UNIT - IV

E-PAYMENT SYSTEMS

E-banking at ICICI Bank

 The Internet banking is changing the banking industry and is having the major effects on
banking relationships.
 Internet banking involves use of Internet for delivery of banking products & services.
 It falls into four main categories, from Level 1-minimum functionality sites that offer
only access to deposit account data-to Level 4 sites-highly sophisticated offerings
enabling integrated sales of additional products and access to other financial services-
such as investment and insurance.
 In other words, a successful Internet banking solution offers
 Exceptional rates on Savings, CDs, and IRAs
 Checking with no monthly fee, freed bill payment and rebates on ATM surcharges
 Credit cards with low rates
 Easy online applications for all accounts, including loans and mortgages
 24-hour account access
 Quality customer service with personal attention
Automated Teller Machine (ATM)
 ATM is designed to perform the most important function of bank. It is operated by plastic
card with its special features.
 The plastic card is replacing cheque, personal attendance of the customer, banking hours
restrictions and paper based verification.
 There are debit cards. ATMs used as spring board for Electronic Fund Transfer.
 ATM itself can provide information about customers account and also receive
instructions from customers-ATM cardholders.
 An ATM is an Electronic Fund Transfer terminal capable of handling cash deposits,
transfer between accounts, balance enquiries, cash withdrawals and pay bills. It may be
on-line or off-line.
Credit Cards/ Debit Cards
 The Credit Card holder is empowered to spend wherever and whenever he wants with his
Credit Card within the limits fixed by his bank.
 Credit Card is a post paid card. Debit Card, on the other hand, is a prepaid card with
some stored value.
 Every time a person uses this card, the Internet Banking house gets money transferred to
its account from the bank of buyer.
 The buyers account is debited with the exact amount of purchases. An individual has to
open an account with the issuing bank which gives debit card with a Personal
Identification Number (PIN).
 When he makes a purchase, he enters his PIN on shops PIN pad.
  ICICI Bank Corporate Internet Banking (CIB) is a one stop shop for all your online
banking needs.
 It gives you the power to execute critical bank transactions instantly from your office
locations with no time lags and hence is an indispensable tool in today’s 24 X 7 high-
speed business world.
Non-Transaction Services
 Real Time Account Balance Information
 Download of Account Statements in six formats
 Subscription for Account Statements by E-mail
 Request for Cheque Book, Stop Payment and FD Opening
 Trade MIS to view all your trade-related banking information.
Transaction Services
 Transfer funds within own ICICI account (Self account transfer)
 Transfer funds to channel partners ICICI account (Own to External transfer.)
 Transfer funds from channel partners ICICI account (External to Own)
 Transfer funds to non-ICICI Bank accounts using EFT/NEFT/RTGS.
 Utility Bill Payment to more than 85 billers across India
 Online Tax payment facility
 e-payment gateways.
Mobile Banking
 In today’s hectic corporate world, it may not be always easy to keep track of everything
related to your finance and blocking.
 Now with ICICI Bank’s secured Mobile Banking Service, you can across your bank
accounts and carry out transactions through your mobile.
 Get alerts and reminders at right moment and more. Our secured Mobile Banking Service
answers your business needs, all through the push of a few buttons.
Push-based Alerts
 You will receive alerts for following transactions:
 Daily Closing Account balance
 Inward cheque returns above Rs 5000.00
 Outward cheque returns above Rs 5000.00
 Debit above Rs 5000.00
 Credit above Rs 5000.00
* Charges-as per schedule of charges.
Pull-based Alerts
 You can register for pull-based alerts only through Corporate Internet Banking (CIB).
 The corporate users can avail the following banking services:
 Retrieve account balance
 Retrieve last five transactions
  Change SMS password
 Unsubscribe from Mobile Banking
 Status of issued cheque

