FIRST MODULE NOTES Secure Electronic Transaction (SET) was a standard protocol for securing credit card transactions

over insecure networks, specifically, the Internet. SET was not itself a payment system, but rather a set of security protocols and formats that enable users to employ the existing credit card payment infrastructure on an open network in a secure fashion. However, it failed to gain traction. VISA now promotes the 3-D Secure scheme. SET was developed by SETco, led by VISA and MasterCard (and involving other companies such as GTE, IBM, Microsoft, Netscape, RSA and VeriSign) starting in 1996. SET was based on X.509 certificates with several extensions. The first version was finalised in May 1997 and a pilot test was announced in July 1998. SET allowed parties to cryptographically identify themselves to each other and exchange information securely. SET used a blinding algorithm that, in effect, would have let merchants substitute a certificate for a user's credit-card number. If SET were used, the merchant itself would never have had to know the credit-card numbers being sent from the buyer, which would have provided verified good payment but protected customers and credit companies from fraud. CRYPTOGRAPHY: 1. INTRODUCTION Does increased security provide comfort to paranoid people? Or does security provide some very basic protections that we are naive to believe that we don't need? During this time when the Internet provides essential communication between tens of millions of people and is being increasingly used as a tool for commerce, security becomes a tremendously important issue to deal with. There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography, which is the focus of this chapter. But it is important to note that while cryptography is necessary for secure communications, it is not by itself sufficient. The reader is advised, then, that the topics covered in this chapter only describe the first of many steps necessary for better security in any number of situations. This paper has two major purposes. The first is to define some of the terms and concepts behind basic cryptographic methods, and to offer a way to compare the myriad cryptographic schemes in use today. The second is to provide some real examples of cryptography in use today. I would like to say at the outset that this paper is very focused on terms, concepts, and schemes in current use and is not a treatise of the whole field. No mention is made here about pre-computerized crypto schemes, the difference between a substitution and

transposition cipher, cryptanalysis, or other history. Interested readers should check out some of the books in the bibliography below for this detailed and interesting! background information. 2. THE PURPOSE OF CRYPTOGRAPHY Cryptography is the science of writing in secret code and is an ancient art; the first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used non-standard hieroglyphs in an inscription. Some experts argue that cryptography appeared spontaneously sometime after writing was invented, with applications ranging from diplomatic missives to war-time battle plans. It is no surprise, then, that new forms of cryptography came soon after the widespread development of computer communications. In data and telecommunications, cryptography is necessary when communicating over any untrusted medium, which includes just about any network, particularly the Internet. Within the context of any application-to-application communication, there are some specific security requirements, including:

Authentication: The process of proving one's identity. (The primary forms of host-to-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak.) Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver. Integrity: Assuring the receiver that the received message has not been altered in any way from the original. Non-repudiation: A mechanism to prove that the sender really sent this message.

Cryptography, then, not only protects data from theft or alteration, but can also be used for user authentication. There are, in general, three types of cryptographic schemes typically used to accomplish these goals: secret key (or symmetric) cryptography, publickey (or asymmetric) cryptography, and hash functions, each of which is described below. In all cases, the initial unencrypted data is referred to as plaintext. It is encrypted into ciphertext, which will in turn (usually) be decrypted into usable plaintext. In many of the descriptions below, two communicating parties will be referred to as Alice and Bob; this is the common nomenclature in the crypto field and literature to make it easier to identify the communicating parties. If there is a third or fourth party to the communication, they will be referred to as Carol and Dave. Mallory is a malicious party, Eve is an eavesdropper, and Trent is a trusted third party. 3. TYPES OF CRYPTOGRAPHIC ALGORITHMS There are several ways of classifying cryptographic algorithms. For purposes of this paper, they will be categorized based on the number of keys that are employed for

encryption and decryption, and further defined by their application and use. The three types of algorithms that will be discussed are (Figure 1):

Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption Public Key Cryptography (PKC): Uses one key for encryption and another for decryption Hash Functions: Uses a mathematical transformation to irreversibly "encrypt" information

