UNIT-3 Question Bank

Short Answer Type Questions 1. Define the following Term: a) Secure Electronic Transaction Secure Electronic Transaction (SET) was a standard protocol for securing credit card transactions over insecure networks, specifically, the Internet. SET was not itself a payment system, but rather a set of security protocols and formats that enabled users to employ the existing credit card payment infrastructure on an open network in a secure fashion. However, it failed to gain traction. VISA now promotes the 3-D secure scheme. b) E-Cash Electronic cash is the debit card system of the German Central Credit Committee, the association which represents the top German financial interest groups. Usually paired with a checking account, cards with an Electronic Cash logo are only handed out by proper credit institutions. An electronic card payment is generally made by the card owner entering their PIN (Personal Identification Number) at a so-called EFT-POSterminal (Electronic-Funds-Transfer-Terminal). The name EC originally comes from the unified European checking system Euro cheque. Comparable debit card systems are Maestro and Visa Electron. Banks and credit institutions who issue these cards often pair EC debit cards with Maestro functionality. c) Protocol Protocols exist at several levels in a telecommunication connection. For example, there are protocols for the data interchange at the hardware device level and protocols for data interchange at the application program level. In the standard model known as Open Systems Interconnection (OSI), there are one or more protocols at each layer in the telecommunication exchange that both ends of the exchange must recognize and observe. Protocols are often described in an industry or international standard. d) Electronic Cheque System An e-Cheque is an electronic document which substitutes the paper check for online transactions. Digital signatures (based on public key cryptography) replace handwritten signatures. The e-Cheque system is designed with message integrity, authentication and non-repudiation features, strong enough to prevent fraud against the banks and their customers.

e) Electronic Wallet An online wallet is a program or web service that allows users to store and control their online shopping information, like logins, passwords, shipping address and credit card details, in one central place. f) Credit Cards A credit card is a payment card issued to users as a system of payment. It allows the cardholder to pay for goods and services based on the holder's promise to pay for them.The issuer of the card creates a revolving account and grants a line of credit to the consumer (or the user) from which the user can borrow money for payment to a merchant or as a cash advance to the user. Long Answer Type Questions 1. What is Encryption? Explain the Encryption Policies in E-commerce. Also, Differentiate between Public & Secret Key Encryption. Ans- encryption is the process of encoding messages (or information) in such a way that eavesdroppers or hackers cannot read it, but that authorized parties can. In an encryption scheme, the message or information (referred to as plaintext) is encrypted using an encryption algorithm, turning it into an unreadable cipher text (ibid.). This is usually done with the use of an encryption key, which specifies how the message is to be encoded. Any adversary that can see the cipher text should not be able to determine anything about the original message. An authorized party, however, is able to decode the cipher text using a decryption algorithm, that usually requires a secret decryption key, that adversaries do not have access to. For technical reasons, an encryption scheme usually needs a key-generation algorithm, to randomly produce keys. There are two basic types of encryption schemes: private-key encryption and public-key encryption. In private-key schemes, the encryption and decryption keys are the same. Thus communicating parties must agree on a secret key before they wish to communicate. By contrast, in public-key schemes, the encryption key is public: that is, anyone (friend or foe) has access to the encryption key, and can encrypt messages. However only the receiving party has access to the decryption key and thus is the only one capable of reading the encrypted messages. Public-key encryption is a relatively recent invention: historically, all encryption schemes have been private-key schemes.

SECRET KEY ENCRPTION Secret-key cryptography requires both users (or the computers of the users) to share the same encryption key because this method uses the same key for both encryption and decryption

PUBLIC KEY ENCRYPTION Public-key encryption uses two keys. When the originating user sends information via public-key encryption, the computer changes the content to cipher, or coded, text. When the receiver downloads the information, the computer uses a second encryption key to decode the data back into plain text content. The effectiveness of private-key encryption Because public-key encryption uses two is more easily compromised should the single separate keys, one of the keys can be public key become known to parties with malicious without compromising the secure connection. intent. Private-key encryption requires Public-key encryption gains its name from protection of not only the original data but of this fact. the encryption key itself 2. Explain the concept of Internet Indecency & Censorship Ans-Legal scholars and lawyers analyzing new prohibitions on "obscenity" and "indecency" on the Internet have focused primarily on the legal precedents from broadcasting and telephones. I urge that the new provisions also be considered in view of congressional regulation of art funded by the National Endowment for the Arts, including prohibitions on the funding of "indecency." The visual images possible through the graphics capabilities on the World Wide Web, an important part of the Internet, are better understood by comparison with art galleries, films, and books, along with television, radio, and telephones. Censorship is the suppression of speech or other public communication which may be considered objectionable, harmful, sensitive, or inconvenient as determined by a government, media outlet, or other controlling body. It can be done by governments and private organizations or by individuals who engage in self-censorship. It occurs in a variety of different contexts including speech, books, music, films and other arts, the press, radio, television, and the Internet for a variety of reasons including national security, to control obscenity, child pornography, and hate speech, to protect children, to promote or restrict political or religious views, to prevent slander and libel, and to protect intellectual property. It may or may not be legal. Many countries provide strong protections against censorship by law, but none of these protections are absolute and it is frequently necessary to balance conflicting rights in order to determine what can and cannot be censored.

3. Discuss the salient features of IT 2000 Act. Ans-1. A provision claiming priority from a Design application filed in any Convention country has been introduced. India is a member of WTO, Paris convention and has also signed Patent Cooperation Treaty. As a result members to these conventions can claim priority rights.

2. International classification based upon Locarno classification has been adopted wherein the classification is based on articles -the subject matter of design. Under the previous law a 'Design' was classified on the basis of the material of which the article was made.

