-
7/28/2019 62 Xerox 4
1/5
-
7/28/2019 62 Xerox 4
2/5
2to ensure own privacy.Security:- A secure system verifies the
identity of two
party transaction through user authentication and reserves
flexibility to restrict
information through access control. Database integration:- It
means joining alltypes of databases together and allow customers to
access any of them to keep the
data update and error free, Intuitive interface:- The payment
interface should be
easy to use. Brokers:- In e-payment system, banker play the role
of brokers. Itfacilitates the financial transaction electronically
their account holder. Pricing:-
Pricing should be subsidiary. It should be used to encourage
users to shift from
one form of payment to another such as cash to bank payments,
and paper basedto e-cash. Standard:- Standards enable
interoperability, giving users the ability to
buy and receive information, without regarding the bank which is
managing their
money.What do you mean by value added networks (VANS) ?
Explain.Ans: A VAN
is a communications network that exchange EDI messages among
tradingpartners. It also provides other services, including holding
messages in
electronic mailboxes interfacing with other VANs and supporting
many
telecommunications modes and transfer protocols.Business can
exchange dataeither by connecting to each other directly or by
hooking into a VAN. VAN can
safeguard the transaction network by allowing companies to
automatically and
securely exchange purchase order, invoices, and payments. When a
companysends an EDI transaction, it arrives at a message storehouse
on the VAN to await
pickup by the destination company.A VANs electronic mailbox is a
software
feature into which a user depositsEDI transactions and then
retrieves thosemessages when convenient. It works much like
residential personal mailboxes,
and it allows everyone involved to be flexible and cost-
effective.The
disadvantage of VANs for EDI is that they are slow and high
priced, charging bythe number of characters transmitted. With
connect time and mailbox charges
factored in, companies incur charges of many thousands of
dollars
Give the characteristics of supply chain management.Ans:
Characteristics of
SCM:i) An ability to source raw material or finished goods
fromanywhere in theworld.//A centralized, global business and
management strategy with flawless
local execution.// On-line, real-time distributed information
processing to thedesktop, providing total supply chain information
visibility. //The ability to
manage information across industries and enterprises.// The
seamless integration
of all supply chain processes including third-party suppliers,
informationsystems, cost accounting etc.// The development and
implementation of
accounting models such as activity based costing that link cost
to performance
are used as tools for cost reduction. //A reconfiguration of the
supply chainorganization into high performance team.
10. List the six layers of E-Commerce architecture and what are
the four
types of purchases?Ans: Following are the six layer of
E-commerce:--Application Service:- The application service layer of
E-commerce will be
comprised of existing and future applications built on the
innate architecture.
This application can be distinguished between
customer-to-business, business-to-business, and intra organization.
Information Brokerage and Management:- This
layer provides service integration through the notion of
information brokerages,the development of information resource
fragmentation. This layer is used torepresent an intermediary who
provides price, fast service, or profit maximization
for a client. It also addresses the issue of adding value to the
information that is
retrieved. Interface and Support Service:- It will provide
interfaces for electroniccommerce application such as interactive
catalogs and will support directory
services- function necessary for information search and access.
Secure
Messaging and Structured Document Interchange Service:-
Messaging is thesoftware that sits between the network
infrastructure and the clients or e-
commerce application.This service offers solutions for
communicating non-
formatted data-letters, memos, and reports as well as formatted
data such
purchase orders, shipping notice, and invoices. It supports
delayed and immediate
message delivery and processing and not associated with any
communication
protocol.Middleware services:- Middleware is the ultimate
mediator betweendiverse software programs that enables them talk to
one another. It is the
computing shift from application centric to data centric.