PKI (Public Key Infrastructure) is a collection of technologies, processes, and organizational policies that support the use of public key cryptography to verify the authenticity of public keys. PKI provides the mechanisms to ensure that the trusted relationships are established and maintained. Complex business systems, e-commerce and automated business transactions require robust and precise security procedures. While todays Internet client demands security to protect their interests, privacy, communication, value exchange, and information assets. PKI enables users using insecure public network like Internet to securely and privately exchange data and do financial transaction through the use of public and private

cryptographic key pair that is obtained and shared through a trusted authority (Certifying Authority). The specific security functions in which a PKI provides foundation are confidentiality, authentication, integrity and non-repudiation. Confidentiality Confidentiality means ensuring the secrecy and privacy of data or ensuring that no one other than the expected parties is able to access the data. Authentication Authentication means verifying the identity of entities or ensuring that the persons with whom you are corresponding are actually the same who they say they are. Integrity Integrity means ensuring that data cannot be corrupted or modified and transactions cannot be altered. In the Electronic world digital signature has replaced the traditional seal. Non-Repudiation Non-repudiation means ensuring that data, cannot be renounced or a transaction denied. That means there can be no denial on the part of the sender of having sent a message. This is provided through public key cryptography by digital signing. PKI technology is mainly based on the asymmetric cryptography as it involves an asymmetric key pair. This key pair consists of a public key and a private key. The public key, as its name suggests, may be freely distributed. This key does not need to be kept confidential. The private key, on the other hand, must be kept secret. The owner of the key pair must guard his private key closely, as sender authenticity and non-repudiation are based on the signer having sole access to his private key. A Certification Authority, who confirms and verifies the identity of an individual before issuing a certificate, certifies the key pair. This forms the 'Digital Identity' for that individual. The certificate issued is called the Digital Certificate. There are several important characteristics of these key pairs:

While they are mathematically related to each other, it is impossible to calculate

one key from the other. Therefore, the private key cannot be compromised through knowledge of the associated public key.

Each key in the key pair performs the inverse function of the other. What one key

does, only the other can undo. The private key is used for signing and decrypting a message or a document while the public key is used to verify or encrypt. The primary function of a PKI is to allow the distribution and use of public keys and certificates with security and integrity. E-Lock Digital Signature products and solutions leverage the underlying PKI infrastructure to provide signing and encryption for documents and transactions. While the PKI deals with creation of key pairs and issue and management of digital certificates, digital signature technology deals with use of these keys for various security functions from within the applications.

Digital Payments
The internet payment solution providers have evolved over the recent years. They facilitate the online payment system for the buyers, sellers and merchants. The credit cards from the major issuing companies like Master, Visa and American Express has facilitate the payment process and make it very convenient for the online users and the merchants. Now everyone from every part of the world can by almost everything on the internet through the credit cards. The diversity in the payment systems enables the merchants to manage and promote their businesses by offering different currencies and the languages options to the online buyers. You need to make an account with the payment processing companies like PayPal, World Pay and 2CO etc to send and receive the payments worldwide. Some of the major payment processor includes the following PayPal PayPal is the largest online payment network. PayPal provides the free and instant online payment service to the selected countries. It is the preferred payment system for the buyers and sellers throughout the world. After getting an account with the PayPal you can send and receive payment online to everyone on your email address. It is headquartered in California, USA and was founded in 1998. Through your PayPal account you can transfer your money to your bank account or your credit card. The PayPal supports different currencies like USD, JPY, CAD, NOK, EUR, SEK, GBP and DKK etc 2CO 2CO is an excellent payment processor system that enables you to sell your products online or buy products and services online. It supports thousands of the products to be sold online. After making account with 2CO, you get robust account management, multiple shipping options, support several currencies and automate the online shopping. 2CO is also known as 2Checkout and it supports more countries than the PayPal.

