Upload
sunil-pal
View
219
Download
0
Embed Size (px)
Citation preview
7/28/2019 62 Xerox 4
1/5
7/28/2019 62 Xerox 4
2/5
2to ensure own privacy.Security:- A secure system verifies the identity of two
party transaction through user authentication and reserves flexibility to restrict
information through access control. Database integration:- It means joining alltypes of databases together and allow customers to access any of them to keep the
data update and error free, Intuitive interface:- The payment interface should be
easy to use. Brokers:- In e-payment system, banker play the role of brokers. Itfacilitates the financial transaction electronically their account holder. Pricing:-
Pricing should be subsidiary. It should be used to encourage users to shift from
one form of payment to another such as cash to bank payments, and paper basedto e-cash. Standard:- Standards enable interoperability, giving users the ability to
buy and receive information, without regarding the bank which is managing their
money.What do you mean by value added networks (VANS) ? Explain.Ans: A VAN
is a communications network that exchange EDI messages among tradingpartners. It also provides other services, including holding messages in
electronic mailboxes interfacing with other VANs and supporting many
telecommunications modes and transfer protocols.Business can exchange dataeither by connecting to each other directly or by hooking into a VAN. VAN can
safeguard the transaction network by allowing companies to automatically and
securely exchange purchase order, invoices, and payments. When a companysends an EDI transaction, it arrives at a message storehouse on the VAN to await
pickup by the destination company.A VANs electronic mailbox is a software
feature into which a user depositsEDI transactions and then retrieves thosemessages when convenient. It works much like residential personal mailboxes,
and it allows everyone involved to be flexible and cost- effective.The
disadvantage of VANs for EDI is that they are slow and high priced, charging bythe number of characters transmitted. With connect time and mailbox charges
factored in, companies incur charges of many thousands of dollars
Give the characteristics of supply chain management.Ans: Characteristics of
SCM:i) An ability to source raw material or finished goods fromanywhere in theworld.//A centralized, global business and management strategy with flawless
local execution.// On-line, real-time distributed information processing to thedesktop, providing total supply chain information visibility. //The ability to
manage information across industries and enterprises.// The seamless integration
of all supply chain processes including third-party suppliers, informationsystems, cost accounting etc.// The development and implementation of
accounting models such as activity based costing that link cost to performance
are used as tools for cost reduction. //A reconfiguration of the supply chainorganization into high performance team.
10. List the six layers of E-Commerce architecture and what are the four
types of purchases?Ans: Following are the six layer of E-commerce:--Application Service:- The application service layer of E-commerce will be
comprised of existing and future applications built on the innate architecture.
This application can be distinguished between customer-to-business, business-to-business, and intra organization. Information Brokerage and Management:- This
layer provides service integration through the notion of information brokerages,the development of information resource fragmentation. This layer is used torepresent an intermediary who provides price, fast service, or profit maximization
for a client. It also addresses the issue of adding value to the information that is
retrieved. Interface and Support Service:- It will provide interfaces for electroniccommerce application such as interactive catalogs and will support directory
services- function necessary for information search and access. Secure
Messaging and Structured Document Interchange Service:- Messaging is thesoftware that sits between the network infrastructure and the clients or e-
commerce application.This service offers solutions for communicating non-
formatted data-letters, memos, and reports as well as formatted data such
purchase orders, shipping notice, and invoices. It supports delayed and immediate
message delivery and processing and not associated with any communication
protocol.Middleware services:- Middleware is the ultimate mediator betweendiverse software programs that enables them talk to one another. It is the
computing shift from application centric to data centric. Transparency:-
Transparency implies that users should be unaware that they are accessingmultiple systems. It is essential for dealing with higher-level issues then physical
media and interconnection that the underlying network infrastructure is in charge
of.There are four types of purchases:--a) Specifically planned purchases b)Generally planned purchases c) Reminder purchase d) Entirely unplanned
purchases.The disadvantage of VANs for EDI is that they are slow and high priced,
charging by thenumber of characters transmitted. With connect time and mailbox
charges factored in, companies incur charges of many thousands ofdollars.Following are the main costs of VAN:--i)Account Starts-UP Costs:-
Opening an account with a VAN incurs start-up costs. The start-up cost vary
depending on the EDI readiness of the organization and trading partner, thenumber of trading partners, line attachment options, and software application
options.Usage or Variable Costs:- VANs charge session fee based on the of their
services. If a user agrees to cover all of the costs, the VAN can charge twice foreach transaction. 1) when the user sends or receives, and 2) when a trading
partner sends or receives. Some VANs allow users to bundle several transactionset into a single envelop while other open the interchange and charge for eachtransaction set in the envelope. Other support and software cost are hidden.
