UNIT III

Automotive Network Exchange

The Automotive Network Exchange is the private extranet initially set up and maintained by the Automotive Industry Action Group,Telcordia, General Motors, Ford, and Chrysler. It was built as a private network for the auto industry in 1995 to provide consistent, reliable speed and guaranteed security for data transmissions between the automakers and their suppliers. The ANX Network allows trading partners to collaborate electronically on product design and development; solicit and process orders; and facilitate just-in-time manufacturing and post shipping schedules.[3] In 1999 the Automotive Industry Action Group sold the ANX Network to the Science Applications International Corporation (SAIC).

Internet Architecture

It is by definition a meta-network, a constantly changing collection of thousands of individual networks intercommunicating with a common protocol.

The Internet's architecture is described in its name, a short from of the compound word "inter-networking". This architecture is based in the very specification of the standard TCP/IP protocol, designed to connect any two networks which may be very different in internal hardware, software, and technical design. Once two networks are interconnected, communication with TCP/IP is enabled end-to-end, so that any node on the Internet has the near magical ability to communicate with any other no matter where they are. This openness of design has enabled the Internet architecture to grow to a global scale.

In practice, the Internet technical architecture looks a bit like a multi-dimensional river system, with small tributaries feeding medium-sized streams feeding large rivers. For example, an individual's access to the Internet is often from home over a modem to a local Internet service provider who connects to a regional network connected to a national network. At the office, a desktop computer might be connected to a local area network with a company connection to a corporate Intranet connected to several national Internet service providers. In general, small local Internet service providers connect to medium-sized regional networks which connect to large national networks, which then connect to very large bandwidth networks on the Internet backbone. Most Internet service providers have several redundant network cross-connections to other providers in order to ensure continuous availability.

The companies running the Internet backbone operate very high bandwidth networks relied on by governments, corporations, large organizations, and other Internet service providers. Their technical infrastructure often includes global connections through underwater cables and satellite links to enable communication between countries and continents. As always, a larger scale introduces new phenomena: the number of packets flowing through the switches on the backbone is so large that it exhibits the kind of complex non-linear patterns usually found in natural, analog systems like the flow of water or development of the rings of Saturn (RFC 3439, S2.2).

Each communication packet goes up the hierarchy of Internet networks as far as necessary to get to its destination network where local routing takes over to deliver it to the addressee. In the same way, each level in the hierarchy pays the next level for the bandwidth they use, and then the large backbone companies settle up with each other. Bandwidth is priced by large Internet service providers by several methods, such as at a fixed rate for constant availability of a certain number of megabits per second, or by a variety of use methods that amount to a cost per gigabyte. Due to economies of scale and efficiencies in management, bandwidth cost drops dramatically at the higher levels of the architecture.

Resources. The network topology page provides information and resources on the real-time construction of the Internet network, including graphs and statistics. The following references provide additional information about the Internet architecture:

RFC 1958; B. Carpenter, et. al.; Architectural Principles of the Internet; Jun 1996

RFC 3426; S. Floyd; General Architectural and Policy Considerations; Nov 2002 RFC 3439; R. Bush, D. Meyer; Some Internet Architectural Guidelines and

Philosophy; Dec 2002 RFC 3819; P. Karn, Ed.; Advice for Internet Subnetwork Designers; July 2004

RFC 3945; E. Mannie, Ed.; Generalized Multi-Protocol Label Switching (GMPLS) Architecture; October 2004

This is the world-wide network of computers accessible to anyone who knows their Internet Protocol (IP) address - the IP address is a unique set of numbers (such as 209.33.27.100) that defines the computer's location. Most will have accessed a computer using a name such as http://www.hcidata.com. Before this named computer can be accessed, the name needs to be resolved (translated) into an IP address. To do this your browser (for example Netscape or

Internet Explorer) will access a Domain Name Server (DNS) computer to lookup the name and return an IP address - or issue an error message to indicate that the name was not found. Once your browser has the IP address it can access the remote computer. The actual server (the computer that serves up the web pages) does not reside behind a firewall - if it did, it would be an Extranet. It may implement security at a directory level so that access is via a username and password, but otherwise all the information is accessible. To see typical security have a look at a sample secure directory - the username is Dr and the password is Who (both username and password are case sensitive).

IntranetThis is a network that is not available to the world outside of the Intranet. If the Intranet network is connected to the Internet, the Intranet will reside behind a firewall and, if it allows access from the Internet, will be an Extranet. The firewall helps to control access between the Intranet and Internet to permit access to the Intranet only to people who are members of the same company or organisation.

In its simplest form, an Intranet can be set up on a networked PC without any PC on the network having access via the Intranet network to the Internet.

For example, consider an office with a few PCs and a few printers all networked together. The network would not be connected to the outside world. On one of the drives of one of the PCs there would be a directory of web pages that comprise the Intranet. Other PCs on the network could access this Intranet by pointing their browser (Netscape or Internet Explorer) to this directory - for example

U:\inet\index.htm.From then onwards they would navigate around the Intranet in the same way as they would get around the Internet.

The Saviance S-Connect Intranet was built with two principles in mind Productivity and Connectivity.

S-Connect helps employees collaborate on business processes such as product development or order fulfillment, which creates value for our company and customers.

S-Connect centralizes the business process in an easily accessible, platform independent virtual space. The intranets has been organized primarily around the business processes to help employees carry out, rather than the organizational chart of the company.

S-Connect brings together employees and partners who are geographically dispersed to work on common problems. We have seen a major decline in travel costs increased productivity as the employees can share knowledge.

Intranet software

Microsoft SharePoint is the dominant software used for creating intranets. Estimates indicate that around 50% of all intranets are developed using SharePoint, however there are many alternatives. Other popular intranet software includes:

Autonomy Corporation Atlassian Confluence Drupal eXo Platform IBM Websphere Intranet Dashboard Jive Software Joomla

Liferay Lotus Notes OpenText Plone (software) SAP NetWeaver Portal Sitecore Oracle Fusion Middleware ThoughtFarmer

intranet applications

An intranet application is a software data application used primarily on the internal network of an organization. Most commonly these types of applications are developed using web internet technology making them accessible through web browsers such as Internet Explorer.

The advantages to utilizing an intranet web application over other forms of application software are many.

