E- Commerce

What are E-business and E-commerce?

E-commerce definition
"Electronic commerce (e-commerce) is often thought simply to refer to buying and selling
using the Internet; people immediately think of consumer retail purchases from companies
such as Amazon. But e-commerce involves much more than electronically mediated financial
transactions between organizations and customers. Many commentators refer to e-commerce
as all electronically mediated transactions between an organization and any third party it deals
with. By this definition, non-financial transactions such as customer requests for further
information would also be considered to be part of e-commerce."

"When evaluating the strategic impact of e-commerce on an organization, it is useful to identify

opportunities for buy-side and sell-side e-commerce transactions as depicted in Figure 1.1,
since systems with different functionalities will need to be created in an organization to
accommodate transactions with buyers and with suppliers. Buy-side e-commerce refers to
transactions to procure resources needed by an organization from its suppliers. Sell-side e-
commerce refers to transactions involved with selling products to an organization’s
customers. So e-commerce transaction between organizations can be considered from two
perspectives: sell-side from the perspective of the selling organization and buy-side from the
perspective of the buying organization."

Types of sell-side E-commerce

How E-commerce can apply E-commerce varies a lot according to the market they are in. I
identify four main types of site which you will commonly see, although they do overlap. These
are:

1. Transactional e-commerce site. These enable purchase of products online. The main
business contribution of the site is through sale of these products. The sites also
support the business by providing information for consumers that prefer to purchase
products offline. These include retail sites, travel sites and online banking services.
2. Services oriented relationship building web site. Provides information to stimulate
purchase and build relationships Products are not typically available for purchase
online. Information is provided through the web site and e-newsletters to inform
purchase decisions. The main business contribution is through encouraging offline sales
and generating enquires or leads from potential customers. Such sites also add value to
existing customers by providing them with detailed information to help them support
them in their lives at work or at home.
3. Brand building site. Provide an experience to support the brand. Products are not
typically available for online purchase. Their main focus is to support the brand by
developing an online experience of the brand. They are typical for low-value, high
volume Fast Moving Consumer Goods (FMCG brands) for consumers.
 4. Portal or media site. Provide information or news about a range of topics. Portal refers
to a gateway of information. This is information both on the site and links through other
sites. Portals have a diversity of options for generating revenue including advertising,
commission-based sales, sale of customer data (lists).

E-business definition
Let’s start from the original definition (now moved) by IBM (www.ibm.com/e-business), which
was one of the first suppliers to use the term in 1997 to promote its services:

"e-business (e’biz’nis) – the transformation of key business processes through the use of
Internet technologies".

The key business processes referred to in the IBM definitions are the organizational processes
or units in the centre of Figure 1.1. They include research and development, marketing,
manufacturing and inbound and outbound logistics. The buy-side e-commerce transactions
with suppliers and the sell-side e-commerce transactions with customers can also be
considered to be key business processes.

The majority of Internet services are available to any business or consumer that has access to
the Internet. However, many e-business applications that access sensitive company
information require access to be limited to qualified individuals or partners.

If information is restricted to employees inside an organization, this is an intranet. If access is

extended to some others, but not everyone beyond the organization, this is an extranet.
Whenever you log-on to an Internet service such as that for an e-retailer or online news site,
this is effectively an extranet arrangement, although the term is most often used to mean a
business-to-business application

How is E-business and E-commerce management used

You will find that the term E-business is used in two main ways within organizations. The first
is as a concept which can be applied to strategy and operations. For example, ‘our organistion
needs an improved e-business strategy (or E-business technology)’. Secondly E-business is
used as an adjective to describe businesses that mainly operate online, i.e. they have no
physical presence on the high-streets and seek to minimize customer-service and support
through enabling ‘web self-service’. In the dot-com era they used to be known as ‘pure-plays’.
For example Amazon (www.amazon.com) and eBay (www.ebay.com, Case study 1.3) are the
world’s two biggest e-businesses.

Difference between E-commerce and E-business

While the words Commerce and Business don't have much difference in English and in fact
are largely interchangeable as nouns describing organized profit-seeking activity, there is a
difference between E-commerce and E-business. The difference is quite artificial, but different
terms do carry different meanings. The first wave of thinking about electronic business was a
reaction to the success of Amazon and Dell in selling products over the Internet. Electronic
business transactions involving money are "E-commerce" activities. However, there is much
more to E-business than selling products: what about marketing, procurement and customer
education? Even to sell on-line successfully, much more is required than merely having a
website that accepts credit cards. We need to have a web site that people want to visit,
accurate catalog information and good logistics. For selling online successfully one needs to
know basics of website development. The term "E-business" was introduced as a deliberate
attempt to say to people: "Your first understanding of E-commerce was too narrow. To be
successful, we need to think more broadly."

E-business goes far beyond ecommerce or buying and selling over the Internet, and deep into
the processes and cultures of an enterprise. It is the powerful business environment that is
created when you connect critical business systems directly to customers, employees,
vendors, and business partners, using Intranets, Extranets, ecommerce technologies,
collaborative applications, and the Web. Dell Computer gets a lot of attention as a pioneering
E-business today and is the best example of this form of business. It sells $ 15m worth of
computers from its websites each day. The company has created a ‘fully integrated value
chain ’ – a three-way information partnership with its suppliers and customers by treating them
as collaborators who together find ways of improving efficiency across the entire chain of
supply and demand. Dell's suppliers have real-time access to information about its orders.
Through its corporate extranet, they can organize their production and delivery to ensure that
their customer always has just enough of the right parts to keep the production line moving
smoothly. By plugging its suppliers directly into the customer database, Dell has ensured that
they will instantly know about changes in their demand. Similarly, by allowing entry to
customers into its supply chain via its website, Dell enables them to track the progress of their
orders from the factory to their doorstep. Successful new-businesses can emerge from
nowhere. Trends suggest it takes little more than two years for a start-up to emerge out of
nowhere, formulate an innovative business idea, establish a web-presence and reach a
dominant position in its chosen sector. The high valuation of the stocks of such start-ups and
the massive amount of venture capital flowing into their businesses is proof enough that
complacency is foolhardy here. America has already reached a threshold in E-business, from
where it is set to accelerate into hyper-growth, as per Forrester Research. Britain and
Germany will go into the same level of hyper-growth two years after America, with Japan,
France and Italy, a further two years behind.

In the past the rules of business were simple – Beat the competition, squeeze your suppliers
and keep your customers in the dark. But with increased collaboration in the completely
networked world, uncertainties arise. Nobody can predict how the customer with all the perfect
market information available at his disposal will respond to the rapidly shifting business
alliances and federations or how companies will manage such customers. The need of the
hour is a good strategy. Early ecommerce companies have used their understanding of the
technology’s potential and the absence of any competition to steal a march and enter markets
that would previously have been closed to them, but in future simply having a good business
idea and being technologically smart might not be enough. The global giants, after taking a
while to see the opportunity seem to have worked out how to adapt their multi-layered supply
chains and diverse distribution channels and are finally getting into the race. Besides this, for
successful implementation of E-business security is the key issue. E-business security is very
important as the transactions processed contain critical information. Read More on Ebusiness
Security.
E-cheque
E-cheque is a Payment Instrument designed to support electronic payments over the Internet
using cryptographic signatures and secure messaging / web sessions. E-cheque
payment process: the payer writes an E-cheque by structuring an electronic document
with the information legally required to be in a cheque and digitally signs it. The payee
receives the E-cheque over e-mail or WWW, verifies the payer’s digital signature, writes
out a deposit and digitally signs it. The payee’s bank verifies the payer’s and payee’s
digital signatures and forwards the cheque for clearing and settlement. The payer’s bank
verifies the payer’s digital signature and debits the payer s account. Salient Features:
Can be used for on-line transactions over the web or offline transactions using e-mail.
Support for Business requirements such as Co-Sign / Counter Sign. Electronic Cheque
Book is stored in a Smart Card. A low priced floppy based solution is also available. E-
cheque can be re-sent but payment will be made only once. The software handles the
detection of duplicate cheques. E-cheque is an ideal B2B payment instrument suitable for
high value transactions. It can also be used for B2C payments.

E-cash
While many different companies are rushing to offer digital money products, currently e-cash is
cash is represented by two models. One is the on-line form of E-cash (introduced by DigiCash)
which allows for the completion of all types of internet transactions. The other form is off-line;
essentially a digitally encoded card that could be used for many of the same transactions as
cash. This off-line version (which also has on-line capabilities) is being tested by Mondex in
partnership with various banks.

The primary function of E-cash is to facilitate transactions on the Internet. Many of these
transactions may be small in size and would not be cost efficient through other payment
mediums such as credit cards. Thus, WWW sites in the future may charge $0.10 a visit, or
$0.25 to download a graphics file. These types of payments, turning the Internet into a
transaction oriented forum, require mediums that are easy, cheap (from a merchants
perspective), private (see Privacy), and secure (see Security). Electronic Cash is the natural
solution, and the companies that are pioneering these services claim that the products will
meet the stated criteria. By providing this type of payment mechanism, the incentives to
provide worthwhile services and products via the Internet should increase. Another prospective
beneficiary from these developments would be Shareware providers, since currently they
rarely receive payments. To complete the digital money revolution an offline product is also
required for the pocket money/change that most people must carry for small transactions (e.g.
buying a newspaper, buying a cup of coffee, etc...).

The concept of electronic money is at least a decade old. [Hewitt 1994] demonstrates that
check writing is a pre-cursor to E-cash. When one person writes a check on his bank account
and gives the check to another person with an account at a different bank, the banks do not
transfer currency. The banks use electronic fund transfer. Electronic money, removes the
middleman. Instead of requesting the banks to transfer the funds through the mechanism of a
check, the E-cash user simply transfers the money from his bank account to the account of the
receiver.
The reality of E-cash is only slightly more complicated, and these complications make the
transactions both secure and private. The user downloads electronic money from his bank
account using special software and stores the E-cash on his local hard drive. To pay a WWW
merchant electronically, the E-cash user goes through the software to pay the desired amount
from the E-cash "wallet" to the merchants local hard drive ("wallet") after passing the
transaction through an E-cash bank for authenticity verification. The merchant can then pay its
bills/payroll with this E-cash or upload it to the merchant's hard currency bank account. The E-
cash company makes money on each transaction from the merchant (this fee is very small,
however) and from royalties paid by banks which provide customers with E-cash
software/hardware for a small monthly fee. Transactions between individuals would not be
subject to a fee.

E-cash truly globalizes the economy, since the user can download money into his cyber-wallet
in any currency desired. A merchant can accept any currency and convert it to local currency
when the cybercash is uploaded to the bank account.

To the extent a user wants E-cash off-line, all that is necessary is smart card technology. The
money is loaded onto the smartcard, and special electronic wallets are used to offload the
money onto other smartcards or directly to an on-line system. Smartcards have been used
successful in other countries for such transactions as phone calls for a number of years. The
money could also be removed from a smartcard and returned to a bank account. Visa is
developing a related product, the stored value card. This card comes in a variety of
denominations, but functions more like a debit card than E-cash.

In essence, E-cash combines the benefits of other transaction mediums. Thus, it is similar to
debit/credit cards, but E-cash allows individuals to conduct transactions with each other.
It is similar to personal checks, but it is feasible for very small transactions. While it
appears superior to other forms, E-cash will not completely replace paper currency. Use
of E-cash will require special hardware, and while most people will have access, not all
will. However, E-cash presents special challenges for the existing "middlemen" of the
current paper currency society. More and more, banks and other financial intermediaries
will serve simply as storehouses for money, lenders, and processing/verifying electronic
transactions. Personal interaction with a teller or even visits to a bank ATM will become
obsolete. All one will have to do is turn on his computer.

E-security
What is E-security?

The World Wide Web opens up many new opportunities for businesses, but exposes you to
new risks. Before embarking on eCommerce ventures, take time to understand the risks and
protect your business. Common risks include viruses, hackers, security for online banking and
credit card fraud. In this training module, we shall touch on methods you can use to protect
yourself and your business online:

• Internet Security Software – software which combines antivirus and firewall software and
often includes anti-spam and other security and productivity features.
• Antivirus software — software which detects and removes known computer viruses. Quite
often, viruses arrive onto your computer network through email. Antivirus software ensures that
all emails arriving in your Inbox are “clean” and quarantines those emails it detects as being
infected.

• Firewall software — software which acts as an intelligent gateway between your computer
and the rest of the Internet. It monitors the traffic flowing in and out of your system and checks
if it’s authorized to do so. If there is no authorization, that communication is blocked and you
remain protected.

• Online banking security features — features that banks include in their online banking
service offerings to protect their customers, and themselves, during online banking
transactions.

• Online transaction (buying and selling) security features — features such as encryption
used on websites to protect customer details during transactions. These are often part of the
Internet Service Provider package, so remember to ask your ISP.

What are the E-security business benefits?

The key business gain in establishing a robust E-security program in your business is that it
allows you to operate without interruption. Imagine the disruption caused to your operations if
your system was infected by a virus and shut down, your business was hacked into and your
confidential material was accessed or your customers were defrauded. These things can take
an hour or weeks to fix so in the case of E-security, prevention is better than finding a cure.
Specifically, the benefits (often referred to as the ‘Four Pillars of Trust’) of applying E-security
technologies include:

• Privacy and confidentiality – To ensure that customer data remains private and users have
control over how information is used

• Authenticity – For businesses to know exactly who they are dealing with

• Integrity– Transaction details and other valuable commercial information will not be
accessible to anyone other than those involved in the transaction

• Non-repudiation of payments and transactions – businesses must have confidence that a

payment made over the Internet is irrevocable. A contract formed over the Internet must be
binding and capable of enforcement against a defaulting party.

How does E-security work?

E-security works by utilising various authentication technologies to ensure protection for

business. These include:

• Secure access (password authentication) - A username and password is assigned to each

user to allow access to a website. Used: when a low security level is required.

o Reference Websites www.hotmail.com

 www.pureprofile.com.au

• Secure connections (SSL) – Secure Socket Layer (SSL) combines a basic password
system with protocols that encrypt data transmissions. Used: for websites that sell products
and services

o Reference Websites www.chaosmusic.com

www.rosesonly.com.au

• Secure interconnection (PKI) – Public Key Infrastructure (PKI) uses keys to scramble and
decipher messages. Used: for high value business, government and military transactions

o Reference Websites www.verisign.com.au/managedpki/

www.thawte.com/spki/

• Secure personal connection (PGP) – Pretty Good Privacy (PGP) uses public key
encryption. Used: as a popular security option for individuals

o Reference Websites www.pgpi.org

• Secure networking (VPN) – Virtual Private Networks offer one of the highest levels of
security using advanced encryption and tunneling technologies. Used: by business with
multiple office locations

o Reference Websites computer.howstuffworks.com/vpn.htm

• Email security – Where similar software is used to send and receive encrypted email
messages so only the intended recipient can read it. Email software includes:

o Dedicated email encryption- Uses same technology as PKI/PGP and can plug-in to
existing email software (e.g. Microsoft Outlook, Eudora)

o Secure email gateways – For businesses that do not require email security within their
own office environment yet do outside the internal mail gateway

o Reference Websites www.pcguardiantechnologies.com

• Anti-virus software – Installed on a computer to protect and eliminate incoming viruses

o Reference Websites www.symantec.com

www.mcafee.com
www.iia.net.au/novirus

• Firewall – A firewall is software that separates a public business Web server from its internal
network and provides the first layer of security for your computer when you connect to the
Internet.

o Reference Websites www.symantec.com

www.mcafee.com
Be vigilant against viruses!

Quite often, you can stop viruses even before your anti-virus software detects them. By
following the steps below, you can ensure protection against virus attacks:

• Be cautious about opening unsolicited emails, especially if they contain attachments

• Only download software from trusted websites

• Disconnect your PC from the Internet when not in use

Questions to ask when purchasing E-security software?

Firewalls

What sort of Firewall do I need for my business?

• Firewalls can provide many levels of security. As firewalls require some skills to set up, it is
advisable to seek technical advice to set up your firewall to suit your needs — see your ISP or
computer retailer. Where can I purchase Firewall software?

• Some firewall software comes in shrink-wrapped boxes and can be purchased from a
computer retailer, software dealer or can be directly downloaded from the World Wide Web.

How can I ensure that my Firewall remains secure and up to date?

• Set your firewall to update itself automatically. Most update when you are connected to the
web.

Antivirus Software

What sort of anti-virus software do I need for my business?

• The decision revolves around how many individual computers your business has that require
protection. Like firewall software, it can be purchased by traditional retail means or
downloaded across the Internet. Also like firewalls, antivirus software must be kept up-to-date
and can be updated automatically when you are connected to the Internet.

Security for Online Transactions

What type of secure online payment solution do I need for my business?

• Secure online payment solution costs are based on the volume of transactions. The more you
do, the cheaper it gets – a bit like mobile phone plans. Try and estimate how many
transactions you will be doing across your website and use this number to make your decision.

E-broker
An electronic intermediary who only introduces the commercial sites and is not responsible for
the order fulfillment and guarantee.

E-CRM
A proper e-CRM Strategy includes all processes, touchpoints, people and technologies
throughout the enterprise aiming at acquiring and retaining the organisation’s preferred
customers. It starts with getting a clear and company-wide understanding of e-CRM and
recognizing why it is needed. As a next step, the e-CRM strategy is defined as covering all e-
CRM domains based on the business vision and aligned with the company’s values. The
vision, together with the current situation lead to the definition of the e-CRM strategy and this is
concretized through a roadmap indicating main projects, seeking minimization of the time gap
between project investments and business benefits.

Customer Management Strategies for E-business reveals where and how e-CRM can impact
on your organization's profitability. You will discover:

• New organizational structures for e-CRM - How to ensure your company's people,
skills and processes work together to manage e-CRM challenges.
• How to manage the e-CRM change programme - Ready-made frameworks and
techniques to help your e-CRM change programme stay on track.
• Launch a stand-alone dot.com or evolve the current organization? - Case reports
of companies which have taken both approaches provide an insight into the
opportunities and trouble-spots.
• Solutions to and advice on many of the key IT issues - How to achieve integration,
how to draw up a vendor shortlist, essential analytical tools which help drive your e-
CRM strategy, important lessons in email marketing and more.
• Key lessons in collecting and managing data for e-CRM - Essential skills for
deploying analytical tools and creating a holistic view of the customer.
• One-stop guide to email marketing - Get to grips with the important issues
surrounding data collection, data protection laws, email automation tools, process and
service level agreements.
• Measurement tools and techniques for e-CRM - Discover the opportunities offered by
models such as the balanced scorecard and Drivers of Customer Performance models,
plus new metrics including share of wallet, lifetime value, retention rate and innovative
measures for web site performance.

Internet
The Internet is a worldwide, publicly accessible network of interconnected computer networks
that transmit data by packet switching using the standard Internet Protocol (IP). It is a
"network of networks" that consists of millions of smaller domestic, academic, business,
and government networks, which together carry various information and services, such as
electronic mail, online chat, file transfer, and the interlinked Web pages and other
documents of the World Wide Web.

Common uses of the Internet

E-mail

The concept of sending electronic text messages between parties in a way analogous to
mailing letters or memos predates the creation of the Internet. Even today it can be important
to distinguish between Internet and internal e-mail systems. Internet e-mail may travel and be
stored unencrypted on many other networks and machines out of both the sender's and the
recipient's control. During this time it is quite possible for the content to be read and even
tampered with by third parties, if anyone considers it important enough. Purely internal or
intranet mail systems, where the information never leaves the corporate or organization's
network, are much more secure, although in any organization there will be IT and other
personnel whose job may involve monitoring, and occasionally accessing, the email of other
employees not addressed to them.

The World Wide Web

Many people use the terms Internet and World Wide Web (a.k.a. the Web) interchangeably,
but in fact the two terms are not synonymous. The Internet and the Web are two separate but
related things. The Internet is a massive network of networks, a networking infrastructure. It
connects millions of computers together globally, forming a network in which any computer can
communicate with any other computer as long as they are both connected to the Internet.
Information that travels over the Internet does so via a variety of languages known as
protocols.

The Web is a way of accessing information over the medium of the Internet. It is an
information-sharing model that is built on top of the Internet. The Web uses the HTTP protocol,
only one of the languages spoken over the Internet, to transmit data. Web services, which use
HTTP to allow applications to communicate in order to exchange business logic, use the Web
to share information. The Web also utilizes browsers, such as Internet Explorer or Netscape, to
access Web documents called Web pages that are linked to each other via hyperlinks. Web
documents also contain graphics, sounds, text and video.

The Web is just one of the ways that information can be disseminated over the Internet. The
Internet, not the Web, is also used for e-mail, Usenet news groups, instant messaging, file
sharing and FTP. So the Web is just a portion of the Internet, albeit a large portion, but the two
terms are not synonymous and should not be confused.

Through keyword-driven Internet research using search engines, like Yahoo!, and Google,
millions of people worldwide have easy, instant access to a vast and diverse amount of online
information. Compared to encyclopedias and traditional libraries, the World Wide Web has
enabled a sudden and extreme decentralization of information and data.

Many individuals and some companies and groups have adopted the use of "Web logs" or
blogs, which are largely used as easily-updatable online diaries. Some commercial
organizations encourage staff to fill them with advice on their areas of specialization in the
hope that visitors will be impressed by the expert knowledge and free information, and be
attracted to the corporation as a result. One example of this practice is Microsoft, whose
product developers publish their personal blogs in order to pique the public's interest in their
work.
For more information on the distinction between the World Wide Web and the Internet itself—
as in everyday use the two are sometimes confused—see Dark internet where this is
discussed in more detail.

Remote access

The Internet allows computer users to connect to other computers and information stores
easily, wherever they may be across the world. They may do this with or without the use of
security, authentication and encryption technologies, depending on the requirements.

This is encouraging new ways of working from home, collaboration and information sharing in
many industries. An accountant sitting at home can audit the books of a company based in
another country, on a server situated in a third country that is remotely maintained by IT
specialists in a fourth. These accounts could have been created by home-working book-
keepers, in other remote locations, based on information e-mailed to them from offices all over
the world. Some of these things were possible before the widespread use of the Internet, but
the cost of private, leased lines would have made many of them infeasible in practice.

An office worker away from his desk, perhaps the other side of the world on a business trip or
a holiday, can open a remote desktop session into their normal office PC using a secure
Virtual Private Network (VPN) connection via the Internet. This gives the worker complete
access to all of their normal files and data, including e-mail and other applications, while away
from the office.

This concept is also referred to by some network security people as the Virtual Private
Nightmare, because it extends the secure perimeter of a corporate network into its employees'
homes; this has been the source of some notable security breaches, but also provides security
for the workers.

Collaboration

The low cost and nearly instantaneous sharing of ideas, knowledge, and skills has made
collaborative work dramatically easier. Not only can a group cheaply communicate and test,
but the wide reach of the Internet allows such groups to easily form in the first place, even
among niche interests. An example of this is the free software movement in software
development which produced GNU and Linux from scratch and has taken over development of
Mozilla and OpenOffice.org (formerly known as Netscape Communicator and StarOffice).

Internet 'chat', whether in the form of IRC 'chat rooms' or channels, or via instant messaging
systems allow colleagues to stay in touch in a very convenient way when working at their
computers during the day. Messages can be sent and viewed even more quickly and
conveniently than via e-mail. Extension to these systems may allow files to be exchanged,
'whiteboard' drawings to be shared as well as voice and video contact between team
members.

Version control systems allow collaborating teams to work on shared sets of documents
without either accidentally overwriting each other's work or having members wait until they get
'sent' documents to be able to add their thoughts and changes.
File sharing

A computer file can be e-mailed to customers, colleagues and friends as an attachment. It can
be uploaded to a Web site or FTP server for easy download by others. It can be put into a
"shared location" or onto a file server for instant use by colleagues. The load of bulk
downloads to many users can be eased by the use of "mirror" servers or peer-to-peer
networks. In any of these cases, access to the file may be controlled by user authentication;
the transit of the file over the Internet may be obscured by encryption and money may change
hands before or after access to the file is given. The price can be paid by the remote charging
of funds from, for example a credit card whose details are also passed—hopefully fully
encrypted—across the Internet. The origin and authenticity of the file received may be checked
by digital signatures or by MD5 or other message digests.

These simple features of the Internet, over a world-wide basis, are changing the basis for the
production, sale, and distribution of anything that can be reduced to a computer file for
transmission. This includes all manner of office documents, publications, software products,
music, photography, video, animations, graphics and the other arts. This in turn is causing
seismic shifts in each of the existing industry associations, such as the RIAA and MPAA in the
United States, that previously controlled the production and distribution of these products in
that country.

Streaming media

Many existing radio and television broadcasters provide Internet 'feeds' of their live audio and
video streams (for example, the BBC and Rush Limbaugh). They may also allow time-shift
viewing or listening such as Preview, Classic Clips and Listen Again features. These providers
have been joined by a range of pure Internet 'broadcasters' who never had on-air licenses.
This means that an Internet-connected device, such as a computer or something more
specific, can be used to access on-line media in much the same way as was previously
possible only with a television or radio receiver. The range of material is much wider, from
pornography to highly specialized technical Web-casts. Podcasting is a variation on this
theme, where—usually audio—material is first downloaded in full and then may be played back
on a computer or shifted to a digital audio player to be listened to on the move. These
techniques using simple equipment allow anybody, with little censorship or licensing control, to
broadcast audio-visual material on a worldwide basis.

