E-commerce Technology for Safe Money y Transaction Over the net

Presented and Published b

National Conference on Automation in Banks and Financial Institutions 22-23 June 2000 organized by IETE Chandigarh, held at CSIO Chandigarh

Presenter Noorjahan Haque Faculty, Information technology Institute of Electronics & Telecommunication Engineers (IETE) Chandigarh Co-Author Raman K. Attri Member IETE / Scientist, Central Scientific Instruments Organization (CSIO) Chandigarh

Copyrights 2000 Neeru Haque / R. K. Attri

Agenda

Evolution of E-commerce features of E-Commerce Technology behind E-com Money Safety issues and measures

Copyrights 2000 Neeru Haque / R. K. Attri

Meaning of E-commerce
E E-commerce commerce stands for every kind of money transaction, transaction

selling, purchasing or exchange of services or products over the Internet Web shopping is only a small part of the e-commerce picture. The term also refers to online stock and bond transactions and buying and downloading software without ever going near a store. In addition, e-commerce includes business-to-business connections i that h make k purchasing h i easier i f for bi big corporations.

Copyrights 2000 Neeru Haque / R. K. Attri

Evolution of E-Commerce
The e-commerce and e-business has evolved through a set of technological changes coming in picture Internal Computerization in the company (Computerization and internal Networking with no outer world interaction) Electronics Data Interchange with suppliers(Extension of Internal network to suppliers to access company data base) Internet Connectivity to End-Users End Users (Extension of external network to end users) E-commerce Revolution (money y transaction, selling g and purchasing over the internet)
Copyrights 2000 Neeru Haque / R. K. Attri

Typical Evolutionary Path of E-Com

Too clumsy Simple E-mail Company Wide E-mail E-mail usage Sophisticated E-mail System Need employee info Little return on investment Simple Web b h brochure ignored Sophisticated p Static Web sites Difficult to maintain Basic Internal info on Intranet Dynamic/interactive W b site Web it Need to update info Meet internal Demands Web maintenance System Key Internal Database on Internet Secure info to T di partners Trading t Need partner and security info Back office system linked Improved internal functionality y Need back office info

Little used

Need product info Simple On-line Sales Few sales Full Catalogue Want to keep customers

Customer info Customers Personalized

Stock control , shipment tracking Reduced cost improved efficiency

Copyrights 2000 Neeru Haque / R. K. Attri

Next Generation E-business

Technologies contributing in E-com

Recent advances in telecommunications and computer technologies h l i have h moved d computer networks k to the h center of f the h international economic infrastructure. Heavy rise in Internet and the World Wide Web has transformed f d global l b l commerce by b f ili i facilitating i instantaneous, inexpensive contact among sellers, buyers, investors, advertisers and financiers anywhere in the world. Th The rapid id i t integration ti of f I t Internet t and d other th telecommunications-based functions into nearly every sphere of business has led to an international focus on the New World of ecommerce. commerce

Copyrights 2000 Neeru Haque / R. K. Attri

E-commerce Setup
Electronic commerce encompasses all business conducted d db by means of f computer networks k ISP Back Office links Internet Back Bone Net Client PC

Server

ISP
My LAN

Total Quality of service

Copyrights 2000 Neeru Haque / R. K. Attri

Business Communication: Old Way

Company A

POST FAX Proprietary Data Comm (EDI/VANs

Company B

Copyrights 2000 Neeru Haque / R. K. Attri

Challenges in going E-commerce

Getting into e e-commerce commerce is not as simple as setting up a Web page

with an order form. There are three big internal challenges in "e-enabling" business. All of them have to be overcome to have a complete end end-to-end to end e e-business business running. a)The first is to take your back-office processes online and to automate your workflow b)The second challenge is to make data-sharing possible across disparate applications like your ERP systems, your suppliers systems, and your e-commerce order-taking systems. systems c) Third is to automate your decision-making process.