Interconnect Costs:- It charges by VANs when a company exchanges EDI data
with a trading partner that subscribes to a different VAN. Most VANs offer
interconnects, but they charge monthly fees for using them. If no transaction are
sent, there is only the monthly charge for the mailbox and interconnect fee.
What is the main difference between horizontal and vertical organization?
What are the two main categories of SCM?Ans: Horizontal organization:-
The structure of a horizontal organization is two-tiered a core group of senior
management responsible for strategic decisions and policies, and a stratum ofemployees in process teams. The objective of a horizontal structure is to change
the staffs focus from coordinating and reporting to improving flow managements
and work quality and increasing value for customers.In horizontal organization,information is processed at each local level by process teams. Process team can
resolve problems quickly, and in this way permit the company to operate with
flexibility in changing environment.The principle goal of this organization is tofacilitate the smooth transition of intermediate products and services through its
various functions to the customer.Vertical Organization:- This is a multilayered
organization. It allows gaps to exist between employees from differentdepartments. The lower the level in the hierarchy, the larger the gap. These gaps
expand with geographic dispersion and corporate growth.The vertical approach tocorporate management poses two problems to smooth operations. First, it creates
boundaries that discourage employee in different department. Second, department
goals are typically set in a way that could cause friction among departmentsThedrawback of this organization is its failure to provide an environment that fosters
understanding and cooperation between departmentsThe two main categories of
SCM are: - i) push based supply chain ii) pull based supply chain
. What are the two approaches of virtual organization and what are the
primary elements of SCM?Ans: Two approaches of virtual organization : - i)
Downward networking:- It is initiated by alarge, vertically integrated companyseeking to reduce its overhead by outsourcing. Outsourcing breaks down the
companys vertical structure. It has two purposes: To reduce costs associated
with fixed assets and to maintain a focus on key operations.ii) Literal: - Thisapproach is observed in small, specialized firms that, in the interest of seeking
strategic alliances, from partnerships along a value added chain. Each such core
firm can benefit by modeling the adaptively and responsiveness of a small,
specialized company and the scale economies of a large and integratedfirm.Primary elements of SCM: - a)Logistics and distribution:- Logistics is a
relatively new disciplinethat deals with the integration of materials managementand physical distribution. Logistics and SCM are sometimes
interchanged.Integrated marketing and distribution: - In e-commerce, the order
process could be initiated by marketing information systems such as point-of-salesystems. Today, aids of technology integrated the customer directly and react to
change in demand by modifying the supply chain. Agile manufacturing: -
Consumers and manufactures are stressing quality and speed. One of the mostinfluential visions of production goes by the name of agile manufacturing
. What is IP spoofing and Telnet? Explain the basic principle of Kerberos.Ans: IP spoofing: It is technique that can lead to root access on a system. It is thetool that intruders often use to take over open terminal and login connections
after they get root access. Intruders create packet with spoofed source IP address.
There are two type of IP spoofing: User in the middle attack, Source routingattack.Telnet:- It enables user to log on to remote computers. Telnet does little to
detect and protect against unauthorized access. It is generally supported either byusing an application gateway or by configuring a router.Basic Principle ofKerberos: i) Both one-way and two-way authentication are
supported.//Authentication should be achieved without transmitting unencrypted
passwords over a network.//Clear text passwords entered by client users shouldbe retained in memory for shortest time//.Each authentication should have a finite
lifetime. //Network authentication should be nearly unnoticed by users. //No
unencrypted password should be stored in the KDC. //Authentication should belimited to the length of the users current login sessions.