No additional costly software or hardware requirements

Runs on a variety of OS environments

Only requires a web browser to access (IE, Netscape, Opera, Mozilla) and a web server (IIS, Apache) all of which you already own and in most cases is installed by default

Does not require Internet access

Modifications and maintenance are simple and instant

Built with very common development tools which means finding someone to support it long term will not be difficult and costly

Easy and quick to develop

Common web look and feel

Design and layout are highly customizable

Excellent for mobile development as it can be made available anywhere, anytime with the proper security

Intranet web applications provide a lightweight, easy to maintain and upgrade alternative to many of the legacy applications you may be running in your office. They may also provide that common office interface your employees need, with proper security, to access all the data across the company.

Intranet case studiesIt used to be so difficult to find and read quality intranet case studies. Although, long detailed case studies with screenshots are hard to come by, many organizations are opening the hood to allow the outside world a peak at their intranet.

Navy Marine Corps Intranet Case Study

The Navy Marine Corps Intranet (NMCI) is the second-largest network in the world; only the Internet is larger. The NMCI is not just massive, its mission is vital: more than 700,000 of the military and civilian employees of the Department of the Navy and Marine Corps receive IT services via the intranet.

Its integrated operation enables secure off-site storage and rapid service and data restoration, even in the event of a disaster. Some that the NMCI has weathered so far include 9/11, Hurricane Katrina and the Indian Ocean tsunami.

EDS is deploying VMware Infrastructure throughout the NMCI’s vast network to improve application availability while cutting costs. Virtualization is still a work in progress, but the results thus far have been impressive.

Social intranet case study: Leroy Merlin

At Leroy Merlin, teams are organized within each store by department, such as hardware, woodworking, garden, etc. The project, spearheaded by the Internal

Communications department, has the ultimate goal of improving the personal and collective efficiency of all Leroy Merlin employees — 20,000 people in France. The Intranet has a team space that must be easy to use by a non-technical person. Employees use this space to leave each other messages, tasks, share photos, etc. The space also has specific widgets to display data, such as financial results.

Meredith Corp uses social intranet to help grow revenue

Meredith Corporation runs some of the most recognizable, storied magazine brands in America, serving nearly 75 million women. But the Des Moines, Iowa based Meredith competes in a challenging media market in the midst of transformation. The way people consume information is undergoing a massive shift, disrupting traditional revenue sources. In fact, according to this year’s State of the News Media report by the Pew Project for Excellence in Journalism, the number of ad pages sold by magazines fell by 25 percent in 2009. In order to better grow their subscriber base and offset the challenges of the current ad market, they deployed enterprise social software from Socialtext.

Intranet Deployment

Designing and implementing an Intranet are more craft than science. Each organisation has unique business, application, and system requirements as well as a unique network infrastructure. There is no one-size-fits-all solution; each Intranet is a custom implementation.

Deploying an Intranet for your organisation involves many stages.

Planning Good Intranet Implementation requires a good planning. It is pertinent that various issues are resolved while planning on an Intranet.

For instance, it would be apt to decide - the information that is to be made available; the users who would access; content of home page since the home page represents the organisation; the role of administrator; the services that an organisation wish to offer and so on.

The planning must include connectivity to Internet (leased line or dial-up). You need to plan your IP addressing scheme and workout on subnets if required. The final outcome of the Intranet deployment depends greatly on how well we plan.

The Infrastructure Evaluate the Infrastructure of your current systems and design an infrastructure to support the Intranet deployment.

One of the greatest advantages of Intranet is that you can split and share the load on multiple server machines. For example, you can have your application data on one server, web server on another machine and Mail server on one more machine. The users would be transparent in accessing either of the systems.

You can select the required front-end software like browsers and mail client. You need to have a network operating system that supports TCP/IP, as this protocol is needed for the clients and the servers to get connected to the Intranet.

We suggest you install DNS services, should you be planning for a long-term objective now itself. Allocate IP addresses to all the systems that are getting connected to the Intranet as planned.

Value Addition As you see value through Intranet, you can add features like a Proxy server, a Firewall Server, a DNS Server, Certificate Server, Mailing list server and so on. On the Client side, you shall install HTML editors and Web enabled office suites of software.

The People Deploying an Intranet is more of teamwork. It is not the responsibility of any single department’s (EDP/MIS) job. Team spirit, openness, trust and sense of sharing contribute to the successful deployment of an Intranet.

Administering Once your Intranet is deployed and running, you need to administer it effectively. This is a two-part function. One is maintenance of Servers/nodes & the management of software and adding value by upgrading hardware and software to suit your requirements. Second is creating and updating content on the Intranet.

ExtranetAn Extranet is actually an Intranet that is partially accessible to authorised outsiders. The actual server (the computer that serves up the web pages) will reside behind a firewall. The firewall helps to control access between the Intranet and Internet permitting access to the Intranet only to people who are suitably authorised. The level of access can be set to different levels for individuals or groups of outside users. The access can be based on a username and password or an IP address (a unique set of numbers such as 209.33.27.100 that defines the computer that the user is on).

Enterprise applications

During the late 1990s and early 2000s, several industries started to use the term 'extranet' to describe centralized repositories of shared data (and supporting applications) made accessible via the web only to authorized members of particular work groups - for example, geographically

dispersed, multi-company project teams. Some applications are offered on a software as a service (SaaS) basis.

For example, in the construction industry, project teams may access a project extranet to share drawings, photographs and documents, and use online applications to mark-up and make comments and to manage and report on project-related communications.

Advantages

Exchange large volumes of data using Electronic Data Interchange (EDI) Share product catalogs exclusively with trade partners Collaborate with other companies on joint development efforts Jointly develop and use training programs with other companies Provide or access services provided by one company to a group of other companies, such as an

online banking application managed by one company on behalf of affiliated banks

Disadvantages

Extranets can be expensive to implement and maintain within an organization (e.g., hardware, software, employee training costs), if hosted internally rather than by an application service provider.

Security of extranets can be a concern when hosting valuable or proprietary information.

Electronic Payment System

An e-commerce payment system facilitates the acceptance of electronic payment for online transactions. Also known as a sample of Electronic Data Interchange (EDI), e-commerce payment systems have become increasingly popular due to the widespread use of the internet-based shopping and banking.

