| Student Forum |
| Current Topics : e-Security e-Business |
|
Most organization deploy security system like Firewalls, Intrusion
Detection System and Antivirus software to protect its information
assets from external threats, little realizing that the information assets
are just as vulnerable from within an organization. These breaches could be on account of internal collusion
between employees and trading partners of the organization. The key
here is to build “Trust” around the system. When we talk about "Trust", we essentially address the following questions : Authentication: How do we know whether the person or entity we are dealing is who he or she claims to be ? Confidentiality: Can we be sure that the information we sent across the Internet has indeed gone without someone else taking a look at it? Integrity: How do we know that the data we received has not been altered midway. Non-repudiation: What if the person we transacted with went back on his word? Do we have proof? In the physical world we use and associate the signature of a person to establish identity and credibility of the individual, but what happened in the electronic world? Coupled with this concern is another dimension of law. What is the legal validity and sanctity of an electronic transaction in any court of law? Therefore "Creating Trust" is an e-environment involves assuring the transacting entities about the integrity and confidentiality of the transaction along with the authentication of the sending and receiving entities such that both entities cannot repudiate the transaction. The technology used to achieve this trust is PKI (Public Key Infrastructure). Functioning as electronic credentials that identify transacting individual online, "Digital Signature" enable encrypted communication and enforce legal validity, thereby making them a vital component of online transaction in e-commerce, financial services, supply chain management as well as wireless and mobile communication environment. How Digital Signature Technology Works? Digital signatures are created and verified by cryptography, Digital signatures use what is known as "Public Key Cryptography" which employs an algorithm using two different but mathematically related "keys" one for creating a digital signature or transforming data into a seemingly unintelligible form, and another key for verifying a digital signature or returning the message to its original form. The complementary keys of an asymmetric cryptosystem for digital signatures are arbitrarily termed the private key, which is known only to the signer and used to create the digital signature, and the public key, which is ordinarily more widely known and is used by a relying party to verify the digital signature. If many people need to verify the signer's digital signatures, the public key must be available or distributed to all of them, perhaps by publication in an on- Although the keys of the pair are mathematically related, if the asymmetric cryptosystem has been designed and implemented securely it is "computationally" infeasible to derive the private key from knowledge of the public key. Thus, although many people may know the public key of a given signer and use it to verify that signer's signatures, they cannot discover that signer's private key and use it to forge digital signatures. This is sometimes referred to as the principle of "irreversibility". Another fundamental process, termed a "hash function" is used in both creating and verifying a digital signature. A hash function is an algorithm which creates a digital representation or "Message Digest". In the form of a "hash value" or "hash result" of a standard length which is usually much smaller than the message but nevertheless substantially unique to it. Any change to the message invariably produces a different hash result when the same hash function is used. In the case of a secure hash function, sometimes termed a "one-way hash function", it is computationally infeasible to derive the original message from knowledge of its hash value. Hash functions therefore enable the software for creating digital signatures to operate on smaller and predictable amounts of data, while still providing robust evidentiary correlation to the original message content, thereby efficiently providing assurance that there has been no modification of the message since it was digitally signed. Thus, use of digital signatures usually involves two processes, one performed by the signer and the other by the receiver of the digital signature by the signer and the other by the receiver of the digital signature: (1) Digital Signature Creation. (2) Digital signature verification. To sign a document or any other item of information, the signer first delimits precisely the borders of what is to be signed. The delimited information to be signed is termed the "message" in these Guidelines. Then a hash function in the signer's software computes a hash result unique (for all practical purposes) to the message. The signer's software then transforms the has result into a digital signature using the signer's private key. The resulting digital signature is thus unique to both the message and the private key used to create it. Typically, a digital signature (a digitally signed hash result of the message) is attached to its message and stored or transmitted with its message. However, it may also be sent or stored as a separate data element so long as it maintains a reliable association with its message. Since a digital signature is unique to its message, it is useless if wholly disassociated from its message Verification of a digital signature is accomplished by computing a new hash result of the original message by means of the same hash function used to create the digital signature. Then, using the public key and the new hash result, the verifier checks: (1) whether the digital signature was created using the corresponding private key; and (2) whether the newly computed hash result matches the original hash result which was transformed into the digital signature during the signing process. The verification software will confirm the digital signature as "verified" if: (1) the signer's private key was used to digitally sign the message, which is known to be the case if the signer's public key was used to verify the signature because the signer's public key will verify only a Digital signature created with the signer's private key; and (2) the message was unaltered, which is known to be the case if the hash result computed by the verifier is identical to the hash result extracted from the digital signature during the verification process. |