Webcams can be seen as an even lower-budget extension of this phenomenon. While some
webcams can give full frame rate video, the picture is usually either small or updates slowly.
Internet users can watch animals around an African waterhole, ships in the Panama Canal, the
traffic at a local roundabout or their own premises, live and in real time. Video chat rooms,
video conferencing, and remote controllable webcams are also popular. Many uses can be
found for personal webcams in and around the home, with and without two-way sound.

Voice telephony (VoIP)

VoIP stands for Voice over IP, where IP refers to the Internet Protocol that underlies all
Internet communication. This phenomenon began as an optional two-way voice extension to
some of the Instant Messaging systems that took off around the year 2000. In recent years
many VoIP systems have become as easy to use and as convenient as a normal telephone.
The benefit is that, as the Internet carries the actual voice traffic, VoIP can be free or cost
much less than a normal telephone call, especially over long distances and especially for those
with always-on Internet connections such as cable or ADSL.

Thus VoIP is maturing into a viable alternative to traditional telephones. Interoperability

between different providers has improved and the ability to call or receive a call from a
traditional telephone is available. Simple inexpensive VoIP modems are now available that
eliminate the need for a PC.

Voice quality can still vary from call to call but is often equal to and can even exceed that of
traditional calls.

Remaining problems for VoIP include emergency telephone number dialling and reliability.
Currently a few VoIP providers provide an emergency service but it is not universally available.
Traditional phones are line powered and operate during a power failure, VoIP does not do so
without a backup power source for the electronics.

Most VoIP providers offer unlimited national calling but the direction in VoIP is clearly toward
global coverage with unlimited minutes for a low monthly fee.

VoIP has also become increasingly popular within the gaming world, as a form of
communication between players. Popular gaming VoIP clients include Ventrilo and
Teamspeak, and there are others available also.

Censorship

Some governments, such as those of Cuba, Iran, North Korea, the People's Republic of China
and Saudi Arabia, restrict what people in their countries can access on the Internet, especially
political and religious content. This is accomplished through software that filters domains and
content so that they may not be easily accessed or obtained without elaborate circumvention.

In Norway, Finland and Sweden, major Internet service providers have voluntarily (possibly to
avoid such an arrangement being turned into law) agreed to restrict access to sites listed by
police. While this list of forbidden URLs is only supposed to contain addresses of known child
pornography sites, the content of the list is secret.

Many countries have enacted laws making the possession or distribution of certain material,
such as child pornography, illegal, but do not use filtering software.

There are many free and commercially available software programs with which a user can
choose to block offensive Web sites on individual computers or networks, such as to limit a
child's access to pornography or violence.
Externet
An extranet is a private network that uses Internet protocols, network connectivity, and
possibly the public telecommunication system to securely share part of an organization's
information or operations with suppliers, vendors, partners, customers or other businesses. An
extranet can be viewed as part of a company's Intranet that is extended to users outside the
company (e.g.: normally over the Internet). It has also been described as a "state of mind" in
which the Internet is perceived as a way to do business with a preapproved set of other
companies business-to-business (B2B), in isolation from all other Internet users. In contrast,
business-to-consumer (B2C) involves known server(s) of one or more companies,
communicating with previously unknown consumer users.

Briefly, an extranet can be understood as a private intranet mapped onto the Internet or
some other transmission system not accessible to the general public, but is managed by more
than one company's administrator(s). For example, military networks of different security levels
may map onto a common military radio transmission system that never connects to the
Internet. Any private network mapped onto a public one is a virtual private network (VPN). In
contrast, an intranet is a VPN under the control of a single company's administrator(s).

An argument has been made that "extranet" is just a buzzword for describing what institutions
have been doing for decades, that is, interconnecting to each other to create private networks
for sharing information. One of the differences that characterized an extranet, however, is that
its interconnections are over a shared network rather than through dedicated physical lines.
With respect to Internet Protocol networks, RFC 2547 states "If all the sites in a VPN are
owned by the same enterprise, the VPN is a corporate intranet. If the various sites in a VPN
are owned by different enterprises, the VPN is an extranet. A site can be in more than one
VPN; e.g., in an intranet and several extranets. We regard both intranets and extranets as
VPNs. In general, when we use the term VPN we will not be distinguishing between intranets
and extranets. Even if this argument is valid, the term "extranet" is still applied and can be
used to eliminate the use of the above description."

Another very common use of the term "extranet" is to designate the "private part" of a website,
where "registered users" can navigate, enabled by authentication mechanisms on a "login
page".

Intranet
An intranet is a private computer network that uses Internet protocols, network connectivity to
securely share part of an organization's information or operations with its employees.
Sometimes the term refers only to the most visible service, the internal website. The same
concepts and technologies of the Internet such as clients & servers running on the Internet
protocol suite are used to build an intranet. HTTP and other Internet protocols are commonly
used as well, such as FTP.There is often an attempt to use Internet technologies to provide
new interfaces with corporate 'legacy' data and information systems.

Intranets differ from "Extranets" in that the former is generally restricted to employees of the
organization while extranets can generally be accessed by customers, suppliers, or other
approved parties
Briefly, an intranet can be understood as "a private version of the Internet," or as a version
of the Internet confined to an organisation.
APPLET / SERVLET
An applet is a program written in the Java programming language that can be included in an HTML
page, much in the same way an image is included in a page. When you use a Java technology-enabled
browser to view a page that contains an applet, the applet's code is transferred to your system and
executed by the browser's Java Virtual Machine (JVM). An applet usually performs a very narrow
function that has no independent use. An applet is distinguished from "subroutine" by several features.
First, it executes only on the "client" platform environment of a system, as contrasted from "servlet". As
such, an applet provides functionality or performance beyond the default capabilities of its container (the
browser). Also, in contrast with a subroutine, certain capabilities are restricted by the container. An
applet is written in a language that is different from the scripting or HTML language which invokes it.
The applet is written in a compiled language, while the scripting language of the container is an
interpreted language, hence the greater performance or functionality of the applet. Unlike a "subroutine,"
a complete web component can be implemented as an applet.

Unlike a program, an applet cannot run independently; an applet usually features display and graphics
and often interacts with the human user. However, they are usually stateless and have restricted security
privileges. The applet must run in a container, which is provided by a host program, through a plug-in,
or a variety of other applications including mobile devices that support the applet programming model.
The applet API lets you take advantage of the close relationship that applets have with Web browsers.
The API is provided by the javax.swing.JApplet class and the java.applet.AppletContext interface.
Applets can use these APIs to do the following:

1. Be notified by the browser of milestones.

2. Load data files specified relative to the URL of the applet or the page in which it is running.
3. Display short status strings.
4. Make the browser display a document.
5. Find other applets running in the same page.
6. Play sounds.
7. Get parameters specified by the user in the <APPLET> tag.

Java Servlet technology provides Web developers with a simple, consistent mechanism for extending the
functionality of a Web server and for accessing existing business systems. A servlet can almost be
thought of as an applet that runs on the server side--without a face. Java servlet make many Web
applications possible. The Servlet lifecycle consists of the following steps:

1. The Servlet class is loaded by the container during start-up.

2. The container calls the init() method. This method initializes the servlet and must be called before
the servlet can service any requests. In the entire life of a servlet, the init() method is called only
once.
3. After initialization, the servlet can service client-requests. Each request is serviced in its own
separate thread. The container calls the service() method of the servlet for every request. The
service() method determines the kind of request being made and dispatches it to an appropriate
method to handle the request. The developer of the servlet must provide an implementation for these
methods. If a request for a method that is not implemented by the servlet is made, the method of the
parent class is called, typically resulting in an error being returned to the requester.
4. Finally, the container calls the destroy() method which takes the servlet out of service. The destroy()
method like init() is called only once in the lifecycle of a Servlet.
A Java application that runs in a Web server or application server provides server-side processing such
as accessing a database and e-commerce transactions. Widely used for Web processing, servlet are
designed to handle HTTP requests and are the standard Java replacement for a variety of other methods,
including CGI scripts, Active Server Pages and proprietary C/C++ plug-ins for specific Web servers
(ISAPI, NSAPI). Because they are written in Java, servlet are portable between servers and operating
systems.
A Servlet is an object that receives a request and generates a response based on that request. The basic
servlet package defines Java objects to represent servlet requests and responses, as well as objects to
reflect the servlet's configuration parameters and execution environment. In order to initialize a Servlet,
a server application loads the Servlet class (and probably other classes which are referenced by the
Servlet) and creates an instance by calling the no-args constructor. Then it calls the Servlet's
init(ServletConfig config) method. The Servlet should performe one-time setup procedures in this
method and store the ServletConfig object so that it can be retrieved later by calling the Servlet's
getServletConfig() method. This is handled by GenericServlet. Servlets which extend GenericServlet (or
its subclass HttpServlet) should call super.init(config) at the beginning of the init method to make use of
this feature. The ServletConfig object contains Servlet parameters and a reference to the Servlet's
ServletContext. The init method is guaranteed to be called only once during the Servlet's lifecycle. It
does not need to be thread-safe because the service method will not be called until the call to init returns.
When the Servlet is initialized, its service (ServletRequest req, ServletResponse res) method is called for
every request to the Servlet. The method is called concurrently (i.e. multiple threads may call this
method at the same time) so it should be implemented in a thread-safe manner. When the Servlet needs
to be unloaded the destroy() method is called. There may still be threads that execute the service method
when destroy is called, so destroy has to be thread-safe. All resources which were allocated in init
should be released in destroy. This method is guaranteed to be called only once during the Servlet's
lifecycle.

The traditional way of adding functionality to a Web Server is the Common Gateway Interface (CGI), a
language-independent interface that allows a server to start an external process which gets information
about a request through environment variables, the command line and its standard input stream and
writes response data to its standard output stream. Each request is answered in a separate process by a
separate instance of the CGI program, or CGI script (as it is often called because CGI programs are
usually written in interpreted languages like Perl). Servlet have several advantages over CGI:
• A Servlet does not run in a separate process. This removes the overhead of creating a new
process for each request.
• A Servlet stays in memory between requests. A CGI program (and probably also an extensive
runtime system or interpreter) needs to be loaded and started for each CGI request.
• There is only a single instance which answers all requests concurrently. This saves memory and
allows a Servlet to easily manage persistent data.
• A Servlet can be run by a Servlet Engine in a restrictive Sandbox (just like an Applet runs in a
Web Browser's Sandbox) which allows secure use of un trusted and potentially harmful Servlet.

APPLICATION LEVEL FIREWALL

An Application Level Firewall is a firewall where one application-level (i.e., not kernel) process is used
to forward each session that an internal user makes to a network resource on the public network.
Application Level Firewall's are considered to be the most secure type of Firewall's, but they incur a
significant performance penalty. The penalty arises because a new process must be started each time a
user starts a new session -- for instance by following a URL to a new World-Wide Web site. The
Application Level Gateway acts as a proxy for applications, performing all data exchanges with the
remote system in their behalf. This can render a computer behind the firewall all but invisible to the
remote system. It can allow or disallow traffic according to very specific rules, for instance permitting
some commands to a server but not others, limiting file access to certain types, varying rules according
to authenticated users and so forth. This type of firewall may also perform very detailed logging of
traffic and monitoring of events on the host system, and can often be instructed to sound alarms or notify
an operator under defined conditions. Application-level gateways are generally regarded as the most
secure type of firewall. They certainly have the most sophisticated capabilities. A disadvantage is that
setup may be very complex, requiring detailed attention to the individual applications that use the
gateway. An application gateway is normally implemented on a separate computer on the network
whose primary function is to provide proxy service.

Recently, application-layer firewalls have emerged as a defense against Web application attacks, which
are the most common type of intrusion, according to reports by antimalware vendors Sophos plc and
Symantec Corp. Traditional network firewalls can't detect application attacks because they piggy-back
on open ports used by legitimate applications. Network firewalls check ports and packet headers, but
they don't check applications and application data, which can hide malicious activity as it zips through
open firewall ports unnoticed. Since most Web traffic goes through either port 80 or port 443, blocking
these ports isn't realistic. A true application-layer firewall inspects the traffic from applications for
malicious code, such as SQL injection or cross-site scripting (XSS). Sure, this requires deep packet
inspection, but deep packet inspection looks only for things like malware and spyware embedded in
traffic, not necessarily at malicious code sent through an application. Unlike traditional network
firewalls, which only examine packet headers, deep packet inspection looks inside packets and their
contents. While this definitely beefs up the capability of firewalls, and shouldn't be discounted as a
defense against attacks, it still has some limitations. At a bare minimum, an application level firewall
should protect against injection attacks, like SQL injection and XSS, session hijacking, scanning and
crawling, cookie tampering and path traversal attempts. An application-level firewall can block Denial
of Service (DoS) attacks by checking for spikes or irregular traffic patterns and should also be able to
handle both standard HTTP, as well as SSL traffic. The second feature to look for in an application-level
firewall is its ability to integrate with identity and access management systems. This allows the firewall
to be tuned to allow employee access to certain Web applications, but not anybody else in the
organization. Some employees may need access to Web-based email or WebEx to do their jobs. This can
be adjusted if the firewall is integrated with the company's directory service, like Active Directory or
LDAP. Access to applications can be added to an employee's profile. An application-level firewall itself,
like its network firewall counterpart, should also have role-based access to only allow authorized system
administrators access for maintenance and upgrades. The third key issue for application-level firewalls is
their compatibility with a corporation's network. An application-level firewall is another piece of
equipment that can be a drag on a network. If not configured properly, or if it's incompatible with
corporate architecture, it can cause performance problems. Will it be a drag on your network, slowing
down visitors to your web sites, or will it be transparent, as it was invisible on your network?
Generally, application-level firewalls run in tandem with network firewalls, usually behind them inside
the network. Incoming traffic passes first through the network firewall, then through the application-
level firewall. Always check the firewall's throughput and thoroughly load test it in your environment
before considering a full production installation. Any slowdowns, bottlenecks or performance issues
should be straightened out before deployment to production. Finally, just like their network counterparts,
application-level firewalls should have the capability to log traffic. Besides being a security best
practice, it's essential for tracking down incidents and, in some cases, may be required for compliance.
Will the logging be adequate to track down incidents or produce reports of inappropriate access? PCI is
strict in its requirement of network monitoring. This is at the heart of an application-level firewall's
features.
 BUSINESS INTELLIGENCE
Traditionality the retail industry has lagged behind other industries in adopting new technologies and
this holds true in its acceptance of business intelligence technologies. The competitive game is changing
for retail. As the industry continues to consolidate, retailers have begun to realize that using technology
to better understand customer buying behavior etc. Retailers are now paying significant attention to
business intelligence software, specifically in the areas of merchandise intelligence, customer
intelligence and operational intelligence. The organizations pass through five fundamentals stages as
they advance in their use of business intelligence.

• OPERATE: At the most basic level is the companies rife with information mavericks. If they go,
the knowledge goes with them. There are no processes and each request becomes as adhoc data
rebuild resulting in multiple versions of truth.

• CONSOLIDATE: At this stage, a company has pulled together its data at the department level.
However departmental interests and interdepartmental competition can skew the integrity of the
output.

• INTEGRATE: At this point, a company has adopted enterprise wide data and bases its decisions on
the more complex information. This company is beginning to have a true awareness of additional
opportunities for the use of business intelligence to improve processes and profits.

• OPTIMIZE: The Company’s knowledge workers are much focused on incremental process
improvements and refining the value-creation process. Everyone understands and user analysis,
trending, pattern analysis and predictive results to increase efficiency and effectiveness. The
extended value chain become increasingly critical to the organization including the customer,
suppliers and partners who constitute inter company communities.

• INNOVATE: This level represents a major, quantum break with the past. It exploits the
understanding of the value creation process acquired in the optimize stage and replicates that
efficiency with new products in new markets. Companies apply this expertise to new areas of
opportunity thus multiplying the no. of revenue streams flowing into the enterprise.
A successful business intelligence project team is like a four legged table, each leg holds up its share of
the weight. The four legs are:
1. PROJECT SPONSORSHIP AND GOVERANCE
IT and the business should form a BI steering committee to sponsor and govern design,
development, deployment and ongoing support. It needs both the CIO and a business executive to
commit budget, time and resources. The business sponsors needs the project to succeed. The CIO is
committed to what is being built and how.

2. PROJECT MANAGEMENT
It includes managing daily tasks, reporting status and communicating to the extended project team,
steering committee and affected business users. It includes three functions:
• Project Development Manager: Responsible for deliverables, managing team, resources,
monitoring tasks, reporting status and communications.
• Business Advisor: Works within the sponsoring business organization. Responsibilities for the
deliverables of the business resources on the projects extended team serves as the business
advocate on the project team and the project advocate within the business community.
 • BI Project Advisor: Has enough expertise with architecture and technologies to guide the
project team on their use. Ensure that architecture, data models, database. ELT code and BI tools
are all being used effectively and conform to best standards.

3. DEVELOPMENT TEAM
• Business Requirements: The sub-team may have business people who understand IT systems or
IT people who understand the business. The team represents the business and their interests.
• BI Architecture: Develops the overall BI architecture, selects the appropriate technology,
creates the data models, map the overall data work flow from source system to BI analytics and
oversees the ELT and BI development teams from a technical perspective.
• ELT Development: Receives the business and data requirements as well as the target data
models to be used by BI analytics. Develops the ELT code needed to gather data from the
appropriate source systems into the BI database.
• BI Development: Create the reports or analytics that the business users will interacts with to do
their jobs. This is often a very iterative process and requires much interaction with the business
users.

4. EXTENDED PROJECT TEAM

• Players: A group of business users are signed up to “play with” or test the BI analytics and
reports as they are developed to provide feedback to the core development team. This is a virtual
team that gets together at specific periods of the project but they are committed to this role
during those projects.
• Testers: A group of resources are gathered similarly to the virtual team above to perform more
extensive QA testing of the BI analytics, ETL processes and overall system testing.
• Operators: It operations is often separated from the development team but it is critical that they
are involved from the beginning of the project to ensure that the systems are developed and
deployed within your company’s infrastructure. Key functions are database administration,
system administration.

The key benefits are:

• Improved decision making.
• Higher customer retention.
• Increased satisfaction levels.
• Marketing cost reduction.
• Customer focused
• Increased profitability
 E-BUSINESS
E-Business is the digital enablement of transactions and process within a firm involving information
systems under the control of the firm. E-Business does not include commercial transaction involving an
exchange of values across organizational boundaries.

The advantages are as follows:

1. 24 X 7 OPERATIONS
Round the clock operations are an expensive proposition in the ‘Brick and Motor’ world, while it
is natural in the ‘Click and conquer’ world.

2. GLOBAL REACH
The net being inherently global, reaching global customers is relatively easy on net.

3. COST OF ACQUIRING, SERVING AND RETAINING CUSTOMERS

It is relatively cheaper to acquire new customers over the net through innovative tools of “push
technology”. It is also possible to retain customers’ loyalty with minimal investments.

4. EXTENDED ENTERPRISE IS EASY TO BUILD

Internet provides an effective way to extend your enterprise beyond the narrow confines of own
organizations. Tools like ERP (Enterprise Resource Planning), SCM (Supply Chain
Management) and CRM (Customer Relationship Management) can easily be deployed over the
net.

5. DISINTERMEDIATION
Using the net, one can directly approach the customers and suppliers, cutting down the no. of
levels and in the process, cutting down the cost.

6. IMPROVED CUSTOMER SERVICE

It results in higher satisfaction and more sales.

7. POWER TO PROVIDE THE BEST

It enhances traditional business along with internet tools.

SEVEN UNIQUE FEATURES

1. UBIQUITY
It means that is it available just about everywhere at all times. It liberates the market from being
restricted to a physical space and makes it possible to shop from your desktop. The result is a
market space.

2. GLOBAL REACH
It permits commercial transactions to cross cultural and national boundaries far more
conveniently and cost effectively that is true in traditional business. The no of users it can obtain
is a measure of its reach.
 3. UNIVERAL STANDARDS
The technical standards are shared by all nations around the world. It greatly lowers market entry
costs. It also reduces the search costs - the effort required to find suitable products.

4. RICHNESS
Information richness refers to the complexity and content of a message. Traditional markets,
national sale force and small retail stores have great richness. They are able to provide personal,
face to face service using aural and visual cues when making a sale. The richness of traditional
markets makes them a powerful selling or commercial environment.

5. INTERACTIVITY
This means that they allow for two way communication between merchant and consumer. It
allows an online merchant to engage a consumer in ways similar to a face to face experience but
on a much more massive global scale.

6. INFORMATION DENSITY
This is the total amount and quality of information available to all market participants,
consumers and merchants alike. E-business technologies reduce information collection, storage,
and processing and communication costs. These technologies increase greatly the currency,
accuracy and timeliness of information.

7. PERSONALIZATION / CUSTOMIZATION
An E-business technology permits personalization. Merchants can targets their marketing
messages to specify individuals by adjusting the message to a person’s name, interest and past
purchases. The technology also permits customization. Changing the delivered product or service
based on a user’s preferences or prior behavior. The result is a level of personalization and
customization unthinkable with existing commerce technologies.

BUSINESS MODELS
A business model is a set of planned activities designed to result in a profit in a market place. The
business model is at the centre of the business plan. A business plan is a document that describes a
firm’s business model. Business model aim to use and leverage the unique qualities of the internet and
the World Wide Web.

KEY INGREDIENTS OF A BUSINESS MODEL

1. VALUE PROPOSITION

It defines how a company’s product or services fulfils the needs of customers. A company’s value
proposition is at the very heart of its business model.

2. REVENUE MODEL

It describes how the firm will earn revenue, generates profits, and produce a superior return on
invested capital. There are many revenue models.
 1. In advertising revenue model, a company provides a forum for advertisements and receives fees
from advertisers. Ex www.yahoo.com
2. In subscription revenue model, a company offers its users content or services and charges a
subscription fee for access to some or all of its offerings. Ex www.wsj.com, www.sportsline.com
3. In transaction fee revenue model, a company receives a fee for enabling or executing a
transaction. Ex www.ebay.com
4. In sales revenue model, a company derives revenue by selling goods, information, or services.
Ex www.amazon.com, www.salesforce.com
5. In affiliate revenue model, a company steers business to an affiliate and receives a referral fee or
percentage of the revenue from any resulting sales. Ex www.mypoints.com

3. MARKET OPPORTUNITY

It refers to the company’s intended market space and the overall potential financial opportunities
available to the firm in that market space. A market space is the area of actual or potential
commercial value in which a company intends to operate.

4. COMPETITIVE ENVIRONMENT

It refers to the other companies operating in the same market space selling similar products. Firms
typically have both direct and indirect competitors. Direct competitors sell product and services that
are very similar and into the same market segment. Indirect competitors may be in different
industries but still compete indirectly.

5. COMPETITIVE ADVANTAGE

It is achieved by a firm what it can produce a superior product and bring the product to market at a
lower price than most of its competitors. An asymmetry exists whenever one participant in a market
has more resources than other participants. A first mover advantage is a competitive market
advantage for a firm that results from being the first into a market place with a serviceable product or
service. An unfair competitive advantage occurs when one firm develops an advantages based on a
factor that other firm’s can’t purchase. In perfect market, there are no competitive advantages or
asymmetric because all firms have equal access to all the factors of production. Companies are said
to leverage their competitive assets when they use their competitive advantages to achieve more
advantages in surrounding markets.

6. MARKET STRATEGY

It is the plan you put together that details exactly how you intend to enter a new market and attract
new customers.
7. ORGANIXATIONAL DEVELOPMENT

It describes how the company will organize the work that needs to be accomplished.

8. MANAGEMENT TEAM

It is responsibility for making the model work. A strong team gives a model instant credibility to
outside investors, immediate market-specific knowledge and experience in implementing business
plans. A strong team may not be able to salvage a week business model, but they should be able to
change the model and redefines the business as it becomes necessary.

BUSINESS TO BUSINESS MODEL

B2B is that model whereby a company conducts its trading and other commercial activity through the
net and the customer is another business itself. This essentially means customer is another business
itself. This essentially means commercial activities between companies through the internet as medium.
This is supposed to be a huge opportunity area in the web. Companies have by and large computerized
all the operations worldwide and now they need to go into next stage by linking their customers and
vendors. This is done by supply chain software, which is an integral part of your ERP applications.
Companies need to setup a backbone of B2B applications, which will support the customer requirements
on the web. Many B2B sites are company and industry specific, catering to a community of users or a
combination of forward and backward integration.

MAZOR ADVANTAGES OF B2B

1. DIRECT INTERACTION WITH CUSTOMERS

This is the greatest advantage of e-business. The unknown and faceless customer including other
business, buying the product of a large MNC through distributers, channels, shops. Large MNC pay
a fortune for this information on customer buying patterns.