Over the years, credit cards have become one of the most common forms of payment for e-commerce transactions. In North America almost 90% of online B2C transactions were made with this payment type. Turban et al. goes on to explain that it would be difficult for an online retailer to operate without supporting credit and debit cards due to their widespread use. Increased security measures include use of the card verification number (CVN) which detects fraud by comparing the verification number printed on the signature strip on the back of the card with the information on file with the cardholder's issuing bank.Also online merchants have to comply with stringent rules stipulated by the credit and debit card issuers (Visa and MasterCard) this means that merchants must have security protocol and procedures in place to ensure transactions are more secure. This can also include having a certificate from an authorized certification authority (CA) who provides PKI(Public-Key infrastructure) for securing credit and debit card transactions.

Despite widespread use in North America, there are still a large number of countries such as China, India and Pakistan that have some problems to overcome in regard to credit card security. In the meantime, the use of smartcards has become extremely popular. A Smartcard is similar to a credit card; however it contains an embedded 8-bit microprocessor and uses electronic cash which transfers from the consumers’ card to the sellers’ device. A popular smartcard initiative is the VISA Smartcard. Using the VISA Smartcard you can transfer electronic cash to your card from your bank account, and you can then use your card at various retailers and on the internet.

There are companies that enable financial transactions to transpire over the internet, such as PayPal and Klarna. Many of the mediaries permit consumers to establish an account quickly, and to transfer funds into their on-line accounts from a traditional bank account (typically via ACH transactions), and vice versa, after verification of the consumer's identity and authority to access such bank accounts. Also, the larger mediaries further allow transactions to and from credit card accounts, although such credit card transactions are usually assessed a fee (either to the recipient or the sender) to recoup the transaction fees charged to the mediary.

The speed and simplicity with which cyber-mediary accounts can be established and used have contributed to their widespread use, although the risk of abuse, theft and other problems—with disgruntled users frequently accusing the mediaries themselves of wrongful behavior—is associated with them.

Generic E-Payment System

1. Entities

Electronic payments involve a payer and a payee. A payer (buyer or customer), is an entity who makes a payment. A payee (seller or merchant), is an entity who receives a payment. The main purpose of an electronic payment protocols is to transfer monetary value from the payer to the payee. The process also involves a financial institution (bank or mint).Typically, financial institution participates in payment protocols in two roles: as an issuer (interacting with the payer) and as an acquirer (interacting with the payee). The issuer is responsible for validating the payer during account registrations and holds the payer’s account

and assets. The acquirer holds the payee’s account and assets. The payee deposits the payments received during a transaction with the acquirer. The acquirer and the issuer then proceed to perform an inter-banking transaction for clearance of funds. It is possible for the issuer and the acquirer to be from the same financial institution.Other parties that may be present in a payment protocol include a Trustee (arbiter) who is an entity that is independent from all parties. All entities in a protocol unconditionally trust the Trustee who is called to adjudicate any disputes between the payer and the payee. Certain payment systems might involve more players like Payment Gateways (PG) who are entities that act as a medium for transaction processing between other entities (e.g. MasterCard, Visa) and Certification Authorities (CA) who are necessary if the e-payment systems involve PKI’s. They issue public key certificates to entities involved in a payment protocol so that their authenticity can be publicly verified. Figure 1 illustrates the participating entities in an e-payment system. Figure 1: Generic E-payment Protocol

2. Phases in E-Payment

An electronic payment typically involves the following phases:1. Registration: This phase involves the registration of the payer and the payee with the issuer and acquirer respectively. Most electronic payments designed require registration of payers and payees with their corresponding banks so there is a link between their identities and their accounts held at the bank.2. Invoicing: In this phase, the payee obtains an invoice for payment from the payee. This is accomplished by either browsing and selecting products for purchase from the merchant’s (payee’s) website in case of purchases made through the internet or obtaining an electronic invoice using other electronic communication medium like e-mail. This phase typically is performed in an unsecured environment and normally excluded while designing payment protocols. The importance of this phase is that, it sets the mandatory and optional data variables that should be included in a payment protocol.3. Payment selection and processing: In this phase the payer selects type of payment, (card based, e-cash, e-cheque, etc.,) based on the type of payment the payee accepts. Based on the selection, the payer then sends the relevant payment details like account number, unique

identifiers of the payer to the payee along with accepted amount based on the invoice. Certain protocols might also require the payer to obtain preauthorised token (like bank drafts) from the issuer before the payer sending the payment information to the payee.4. Payment authorisation and confirmation: In this phase, the acquirer on receiving payment details from the payee authorises the payment and issues a receipt containing the success or failure of the payment to the payee. The payee based on the message may also issue a receipt of payment to the payer.

Classification of Payment Systems

As previously mentioned, electronic commerce can be broadly categorised into two groups, business-to-business (B2B) and business to consumer (B2C). B2B normally involve higher value transactions and predominant payment methods are electronic cheques and bank transfers, whereas, B2C payments are lower value transactions and payment methods used are cash and card based payment systems. This section presents an overview of e-payment classifications.Payment instruments: There are three common electronic payment instruments, namely cash, cheque and card. Cash payment systems consist of self-authenticating divisible tokens that can be processed offline. Cheque payment system is typically linked to a payer’s account and payment is indivisible. Card payment schemes provide a payment mechanism through the existing credit card payment infrastructure.

Pre-paid, Pay-now and Post-pay: In pre-paid system the payment is debited from the payer’s account before a payment is processed and hence the term “pre-paid”. Most cash-like systems such as an electronic-cash system [9] [10] fall in this category. In pay-now system, when an electronic transaction is processed, the payer’s account is debited and the payee’s account is credited with the payment amount. Even though availability of funds depends on the time when inter-bank settlements are carried out, the payer’s and payee’s account are updated to show the debited and credited balances immediately after an transaction is carried out. Credit card based system, like Secure Electronic Transaction (SET) [11], Verified by Visa (VBV) [12], MasterCard secure-code [13] fall into this category. In post-pay systems the payer’s account is debited only when the payee’s makes a request for payment settlement with the acquirer. Most cheque based systems [14] [15] fall into this category.

Offline and Online: Based on communicational characteristics, electronic payments systems are classified as offline and online systems.In an offline system, the communication does not involve any third party, i.e., an electronic transaction takes place only between the payer and the payee. The advantages of offline payments are lower communication cost and less time-critical transaction handling at the banks. However, they suffer from one serious drawback, the problem of double spending. Double spending occurs when the payer spends the same electronic money multiple times. In a digital system the payer could make a backup of electronic money before each payment and reset his system to this backup after the payment. In this way, an arbitrary number of payments to different recipients are possible with the “same” money.