Transparency:-
Transparency implies that users should be unaware that they are
accessingmultiple systems. It is essential for dealing with
higher-level issues then physical
media and interconnection that the underlying network
infrastructure is in charge
of.There are four types of purchases:--a) Specifically planned
purchases b)Generally planned purchases c) Reminder purchase d)
Entirely unplanned
purchases.The disadvantage of VANs for EDI is that they are slow
and high priced,
charging by thenumber of characters transmitted. With connect
time and mailbox
charges factored in, companies incur charges of many thousands
ofdollars.Following are the main costs of VAN:--i)Account Starts-UP
Costs:-
Opening an account with a VAN incurs start-up costs. The
start-up cost vary
depending on the EDI readiness of the organization and trading
partner, thenumber of trading partners, line attachment options,
and software application
options.Usage or Variable Costs:- VANs charge session fee based
on the of their
services. If a user agrees to cover all of the costs, the VAN
can charge twice foreach transaction. 1) when the user sends or
receives, and 2) when a trading
partner sends or receives. Some VANs allow users to bundle
several transactionset into a single envelop while other open the
interchange and charge for eachtransaction set in the envelope.
Other support and software cost are hidden.
Interconnect Costs:- It charges by VANs when a company exchanges
EDI data
with a trading partner that subscribes to a different VAN. Most
VANs offer
interconnects, but they charge monthly fees for using them. If
no transaction are
sent, there is only the monthly charge for the mailbox and
interconnect fee.
What is the main difference between horizontal and vertical
organization?
What are the two main categories of SCM?Ans: Horizontal
organization:-
The structure of a horizontal organization is two-tiered a core
group of senior
management responsible for strategic decisions and policies, and
a stratum ofemployees in process teams. The objective of a
horizontal structure is to change
the staffs focus from coordinating and reporting to improving
flow managements
and work quality and increasing value for customers.In
horizontal organization,information is processed at each local
level by process teams. Process team can
resolve problems quickly, and in this way permit the company to
operate with
flexibility in changing environment.The principle goal of this
organization is tofacilitate the smooth transition of intermediate
products and services through its
various functions to the customer.Vertical Organization:- This
is a multilayered
organization. It allows gaps to exist between employees from
differentdepartments. The lower the level in the hierarchy, the
larger the gap. These gaps
expand with geographic dispersion and corporate growth.The
vertical approach tocorporate management poses two problems to
smooth operations. First, it creates
boundaries that discourage employee in different department.
Second, department
goals are typically set in a way that could cause friction among
departmentsThedrawback of this organization is its failure to
provide an environment that fosters
understanding and cooperation between departmentsThe two main
categories of
SCM are: - i) push based supply chain ii) pull based supply
chain
. What are the two approaches of virtual organization and what
are the
primary elements of SCM?Ans: Two approaches of virtual
organization : - i)
Downward networking:- It is initiated by alarge, vertically
integrated companyseeking to reduce its overhead by outsourcing.
Outsourcing breaks down the
companys vertical structure. It has two purposes: To reduce
costs associated
with fixed assets and to maintain a focus on key operations.ii)
Literal: - Thisapproach is observed in small, specialized firms
that, in the interest of seeking
strategic alliances, from partnerships along a value added
chain. Each such core
firm can benefit by modeling the adaptively and responsiveness
of a small,
specialized company and the scale economies of a large and
integratedfirm.Primary elements of SCM: - a)Logistics and
distribution:- Logistics is a
relatively new disciplinethat deals with the integration of
materials managementand physical distribution. Logistics and SCM
are sometimes
interchanged.Integrated marketing and distribution: - In
e-commerce, the order
process could be initiated by marketing information systems such
as point-of-salesystems. Today, aids of technology integrated the
customer directly and react to
change in demand by modifying the supply chain. Agile
manufacturing: -
Consumers and manufactures are stressing quality and speed. One
of the mostinfluential visions of production goes by the name of
agile manufacturing
. What is IP spoofing and Telnet? Explain the basic principle of
Kerberos.Ans: IP spoofing: It is technique that can lead to root
access on a system. It is thetool that intruders often use to take
over open terminal and login connections
after they get root access. Intruders create packet with spoofed
source IP address.
There are two type of IP spoofing: User in the middle attack,
Source routingattack.Telnet:- It enables user to log on to remote
computers. Telnet does little to
detect and protect against unauthorized access. It is generally
supported either byusing an application gateway or by configuring a
router.Basic Principle ofKerberos: i) Both one-way and two-way
authentication are
supported.//Authentication should be achieved without
transmitting unencrypted
passwords over a network.//Clear text passwords entered by
client users shouldbe retained in memory for shortest time//.Each
authentication should have a finite
lifetime. //Network authentication should be nearly unnoticed by
users. //No
unencrypted password should be stored in the KDC.
