and personal safety of the
users.
FIREWALL
A firewall is a set of related programs, located at a network gateway server, that protects the
resources of a private network from users from other networks. (The term also implies the security
policy that is used with the programs.) An enterprise with an intranet that allows its workers access to
the wider Internet installs a firewall to prevent outsiders from accessing its own private data
resources and for controlling what outside resources its own users have access to.
Basically, a firewall, working closely with a router program, examines each network packetto
determine whether to forward it toward its destination. A firewall also includes or works with
a proxy server that makes network requests on behalf of workstation users. A firewall is often
installed in a specially designated computer separate from the rest of the network so that no incoming
request can get directly at private network resources.
There are a number of firewall screening methods. A simple one is to screen requests to make sure
they come from acceptable (previously identified) domain name and Internet Protocol addresses. For
mobile users, firewalls allow remote access in to the private network by the use of secure logon
procedures and authentication certificates.
A number of companies make firewall products. Features include logging and reporting, automatic
alarms at given thresholds of attack, and a graphical user interface for controlling the firewall.
Computer security borrows this term from firefighting, where it originated. In firefighting, a firewall
is a barrier established to prevent the spread of fire.
CYBERCRIME
Cybercrime is criminal activity done using computers and the Internet. This includes anything from
downloading illegal music files to stealing millions of dollars from online bank accounts. Cybercrime
also includes non-monetary offenses, such as creating and distributing viruses on other computers or
posting confidential business information on the Internet.
Perhaps the most prominent form of cybercrime isidentity theft, in which criminals use the Internet to
steal personal information from other users. Two of the most common ways this is done is through
phishing and pharming. Both of these methods lure users to fake websites (that appear to be
legitimate), where they are asked to enter personal information. This includes login information, such
Unit-V/Web Engineering Truba College of Sc. Tech., Bhopal
Prepared By: Ms. Nandini Sharma(CSE DEPT.) Page 21
as usernames and passwords, phone numbers, addresses, credit card numbers, bank account numbers,
and other information criminals can use to "steal" another person's identity. For this reason, it is
smart to always check the URL or Web address of a site to make sure it is legitimate before entering
your personal information.
Because cybercrime covers such a broad scope of criminal activity, the examples above are only a
few of the thousands of crimes that are considered cybercrimes. While computers and the Internet
have made our lives easier in many ways, it is unfortunate that people also use these technologies to
take advantage of others. Therefore, it is smart to protect yourself by using antivirus
and spyware blocking software and being careful where you enter your personal information.
CYBER LAW
Cyberlaw or Internet law is a term that encapsulates the legal issues related to use of the Internet. It is
less a distinct field of law than intellectual property or contract law, as it is a domain covering many
areas of law and regulation. Some leading topics include internet access and usage, privacy, freedom
of expression, and jurisdiction.
"Computer law" is a third term which tends to relate to issues including both Internet law and
the patent and copyright aspects of computer technology and software.
1. Law: Standard East Coast Code, and the most self-evident of the four modes of regulation.
As the numerous statutes, evolving case law and precedents make clear, many actions on the
internet are already subject to conventional legislation (both with regard to transactions
conducted on the internet and images posted). Areas like gambling, child pornography, and
fraud are regulated in very similar ways online as off-line. While one of the most
controversial and unclear areas of evolving laws is the determination of what forum has
subject matter jurisdiction over activity (economic and other) conducted on the internet,
particularly as cross border transactions affect local jurisdictions, it is certainly clear that
substantial portions of internet activity are subject to traditional regulation, and that conduct
that is unlawful off-line is presumptively unlawful online, and subject to similar laws and
regulations. Scandals with major corporations led to US legislation rethinking
corporate governance regulations such as the Sarbanes-Oxley Act.
2. Architecture: West Coast Code: these mechanisms concern the parameters of how
information can and cannot be transmitted across the internet. Everything from internet
filtering software (which searches for keywords or specific URLs and blocks them before
they can even appear on the computer requesting them), to encryption programs, to the very
basic architecture of TCP/IP protocol, falls within this category of regulation. It is arguable
that all other modes of regulation either rely on, or are significantly supported by, regulation
via West Coast Code.
3. Norms: As in all other modes of social interaction, conduct is regulated by social norms and
conventions in significant ways. While certain activities or kinds of conduct online may not
be specifically prohibited by the code architecture of the internet, or expressly prohibited by
applicable law, nevertheless these activities or conduct will be invisibly regulated by the
Unit-V/Web Engineering Truba College of Sc. Tech., Bhopal
Prepared By: Ms. Nandini Sharma(CSE DEPT.) Page 22
inherent standards of the community, in this case the internet "users." And just as certain
patterns of conduct will cause an individual to be ostracised from our real world society, so
too certain actions will be censored or self-regulated by the norms of whatever community
one chooses to associate with on the internet.
4. Markets: Closely allied with regulation by virtue of social norms, markets also regulate
certain patterns of conduct on the internet. While economic markets will have limited
influence over non-commercial portions of the internet, the internet also creates a virtual
marketplace for information, and such information affects everything from the comparative
valuation of services to the traditional valuation of stocks. In addition, the increase in
popularity of the internet as a means for transacting all forms of commercial activity, and as a
forum for advertisement, has brought the laws of supply and demand in cyberspace.