Typically, double spending is prevented with the use of tamper-resistant hardware e.g. a smart card. In certain cases, the tamper-resistant hardware is issued by the bank containing a pre-

authorised value of money. However tamper-resistant devices only offer limited protection as they are vulnerable to attacks [16] [17] [18]. Another way to prevent double spending is pre-authorisation. The payer obtains pre-authorised secure digital money from its bank, thus the payee is assured of payment e.g. a bank cheque. However, this method can only be used if the payee is known to the payer before a payment. A weaker solution, rather than employing prevention techniques is to detect double spending when they occur and the dishonest payer can be held accountable. This solution is used in most e-cash implementations. Adequate security can be achieved by a combined approach that would involve both detection methods and tamper-resisted devices.

In an on-line system, the payee typically connects to the bank to obtain a payment authorisation, thus increasing the communication requirements for the payment system. The advantage is, the payee obtains a guarantee on the payment, as the bank is able to authorise and check for availability of funds in the payer’s account.

Prepaid - Cash like system

The best-known subclass in pre-paid systems is the anonymous e-cash system introduced by Chaum [19] [20].

Basic model of e-cash system: An anonymous off-line e-cash consists of three probabilistic, polynomially-bounded parties, a bank B, payer P, and payee R, and three main sub protocols: withdrawal, payment and deposit (refer Figure 2). Payer and payee maintain their accounts with the bank. The payer withdraws electronic coins from their account with the bank, by performing a withdrawal protocol over an authenticated channel. The payer spends coins by participating in a payment protocol with the payee over an anonymous channel. In effect, the payee performs a deposit protocol, to deposit the coins into their account. The e-cash system also includes setup protocols: system setup, payer setup and payee setup which performs system initialisation functions, namely creating and publishing public keys and opening payer and payee bank accounts. Figure 2: A Model E-cash system

Pay now or Card based system

The most common method for “on-line” payment is card-based systems. Most payment systems in this category are specifically designed for transaction conducted through the Internet. Because of their convenience and omnipresent nature, credit cards in particular have become a popular method for conducting online payments over the Internet, but they are insecure, offer no anonymity or protection of payer’s payment information like card details and account information. To overcome these drawbacks and make card payment more secure, the two leading credit card companies VISA and MasterCard have developed various protocols. This section presents an overview of various card-based systems that have been proposed.

In 1995, Visa and Microsoft developed a card based system called as Secure Transaction Technology (STT) [24]. It featured strong, export-approved DES encryption of financial information, RSA encryption of bank account numbers, RC4 encryption of the purchasing order contents and receipts, and mandatory authentication of all participants. During the same time the IBM Research group proposed the Internet Keyed Payment Protocol (iKP) [25], which later became a part of MasterCard’s Secure Electronic Payment Protocol (SEPP) [26] proposal.

Due to the limited popularity of both STT and SEPP proposals, MasterCard and Visa in a joint effort proposed Secure Electronic Transaction (SET) [11] system that would take advantage of the combined customer and merchant base. SET was published as an open specification for the industry and the development of the payment system included major companies like GTE, IBM, Microsoft, Netscape, RSA, SAIC, Terisa and VeriSign. It incorporates digital signatures for not only authenticating customer but also merchants and banks. SET also included a unique concept known as dual signatures. The main goal of dual signatures is to protect the customer’s account information from the merchant and purchase information from the banks. Dual signatures link purchase information (like order message) sent to the merchant with the payment information

(like account information) sent to the acquirer. When the merchant sends an authorisation request to the acquirer, it includes the payment information sent to it by the cardholder (customer) and the message digest of the purchase information. The acquirer uses the message digest from the merchant and computes the message digest of the payment information to check the dual signature. Even though the advantages of using SET are apparent, due to the system complexity, and implementation costs for both merchant and banks, the system has failed gain widespread market acceptance.

Today there are two major proposals for secure electronic payment over the Internet. They are Visa 3-D Secure [12] (Verified by Visa - VBV) and MasterCard SecureCode [13]. Both protocols rely on SSL [27] /TLS [28] to encrypt communication over the Internet. SSL is a client-server protocol that uses public key cryptography and has become the de facto standard for encrypted communication over the Internet. In SSL, only servers (merchants) have public key certificates and clients (buyers) remain anonymous to the servers. Because of the lightweight nature and an existing wider deployment base of SSL protocol, MasterCard and Visa have implemented a standard that would allow merchant to incorporate the proposed security features into their payment acceptance structure.

Pay later or Cheque based system

Customers generally tend to use credit card payment methods for low and middle value payments, whereas, cheque is the preferred method for large value payments. Various electronic cheque (e-cheque) protocols [29, 30, 31, 15, 21] have been proposed over the years. Systems like FSTC’s eCheck [15], NetCheque [30] and MANDATE II [29] are based on methods used in traditional paper based checking protocols. Systems like NetBill [31], ECheque and PayNow by CyberCash use a central server. Other e-checking systems are based on modified versions of e-cash protocols [21]. But most promising of all e-cheque system that has the support of major financial institutions and government agencies has been the FSTC’s eCheck system.

Micropayments

One of the most promising payment methods is the use of micro payments: the ability to pay for data or services in small increments. Micro payments can be seen as a solution to allow low-value payments for purchasing news articles, stock quotes, index queries, per-click purchase and other services over the Internet. In [32], Jones presented some possible micro commerce content providers which are presented in the Table 3.Table 3: MicroPayment Soluctions for content providers

Various micro payment protocols (micromint and payword [33], netbill [31], cybercoin by cybercash, millicent by compaq [34], NetPay [35], and miKP [36]) have been proposed over the years. The primary aim of all micro payment system have been to handle arbitrarily small amounts of money and keep the cost for the individual transaction low along with generic e-payment security requirements like confidentiality, integrity, authentication and non-repudiation.

Mobile Payments

Due to the phenomenal success of mobile communicational devices, there has been increasing effort to used mobile devices as “electronic wallets” to store payment and account information.

Currently two main wireless protocols are used for mobile commerce. WAP (Wireless Application Protocol) [37] developed by WAP forum (consolidated into the Open Mobile Alliance) and iMode [38, 39] developed by NTT DoCoMo, Japan.

