1.

E-Commerce
E-commerce is a new way of conducting business, and as with any other new application of
technology, it presents both opportunities for improvement and potential problems
Types of E-Commerce:Business-to-consumer (B2C) e-commerce: customers deal directly with the
organization, avoiding any
Intermediaries
Business-to-business (B2B) e-commerce: participants are organizations
Consumer-to-consumer (C2C) e-commerce: participants are individuals, with one
serving as the buyer and the
other as the seller

Multistage Model for E-Commerce (B2B and B2C)

Three Basic Components of a Successful E-Commerce Model

Web-Based Order Processing Must Be Linked to Traditional Back-End

Systems

The E-Commerce Supply Chain

Supply chain management is a key value chain composed of:
Demand planning
Supply planning
Demand fulfilment

Supply Chain Management

2. EDI: Electronic Data Interchange

Exchange of electronic data between companies using precisely defined transactions

Benefits of EDI

Suppliers, manufacturers, and retailers cooperate in some of the most

successful applications of EDI.

3. B2B E-Commerce: Models, procurement Management

B2B E-Commerce
Electronic commerce is an emerging concept that describes the process of buying and
selling or exchanging products, services and information via computer networks including
the Internet. E-Commerce can be mainly divided into Business-to-Business electronic
commerce (B2B EC) and Business-to-Consumer electronic commerce (B2C EC). B2B EC
implies that both sellers (suppliers) and buyers are business corporations, while B2C EC
implies that the buyers are individual consumers.
There are three models of B2B EC
In this section, the three models of B2B EC are described. They are classified depending on
who controls the marketplace: the buyer, the supplier or the intermediary.
- In a Buyer-Orientated Marketplace few buyers face many suppliers.
- In a Supplier-Oriented Marketplace many buyers face few suppliers.
- In an Intermediary-Oriented Marketplace many buyers face many suppliers.
Supplier-Oriented Marketplace (Sell-Side-Solution)
Supplier-Oriented Marketplaces offer a group of customers a wide spectrum of products
and services and also support them in their own business. Furthermore, there are large
potentials through customer communities, individualized products and direct customerrelationships. By using Supplier-Oriented Marketplaces, suppliers are offered new types of
market channels in marketing and distribution. Products can be sold directly to the
customer without using intermediaries. According to Turban, Lee, King and Chung, the
cultivation of customerrelationships is also possible. 9 Most manufacturer-driven electronic stores use this form of
marketplace. Successful examples of this business model are e.g. Dell and Cisco. Dell sold
90 percent of their computers directly to business buyers and Cisco sold US$ 1 billion
worth of routers, switches and other network interconnection devices mainly to business
customers in 1997. Both Dell and Cisco sold and sell their products via the Internet.
However, not only Dell and Cisco use the Supplier-Oriented Marketplace, there are
thousands of other companies using this model. The major issue especially for small
companies is how to find buyers for their products. Excellent reputation and a group of
loyal customers are necessary for the success of the sites using this model. Another
application of the Supplier-Oriented Marketplace are auction sites like e.g. the computer
reseller Ingram Micro. Companies can e.g. sell surplus goods and business customers can
therefore realize large discounts.
Buyer-Oriented Marketplace (Buy-Side-Solution)
By using Supplier-Oriented Marketplaces, buyers would have to search electronic stores
and electronic malls to find and compare suppliers and products. This would be very costly
and time consuming for big buyers, who purchase thousands of items on the Internet. As a
result, such big buyers prefer to open their own marketplace, which is called a BuyerOriented Marketplace. By supporting transactions and procurement processes, these
marketplaces offer great potentials in cost savings. Buyer-Oriented Marketplaces are found
in industrial
sectors with few and dominant buyers.
Intermediary-Oriented Marketplace
This business model is established by an intermediary company which runs a marketplace
where business buyers and sellers can meet. There are two types of Intermediary-Oriented
Marketplaces: horizontal and vertical marketplaces. Vertical marketplaces concentrate on
one industrial sector whereas horizontal marketplaces offer services to all industrial
sectors. The Intermediary-Oriented Marketplace is a neutral business platform and offers
the classical economic functions of a usual market. The difference is that the participants
do not have to be
physically present. There are thousands of Intermediary-Orientated Marketplaces and
many of them are very different in the services they offer. These marketplaces can contain
a virtual catalogue of the industrial sector. Companies have the possibility to present
themselves in this virtual catalogue. On an Internet based notice board single offers or
requests of companies can be found. An Intermediary-Oriented Marketplace can also