Explain four objectives of SET and what are the seven major business
requirements addressed by SET ?Ans: Objectives of SET: i)Motivation:- The
primary motivation for the bankcard association toprovide specification for
secure payments are:- a) To have the bankcard community take a leadership
position in establishing secure payment.b) To respect and preserve therelationship among merchant, Acquirer and cardholder, Issuer.Payment security:-
It focusing on providing authentication of cardholders, merchants and acquirers.
It preserves the integrity of payment data and defines the algorithms andprotocols necessary for these security services. Interoperability:- It clearly define
the detailed information to ensure that application developed by one vendor will
interoperate with application developed by other vendors. It creates and supportsan open payment card standard and also defines exportable technology
throughout, in order to encourage globally interoperable software. Marketacceptance:- This allows for bolt-on implementation of the protocol to
existing client applications and minimize change to the relationship between
acquirers and merchant, and cardholders and issuers. It achieves globalacceptance, via ease of implementation and minimal impact on merchant and
cardholder and user. Major Business Requirements: i) It provides
confidentiality of payment information and orderinformation that is transmittedalong with the payment information.ii) It ensures integrity for all transmitted
data.//It facilitates and encourages interoperability across software and network
providers.//It provides authentication that a cardholder is a legitimate user of abranded payment card account. It ensures the use of the best security practice and
system29. Explain public key and secret key cryptography techniques.Ans: Thereare two types of cryptography:- i) secret-key cryptography:- In secret key
cryptography, the same key is used to encrypt and decrypt the messages. So the
sender and receiver must share that secret key. This type of cryptography is
impractical for exchanging messages with a large group of previously unknown
correspondents over a public network. Thewell known cryptography algorithm is
the Data Encryption Standard (DES), which is used by financial institutions to
7/28/2019 62 Xerox 4
3/5
3encrypt PINs.ii) Public key cryptography:- In this, two keys are uses, one for
encrypt and other for decrypt the messages. So each user has two keys a public
key is distributed to all because it is used to encrypt the message and a privatekey only known by user that is used to decrypt the message. These two keys are
mathematically related such that data encrypted with either key only be decrypted
using the other. It is also known as asymmetric cryptography. The well knownpublic key encryption algorithm is Rivest, Shamir and Adleman (RSA).
What is spoofing ? Explain with the help of an example.Ans: Spoofing is also
known as IP spoofing. It is technique that can lead to root access on a system. Itis the tool that intruders often use to take over open terminal and login
connections after they get root access. Intruders create packet with spoofed
source IP address.There are two type of IP spoofing:-- i) User in the middleattack means the attacker is able to send you packet and when you reply they
intercept that packet.ii) Source routing attack means attacker exploit the IPheaders source routing option to dictate about the route of packets.Ex- Creating
a duplicate website with copying or using the IP address of original website.