WAP is an open and global specification that helps mobile devices with WAP enabled browsers to access information and services. WAP specifications include an XML-type markup language known as Wireless Markup Language (WML) for displaying information on to a mobile device browser. The WAP specifications also include a lightweight protocol stack to reduce bandwidth requirements.

I-mode is a proprietary protocol developed by NTT DoCoMo and uses Personal Digital Cellular-Packet (PDC-P) to provide network services. Imode allows efficient network usage by using packet switching technology for wireless communication and TCP/IP for wired communications. I-mode uses c-HTML (compact-HTML) to display content on mobile devices. I-mode enabled devices are also view HTML web pages as the structure of c-HTML is similar to HTML as compared to WAP where HTML needs to be converted to WML for display.

Both WAP and I-mode provide security features that can be used to provide electronic commerce and electronic payment services.

Others

Polling Schemes

Gabber and Silberschatz [44] and Jarecki and Odlyzko [45], proposed schemes where users register by giving a first payment, which is a signed note including a bank certificate and subsequent payments sent by users are received by the vendor and probabilistically sent to the bank for deposit at the time of the transaction. The overspending risk can be limited to a known value by defining the probabilistic checking as a function of the transaction size (making large payments more likely to be checked). Phone bases System

BPay [46] and PostBillPay [47] enables users to pay most of your regular monthly bills using either your telephone or your computer 24/7. Bills that can be paid include utilities, telephone bills, cable TV, credit cards, charge cards and many other accounts. To use the system a payee requires to obtain biller specific information (like biller account) and payment details (like credit card information). They also have the option to receive electronic bills for registered users and to send additional details regarding bills registered or add more bills after the initial registration phase.

Electronic check

An electronic check&ndsh;also known as an echeck, electronic check conversion, or Back Office Conversion (BOC)–is an electronic version of a paper check. Electronic checks allow merchants to convert paper check payments made by customers to electronic payments that are processed through the Automated Clearing House (ACH) Network. Simply put, it’s a fast, efficient, and secure way to process check payments.

Because of the many benefits and increased security methods that electronic checks offer, this method of payment is quickly growing in popularity. In 2007, electronic check conversion increased by 30%, with more than 3.1 billion paper checks converted to echecks through in-store transactions. Familiarizing yourself with how electronic checks work, the benefits and security features they offer, and how you can get started with electronic check conversion will save you time and money and help you provide greater protection for your business and your customers.

How electronic checks work

Electronic check conversion is a simple method of processing payments, and the changes to how you do business are minimal. One of this method's greatest advantages is that you can electronically submit checks instead of having to physically take them to the bank, saving you time and increasing employee efficiency.

When you receive a paper check payment from your customer, you will run the check through an electronic scanner system supplied by your merchant service provider. This virtual terminal captures the customer's banking information and payment amount written on the check. The information is transferred electronically via the Federal Reserve Bank's ACH Network, which takes the funds from your customer's account and deposits them to yours.

Once the echeck has been processed and approved, the virtual terminal will instantly print a receipt for the customer to sign and keep. Employees should mark the paper check as "void" and

return it to the customer. Your merchant transactions will be available online for viewing with customized detailed reporting, which may vary in features depending on the merchant service provider you choose.

Reaping the benefits

Using electronic check conversion to process your customers' payments holds many benefits over paper checks:

Reduced processing costs. In general, the cost to process an echeck is substantially less than that of paper check processing or credit card transactions; echecks require less manpower to process and eliminate incidental costs such as deposit and transaction fees that accompany paper checks. With echecks, you can save up to 60% in processing fees.

Funds received sooner. Businesses that use electronic check conversion have funds deposited almost twice as fast as those using the traditional check processing method, with billing companies often receiving payments within one day.

Increased sales. If your business didn't accept paper checks in the past, you can expand the payment options available to your customers and increase sales by offering echecks. If you are converting from accepting paper checks to echecks, you can still expand your customer base by being able to accept international and out-of-state checks without the worry of fraud; echecks require account validation and customer authentication processes that identify bad checks within seconds.

Simple, safe, smart. Electronic check conversion is easy to set up and relies on the ACH Network for processing, the same reliable and trusted funds transfer system that handles Direct Deposit and Direct Payment. Plus, echecks are a smart choice for the environment, helping to reduce more than 67.4 million gallons of fuel used and 3.6 million tons of greenhouse gas emissions created by transporting paper checks.

Fewer errors and reduced fraud. Echecks are processed using an automated system, which cuts down the number of people who must handle the check, reducing the potential for error and fraud. Merchant service providers also maintain, monitor, and check files against negative account databases that store information about individuals or companies that have past records of fraud to help decrease fraudulent activity.

Increase security with electronic checks

Electronic check conversion leverages the latest information protection features such as encryption and message authentication. Because of this, many retail merchants, merchant service providers, and financial institutions consider it to be one of the most secure payment methods in the electronic payment processing industry.

Authentication. Merchants must verify that the person providing the checking account information has the authority to use that checking account. There are a number of authentication services and products available to merchants, including:

o Digital signatures. Digital signatures (or digital certificates) are a way of encrypting information that gives the receiver a more reliable indication that the information was sent by the claimed sender. They are used by programs on the

Internet to confirm the identity of a customer to concerned third parties, serving a similar purpose as a handwritten signature. Digital signatures cannot be easily tampered with or imitated and are easily transportable, thereby making them a reliable method for verifying identity when implemented correctly. Digital signatures are often used to implement electronic signatures, a broader term that refers to any electronic data that carries the intent of a signature.

o Public key cryptography. Public key cryptography is an encryption/decryption security method that uses one key to encrypt a sent message and another to decrypt it. With electronic check conversion, the private key is a secret mathematical calculation used to create the digital signature on the echeck, and the public key is the corresponding key given to anyone who needs to verify that the sender signed the echeck and that the electronic transfer has not been tampered with. Public key cryptography is another way to ensure authenticity of the electronic transfer of funds.

Duplicate detection. Duplicate prevention and detection is another way to reduce fraudulent activities. Financial institutions have software and operational controls in place to prevent duplication of the scanned electronic representations of customer checks.

Encryption.The ACH Network automatically encrypts messages using 128-bit encryption and a secure sockets layer (SSL).