Copyrights 2000 Neeru Haque / R. K. Attri

Impacts of E-Commerce
Electronic business is using innovative technology to build

relationships and commerce globally and is the greatest opportunity and/or threat to existing business models The e-commerce e commerce has changed the way the business is done The mode of communication is changing big way both in and outside the company. The old way of correspondence is obsoleting and new way, through internet and intranet are in picture.

Copyrights 2000 Neeru Haque / R. K. Attri

Business Communication: Internet Way

Internet Server Company A Web Wb E-mail etc Company X

FAX/Post/point to point (to known location)

Company B

Copyrights 2000 Neeru Haque / R. K. Attri

Business Communication: Intranet Way

Company X Company A Company B

Community of Trust FAX/Post/point to point (to known location)

I Internet Server S Company X Web E-mail etc

Copyrights 2000 Neeru Haque / R. K. Attri

Elements of Trustworthy E-commerce Services

The principal Th i i l elements l t of f trustworthy t t th in i the th context t t of f on-line li commercial transactions are: Security: Information transmitted during a transaction will arrive i in i uncorrupted t d form f and d will ill not t be b improperly i l leaked l k d to t others. Privacy: Protection to access and use of personal information obtained bt i d as a result lt of f electronic l t i transactions. t ti Authenticity: Verification that the parties to a transaction, and the services rendered, are truly as represented. Non-repudiability: Assurance that a transaction will be honored as agreed and that each party can prove the validity of the terms of the deal in the court.
Copyrights 2000 Neeru Haque / R. K. Attri

E-commerce Security Issues

Security is the biggest issue of E-commerce. E commerce Secure e-commerce transaction has to insure protection of

assets and privacy. p y It should give reliable service, audit and accountability and identification procedure Business i and d government institutions i i i must develop d l policies that build greater trust in the new transaction media

Copyrights 2000 Neeru Haque / R. K. Attri

E-commerce Security Technologies

(To be used in combination to ensure security) Encryption (coding of messages) Cryptography (data transmission security by encryption of f contents t t of f message) ) Digital Signature (To prove that it's really genuine user Its ts really ea y me!) e!) Digital Certificate (user authentic identity-who am I?) Firewall ( network and traffic watch to avoid unauthorized access of the network resources)

Copyrights 2000 Neeru Haque / R. K. Attri

Encryption
Coding the transmitted message or credit card number with the help of

some algorithm and a encryption key. Encryption provide security in highly-networked environment Applications include protecting files from theft or unauthorized access, keeping communications secure from interception, and facilitating secure transactions Highly secure encryption can be deployed fairly cheaply 2.0 versions of Netscape Navigator and Microsoft Internet Explorer facilitate transactions encrypted using Secure Sockets Layer (SSL), a protocol that creates a secure connection to the server, protecting the information as it travels over the Internet When Web site is secured by SSL, the URL begins with https instead of http.
Copyrights 2000 Neeru Haque / R. K. Attri

Cryptography
Encrypting the contents with one key and decrypting with

another key. One is called private key and other is called public key. The message encrypted using receiver's public key can be decrypted only by receiver's private key It is used to guarantee integrity (i.e. that the contents of a file or message have not been altered), altered) to establish the identity of a party, or to make legal commitments. The strong crypto-system are now available which use different algorithms like DES, IDEA and RSA

Copyrights 2000 Neeru Haque / R. K. Attri

Digital Signature
Now in e-commerce the issue that how one know that

it is really me? Evolving a digital signature does it. The digital signature is kind of message, known to me only and representing me. It is encrypted using my private key and anyone can decrypt it using my public key. The h reception i end, d it i is i proved d hat h I have h encoded d d the h message and signed it. This technology makes the basis for the electronics cash. This is also the basis for user authentication and non-repudiation.
Copyrights 2000 Neeru Haque / R. K. Attri

Digital Certificate
Just signing on my messages is not enough. enough A identity

has to be assigned to the fellow using the e-commerce services. It reflects who am I? This is digital signature. These digital certificates are issued by some trusted third party. A digital di it l registry i t of f all ll digital di it l certificate tifi t holders h ld i is made. The client negotiates g with the registry g y before doing g business with the server. Severs have the user's signature