MAIN CONCERNS IN INTERNET BANKING

 In a survey conducted by the Online Banking Association, member institutions rated
security as the most important issue of online banking.
 There is a dual requirement to protect customer’s privacy and protect against fraud.
 Banking Securely: Online Banking via the World Wide Web provides an overview of
Internet commerce and how one company handles secure banking for its financial
institution clients and their customers.
 Firewalls and filtering routers ensure that only the legitimate Internet users are
allowed to across the system.
 Encryptions technique used by the bank (including the sophisticated public key
encryption) would ensure that privacy of data flowing between the browser and the
Infinity system is protected.
 Digital certification procedures provide the assurance that the data you receive is
from the Infinity system.
ONLINE BANKING HOUSEHOLDS AND THOSE THAT PAY ONLINE
Year Banking online (million) Paying online
2003 29.6 50%
2004 35.3 57%
2005 40.9 64%
2006 46.2 71%
2007 51.3 78%
2008 56.0 85%
History’s Lesson About Payments: People Drive Change
 The development if money is not dependent solely on objective characteristics.
Subjective valuations play a critical role.
 Ultimately consumers determine what form of money is most desirable-people simply
substitute cheaper forms of money for expensive and inconvenient forms.
 It is ultimately through this substitution in use that new money forms embed themselves
in the marketplace.
Digital Payment Requirements
 For any digital payment system to succeed, the criteria given in Table ought to be
satisfied.
DIGITAL PAYMENT REQUIREMENTS
Criteria Need for the criteria
Acceptability Payment infrastructure needs to be widely accepted.
Anonymity Identity of the customers should be protected.
Convertibility Digital money should be convertible to any type of fund.
Efficiency Cost per transaction should be near zero.
Integration Interfaces should be created to support the existing system.
Scalability Infrastructure should not breakdown if new customers
and merchants join.
Security Should allow financial transactions over open network.
Reliability Should avoid single points of failure.
Usability Payment should be as easy as in the real world.
ONLINE PAYMENT CATEGORIES
Category Description
Micropayment Transaction value less than 5 euros or dollars.Transaction
costs are nearly zero.
Consumer Transaction value between 5 and 500 euros or
dollars. Payments are executed by credit card transactions.

Business Transaction value more than 500 euros or dollars.

payments Debit cards or invoices are appropriate solutions in this System.
 EFT is defined as:
 any transfer of funds initiated through an electronic terminal, telephonic instrument, or
computer or magnetic tape so as to order, instruct, or authorize a fine new institution to
debit or credit an account.

 EFT utilizes computer and telecommunication components, both to supply and to transfer
money or financial assets.