UNIT V-

Infrastructure of Electronic commerce

Every business requires an infrastructure to support its customers and operations. This includes facilities, equipment, and processes to support all the functional areas of your business. Choosing the correct infrastructure to match your business strategies enables your operations to run efficiently. Conversely, if an element of your infrastructure is out of sync with your strategies, you will likely feel the pain in every aspect of your business.

Here’s an example. If your value proposition is to provide the highest level of customer service for premium products, then your infrastructure should include processes to deliver quick and responsive service, including live chat, self-service tools, and quick turnaround on questions and orders. I addressed strategies for value propositions earlier, in “What’s the Value Proposition of Your Ecommerce Company?”

If your value proposition is to provide the lowest prices every day, then your infrastructure should be focused being the low cost provider. You can accomplish this in various ways, but you need to ensure that your cost of goods sold and overhead expenses — which include infrastructure costs — are as low as possible.

Typically, ecommerce businesses try to maintain a high degree of flexibility in their infrastructure to keep fixed costs low and to be able to react quickly to market changes or

competitive pressures. A key infrastructure decision is whether to outsource or manage operations in house.

Most ecommerce businesses are small, with fewer than 25 employees. If you look at all the functional areas of the business that must be managed on a daily basis, it will be hard to find and afford an in house staff with all the skills required be successful. When deciding on your business infrastructure and operations, be sure to evaluate what your core strengths are. Know what you do well and know what you do not do well. They are equally important. Look to outsource part time activities or ones that require high levels of skill or specialization.

Here are seven important infrastructure decisions that ecommerce businesses face.

1. Marketing

Of all the infrastructure elements, marketing may be the most important. To succeed, your website must be found. Once visitors are on your site, you need to keep them there and compel them to buy from you. That’s the job of your marketing team. Whether it’s website design, social media, search marketing, merchandising, email, or other forms of advertising, it’s all about marketing.

To effectively manage marketing activities in-house is very challenging. Most small ecommerce businesses outsource some element of marketing.

2. Facilities

A key competitive advantage that ecommerce businesses have over brick-and-mortar stores is the investment in their physical offices and warehouses. In many cases, you can host your business out of a home office and your basement or garage. If you drop ship or outsource fulfillment, you may be able to do that for a long period of time. Even when you grow to have many employees, you can set up your offices in class B or C space, as you have no need for a fancy store in the right location.

A word of advice is to keep your options flexible. Try to find an office park that has a wide variety of spaces in different sizes. You may be able to start in a smaller space and move up to a larger one without penalty, as your needs change.

3. Customer Service

There are many choices today for delivering high-quality customer service. You can manage those activities in-house or outsource to a third party. Basic customer service for sales and post-sales activities can be handled using email, and by providing an 800 number for more extensive phone support. A customer-management system will make those activities easier, but for smaller companies it is not a requirement.

Live chat will impact your operations as someone needs to be available during specified hours of operation. Be sure to gauge the impact of that on your organization, if you decide to handle those activities in house.

4. Information Technology

Choosing the right ecommerce platform is one of the most important decisions you will make in your business. Do you want to build and host your own system, outsource the development and then manage the system going forward, or use a hosted, software-as-a-service platform that is more turnkey and externally managed?

If you build and host your own system, you may need more cash upfront and skilled administrators and developers on your staff. By using a SaaS platform, you will not need to host or manage the system in-house, but you may still need web developers on staff. Choosing to outsource the development and hosting will reduce your staffing costs, but you will incur higher costs for any future enhancements or changes to your websites.

There are pros and cons to any approach. Just be sure to think through the impacts on both your staffing and your cash flow and bottom line before you move forward.

5. Fulfillment

Another key decision is whether you will manage your own inventory or outsource those activities to a fulfillment house or through drop shipping arrangements with your suppliers.

Managing your own inventory will provide you with a high level of control, but you will tie up your cash in inventory, warehouse space, and your own fulfillment staff. In some industries — like the jewelry supply industry that my previous business was in — managing your own inventory was the most logical choice. We had no alternative for drop shipping, and most items were purchased in bulk and were very small. We did not trust preparation and fulfillment to an outside service.

Select the best fulfillment option to meet your needs. Be sure to understand the costs involved and analyze the other options before moving forward.

6. Finance and Administration

As with other business operations, you will need to decide if you want to manage your finance and administration activities in-house, outsource, or a hybrid of the two. If your ecommerce platform is tightly integrated to your accounting system, you may have very little need for an in-house bookkeeper. If you use separate systems for your website, order management and accounting, you may need more help for data entry and making sure that the information is properly managed

Many ecommerce companies use outside services for vendor payments, payroll, and other basic accounting activities. They decide to focus on the sales, marketing, and customer service. This

allows them to maintain a focus on growing their businesses, instead of paying an internal accountant — or doing that work yourself as the business owner.

On the administration side, you need a leadership team and provide direction to them. Good communication is important, whether you have 3 or 100 employees. Whether you choose to be more authoritative or democratic in your management style is up to you. But choose a style and stay consistent. Be sure that everyone understands their roles, as well as the overall business strategies. You may need to adjust your approach as your business evolves.

7. Human Resources

Many small-business owners avoid the human resources function. Recruiting, setting up compensation, maintaining compliance and other HR activities are specialized and time consuming. You may choose to bring the resources in-house to manage those activities, but also evaluate outsourcing them. There are many individuals and agencies well equipped to take on your HR activities.

Conclusion

When planning any part of your company’s infrastructure, reflect on your target market and the value proposition you have defined. Make sure that each element of your infrastructure supports your value proposition. Be careful not to overcommit either your human resources or financial capital in one area. It is very easy to extend yourself financially on things like rent or hiring people, only to find out that other forces impact your growth or profits.

The Internet Protocol (IP) is the principal communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.

IP, as the primary protocol in the Internet layer of the Internet protocol suite, has the task of delivering packets from the source host to the destination host solely based on the IP addresses in the packet headers. For this purpose, IP defines packet structures that encapsulate the data to be delivered. It also defines addressing methods that are used to label the datagram with source and destination information.

Historically, IP was the connectionless datagram service in the original Transmission Control Program introduced by Vint Cerf and Bob Kahn in 1974; the other being the connection-oriented Transmission Control Protocol (TCP). The Internet protocol suite is therefore often referred to as TCP/IP.