DescribeVAN pricing system consists of following:-i)Account Starts-UPCosts:- Opening an account with a VAN incurs start-up costs. The start-up cost
vary depending on the EDI readiness of the organization and trading partner, the
number of trading partners, line attachment options, and software applicationoptions.Usage or Variable Costs:- VANs charge session fee based on the of their
services. If a user agrees to cover all of the costs, the VAN can charge twice for
each transaction. 1) when the user sends or receives, and 2) when a tradingpartner sends or receives. Some VANs allow users to bundle several transaction
set into a single envelop while other open the interchange and charge for each
transaction set in the envelope. Other support and software cost are hidden.Interconnect Costs:- It charges by VANs when a company exchanges EDI data
with a trading partner that subscribes to a different VAN. Most VANs offer
interconnects, but they charge monthly fees for using them. If no transaction are
sent, there is only the monthly charge for the mailbox and interconnect fee.) What is SCM? Explain the primary elements of SCM.Ans: SCM- SCM
stands for Supply Chain Management. It is an integrating process based on the flawless delivery of basic and customized services. SCM optimizes information
and product flows from the receipt of the order, to purchase of raw materials, to
delivery and consumption of finished goods. It plays an important role in themanagement of processes that cut across functional and departmental boundaries.Primary elements of SCM: -a)Logistics and distribution:- Logistics is a
relatively newdiscipline that deals with the integration of materials managementand physical distribution. Logistics and SCM are sometimes interchanged
because SCM as an umbrella that incorporates the logistics function.Integrated
marketing and distribution: - In e-commerce, the order process could be initiatedby marketing information systems such as point-of-sale systems. Today, aids of
technology integrated the customer directly and react to change in demand by
modifying the supply chain. Agile manufacturing: - Consumers and manufacturesare stressing quality and speed. One of the most influential visions of production
goes by the name of agile manufacturing.What are the normal constraints put on e-cash?Ans: The normal constraintsputs on e-cash are: -- i) The time over which a given electronicmoney is valid.
//Limit of amount that can be stored on and transferred by e-money. //The
number of exchanges that can take place before money needs to be redepositingwith a bank. //The number of transaction that can be made during a given period
of time
Some desirable characteristics of e-commerce are following:-Global reach:An e-commerce website is accessible to a global audience. Only an Internet
connection is required to connect to an e-commerce website. Therefore, billions
of users who browse the Internet have access to the products and services
displayed on an e-commerce website. Instant availability: An e-commerce
website is available 24 hours a day and 365 days a year. However, in traditional
way of conducting commerce, customers can purchase the products only duringworking hours. Systematic communication: An e-commerce website displays the
information of the products it is selling in a systematic and organized manner.
For example, if you are looking for information about a book on a website, youcan get additional information such as the contents of the book, the reviews of the
book, and the authors views etc on the book. Reduced paperwork: Earlier when
a business organization exported its products overseas, it was required to fill inseveral pages of information, which was not only time-consuming but also
frustrating. However, with the evolution of e-commerce where limitedinformation is required, which is transferred electronically, the paperwork has
reduced significantly.Easier entry into new markets: E-commerce enables new
business houses to easily enter into new geographical areas and start selling. Forthis, the business house doesnt need to set up branch offices at all geographic
locations. Business organizations can now present corporate data online. Lower
transaction cost: The overall cost involved is less because most of thetransactions take place online. In addition, customer service can be provided over
e-mail. When a business house plans to go online, it needs to invest money in
setting the infrastructure that includes creating and maintaining a website.
What are the two basic types of physical data security? Name two types of
threats to data.Ans: Security implies safety, including assurance of dataintegrity, freedom from unauthorized access or snooping or wiretapping, anddisruption of service.There are two basic type of data security:- i) Data Integrity:-
It means protecting information from an unauthorized change.Data Availability:-
It means guaranteeing that outsiders cannot prevent legitimate data access by
saturating a network.Following are two threats to data:- i) Active threat:- It
involves some modification of the data stream or the creation of a false stream in
documents or files or information. It is difficult to ultimately prevent active
attacks because this would require physical protections of all hosts and or
communications facilities all the time. It grouped into three categories: message-
stream modification, denial of message of service, and masquerade ii) Passivethreat:- It involves monitoring the transmission data of an organization. The goal
of attack is to obtain information that is being transmitted. This is difficult to
detect because it does not involve alteration of the data. But it is feasible toprevent this attack from being successful.It is grouped into two categories:
release of message contents, t raffic analysis.
What is EFT ? List any four components of EDI implementation. Ans: EFTstands for Electronic Fund Transfer. It is the way of automatic transfer of funds
among banks and other organizations.Following are the four components of EDI
implementation layer:--a)Common EDI standards:- It dictates syntax andstandardize on the business language. It basically specifies transaction sets-
complete sets of business documents.b) Translation software:- It sends messagesbetween trading partners, integrates data into and from existing computer
application, and translate among EDI message standards.Trading partners:- These
are a firms customers and suppliers with whom business is conducted. EDI(Value-Added Network services) VANs:- A VAN is a third party service
provider that manages data communications networks for business that exchange
electronic data with other businesses. Banks:- It facilitate payment andremittance.
