In today's world, electronic commerce is a fast growing industry. Businessmen are transferring their businesses onto the Web in order to increase the sales of their goods and services beyond their geographical area. This helps them to use better options for selling and buying. They also have the option to sell their products directly without the help of distributors or middlemen. The reasons that attract businessmen and consumers towards e-commerce are as follows:
- It opens new markets: Businessmen can find new markets on the Internet. These markets can be within or beyond their geographical area.
- It increases efficiency: The receipt and payment of a product can be made easily using a credit card. It is faster than processing a check from one bank to another.
- It expands the capabilities of traditional commerce: A Web site can be used by different users to store their products and services. Such a Web site can become a very large store for different types of products.
E-Commerce is performed on the Internet, which is also known as a network of networks. Internet has both advantages and disadvantages.
The advantages of the Internet are as follows:
- It can provide employment opportunities such as outsourcing, Web marketing, Web programming, etc.
- It can be used to send messages through e-mails, chats, etc.
- It can be used for purchasing and selling goods.
- It can be used for e-banking.
The disadvantages of the Internet are as follows:
- Unauthorized users can use the Web site for their own purpose.
- The Web sites can be hacked by unauthorized users.
- Viruses on the Internet can corrupt the systems.
- The credit card numbers can be hacked and misused.
Security: Security is a protective measure that is taken to secure the e-commerce transactions, such as payments made through credit cards. The users must be authenticated before using such services because unauthorized user can misuse the confidential data such as credit card number. The following options can be used for securing a Web site from unauthorized users:
Authentication and identification of users: There are various methods available on the Internet to verify the identification of a user. To get authenticated, the owner of the Web site can obtain a certificate from a third party that has researched and verified the authentication of that site.
Access Control: The process of limiting access to the resources of a Web site is called access control. Access control can be performed in the following ways:
- Registering the user in order to access the resources of the Web site. This can be confirmed by the user name and password.
- Limiting the time during which resources of the Web site can be used. For example, the Web site can be viewed between certain hours of a day.
Cryptography: It is a technique of encrypting and decrypting messages. When the text is encrypted, it is not readable by humans. When the text is decrypted, it is readable by the humans. The terms used in cryptography are as follows:
- Plaintext: This text can be read by a user.
- Ciphertext: This text can be converted to a non-readable format.
- Encryption: It is the process of creating a ciphertext from a plaintext.
- Decryption: It is the process of converting a ciphertext to a plaintext.
- Cipher: It is an algorithm that is used to encrypt and decrypt text.
- Key: Keys are the elements that are used in the technology of encrypting and decrypting text.
Types of Cryptography: The encryption schemes in use today are as follows:
- Symmetric Encryption: Symmetric encryption is a type of encryption that uses a single key to encrypt and decrypt data. Symmetric encryption algorithms are faster than public key encryption. Therefore, it is commonly used when a message sender needs to encrypt a large amount of data. Data Encryption Standard (DES) uses symmetric encryption key algorithm to encrypt data.
- Asymmetric Encryption: Asymmetric encryption is a type of encryption that uses two keys - a public key and a private key pair for data encryption. The public key is available to everyone, while the private or secret key is available only to the recipient of the message. For example, when a user sends a message or data to another user, the sender uses a public key to encrypt the data. The receiver uses his private key to decrypt the data.
- One-way Encryption: It is a type of encryption in which data that is encrypted cannot be decrypted. It is used for passwords, personal identification number, etc.
Digital Certificate: A certificate is a digital representation of information that identifies authorized users on the Internet and intranets. It can be used with applications and security services to provide authentication. Certificates are issued by certification authorities (CAs).
Types of Certificates: There are four types of certificates, which are as follows:
- Certification Authority Certificate: It can be a master certificate owned by a trusted certificate provider such as Verisign, Thawte, Baltimore, etc.
- Server Certificate: This certificate is used for the identification of Web servers and their owners. These certificates are necessary to use Secure Sockets Layer (SSL).
- Personal Certificate:
This certificate is used to identify an individual. - Software Publisher Certificate: This certificate is used by the authors of the software. The consumer of the software can use the certificate to check whether or not the software belongs to the same author.
Certification Authority: The party that issues the certificate is called the certification authority. The network of a company uses the certificates to authenticate users. Verisign, Thawte, Baltimore, etc. are the certificate providers.
Digital Signature: Digital signature is a personal authentication method based on encryption and authorization codes. It is used for signing electronic documents. Digital signature not only validates the sender's identity but also ensures that the document's content has not been altered.