When a project requirement for a Web-Based Client Server (WBCS) system first arose in November of 1995, I had to comb through several periodicals each week just to find a single relevant piece of information on the subject. I assumed that some organizations were already doing it, but found that those few innovators were writing tedious custom "C" and "Perl" programs based on the Common Gateway Interface (CGI) standard. Many of these organizations were not even accessing true database management systems (DBMS), storing data in ASCII text files instead. These were hardly high-level development tools that the industry periodicals would cover in detail. Tools to create WBCS systems were scarce at that time. Searches through the Internet, periodicals, Computer Select, and even attending the Comdex convention to find the best tool, produced a grand total of four development tools for web-enabling database applications. Of the four tools, only two were open enough to enable web access to various major brands of DBMS; the other two were proprietary. About a year later, however, the environment has changed dramatically. Entire articles are now devoted to WBCS development in the major industry periodicals. All major DBMS vendors offer proprietary means to put dynamic data on the web. Third-party tools are now much more abundant and open in nature, allowing use of WBCS applications to access data from various major DBMS brands. Even certain operating systems have built-in WBCS development tools. Most, if not all, of these tools provide a generic, yet customizable gateway between the web server and the DBMS, eliminating much tedious coding. Indeed, huge and exciting steps forward have been taken in a short period. With the emergence of the Intranet, Java, and the popularity of the World Wide Web (WWW), information systems (IS) managers and developers must ask, "Is there anything to this for serious application development?" This article provides developers and managers with insights into the technology so that they can arrive at their own answers to this question.

What Is It and What Is in It for Me? WBCS computing uses a typical web browser to access and manipulate dynamic information, stored in a centrally controlled DBMS, over the Internet. This is an alternative to the current client/server model, in which a custom-written graphical user interface (GUI) application accesses and manipulates dynamic information stored in a DBMS using proprietary communication software. WBCS generates HyperText Mark-up Language (HTML) pages on the fly to provide the latest information via the WWW.

Is This Truly Client/Server Computing? In the simplest sense, WBCS computing fits the definition of client/server computing because it involves two or more pieces of software performing separate tasks in conjunction with one another to accomplish a common goal. The web browser, for example, can be thought of as a generic client that handles the display of information and processes the user interface events. As the server, the DBMS accepts and processes client requests for data and data manipulation.

How Does WBCS Work? When it comes to dissemination of information, there is probably no better alternative than the WWW; however, the WWW can only do this in the form of static files. This means that dynamic

data from DBMS would have to be "dumped," stored as static HTML text files, then indexed before it could be accessed via the WWW. Obviously, this is not a practical method to distribute dynamic information. By the time information has been dumped and converted to HTML formatted files, the information in the DBMS will surely have changed. And depending on the method used and the number of records involved, to convert the records into HTML-formatted files can be too resource consuming. Although the WWW is a great way to disseminate static information, the DBMS has been and will continue to be the best way to manage and maintain dynamic information such as inventory records or employee files. A DBMS comes equipped with powerful query and manipulation languages such as SQL that provide a means to search, sort, and update information. Also, a DBMS allows automatic enforcement of any desired data integrity rules. Although a DBMS is a powerful tool to manage complex information, the average user finds that gaining access to the DBMS and using the query and manipulation languages is a difficult and tedious undertaking. Therefore, application programs are created to automate and simplify many of the tedious tasks of information management. Most recently, the "client/server" model for DBMS application development has been the model of choice. This model takes advantage of advances in desktop personal computer (PC) and networking technology by off-loading some of the processing from the computer that runs the DBMS (the server) to the user's PC (the client). Ideally, users should see a dramatic increase in the response of the DBMS because the server no longer has to provide and process a user interface for each person using the DBMS. The DBMS only has to process requests to manipulate data, and the user interface is instead processed on the user's desktop PC. Although the client/server model has many advantages, it also introduces more levels of complexity into development and support of a DBMS application. Additional software for communication between the server and the client is needed; client PC's may not be powerful enough to run the user interface, and distribution of software to each user's PC can be tedious and extremely expensive. I have often heard developers long for the "good old days" when the entire application and user interfaces were run on the same processor, and everything from application distribution to user support was much simpler. Fortunately, recent advances in WWW and DBMS technology have provided new ways to combine the best features of these two technologies to provide client/server DBMS applications over the WWW. The result is WBCS computing, a powerful combination that disseminates and manages dynamic information well.

Internet security is a branch of computer security specifically related to the Internet, often involving browser security but also network security on a more general level as it applies to other applications or operating systems on a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud, such as phishing. Different methods have been used to protect the transfer of data, including encryption.

Types of security

Network layer security

TCP/IP can be made secure with the help of cryptographic methods and protocols that have been developed for securing communications on the Internet. These protocols include SSL and TLS for web traffic, PGP for email, and IPsec for the network layer security.

IPsec Protocol

This protocol is designed to protect communication in a secure manner using TCP/IP. It is a set of security extensions developed by IETF, and it provides security and authentication at the IP layer by using cryptography. To protect the content, the data is transformed using encryption techniques. There are two main types of transformation that form the basis of IPsec: the Authentication Header (AH) and Encapsulating Security Payload (ESP). These two protocols provide data integrity, data origin authentication, and anti-replay service. These protocols can be used alone or in combination to provide the desired set of security services for the Internet Protocol (IP) layer.

The basic components of the IPsec security architecture are described in terms of the following functionalities:

Security protocols for AH and ESP Security association for policy management and traffic processing Manual and automatic key management for the internet key exchange (IKE) Algorithms for authentication and encryption

The set of security services provided at the IP layer includes access control, data origin integrity, protection against replays, and confidentiality. The algorithm allows these sets to work independently without affecting other parts of the implementation. The IPsec implementation is operated in a host or security gateway environment giving protection to IP traffic.

Security token

Some online sites offer customers the ability to use a six-digit code which randomly changes every 30-60 seconds on a security token. The key on the security token have mathematical computations built-in and manipulate numbers based on the current time built into the device. This means that every thirty seconds there's only a certain possible array of numbers which would be correct to validate access to the online account. The website that the user is logging into would be made aware of that devices' serial number and therefore would know the computation and correct time built into the device to verify that the number given is indeed one of the handful of six-digit numbers that would work in that given 30-60 second cycle. After the 30-60 seconds the device will present a new random six-digit number which can log into the website.