2. FOCUSSED SALES PROMOTION

This information gives authentic data about the clients likes, dislikes and preference and this help the
company to focus sales promotion drives which are aimed at the right audience.

3. BUILDING CUSTOMER LOYALTY

 It has been observed that online customers can be more loyal than other customers if they are made
to fed special and their distinct identity is recognized and their concerns about privacy are respected.
It has also been found that once customers develop a binding relationship with a site and their
product they don’t like to shift loyalties to another site or product.

4. SCALABILITY

This means the web is open and offers round the clock access. This provides an access never known
before to the customers. This access is across locations and time zones. Thus a company is able to
handle much more customers on a wider geographical spread if it uses an e-business model. The
additional cost of serving additional customers come down drastically once a critical mass is
reached.

5. SAVINGS IN DISTRIBUTION COSTS

A company can make a huge savings in distribution, logistical and after sale support costs by using
e-business models. This is because the e-business model involve the customer in the business
interaction to such a level that they are able to avoid setting up the huge backbone of sales and
support force which ordinary would have to be setup.

TOOLS AND TECHNIQUES AT THE DISPOSAL OF B2B

ENTERPRISES

It is important to know the right marketing strategies which would be required to sell successfully and
profitably over the web. Some of these are:

1. USE OF PRICING AS A TOOL

There is a wealth of research on pricing used as a tool to generate sales on the net. The biggest e-
trailer made it big by giving substantial discounts. Part of these discounts is attributed to the
distributor level commissions which are being passed on to the customer. Apart from this companies
have started giving things free on the net in order to get a critical mass of subscribers, which helps in
getting advertising revenues.

2. USE OF APPLICATION SERVICE PROVIDER MODEL

This is an old model of the seventies, which was used among mainframes and dumb terminals,
which is being revisited with a vengeance. The customer can log in over the net and access the s/w
 from the web server of the company and need not download it into his computer, this goes one step
further in the age of the network pc where one need not use even a hard disk and all critical
application data is kept on the web and can be accessed anywhere in the world.

3. USE OF COMPARISON SHOPPING

The internet has brought in a whole new concept of price matching and comparison shopping. Today
there are sites which will take us to hundreds of sites to find the cheapest product to suit our
specifications.

COMMON ELEMENTS OF B2B EXCHANGES

ELEMENT BENEFITS
1. CENTRALIZED MARKETSPACE : Neural and nonaligned with either
sellers or buyers
2. STANDARDIZED DOCUMENTATION : Users are prequalified & regulated
3. CONFIDENTIAL TRANSACTION B/W BUSINESS : Cleaning and settlement service
provided
4. PRICE QUOTES, PRICE HISTORY & AFTER THE : Pricing mechanism is self regulating
SALE INFORMATION

B2B MODELS
1. MARKETPLACE / EXCHANGE (B2B HUB)
It is a digital electronic marketplace where suppliers and commercial purchasers can conduct
transaction. For buyers, B2B hubs make it possible to gather information, check out suppliers,
collect prices and keep up to date on the latest happenings all in one place. Sellers on the other hand,
benefit from expanded access to buyers. The greater the number of potential buyers, the lower the
sales cost and the higher the changes of making a sale. Marketplace makes it significantly less
expensive and time consuming to identify potential suppliers, customers and partners and to do
business with each other. Vertical marketplaces serve specific industries such as steel, automobile,
while horizontal marketplace sell specific products and services to a wide range of companies.
Vertical marketplaces supply a smaller number of companies with products and services of specific
interests to their industry, while horizontal marketplaces supply companies in different industries
with a particular type of product and services. Ex of vertical marketplace is www.directAg.com,
www.e-steel.com. Ex of horizontal marketplace is www.tradeout.com.

2. E-DISTRIBUTOR
Companies that supply products and services directly to individual businesses are e-distributers
where as B2B hubs pull together many businesses making it possible for them to do business with
other companies. E-distributers are set up by one company seeking to serve many customers. The
more products and services a company makes available on its site, the more attractive that site is to
potential customers. The revenue is generated by sales of goods. Ex www.grainger.com

3. B2B SERVICE PROVIDER

It sells business services to other firms. “Traditional” B2B service providers offer online equivalent
to common business services. Application service providers are another type of B2b service
providers. An application service provider is a company that sells access to internet based software
 applications to other companies. Ex www.salesforce.com, www.conio.com. The revenue generated
is through rental fees. B2B service providers make money through transaction fees, fees based on the
no of workstations using the service or annual licensing fees. They offer purchasing firms significant
advantages. Services tend to be knowledge intensive based on expensive professional employees.
Traditional B2B service provider supports companies through online business services. The revenue
is generated through sales of services. Ex www.employeematters.com.

4. MATCHMAKER
Companies that make money by linking other businesses and taking a cut of any business that occurs
via a transaction or usage fee are called matchmakers. They are a form of the transaction brokers’
familiar in the B2C area. It helps businesses to find what they want and need on the web. The
revenue is generated through transaction fees. Ex www.iship.com

5. INFOMEDIARY
The term describe a new breed of company that would act as custodians, agents and brokers of
customer information, marketing it to businesses on customer’s behalf, while protecting their privacy
at the same time. In a company whose business model is premised upon gathering information about
consumers and selling it to other businesses. A vendor oriented infomediary sells the information it
gathers to vendors who use it to target products, services and promotions to particular consumers. It
is classified into two basic types i.e. Audience Broker and Lead Generators. Audience broker capture
information about customers and use it to help advertisers reach the most appropriate audiences for
their advertising. Revenue is through sales of information. Ex www.doubleclick.net. Lead generators
gather customer data from which they then create customer profiles and preferences. They then
direct vendors of product and services that fit these customer profiles to the customers. Revenue is
generated through referral fee. Ex www.autobytel.com

B2B MARKETPLACE
1. AGGREGATORS

In the aggregation model, one company aggregates buyers to form a virtual buying entity and
aggregates suppliers to constitute a virtual distributer. The aggregator takes the responsibility for
selection and fulfillment, pricing and marketing segmentation.

2. HUBS OR PROCESS INTEGRATION

It focuses on producing a highly integrated value proposition through a managed process. Hubs have
been defined as neutral internet based intermediaries that focus on a specific industry or a specific
business process. Hubs host electronic markets and create value by reducing the cost of transactions
between sellers and buyers.

3. COMMUNITY OR ALLIANCE
 In the community model, alliances are used to achieve high value integration without hierarchical
control. Members and end users play key roles as contributors and customers.

4. CONTENT
Content is the end product of this model of B2B. it has the purpose of facilitating trading. Revenue
can be generated from subscriptions, membership or advertising.

5. AUCTIONS OR DYNAMIC PRICING MARKETS

It handles complex exchanges between buyers and sellers in B2B. Auctions are dynamic and
efficient mechanisms for mediating are brokering in complex market places. Bundle auctions allow
agents to bid for bundles of items and are useful for B2B applications.

SOME MAZOR B2B PORTALS

1. www.agriwatch.com
2. www.apnatransport.com
3. www.auctionindia.com
4. www.bimaonline.com
5. www.calcuttasarees.com
6. www.castingsworld.com
7. www.cheround.com
8. www.commodityindia.com
9. www.e2commerce.net

BUSINESS TO CONSUMER MODEL(B2C)

Consumers are increasingly going online to shop for and purchase products, arrange financing, arrange
shipment or take delivery of digital products and get service after the sale. B2C e-business includes
retail sales often called e-retail and other online purchases as airline ticket, hotel rooms etc. Some B2C
e-business provides high value content to consumers for a subscription fee. Ex
www.wallstreetjournal.com, www.consumerreports.com, www.edites.com. B2C e-business models
include virtual malls, which are websites that host many online merchants. Ex www.excite.com,
www.choicemall.com, www.women.com, www.amazon.com, www.yahoo.com. E-Trailers that offer
traditional or web specific products or services only over the internet are sometimes called virtual
merchants. Ex www.amazon.com, www.etoys.com, www.ashfors.com. Some business supplement a
successful traditional mail order business with an online shopping site, or more completely to web based
ordering. They are sometimes called catalog merchants. Ex www.avon.com, www.chefs.com,
www.omahasteaks.com, www.harryanddavid.com. Some of the reasons why one should opt for B2C
are:

1. INEXPENSIVE, BIG OPPORTUNITIES

Once on net, opportunities are immense as companies can market their product to the whole world
without much additional cost.
2. GLOBALIZATION

The web can make one appear to be a big player which simply means that the playing field has been
leveled by e-business. Internets are accessed by millions of people and they are potential customers.

3. REDUCED OPERATIONAL COSTS

Selling through the web means cutting down on paper costs, customer support costs, support costs,
advertising cost and order processing cost.

4. CUSTOMER CONVENIENCE

Searchable content, shipping carts, promotions and interactivity and user friendly interfaces gives
customers convenience, generating more business. A customer can also see order status, delivery
status and get their receipts online.

5. KNOWLEDGE MANAGEMNT

Through database systems and information management, one can say who visit your site and how to
create better value for them.

HOW DOES B2C WORKS?

B2C e-business is more than just an online store. It really is managing the entire process, but just using
technology as a tool for order processing and customer support. The processes of B2C are as follows:

1. VISITING THE VIRTUAL MALL

The customer visits the mall by browsing the online catalogue – a very organized manner of
displaying products and their related information. Finding the right product becomes easy by using a
keyword search engine. Virtual malls may include a basic to an advanced search engine, product
relating system, control management, customer support system, bulletin boards, newsletters, etc.

2. CUSTOMER REGISTERS

The customer should have to register to become part of the site’s shopper registry. This allows
availing the shop’s complete services. The customer will be a part of the company’s growing
database which it can use for knowledge management and data mining.
3. CUSTOMER BUYS PRODUCTS

Through a shopping cart system, order details, shipping charges, taxes, additional charges and price
totals are presented in an organized manner. The customer can even change the quality of a certain
product. Virtual malls have a very comprehensive shopping system, complete with check out forms.

4. MERCHANT PROCESS THE ORDER

The merchant then process the order that is received from the previous stage and process it by filling
up necessary forms.

5. CREDIT CARD IS PROCESSED

The credit card of the customer is authenticated through a payment gateway or a bank. Other
payment methods can be used.

6. OPERATIONS MANAGEMENT

When the order is passed on to the logistic people, the traditional business operations will still be
used. Things like inventory management, total quality management, ware housing optimization and
project management should still be incorporated even though it is an e-business. Getting the product
to the customer is still the most important aspect of e-commerce.

7. SHIPMENT AND DELIVERY

The product is then shipped to the customer. The customer should be able to tract his order / delivery
through the website. Virtual malls have a delivery tracking module on the website which allows a
customer to change the status of a particular order.

8. CUSTOMER RECEIVES

The product is received by the customer and is verified. The system should then tell the firm that the
order has been delivered.

9. AFTER SALES SERVICE

 After the sale has been mode, the firm has to make sure that it maintains a good relationship with its
customers. This is done through customer relationship management.

MAJOR B2C BUSINESS MODELS

1. PORTAL

It offers users powerful web search tools as well as an integrated package of content and services all
in one place. Portals do not sell anything directly and in that sense they can present themselves as
unbiased. Portal generate revenue primarily by charging advertisers for as placement, collecting
referral fees for steering customers to other sites and charging for premium services. Horizontal
portals define their market space to include all uses of the internal. Ex www.yahoo.com, www.aol.in,
www.msn.com. Vertical services as horizontal portals but are focused around a particular subject
matter or market segment. Ex www.iboats.com.

2. E-TAIRLER

Online retail stores are often called e-trailers. They come in all sizes and shapes. E-trailer are much
like the typical brick and mortar store front except that customers only have to dial into the internet
to check their inventory and place an order. Some e-trailers sometimes referred to as “Clicks and
Mortar” or “Clicks and Bricks” are subsidiaries of existing physical stores and carry the same
product. Several other variations of e-trailer such as online version of direct mail catalogs, online
malls, and manufactures direct online sales also exits. Virtual merchant is an online version of retail
store, where customers can shop at any hour of the day or night without leaving home or office. Ex
www.Amazon.com. Clicks and mortar is an online distribution channel for company that also has
physical stores. Ex www.walmart.com. Catalog merchant is an online version of mall. Ex
www.fashionmall.com.

3. CONTENT PROVIDER

“Information Content”, which can be defined broadly to include all forms of intellectual property.
Intellectual property refers to all forms of human expression that can be put into a tangible medium
such as text, cd or the web. Content provider distributes information content, retrieving and paying
for content is the second largest revenue source for B2C. Content provider makes money by
charging subscriber a subscription fee. Micropayment system technology such as qpass system
provides content providers with a cost effective method for processing high volumes of very small
monetary transactions. Micropayment systems have greatly enhanced the revenue model prospects
of content providers who wish by the download. Content provider also makes money by selling
advertising space on their sites. Not all online content providers charge for their information. Ex
www.cio.com, www.sportsline.com, www.thestandard.com. These popular sites make money in
other ways such as advertising and partner promotions on the site. The key to becoming a successful
content provider owes the content. Syndication is a major variation of the standard content provider
model. Ex www.intonetworks.com, www.intertainment.com, www.wsj.com.
4. TRANSACTION BROKER

Sites that process transactions for customer(s) normally handled in person by phone or by mail are
transaction brokers. The largest industries using this model are financial services, travel services and
job placement services. Ex www.e-trade.com, www.ameritrade.com. The online transaction broker’s
primary value propositions are saving money and time. Most transaction brokers provide timely
information and opinion. Fears of privacy invasion and the loss of control over personal financial
information also contribute to market resistance. Consequently the challenge for online brokers is to
overcome consumer fears by emphasizing the security and privacy measure in place. Transaction
brokers make money each time a transaction occurs. Ex www.monster.com. www.expedia.com,
www.datek.com.

5. MARKET CREATOR

Market creator builds a digital environment where buyers and sellers can meet, display product,
search for product and establish a price for products. Prior to the internet and the web, market
creators relied on physical places to establish a market. There were few private digital network
market places prior to the web. The web changed this by making it possible to separate markets from
physical space. Ex www.priceline.com, www.ebay.com. The market opportunity for market creators
is potentially vast but only if the firm has the financial resources and marketing plan to attract
sufficient sellers and buyers to the marketplace. Speed is often the key in such situations. The ability
to become operational quickly can make the difference between success and failure.

6. SERVICE PROVIDER

It offers services online. Some charge a fee while others generate revenue from other sources like
advertising. Many service providers are computer related. To complicate matters a bit. Most
financial transaction brokers provide services such as college tuition and pension planning. Travel
broker also provide vacation-planning services not just transaction with airlines and hotels. The basic
value proposition of services providers is that they offer consumer a valuable, convenient, time-
saving and low cost alternative to traditional services providers. Research has found for instance that
a major factor in predicting online buying behavior is time starvation. Service providers make
money through subscription fees, onetime payment for single use of the service. The market
opportunity for service providers is as large as the variety of services that can be provided and
potentially is equal to the market opportunity for physical goods. Ex www.xdrive.com,
www.mycfo.com.

7. COMMUNITY PROVIDER

They are sites that create a digital online environment where people with similar interests can
transact, communicate with likeminded people, receive interest related information and even pay out
fantasies by adopting online personalities. The basic value proposition is to create a fast, convenient,
one stop site where users can focus on their most important concerns and interests. They typically
rely on a hybrid revenue model that includes subscription fees, sales revenues, transaction fees,
 advertising fee from other firms, who are attracted by a highly focused audience. Ex
www.about.com, www.ivillage.com, www.blackplanet.com, www.oxygen.com, www.fool.com.

CALL CENTER
More and more companies are under constant pressure to innovate in the development and provision of
new services for their customers. The internet adds even more pressure. Every service that is put online
requires a call center so that people are able to call in, in case of problems. The calling does not mean
automatically a phone call anymore. The internet makes it possible to offer many different possibilities,
but the telephone can’t be neglected. It offers a very direct way of communication and many people
have got used to it.

Regardless of what “Customer Care” is called in your company, it is the process when your customers
contact you when they only have their particular problem in mind. What customer wants is a single point
of contact providing convenience and satisfaction. They want the person that they contact to be able to
handle their needs without a lot of hand-offs and call-backs. This requires a call-center solution.
Customers do not want to go to a branch to be served, but expect that their wishes are executed from
anywhere and they want more direct access to their assets. Customers want to be able to manage all
aspects of their account through a single, consistent and efficient service process. This process could be
handled over a phone. In order to make a call center efficient, it needs to access multiple data sources
within the company and carry out concurrent processing in different application, without delaying the
customer who may be waiting on-line for a response. These customer service functions also require
powerful client processing characteristics at the desktop, if implemented in a traditional telephone call
center. In order to make a call center successful, it needs to be highly integrated and needs to create a
single customer view through integration of all relevant databases.

WHAT MAKES A CALL CENTER GREAT?

Call center, a physical place where customers are handled by an association, usually with some amount
of computer automation. Characteristically, a call center has the ability to handle a considerable volume
of calls at the same time, to filter calls and forward those to someone qualified to address their concerns,
and to log calls. Call centers are used by directory assistance companies, telemarketing companies,
online market companies, product help desks, and any large business that uses the telephone to sell or
service products and services. There are three factors that are dependent with each other that make a
great Call center. These factors are:

• EFFICIENCY

Efficiency, the ability of being effective without wasting time or effort or expense. When a customer
contacts your center, they would want a fast, efficient answer to their questions, they want the same
thing every customer desires and that is customer satisfaction.
• CUSTOMER SATISFACTION

Customer satisfaction occurs when a call center delivers what the customer wants, when and how
they want it. Persons highly skilled in customer service understands that the customer doesn’t always
articulate what they want, sometimes you must dig for it, investigate. Once you have determined the
reason why the customer contacted you in the first place, you will be able to determine ways to help
him/her. The more you know about the customers concern, the better you will be able to help them,
resulting to one satisfied customer.

• REVENUE GENERATION

Revenue generation is the lifeblood of any organization, good revenue generation will not happen
without satisfied customers and the more efficient the call center, the more time is available for
generating revenue. Efficiency can’t be achieved without Good revenue generation and Customer
satisfaction. For example, when a call center fails to seek a customer on the first attempt, revenue
isn’t maximize because customer who really wanted the service/product must call back to get what
they wanted. This creates inefficiency by duplication of effort; it also represents poor service as it
makes the customer do more work to get what they wanted when they initiated the first call. Our
company, Global Response produces quality agents that get the job done with little waste of time
and energy. Inspired and driven to satisfy customers’ needs, resulting to additional and continuous
revenue for our clients.

COMPONENT BASED ARCHITECTURE

Component-Based Architectures represents a major shift in the IT industry from the traditional software
development paradigm. Evolved from object management approaches, the component model enables a
“plug and play”, solution integration alternative to the custom-development oriented, “design, code, and
test” development methodology. As the IT industry has transformed around this new computing model,
it is incumbent on government IT organizations to transform their solution development life cycle
processes to gain the promised benefits: shorter time to market, lower risk, modular and adaptive
systems. Component-Based Architecture (CBA) is a lifecycle approach to architecting software
solutions from components. It produces applications that are very flexible because of their component
"plug and play" nature. By modeling the business from a services perspective, we produce a target
architecture consisting of highly reusable components. This approach is key to implementing
applications (and modernizing legacy applications) that are able to support, rather than inhibit, business
change. It shifts the emphasis from programming s/w to composing s/w systems. Implementation has
given way to integration as the focus. There is sufficient commonality in many large s/w systems to
justify developing reusable components to exploit and satisfy that commonality. Component - based
systems are easier to assemble because the components are designed to be integrated with ease, and are
therefore, less costly to build, than systems constructed from discrete parts.
• Elicits requirements from the customer.
• Selects an appropriate architectural style to meet the objectives of the system to be built.
• Selects potential components for reuse.
• COMPONENT QUALIFICATION: qualifies the components to be sure that they properly fit the
architecture for the system.
• COMPONENT ADAPTION: adapts components if modifications must be made to properly
integrate them.
• COMPONENT ENGINEERING: custom components are engineered to address those aspects of the
system that can not be implemented using existing components.
• COMPONENT COMPOSITION: integrates the components to form subsystems and the application
as a whole. Component composition assembles qualified, adapted, and engineered components to
populate the architecture established for an application.
• To accomplish this, an infrastructure must be established to bind the components into an operational
system. The infrastructure (usually a library of specialized components) provides a model for the
coordination of components and specific services that enable components to coordinate with one
another and perform common tasks.
• COMPONENT UPDATION: replacing existing s/w as new versions of components become
available.

When systems are implemented with COTS (commercial off-the-shelf) components, update is
complicated by the imposition of a third party (i.e., the organization that developed the reusable
component may be outside the immediate control of the s/w engineering organization).

CIRCUIT LEVEL FIREWALL

This is a firewall approach that validates connections before allowing data to be exchanged. What this
means is that the firewall doesn't simply allow or disallow packets but also determines whether the
connection between both ends is valid according to configurable rules, then opens a session and permits
traffic only from the allowed source and possibly only for a limited period of time. Whether a
connection is valid may for examples be based upon:
• Destination IP addresses and/or port
• Source IP address and/or port
• Time of day
• Protocol
• User
• Password

Every session of data exchange is validated and monitored and all traffic is disallowed unless a session
is open. Circuit Level Filtering takes control a step further than a Packet Filter. Among the advantages
of a circuit relay is that it can make up for the shortcomings of the ultra-simple and exploitable UDP
protocol, wherein the source address is never validated as a function of the protocol. IP spoofing can be
rendered much more difficult. A disadvantage is that Circuit Level Filtering operates at the Transport
Layer and may require substantial modification of the programming which normally provides transport
functions (e.g. Winsock).
To validate a session, a circuit level firewall examines each connection setup to ensure that it follows a
legitimate handshake for the transport layer protocol being used (the only widely used transport protocol
that uses a handshake are TCP). In addition, data packets are not forwarded until the handshake is
complete. The firewall maintains a table of valid connections (which includes complete session state and
sequencing information) and let’s network packets containing data pass through when network packet
information matches an entry in the virtual circuit table. Once a connection is terminated, its table entry
is removed, and that virtual circuit between the two peer transport layers is closed. When a connection is
set up, the circuit level firewall typically stores the following information about the connection:
• A unique session identifier for the connection, which is used for tracking purposes
• The state of the connection: handshake, established, or closing
• The sequencing information
• The source IP address, which is the address from which the data is being delivered
• The destination IP address, which is the address to which the data is being delivered
• The physical network interface through with the packet arrives
• The physical network interface through which the packet goes out

Using this information, the circuit level firewall checks the header information contained within each
network packet to determine whether the transmitting computer has permission to send data to the
receiving computer and whether the receiving computer has permission to receive that data. Circuit level
firewalls have only limited understanding of the protocols used in the network packets. They can only
detect one transport layer protocol, TCP. Like packet filters, circuit level firewalls work by applying a
rule set that is maintained in the TCP/IP kernel. Circuit level firewalls allow access through the firewall
with a minimal amount of scrutiny by building a limited form of connection state. Only those network
packets that are associated with an existing connection are allowed through the firewall. When a
connection establishment packet is received, the circuit level firewall checks its rule bases to determine
whether that connection should be allowed. If the connection is allowed, all network packets associated
with that connection are routed through the firewall as defined in the firewall server's routing table with
no further security checks. This method is very fast and provides a limited amount of state checking.
Circuit level firewalls can perform additional checks to ensure that a network packet has not been
spoofed and that the data contained within the transport protocol header complies with the definition for
that protocol, which allows the firewall to detect limited forms of modified packet data. Circuit level
firewalls often readdress network packets so that outgoing traffic appears to have originated from the
firewall rather than an internal host. As stated previously, this process of readdressing network packets
is called network address translation, and because circuit level firewalls maintain information about each
session, they can properly map external responses back to the appropriate internal host.

To summarize, circuit level firewalls have the following advantages:

1. Circuit level firewalls are generally faster than application layer firewalls because they perform
fewer evaluations.
2. A circuit level firewall can help protect an entire network by prohibiting connections between
specific Internet sources and internal computers.
3. In conjunction with network address translation, you can use circuit level firewalls to shield internal
IP addresses from external users.

Circuit level firewalls have the following disadvantages:

1. Circuit level firewalls cannot restrict access to protocol subsets other than TCP.
2. Circuit level firewalls cannot perform strict security checks on a higher-level protocol should the
need arise.
3. Circuit level firewalls have limited audit event generation abilities but can typically tie a network
data packet to an application layer protocol by building limited forms of session state.
4. Circuit level firewalls do not offer value-added features, such as HTTP object caching, URL
filtering, and authentication because they do not understand the protocols being used and cannot
discern one from another.
5. It can be difficult to test "accept" and "deny" rules.