contain catalogues where information on products and prices can be presented. By offering
search functions, the
marketplace makes the comparison and transparency of products possible. Marketplaces
can also offer auctions. These auctions can be organized by sellers (products are sold) or
by buyers (orders are sold). Furthermore is it possible to offer electronic functions where
participants can negotiate in real time. The intermediary company running the
marketplace can generate profits through provisions for successful transactions and for
negotiation of services (e.g. a logistical company to deliver the products). The company
can also charge fees for membership and for presenting information, offers or requests.
Profits can furthermore be generated by advertising (e.g. banners). The company can also
distribute its own products through the marketplace profiting from more buyers entering
the site than e.g. a normal e-store.

E-procurement

E-procurement (electronic procurement, sometimes also known as supplier exchange) is the business-to-business
or business-to-consumer or business-to-government purchase and sale of supplies, work, and services through the
Internet as well as other information and networking systems, such as electronic data interchange and enterprise
resource planning
The e-procurement value chain consists of indent management, e-Tendering, e-Auctioning, vendor management,
catalogue management, Purchase Order Integration, Order Status, Ship Notice, e-invoicing, e-payment, and
contract management. Indent management is the workflow involved in the preparation of tenders. This part of the
value chain is optional, with individual procuring departments defining their indenting process. In works
procurement, administrative approval and technical sanction are obtained in electronic format. In goods
procurement, indent generation activity is done online. The end result of the stage is taken as inputs for issuing the
NIT.
Elements of e-procurement include request for information, request for proposal, request for quotation, RFx (the
previous three together), and eRFx (software for managing RFx projects).

4. Payment Systems: EFT, cash e-cash, debit and credit cards,

smart cards, e-wallet.

Credit Cards

The most expensive ePayment mechanism

Currently the most convenient method

Advantage: allows credit
People can buy more than they can afford
Disadvantages:
doesnt work for small amounts (too expensive)
doesnt work for large amounts (too expensive)

Secure Sockets Layer

Smart Cards

Magnetic stripe 140 bytes

Memory cards 1-4 KB memory, no processor,
Optical memory cards 4 megabytes read-only (CD-like),
Microprocessor cards Imbedded microprocessor
(OLD) 8-bit processor, 16 KB ROM, 512 bytes RAM Equivalent power to IBM XT PC,
32-bit processors now available
Intelligent, active devices with defences

Smart Card Applications

Ticketless travel: Seoul bus system

4M cards, 1B transactions since 1996
Authentication, ID
Medical records
Ecash
Store loyalty programs
Personal profiles
Government
Licenses
Mall parking

5. Value Chain: Porter`s Value Chain Model.

The idea of the value chain is based on the process view of organisations, the idea of
seeing a manufacturing (or service) organisation as a system, made up of subsystems
each with inputs, transformation processes and outputs. Inputs, transformation processes,
and outputs involve the acquisition and consumption of resources - money, labour,
materials, equipment, buildings, land, administration and management. How value chain

activities are carried out determines costs and affects profits.

Most organisations engage in hundreds, even thousands, of activities in the process of
converting inputs to outputs. These activities can be classified generally as either primary
or support activities that all businesses must undertake in some form.
According to Porter (1985), the primary activities are:
1. Inbound Logistics - involve relationships with suppliers and include all the activities

required to receive, store, and disseminate inputs.