//Authentication should belimited to the length of the users
current login sessions.
Explain four objectives of SET and what are the seven major
business
requirements addressed by SET ?Ans: Objectives of SET:
i)Motivation:- The
primary motivation for the bankcard association toprovide
specification for
secure payments are:- a) To have the bankcard community take a
leadership
position in establishing secure payment.b) To respect and
preserve therelationship among merchant, Acquirer and cardholder,
Issuer.Payment security:-
It focusing on providing authentication of cardholders,
merchants and acquirers.
It preserves the integrity of payment data and defines the
algorithms andprotocols necessary for these security services.
Interoperability:- It clearly define
the detailed information to ensure that application developed by
one vendor will
interoperate with application developed by other vendors. It
creates and supportsan open payment card standard and also defines
exportable technology
throughout, in order to encourage globally interoperable
software. Marketacceptance:- This allows for bolt-on implementation
of the protocol to
existing client applications and minimize change to the
relationship between
acquirers and merchant, and cardholders and issuers. It achieves
globalacceptance, via ease of implementation and minimal impact on
merchant and
cardholder and user. Major Business Requirements: i) It
provides
confidentiality of payment information and orderinformation that
is transmittedalong with the payment information.ii) It ensures
integrity for all transmitted
data.//It facilitates and encourages interoperability across
software and network
providers.//It provides authentication that a cardholder is a
legitimate user of abranded payment card account. It ensures the
use of the best security practice and
system29. Explain public key and secret key cryptography
techniques.Ans: Thereare two types of cryptography:- i) secret-key
cryptography:- In secret key
cryptography, the same key is used to encrypt and decrypt the
messages. So the
sender and receiver must share that secret key. This type of
cryptography is
impractical for exchanging messages with a large group of
previously unknown
correspondents over a public network. Thewell known cryptography
algorithm is
the Data Encryption Standard (DES), which is used by financial
institutions to
-
7/28/2019 62 Xerox 4
3/5
3encrypt PINs.ii) Public key cryptography:- In this, two keys
are uses, one for
encrypt and other for decrypt the messages. So each user has two
keys a public
key is distributed to all because it is used to encrypt the
message and a privatekey only known by user that is used to decrypt
the message. These two keys are
mathematically related such that data encrypted with either key
only be decrypted
using the other. It is also known as asymmetric cryptography.
The well knownpublic key encryption algorithm is Rivest, Shamir and
Adleman (RSA).
What is spoofing ? Explain with the help of an example.Ans:
Spoofing is also
known as IP spoofing. It is technique that can lead to root
access on a system. Itis the tool that intruders often use to take
over open terminal and login
connections after they get root access. Intruders create packet
with spoofed
source IP address.There are two type of IP spoofing:-- i) User
in the middleattack means the attacker is able to send you packet
and when you reply they
intercept that packet.ii) Source routing attack means attacker
exploit the IPheaders source routing option to dictate about the
route of packets.Ex- Creating
a duplicate website with copying or using the IP address of
original website.
DescribeVAN pricing system consists of following:-i)Account
Starts-UPCosts:- Opening an account with a VAN incurs start-up
costs. The start-up cost
vary depending on the EDI readiness of the organization and
trading partner, the
number of trading partners, line attachment options, and
software applicationoptions.Usage or Variable Costs:- VANs charge
session fee based on the of their
services. If a user agrees to cover all of the costs, the VAN
can charge twice for
each transaction. 1) when the user sends or receives, and 2)
when a tradingpartner sends or receives. Some VANs allow users to
bundle several transaction
set into a single envelop while other open the interchange and
charge for each
transaction set in the envelope. Other support and software cost
are hidden.Interconnect Costs:- It charges by VANs when a company
exchanges EDI data
with a trading partner that subscribes to a different VAN. Most
VANs offer
interconnects, but they charge monthly fees for using them. If
no transaction are
sent, there is only the monthly charge for the mailbox and
interconnect fee.) What is SCM? Explain the primary elements of
SCM.Ans: SCM- SCM
stands for Supply Chain Management. It is an integrating process
based on the flawless delivery of basic and customized services.