DIGITAL TOKEN-BASED E-PAYMENT SYSTEMS

 The introduction of charge cards in the early 1900s, beginning with western union in
1914, represented a breakthrough in payments.
 But while these cards enhanced customer loyalty and stimulated repeat behavior, they
were generally limited to the local market, or in store use.
 In 1958, Bank of America took a major step forward, introducing what eventually
became the modern credit card.
 Based on extensive test marketing in Fresno, California, it became clear there was a large
market for a general purpose bank card featuring a revolving credit facility and wide
acceptance.
 With the launch of Bank of America’s card, the consumer was not tied to one merchant
or product, but was now free to make credit purchases at a wide range of outlets.
 As the adoption of the bank card grew, the potential size of the market for transactions
expanded geometrically. It was profound turning point in the history of money.
Benefits to Buyers
 Convenience of global acceptance, a wide range of payment options, and enhanced
financial management tools.
  Enhanced security and reduced liability for stolen or misused cards.
 Consumer protection through an established system of dispute resolution.
 Convenient and immediate access to funds on deposit via debit cards.
 Accessibility to immediate credit. Intuitively, the comparative cost of arranging for a
consumer loan relative to the ability to obtain credit at the point of sale is substantial in
considering both the direct processing costs as well as the implicit opportunity costs to
borrower and lender.
Benefits to sellers
 Speed and security of the transaction processing chain from verification and authorization
to clearing and settlement.
 Freedom from more costly labour, materials, and accounting services that are required in
paper-based processing.
 Better management of cash flow, inventory and financial planning due to swift bank
payment.
 Incremental purchasing power on the part of the consumer.
 Cost and risk savings by eliminating the need to run an in-house credit facility.
Convenience
 Anyone who has searched through pockets for exact change for parking, fumbled with
foreign currency, paid exorbitant foreign exchange commissions, tried to cash a cheque in
another country or been concerned about carrying a large roll of banknotes can appreciate
the convenience of payment cards.
 Fundamental to this convenience is the virtually ubiquitous acceptance and utility,
whether it is an apparel store in Paris or a crafts shop in Nepal.
 Payment cards work in brick and mortar environments, over the phone, on the Internet,
and through the post.
 Applications are underway that support new uses such as recurring payments, insurance
and payroll disbursements, rent and utility bills, and small ticket transactions such as
vending machines and car parks.
 Consumers place an enormous value on convenience, although this paper has not
attempted to measure it.
 The sheer convenience of being able to access cash at an ATM or conduct a transaction
directly at the point of sale with a credit or debit card clearly has had an impact on
economic growth.
Credit Cards as E-payment Systems
 Without doubt, the basic means of payment used and initiated via the Internet for
consumer transactions till date is the credit card.
 Credit cards have proved popular for a number of reasons as the following:
1. The system is familiar to users and was widely used before the advent of e-
commerce, thus bolstering the users’ confidence.
 2. Transaction costs are hidden from users (i.e. basically met by sellers, and passed on to
all customers, not just credit card users).
3. Payment is simple anywhere and in any currency, thus matching the global reach of
the Internet.
4. The credit-issuing company shares the transactions risk; helping overcome consumers
fear and reluctance to buy goods they have not actually seen, from sellers they do not
know (in the physical world this function was important because it enabled sellers to
take payment from buyers they do not know; online this trust relationship is needed in
both directions).
Disadvantages of Credit Cards
 Credit cards have their own disadvantages. First, the relatively high transaction cost
makes them impractical for small-value payments.
 Second, they cannot be used directly by individuals to make payments to other
individuals (peer-to-peer transactions).
 Third, protecting the security of transactions is vital, especially in the virtual world where
there is no payment guarantee to the merchant by a bank.
 Users’ fears about security issues seem to be a consequence of the newness and relative
unfamiliarity of the medium, rather than the real risks involved in the system.
E-payments in India
 India’s payment system is evolving to support e-payments in tandem with paper-based
payments after the Reserve Bank of India started promoting automation in the banking
industry in 1990s.
 The RBI initially set up an electronic clearing service (ECS) to clear low-value, large-
volume payments such as direct credits and debits within four days, and this drive
succeeded despite the varying automation levels of India’s banks.
 Just recently, the RBI also built out the national EFT system for a special EFT system for
a special EFT (SEFT) system to act as a key component of India’s e-payment system and
to resolve last-mile connectivity issues between entities, according to FinanceAsia.com.
Security Issue and Encryption
 What has proven to be a problem from the security point of view is not interception, but
authentication.
 Some of the most serious cases of online fraud seem to be involved with the use of details
of cards used in traditional ways (e.g. payments slips collected from among paper
wastes).
 Having collected the card numbers, by some means, fraudsters exploit the anonymity of
the Internet to use the details and make untraceable purchases (when making cross-border
purchases, they may be further aided by the fact that the address-verification system used
by merchants to compare billing and delivery information in the US is the useless
overseas).
  In response to this threat, credit-issuing companies are planning to implement measures
such as the use of smart cards to improve authentication.
Method Percentage
Lost or stolen card 48%
Identity theft 15%
Skimming (or cloning) 14%
Counterfeit card 12%
Mail intercepts fraud 6%
Other 5%
Source: Celent Communications, January 2003.
E-payment Security in Indian Banks
 Five banks in India-ICICI Bank, State Bank of India, Bank of Baroda, IndusInd Bank and
Citibank (India)-have started a pilot EMV program in partnership with Indian tech
consortium, Zero-Mass, and Bell ID.
 The State Bank of India is to provide clearing and settlement for the pilot, which will use
Bell ID’s ANDiS4EMV solution to manage the lifecycle of the chip-based credit and
debit cards.
 Even after the cards are issued, issuers can use the card-management software to add,
modify and delete application, while managing data preparation, risk parameter
management, and key processing.
Encryption and Credit Cards
 Encryption is instantiated when credit card information is entered into a browser or other
e-commerce device and sent securely over the network from a buyer to a seller as an
encrypted message.
1. A customer presents his or her credit card information (along with an authenticity
signature, or other information such as mother’s maiden name) securely to the
merchant.
2. The merchant validates the customer’s identity as the owner of the card account.
3. The merchant relays the credit card charge information and signature to its bank or
online credit cards processors.
4. The bank or processing party relays the information to the customer’s bank for
authorization approval.
5. The customer’s bank returns the credit card data, charge authentication, and
authorization to the merchant.
Business Pros and Cons of Credit Card-based Payment
 Third-party processing for credit cards entails a number of pros and cons.
 These companies are chartered to give credit accounts to individuals and act as bill
collecting agencies for businesses.
 Consumers use credit by presenting them for payment and then paying an aggregate bill
every month.
  Consumers pay either by flat fee or individual transaction charge service. Merchants get
paid for the credit card drafts that they submit to the credit card company.
 Businesses get charged a transaction charge ranging between 1 per cent to 3 per cent for
each draft submitted.
 Record keeping with credit cards is one of the features consumers value most, because of
disputes and mistakes in billing.
 Disputes may arise because different services may have different policies. For example,
an information provider might charge for partial delivery of a file (the user may have
abandoned the session after reading a part of the file), and a movie distributor might
charge depending on how much of the video had been disputes.
 In general, implementing payment policies will be simpler when payment is made by
credit card rather than by cash.
The Mobile Payments
 The biggest wildcard in the e-commerce and e-payment field at the moment is the way
mobile Internet access develops.
 Already schemes such as Internet access via SMS (short message service), and pre-paid
re-loadable cards are in place, allowing payment to be made via a mobile phone.
 The use of the SIM card in the user’s mobile phone as part of a payment system implies a
shift in the roles of both banks and telephone operators.