List the OMCs (Order Management Cycle) generic steps.Ans: OMC has eight
generic steps which grouped in three phases:- -Phase 1. Presales Interaction://Customer inquiry and order planning and generation. //Cost estimation and
pricing of product. Phase 2. Product service production and delivery://Order
receipt and entry. //Order Selection and Prioritization. //Order Scheduling.//Order fulfillment and delivery. Phase 3. Post Sales Interaction://Order billing and
account/payment management.//Customer service and support.
What are the desirable characteristics of E-marketing?Ans: Characteristics
of E-marketing: -- i) Cr iti cal mass of buyers and sellers:-The trick isgetting acritical mass of corporations and consumers to use electronic mechanisms. The e-
marketing is the place where customers go to find the product and services theyneed.ii )Opportuni ty for i ndependent evaluati on and for customer dialogue and
discussion:- In themarket place users not only buy and sell the products or
services, they also compare notes on product who has the best and whose pricesare less.Negotiation and bargaining: -Buyers and sellers need to be able to
haggle over conditions ofmutual satisfaction, including money, terms and
conditions, delivery dates, and evaluation criteria. New product and servi ce;-In amarket place consumer can make request for products andservices offered
currently rather they also say about those product that belongs to their
requirement and expectation. They can also ask for modification, upgradation ofproducts and services. Seamless interface:-The biggest barrier to electronic
trade is having all the pieces work together so that information can flow
seamlessly from one source to another. This requires standardization Recoursefor di sgrunt led buyers:- -A viable marketing must have a recognized mechanism
for resolving disputes among buyer and seller. Market should include a provisionfor resolving disagreements by returning the product or through arbitrage in othercases.
Explain different categories of operations come under e-commerce.Ans:
Operati ons come under e-commerce: -- i) Transactions between a supplier and abuyer orbetween two companies over a public network such as ISP.Transaction
with the trading partners or between the officers of the company located at
different location. //Information gathering needed for market research.//Information processing for decision making at different levels of management.
//Maintenance of records needed for legal purpose, including taxation, legal suits.
//Transaction for information distributions to different retailers, customers
including advertising, sales and marketing. //Information manipulation for
operations and supply chain management.
What are EDI and electronic fund transfer?Ans: EDI stands for ElectronicData Interchange. This is the inter-process communication of business
information in standard electronic form. Using EDI, trading partners establish
computer-to-computer links that enable them to exchange informationelectronically.EFT is the process of fund transforming through internet. These
both EDI and EFT are technologies that is used to exchanging the information
during the e-transaction.Explain secure socket layer (SSL).Ans: It is a security protocol that provides
privacy over the internet. The protocol allows client/server application tocommunicate in a way that data transmission cannot be disclosed. This is an
application independent protocol. SSL employs RSA cryptographic technique to
implement data encryption.What is the need for seamless connections? Define a Software Agent .Ans:
Seamless connection: - The biggest barrier to electronic trade is having all the
pieces work together so that information can flow seamlessly from one source toanother. This requires standardization.Software Agent: -Software agents are
encapsulation of user instructions that perform all kinds of tasks in electronic
marketplaces spread across networks. It is used to implement informationbrokerages. It will take a while to solve the problems of inter-agent
communication, interoperable agents, and other headaches that come withdistributed computing and networking8. What are the categories of consumers?Ans: categories of consumer: -- i)
Impulsive buyers:- They purchase products quickly.Patient buyers:- They
purchase product after making some comparisons.Analytical buyers:-They do
substantial research before making the decision to purchase products or services.