Electronic mail security (E-mail)

BackgroundSee also: Electronic mail

Email messages are composed, delivered,hes composing the message and sends it, the message is transformed into a standard format: an RFC 2822 formatted message. Afterwards, the message can be transmitted. Using a network connection, the mail client, referred to as a mail user agent (MUA), connects to a mail transfer agent (MTA) operating on the mail server. The mail client then provides the sender’s identity to the server. Next, using the mail server commands, the client sends the recipient list to the mail server. The client then supplies the message. Once the mail server receives and processes the message, several events occur: recipient server identification, connection establishment, and message transmission. Using Domain Name System (DNS) services, the sender’s mail server determines the mail server(s) for the recipient(s). Then, the server opens up a connection(s) to the recipient mail server(s) and sends the message employing a process similar to that used by the originating client, delivering the message to the recipient(s).

Pretty Good Privacy (PGP)

PGP provides confidentiality by encrypting messages to be transmitted or data files to be stored using an encryption algorithm such Triple DES or CAST-128. Email messages can be protected by using cryptography in various ways, such as the following:

Signing an email message to ensure its integrity and confirm the identity of its sender. Encrypting the body of an email message to ensure its confidentiality. Encrypting the communications between mail servers to protect the confidentiality of

both the message body and message header.

The first two methods, message signing and message body encryption, are often used together; however, encrypting the transmissions between mail servers is typically used only when two organizations want to protect emails regularly sent between each other. For example, the organizations could establish a virtual private network (VPN) to encrypt the communications between their mail servers over the Internet.[3] Unlike methods that can only encrypt a message body, a VPN can encrypt entire messages, including email header information such as senders, recipients, and subjects. In some cases, organizations may need to protect header information. However, a VPN solution alone cannot provide a message signing mechanism, nor can it provide protection for email messages along the entire route from sender to recipient.

Multipurpose Internet Mail Extensions (MIME)

MIME transforms non-ASCII data at the sender's site to Network Virtual Terminal (NVT) ASCII data and delivers it to client's Simple Mail Transfer Protocol (SMTP) to be sent through the Internet.[4] The server SMTP at the receiver's side receives the NVT ASCII data and delivers it to MIME to be transformed back to the original non-ASCII data.

Message Authentication Code

A Message Authentication Code is a cryptography method that uses a secret key to encrypt a message. This method outputs a MAC value that can be decrypted by the receiver, using the

same secret key used by the sender. The Message Authentication Code protects both a message's data integrity as well as its authenticity.[5]

Firewalls

A firewall controls access between networks. It generally consists of gateways and filters which vary from one firewall to another. Firewalls also screen network traffic and are able to block traffic that is dangerous. Firewalls act as the intermediate server between SMTP and HTTP connections.

Role of firewalls in Internet security and web security

Firewalls impose restrictions on incoming and outgoing packets to and from private networks. All the traffic, whether incoming or outgoing, must pass through the firewall; only authorized traffic is allowed to pass through it. Firewalls create checkpoints between an internal private network and the public Internet, also known as choke points. Firewalls can create choke points based on IP source and TCP port number. They can also serve as the platform for IPsec. Using tunnel mode capability, firewall can be used to implement VPNs. Firewalls can also limit network exposure by hiding the internal network system and information from the public Internet.

Types of firewalls

Packet filters

Packet filters are one of several different types of firewalls that process network traffic on a packet-by-packet basis. Their main job is to filter traffic from a remote IP host, so a router is needed to connect the internal network to the Internet. The router is known as a screening router, which screens packets leaving and entering the network.

Circuit-level gateways

The circuit-level gateway is a proxy server that statically defines what traffic will be allowed. Circuit proxies always forward packets containing a given port number, provided the port number is permitted by the rules set. This gateway operates at the network level of an OSI model. The main advantage of a proxy server is its ability to provide Network Address Translation (NAT), which can hide the user's IP address from the Internet, effectively protecting all internal information from the Internet.

Application-level gateways

An application-level gateway is a proxy server operating at the TCP/IP application level. A packet is forwarded only if a connection is established using a known protocol. Application-level gateways are notable for analyzing entire messages rather than individual packets of data when the data are being sent or received..

Malicious software and antivirus

MalwareFor more details on this topic, see Malware.

Commonly, a computer user can be tricked or forced into downloading software onto a computer that is of malicious intent. Such programs are known as malware and come in many forms, such as viruses, Trojan horses, spyware, and worms. Malicious software is sometimes used to form botnets.

VirusesFor more details on this topic, see Computer virus.

Viruses are programs that can replicate their structures or effects by infecting other files or structures on a computer. The common use of a virus is to take over a computer to steal data.

WormsFor more details on this topic, see Computer worm.

Worms are programs that can replicate themselves throughout a computer network, performing malicious tasks throughout.

Trojan horseFor more details on this topic, see Trojan horse (computing).

A Trojan horse (commonly known as a Trojan) is a general term for malicious software that pretends to be harmless so that a user willingly allows it to be downloaded onto the computer.

Ransomware and ScarewareFor more details on this topic, see Ransomware (malware).

For more details on this topic, see Scareware.

BotnetFor more details on this topic, see Botnet.

A botnet is a network of "zombie" computers that have been taken over by a "bot" that performs large-scale malicious acts for the creator of the botnet.

SpywareFor more details on this topic, see Spyware.

The term spyware refers to programs that surreptitiously monitor activity on a computer system and report that information to others without the user's consent.

AntivirusFor more details on this topic, see Antivirus.

Antivirus programs and Internet security programs are useful in protecting a computer or programmable device from malware.

Such programs are used to detect and usually eliminate viruses; however, it is now common to see security suites, containing also firewalls, anti-spyware, theft protection, and so on to more thoroughly protect users.[6]

Traditionally, a user would pay for antivirus software; however, computer users now can, and do, download from a host of free security applications on the Internet.[7]

Denial-of-service attackFor more details on this topic, see Denial-of-service attack.

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.

Browser choiceMain article: Browser security

Web browser statistics tend to affect the amount a Web browser is exploited. For example, Internet Explorer 6, which used to own a majority of the Web browser market share,[8] is considered extremely insecure[9] because vulnerabilities were commonly exploited due to its former popularity. Now, however, browser choice is more evenly distributed (Internet Explorer at 28.5%, Firefox at 18.4%, Google Chrome at 40.8%, and so on);[8] vulnerabilities are commonly exploited in many browsers.