3. Under new law, a Design registration can now be obtained for new or original features of shape, configuration pattern, ornamentation or composition of lines or colours as applied to an article, whether in 2 or 3 dimensions or both. 4. A concept of "absolute novelty" has been introduced whereby a 'novelty' would now be judged based on prior publication of an article not only in India but also in other countries. Under the previous law, the position was ambiguous. 5. A Design registration has been brought within the domain of the public records right from the date it is physically placed on the Register. Any member of public can take inspection of the records and obtain a certified copy of the entry. In the previous Act, there was a 2-year confidential period -post registration -which prohibited taking inspection/certified copy of any entry in the records. 6. A Design registration would be valid for 10 years (from the date of registration which is also the date of application) renewable for a further period of 5 years. Under the previous law the validation period was 5 years which was extendable for 2 terms of 5 years each. 7. A Design registration can be restored within a year from its last date of expiry. Under the previous law, no provision relating to restoration upon expiration of the Design registration was provided. 8. Cancellation of a Design registration under the new law is possible only before the Controller and there are a couple of additional grounds which have been recognized:(a) The subject matter of Design not registerable under the Act (b) The subject matter does not qualify as a 'Design' under the Act. Under the previous Act, the cancellation was provided for before the Controller within 12 months from registration on limited grounds and in the High Court within 12 months or thereafter.

9. Under the new Act, a District Court has been given power to transfer a case to the High Court -having jurisdiction -in the event the Defendant challenges the validity of Design registration. 10. As regards assignment of Design registration under the new law, it has been made mandatory to have the same registered with the Authorities within six months from the date of execution or within an extended time period of six months.

4. What is SWOT Analysis? Explain its elements with the help of an example. Ans- SWOT analysis (alternately SWOT Matrix) is a strategic planning method used to evaluate the Strengths, Weaknesses/Limitations, Opportunities, and Threats involved in a project or in a business venture. It involves specifying the objective of the business venture or project and identifying the internal and external factors that are favorable and unfavorable to achieve that objective. Strengths: characteristics of the business, or project team that give it an advantage over others Weaknesses (or Limitations): are characteristics that place the team at a disadvantage relative to others Opportunities: external chances to improve performance (e.g. make greater profits) in the environment Threats: external elements in the environment that could cause trouble for the business or project Strengths Strengths describe the positive attributes, tangible and intangible, internal to your organization. They are within your control. You may want to evaluate your strengths by area, such as marketing, finance, manufacturing, and organizational structure. Strengths include the positive attributes of the people involved in the business, including their knowledge, backgrounds, education, credentials, contacts, reputations, or the skills they bring. Strengths also include tangible assets such as available capital, equipment, credit, established customers, existing channels of distribution, copyrighted materials, patents, information and processing systems, and other valuable resources within the business. Strengths capture the positive aspects internal to your business that add value or offer you a competitive advantage. This is your opportunity to remind yourself of the value existing within your business. Weaknesses Note the weaknesses within your business. Weaknesses are factors that are within your control that detract from your ability to obtain or maintain a competitive edge. Weaknesses might include lack of expertise, limited resources, lack of access to skills or technology, inferior service offerings, or the poor location of your business. These are factors that are under your control, but for a variety of reasons, are in need of improvement to effectively accomplish your marketing objectives. Weaknesses capture the negative aspects internal to your business that detract from the value you offer, or place you at a competitive disadvantage. These are areas you need to enhance in order to compete with your best competitor. The more accurately you identify your weaknesses, the more valuable the SWOT will be for your assessment.

Opportunities Opportunities assess the external attractive factors that represent the reason for your business to exist and prosper. These opportunities reflect the potential you can realize through implementing your marketing strategies. Opportunities may be the result of market growth, lifestyle changes, resolution of problems associated with current situations, positive market perceptions about your business, or the ability to offer greater value that will create a demand for your services. Opportunities are external to your business. If you have identified opportunities that are internal to the organization and within your control, you will want to classify them as strengths. Threats What factors are potential threats to your business? Threats include factors beyond your control that could place your marketing strategy, or the business itself, at risk. These are also external you have no control over them, but you may benefit by having contingency plans to address them if they should occur. A threat is a challenge created by an unfavourable trend or development that may lead to deteriorating revenues or profits. Competition existing or potential is always a threat. Other threats may include intolerable price increases by suppliers, governmental regulation, economic downturns, devastating media or press coverage, a shift in consumer behaviour that reduces your sales, or the introduction of a leap-frog technology that may make your products, equipment, or services obsolete. What situations might threaten your marketing efforts? Get your worst fears on the table. Part of this list may be speculative in nature, and still add value to your SWOT analysis 5. What is digital Signature? Explain Ans- A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering. Digital signatures are often used to implement electronic signatures, a broader term that refers to any electronic data that carries the intent of a signature, but not all electronic signatures use digital signatures.In some countries, including the United States, India, and members of the European Union, electronic signatures have legal significance. Digital signatures employ a type of asymmetric cryptography. For messages sent through a no secure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. Digital signatures are equivalent to traditional handwritten signatures in many respects, but properly implemented digital signatures are more difficult to forge than the handwritten type. Digital signature schemes in the sense used here are cryptographically based, and must be implemented properly to be effective. Digital signatures can also provide non-repudiation, meaning that the signer cannot successfully claim they did not sign a message, while also claiming their private key remains secret; further, some non-repudiation schemes offer a time stamp for the

digital signature, so that even if the private key is exposed, the signature is valid. Digitally signed messages may be anything represent able as a bit string: examples include electronic mail, contracts, or a message sent via some other cryptographic protocol. .