SCM optimizes information
and product flows from the receipt of the order, to purchase of
raw materials, to
delivery and consumption of finished goods. It plays an
important role in themanagement of processes that cut across
functional and departmental boundaries.Primary elements of SCM:
-a)Logistics and distribution:- Logistics is a
relatively newdiscipline that deals with the integration of
materials managementand physical distribution. Logistics and SCM
are sometimes interchanged
because SCM as an umbrella that incorporates the logistics
function.Integrated
marketing and distribution: - In e-commerce, the order process
could be initiatedby marketing information systems such as
point-of-sale systems. Today, aids of
technology integrated the customer directly and react to change
in demand by
modifying the supply chain. Agile manufacturing: - Consumers and
manufacturesare stressing quality and speed. One of the most
influential visions of production
goes by the name of agile manufacturing.What are the normal
constraints put on e-cash?Ans: The normal constraintsputs on e-cash
are: -- i) The time over which a given electronicmoney is
valid.
//Limit of amount that can be stored on and transferred by
e-money. //The
number of exchanges that can take place before money needs to be
redepositingwith a bank. //The number of transaction that can be
made during a given period
of time
Some desirable characteristics of e-commerce are
following:-Global reach:An e-commerce website is accessible to a
global audience. Only an Internet
connection is required to connect to an e-commerce website.
Therefore, billions
of users who browse the Internet have access to the products and
services
displayed on an e-commerce website. Instant availability: An
e-commerce
website is available 24 hours a day and 365 days a year.
However, in traditional
way of conducting commerce, customers can purchase the products
only duringworking hours. Systematic communication: An e-commerce
website displays the
information of the products it is selling in a systematic and
organized manner.
For example, if you are looking for information about a book on
a website, youcan get additional information such as the contents
of the book, the reviews of the
book, and the authors views etc on the book. Reduced paperwork:
Earlier when
a business organization exported its products overseas, it was
required to fill inseveral pages of information, which was not only
time-consuming but also
frustrating. However, with the evolution of e-commerce where
limitedinformation is required, which is transferred
electronically, the paperwork has
reduced significantly.Easier entry into new markets: E-commerce
enables new
business houses to easily enter into new geographical areas and
start selling. Forthis, the business house doesnt need to set up
branch offices at all geographic
locations. Business organizations can now present corporate data
online. Lower
transaction cost: The overall cost involved is less because most
of thetransactions take place online. In addition, customer service
can be provided over
e-mail. When a business house plans to go online, it needs to
invest money in
setting the infrastructure that includes creating and
maintaining a website.
What are the two basic types of physical data security? Name two
types of
threats to data.Ans: Security implies safety, including
assurance of dataintegrity, freedom from unauthorized access or
snooping or wiretapping, anddisruption of service.There are two
basic type of data security:- i) Data Integrity:-
It means protecting information from an unauthorized change.Data
Availability:-
It means guaranteeing that outsiders cannot prevent legitimate
data access by
saturating a network.Following are two threats to data:- i)
Active threat:- It
involves some modification of the data stream or the creation of
a false stream in
documents or files or information. It is difficult to ultimately
prevent active
attacks because this would require physical protections of all
hosts and or
communications facilities all the time. It grouped into three
categories: message-
stream modification, denial of message of service, and
masquerade ii) Passivethreat:- It involves monitoring the
transmission data of an organization. The goal
of attack is to obtain information that is being transmitted.
This is difficult to
detect because it does not involve alteration of the data. But
it is feasible toprevent this attack from being successful.It is
grouped into two categories:
release of message contents, t raffic analysis.
What is EFT ? List any four components of EDI implementation.
Ans: EFTstands for Electronic Fund Transfer. It is the way of
automatic transfer of funds
among banks and other organizations.Following are the four
components of EDI
implementation layer:--a)Common EDI standards:- It dictates
syntax andstandardize on the business language. It basically
specifies transaction sets-
complete sets of business documents.b) Translation software:- It
sends messagesbetween trading partners, integrates data into and
from existing computer
application, and translate among EDI message standards.Trading
partners:- These
are a firms customers and suppliers with whom business is
conducted. EDI(Value-Added Network services) VANs:- A VAN is a
third party service
provider that manages data communications networks for business
that exchange
electronic data with other businesses. Banks:- It facilitate
payment andremittance.