CLENT SERVER ARCHITECTURE

Client-server software architecture is versatile and flexible in today’s fast-changing IT landscape. It is

modular in structure and relies on messaging services for communication between components. They
were designed to improve flexibility, usability, scalability, and interoperability. Software flexibility
implies the ability for a program to change easily according to different users and different system
requirements. Usability refers to human-computer interaction and the ability of a software application to
accomplish a user’s goal. Some defining features are ease-of-use and a clear, logical process of
evolution towards a goal. Scalability refers to a product’s (be it hardware or software) ability to change
in size or volume gracefully to meet user requests. Interoperability is the ability of software or hardware
to function with other systems without requiring human intervention and manpower. Client-server
software architecture aims to increase productivity through improvements in all of these categories.
Client-server architecture developed as a response to the limitations of file-sharing architectures, which
require tons of bandwidth and can often stall or jam a network causing it to crash. They require low
shared usage and low volume of data to be transferred. In client-server architecture, the database server
replaced the file server. The primary languages for structuring queries are SQL and RCP. SQL stand for
‘standard query language’. SQL uses a GUI (graphic user interface) to make requests form databases.
RPC is protocol or set of rules structuring an intelligible request that is used by one program to request
data or services from another program on another computer in another network. Full knowledge of
network details is unnecessary. It allows an application to be distributed on and accessible from different
platforms. Client and server stubs are created respectively so each party has the section it needs for the
remote function it requests. Stubs are called to work when a remote function is required by the
application and communication between client and server is synchronous. RPCs make it easier to design
a client-server software architecture that employs multiple programs distributed over a network.

TWO TIER ARCHITECTURE

Two tier client-server software architectures improve usability and scalability. Usability is increased
though user-friendly, form-based interfaces. Scalability is improved because two tiered systems can hold
up to 100 users, whereas file server architectures can only accommodate 12. Two tiered architecture is
best suited to homogeneous environments processing non-complex, non-time sensitive information. Two
tier architectures consist of three components: user system interfaces, processing management, and
database management. User system interface (USI) is a component of an organization’s decision support
system, which includes human decision-makers. It provides a user friendly layer of communication to
make requests of the server and offers multiple forms of input and output. USIs include features like
display management services, sessions, text input, and dialog. Processing management includes process
development, process implementation, process monitoring, and process resources services. Database
management includes database and file services. Two tier client-server designs derive its name from
how it distributes work between client and server. Clients access databases through the user system
interface. Database management, on the server side, distributes processing between both client and
server. Both tiers, the client and the server, are responsible for some of the processing management.
Simply put, the client uses the user interface to make requests through database management on the
server side. Most of the application processing takes place on the client side, while the database
management system (DBMS), on the server side, focuses on processing data through stored procedures.
Connectivity between the tiers can be dynamically altered depending on users’ requests and the services
they are demanding. Two tier client server architectures work well for groups or businesses of up to 100
users on an LAN (Local Area Network), any more and service would deteriorate. Also, this software
architecture offers limited flexibility by requiring the writing of manual code to move program
functionality to a different server.

THREE TIER ARCHITECTURE

Three tier client server architecture is also known as multi-tier architecture and signals the introduction
of a middle tier to mediate between clients and servers. The middle tier exists between the user interface
on the client side and database management system (DBMS) on the server side. This third layer executes
process management, which includes implementation of business logic and rules. The three tier models
can accommodate hundreds of users. It hides the complexity of process distribution from the user, while
being able to complete complex tasks through message queuing, application implementation, and data
staging or the storage of data before being uploaded to the data warehouse. As in two tiered
architectures, the top level is the user system interface (client) and the bottom level is performs database
management. The database management level ensures data consistency by using features like data
locking and replication. Data locking is also referred to as file or record locking. This is a first-come,
first-serve DBMS feature used to manage data and updates in a multi-user environment. The first user to
access a file or record denies any other user access or “locks it”. It opens up again and becomes
accessible to other users once the update is complete. The middle tier is also called the application
server. It contains a centralized processing logic, which facilitates management and administration.
Localizing system functionality in the middle tier makes it possible for processing changes and updates
to be made once and be distributed throughout the network available to both clients and servers.
Sometimes the middle tier is divided into two or more units with different functions. This makes it a
multi-layer model. This layer receives requests from clients and generates HTML responses after
requesting it from database servers. Popular scripting languages include JavaScript, ASP (Active Server
Page), JSP (JavaScript Pages), PHP (Hypertext Preprocessor), Perl (Practical Extraction and Reporting
Language), and Python. One of the major benefits of three tier architecture is the ability to partition
software and “drag and drop” modules onto different computers in a network.

MODEL #1 OF THE CLIENT-SERVER ARCHITECTURE - STATIC

HTML PAGES
The client (browser) requests for an HTML file stored on the remote machine through the server
software. The server locates this file and passes it to the client. The client then displays this file on your
machine. In this case, the HTML page is static. Static pages do not change until the developer modifies
them.

MODEL #2 OF THE CLIENT-SERVER ARCHITECTURE - CGI

SCRIPTS
The scenario is slightly different for CGI applications. Here the server has to do more work since CGI
programs consume the server machine's processing power. Let us suppose you come across a searchable
form on a web page that runs a CGI program. Let us also suppose you type in the word 'computers' as
the search query. Your browser sends your request to the server. The server checks the headers and
locates the necessary CGI program and passes it the data from the request including your search query
"computers". The CGI program processes this data and returns the results to the server. The server then
sends this formatted in HTML to your browser which in turn displays the HTML page. Thus the CGI
program generates a dynamic HTML page. The contents of the dynamic page depend on the query
passed to the CGI program.
 MODEL #3 OF THE CLIENT-SERVER ARCHITECTURE - SERVER
SIDE SCRIPTING TECHNOLOGIES
The third case also involves dynamic response generated by the use of server side technologies. There
are many server side technologies today.
• Active Server Pages (ASP): A Microsoft technology. ASP pages typically have the extension .asp.
• Personal Home Pages (PHP): An open source technology. PHP pages typically have .php, .phtml
or .php3 file name extensions.
• Java Server Pages: .jsp pages contain Java code.
• Server Side Includes (SSI): Involves the embedding of small code snippets inside the HTML page.
An SSI page typically has .shtml as its file extension.

ADVANTAGES
1. In most cases, client-server architecture enables the roles and responsibilities of a computing system
to be distributed among several independent computers that are known to each other only through a
network. This creates an additional advantage to this architecture: greater ease of maintenance. For
example, it is possible to replace, repair, upgrade, or even relocate a server while its clients remain
both unaware and unaffected by that change. This independence from change is also referred to as
encapsulation.
2. All the data is stored on the servers, which generally have far greater security controls than most
clients. Servers can better control access and resources, to guarantee that only those clients with the
appropriate permissions may access and change data.
3. Since data storage is centralized, updates to that data are far easier to administer than what would be
possible under a P2P paradigm. Under P2P architecture, data updates may need to be distributed and
applied to each "peer" in the network, which is both time-consuming and error-prone, as there can be
thousands or even millions of peers.
4. Many mature client-server technologies are already available which were designed to ensure
security, 'friendliness' of the user interface, and ease of use.
5. It functions with multiple different clients of different capabilities.

DISADVANTAGES
1. Traffic congestion on the network has been an issue since the inception of the client-server
paradigm. As the number of simultaneous client requests to a given server increases, the server can
become severely overloaded. Contrast that to a P2P network, where its bandwidth actually increases
as more nodes are added, since the P2P network's overall bandwidth can be roughly computed as the
sum of the bandwidths of every node in that network.
2. The client-server paradigm lacks the robustness of a good P2P network. Under client-server, should
a critical server fail, clients’ requests cannot be fulfilled. In P2P networks, resources are usually
distributed among many nodes. Even if one or more nodes depart and abandon a downloading file,
for example, the remaining nodes should still have the data needed to complete the download.

COLLABORATIVE BUSINESS MODEL

The objective of the model is to provide a more competitive selection of tools, dies and related services
that any single tool & die supplier could offer individually. Through collaboration, the capabilities of the
suppliers will continue to improve, perhaps evolving such that certain suppliers will develop specially
areas of expertise where they will become recognized as world leaders. The intent is to encourage long
term relationship between a range of suppliers and their customers. The principal benefits are:
1. A tooling coalition can be designed to manage the volume of work associated with an entire
body structure or substructure.
2. It supports the total system approach, thus avoiding shifting costs and problems from one part of
the process to another.
3. It promotes the development of nice specialties by suppliers.
4. It better supports the implementation of functional build. The nature of functional build is to
identify the lowest cost solution to quickly fix problems.

Since the collaborative business model advocates a total systems approach for engineering, construction
and customer support for new tooling programs, the performance metrics should be adjusted to
recognize this broader perspective. Other additional performance measures should be evaluated are:

1. Total tooling cost achievement relative to budget.

2. Percent of parts that pass production validation according to schedule.
3. Launch rate, particularly for measures about body quality.
 SYNERGISTIC BENEFITS AND COST IMPACT OF
COLLABORATIVE MODEL
The figure illustrate a “pool” of companies with complementary products and services that can be drawn
into a particular project based on the project demands and based on customer requests. So model does
not discriminate as to who can join the coalition membership. The organizational makeup and
composition of each project team would depend on the customer.

The cost saving benefits of the collaborative model is significant. The immediate short term savings on
tools are 40%. The following areas are:

1. Manufacturing & Engineering Efficiencies: 10%

2. Coalition Efficiencies: 5%
3. Product Design Input: 10%
4. Learn Tool Standards: 5%
5. Functional Build: 10%

A number of synergistic opportunities include:

1. Sales & marketing efforts

2. Development of standardized processes
3. Development of tooling standards
4. Standardized project management methods & software
5. Improved utilization of coalition resources
6. Improve ability for small, nice shops to develop their enterprise
7. Financing resources & leverage for volume purchasing of standard components.
 IMPLEMENTATION ISSUES OF THE COLLABORATIVE MODEL
1. TOOL AND DIE COLLABORATION

Building trust and open communication between companies who are otherwise industry competitors
is difficult and requires the involvement of a neutral third party. The coalition of companies needs to
agree on a common mission, vision and operating principles. Further the coalition needs to develop a
business plan that outlines current capabilities, needed capabilities and growth areas, research &
development, marketing etc.

2. OPERATIONAL DECISION MAKING

Many sensitive business decisions are required including ownership structure, governance, staffing
and membership. The bidding process when multiple coalition companies desire the same piece of
work needs to be managed within anti-trust regulations.

3. INTERNAL SOURCING
The process of sourcing tools and services within the coalition is critically important to be fair, avoid
anti-trust guidelines and still promote the development of nice players. Ideally, certain suppliers
would be identical as the preferred supplier because of their technical capability, but this is difficult
and can violet anti-trust laws. One approach is to use an independent facilitator that can help identify
appropriate sourcing, perhaps using customer input. A heuristic that achieves the desired facility is
one approach.

4. ANTI TRUST
Companies have to be concerned about sharing cost and pricing information with companies that are
otherwise competitors. The coalition can demonstrate that their collective businesses offer a
competitive product that justifies the collaboration, but the communication of certain information
must be managed. Individual companies still remain the right to intellectual property in their field of
services.

5. FINANCE
Internal financing decisions and identifying the control and flow of capital is important. Many shops
would prefer to have a purchase order directly with the customer. But this would result in multiple
purchase orders and tend to weaken the single-point-of-contact management. A mechanism is
needed that allows for coalition level decision making when a decision is best for the whole, but
perhaps not for an individual company. One such possibility is a central pool of funds to support cost
and revenue sharing.

DRIVING FORCE OF COLLABORATIVE BUSINESS

1. Empowered users and customers
2. IT evolution
3. The global market place
 DATA MINING
Data mining is a powerful technology that converts detail data into competitive intelligences that
business can use to proactively predict future trends and behaviors. Some vendors define data mining as
a tool or as the application of an algorithm to data. Data mining is a process of discovering and
interpreting previously unknown patterns in data to solve business problems. Data mining is an iterative
process in which each cycle further refines the result set. This can be a complex process but there are
tools available today to help you navigate through the steps of the data mining process. From an IT
perspective, the data mining process requires exploration of data, creating the analytic data set, building
and testing the model and integrating the results into business applications. Therefore, the IT
organization must provide an environment capable of addressing the following challenges:

• Exploring and pre processing of large data volumes.

• Sufficient processing power to efficiently analyze many variables and rows in a timely manner.
• Integrating data mining results into the business process.
• Creating an extensible and manageable data mining environment.

Data mining leverages artificial intelligence and statistical techniques to build models. Data mining
models are built from situations where you know the outcome. Business problems that lend themselves
to data mining are predictive and descriptive in nature. Predictive models are used to predict an
outcome, referred to as the dependent or target variable, bases on the value of other variables in the data
set. The algorithm analyzes the value of all input variables and identifies which variables are significant
as predictors for a desired outcome. Descriptive models do not predict variables based on known
outcomes, but rather describe a particular pattern that has no known outcome. Common techniques
include data visualization where large volumes of data are reduced to a picture that can be easily
understood. Another common descriptive technique is clustering, where data are grouped into subjects
based on common attributes.
Data mining models are built as part of a data mining process- an ongoing process requires maintenance
throughout the life of the model. The data mining process is not linear but an iterative process where you
look back to the previous phase. The key to data mining is ensuring that you have a foundation of good,
quality data that is cleaned, consistent and accurate. A data warehouse provides the right foundation for
data mining.

ANALYTIC MODEL is a set of logical rules or a mathematical formula that represents pattern found
in data that are useful for a business purpose. Once a model has been built based on one set of data, it
can be reused to search for the discovered patterns in other similar data. Sometimes they are called
predictive models.

ASSOCIATION modeling technique is commonly referred to as affinity analysis and is used to identify
items that occur together during a particular event. Affinity analysis is commonly used to study market
baskets by identifying which combinations of products are most likely to be purchased together. Another
form of this technique is sequence analysis, a variation of affinity analysis. Using sequence analysis you
could begin to understand the orders in which customers tend to purchase specific products. These
results may be helpful in the early phases of establishing a potential cross selling strategy.

CLUSTERING is a type of modeling technique that can be used to place items into groups based on
like characteristics. The goal of attributes is to create groups of items that are similar bases in their
attributes within a given group but which are very different from items in other groups. It is frequently
used to create customer segments based on a customer’s behavior or other characteristics.

DECISION TREE technique produces a tree shaped structure that represents a set of decision to predict
a value of the target variable. This algorithm leverages a variety of techniques to separate or classify
data based upon rules.

LINEAR REGRESSION is a statistical technique used to find the best fitting linear relationship
between a numeric target variable and its set of predictor variables. It can be used to predict the amount
of over draft protection to offer a customer based on their account balances, year of service and other
characteristics.

LOGISTIC REGRESSION is a statistical technique used to find the best fitting linear relationship
between a categorical target variable and a set of predictors. It is commonly used to predict yes or no
question.

NEURAL NETWORKS is a non linear predictive modeling technique, loosely based on the structure
of the human brain that learns through training. This technique is commonly used to predict a future
outcome based on historical data. However, it frequently requires substantial expertise to understand the
rationable for the decision and predictions it makes. It is sometimes referred to as a black box because it
produces a model that is less understandable but often more accurate.

SCORE is an outcome of a model that represents a predicted or inferred value on some trait or
characteristic of interest. We can think of a source as the result of the model.

DATA ENCRYPTION STANDARDS

Data encryption (cryptography) is utilized in various applications and environments. The specific
utilization of encryption and the implementation of the DES will be based on many factors particular to
the computer system and its associated components. In general, cryptography is used to protect data
while it is being communicated between two points or while it is stored in a medium vulnerable to
physical theft. Communication security provides protection to data by enciphering it at the transmitting
point and deciphering it at the receiving point. File security provides protection to data by enciphering it
when it is recorded on a storage medium and deciphering it when it is read back from the storage
medium. In the first case, the key must be available at the transmitter and receiver simultaneously during
communication. In the second case, the key must be maintained and accessible for the duration of the
storage period. Federal Information Processing Standard (FIPS) provides approved methods for
managing the keys used by the algorithm specified in this standard. Cryptographic modules which
implement this standard shall conform to the requirements of FIPS. The algorithm specified in this
standard may be implemented in software, firmware, hardware, or any combination thereof. The specific
implementation may depend on several factors such as the application, the environment, the technology
used, etc. Implementations which may comply with this standard include electronic devices (e.g., VLSI
chip packages), micro-processors using Read Only Memory (ROM), Programmable Read Only Memory
(PROM), or Electronically Erasable Read Only Memory (EEROM), and mainframe computers using
Random Access Memory (RAM). When the algorithm is implemented in software or firmware, the
processor on which the algorithm runs must be specified as part of the validation process.
Implementations of the algorithm which are tested and validated by NIST will be considered as
complying with the standard. FIPS places additional requirements on cryptographic modules for
Government use. Information about devices that have been validated and procedures for testing and
validating equipment for conformance with this standard and FIPS are available from the National
Institute of Standards and Technology, Computer Systems Laboratory, Gaithersburg.

The Data Encryption Standard (DES) specifies a FIPS approved cryptographic algorithm as required by
FIPS. This publication provides a complete description of a mathematical algorithm for encrypting
(enciphering) and decrypting (deciphering) binary coded information. Encrypting data converts it to an
unintelligible form called cipher. Decrypting cipher converts the data back to its original form called
plaintext. The algorithm described in this standard specifies both enciphering and deciphering operations
which are based on a binary number called a key. A key consists of 64 binary digits ("O"s or "1"s) of
which 56 bits are randomly generated and used directly by the algorithm. The other 8 bits, which are not
used by the algorithm, are used for error detection. The 8 error detecting bits are set to make the parity
of each 8-bit byte of the key odd, i.e., there is an odd number of "1"s in each 8-bit byte. Authorized users
of encrypted computer data must have the key that was used to encipher the data in order to decrypt it.
The encryption algorithm specified in this standard is commonly known among those using the standard.
The unique key chosen for use in a particular application makes the results of encrypting data using the
algorithm unique. Selection of a different key causes the cipher that is produced for any given set of
inputs to be different. The cryptographic security of the data depends on the security provided for the
key used to encipher and decipher the data. Data can be recovered from cipher only by using exactly the
same key used to encipher it. Unauthorized recipients of the cipher who know the algorithm but do not
have the correct key cannot derive the original data algorithmically. However, anyone who does have
the key and the algorithm can easily decipher the cipher and obtain the original data. A standard
algorithm based on a secure key thus provides a basis for exchanging encrypted computer data by
issuing the key used to encipher it to those authorized to have the data. Data that is considered sensitive
by the responsible authority, data that has a high value, or data that represents a high value should be
cryptographically protected if it is vulnerable to unauthorized disclosure or undetected modification
during transmission or while in storage. A risk analysis should be performed under the direction of a
responsible authority to determine potential threats. The costs of providing cryptographic protection
using this standard as well as alternative method of providing this protection and their respective costs
should be projected. A responsible authority then should make a decision, based on these analyses,
whether or not to use cryptographic protection and this standard.

DIGITAL CERTIFICATES
Over the Internet, interaction takes place via an open network where there is no physical presence. Thus
we do not know the identity of the people with whom we communicate and exchange. Virtual
technology brings with it certain risks, such as identity theft (phishing), or the interception of our
messages by third parties, or the repudiation of a sale, payment or exchange. In this context, setting up
security services such as digital certification turns out to be necessary. A digital certificate acts like an
identity card on the Internet, creating a climate of trust between two distant entities (natural persons,
Web servers, routers) which need to authenticate themselves to communicate with each other and to
exchange confidential information. A certificate specifies the name of a person, company or entity, and
certifies that the public key included in the certificate belongs to it. Any digital certificate is provided by
a trustworthy third party or Certification Authority. This is an entity responsible for issuing, delivering
and managing digital certificates. The identity of the owner of a certificate is guaranteed by the
Certification Authority. The most widely accepted format for Digital Certificates is defined by the
CCITT X.509 international standard; thus certificates can be read or written by any application
complying with X.509. Digital Certificates can be used for a variety of electronic transactions including
e-mail, electronic commerce, groupware and electronic funds transfers. A Digital Certificate typically
contains the:
• Owner's public key
• Owner's name
• Expiration date of the public key
• Name of the issuer (the CA that issued the Digital Certificate
• Serial number of the Digital Certificate
• Digital signature of the issuer

Virtual malls, electronic banking, and other electronic services are becoming more commonplace,
offering the convenience and flexibility of round-the-clock service direct from your home. However,
your concerns about privacy and security might be preventing you from taking advantage of this new
medium for your personal business. Encryption alone is not enough, as it provides no proof of the
identity of the sender of the encrypted information. Without special safeguards, you risk being
impersonated online. Digital Certificates address this problem, providing an electronic means of
verifying someone's identity. Used in conjunction with encryption, Digital Certificates provide a more
complete security solution, assuring the identity of all parties involved in a transaction. Similarly, a
secure server must have its own Digital Certificate to assure users that the server is run by the
organization it claims to be affiliated with and that the content provided is legitimate.

A digital signature functions for electronic documents like a handwritten signature does for printed
documents. The signature is an unforgivable piece of data that asserts that a named person wrote or
otherwise agreed to the document to which the signature is attached. A digital signature actually
provides a greater degree of security than a handwritten signature. The recipient of a digitally signed
message can verify both that the message originated from the person whose signature is attached and
that the message has not been altered either intentionally or accidentally since it was signed.
Furthermore, secure digital signatures cannot be repudiated; the signer of a document cannot later
disown it by claiming the signature was forged. In other words, Digital Signatures enable
"authentication" of digital messages, assuring the recipient of a digital message of both the identity of
the sender and the integrity of the message.

Normally, a key expires after some period of time, such as one year, and a document signed with an
expired key should not be accepted. However, there are many cases where it is necessary for signed
documents to be regarded as legally valid for much longer than two years; long-term leases and
contracts are examples. By registering the contract with a digital time-stamping service at the time it is
signed, the signature can be validated even after the key expires. If all parties to the contract keep a copy
of the time-stamp, each can prove that the contract was signed with valid keys. In fact, the time-stamp
can prove the validity of a contract even if one signer's key gets compromised at some point after the
contract was signed. Any digitally signed document can be time-stamped; assuring that the validity of
the signature can be verified after the key expires. A digital time-stamping service (DTS) issues time-
stamps which associate a date and time with a digital document in a cryptographically strong way. The
digital time-stamp can be used at a later date to prove that an electronic document existed at the time
stated on its time-stamp. The use of a DTS would appear to be extremely important, if not essential, for
maintaining the validity of documents over many years.

There are four kinds of digital certificate:

1. Digital signature certificate: this associates the identity of a person with a public key. It may be
used to sign electronic messages and to authenticate at a scurried session (e.g. doing an electronic
transfer payment)
2. Server certificate: this associates the identity of a web server with a public key. It ensures security
of exchanges between the server and its customers when a scurried session is established. (e.g. for an
on-line purchase or payment on a market web site)
3. VPN certificate: this allows information concerning certain network nodes (routers, firewalls,
concentrators…) to be associated with a public key. This certificate is used to guarantee the security
of exchanges made between an organization and its branches via scurried tunnels in the
communications network.
4. Code signature certificate: this allows a program, script or software to be signed to guarantee its
authenticity by the signature of its developer. It also protects it against piracy risks.
 DIGITAL SIGNATURES
Encryption technologies can’t only be used to ensure that nobody else other than the authorized persons
are able to read a certain message, it is also possible to ensure the authenticity of any given message
through a digital signature. Internet services offering public key infrastructure (PKI) offer both
functionalities as part of their services.

A digital signature is not a scanned image of a hand-written signature or a type signature. It is an

electronic substitute for a manual signature. Technically spoken, it is an identifier composed of a certain
sequence of bits, which is created through a hash function and the result is encrypted with the sender
private key. By adding the digital signature to the digital document, it can be easily verified who signed
it, when it has been sent off and whether the document has been altered during transit. Once the
encrypted message has been sent out, the recipients are able to decrypt the message using their private
key. If a signature is found, the same hash function is invoked, as the sender was using and the message
digest of the recipient is compared automatically with the result of the sender. If the two results match,
the message was really sent by the sender.

As digital certificated are difficult to forge, non-repudiation has become possible on the internet. If a
person has sent out a certain message, it can be traced back much more easily through a PKI and the
signatures. The PKI is used to store the time when a certain message has been sent out, which can be
very important in some business cases. Digital signatures form the basis for formally legally binding
contracts in the course of e-business, since they provide electronically the same forensic effort that a
traditional paper document and a hand written signature there on provides. In order to use digital
signatures legally a framework needs to be created in all countries that define exactly what a signature is
and how it can be created.