|
e-Commerce :
e-Commerce is essentially an electronic trading. In simple terms buying or selling
of products, goods, services and information over the net. e-Business : e-Business is a way by which an enterprise can gain value by using Internet in order to communicate and collaborate not only amongst employees within an enterprise, but also with trading partners, suppliers, distributors, customers and shareholders. e-Tendering : It is a scenario in which purchasers use the Internet to invite competitive bids from suppliers (established and approved business partners) for special projects or requirements. A system that displays descriptions of projects up for quotation which may be viewed via access to a specific website on the Internet. A system that in addition to displaying descriptions of projects, review and download tender documents including specifications in electronic form upon payment of a fee without the exchange of paper copies of documents. Formats of e-Tendering : Public Bid Invitations are communicated to potential bidders via the WWW. Notice of the bid Invitation is published. Bidders then log onto e-Tendering application to read the bid invitation in detail, and to enter bids. Non- Public Bid Invitations (Private Tenders)are only communicated to business partners, who pay a certain amount of EMD (Earnest money deposit) they can log on to the secure system, view the contents and tender details and enter their bids. Mixed Tender Event Some phases of the event would be typically public but after initial short-listing the event will turn out to be Private screening the event from the disqualified. Benefits: For Buyers : Streamlines the tendering process, Reduces Paperwork, Reducing the overall tender cycle time significantly Access to all current and archived tender history For Suppliers : Easy on-line access and management of the tender reply in a totally secure environment Improved and fast access to information and lodgment How does e-business help : e-Business supports globalization, reduced cycle time, speed, flexibility and competitiveness. This helps enterprises to make fundamental changes in the way business is done, aided, abetted, supported and enabled by technology in order to get significant return on investment The growth rates of business-to-business and business-to-consumer transactions are dramatic. E-Business enables a supply chain to economize and enhance customer relationships, irrespective of the size of the chain. e-Business is: Exchange of digital information (text, images, graphics and payments) using a combination of structured and unstructured data databases and database access across the entire range of networked technologies. Electronic link between ‘dispersed sources of information’. What is a Reverse Auction? One buyer negotiating prices among many resellers. Bidders bid more than once and their identities are unknown to one another. This results in dynamic competition and pricing that is closer to true market pricing. Also referred to as Online Bidding, Sourcing event. Real time Information: e-Business generates real time information about customer behaviour. Enterprises are discovering that if they have the right information in the right place, at the right time then logistical decision making can become easier, more efficient and in some cases so honed to customer requirements that it creates competitive advantage. An atmosphere of mutual trust and mutual gain is created wherein customer and supplier share vital operational information. Human element is the key: It is the people and not the technology which is key to the success of any enterprise. The key issue is the change of culture that has to take place in order to use the information released by technology. Information has to be shared between enterprises in a larger supply chain. The success is dependent on how the people in enterprises choose to use the information received to their advantage to be competitive. The trading partners in the supply chain should concentrate on a common goal of reaching products and services to customers as effectively as possible. IT function is strategic Enterprises realized the importance IT in their businesses and the distinct and related technologies has allowed businesses to transmit and receive data in an inexpensive, simple and easy manner. e-Business Driver: Technology as an enabler Ensure responsiveness of govt. through citizen participation Service without geographical or time boundaries, without the intervention of “person on the counter “ A homogeneous e-platform is needed with “open” - ability to interface over a variety of platforms online & offline capabilities Sound authentication & security & across channels Has to be transaction driven to ensure participation Information is static - Transactions DRIVE the usage Capture periodic/ regular transactions to increase frequency of visits Wider basket of services Transactions also ensure feedback about services Economies of scale would enable creation of a transaction based revenue model service charges are acceptable Self sustaining revenue model foster entrepreneurship encourage private investment lead to employment generation Delivery platform should maintain high levels of service be scalable; and have self-sustaining revenue model Service delivery model “click & brick” - offline assistance available support offline authenticated modes (smart cards) |