List the OMCs (Order Management Cycle) generic steps.Ans: OMC
has eight
generic steps which grouped in three phases:- -Phase 1. Presales
Interaction://Customer inquiry and order planning and generation.
//Cost estimation and
pricing of product. Phase 2. Product service production and
delivery://Order
receipt and entry. //Order Selection and Prioritization. //Order
Scheduling.//Order fulfillment and delivery. Phase 3. Post Sales
Interaction://Order billing and
account/payment management.//Customer service and support.
What are the desirable characteristics of E-marketing?Ans:
Characteristics
of E-marketing: -- i) Cr iti cal mass of buyers and sellers:-The
trick isgetting acritical mass of corporations and consumers to use
electronic mechanisms. The e-
marketing is the place where customers go to find the product
and services theyneed.ii )Opportuni ty for i ndependent evaluati on
and for customer dialogue and
discussion:- In themarket place users not only buy and sell the
products or
services, they also compare notes on product who has the best
and whose pricesare less.Negotiation and bargaining: -Buyers and
sellers need to be able to
haggle over conditions ofmutual satisfaction, including money,
terms and
conditions, delivery dates, and evaluation criteria. New product
and servi ce;-In amarket place consumer can make request for
products andservices offered
currently rather they also say about those product that belongs
to their
requirement and expectation. They can also ask for modification,
upgradation ofproducts and services. Seamless interface:-The
biggest barrier to electronic
trade is having all the pieces work together so that information
can flow
seamlessly from one source to another. This requires
standardization Recoursefor di sgrunt led buyers:- -A viable
marketing must have a recognized mechanism
for resolving disputes among buyer and seller. Market should
include a provisionfor resolving disagreements by returning the
product or through arbitrage in othercases.
Explain different categories of operations come under
e-commerce.Ans:
Operati ons come under e-commerce: -- i) Transactions between a
supplier and abuyer orbetween two companies over a public network
such as ISP.Transaction
with the trading partners or between the officers of the company
located at
different location. //Information gathering needed for market
research.//Information processing for decision making at different
levels of management.
//Maintenance of records needed for legal purpose, including
taxation, legal suits.
//Transaction for information distributions to different
retailers, customers
including advertising, sales and marketing. //Information
manipulation for
operations and supply chain management.
What are EDI and electronic fund transfer?Ans: EDI stands for
ElectronicData Interchange. This is the inter-process communication
of business
information in standard electronic form. Using EDI, trading
partners establish
computer-to-computer links that enable them to exchange
informationelectronically.EFT is the process of fund transforming
through internet. These
both EDI and EFT are technologies that is used to exchanging the
information
during the e-transaction.Explain secure socket layer (SSL).Ans:
It is a security protocol that provides
privacy over the internet. The protocol allows client/server
application tocommunicate in a way that data transmission cannot be
disclosed. This is an
application independent protocol. SSL employs RSA cryptographic
technique to
implement data encryption.What is the need for seamless
connections? Define a Software Agent .Ans:
Seamless connection: - The biggest barrier to electronic trade
is having all the
pieces work together so that information can flow seamlessly
from one source toanother. This requires standardization.Software
Agent: -Software agents are
encapsulation of user instructions that perform all kinds of
tasks in electronic
marketplaces spread across networks. It is used to implement
informationbrokerages. It will take a while to solve the problems
of inter-agent
communication, interoperable agents, and other headaches that
come withdistributed computing and networking8. What are the
categories of consumers?Ans: categories of consumer: -- i)
Impulsive buyers:- They purchase products quickly.Patient
buyers:- They
purchase product after making some comparisons.Analytical
buyers:-They do
substantial research before making the decision to purchase
products or services.