E-AUCTIONS
Online auction sites are among the most popular C2C sites on the internet. Auctions are markets in
which prices are variable and based on the competition among participants who are buying or selling
products and services. Auctions are one type of dynamic pricing, in which the price of the product
varies, depending directly on the demand characteristics of the customer and the supply situation of the
seller. There are a wide variety of dynamically priced markets. In dynamic pricing, merchants change
their product prices based on both their understanding of how much value the customer attaches to the
product and their own desire to make a sale. Likewise, customers’ changes their offer to buy based on
both their perception of the seller desire to sell and their own need for the product. In contrast,
traditional mass market merchants generally use fixed pricing – one national price, everywhere for
everyone. Trigger pricing used in M-Commerce applications adjust prices based on the location of the
consumer. Utilization pricing adjust prices based on utilization of the product. Personalization pricing
adjusts prices based on the merchant’s estimate of how much the customer truly values the product. Ex
www.ebay.com, www.auction.amazon.com, www.auctions.yahoo.com, www.auctions.cnet.com,
www.oldandsold.com, www.teletrade.com.
 BENEFITS OF AUCTIONS
1. LIQUIDITY

Sellers can find willing buyers and buyers can find sellers. The internet enormously increased the
liquidity of traditional auctions that usually required all participants to be present in a single room.
Now sellers and buyers can be located anywhere around the globe.

2. PRICE DISCOVERY

Buyers and sellers can quickly and efficiently develop prices for items that are difficult to assess,
where the price depends on demand and supply and where the product is rare.

3. PRICE TRANSPARENCY
Public internet auctions allow everyone in the world to see the asking and bidding prices for items. It
is difficult for merchants to engage in price discrimination when the items are available on auctions.
However, because even huge auction sites do not include all the world’s online auction items, there
still may be more than one world price for a given item.

4. MARKET EFFICIENCY
Auctions can and often do lead to reduced prices and hence reduced profits for merchants leading to
an increased in customer welfare – one measure to market efficiency. Online auctions can provide
consumers the chance to find real bargain at potentially give-away prices; they also provide access to
a very wide selection of goods that would be impossible for consumers to physically access by
visiting stores.

5. LOWER TRANSACTION COSTS

Online auctions can lower the cost of selling and purchasing products, benefiting both merchants and
consumers. Internet auctions have very low transaction costs.

6. CONSUMER AGGREGATION
Sellers benefit from large auctions sites’ ability to aggregate a large no of consumers who are
motivated to purchase something in one market place. Auction-site search engines that lead
consumers directly to the products they are seeking make it very likely that consumers who visit a
specific auction really are interested and ready to buy at some price.

7. NETWORK EFFECTS
The large an auction site becomes in terms of visitors and product for sale, the more valuable it
becomes as a marketplace for everyone by providing liquidity and several other benefits.

RISKS OF AUCTIONS
1. DELAYED CONSUMPTION COSTS

Internet auctions can go for days and shipping will take additional time.
2. MONITORING COSTS

Participation in auctions required your time to monitor.

3. EQUIPMENT COSTS
Internet auctions require you to purchase a computer system, pay for internet access and learn a
complex operating system.

4. TRUST RISKS
Online auctions are the single largest source of internet fraud. Using auctions increases the risks of
experiencing a loss.

5. FULFILMENT COSTS
Typically, the buyers pay fulfillment costs of packing, shipping and insurance where as at physical
store these costs are included in the retail price.

TYPES OF AUCTIONS
1. ENGLISH AUCTIONS

They are the easiest to understand and the most common form of auction. Typically there is a single
item up for sale from a single seller. There is a time limit when the auction ends, a reserve price
below which the seller will not sell and a minimum incremental bid set. Multiple buyers bid against
one another until the auction time limit is reached. The highest bidder wins the item. They are
considered to be seller biased because multiple buyers compete against one another usually
anonymously.

2. DUTCH INTERNET AUCTIONS

They are typically used by sellers with many identical items to sell. Sellers start by listing a
minimum price or starting bid for one item and the no. of items for sale. Bidder specifies both a bid
price and the quantity they want to buy. Winning bidders pay the same price per item which is the
lowest successful bid. This market clearing price can be less than some bids. If there are more buyers
than items, the earliest successful bids get the goods. The auction is usually quite rapid and proxy
bidding is not used.

3. NAME YOUR OWN PRICE AUCTIONS

This auction pioneered by price line is the second most popular auction format on the web. Although
www.priceline.com also acts as an intermediary buying tickets and vacation packages at a discount
and selling them at a reduced retail price or matching its inventory to bidders, it is best known for its
name, where users specify what they are willing to pay for goods or services and multiple providers
bid for their business. Price does not descend and are fixed. The initial consumer offer is a
commitment to purchase at that price. The buyer bias is multiple sellers competing against one
another for an individual’s business.
 4. GROUP BUYING AUCTIONS: DEMAND AGGREGATORS
Demand aggregators facilitate group buying of products at dynamically adjusted discount prices
based on high volume purchases. Mercata (originator of demand aggregator) holds several patents
covering online demand aggregation. The largest supplier today of demand aggregators’ software is
“Accompany”. In demand aggregation group buying applications, a market maker selects a product
that he or she believes many customers would like to purchase. Customers of the site enter their
order quantities. Supplier monitoring the selection and order volume bid against one another to
become the sole supplier. Prices move down as suppliers compete for a growing size order. Demand
aggregation is built on two principles. First, sellers are more likely to offer discounts to buyers
purchasing in volume and second, buyers increase their purchases as price fall. Price is expected to
dynamically adjust to the volume of the order and the motivations of the vendors.

5. PROFESSIONAL SERVICE AUCTION

This auction is a sealed-bid, dynamically-priced market for freelance professional services from
legal and marketing to graphics design and programming services. Firms looking for professional
services post a project description and request for bid. Providers of services bid for the work. The
buyers can choose from among bidders on the basis of both cost and perceived quality of the
providers, which can be gauged from the feedback of clients posted on the site. This type of auction
is a reverse vickrey like auction where sealed bids are submitted and the winner is usually the low-
cost provider of services.

6. AUCTION AGGREGATORS
They use computer programs to search thousand of web auction sites, sourcing up information on
products, bids, auctions duration and bid increments. Consumers search auction aggregator sites for
product of interest and the site returns a list of both fixed price sales locations and auction locations
where the product is for sale. They work by sending web crawlers to thousand of auction sites every
night gathering all information on product listings.

FACTORS TO CONSIDER WHEN CHOOSING AUCTIONS

CONSIDERATIONS DESCRIPTION

1. TYPE OF PRODUCT : Rare, unique, commodity, perishable

2. STAGE OF PRODUCT LIFE CYCLE : Early, mature, late
3. CHANNEL MANAGEMENT ISSUES : Conflict with retail distributors
4. TYPE OF AUCTIONS : Seller vs. buyer bias
5. INITIAL PRICING : Low vs. high
6. BID INCREMENT AMOUNTS : Low vs. high
7. AUCTION LENGTH : Short vs. long
8. NO. OF ITEMS : Single vs. multiple
9. PRICE ALLOCATION RULE : Uniform vs. discriminatory
10. INFORMATION SHARING : Closed vs. open bidding
 E-BUSINESS
BY: AMITABHA BOSE

E-BUSINESS MODELS
E-BUSINESS FUNDAMENTALS

BUSINESS TO BUSINESS MODELS

BUSINESS TO CONSUMER MODELS

COLLABORATIVE BUSINESS MODELS

E-BUSINESS ARCHITECTURE
WEB ARCHITECTURE & CGI

APPLET / SERVLET

CLIENT SERVER ARCHITECTURE

COMPONENT BASED ARCHITECTURE

E-PROCUREMENT SYSTEMS
E-AUCTIONS

E-TENDER

REVERSE AUCTIONS

E-CUSTOMER RELATIONSHIP MANAGEMENT

CALL CENTRE

PARTNER RELATIONSHIP MANAGEMENT

E-SERVICE MANAGEMENT

E-MARKETING

BUSINESS INTELLIGENCE SYSTEMS

DATA MINING MODELS

E-CUSTOMER RELATIONSHIP MANAGEMENT

PUBLIC KEY INFRASTRUCTURE & DIGITAL SIGNATURE

Data Encryption Standards

RSA

Public and private keys

DIGITAL SIGNATURE

Digital Certification

MIME

INTERNET SECURITY & FIREWALL SYSTEMS

IPSec protocol

S-HTTP

Secure Socket Layer (SSL)

IP Spoofing

Firewall Systems

Packet Filtering Firewall

Application Level Firewall

Circuit level Firewall

E-PAYMENT SYSTEMS
SET PROTOCOLS

E-CHECK
E-CASH

MICRO PAYMENT SYSTEMS

SMART CARD

ELECTRONIC FUND TRANSFER

E-MARKETS
WEB ADVERTISING, ONLINE MARKET RESEARCH, MARKET MAKING

CYBER LAW
IT ACT OF INDIA

E-CASH
Electronic cash solutions use software to save the equivalent of cash onto a hard or a floppy disk. Coins
and bank notes are replaced by digitally signed files. The advantage of this system is that the cost of
passing on the money is nearly zero (the only real cost you have is the internet connection). In order to
receive the money, you need to go to a virtual automatic teller machine on the internet or to a real world
ATM, where we can get electronic cash by direct debit from the bank account or by credit card payment.
The difficulties with electronic cash are to implement it in a very secure way. As the money is stored in
files, it should be made clear that by copying the files the value of the cash is not increased nor should it
be possible to alter the amount of the digital money on our hard disk. Electronic coins and notes should
have digital marks that made it impossible to use them more than once. The use od encryption
technologies, digital signatures and electronic signatures helps to reduce the possibility of fraud.

In order to emulate coins and bank notes, digital money should not reveal the identity of the person who
has paid with it. Payment should not require a bank in between. Electronic money should be exchanged
directly between the two partners involved. Splitting up the value is also very important. Instead of one
digital bank note, you should be able to split it up into several bank notes and coins, which can be passed
on to different people. While many different companies are rushing to offer digital money products,
currently e-cash is cash is represented by two models. One is the on-line form of e-cash (introduced by
DigiCash) which allows for the completion of all types of internet transactions. The other form is off-
line; essentially a digitally encoded card that could be used for many of the same transactions as cash.
This off-line version (which also has on-line capabilities) is being tested by Mondex in partnership with
various banks.

The primary function of e-cash is to facilitate transactions on the Internet. Many of these transactions
may be small in size and would not be cost efficient through other payment mediums such as credit
cards. Thus, WWW sites in the future may charge $0.10 a visit or $0.25 to download a graphics file.
These types of payments, turning the Internet into a transaction oriented forum, require mediums that are
easy, cheap (from a merchants perspective), private, and secure. Electronic Cash is the natural solution,
and the companies that are pioneering these services claim that the products will meet the stated criteria.
By providing this type of payment mechanism, the incentives to provide worthwhile services and
products via the Internet should increase. To complete the digital money revolution an offline product is
also required for the pocket money/change that most people must carry for small transactions (e.g.
buying a newspaper, buying a cup of coffee, etc...).

The concept of electronic money is at least a decade old. When one person writes a check on his bank
account and gives the check to another person with an account at a different bank, the banks do not
transfer currency. The banks use electronic fund transfer. Electronic money, removes the middleman.
Instead of requesting the banks to transfer the funds through the mechanism of a check, the E-cash user
simply transfers the money from his bank account to the account of the receiver. The reality of E-cash is
only slightly more complicated, and these complications make the transactions both secure and private.
The user downloads electronic money from his bank account using special software and stores the E-
cash on his local hard drive. To pay a WWW merchant electronically, the E-cash user goes through the
software to pay the desired amount from the E-cash "wallet" to the merchant’s local hard drive
("wallet") after passing the transaction through an E-cash bank for authenticity verification. The
merchant can then pay its bills/payroll with this E-cash or upload it to the merchant's hard currency bank
account. The E-cash company makes money on each transaction from the merchant (this fee is very
small, however) and from royalties paid by banks which provide customers with E-cash
software/hardware for a small monthly fee. Transactions between individuals would not be subject to a
fee.

E-cash truly globalizes the economy, since the user can download money into his cyber-wallet in any
currency desired. A merchant can accept any currency and convert it to local currency when the cyber
cash is uploaded to the bank account. To the extent a user wants E-cash off-line all that is necessary is
smart card technology. The money is loaded onto the smartcard, and special electronic wallets are used
to offload the money onto other smartcards or directly to an on-line system. Smartcards have been used
successful in other countries for such transactions as phone calls for a number of years. The money
could also be removed from a smartcard and returned to a bank account. Visa is developing a related
product, the stored value card. This card comes in a variety of denominations, but functions more like a
debit card than E-cash.

In essence, E-cash combines the benefits of other transaction mediums. Thus, it is similar to debit/credit
cards, but E-cash allows individuals to conduct transactions with each other. It is similar to personal
checks, but it is feasible for very small transactions. While it appears superior to other forms, E-cash will
not completely replace paper currency. Use of E-cash will require special hardware, and while most
people will have access, not all will. However, E-cash presents special challenges for the existing
"middlemen" of the current paper currency society. More and more, banks and other financial
intermediaries will serve simply as storehouses for money, lenders, and processing/verifying electronic
transactions. Personal interaction with a teller or even visits to a bank ATM will become obsolete. All
one will have to do is turn on his computer.
 DIGITAL PAYMENT REQUIREMENTS
In order to make a digital payment system successful, it needs to adhere to the following requirements:

• ACCEPTABILITY: In order to be successful, the payment infrastructure needs to be widely

accepted.
• ANONYMITY: If desired by the customer, their identity should be protected.
• CONVERTIBILITY: The digital money should be able to be converted into other types of funds.
• EFFICIENCY: The cost per transaction should be near zero.
• FLEXIBILITY: Several methods of payment should be supported.
• INTEGRATION: To support existing applications, interfaces should be created to integrate with
the applications.
• RELIABILITY: The payment system needs to be highly available and should avoid single point of
failure.
• SCALABILITY: Allowing new customers and merchants into the system should not break down
the infrastructure.
• SECURITY: It should allow financial transactions over open networks such as internet.
• USABILITY: Payment should be as easy as in the real world.

E-CHECK
Internet cheques have no greater importance on the internet, so far, but still it is important to understand
the way they can be used. Electronic cheques work similarly to conventional cheques. The customer
receives digital documents from their banks and need to enter the amount of the payment, the currency
and the name of the payee for every payment transaction. In order to cash in the electronic cheque, it
needs to be digitally signed by the payer. ECheck, a new payment instrument combining the security,
speed and processing efficiencies of all-electronic transactions with the familiar and well-developed
legal infrastructure and business processes associated with paper checks, is the first and only electronic
payment mechanism chosen by the United States Treasury to make high-value payments over the public
Internet. An eCheck is the electronic version or representation of a paper check. It contains:
• contain the same information as paper checks contain
• are based on the same rich legal framework as paper checks
• can be linked with unlimited information and exchanged directly between parties
• can be used in any and all remote transactions where paper checks are used today
• enhance the functions and features provided by bank checking accounts
• expand on the usefulness of paper checks by providing value-added information

The FSTC Electronic Check (eCheck) is currently being piloted at the US Department of the Treasury.
The eCheck leverages the check payment system from the real to the virtual world with fewer manual
steps involved. It fits within current business practices, eliminating the need for expensive process re-
engineering. The eCheck system is highly secure and can be used by all bank customers who have
checking accounts. ECheck technology is software and hardware developed by FSTC members to:
• minimize start up expenses
• apply universal industry standards
• provide ubiquity for participants

ECheck contains the same information as paper checks and are based on the same legal framework. The
electronic cheques can be exchanged directly b/w parties and can replace all remote transactions, where
paper checks are used today. ECheck work as the same way traditional cheques work. The customer
writes the eCheck and gives the eCheck to the payee electronically. The payee deposits the electronic
cheque, receives credit and the payee’s bank ‘clears” the eCheck to the paying bank. The paying bank
validates the eCheck and charges the customer’s account for the cheque sum. ECheck have important
new features. They offer:
• the ability to conduct bank transactions, yet are safe enough to use on the Internet
• unlimited, but controlled, information carrying capability
• reduces fraud losses for all parties
• automatic verification of content and validity
• traditional checking features such as stop payments and easy reconciliation
• enhanced capabilities such as effective dating

ECheck are based on:

• the Financial Services Markup Language (FSML)
• strong digital signatures using any available algorithm
• secure hardware tokens such as smartcards
• digital certificates
• banking and business practices

ECheck offer the ability to conduct bank transactions in a safe way via the internet. The validity of the
eCheck can be verifies automatically by the bank, which reduces fraud losses for all parties involved.
Using the Financial Services Markup Language (FSML) and the use of digital signatures and certificates
make the system highly secure. ECheck are the most secure payments instrument or transaction ever
designed or developed. ECheck are designed to utilize state of the art security techniques of:
• authentication
• public key cryptography
• digital signatures
• certificate authorities
• duplicate detection
• encryption
 E-CRM
E-CRM is not just your call center; self service web sites, sales force automation tool or the analysis of
customer’s purchasing behaviors. E-CRM is all of these initiatives working together to enable you to
more effectively respond to your customer’s needs and to market to them on a one-to-one basis. It is
about the customer not any individual piece of technology. If we evaluate and understand how our
customers behave and how we need to respond to them, then we can begin to understand the component
pieces of E-CRM. Today, there are many ways a customer can interact with a vendor. With today’s
technology it’s possible for each of these contact points to be driven from the same base of information
about the customer. However, it is not unusual for these contact points to be driven from discrete bases
of information which are not co-coordinated and do not have the same content. Integrated customer
information architecture to support all of these applications could prevent this lack of coordination.

The first need is to identify in delivery. True E-CRM is integrated customer information architecture.
Creating and maintaining this integrated information architecture is not a trivial process. The various
applications contributing to the architecture need to be identified. The data must then be extracted,
transformed and loaded into the environment. Replication strategies may need to be incorporated to keep
the applications in synchronization with each other. The next step is to segment and analyze what we
have. We need to understand where we make money. We need to know which channels are working and
which one are not. We need to understand what our competitors are doing. There are statistical analysis
techniques that can provide this insight. The tools to answer these questions are the true OLAP tools on
the market today. There is also a special subset of tools that facilitate the heavy duty statistical analysis
or data mining.
Once we better understand our customers, we need to be able to promote to them in a direct way. Tools
to support this area are fragmented and solution specific. Sales force automation (SFA) and call center
applications only address one piece. Personalization engines only cover the web. Broadcast engines only
deals with telephony. The challenge is to extract the necessary customer transaction data from these
discrete applications and incorporate the data in our CRM ready data warehouse. It is then that we have
“closed the loop” and can truly attain one-to-one and permission marketing relationship with our
customers.

The key benefits are:

• Information synergy across business departments.
• Improved customer retention.
• Introduction of customer self service.
• Fully personalized.
• 24/7/365 customer service platform.
• Open channel to communicate.
• Ability to pre-empt customer problems.
• Allow you to understand your customer better.
• Make more informed decision based on accurate information.
• Real time updateable information – maximizing customer information accuracy.

ELECTRONIC FUND TRANSFER

REQUIREMENTS
• Bank Account.
• Buyer needs Internet or phone access to their bank account.

HOW IT WORKS
• The seller gives the buyer their bank sort code and account no.
• The buyer then accesses their own bank account and sends the seller the money.

WHY USE FUND TRANSFER

• If the buyer and seller bank with the company the fund transfer is instant otherwise it takes
approximate 3 working days.
• The transfer is of cleared funds. The buyer may only sends cleared funds from their account and
once it appears on the sellers account, it is immediately available to withdraw.
• No more waiting for cheques to clear, waiting for cheques in the post etc.
• Quicker and less risky then sending cheques.
• No fees for buyer or seller.
• No minimum or maximum amount. The amount is limited only by buyer’s available cleared funds.
 LIMITATIONS
• Overseas Electronic Fund Transfer is available from some banks but usually carries a fee.
• Buyers mush have Internet or phone access to his account.
• To a lesser degree the seller will only know the money has arrived when they check bank statements
or check their balance online / phone.
• The “Instant” transfer might have to wait until the next working day if it is done outside banking
hours.

CLAWBACK
Funds sent by Electronic Fund Transfer can be “clawed back” by the sender provided the request is
made on the same working day the funds are transferred, therefore the funds do not really clear until the
nest working day after receipt.

CONCERNS
To access bank account and withdraw funds a person needs to know much more then just account no
and sort code.

MARKETING STRATEGY ON THE WEB

A strategy for marketing on the internet should follow the subsequent rules:

• BRANDS: Your web site becomes your most important brand.

• CHANGE: The rules on the Internet are changing.

• CONCISENESS: Keep your pages short and spread information on several pages.

• CONTENT: Content is king. Don’t bore your customers.

• DYNAMIC SITES: Create dynamic sites that use new technologies to adapt information based on
user profiles.

• FINANCES: Try new markets with low advertising pricing schemes.

• FREE GIVE-AWAYS: Create freebee offerings for your loyal customers.

• GLOBAL VILLAGE: Think global but localize.

• LIVE EVENTS: Online events create awareness fast.

• NICHE MARKETS: The internet is a series of niche markets and mass markets.

• PROMOTION: Promote your site everywhere.

• SYNDICATION: Co-brand your services and products.

• TECHNOLOGY: use internet technology to maximize your marketing objectives.

 WEB DESIGN RULES
In order to have a successful business online, the visual presentation of your web site needs to adhere to
the following rules.

• CONTENT: Focus your attention first on content and then on design.

• CONSISTENCY; Design your site consistently without varying the content.

• DENSITY: Break up content into little pieces without tearing it apart.

• SIZE: Use small graphics with large impact.

• DESIGN: Use few colors without designing a monotone web site.

BANNER ADVERTISING RULES

In order to implement a successful online banner campaign, the following rules are to be kept in mind:

• KEEP BANNER SMALL: The message must be visible within a few seconds on low connections.

• INVEST IN DESIGN: Use a concise design to display your message.

• AVOID COMPLEX ANIMATIONS: Animations are cute, but take up a lot of time for
downloading.

• MAKE IT READABLE: Don’t use funny fonts. Display your message in such a way that everyone
is able to read it.

• MAKE SURE THE LINK WORKS: The best banner ad is useless if the link leads into nirvana.

• DESIGN A COMPELLING MESSAGE: Make a short, compelling statement on your product or

service.

MEASUREMENT UNITS
• PAGE VIEW: An HTML page that has been successful downloads, including all embedded
elements.

• HITS: Every access to the web server, including HTML pages, graphics, sound, frames.

• VISITS: A sequence of page views performed by a single visitor. If the user does not view a page for
fifteen minutes then the visit is over.

• VISITOR: A visitor is a user that can be identified by certain properties such as e-mail address or
cookies.

• AD-IMPRESSION: Number of banner views on a certain web page.

• AD-CLICK: Number of clicks on a banner for a certain web page.

ONE TO ONE MARKETING STRATEGIES

• IDENTIFICATION: Identify your customers in order to understand the buying patterns for every
single customer.

• INTERACTION: Offer your customers’ automated assistance by pre-selecting goods, information

and services.

• DIFFERENTIATION: Treat all customers on a personal basis. Address the values and needs of
every single customer.

• TRACKING: In order to understand your customers better it is necessary to tract down every
transaction for every individual customer.

• CUSTOMIZATION: Build product module, information part and service components that can be
adapted to the needs of every single customer.

MEASURING CUSTOMER SATISFACTION

• ATTRIBUTE IMPORTANCE: Every service attribute contributes diversely to the overall
satisfaction of the customer. Therefore it is necessary to establish which attributes have which
priority for a given customer and try to strengthen the most important attributes first. Every customer
will have other priorities, so the system can become quite complicated.

• CUSTOMER SATISFACTION: Every dimension of satisfaction gets its own score, which then can
be compared to evaluate the strengths and weakness of your electronic business. The result can be
used to plan quality improvements and launch immediate updated of the service in case of problems.
The data can be gathered by evaluating log files and by asking customers to fill in a survey either on
the web or via e-mail.

• CUSTOMER VALUE ADDED: This index is generated by dividing your business overall customer
satisfaction by the sores of all businesses competing in a certain market segment. This will give you
an idea where your company is positioned in the market.

ONE TO ONE TECHNOLOGIES

• BROAD VISION: The high end tool recognizes customers and displays products and services
relevant to that particular customer.

• COLD FUSION: Tool for rapid application development and site design.

• EDIFY: Product specialized for electronic banking solutions.

• GROUP LENS: A collaborative filtering solution with rating services for content or products.
• WEB OBJECTS: A framework for developing e-business applications that need to access legacy
database. Provides a strong one-to-one technology to serve data to visitors.

DIRECT MARKETING RULES

• AUDIENCE: On the internet the audience targets you and not the other way around.

• CLARIFICATION: Question and confirm any message that appears to contain a critical mistake in
typing.

• CROSS BORDERS: The internet is open to any culture and nation. Be sure not to offend your target
audience.

• CUSTOMERS: Use one-to-one marketing technologies to gain information on your customers.

• LISTS: Don’t rent or sell customer lists with out written.

• LOG FILES: Don’t rely on web server log files. Try to find more meaningful data.

• PRIVACY: Privacy is important. Treat any personal information as confidential.

• SPAM: Never misuse e-mail to spam. It provokes more anger than response.

CHOOSING AN ISP
• RELIABILITY: An ISP should be up and running more than 99.9 percent of the time each year.

• PERFORMANCE: Don’t believe the marketing hype of the ISPs. Get performance data from third
parties.

• PRICE: price is not everything. Look out for an ISP that offers complete service.

• TECH SUPPORT: Establish the ISP as your partner. Create strong links b/w your company and the
ISP.