9. How does digital signature works? List any two tangible benefits of
EDI.Ans: Digital signature works by providing two keys, one with the public and
7/28/2019 62 Xerox 4
4/5
4other privately with the layer. The signature is coded with both.Tangible
benefits of EDI: -- i) It is a cost and time saving system.ii) It improves problem
resolution and customer services.ii) It expand customer/supplier base.10. What is Supply Chain Management? Define virtual organization.Ans:
SCM is an integrating process based on the flawless delivery of basic and
customized services. It plays an important role in the management of processesthat cut across functional and departmental boundaries.Virtual organization:- It is
a organization closely coupled upstream with its suppliers anddownstream with
its customers. This is a multilayered organization. It allows gaps to exist betweenemployees from different departments.
Explain different operations carried out in e-commerce.Ans: Operations
came under e-commerce: -- i) Transactions between a supplier and a buyer orbetween two companies over a public network such as ISP.Transaction with the
trading partners or between the officers of the company located at differentlocation. //Information gathering needed for market research. //Information
processing for decision making at different levels of management. //Maintenance
of records needed for legal purpose, including taxation, legal suits. //Transactionfor information distributions to different retailers, customers including
advertising, sales and marketing
Explain the three stages of e-commerce architecture on web? Ans: Stages ofe-commerce architecture on the web:- a) Client browser:- It resides on the users
PC or workstation and provides an interface to the various type of content. It
easily understands that what file it is downloading and what browser extension itneeds to display the file.//Web server: - It retrieves information and data, manage
transaction and security. //The third party services: - It could be other web server
that makes up the digital library, information processing tool, and electronicpayment system.
What is E-Commerce? List the various activities carried out in E-
Commerce.Ans: E-Commerce -The process of buying and selling of products
and services through web or internet is termed as e-commerce.Activities cameunder e-commerce:-- i) Transactions between a supplier and a buyer or between
two companies over a public network such as ISP.//Transaction with the tradingpartners or between the officers of the company located at different location.
//Information gathering needed for market research. //Information processing for
decision making at different levels of management. //Maintenance of recordsneeded for legal purpose, including taxation, legal suits. //Transaction for
information distributions to different retailers, customers including advertising,
sales and marketing.18. List the different layers of EDI implementation .Ans: i) Business
Application Layer- This layer creates a document send it to an EDI translator
layer.ii) Translator layer- It describe the relationship between the data elements inthe business application and the EDI standards. iii) Internal format conversation
iv) EDI envelop for document messaging
19. What are software agents?Ans: -- Software agents are encapsulation of userinstructions that perform all kinds of tasks in electronic marketplaces spread
across networks. It is used to implement information brokerages. It will take awhile to solve the problems of inter-agent communication, interoperable agents,and other headaches that come with distributed computing and networking.
20.What is firewall? What are the three types of firewall? Ans: Firewall is a
security device that allows limited access out of and into one network frominternet. It is a piece of hardware that is connected to a network to protect it from
agents. It only permits approved traffic in and out of ones local site. It operates
at the application, network, and transport layers of Protocol stack.There are threetype of firewalls:- i) Packet filter ii) Application-level gateway iii) Proxy server
Explain secure electronic payment protocol.Ans: SEPP is a joint development
of IBM, Netscape, GTE, Cyber cash, and MasterCard. It is an open, vendor-
neutral, nonproprietary, license free protocol for secure on-line transaction. It
addresses following business requirements:-- i) To enable confidentiality of
payment information.ii) To ensure integrity of all payment data transmitted. iii)To provide authentication that a cardholder is the legitimate owner of a card
account. iv) To provide authentication that a merchant can accept MasterCard,
branded card payments with an acquiring member financial institution.SEPP isthe electronic equivalent of the paper charge slip, signature and submission
process. It takes input from the negotiation process and cause the payment to
happen via three way communications among the cardholder, merchant, andacquirer.The SEPP system is composed of a collection of elements involved in e-
commerce such as Card holder, Merchant, Acquirer, Certificate managementsystem, and Banknet.
What are the normal constraints put on e-cash?Ans: The normal constraints
puts on e-cash are: -- i) The time over which a given electronic money isvalid.//The number of exchanges that can take place before money needs to be
redepositing with a bank. //The number of transaction that can be made during a
given period of time.