WorldPay WorldPay is the leader in the online payment processing systems. It facilitates the customers to accept the payments via internet, email, phone and fax. It has variety of payment methods and support multiple currencies and countries. MoneyBookers MoneyBookers is another excellent payment method and everyone from the supported countries can join it for free. After getting account with the Money Booker, you can fund your account, send money online at the receivers email address, shop online and receive money. With MoneyBookers you can send and receive the payment in seconds. It supports local currencies in approximately 30 countries. There is no setup cost and it accepts almost every major credit card. E-Gold E-Gold is a digital gold currency and it allows you the trade or transfer the ownership of the gold between the users. It is an account based payment system that enables the people to trade or uses the gold as money. E-Gold is used for the payrolls, bill payments, e-commerce, business-to-business payments, person to person payments and donations. Security Risks and Safety Tips While these payment processors have made the payment systems easier for everyone but there are some security concerns that cant be compromised. There are many security risks are involved in the online payments if your system, email address, merchant account are the e-commerce site is unprotected. First you need to protect your system against the hackers, spyware, adware, malware and the intruders. Install an up-to-dated antivirus, anti spyware and firewall to your system. Update your operating system with the latest patches and hot fixes. Never do a purchase from the untrustworthy e-commerce websites. Check the authenticity, users feedback about that particular shopping website. Never send your sensitive information such as credit card numbers, bank accounts details and other sensitive information to anyone via emails. Use secure browsers with https requests and make sure that the e-commerce website supports SSL (secure socket layers). In case of any misuse, immediately contact your credit card issuing company or bank Electronic Data Interchange Electronic Data Interchange (EDI) is a system which allows document information to be communicated between businesses, governments structures and other entities. It is a set of standards which creates a cohesive system within which all parties are able to electronically exchange data information within a set of protocols.

Although it can be considered that EDI consists of only the actual conveyance of the document, it is also seen as the implementation of the operating systems whereby EDI can be put into practice. EDI is the data format of most electronic commerce transitions in the world. There are other competing conveyance portals such as XML services, Internet and World Wide Web; however, EDI remains the dominant data format.

The EDI standards describe structures that represent documents such as an invoice or shipping order for a company. EDI sets up a system whereby businesses and other entities with non compatible operating systems are able to communicate on the same page, so to speak. EDI provides applications whereby a more efficient and environmentally friendly network is created between communication partners. It allows a homogenous viewing of all documents put through the system.

However, its potential is not just in creating automated system networks - as in for automatic re-ordering. It enables companies to exchange information at a speedier rate, and ensure greater security of delivery. Moreover, it creates a greater ability for businesses to become more efficient and streamlined.

As EDI is a non-internet based information exchange system, it was assumed that it would disappear when the Internet became more entrenched in society and business. However, EDI has survived, and is used by many industries. EDI establishes a firm connection between businesses that does not necessarily rely on Internet options. However, it can be used over the open Internet, as is increasingly occurring. Electronic transmission began in the 1960s within the transport industries. This change also required a parallel standardization of documentation. A committee was formed to coordinate the development of translation rules among four existing sets of industry-specific standards.

At about the same time, the United Kingdom was also developing its own standards for documents called Tradacoms. These were later extended by the United Nations Economic Commission for Europe, and were eventually accepted by about 2000 export organizations. Problems arose when these two differing organizations of information attempted to exchange information during trade. These information sets were largely incompatible, and required a working party to begin to create a range of documents that were able to be internationally understood and transmittable. Currently, EDI is used by thousands of companies throughout the world, including companies in USA, UK, Australia, New Zealand and Singapore. It is because of the advantages of reduced human interference and increased speed of processing that the EDI system is favored by many corporations.

What is E-Commerce? E-Commerce can be viewed as being a virtual market place, whereby all transaction that is carried out in the physical world is also available via the Internet. It involves mainly distribution, buying, selling, marketing and servicing of products or services through the use of electronic means such as the Internet, and other computer networks. E-Commerce

involves not just businesses, but individual consumers and corporations. It generally utilizes the World Wide Web at some point in the transactions progress, but then also simpler computer tools such as databases and email
Currently, it is foreseen that e-Commerce will continue to grow due to the increased familiarity of users with electronic business and commerce possibilities. The development of e-commerce over the last thirty years means that it has moved from meaning of EDI and EFT, which were introduced successfully in the late 60s and early 70s.

During the 1980s, this expanded to the growth and acceptance of credit cards, automated teller machines and telephone banking. From the 1990s onward, it includes ERP (enterprise resource planning), data mining and data warehousing. Currently it is becoming a wider description, due to the increased presence of web based activities. Basically it is coming more to mean web commerce, in that individuals and enterprises are tending to purchase goods and services over the World Wide Web. This generally occurs with secure connections that provide encryptions and special server protocols. Customers are able to use virtual shopping carts, and pay through electronic means, using credit card authorizations. The last ten years has seen meteoric growth of electronic transfers and business possibilities. However, this was initially stunted at the beginning of general Internet use in the mid 90s due to poor security systems. Thus it was not always a wise choice to purchase over the Net at that time. Many industries today are dependent on their electronic frameworks, and so support systems such as backend systems, applications and middleware have also developed. Some of these include broadband and fiber-optic networks, supply-chain management software, customer relationship management software, inventory control systems and financial accounting software. Currently, ecommerce is entranced in so many parts of life, from the ability to order groceries over the Internet to purchasing plane tickets around the world.