9. How does digital signature works? List any two tangible
benefits of
EDI.Ans: Digital signature works by providing two keys, one with
the public and
-
7/28/2019 62 Xerox 4
4/5
4other privately with the layer. The signature is coded with
both.Tangible
benefits of EDI: -- i) It is a cost and time saving system.ii)
It improves problem
resolution and customer services.ii) It expand customer/supplier
base.10. What is Supply Chain Management? Define virtual
organization.Ans:
SCM is an integrating process based on the flawless delivery of
basic and
customized services. It plays an important role in the
management of processesthat cut across functional and departmental
boundaries.Virtual organization:- It is
a organization closely coupled upstream with its suppliers
anddownstream with
its customers. This is a multilayered organization. It allows
gaps to exist betweenemployees from different departments.
Explain different operations carried out in e-commerce.Ans:
Operations
came under e-commerce: -- i) Transactions between a supplier and
a buyer orbetween two companies over a public network such as
ISP.Transaction with the
trading partners or between the officers of the company located
at differentlocation. //Information gathering needed for market
research. //Information
processing for decision making at different levels of
management. //Maintenance
of records needed for legal purpose, including taxation, legal
suits. //Transactionfor information distributions to different
retailers, customers including
advertising, sales and marketing
Explain the three stages of e-commerce architecture on web? Ans:
Stages ofe-commerce architecture on the web:- a) Client browser:-
It resides on the users
PC or workstation and provides an interface to the various type
of content. It
easily understands that what file it is downloading and what
browser extension itneeds to display the file.//Web server: - It
retrieves information and data, manage
transaction and security. //The third party services: - It could
be other web server
that makes up the digital library, information processing tool,
and electronicpayment system.
What is E-Commerce? List the various activities carried out in
E-
Commerce.Ans: E-Commerce -The process of buying and selling of
products
and services through web or internet is termed as
e-commerce.Activities cameunder e-commerce:-- i) Transactions
between a supplier and a buyer or between
two companies over a public network such as ISP.//Transaction
with the tradingpartners or between the officers of the company
located at different location.
//Information gathering needed for market research.
//Information processing for
decision making at different levels of management. //Maintenance
of recordsneeded for legal purpose, including taxation, legal
suits. //Transaction for
information distributions to different retailers, customers
including advertising,
sales and marketing.18. List the different layers of EDI
implementation .Ans: i) Business
Application Layer- This layer creates a document send it to an
EDI translator
layer.ii) Translator layer- It describe the relationship between
the data elements inthe business application and the EDI standards.
iii) Internal format conversation
iv) EDI envelop for document messaging
19. What are software agents?Ans: -- Software agents are
encapsulation of userinstructions that perform all kinds of tasks
in electronic marketplaces spread
across networks. It is used to implement information brokerages.
It will take awhile to solve the problems of inter-agent
communication, interoperable agents,and other headaches that come
with distributed computing and networking.
20.What is firewall? What are the three types of firewall? Ans:
Firewall is a
security device that allows limited access out of and into one
network frominternet. It is a piece of hardware that is connected
to a network to protect it from
agents. It only permits approved traffic in and out of ones
local site. It operates
at the application, network, and transport layers of Protocol
stack.There are threetype of firewalls:- i) Packet filter ii)
Application-level gateway iii) Proxy server
Explain secure electronic payment protocol.Ans: SEPP is a joint
development
of IBM, Netscape, GTE, Cyber cash, and MasterCard. It is an
open, vendor-
neutral, nonproprietary, license free protocol for secure
on-line transaction. It
addresses following business requirements:-- i) To enable
confidentiality of
payment information.ii) To ensure integrity of all payment data
transmitted. iii)To provide authentication that a cardholder is the
legitimate owner of a card
account. iv) To provide authentication that a merchant can
accept MasterCard,
branded card payments with an acquiring member financial
institution.SEPP isthe electronic equivalent of the paper charge
slip, signature and submission
process. It takes input from the negotiation process and cause
the payment to
happen via three way communications among the cardholder,
merchant, andacquirer.The SEPP system is composed of a collection
of elements involved in e-
commerce such as Card holder, Merchant, Acquirer, Certificate
managementsystem, and Banknet.
What are the normal constraints put on e-cash?Ans: The normal
constraints
puts on e-cash are: -- i) The time over which a given electronic
money isvalid.//The number of exchanges that can take place before
money needs to be
redepositing with a bank. //The number of transaction that can
be made during a
given period of time.