21.b) What is e-cash give the properties of e-cash ?Ans: E Cash:-Electronic
cash is a new concept in on-line payment system. It combines computerizedconvenience with security and privacy that improve on paper cash. It is an
attractive alternative way for payment over the internet.Properties of E-Cash: i) Itmust have a monetary value. It must be backed by a bank-authorized credit, or abank certified cashiers check.//E-Cash must be interoperable means it is
exchangeable as payment for other e-cash, paper cash, deposits in banking
accounts etc. //E-cash must be storable and retrievable. The cash could be stored
on a remote computers memory and easily transported into standard or special
purpose devices. //E-Cash should not be easy to copy or tamper with while being
exchanged. This includes preventing or detecting duplication and double
spending. Detection is essential in order to audit whether prevention is working.
What is electronic purse? Explain. If an EDI network fails to deliver the
message who is responsible for that?Ans: Electronic Purse: -- It is a typesmart card. Electronic purse is a walletsized smart cards embedded with
programmable microchips that store sums of money for people to use instead of
cash. Electronic purse is also known as electronic money and Debit card.Workingof Electronic purse:- When the purse is loaded with money, at an ATM or
through the use of an expensive telephone. It can be used to pay. For example:- If
you want to buy a candy in a vending machine equipped with a card reader. First,insert the card in the vending machine, the vending machine verifies that card is
authentic and there is enough money to buy a candy. If yes, the machine deducts
the cost of candy from the balance on the card and adds it to an e-cash box. Theremaining balance is displayed on the card.When the balance on an electronic
purse is depleted, the purse can be recharge with more money.If an EDI networkfails to deliver the message, who is responsible for that is not decided as yet.
What is the purpose of Kerberos?Ans: Purpose of Kerberos:- It is designed for
following purposes:--i)To provide both one-way and two-way authentication.//Authentication should be achieved without transmitting unencrypted passwords
over a network. //Clear text passwords entered by client users should be retained
in memory for shortest time. //Each authentication should have a finite lifetime.//Network authentication should be nearly unnoticed by users. //Minimal effort
should be required to modify existing application that formerly used other, less
secure authentication schemes. //Authentication should be limited to the length ofthe users current login sessions.
Explain the secure socket layer in detail.Ans: SSL is a security protocol
developed by Netscape communications. It provides privacy over the internet.This protocol allows client/server applications to communicate in a way thats
why data transmission cant be disclosed or altered.SSL uses three -part process.
First, information is encrypted to prevent unauthorized disclosure. Second, the
information is authenticated to make sure that the information is beingsent andreceived by the correct party. Third, it provides message integrity to prevent the
information from being altered during interchanges between the source andsink.SSL depends on RSA encryption for exchange of the session key and
client/server authentication and for various other cryptographic algorithms.The
strength of SSL is that it is application independent. SSL provides channelsecurity through encryption and reliability through a message integrity check. To
implement the SSL a merchant to use the Netscape server and the buyer to use
Netscape browser software.QExplain digital signature technique. 5If digital signatures are to replace
handwritten signatures, they must have the same legal status as handwritten
signatures. The digital signature provides a means for a third party to verify thatthe notarized object is authentic. Digital signatures should have greater legal
authority than handwritten signatures. If the contract was signed by digital
signatures, however, a third party can verify that not one byte of the contract hasbeen altered.
QMention some hacking techniques. Some Hacking Techniques:Stolenaccess: Involves the use of another users ID or password without permission togain access to the internet. Stolen resources: Search for processors to store
stolen software and data bases. Internet virus: Virus designed to traverse
through the network, passing through multiple processors and either sendinginformation back to the originator or doing damage to the processors it passes
though. Email Impostures: Sending email while falsifying from field Email
passes through at least two nodes to be received, email. Email snooping: passesthrough these nodes, and is stored transiently, it is susceptible to people tithe
systemaccess, unless secured.Sniffing: If a hacker has gained access to a host, the
hacker may set up sniffing programs to observe traffic storing information
(IDs/passwords) that can be used to compromise other systems. Spoofing:
Assuming someone elses identity, whether it is a login ID, an IP address a
server, or an e-commerce merchant. Async attacks: While programs are idle inhost memory, a hacker may have the opportunity to access the rograms data.