FINANCIAL OFFICE – MARKET MAKING

FO-Market making does not only offer sophisticated pricing, position keeping and risk analysis. FO-
Market making also integrates FO-Links that manages links to e-markets allowing retrieval of data from
the r-markets but also activate price quoting and deal making on the r-markets. FO-link manages the
links between proprietary pricing tools and the e-markets. FO-Market making is designed for banks that
are dealers and/or market maker on e-markets. At present time bank are offering a complete bonds
market making module including e-markets. The six most wanted advantages are:
1. Automatic retrieval of data from several e-markets.
2. Controlled publishing of data to several e-markets.
3. Ability to add and remove e-markets.
4. Real time follows up of the underlying and heading positions.
 5. Real time profit and loss of positions in underlying and hedging products.
6. Sophisticated pricing functions including decision support calculations for arbitrage possibilities.

The FO-market making is installed locally at the client and includes all modules needed for a rapid
integration of existing contracts into the system. Due to its open architecture, FO-market making easily
interfaces via XML standards. The integration of FO-link brings full control over e-markets.

The bi-directional messaging between the modules guarantees high speed and controlled price
publishing immediate position update and full control over e-markets.

E-MARKETING
E-marketing is essentially part of marketing. So the place to begin defining E-marketing is to consider
where it fits within the subject of marketing. So let's start with a definition of marketing. The American
Marketing Association (AMA) definition (2004) is as follows: Marketing is an organizational function
and a set of processes for creating, communicating and delivering value to customers and for managing
customer relationships in ways that benefit the organization and its stakeholders. Therefore E-marketing
by its very nature is one aspect of an organizational function and a set of processes for creating,
communicating and delivering value to customers and for managing customer relationships in ways that
benefit the organization and its stakeholders. As such an aspect, E-marketing has its own approaches and
tools that contribute to the achievement of marketing goals and objectives.

Traditional marketing was focusing on target groups and creating a positive image for that particular
group. Communication in advertising was one way only. The marketing team could not get immediate
results on the customer reactions. In the pre-information society this was fine, as there was time to do
surveys and publish the results, which influenced the company strategy and the products.

In the information society everything has started to flow. Products, strategies, prices, everything depends
on the customer’s needs. Everything becomes much more customer centric. The demands of the
customer directly affect product design, marketing strategies and the product pricing. As marketing
traditionally has direct ties to the customers, the information flowing back from the customers in real-
time needs to be passed on to the appropriate department within the company to react in real time to the
ever faster changing demands of the customers.

The internet allows companies to react to individual customer demands. All customers can be treated in
their preferred way. One-to-one marketing has become the standard way of dealing with customers over
the internet. One-to-many marketing does not work anymore in internet time.
 WHAT ARE THE E-MARKETING TOOLS?
• A company can distribute via the Internet.
• A company can use the Internet as a way of building and maintaining a customer relationship.
• The money collection part of a transaction could be done online.
• Leads can be generated by attracting potential customers to sign-up for short periods of time,
before signing up for the long-term.
• The Internet could be used for advertising.
• Finally, the web can be used as a way of collecting direct responses e.g. as part of a voting
system for a game show.

THE BENEFITS OF E-MARKETING OVER TRADITIONAL

MARKETING

• Reach
The nature of the internet means businesses now have a truly global reach. While traditional media costs
limit this kind of reach to huge multinationals, e-marketing opens up new avenues for smaller
businesses, on a much smaller budget, to access potential consumers from all over the world.

• Scope
Internet marketing allows the marketer to reach consumers in a wide range of ways and enables them to
offer a wide range of products and services. E-marketing includes, among other things, information
management, public relations, customer service and sales. With the range of new technologies becoming
available all the time, this scope can only grow.

• Interactivity
Whereas traditional marketing is largely about getting a brand’s message out there, E-marketing
facilitates conversations between companies and consumers. With a two way communication channel,
companies can feed off of the responses of their consumers, making them more dynamic and adaptive.

• Immediacy
Internet marketing is able to, in ways never before imagined, provide an immediate impact. Imagine
you’re reading your favorite magazine. You see a double-page advert for some new product or service,
maybe BMW’s latest luxury sedan or Apple’s latest iPod offering. With this kind of traditional media,
it’s not that easy for you, the consumer, to take the step from hearing about a product to actual
acquisition. With E-marketing, it’s easy to make that step as simple as possible, meaning that within a
few short clicks you could have booked a test drive or ordered the iPod. And all of this can happen
regardless of normal office hours. Effectively, Internet marketing makes business hours 24 hours per
day, 7 days per week for every week of the year. By closing the gap between providing information and
eliciting a consumer reaction, the consumer’s buying cycle is speeded up and advertising spend can go
much further in creating immediate leads.

• Demographics and targeting

Generally speaking, the demographics of the Internet are a marketer’s dream. Internet users, considered
as a group, have greater buying power and could perhaps be considered as a population group skewed
towards the middle-classes. Buying power is not all though. The nature of the Internet is such that its
users will tend to organize themselves into far more focused groupings. Savvy marketers who know
where to look can quite easily find access to the niche markets they wish to target. Marketing messages
are most effective when they are presented directly to the audience most likely to be interested. The
Internet creates the perfect environment for niche marketing to targeted groups.

E-SERVICE
An E-Service is a service or resources that can be accessed on the net by people, business and devices.
Several e-services can be combined automatically to perform virtually any kind of task or transaction. In
order to understand better the new opportunities it is necessary to look at today’s business on the
internet. Most internet business is based on web servers and browsers that communicate and exchange
information and follow pre-defined processes. The web enabled star-ups rock whole industries by
reaching out for customers that were not accessible to small companies before. Slowly companies have
started to think about their business differently. They adapt the rules of the start-ups and redefine their
customer-services. Customer centric business has become more important and customers have been
enabled through the web to serve themselves.

The open service paradigm developed by HP makes electronic services more modular, which allows
them to assemble on the fly as they are based on the open-services interface. They can be combined
more easily to offer new types of services. It is expected that the shift in paradigm will be followed in
the business world and in the IT area. Websites will become less important. The automated services will
work more likely in the background. With e-services this will become reality. By implementing e-
services it has become possible to offer traditional services ex banking, via a wider variety of devices
and implement new services. E-services will help to ensure the availability and security of these services
(processing power, data storage and data mining). E-services will give companies much more flexibility
in the way they manage their It infrastructures making more efficient use of resources both in-house and
outside. The IT department will transform to a service provider, which will use outsourcing strategically
to lower costs and gain flexibility. It will enable e-services of all types and plan profitable e-services
solutions. Another interesting field for the paradigm of e-services is the pay-per-use e-services will be
tightly woven into daily life. People will plug into them via e-services utilities. E-services are highly
modular, making it attractive to a large group of customers, who do not want to buy enormous,
monolithic systems. Customers are able to subscribe to the specific services they want to use. This
reduces the initial cost for accessing a service and companies will be able to generate more stable profit
streams as the money is coming on a more regular basis and from more customers. Another advantage of
the e-service is that they can be developed, tested and put on the market much more quickly because of
their modular architecture. E-services make it possible to focus on the real work and neglect the
underlying technology and processes. End users will be able to take advantage of much more
sophisticated services because they don’t have to buy the whole thing.
 E-TENDER
E-Tendering can provide for:

 Faster better exchange of information

 Increased security and integrity of tendering
 Automation of the evaluation process

MOD encourages the use of e-tendering for some competition but the ability to do so is not yet
widespread throughout the industry. MOD aspires to introduce a corporate capability to undertake e-
tendering, which ideally will be a Government-wide system.

WHAT IS E-TENDER?
The exchange of information by digital files and electronic communications has been normal practice
within the defense sector for sometimes; indeed tender documentation has often been supported by the
use of floppy disk, CD-Rom or E-Mail. E-tendering is more fundamental. It is the conduct of the
complete tendering exercise from the advertising of the requirement through to the placing of the
contract, including the exchange of all relevant documents all by electronic communication. Ultimately
contract management and the monitoring of contract performance will be conducted by electronic
communication.

BENEFITS
• Making the government easier for industry to do business with.
• Opportunities to stimulate increased interest in all market by reducing the burden that tendering to
Government can be.
• Efficient and effective electronic interface b/w industry and MOD leading to reduced costs and
timesaving on both sides.
• Quick and accurate pre-qualification and evaluation which enables the automatic rejection of
Industry partners that fail to meet stipulated fixed criteria.
• Opportunity for the transmission of quality information to and from industry to enable a clear
understanding of the requirement and proposals.
• Opportunities to respond quickly to any questions and points of clarification during the tender
period.
• Reduction in the traditionally labor intensive tasks of receipt, recording & distribution of tender
submissions.
• Reducing the paper trail on tendering exercises, reducing costs to the MOD and industry alike and
supporting “green” issues.
• Providing a clearer audit trail demonstrating integrity.
• Provision of quality management information.
• Improved opportunity for like comparison of qualitative and quantitative information resulting in a
faster more accurate evaluation of tenders.
 WHAT TENDERING TASKS CAN BE DONE ELECTRONICALLY
With the improved capability across some areas of the MOD and industry, it is now possible to enable
the electronic conduct of competitive and single tender responses as well as acceptances and declines.
The following conditions should be satisfied.

• Electronic signatures for documents originated from industry are created and managed by PKI,
backed by a commercial provider that has been approved by the MOD PKI policy management
authority.
• Electronic signatures for documents originated from the MOD and created and managed by a PKI or
authorized by the MOD PKI policy management authority.
• The security and operating procedure of MOD and industry internal information system are
maintained.
• The current principles and not the entire practice of the MOD tender board are fully replicated by the
use of a “Virtual” tender box which restricts access to tender until after the due date and time for
receipt.
• The integrity of stored tender documentation is maintained through the use of an appropriate
technical infrastructure.

If these conditions are fully met, the requirement for the paper ‘Master Copy” is no longer necessary as
there is no legal requirement for paper documentation, provided that electronic information is
sufficiently robust to enable it to be produced as evidence. The requirement for a paper master copy of
contracts is likely to remain until confidence is an electronic repository for contracts has been
developed.

KEY PRINCIPLES TO CONSIDER WHEN CONDUCTING E-

TENDER
 Security
 Confidentiality
 Integrity
 Authentication
 Equity / Transparency
 Liability
 Trust
 Business benefits
 Portability of Data
 Flexible process
 Future proofing
 Audit trail
 Affordability
 Firewall
 Compatibility / Interoperability
 Scalability
 Reliability / Availability

FIREWALL SYSTEMS
A firewall system is a secure host that acts as a barrier between your internal network and outside
networks. The internal network treats every other network as un trusted. You should consider this setup
as mandatory between your internal network and any external networks, such as the Internet, with which
you communicate. A firewall acts as a gateway and as a barrier. A firewall acts as a gateway that passes
data between the networks. A firewall acts as a barrier that blocks the free passage of data to and from
the network. The firewall requires a user on the internal network to log in to the firewall system to
access hosts on remote networks. Similarly, a user on an outside network must first log in to the firewall
system before being granted access to a host on the internal network. A firewall can also be useful
between some internal networks. For example, you can set up a firewall or a secure gateway computer to
restrict the transfer of packets. The gateway can forbid packet exchange between two networks, unless
the gateway computer is the source address or the destination address of the packet. A firewall should
also be set up to forward packets for particular protocols only. For example, you can allow packets for
transferring mail, but not allow packets for the telnet or the rlogin command. ASET, when run at high
security, disables the forwarding of Internet Protocol (IP) packets.

In addition, all electronic mail that is sent from the internal network is first sent to the firewall system.
The firewall then transfers the mail to a host on an external network. The firewall system also receives
all incoming electronic mail, and distributes the mail to the hosts on the internal network.
The firewall is a system of hardware and software components that define which connections are
allowed to pass back and forth between communication partners. By using a firewall system, for
example, between your intranet and the Internet, you can allow a defined set of services to pass through
the different network zones while keeping other services out. For example, you can allow users in your
company's intranet to use Internet services such as mail or http, but not other services such as telnet. The
graphic below shows an example firewall scenario. Note that the machines in the so-called
"demilitarized zone" are not directly accessible from either the internal or the external networks. The
routers and packet filters are configured to allow only connections for specified network services.
There are two primary firewall types:
1. Packet filters: The functions used for packet filtering are typically available with routers. The
router's primary function is to route network traffic based on the source or destination IP addresses,
TCP ports, or protocols used. In this way, certain requests are routed to the server that can best
handle the request. For example, mail requests are routed to the company's mail server; ftp (file
transfer protocol) requests are routed to the company's ftp server. By using the router’s packet
filtering functions, you can also restrict traffic based on this information, for example, to completely
block requests using undesired protocols, for example telnet. However, the packet filter is not able to
filter information sent at the application level.
2. Application-level gateways: Contrary to packet filters, application-level gateways or proxies work
at the application level. They are capable of permitting or rejecting requests based on the content of
the network traffic.

IPSEC PROTOCOL

IPSEC is a framework for security that operates at the Network Layer by extending the IP packet header
(using additional protocol numbers, not options). This gives it the ability to encrypt any higher layer
protocol, including arbitrary TCP and UDP sessions, so it offers the greatest flexibility of all the existing
TCP/IP cryptosystems. Flexibility, however, often comes at the price of complexity, and IPSEC is not
an exception. Configuring which addresses and ports to encrypt using which IPSEC options often begins
to look like configuring packet filtering, then add in the additional complexities of key management.
While conceptually simple, setting up IPSEC is much more complex that installing SSH, for example.
IPSEC also has the disadvantage of requiring operating system support, since most O/S kernels don't
allow direct manipulation of IP headers. IPSEC defines a "Security Association" (SA) as its primitive
means of protecting IP packets. An SA is defined by the packet's destination IP address and a 32-bit
Security Parameter Index (SPI), that functions somewhat like a TCP or UDP port number, in that it
allows multiple SAs to a single destination address. SAs can operate in transport mode, where the
IPSEC data field begins with upper level packet headers (usually TCP, UDP, or ICMP), or in tunnel
mode, where the IPSEC data field begins with an entirely new IP packet header, ala RFC 2003.
Furthermore, SAs can be encapsulated within SAs, forming SA bundles, allowing layered IPSEC
protection.

IPsec is designed to provide interoperable, high quality, cryptographically-based security for IPv4 and
IPv6. The set of security services offered includes access control, connectionless integrity, data origin
authentication, protection against replays (a form of partial sequence integrity), confidentiality
(encryption), and limited traffic flow confidentiality. These services are provided at the IP layer,
offering protection for IP and/or upper layer protocols. These objectives are met through the use of two
traffic security protocols, the Authentication Header (AH) and the Encapsulating Security Payload
(ESP), and through the use of cryptographic key management procedures and protocols. The set of IPsec
protocols employed in any context, and the ways in which they are employed, will be determined by the
security and system requirements of users, applications, and/or sites/organizations. When these
mechanisms are correctly implemented and deployed, they ought not to adversely affect users, hosts,
and other Internet components that do not employ these security mechanisms for protection of their
traffic. These mechanisms also are designed to be algorithm-independent. This modularity permits
selection of different sets of algorithms without affecting the other parts of the implementation. For
example, different user communities may select different sets of algorithms (creating cliques) if
required. A standard set of default algorithms is specified to facilitate interoperability in the global
Internet. The use of these algorithms, in conjunction with IPsec traffic protection and key management
protocols, is intended to permit system and application developers to deploy high quality, Internet layer,
cryptographic security technology.

The IPsec architecture can be categorized into four main areas:

1. Security Associations
2. SA and key management support
3. IPsec protocols
4. Algorithms and methods
SECURITY ASSOCIATIONS
Security Associations (SAs) are a combination of a mutually agreeable policy and keys that defines the
security services, mechanisms, and keys used to protect communications between IPsec peers. Each SA
is a one-way or simplex connection that provides security services to the traffic that it carries. Because
SAs are defined only for one-way communication, each IPSec session requires two SAs. For example, if
both IPSec protocols, Authentication Header (AH) and Encapsulating (ESP), are used for an IPSec
session between two peers, then four SAs would be required. SAs for IPSec-secured communications
require two databases: a security policy database (SPD) and security association database (SAD). The
SPD stores the security requirements or policy requisites for an SA to be established. It is used during
both inbound and outbound packet processing. IPSec checks inbound packets to ensure that they have
been secured according to policy. Outbound packets are secured according to policy. The SAD contains
the parameters of each active SA. The Internet Key Exchange (IKE) protocol automatically populates
the SAD. After an SA is established, the information for each SA is stored in the SAD. The following
figure shows the relationship between SAs, the SPD, and the SAD.
SA AND KEY MANAGEMENT
IPSec requires SA and key management support. The Internet Security Association and Key
Management Protocol (ISAKMP) define the framework for authentication and key exchange by
providing procedures for negotiating, establishing, changing, and deleting SAs. It does not define the
actual key exchange: it merely provides the framework. IPSec requires support for both manual and
automatic management of SAs and keys. IKE is the default automated key management protocol for
IPSec. IKE is a hybrid protocol that incorporates parts of the Oakley key exchange protocol and the
SKEME keying techniques protocol. The following figure shows the relationship between the ISAKMP,
IKE, Oakley, and SKEME protocols. The Oakley protocol uses the Diffie-Hellman key exchange or key
agreement algorithm to create a unique, shared, secret key, which is then used to generate keying
material for authentication or encryption. For example, such a shared secret key could be used by the
DES encryption algorithm for the required keying material. A Diffie-Hellman exchange can use one of a
number of groups that define the length of the base prime numbers (key size) which are created for use
during the key exchange process. The longer the number, the greater the key strength. Well-known
groups include Groups 1, 2, and 14. The following figure shows the relationship between the Oakley
protocol, the Diffie-Hellman algorithm, and well-known Diffie-Hellman key exchange groups. The
Oakley protocol defines several modes for the key exchange process. These modes correspond to the
two negotiation phases defined in the ISAKMP protocol. For phase 1, the Oakley protocol defines two
principle modes: main and aggressive. IPSec for Windows does not implement aggressive mode. For
phase 2, the Oakley protocol defines a single mode, quick mode.

IPSEC PROTOCOLS
To provide security for the IP layer, IPSec defines two protocols: Authentication Header (AH) and
Encapsulating Security Payload (ESP). These protocols provide security services for the SA. Each SA is
identified by the Security Parameters Index (SPI), IP destination address, and security protocol (AH or
ESP) identifier. The SPI is a unique, identifying value in an SA that is used to distinguish among
multiple SAs on the receiving computer. For example, IPSec communication between two computers
requires two SAs on each computer. One SA services inbound traffic and the other services outbound
traffic. Because the addresses of the IPSec peers for the two SAs are the same, the SPI is used to
distinguish between the inbound and outbound SA. Because the encryption keys differ for each SA, each
SA must be uniquely identified.
ALGORITHMS AND METHODS
The IPSec protocols use authentication, encryption, and key exchange algorithms. Two authentication or
keyed hash algorithms, HMAC-MD5 (Hash Message Authentication Code - MD5) and HMAC-SHA-1,
are used with both the AH and ESP protocols, The DES and 3DES encryption algorithms are used with
ESP. The authentication methods for IPSec, as defined by the IKE protocol, are grouped into three
categories: digital signature, public-key, and pre-shared key.

IP SPOOFING
Criminals have long employed the tactic of masking their true identity, from disguises to aliases to
caller-id blocking. It should come as no surprise then, that criminals who conduct their nefarious
activities on networks and computers should employ such techniques. IP spoofing is one of the most
common forms of on-line camouflage. In IP spoofing, an attacker gains unauthorized access to a
computer or a network by making it appear that a malicious message has come from a trusted machine
by “spoofing” the IP address of that machine.
Internet protocol (IP) is a network protocol operating at layer 3 (network) of the OSI model. It is a
connectionless model, meaning there is no information regarding transaction state, which is used to
route packets on a network. Additionally, there is no method in place to ensure that a packet is properly
delivered to the destination.

Examining the IP header, we can see that the first 12 bytes (or the top 3 rows of the header) contain
various information about the packet. The next 8 bytes (the next 2 rows), however, contains the source
and destination IP addresses. Using one of several tools, an attacker can easily modify these addresses –
specifically the “source address” field. It's important to note that each datagram is sent independent of
all others due to the stateless nature of IP. IP can be thought of as a routing wrapper for layer 4
(transport), which contains the Transmission Control Protocol (TCP). Unlike IP, TCP uses a connection-
oriented design. This means that the participants in a TCP session must first build a connection - via the
3-way handshake (SYN-SYN/ACK-ACK) - then update one another on progress - via sequences and
acknowledgements. This “conversation”, ensures data reliability, since the sender receives an OK from
the recipient after each packet exchange.
As you can see above, a TCP header is very different from an IP header. We are concerned with the first
12 bytes of the TCP packet, which contain port and sequencing information. Much like an IP datagram,
TCP packets can be manipulated using software. The source and destination ports normally depend on
the network application in use (for example, HTTP via port 80). What's important for our understanding
of spoofing are the sequence and acknowledgement numbers. The data contained in these fields ensures
packet delivery by determining whether or not a packet needs to be resent. The sequence number is the
number of the first byte in the current packet, which is relevant to the data stream. The
acknowledgement number, in turn, contains the value of the next expected sequence number in the
stream. This relationship confirms, on both ends, that the proper packets were received. It’s quite
different than IP, since transaction state is closely monitored.

There are a few variations on the types of attacks that successfully employ IP spoofing. Although some
are relatively dated, others are very pertinent to current security concerns.

Non-Blind Spoofing: This type of attack takes place when the attacker is on the same subnet as the
victim. The sequence and acknowledgement numbers can be sniffed, eliminating the potential difficulty
of calculating them accurately. The biggest threat of spoofing in this instance would be session
hijacking. This is accomplished by corrupting the data stream of an established connection, then re-
establishing it based on correct sequence and acknowledgement numbers with the attack machine. Using
this technique, an attacker could effectively bypass any authentication measures taken place to build the
connection.

Blind Spoofing: This is a more sophisticated attack, because the sequence and acknowledgement
numbers are unreachable. In order to circumvent this, several packets are sent to the target machine in
order to sample sequence numbers. While not the case today, machines in the past used basic techniques
for generating sequence numbers. It was relatively easy to discover the exact formula by studying
packets and TCP sessions.

Man in the Middle Attack: Both types of spoofing are forms of a common security violation known as
a man in the middle (MITM) attack. In these attacks, a malicious party intercepts a legitimate
communication between two friendly parties. The malicious host then controls the flow of
communication and can eliminate or alter the information sent by one of the original participants
without the knowledge of either the original sender or the recipient. In this way, an attacker can fool a
victim into disclosing confidential information by “spoofing” the identity of the original sender, who is
presumably trusted by the recipient.

Denial of Service Attack: IP spoofing is almost always used in what is currently one of the most
difficult attacks to defend against – denial of service attacks, or DoS. Since crackers are concerned only
with consuming bandwidth and resources, they need not worry about properly completing handshakes
and transactions. Rather, they wish to flood the victim with as many packets as possible in a short
amount of time. In order to prolong the effectiveness of the attack, they spoof source IP addresses to
make tracing and stopping the DoS as difficult as possible. When multiple compromised hosts are
participating in the attack, all sending spoofed traffic; it is very challenging to quickly block traffic.

Misconceptions of IP Spoofing: While some of the attacks described above are a bit outdated, such as
session hijacking for host-based authentication services, IP spoofing is still prevalent in network
scanning and probes, as well as denial of service floods. However, the technique does not allow for
anonymous Internet access, which is a common misconception for those unfamiliar with the practice.
Any sort of spoofing beyond simple floods is relatively advanced and used in very specific instances
such as evasion and connection hijacking.
There are a few precautions that can be taken to limit IP spoofing risks on your network, such as:

Filtering at the Router - Implementing ingress and egress filtering on your border routers is a great
place to start your spoofing defense. You will need to implement an ACL (access control list) that
blocks private IP addresses on your downstream interface. Additionally, this interface should not accept
addresses with your internal range as the source, as this is a common spoofing technique used to
circumvent firewalls. On the upstream interface, you should restrict source addresses outside of your
valid range, which will prevent someone on your network from sending spoofed traffic to the Internet.

Encryption and Authentication - Implementing encryption and authentication will also reduce
spoofing threats. Both of these features are included in Ipv6, which will eliminate current spoofing
threats. Additionally, you should eliminate all host-based authentication measures, which are sometimes
common for machines on the same subnet. Ensure that the proper authentication measures are in place
and carried out over a secure (encrypted) channel.

INFORMATION TECHNOLOGY ACT

OBJECTIVES
1. To grant legal recognition for transactions carried out by means of electronic data interchange and
other means of electronic communication commonly referred to as “electronic commerce” in place
of paper based methods communication.
2. To give legal recognition to digital signature for authentication of any information which requires
authentication under any law.
3. To facilitate electronic filing of documents with Government departments.
4. To facilitate electronic storage of data.
5. To facilitate and give legal sanction of electronic fund transfer b/w banks and financial institutions.
6. To give legal recognition for keeping books of account by bankers in electronic form.
7. To amend rhe Indian Penal Code, the Indian Evidence Act, 1872, the Banker’s Book Evidence Act
1891, and the Reserve Bank of India Act,1934.