21.b) What is e-cash give the properties of e-cash ?Ans: E
Cash:-Electronic
cash is a new concept in on-line payment system. It combines
computerizedconvenience with security and privacy that improve on
paper cash. It is an
attractive alternative way for payment over the
internet.Properties of E-Cash: i) Itmust have a monetary value. It
must be backed by a bank-authorized credit, or abank certified
cashiers check.//E-Cash must be interoperable means it is
exchangeable as payment for other e-cash, paper cash, deposits
in banking
accounts etc. //E-cash must be storable and retrievable. The
cash could be stored
on a remote computers memory and easily transported into
standard or special
purpose devices. //E-Cash should not be easy to copy or tamper
with while being
exchanged. This includes preventing or detecting duplication and
double
spending. Detection is essential in order to audit whether
prevention is working.
What is electronic purse? Explain. If an EDI network fails to
deliver the
message who is responsible for that?Ans: Electronic Purse: -- It
is a typesmart card. Electronic purse is a walletsized smart cards
embedded with
programmable microchips that store sums of money for people to
use instead of
cash. Electronic purse is also known as electronic money and
Debit card.Workingof Electronic purse:- When the purse is loaded
with money, at an ATM or
through the use of an expensive telephone. It can be used to
pay. For example:- If
you want to buy a candy in a vending machine equipped with a
card reader. First,insert the card in the vending machine, the
vending machine verifies that card is
authentic and there is enough money to buy a candy. If yes, the
machine deducts
the cost of candy from the balance on the card and adds it to an
e-cash box. Theremaining balance is displayed on the card.When the
balance on an electronic
purse is depleted, the purse can be recharge with more money.If
an EDI networkfails to deliver the message, who is responsible for
that is not decided as yet.
What is the purpose of Kerberos?Ans: Purpose of Kerberos:- It is
designed for
following purposes:--i)To provide both one-way and two-way
authentication.//Authentication should be achieved without
transmitting unencrypted passwords
over a network. //Clear text passwords entered by client users
should be retained
in memory for shortest time. //Each authentication should have a
finite lifetime.//Network authentication should be nearly unnoticed
by users. //Minimal effort
should be required to modify existing application that formerly
used other, less
secure authentication schemes. //Authentication should be
limited to the length ofthe users current login sessions.
Explain the secure socket layer in detail.Ans: SSL is a security
protocol
developed by Netscape communications. It provides privacy over
the internet.This protocol allows client/server applications to
communicate in a way thats
why data transmission cant be disclosed or altered.SSL uses
three -part process.
First, information is encrypted to prevent unauthorized
disclosure. Second, the
information is authenticated to make sure that the information
is beingsent andreceived by the correct party. Third, it provides
message integrity to prevent the
information from being altered during interchanges between the
source andsink.SSL depends on RSA encryption for exchange of the
session key and
client/server authentication and for various other cryptographic
algorithms.The
strength of SSL is that it is application independent. SSL
provides channelsecurity through encryption and reliability through
a message integrity check. To
implement the SSL a merchant to use the Netscape server and the
buyer to use
Netscape browser software.QExplain digital signature technique.
5If digital signatures are to replace
handwritten signatures, they must have the same legal status as
handwritten
signatures. The digital signature provides a means for a third
party to verify thatthe notarized object is authentic. Digital
signatures should have greater legal
authority than handwritten signatures. If the contract was
signed by digital
signatures, however, a third party can verify that not one byte
of the contract hasbeen altered.
QMention some hacking techniques. Some Hacking
Techniques:Stolenaccess: Involves the use of another users ID or
password without permission togain access to the internet. Stolen
resources: Search for processors to store
stolen software and data bases. Internet virus: Virus designed
to traverse
through the network, passing through multiple processors and
either sendinginformation back to the originator or doing damage to
the processors it passes
though. Email Impostures: Sending email while falsifying from
field Email
passes through at least two nodes to be received, email. Email
snooping: passesthrough these nodes, and is stored transiently, it
is susceptible to people tithe
systemaccess, unless secured.Sniffing: If a hacker has gained
access to a host, the
hacker may set up sniffing programs to observe traffic storing
information
(IDs/passwords) that can be used to compromise other systems.