Trojan horses: Viruses concealed within a software package injected into a host.
May be destructive or perform some covert activity designed to send data back tothe hacker.
47. Name three broad phases of consumers perspective and give categories
of consumers. Pre-purchase Preparative: The pre-purchase preparation phaseincludes search and discovery for a set of products in the larger information space
capable of meeting customer requirements and products selection from thesmaller set of products based on attribute comparison. PurchaseConsummation:
The purchase consummation phase includes mercantile protocols that pecify the
flow of information and documents associated with purchasing and negotiationwith purchasing and negotiation with merchants for suitable terms, such as price,
availability, and delivery dates; and electronic payment mechanisms that
integrate payment into the purchasing process. Post-purchase interaction: Thepost-purchase interaction phase includes customer service and support to address
customer complaints, product returns, and product defects. Purchase deliberation
is defined as the elapsed time between a consumers first thinking about buyingand the actual purchase
c) Viruses and worms. A virus is a program that can affect other programs bymodifying them, the modified program includes a copy of the virus program,which can then go into another programs. A warm is a program that makes use of
networking software to replicate itself and move from system to system. The
worm performs some activity on each system it gains access to, such as
consuming processor resources or depositing viruses.Countering the threat of
viruses: The best solution for the threat of viruses is prevention: do not allow a
virus to get into the system in the first place. In general, this goal is impossible to
7/28/2019 62 Xerox 4
5/5
achieve, although prevention can reduce the number of successful viral attacks.
The next best approach is to do the following: Detection: After the infection has
occurred, determine that it has occurred and locate the virus. Purging: Removethe virus from all infected systems so that the disease cannot spread further.
Recovery: Recover any lost data or programs.Because of the variety of viruses,
there is no universal remedy. A number of programs provide someprotection, andthe security manager should be advised to contact several vendors and assess
their products.
b) Secret-key cryptography. Secret Key cryptography, also known assymmetric cryptography, uses the same key to encrypt anddecrypt the message.
Therefore, the sender and recipient of a message must share a secret, namely the
key. A well known secret-key cryptography algorithm is the Data EncryptionStandard(DES), which is used byfinancial institutions to encrypt PINs. Public
Key cryptography, also known as asymmetric cryptography, uses two keys: onekey to encrypt the message and the other key to decrypt the message. The two
keys are mathematically related such that data encrypted with either key can only
be decrypted using the other. Each user has two keys: a public key and a privatekey.
a) Kinds of shopping. Variety of experiencesThere are many ways that
cardholders will shop. This section describes two ways. The SETprotocolsupports each of these shopping experiences and should support others as
they are defined.On-line cataloguesThe growth of electronic commerce can
largely be attributed to the popularity of the World Wide Web. Merchants can tapinto this popularity by creating virtual storefronts on the Web that contain on-line
catalogues. These catalogues can be quickly updated as merchants product
offerings change or to reflect seasonal promotions.Cardholders can visit theseWeb pages selecting items for inclusion on an order. Once the cardholder finishes
shopping, the merchants Web server can send a completed order form for t he
cardholder to review and approve. Once the cardholder approves the order and
chooses to use a payment card, the SET protocol provides the mechanisms for thecard holder to securely transmit payment instructions as well as for the merchant
to obtain authorization and receive payment for the order. ElectroniccataloguesMerchants may distribute catalogues on electronic media such as
diskettes or CD-ROM. This approach allows the cardholder to browse through
merchandise off-line. With an on-line catalogue, the merchant has to beconcerned about bandwidth and may choose to include fewer graphics or reduce
the resolution of the graphics. By providing an off-line catalogue, such
constraints are significantly reduced.