Copyrights 2000 Neeru Haque / R. K. Attri

FireWall
The firewalls are basically a software or set of

protocols which isolate the networks and the traffics The fireball have following three objectives: -It keeps out external threats like virus and unauthorized access from external person. -it it prevent pre ent internal sensitive sensiti e data to be transmitted outside without authorization. -It p prevent internal attacks Firewalls itself are not full proof security techniques

Copyrights 2000 Neeru Haque / R. K. Attri

Safe Money Transaction Technologies

Credit Cards (for p purchasing g at Point of sale counter using g card
reader and web based on-line transaction on credit. Instant validation of account and deduction after the sale)

Smart Card Digital Currency (In form of smart card for all
kinds of payments an on the instant deduction of money from the account)

Electronics El i Ch Cheques (pre-issued software modules each

representing certain cash value, to be exchanged over the internet in place of any money or smart card number)

Hybrid Mode (includes major and minor payment by smart card,

coins, cheques etc--all in one)

Copyrights 2000 Neeru Haque / R. K. Attri

Credit Card
Internationally accepted mode of payment in two forms

Credit card at Point of Sale Counter (POS terminal reads the card details and verify it over phone lines from the acquiring bank and credit card issuing bank) Web Based Online-Credit Card Payment System (validation over the net through servers) SET protocol encodes the credit card numbers on vendors' servers so that only banks and credit card companies can read it The disadvantages of the credit card is that a third party approval like bank and its fees is involved

Copyrights 2000 Neeru Haque / R. K. Attri

Digital Currency
This is basically two mode meant both for major and micro-payments :

a smart card technology digital coins The smart card reader reads the smart card inserted in the smart card reader hardware cartridge and sends the account information from the card to the the issuing bank over the internet and after validation the amount being gp paid online is deducted form the account of the p person's account. One more option is digital coins in form of software modules having unique q identification number and p particular amount. Can be submitted over the net for purchasing. Retailer can further use it for his own purpose and recycle it

Copyrights 2000 Neeru Haque / R. K. Attri

Electronics Cheques
These are pre pre-issued issued cards replacing

cheque. Each cheque card module represent some predefined cash amount. It is to be submitted where purchasing is being done. No need of validation and third party involvement unlike credit card transactions. Cheaper as third party part fees is not involved. in ol ed Since the cheques are generally used in public, this y transaction is expected p to be q quite mode of money popular.

Copyrights 2000 Neeru Haque / R. K. Attri

Hybrid Mode -Cybercash

The Th Cybercash C b h is i getting i wide id popularity l i among the h world ld

leader banks, merchants and users globally. The cybercash y leading g financial institutions. interface with many It facilitate hybrid mode of payment which include credit card payment system working on SET protocols and C b Cybercoin i system t f payment for t from f $0 25 to $0.25 t $10. $10 It also support electronics cheques providing pay now y for interactive billing g applications. pp facility

Copyrights 2000 Neeru Haque / R. K. Attri

The arena of E-business

E-Business is the powerful business environment that is

created when critical business systems are connected directly to customers, employees, vendors, and business partners using intranets, extranets, E E-Commerce Commerce technologies, collaborative applications, and the Web. Developing E-Business successfully means building reliable, li bl scalable l bl systems for f security, i collaboration, ll b i messaging, E-Commerce payments, supply-chain g , sales force, , data warehousing, g, and customer management, relations - and integrating all of this with existing back-end operations

Copyrights 2000 Neeru Haque / R. K. Attri

About the author

Noor Jahan Haque earned her Masters in Information technology

in 1999. She served at IETE as associate faculty from 2000-2001. neeruhaque2000@yahoo.com q y

Raman K. Attri, Masters in Technology (Applied Electronics)

served as senior scientist at CSIO Chandigarh from 1995 1995-2005. 2005. His specialization is in Instrumentation systems. rkattri@rediffmail.com

Copyrights 2000 Neeru Haque / R. K. Attri