Spoofing:
Assuming someone elses identity, whether it is a login ID, an IP
address a
server, or an e-commerce merchant. Async attacks: While programs
are idle inhost memory, a hacker may have the opportunity to access
the rograms data.
Trojan horses: Viruses concealed within a software package
injected into a host.
May be destructive or perform some covert activity designed to
send data back tothe hacker.
47. Name three broad phases of consumers perspective and give
categories
of consumers. Pre-purchase Preparative: The pre-purchase
preparation phaseincludes search and discovery for a set of
products in the larger information space
capable of meeting customer requirements and products selection
from thesmaller set of products based on attribute comparison.
PurchaseConsummation:
The purchase consummation phase includes mercantile protocols
that pecify the
flow of information and documents associated with purchasing and
negotiationwith purchasing and negotiation with merchants for
suitable terms, such as price,
availability, and delivery dates; and electronic payment
mechanisms that
integrate payment into the purchasing process. Post-purchase
interaction: Thepost-purchase interaction phase includes customer
service and support to address
customer complaints, product returns, and product defects.
Purchase deliberation
is defined as the elapsed time between a consumers first
thinking about buyingand the actual purchase
c) Viruses and worms. A virus is a program that can affect other
programs bymodifying them, the modified program includes a copy of
the virus program,which can then go into another programs. A warm
is a program that makes use of
networking software to replicate itself and move from system to
system. The
worm performs some activity on each system it gains access to,
such as
consuming processor resources or depositing viruses.Countering
the threat of
viruses: The best solution for the threat of viruses is
prevention: do not allow a
virus to get into the system in the first place. In general,
this goal is impossible to
-
7/28/2019 62 Xerox 4
5/5
achieve, although prevention can reduce the number of successful
viral attacks.
The next best approach is to do the following: Detection: After
the infection has
occurred, determine that it has occurred and locate the virus.
Purging: Removethe virus from all infected systems so that the
disease cannot spread further.
Recovery: Recover any lost data or programs.Because of the
variety of viruses,
there is no universal remedy. A number of programs provide
someprotection, andthe security manager should be advised to
contact several vendors and assess
their products.
b) Secret-key cryptography. Secret Key cryptography, also known
assymmetric cryptography, uses the same key to encrypt anddecrypt
the message.
Therefore, the sender and recipient of a message must share a
secret, namely the
key. A well known secret-key cryptography algorithm is the Data
EncryptionStandard(DES), which is used byfinancial institutions to
encrypt PINs. Public
Key cryptography, also known as asymmetric cryptography, uses
two keys: onekey to encrypt the message and the other key to
decrypt the message. The two
keys are mathematically related such that data encrypted with
either key can only
be decrypted using the other. Each user has two keys: a public
key and a privatekey.
a) Kinds of shopping. Variety of experiencesThere are many ways
that
cardholders will shop. This section describes two ways. The
SETprotocolsupports each of these shopping experiences and should
support others as
they are defined.On-line cataloguesThe growth of electronic
commerce can
largely be attributed to the popularity of the World Wide Web.
Merchants can tapinto this popularity by creating virtual
storefronts on the Web that contain on-line
catalogues. These catalogues can be quickly updated as merchants
product
offerings change or to reflect seasonal promotions.Cardholders
can visit theseWeb pages selecting items for inclusion on an order.
Once the cardholder finishes
shopping, the merchants Web server can send a completed order
form for t he
cardholder to review and approve. Once the cardholder approves
the order and
chooses to use a payment card, the SET protocol provides the
mechanisms for thecard holder to securely transmit payment
instructions as well as for the merchant
to obtain authorization and receive payment for the order.
ElectroniccataloguesMerchants may distribute catalogues on
electronic media such as
diskettes or CD-ROM. This approach allows the cardholder to
browse through
merchandise off-line. With an on-line catalogue, the merchant
has to beconcerned about bandwidth and may choose to include fewer
graphics or reduce
the resolution of the graphics. By providing an off-line
catalogue, such
constraints are significantly reduced.