2. Operations - are all the activities required to transform inputs into outputs (products
and services).
3. Outbound Logistics - include all the activities required to collect, store, and
distribute the output.
4. Marketing and Sales - activities inform buyers about products and services, induce
buyers to purchase them, and facilitate their purchase.
5. Service - includes all the activities required to keep the product or service working
effectively for the buyer after it is sold and delivered.
Secondary activities are:
1. Procurement - is the acquisition of inputs, or resources, for the firm.
2. Human Resource management - consists of all activities involved in recruiting,
hiring, training, developing, compensating and (if necessary) dismissing or laying off
personnel.
3. Technological Development - pertains to the equipment, hardware, software,
procedures and technical knowledge brought to bear in the firm's transformation of
inputs into outputs.
4. Infrastructure - serves the company's needs and ties its various parts together, it
consists of functions or departments such as accounting, legal, finance, planning,
public affairs, government relations, quality assurance and general management.
5.Cryptography: Definition, Classes of Algorithms, Issues in public key
cryptography.
Definition: Cryptography is a method of storing and transmitting data in a particular form
so that only those for whom it is intended can read and process it.
The field of study related to encoding of information.
Cryptography is the study of information hiding and verification. It includes the protocols,
algorithms and strategies to securely and consistently prevent or delay unauthorized
access to sensitive information and enable verifiability of every component in a
communication.
Cryptography concerns four main goals. They are:
1. message confidentiality (or privacy): Only an authorized recipient should be able to
extract the contents of the message from its encrypted form. Resulting from steps to
hide, stop or delay free access to the encrypted information.
2. message integrity: The recipient should be able to determine if the message has
been altered.
3. sender authentication: The recipient should be able to verify from the message, the
identity of the sender, the origin or the path it traveled (or combinations) so to
validate claims from emitter or to validated the recipient expectations.
4. sender non-repudiation: The emitter should not be able to deny sending the
message.
Nonrepudiation, Origin proof that the message was sent by the specified party.
Nonrepudiation, Destination proof that the message was received by the
specified party.
Encryption The process of converting plaintext into cipher text
Decryption The process of converting cipher text into plaintext
Cipher An algorithm used to encrypt and decrypt text
Key The set of parameters that guide a cipher
Substitution Ciphers
A cipher that substitutes one character with another.
These can be as simple as swapping a list, or can be based on more complex rules.
These are NOT secure anymore, but they used to be quite common.
Caesar ciphers
ABCDEFGHIJKLMNOPQRSTUVWXYZ

DEFGHIJKLMNOPQRSTUVWXYZABC
Substitute the letters in the second row for the letters in the top row to encrypt a message
Encrypt(COMPUTER) gives FRPSXWHU
Substitute the letters in the first row for the letters in the second row to decrypt a message
Decrypt(Encrypt(COMPUTER)) = Decrypt(FRPSXWHU) = COMPUTER
Transposition Cipher
T O D A Y
+ I S + M
O N D A Y
Write the letters in a row of five, using '+' as a blank. Encrypt by starting spiralling inward
from the top left moving counter clockwise
Encrypt(TODAY IS MONDAY) gives T+ONDAYMYADOIS+
Decrypt by recreating the grid and reading the letters across the row
The key are the dimension of the grid and the route used to encrypt the data

6.Classes of Algorithms

Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption
Public Key Cryptography (PKC): Uses one key for encryption and another for decryption

Symmetric Key cryptosystem

Symmetric encryption, also referred to as conventional encryption or single key encryption
was the only type of encryption in use prior to the development of public-key encryption in
1976.
The symmetric encryption scheme has five ingredients (see Figure 1):
1. Plaintext: This is the original intelligible message or data that is fed to the
algorithm as input.
2. Encryption algorithm: The encryption algorithm performs various substitutions
and permutations on
the plaintext.
3. Secret Key: The secret key is also input to the encryption algorithm. The exact
substitutions and
permutations performed depend on the key used, and the algorithm
will produce a
different output depending on the specific key being used at the
time.
4. Ciphertext: This is the scrambled message produced as output. It depends on
the plaintext and the key.
The ciphertext is an apparently random stream of data, as it stands,
is unintelligible.
5. Decryption Algorithm: This is essentially the encryption algorithm run in
reverse. It takes the
ciphertext and the secret key and produces the
original plaintext.
There are two requirements for a symmetric key cryptosystem.
1. We assume it is impractical to decrypt a message on the basis of the ciphertext plus
knowledge of the encryption/decryption algorithm. In other words, we do not need to keep
the algorithm secret; we need to keep
only the key secret.
2. Sender and the receiver must have obtained copies of the secret key in a secure fashion
and must keep the key secure. If someone can discover the key and knows the algorithm,
all communications using this key is
readable.