SCOPE OF THE ACT AND DEFINITIONS (CHAPTER 1) (2)

SECTION 2
1. “Access” with its grammatical variation and cognate expressions means gaining entry into
instructing or communicating with the logical, arithmetical or memory function resources of a
computer, computer system or computer network.
2. “Addressee” means a person who is intended by the originator to receive the electronic record but
does not include any intermediary.
3. “Affixing digital signature” with its grammatical variations and cognate expressions means adoption
of any methodology or procedure by a person for the purpose of authenticating an electronic record
by means of digital signatures.
4. “Appropriate Government” means the central Government except in the following two cases where
it means the state Government:
• In matters enumerated in List II of the seventh schedule to the constitution.
• Relating to any state law enacted under List III of the seventh schedule to the constitution.
2. “Asymmetric Crypto System” means a system of a secure key pair consisting of a private key for
creating a digital signature and a public key to verify the digital signature.
3. “Computer” which performa logical, arithmetic and memory functions by manipulating of
electronic, magnetic or optical impulses and includes all input, output, processing or communication
facilities which are connected or related to the computer in a computer system or computer network.
4. “Computer Network” means the interconnection of one or more computers through:
• The use of satellite, microwave, terrestrial line etc.
• Terminals or a complex consisting of two or more interconnected computers whether or not
the interconnection is continuously maintained.
5. “Computer resource” means computer, computer system, computer network, data computer database
or software.
6. “Computer system” means a device or collection of devices including input and output support
devices and excluding calculation which are not programmable and capable of being used in
conjunction with external files.
7. “Data” means a representation of information, knowledge, facts, concepts or instructions which are
being prepared or have been prepared in a formalised manner and is intended to be processed, is
being processed or has been processed in a computer system or computer network and may be in any
form or stored internally in the memory of the computer.
8. “Digital Signature” means authentication of any electronic record by a subscriber by means of an
electronic method or procedure in accordance with the provision of section 3.
9. ‘Electronic form” with reference to information means any information generated, sent, received or
store in media, magnetic, optical, computer memory, microfilm or similar device.
10. “Electronic record” means data, record or data generated, image or sound stored, received or sent in
an electronic form or micro film or computer generated microfiche.
11. “Function” in relation to a computer include logic, control, arithmetical process, deletion, storage
and retrieval and communication or telecommunication form or within a computer.
12. “Information” includes data, text, images, sound, voice, codes. Computer programmes, software and
databases or microfilm or computer generated microfiche.
13. “Intermediary” with respect to any particular electronic message means any person who on behalf of
another person receives, stores or transmits that message or provide any service with respect to that
message.
14. “ Key Pair” in an asymmetric crypto system means a private key and its mathematically related
public key which are so related that the public key can verify a digital signature created by the
private key.
15. “Originator” means a person who sends, generates, stores or transmits any electronic message or
causes any electronic message to be sent, generated, stored or transmitted to any other person but
does not include an intermediary.
16. “Pescribed” means prescribed by rules made under this act.
17. “Private key” means the key of a key pair used to create a digital signature.
18. “Public key” means the key of a key pair used to verify a digital signature and listed in the Digital
Signature Certificate.
19. “Secure system” means computer hardware, software and procedure that
• Are reasonably secure from unauthorised access and misuse.
• Provide a resonable level of reliability and correct operation.
• Are resonably suited to performing the intended functions.
• Adhere to generally accepted security procedures.
20. “Verify” in relation to a digital signature, electronic record or public key with its grammatical
variations and cognate expressions means to determine whether
• The initial electronic record was affixed with the digital signature by the use of private key
corresponding to the public key of the subscriber.
• The initial electronic record is retained intact or has been altered since such electronic record
was so affixed with the digital signature.

AUTHENTICATION OF ELECTRONIC RECORDS USING DIGITAL

SIGNATURES (CHAPTER II) (3)
SECTION 3: The section provides the conditions subject to which an electronic record may be
authenticated by means of affixing digital signature.

ELECTRONIC GOVERNANCE (CHAPTER III) (4-10)

SECTION 4: It provides “legal recognition of electronic records”.
SECTION 5: It provides “legal recognition of Digital Signatures”.
SECTION 6: It lays down the foundation of e-Goverance.
SECTION 7: This section provides that the documents, records or information which has to be retained
for any specific period shall be deemed to have been retained if the same is retained in the electronic
form provided the following conditions are satisfied:
 • The information therein remains accessible so as to be usable subsequently.
• The electronic record is retained in its original format or in a format which accurately
represents the information contained.
• The details which will facilitate the identification of the origin, destination, date and time of
despatch or receipt of such electronic record are available therein.
SECTION 8: It provides for the publication of rules, regulations and notifications in the electronic
gazette.
SECTION 9: It provides the conditions stipulated in section 6, 7, 8 shall not confer any right to insist
that the document should be accepted in an electronic form by any ministry or Department of the central
or state Government.
SECTION 10: It provides that the central Government in respect to Digital Signature may prescribe by
rules the following:
• The type of Digital Signature.
• The manner or procedure which facilitates identification of the person affixing the Digital
Signature.
• The manner and format in which the Digital Signature shall be affixed.
• Control processes and procedures to exsure adequate integrity, security and confidentiality of
electronic records or payments.
• Any other matter which is necessary to give legal effects to Digital Signature.

ATTRIBUTION, RECEIPT AND DISPATCH OF ELECTRONIC

RECORDS (CHAPTER IV) (11-13)
SECTION 11: How an electronic record is to be attributed to the person who originated it.
SECTION 12: It provides for the manner in which acknowledgement of receipt of an electronic record
by various modes shall be made.
SECTION 13: It provides the nammer in which the time and place of despatch and receipt of electronic
record sent by the originator shall be identified.

SECURE ELECTRONIC RECORDS AND SECURE DIGITAL

SIGNATURES (CHAPTER V) ( 14-16)
Chapter V sets out the conditions that would apply to quality electronic records and digital signatures as
being secure.
SECTION 15: It provides for the security procedure to be applied to Digital Signature for being treated
as a secure Digital Signature.
SECTION 16: It provides for the power of the Central Government to prescribe the security procedure
in respect of secure electronic records and secure Digital Signature.
 REGULATION OF CERTIFYING AUTHORITIES (CHAPTER VI)
(17-34)
SECTION 17: Provides for the appointment of controller and other officers to regulate the certifying
authorities.
SECTION 18: Lays down the functions which the controller may perform in respet of activities of
certifying authorities.
SECTION 19: Provides for the power of the controller with the previous approval of the Central
Governemnt to grant recognition to foreign certifying authorities suject to such conditions and
restrictions as may be imposed by regulations.
SECTION 20: This section provides the controller shall be acting as repository of all Digital
Certificated issued under the Act. He shall also adhere to certain security procedure to ensure secrecy
and privacy of the Digital Signature.
SECTION 21: This section provides that a licence to be issued to a certifying authority to issue Digital
Signature certificates by the controller shall be in such form and shall be accompanied with such fees
and other documents as may be prescribed by the central Government.
SECTION 22: This section provides that the application for licence shall be accompanied by a
certifcation practice statement and statement including the procedure with respect to identification of the
applicant.
SECTION 23: It provides that the applicatiob for renewal of a licence shall be in such form and
accompanied by such fees which may be prescribed by central Government.
SECTION 24: It deals with the procedure for grant or rejection of licence by the controller on certain
grounds.
SECTION 25: Provides that the controller may revoke a licence on grounds such as incorrect or false
material particulars being mentioned in the application and also on the ground of contravention of any
provisions of the Act, rule, regulation or order made thereunder.
SECTION 27: The controllermay in writing authorise the deputy controller, assistant controller or any
officer to exercise any of his power under the act.
SECTION 30:
1. This section provides that every certifying authority shall follow certain procedure in respect to
Digital Signature as:
• Make use of hardware, software and procedures that are secure from intrusion and
misuse.
• Provide a resonable level of reliability in its services which are resonably suited to the
performance of intended functions.
• Adhere to security procedures to ensure that the secrecy and privacy of the Digital
Signature are assured.
• Observe such other standards as may be satisfied by regulation.
2. Every certifying authority shall also ensure that every person employed by him complies with the
provisions of the act or rules, regulations or orders made thereunder.
 3. A certifying authority must display its licence at a conspicuous place of the premises in which it
carries on its business and a certifying authority whose licence is suspended or revoked shall
immediately surrender the licence to the controller.
4. Section 34 further provides that every certifying authority shall disclose its Digital Signature
Certificate which contains the public key corresponding to the private key used by the certifying
authority and other relevent facts.

DIGITAL SIGNATURE CERTIFICATION (CHAPTER VII) (35-40)

SECTION 35: It lays down the procedure for issuance of a Digital Signature certificate. It provides that
an application for such certificate shall be made in the prescribed form and shall be accompanied by a
fee. No Digital Signature certificate shall be granted unless the certifying authority is satisfied that
• The applicant holds the private key corresponding to the public key to be listed in the
Digital Signature certificate.
• The applicant holds a private key which is capable of creating a Digital Signature.
• The public key to be listed in the certificate can be used to verify a Digital Signature
affixed by the private key hold by the applicant.
SECTION 38: It provides for the revocation of Digital Signature certificate under certain circumtances.
The certifying authority shall publish the notice of suspension or revocation of a Digital Signature
certificate.

DUTIES OF SUBSCRIBERS (CHAPTER VIII) (40-42)

1. On acceptance of the Digital Signature certificate the subscriber shall generate a key pair using a
secure system. Subscriber certifies to the public that he holds the private key corresponding to the
public key listed in the Digital Signature certificate and all the information contained in the
certificate as well as material relevant to them are true.
2. The subscriber shall exercise all resonable care to retain control of his private key corresponding to
the public key. If such private key has been compromised, the subscriber must immediately
communicate the fact to the certifying authority.

PENALTIES AND ADJUDICATION (CHAPTER IX) (43-470

SECTIONS 43 to 45 deal with different nature of penalties:
• Securing access to the computer, computer system or computer network.
• Downloading or extracting any data, computer database or information from such computer system
or those stored in any removable storage medium.
• Introducing any computer contaminant or computer virus into any computer.
• Damaging any computer, computer system or network or computer data program.
• Disrupting any computer system or network.
• Denying access to any person authorized to access any computer.
• Providing assistance to any person to access any computer system or network in contravention of
any provision of this act or its rules.
• Charging the services availed by one person to the account of another person by tampering with or
manipulating computer system or network.
SECTION 46: The power of adjudicate contravention under the act to an officer not below than the
rank of a director to the Government of India or an equivalent officer of a state Government.
SECTION 47: It provides that while deciding upon the quantum of compensation, the adjudicating
officer shall have due regard to the amount of gain of unfair advantage and the amount of loss caused to
any person as well as the respective nature of the default.

CYBER REGULATION APPECLLATE TRIBUNAL (CHAPTER X)

(48-64)
SECTION 48: It provides for establishing of one or more appellate tribunals to be known as cyber
regulations appellate tribunals. It shall consist of a person only, who must be qualified to be a judge of a
high court or has been a member of the indian legal service in grade I post for at least 3 yrs. With max
age limit 65.
SECTION 52: It provides for the salary and allowances and other terms and conditions of service of the
presiding office.
SECTION 53: It provide that in the situation of any vacancy occuring in the office of the presiding
officer of cyber regulations tribunal.
SECTION 58: It provides for the procedure and power of the cyber appellate tribunal. Some powers
specified are:
• Summoning and enforcing the attendance of any person and examing him on oath.
• Requiring production of documents and other electronic records.
• Receiving evidence on affidavits.
• Reviewing its decision.
• Issuing commissions for examination of witness etc.
SECTION 60: It provides for period of limitation for admission of appeals from the aggrieved persons
to the cyber appellate tribunal.
SECTION 61: It provides that no court shall have jurisdiction to entertain any suit or proceeding in
respect to any matter which an adjusting officer has jurisdiction to determine.
SECTION 62: This section provides for an appeal to the high court by an aggrieved person from the
decision of the cyber appellate tribunal. Appeal should be done in 60 days from tribunal decision is
communicated.
SECTION 63: This section provides that any contravention under the act may be compounded by the
controller or adjudication officer, either before or after the institution of the adjudication proceedings
subject to such condition as he may impose.
SECTION 64: It provides for recovery of penalty as appers of land revenue and for suspension of the
license or Digital Signature certificate till the penalty is paid.

OFFENCES (CHAPTER XI) ( 65-78)

SECTION 65: Tampering with computer source documents.
SECTION 66: Hacking with computer system.
SECTION 67: Publishing of information which is obscence in electronic form.
SECTION 68: Power of the controller.
SECTION 69: Empowers the controller.
SECTION 70: Empowers the appropriate Government to declare by notification any computer system
or network to be a protected system.
SECTION 71: Penalty for mis representation.
SECTION 72: Penalty for breach of confidentiality.
SECTION 73: Penalty for publishing false Digital Signature certificate.
SECTION 74: Penalty for fraudulent publication.
SECTION 75: Act to apply for offence committed outside India.
SECTION 76: Confiscation.
SECTION 77: Penalty and confiscation provided under this act shall not interfere with other
punishments provided under any other law for the time being in force.
SECTION 78: Provides for power to investigate the offences under the act by a police officer not below
the rank of Deputy Superintendent of Police.

NETWORK SERVICE PROVIDERS NOT TO BE LIABLE IN

CERTAIN CASES (CHAPTER XII)
SECTION 79: It provides that the network service provider shall be liable for any third party
information or data made available by him if he proves that the offence was committed without his
knowledge or consent.

MISCELLANEOUS (CHAPTER XIII)

1. Power of Central Government to make rules.
2. Power of State Government to make rules.
3. Cyber Regulations Advisory Committee.
4. Power of controller to make regulation
5. Power of police office and othr officers to enter, search etc
6. Liability of companies.

IT ACT 2000
The first cyber law was passed on October 17, 2000 in India. The purpose of the IT Act 2000 as
mentioned in the language of the act: “to provide legal recognition for transactions carried out by means
of electronic data interchange and other means of electronic communication, commonly reffered to as
“electronic commerce”, which involves the use of alternatives to paper based methods of
communication and storage of information to facilitate electronic filing of documents with the
Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the
Banker’s book Evidence Act 1891 and the Reserve Bank of India Act 1934 and for matters connected
there with or incidental thereto”.

HIGHLIGHTS OF THE IT ACT 2000

• Electronic contracts are legally valid-EDI accorded legal recognition.
• Legal recognition accorded to Digital Signature.
• Digital Signature to be affected by use of asymmetric crypto system and hash function.
• Security procedure for electronic records and digital signature.
• Appointment of Certifying Authorities and controller of Certifying Authorities including recognition
of foreign certifying authorities.
• Certifying authority requires getting license to issue Digital Signature certificates.
• Controller to be appointed, who will act as repository to all Digital Signature certificate.
• Various types of computer crime defined and stringent penalties provided under the act.
• Appointment of adjudicating officer for holding inquires under the act.
• Establishment of cyber appellate tribunal under the act.
• Appeal from order of adjudicating officer to cyber appellate tribunal and not to any civil court.
• Appeal from order of cyber appellate tribunal to high court.
• Act to apply for offences or contraventions committed outside India.
• Network service providers not to be liable in certain cases.
• Power of police officer and other officers to enter into any public place and search and arrest without
warrant.
• Constitution of cyber regulations advisory committee who will advice the central Government and
controller,
• Amendments effected in:
1. Indian Penal Code.
2. Indian Evidence Act.
3. Banker’s book Evidence Act.
4. Reserve Bank of India Act.

IMPORTANT CONCEPTS INTRODUCED IN THE IT ACT 2000

• Electronic record
• Secure electronic record
• Digital signature
• Secure digital signature
• Certifying authority
• Digital signature certificate.

MICRO PAYMENT SYSTEMS

As in the real world, on the internet several payment systems will co-exist. Depending on the value of
the order, there are three types of payments that have been established on the internet.

• MICRO PAYMENTS

Transaction with a value of less than approximately 5 Euro or Dollar are suitable payment solutions
are based on the electronic cash principle as the transaction costs for these systems are nearly zero.

• CONSUMER PAYMENTS

Typical consumer payments are executed by credit card transaction where the transaction value is
between about 5 and 500 Euro or Dollar.

• BUSINESS PAYMENTS

Direct debit or invoices seem to be the most appropriate solutions where transaction with a value of
more than 500 Euro or Dollar.

Over the last few years, many developers have tried to push micro payment solutions to the internet, but
only very few have succeeded. The problem was never the technical implementation, but the internet
itself. Every company on the internet gives away small pieces of information for free. So it is hard to
justify the need to pay for small bits of information, even if the price is only a fraction of a cent. The
other issue is a psychological problem. If you have the choice of paying a one-time fee of 20 Dollars or
Euro or paying 50 cents for every transaction, about 80 percent of the people will either pay the one-
time fee or use the service only very seldom as it requires a new payment each time. It makes financial
calculations more difficult as you do not know in advance how much money the service will cost and
spending money means always thinking about it for a while.

Some of the websites dealing with micro payment systems are:

• http://www.cartio.com/
• http://www.digicash.com/
• http://www.newgenpay.com/
• https://www.paypal.com/cybercash
• http://www.openmarket.com/

MULTIPURPOSE INTERNET MAIL EXTENSIONS

Internet e-mail allows mail messages to be exchanged between users of computers around the world and
occasionally beyond: to space shuttles. One of the main reasons that Internet e-mail has achieved such
wide use is because it provides a standard mechanism for messages to be exchanged between over
10,000,000 computers connected to the Internet. The standards that are the basis for Internet e-mail were
established in 1982. Though they were state of the art in 1982, in the intervening years they have begun
to show their age. The 1982 standards allow for mail messages that contain a single human readable
message with the restrictions that:
• The message contains only ASCII characters.
• The message contains no lines longer than 1000 characters.
• The message does not exceed a certain length

The 1982 standards do not allow EDI to be reliably transmitted through Internet e-mail, since EDI
messages can violate all of these restrictions. There are a number of other types of messages and
services that have are supported by other more recently designed e-mail standards. A new Internet mail
standard was approved in June of 1992. The new standard is called MIME. MIME is an acronym for
Multipurpose Internet Mail Extensions. It builds on the older standard by standardizing additional fields
for mail message headers that describe new types of content and organization for messages. MIME
allows mail messages to contain:
• Multiple objects in a single message.
• Text having unlimited line length or overall length.
• Character sets other than ASCII, allowing non-English language messages.
• Multi-font messages.
• Binary or application specific files.
• Images, Audio, Video and multi-media messages.

MIME defines the following new header fields:

1. The MIME-Version header field, which uses a version number to declare that a message
conforms to the MIME standard.
2. The Content-Type header field, which can be used to specify the type and subtype of data in the
body of a message and to fully specify the encoding of such data.
• The Content-Type value Text, which can be used to represent textual information in a
number of character sets and formatted text description languages in a standardized manner.
• The Content-Type value Multipart, which can be used to combine several body parts,
possibly of differing types of data, into a single message.
• The Content-Type value Application, which can be used to transmit application data or
binary data.
• The Content-Type value Message, for encapsulating a mail message.
• The Content-Type value Image, for transmitting still image (picture) data.
• The Content-Type value Audio, for transmitting audio or voice data.
• The Content-Type value Video, for transmitting video or moving image data, possibly
with audio as part of the composite video data format.
3. The Content-Transfer-Encoding header field, that specifies how the data is encoded to allow it to
pass through mail transports having data or character set limitations.
4. Two header fields that can be used to further identify and describe the data in a message body:
the Content-ID and Content-Description header fields.

MIME is an extensible mechanism. It is expected that the set of content-type/subtype pairs and their
associated parameters will grow with time. Several other MIME fields, such as character set names, are
likely to have new values defined over time. To ensure that the set of such values develops in an orderly
and public manner, MIME defines a registration process that uses the Internet Assigned Numbers
Authority (IANA) as a central registry for such values. To promote interoperability between
implementations, the MIME standard document specifies a minimal subset of the above mechanisms
that are required for an implementation to claim to conform to the MIME standard. MIME allows
messages to contain multiple objects. When multiple objects are in a MIME message, they are
represented in a form called a body part. A body part has a header and a body, so it makes sense to speak
about the body of a body part. Also, body parts can be nested in bodies that contain one or multiple body
parts.
MIME was defined in 1992 by the Internet Engineering Task Force (IETF). A new version, called
S/MIME, supports encrypted messages. New MIME data types are registered with the Internet Assigned
Numbers Authority (IANA). MIME is specified in detail in Internet Request for Comments 1521 and
1522, which amend the original mail protocol specification, RFC 821 (the Simple Mail Transport
Protocol) and the ASCII messaging header, RFC 822

PACKET FILTERING FIREWALL

All Internet traffic travels in the form of packets. A packet is a quantity of data of limited size, kept
small for easy handling. When larger amounts of continuous data must be sent, it is broken up into
numbered packets for transmission and reassembled at the receiving end. Your entire file downloads,
Web page retrievals, emails -- all these Internet communications always occur in packets. A packet is a
series of digital numbers basically, which conveys these things:
• The data, acknowledgment, request or command from the originating system
• The source IP address and port
• The destination IP address and port
• Information about the protocol (set of rules) by which the packet is to be handled
• Error checking information
• Usually, some sort of information about the type and status of the data being sent
• Often, a few other things too - which don't matter for our purposes here.

An IP packet filter firewall allows you to create a set of rules that either discard or accept traffic over a
network connection. The firewall itself does not affect this traffic in any way. Because a packet filter can
only discard traffic that is sent to it, the device with the packet filter must either perform IP routing or be
the destination for the traffic. A packet filter has a set of rules with accept or deny actions. When the
packet filter receives a packet of information, the filter compares the packet to your pre-configured rule
set. At the first match, the packet filter either accepts or denies the packet of information. Most packet
filters have an implicit deny all rules at the bottom of the rules file.
In packet filtering, only the protocol and the address information of each packet is examined. Its
contents and context (its relation to other packets and to the intended application) are ignored. The
firewall pays no attention to applications on the host or local network and it "knows" nothing about the
sources of incoming data.

Filtering consists of examining incoming or outgoing packets and allowing or disallowing their
transmission or acceptance on the basis of a set of configurable rules, called policies. Packet filtering
policies may be based upon any of the following:
• Allowing or disallowing packets on the basis of the source IP address
• Allowing or disallowing packets on the basis of their destination port
• Allowing or disallowing packets according to protocol.

Packet filters usually permit or deny network traffic based on:

• Source and destination IP addresses
• Protocol, such as TCP, UDP, or ICMP
• Source and destination ports and ICMP types and codes
• Flags in the TCP header, such as whether the packet is a connect request
• Direction (inbound or outbound)
• Which physical interface the packet is traversing

All packet filters have a common problem: the trust is based on IP addresses. Although this security type
is not sufficient for an entire network, this type of security is acceptable on a component level. Most IP
packet filters are stateless, which means they do not remember anything about the packets they
previously process. A packet filter with state can keep some information about previous traffic, which
gives you the ability to configure that only replies to requests from the internal network are allowed
from the Internet. Stateless packet filters are vulnerable to spoofing since the source IP address and
ACK bit in the packet's header can be easily forged by attackers. Packet filtering alone is very effective
as far as it goes but it is not foolproof security. It can potentially block all traffic, which in a sense is
absolute security. But for any useful networking to occur, it must of course allow some packets to pass.
Its weaknesses are:
• Address information in a packet can potentially be falsified or "spoofed" by the sender
• The data or requests contained in allowed packets may ultimately cause unwanted things to happen,
as where a hacker may exploit a known bug in a targeted Web server program to make it do his
bidding, or use an ill-gotten password to gain control or access.

PARTNER RELATIONSHIP MANAGEMENT

Partner Relationship Management (PRM) is not just software; rather it’s a business strategy to optimize
the value of partner relationship and like CRM, application software can play a crucial enabling role.
The most important word in PRM is the middle one-relationship. Good relationships are valuable to both
parties. Effective PRM means delivering values to partners to help them be successful not just
manipulating then to sell more products or micro managing their sales activities. The goal of PRM is to
create long term competitive differentiation with indirect sales channels. Can the internet cut costs?
Certainly-but it can do more valuable long-term work in transforming traditional channels into networks
of e-partners, where web based applications help channels delivers more value faster and at less cost.
The initial results are promising. PRM project manages report increased channel sales productivity,
enhanced partner mind share and in some cases dramatic cost savings. The channel is critical so retailers
must have the right skills and information to speak to his audience, to make sales and to ensure quality
of service. Customer needs are changing; there is more specialization in the market, so the value-added
resellers we work with must do more than provide access to the product. Therefore, it’s important for us
to select the right partner, keep them trained and deliver the information they need. PRM is a key part of
the overall CRM framework, which should support employees, customer and partners.