CLASSIFICATION OF NEW PAYMENT SYSTEMS

 For the time being, the New Payment Systems can be roughly divided into 2 groups: one,
using smart cards, and the other using the Internet.
 Traditional payment instruments such as cash, cheques, credit cards, EFT/POS, and
account transfer have strong points-convenience and ease of circulation-but they are
weak due to their high handling costs.
1. Cash substitution
2. Cheque substitution
3. Credit card substitution
4. Account transfer substitution systems.
GROUPS AND EXAMPLES OF THE NEW PAYMENT SYSTEMS
Technology Substitution Circulation within the Circulation outside the
banking system banking system

Smart Card Cash Visa International: Visa Mondex International:

Cash Electronic Mondex
Payment
Services:SmartCash
Internet Credit Card CyberCash: Credit Card
Service
EFT Intuit: Quicken
Smart Card Cash Payment System
 We will first look at the smart card-based cash payment system. In the early 1990s, a
payment system for low value amounts using smart cards was first introduced in Europe.
 Most of these methods are known as stored value cards or electronic purse system. Units
of prepayment or currency value are electronically stored on an IC chip imbedded in
these cards.
 When purchases are made, the payment is effected through these units of electronic
value.
 Smart cards are credit and debit cards and other card products enhanced with
microprocessors, capable of holding more information than the traditional magnetic
stripe.
 The chip, at its current state of development, can store significantly greater amounts of
data, estimated to be 80 times more than a magnetic stripe.
 The benefits of smart cards will rely on the ubiquity of devices called smart card readers
that can communicate with the chip in a smart card.
 In addition to reading from and writing to smart cards, these device can also support a
variety of key management methods.
 Some smart-card readers combine elements of a personal computer, a point-of-sale
terminal, and a phone to allow consumers to quickly conduct financial transactions
without leaving their homes.
Micropayment System
VISA Cash of Visa International
 Visa International, the world’s largest credit card company, introduced their own stored
value card (VISA Cash) in 1995 under license from and incorporation of the technology
developed by Danmont in Denmark.
 In the system of VISA Cash, the transaction is made on an existing financial network of
Visa, where large value payments are also transacted.
 The level of security is quite high. However, as all transaction data go through the data
centre’s of Visa International, anonymity could be jeopardized.
Mondex of Mondex International
 We will now explore the system of Mondex which has been developed by National
Westminster Bank (hereafter, NatWest Bank), a major commercial bank in Britain.
 In December 1993, NatWest Bank announced an electronic low value payment system
called Mondex.
 Mondex can be classified as a cash substitution system using smart cards, which in a
sense is the same as VISA Cash, but the concept is notably different.
 In the Mondex system there is one issuing body-the originator of electronic value in the
currency of the country.
  This originator basically serves as an issuing bank in the Mondex system and issues to
the Mondex member banks, the equivalent amount of electronic Mondex value in
exchange for prime negotiable instruments or crash.