Public key cryptography:

There are two problems with symmetric key cryptography:

1. The first is the distribution of the symmetric key to be shared by Alice and Bob.
Moreover, if there are n people communicating with each other, we would need to
distribute n(n1)/2 symmetric keys between them. Is there some way to reduce the
number of keys that need to be shared?.
2. The 2nd is the concept of a digital signature: for instance, how can Bob prove that a
message indeed came from Alice?. This is important if Alice and Bob do not really trust one
another, and Alice later disclaims that
she sent Bob any message.
let us describe the various components of a public-key cryptosystem. There are six
ingredients in all; see figure 5 (compare with the five ingredients of a symmetric key
cryptosystem in figure 1).
1. Plaintext: This is the readable message or data that is fed into the algorithm as input.
2. Encryption algorithm: The encryption algorithm performs very transformations on the
plaintext.
3. Public and private key: This is a pair of keys that have been selected so that if one is
used for encryption, the
other is used for decryption. The exact transformations
performed by the encryption
algorithm depends on the public or private keys that is
provided as input.
4. Ciphertext: The scrambled message produced as output after encryption.
5. Decryption algorithm: This algorithm accepts the ciphertext and the matching key
and produces the original
plaintext.
The essential steps followed by Alice and Bob in a public-key cryptosystem are the
following:
1. Alice generates a pair of keys to be used for encryption and decryption of messages. We
shall assume that Bob
does so independently too.
2. Alice then places her public key in a public register in a key distribution center, or her
own personal webpage etc. The companion key is kept private. Bob does so too.
3. If Alice wants to send a confidential message to Bob, Alice encrypts the message using
the encryption algorithm using Bobs public key.
4. When Bob receives the message, he decrypts it using her private key (to which he alone
has access).

7.
Digital Signature vs Digital Certificate
A digital signature is a mechanism that is used to verify that a particular digital document
or a message is authentic. It provides the receiver a guarantee that the message was
actually generated by the sender and it was not modified by a third party. Digital
signatures are widely used for avoiding forging or tampering of important documents such
as financial documents.
A digital certificate is a certificate issued by a trusted third party called a Certificate
Authority (CA) to verify the identity of the certificate holder. Digital certificate uses the
principles of public key cryptography and it can be used to verify that a particular public
key belongs to a certain individual.
What is a Digital Signature?
A digital signature is a method that can be used to verify the authenticity of a digital
document. Typically, a digital signature system uses three algorithms. To generate a public
key/ private key pair, it uses a key generation algorithm. It also uses a signing algorithm,

which generates a signature when given a private key and a message. Furthermore, it uses
a signature verifying algorithm to verify a given message, a signature and the public key.
So in this system, signature generated using the message and the private key combined
with the public key, is used to verify whether that the message is authentic. Furthermore, it
is impossible to generate the signature without having the private key due to the
computational complexity. Digital signatures are mainly applied for the verification of
authenticity, integrity and non-repudiation.
What is a Digital Certificate?
A digital certificate is a certificate issued by a CA to verify the identity of the certificate
holder. It actually uses a digital signature to attach a public key with a particular individual
or an entity. Typically, a digital certificate contains the following information: a serial
number that is used to uniquely identify a certificate, the individual or the entity identified
by the certificate and the algorithm that is used to create the signature. Furthermore, it
contains the CA that verifies the information in the certificate, date that the certificate is
valid from and the date that the certificate expires. It also contains the public key and the
thumbprint (to make sure that the certificate itself is not modified). Digital certificates are
widely used on websites based on HTTPS (such as E-commerce sites) to make the users
feel safe in interacting with the website.
What is the difference between Digital Signature and Digital Certificate?
A digital signature is a mechanism that is used to verify that a particular digital document
or a message is authentic (i.e. it is used to verify that the information is not tampered)
whereas digital certificates are typically used in websites to increase their trustworthiness
to its users. When digital certificates are used, the assurance is mainly dependent on the
assurance provided by the CA. With digital signatures, the receiver can verify that the
information is not modified.