PRM came above because there is a need for businesses that deal with complex business to business
relationships outside of the enterprise. It has become one of the core processes of driving revenue to the
end customer. The primary economic driver of PRM is the need to archive maximum market coverage
and penetration in minimum time. Partners can increase coverage while reducing the cost of coverage.
There are layers of complexity with their partner’s channels. In addition, there are layers of complexity
within those relationships. The tremendous volume of business being driven through channels is itself a
driver. The biggest thing that is driving the creation of PRM came from two things.
1. The rise of internet having a universal network that allowed multiple companies to work together
without having to co-ordinate their entire technical infrastructure.
2. It is the re rise of the value added in the channel.

Two kind of companies’ user PRM

1. They have a large no. of partners.
2. It’s in their economic best interest to spend money on PRM to potentially make more money by
harnessing their affiliate web.

Any industry that uses some kind of partnership to help them sell their products is a good candidate for a
PRM solution. Businesses have always had a love/hate relationship with channels and channels partners.
Sure partners are needed to reach target markets and add services that customers want. As multi channel
strategies gain momentum, it’s clear that indirect channels remain a vital element in most industries.
Despite changes in the role of channel partners, which has shifted to services and more complex sales,
channels still account for roughly half of all global commerce. Majority of channel managers reflects
their interest in sales and marketing as well as channel management. Previous research focused solely on
channel partners revealed more of an interest in sale / marketing content and tools to make selling and
service processes more effective. Full function PRM vendors provide arrange of applications to support
the partner relationship life cycle. ECommerce vendors started with applications designed for channels,
supporting purchasing processes from partners to vendor, customer to partner or both. These vendors
have added more PRM functionality overtime and increasingly compete with full time functions PRM
vendors. Content management vendors’ focus on the organization and distribution of web based content
to help channel partners to sell more effectively. Especially vendors offer specific applications that can
be highly valuable to channel managers and/or partners. Market place vendors also have a role in PRM,
since it’s possible to have effective channel relationship via a many to many marketplace, not just in a
vendor centric extranet environment.
 PRM BEST PRACTICES
• Business executive formally sponsors the project, provides direction on the specific business goals to
be accomplished and resolves critical issues.
• Project team performs a thorough analysis of short and long term requirements, soliciting input from
all key stake holders but especially channel partners.
• Project team selects solution partners’ bases on the strength of the technology and commitment to
services and support.
• Project managers staff the team with competent and committed professionals with expertise in all
critical functional and technical areas.
• Project team implements a pilot or prototype first, and then rolls out applications and user groups in
phases.

PRM is a leading edge but no longer bleeding edge, strategy and technology. To gain a competitive edge
companies must determine the key needs of their channel partners and then select and implement the
most appropriate PRM applications. PRM is a critical e-Business strategy in this increasingly multi
channel world.

PUBLIC AND PRIVATE KEYS

Public/private key pairs are used for asymmetric encryption. Asymmetric encryption is used mainly to
encrypt and decrypt session keys and digital signatures. Asymmetric encryption uses public key
encryption algorithms. Public key algorithms use two different keys: a public key and a private key. The
private key member of the pair must be kept private and secure. The public key, however, can be
distributed to anyone who requests it. The public key of a key pair is often distributed by means of a
digital certificate. When one key of a key pair is used to encrypt a message, the other key from that pair
is required to decrypt the message. Thus if user A's public key is used to encrypt data, only user A (or
someone who has access to user A's private key) can decrypt the data. If user A's private key is used to
encrypt a piece of data, only user A's public key will decrypt the data, thus indicating that user A (or
someone with access to user A's private key) did the encryption. If the private key is used to sign a
message, the public key from that pair must be used to validate the signature. Unfortunately, public key
algorithms are very slow, roughly 1,000 times slower than symmetric algorithms. It is impractical to use
them to encrypt large amounts of data. In practice, public key algorithms are used to encrypt session
keys. Symmetric algorithms are used for encryption/decryption of most data.

The encryption process is basically mathematical. You take a chunk of data and run a mathematical
equation on it, and the output is your encrypted chunk of data. Digital “keys” are actually mathematical
values that become part of that mathematical equation you use to encrypt your data. The reason
asymmetrical encryption works is that the calculations required to encrypt the data using the first key are
very easy, but the calculations required to reverse this process are very difficult. In order to decrypt the
data in a reasonable period of time, you must run another mathematical equation on it using the second
digital key. The encryption process is basically mathematical. You take a chunk of data and run a
mathematical equation on it, and the output is your encrypted chunk of data. Digital “keys” are actually
mathematical values that become part of that mathematical equation you use to encrypt your data. The
reason asymmetrical encryption works is that the calculations required to encrypt the data using the first
key are very easy, but the calculations required to reverse this process are very difficult. In order to
decrypt the data in a reasonable period of time, you must run another mathematical equation on it using
the second digital key. Having two separate keys—one that encrypts and another that decrypts the data
—is really convenient for a number of situations. For example, let's say you want people to be able to
send you encrypted email. What you would do is get a pair of encryption/decryption keys, make the
encryption key available to the public, and keep the decryption key for yourself. The publicly available
key is, logically, called the “public key,” and the privately available key is the “private key” (hence the
term public/private key encryption). Now anyone can use your public key to encrypt email messages to
you, but only you alone can use your private key for decryption. In theory, nobody but you will be able
to these messages because nobody else will have access to your private key.
 REVERSE AUCTIONS
• Reverse Auctions are competitions held “on-line”, with the bid prices visible to all bidders, unless a
ranked auction is held, in which bidders only know their rank relative to other bidders.
• Simple commodity items or services where the market place is highly competitive are most suitable
for reverse-auction, yet any item with clearly defined requirements and more than one source of
supply should be considered.
• It is essential that advertisements for competitions to be run on a reverse auction basis state this
clearly, along with the criteria for selection.
• European Union public procurement directives do not currently recognize the technique of reverse
auction, but are being amended to do so.

WHAT ARE REVERSE AUCTIONS AND HOW DO THEY WORK?

Reverse auctions are a means of buying items or services against a published specification where pre-
selected industrial powers are invited to bid in an on-line auction. All bids made in the auction are
published anonymously on-line in the expectation that comprehensive pressure will force prices lower as
the auction proceeds. The auction is time limited but arrangements are put in place to ensure that if a
leading bid is placed close to the deadline, extra time is allowed to ensure that the lowest price is
obtained. A contract is then awarded to ensure that the lowest bidder based on the terms & conditions
published at the outset during the contractor pre-selection stage of the reverse auctions.

ADVERTISING
It is essential that advertise for goods and services where a reverse auction is being considered clearly
state:

• That the ultimate selection may be made on the basis of a reverse auction.
• The evaluation criteria including any weighting between fixed elements and the variable elements of
price.
• Information on the process itself, including details of any third party service provider.
• Conditions of bidding including the minimum decrements permitted.
• Equipment / technical issues.

BENEFITS
• SPEED

The specific time frame for the auction event forces the key players to focus on the bidding process
and to make rather than postpone key decision that led to the optimal proposal.
• UNIFYING FORCE

Early adopters are distinguishing themselves in the market place. Buyers are achieving breakthrough
levels in supplier’s performance and top suppliers are gaining market share faster and more
efficiently.

• WIDER PLAYING FIELD

Online bidding can be opened to qualified suppliers around the world. Format is standardized and
results are more easily recapped. New suppliers may introduce leap frog improvements and ideas.

• FOCUS ON CONTINUOUS IMPROVEMENT

Transparency of information provides a real time benchmark to supplier management. Buyers can
use this information to drive continuous improvement among their selected suppliers.

RISKS
• Transparency reveals information on the buyers strategy and may mislead or weaken suppliers
response.
• Transparency weakens ability for buyers to negotiate to desired price level if not attained through
reverse auction.
• Price levels may be higher than expected by suppliers.
• Technology is allowed to drive rather than enable the result.
• Select a non-proven, new supplier for wide application, diminishing the importance of loyalty and
service from established suppliers.
• Lose credibility in the marketplace by not following through on the stated strategy.
• Technical meltdown / issues may lead to an incomplete and inaccurate result.

RSA
In 1975, three researchers at the MIT developed an algol to implement public key cryptography. Ron
Rivest, Adi Shamir and Leonard Adleman invented the RSA system. The RSA algorithm generates
initially two distinct keys for each user. One of the keys is defined as the public key. The public key can
be distributed freely to anyone using any means. The public key can’t be used to decrypt any message; it
can only be used to encrypt messages that can be sent to the owner of the public key. Only the person
with the other key called the private key is able to decrypt messages that are encrypted with the public
key.

In most cases RSA is not used to encrypt messages because of the timely computations it requires. For
most messages it would become infeasible, as the time required in encrypting and decrypting would be
too long. Instead, RSA is used to encrypt the symmetric key, which encrypted the message. The SSL
standard which is used to encrypt web pages use this features (the URLs use https:// instead of http://).
The key is generated on the web browser and then sent to the web server. To make the transmission of
the key secure, the web server sends its public key to the web browser. The web browser decides on a
symmetric key and encrypts the message with the public key of the web server and sends it back. The
web server is the only instance that is able to decrypt the public key with its private key. The RSA key is
used as an envelop for the symmetric key. Through this system it is possible to choose symmetric keys
at random. If one is able to break into an encrypted message, it would not give any information about the
keys used in the other messages.

RSA works as follows: take two large primes, p and q, and find their product n = pq; n is called the
modulus. Choose a number, e, less than n and relatively prime to (p-1) (q-1), which means that e and (p-
1) (q-1) have no common factors except 1. Find another number d such that (ed - 1) is divisible by (p-1)
(q-1). The values e and d are called the public and private exponents, respectively. The public key is the
pair (n,e); the private key is (n,d). The factors p and q maybe kept with the private key, or destroyed. It
is difficult (presumably) to obtain the private key d from the public key (n, e). If one could factor n into p
and q, however, then one could obtain the private key d. Thus the security of RSA is related to the
assumption that factoring is difficult

SECURE ELECTRONIC TRANSACTION (SET)

SET was designed exclusively to secure internet financial transactions. SSL is a generic encryption
system which can be used to transmit any data. SET combines existing security technologies with public
key encryption using digital certificates for both credit card holders and merchants. The public key
infrastructure (PKI) is defined within the scope of SET. The PKI is used to verify that a participant in
the transaction is really the person or institution he or she pretends to be. This is important as the internet
provides no standard mechanism to verify a person or institution. With this mechanism, it is possible to
introduce the concept of non-repudiation to internet-based transactions. Customers who pay via SET
cannot dispute afterwards that they did not do the transaction, as all orders are digitally signed. The
digital signature can’t be forged. In addition to this feature, the PKI is used to send encrypted
information via the internet. Using strong encryption, it is possible to transmit the credit card transaction
over public networks such as internet. SET has been developed to provide a confidential way of
payment and order information. All information is a SET transaction is encrypted. The integrity of the
transmitted data is ensured through the digital hash code, which is appended to every message and
enables the receiver to verify that the message has not been altered in transit. The SET protocol is not
dependent on transport security measures and does not prevent their use, such as using additionally SSL
on the top of the SET encryption. As SET programs are developed by several s/w vendors.

SET provides some privacy features which make it harder to gain information on the customer. SET
defines more than just encryption. Transaction flows, message formats and encryption algorithms are
provided as standard in order to guarantee the integrity & confidentiality of the managers and the
authentication of the users. Additional security will be introduced in SET2.0, when smart cards will be
supported. Several pilots for the C-SET are at moment of writing (Chip-secured Secure Electronic
Transaction). SET was developed in 1996 by master card and visa. The SET specifications include the
following:

• HIGHLY SECURE

The transmission of credit card information can be transmitted over public networks using strong
encryption technique.

• LOW VISIBILITY
 Only the information a partner needs to see is displayed. The merchant does not need to see the
credit card information and the bank does not need to see which orders have been placed.

• RECOGNIZED STANDARDS
Transaction flow the message formats, integrity, authentication, confidentiality and the encryption
algorithms are all defined in the SET standard.

• NON-REPUDIATION
The SET standard defines a public key infrastructure, which is used for verification of the
participants and to encrypt / decrypt the messages sent between the partners. A digital signature is
used to identify the participants.

HOW SET TRANSACTION WORK

S-HTTP
S-HTTP was designed by E. Rescorla and A. Schiffman of EIT to secure HTTP connections. S-HTTP
provides a wide variety of mechanisms to provide for confidentiality, authentication, and integrity.
Secure HTTP (S-HTTP) is a secure message-oriented communications protocol designed for use in
conjunction with HTTP. S-HTTP is designed to coexist with HTTP's messaging model and to be easily
integrated with HTTP applications. Secure HTTP provides a variety of security mechanisms to HTTP
clients and servers, providing the security service options appropriate to the wide range of potential end
uses possible for the World-Wide Web (WWW). S-HTTP provides symmetric capabilities to both client
and server (in that equal treatment is given to both requests and replies, as well as for the preferences of
both parties) while preserving the transaction model and implementation characteristics of HTTP.
Several cryptographic message format standards may be incorporated into S-HTTP clients and servers.
HTTPS (S-HTTP) supports interoperation among a variety of implementations, and is compatible with
HTTP. S-HTTP aware clients can communicate with S-HTTP oblivious servers and vice-versa, although
such transactions obviously would not use S-HTTP security features. S-HTTP does not require client-
side public key certificates (or public keys), as it supports symmetric key-only operation modes. This is
significant because it means that spontaneous private transactions can occur without requiring individual
users to have an established public key. While S-HTTP is able to take advantage of ubiquitous
certification infrastructures, its deployment does not require it. S-HTTP supports end-to-end secure
transactions. Clients may be "primed" to initiate a secure transaction (typically using information
supplied in message headers); this may be used to support encryption of fill-out forms, for example.
With S-HTTP, no sensitive data need ever be sent over the network in the clear. SHTTP provides full
flexibility of cryptographic algorithms, modes and parameters. Option negotiation is used to allow
clients and servers to agree on transaction modes cryptographic algorithms (RSA vs. DSA for signing,
DES vs. RC2 for encrypting, etc.); and certificate selection. S-HTTP attempts to avoid presuming a
particular trust model, although its designers admit to a conscious effort to facilitate multiply-rooted
hierarchical trust, and anticipate that principals may have many public key certificates. HTTPS differs
from Digest-Authentication in that it provides support for public key cryptography and consequently
digital signature capability, as well as providing confidentiality. Another popular way of making secured
web communication is HTTPS, which is the HTTP runs on top of TLS or SSL for secured transactions.

Syntactically, Secure HTTP messages are the same as HTTP, consisting of a request or status line
followed by headers and a body. However, the range of headers is different and the bodies are typically
cryptographically enhanced. S-HTTP messages, just as the HTTP messages, consist of requests from
client to server and responses from server to client. The request message has the following format:
Request Line General header Request header Entity header Message Body

In order to differentiate S-HTTP messages from HTTP messages and allow for special processing, the
request line should use the special Secure" method and use the protocol designator "Secure-HTTP/1.4".
Consequently, Secure-HTTP and HTTP processing can be intermixed on the same TCP port, e.g. port
80. In order to prevent leakage of potentially sensitive information Request-URI should be "*". S-HTTP
responses should use the protocol designator "Secure-HTTP/1.4". The response message has the
following format:
Status Line General header Response header Entity header Message Body

Note that the status in the Secure HTTP response line does not indicate anything about the success or
failure of the unwrapped HTTP request. Servers should always use 200 OK provided that the Secure
HTTP processing is successful. This prevents analysis of success or failure for any request, which the
correct recipient can determine from the encapsulated data. All case variations should be accepted.

SMART CARDS
Depending on the type of the application, different levels of memory on the smart card are necessary. If
you want to put data or applications on the smart card only once, it is sufficient to put a little chip on the
card that contains ROM. It program needs to store temporary information on the card, RAM should be
used. Once the smart card has been removed from the terminal, the information is lost. Most
applications require EEPROM which allows data and applications to be stored permanently on the smart
card. Other than with ROM only smart cards, the applications and data can be loaded, executed and
removed onto the card at any time.
Smart cards have an embedded microchip instead of magnetic strip. The chip contains all the
information a magnetic strip contains but offers the possibility of manipulating the data and executing
applications on the card. Three types of smart cards have established themselves:

• CONTACT CARDS: Smart cards that need to inserted into a reader in order to work such as a small
card reader or automatic teller machine.

• CONTACTLESS CARDS: Contactless cards don’t need to be inserted into a reader. Just waving
them near a reader is sufficient for the card to exchange data. This type of card is used for opening
doors.

• COMBI CARDS: Combi cards contain both technologies and allow a wider range of applications.

Generally 128 or 256 Mb EEPROM is used in computers but smart cards can store up to 16Kb. The
newer releases of smart cards are able to hold more than single applications. In order to allow multi-
functionality, it is necessary to ensure security for every application. If an application runs on the card, it
should not be allowed to view data stored by other applications on the same card. Each application needs
to have its own compartment on the smart card. The limitation to multi functionality is the amount of
memory on the smart card itself. Information on smart cards can be accessed in four different ways,
depending on the type of application we want to provide and the type of memory we are using:

• READ ONLY: Information can only be read from the smart card.

• ADD ONLY: Information can only be added to the smart card.

• MODIFY OR DELETE: Information can only be modified or deleted.

• EXECUTION ONLY: Programs can be executed only without seeing any information.

Security is the major issue with smart cards. If a hacker is able to copy or manipulate the content of the
card to another one, it may destroy the business of the smart card application issuer. This means security
functions have to be at the core of all smart cards. However, different applications require different
levels of security and absolute security can’t be guaranteed. In order to make the smart card secure
against manipulation, the basis to ensuring effective protection against manipulation or copying of smart
card requires a secure hardware where by physical countermeasures need to be taken. A secure operating
system and system security is necessary, which means that the communication between all components
involved in the security system is encrypted. The overall level of security is only as good as that of the
weakest element in the chain. Common threats for smart cards are loss of authenticity, integrity,
confidentiality and availability. Smart cards are protected by the PIN (Personal Identification Number)
code. Smart card applications become more popular as they enable customers to pay for goods and
services.

SECURE SOCKET LAYER

The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message
transmission on the Internet. SSL has recently been succeeded by Transport Layer Security (TLS),
which is based on SSL. SSL uses a program layer located between the Internet's Hypertext Transfer
Protocol (HTTP) and Transport Control Protocol (TCP) layers. SSL is included as part of both the
Microsoft and Netscape browsers and most Web server products. Security of data in transit over the
Internet becomes increasingly necessary because of steadily growing data volume and importance.
Nowadays, every user of a public network sends various types of data, from email to credit card details
daily, and he would therefore like them to be protected when in transit over a public network. To this
end, a practical SSL protocol has been adopted for protection of data in transit that encompasses all
network services that use TCP/IP to support typical application tasks of communication between servers
and clients. SSL is designed to make use of TCP as a communication layer to provide a reliable end-to-
end secure and authenticated connection between two points over a network (for example between the
service client and the server). Notwithstanding this SSL can be used for protection of data in transit in
situations related to any network service, it is used mostly in HTTP server and client applications.
Today, almost each available HTTP server can support an SSL session, whilst IE or Netscape Navigator
browsers are provided with SSL-enabled client software.

SSL between application protocols and TCP/IP

The main objectives for SSL are:
• Authenticating the client and server to each other: the SSL protocol supports the use of standard
key cryptographic techniques (public key encryption) to authenticate the communicating parties
to each other. Though the most frequent application consists in authenticating the service client
on the basis of a certificate, SSL may also use the same methods to authenticate the client.
• Ensuring data integrity: during a session, data cannot be either intentionally or unintentionally
tampered with.
• Securing data privacy: data in transport between the client and the server must be protected from
interception and be readable only by the intended recipient. This prerequisite is necessary for
both the data associated with the protocol itself (securing traffic during negotiations) and the
 application data that is sent during the session itself. SSL is in fact not a single protocol but
rather a set of protocols that can additionally be further divided in two layers:
o the protocol to ensure data security and integrity: this layer is composed of the SSL
Record Protocol,
o The protocols that are designed to establish an SSL connection: three protocols are used
in this layer: the SSL Handshake Protocol, the SSL Change Cipher Spec protocol and the
SSL Alert Protocol.

The SSL protocol stack is:

SSL uses these protocols to address the tasks as described above. The SSL record protocol is responsible
for data encryption and integrity. As can be seen in Figure, it is also used to encapsulate data sent by
other SSL protocols, and therefore, it is also involved in the tasks associated with the SSL check data.
The other three protocols cover the areas of session management, cryptographic parameter management
and transfer of SSL messages between the client and the server. Prior to going into a more detailed
discussion of the role of individual protocols and their functions let us describe two fundamental
concepts related to the use of SSL.

WEB ARCHITECTURE AND CGI

The basic web architecture is two-tiered and characterized by a web client that displays information
content and a web server that transfers information to the client. This architecture depends on three key
standards: HTML for encoding document content, URLs for naming remote information objects in a
global namespace, and HTTP for staging the transfer.

• Hyper Text Markup Language (HTML) is the common representation language for hypertext
documents on the Web. HTML is an application of the Standard Generalized Markup Language,
which specifies a formal meta-language for defining document markup systems. An SGML
Document Type Definition (DTD) specifies valid tag names and element attributes. HTML consists
of embedded content separated by hierarchical case sensitive start and end tag names which may
contain embedded element attributes in the start tag. These attributes may be required, optional, or
 empty. In addition, documents can be inter or intra linked by establishing source and target anchor
points. HTML files are viewed using a WWW client browser, the primary user interface to the Web.
HTML allows for embedding of images, sounds, video streams, form fields and simple text
formatting. References, called hyperlinks, to other objects are embedded using URLs. When an
object is selected by a hyperlink, the browser takes an action based on the URL's type, e.g., retrieve a
file, connect to another Web site and display a HTML file stored there, or launch an application such
as an E-mail or newsgroup reader.

• Universal Resource Identifier (URI) - an IETF addressing protocol for objects in the WWW. There
are two types of Uri’s, Universal Resource Names (URN) and the Universal Resource Locators
(URL). URLs are location dependent and contain four distinct parts: the protocol type, the machine
name, the directory path and the file name. There are several kinds of URLs: file URLs, FTP URLs,
Gopher URLs, News URLs, and HTTP URLs. URLs may be relative to a directory or offsets into a
document. Arguments to CGI programs may be embedded in URLs after the ‘?’ character.

• Hyper Text Transfer Protocol (HTTP) - an application-level network protocol for the WWW. It is
describes as a "generic stateless object-oriented protocol." Stateless means neither the client nor the
server store information about the state of the other side of an ongoing connection. Statelessness is a
scalability property but is not necessarily efficient since HTTP sets up a new connection for each
request, which is not desirable for situations requiring sessions or transactions.
1. In HTTP, commands can be associated with particular types of network objects (files,
documents, network services). Commands are provided for

• Establishing a TCP/IP connection to a WWW server,

• Sending a request to the server (containing a method to be applied to a specific network
object identified by the object's identifier, and the HTTP protocol version, followed by
information encoded in a header style),
• Returning a response from the server to the client (consisting of three parts: a status line,
a response header, and response data), and
• Closing the connection.
2. HTTP supports dynamic data representation through client-server negotiation. The requesting
client specifies it can accept certain MIME content types (more on this below) and the server
responds with one of these. All WWW clients can handle text/plain and text/html.
This basic web architecture is fast evolving to serve a wider variety of needs beyond static document
access and browsing. The Common Gateway Interface (CGI) extends the architecture to three-tiers by
adding a back-end server that provides services to the Web server on behalf of the Web client,
permitting dynamic composition of web pages. The Common Gateway Interface (CGI) is a standard
protocol for interfacing external application software with an information server, commonly a web
server. The task of such an information server is to respond to requests (in the case of web servers,
requests from client web browsers) by returning output. Each time a request is received; the server
analyzes what the request asks for, and returns the appropriate output. The two simplest ways for the
server to do this, are the following:
• if the request identifies a file stored on disk, return the contents of that file;
• if the request identifies an executable command and possibly arguments, run the command and
return its output
CGI defines a standard way of doing the second. It defines how information about the server and the
request is passed to the command in the form of arguments and environment variables, and how the
command can pass back extra information about the output in the form of headers. CGI is a standard for
interfacing external programs with Web servers (see Figure 1). The server hands client requests encoded
in URLs to the appropriate registered CGI program, which executes and returns results encoded as
MIME messages back to the server. CGI's openness avoids the need to extend HTTP.

CGI programs are executable programs that run on the Web server. They can be written in any scripting
language or programming language available to be executed on a Web server, including C, C++,
Fortran, PERL, TCL, Unix shells, Visual Basic, and others. Security precautions typically require that
CGI programs be run from a specified directory under control of the Web system administrator, that is,
they must be registered with the system. Arguments to CGI programs are transmitted from client to
server via environment variables encoded in URLs. The CGI program typically returns HTML pages
that it constructs on the fly. Some problems with CGI are:
• The CGI interface requires the server to execute a program
• The CGI interface does not provide a way to share data and communications resources so if a
program must access an external resource, it must open and close that resource. It is difficult to
construct transactional interactions using CGI.