E-Commerce and EDI

Although it appears these two systems may not be able to play together, the opposite is true. In this current climate of utilizing all the technologies available to make businesses more accessible and more user friendly, EDI can combine with e-commerce to do just that. While EDI is well entrenched as a major framework in many larger businesses, it is also being adopted by smaller businesses to increase their ability to make trading partners. EDI provides a fast and efficient way to exchange information. Currently, there are standards known as AS2 which govern Internet EDI transactions. The use of EDI through Internet modes is becoming more popular, as it does not require the same amount of set-up, costs or applications as for bigger corporate enterprises. The advantages of implementing EDI within the Internet environment, is that trading partners can be more efficiently and effectively communicated with, it reduces the amount of errors, and therefore improves cost effectiveness. It allows businesses to trade with larger enterprises that require EDI as a communication medium. Plus Internet EDI is relatively inexpensive, and does not carry with it the ongoing costs of other forms of EDI

transmission. This can enable big and small companies to save potentially millions of dollars. Instead of mailing out catalogues and brochures, companies can send emails, and advise clients of discounts, and allow them to download information from the Internet.

EDI Benefits
Within various industries, EDI has been used to great advantages, and many benefits have been expounded in its regard. EDIs benefits relate to environmental impact, improved time efficiency, improved accuracy and increased flexibility, enhanced partnership, labor costs, shipping. EDI creates a system whereby documents and data can easily be transported from one source to another, and is able to overcome incompatibility issues.

EDI Benefits
Within various industries, EDI has been used to great advantages, and many benefits have been expounded in its regard. EDIs benefits relate to environmental impact, improved time efficiency, improved accuracy and increased flexibility, enhanced partnership, labor costs, shipping. EDI creates a system whereby documents and data can easily be transported from one source to another, and is able to overcome incompatibility issues. Sponsored Links EDI is a set of standards which govern data formats and thereby allows disparate computer systems to be able to read the data which is sent. EDI documents are also able to be stored at a Value Added Network (VAN), which is like a virtual storage house, and is able to transmit the message to the receiver when they are available. The advantage of a VAN is that they are able to re-transmit the message to the receiver if it does not go through. The EDI provides advantages to both small and large businesses and creates an efficient business environment with little to no human intervention, which makes it perfect for automated services. Therefore EDI is used highly within departments such as invoicing and ordering.

Industry Applications of EDI

The benefits of EDI can be seen across various industries which have embraced the data interchange system. It is widely used within the health industry, government agencies, and the automotive industry and general businesses. It is used widely is automated document services which can include: export/import information for international shipments carrier-to-carrier way bill exchange; reservation or pickup requires; shipment information from shipper to carrier; freight bill data, carrier to payer; shipment tracing information; payment data, payer to bank, bank to bank, bank to payee. All of these various industries which utilize EDI have standards of their own, but these can be minimized when using the standardized EDI document formatting.

EDI provides a varied number of documents which are standardized across industries. Within these industries, there are benefits to the buyer such as lower inventory levels, quick order acknowledgment and efficient invoicing processing. The benefits for the supplier have been previously listed. Within the automotive industry, EDI helped to improve inventory costs, as they were able to apply EDI in order to establish the single day inventory lists. While this helped the buyer, it put pressure on the supplier to absorb the costs. Although the industry was improved, it led to some confusion, as each major automotive maker used its own standards. However, these were made clear through the Automotive Industry Action Group which worked with automakers and suppliers to develop an EDI standard for the entire industry. As such, the industry was able to create a standard which was related just to the automotive industry. Government entities are also benefiting from EDI such as the Minnesota Department of Labor and Industry, which utilizes EDI in its injury claim reports. They claim that EDI increases the level of reportage of injuries, and improves on reporting times. They are also able to automatically send out report maintenance documents, reducing the level of human interference, and thereby reducing labor costs. The medical health industry also utilizes EDI in order to process claims more swiftly for medical providers. Within the health industry, the benefits include those of time effectiveness and reduced paper load.