PROPERTIES OF ELECTRONIC CASH (E-CASH):

 There are many ways of implementing an e-cash system. e-cash must have the following
four properties.
1. Monetary value.
2. Interoperability.
3. Retrievability.
4.Security.
 E-cash must have a monetary value; it must be backed by cash (currency), a bank-
authorized credit, or a bank-certified cashier’s cheque.
 E-cash must be interoperability, that is, exchangeable as a payment for other e-cash,
paper cash, goods or services, lines of credit, deposits in banking accounts, bank notes or
obligations, electronic benefits transfer.
 E-cash must be storable and retrievable. Remote storage and retrieval (e.g. from a
telephone or a personal communications device) would allow users to exchange e-cash.
 E-cash should not be easy to copy or tamper with while being exchanged.
E-cash in action:
 E-cash is based on cryptographic systems called digital signatures. This method involves
pair of numeric keys that work in tandem: one for locking (or encoding), and the other for
unlocking (or decoding).
 Messages encoded with numeric key can only be decoded with the other numeric key and
none other.
Purchasing E-cash from Currency services:
 The purchase of e-cash from an online currency server (or bank) involves two steps:
1. Establishment of account, and
2. Maintaining enough money in the account to back to maintain anonymity or because
they do not have a bank to purchase.
 Currently, in most e-cash trials, all customers must have an account with a central online
bank.
 Finally, customers use the e-cash software on the computer to generate a random number.
Using the Digital Currency:
 The customer wants to make the payment; the software collects the necessary amount
from the stored tokens.
 Two types of transactions are possible: bilateral and trilateral.
 In many business situations, the bilateral transaction is not feasible because of the
potential for double spending, which is equivalent to bouncing a cheque.
Operational Risk and E-cash:
 Operational risk associated with e-cash can be mitigated by imposing constraints, such as
limits on
 The time over which given electronic money is valid.
 The amount that can be stored on and transferred by electronic money.
 The no. of exchanges that can take place before money needs to be redeposit with
a bank or a financial institution, and
 The no. of such transactions that can be made during a given period of time.
Legal Issues and E-cash:
 Anonymous and virtually untraceable cash transactions today occupy a place in a kind of
underground economy.
 This underground economy is generally confined to relatively small-scale transactions
because paper money in large quantities is cumbersome to use and manipulate, organized
crime being the obvious exception.
 Consider the impact of e-cash on taxation. Transaction based taxes (e.g sales taxes)
account for a significant portion of state and local government revenue.

CHEQUE PAYMENT SYSTEMS ON THE INTERNET:

Magnetic Ink Character Recognition (MICR):
 In this system, data are printed at the bottom of cheques in magnetic ink, for an electronic
read is a typical use of electronics for cheque processing.
Check Free Payment Services of Check Free:
 Check Free offered the electronic cheque service Check Free payment services on the
Internet.
 Upon customer request, this service issues an electronic cheque and executes the
settlement between customer and retailer.
Electronic Cheque (E-cheque):
 FSTC commenced an electronic cheque system on the Internet called electronic cheque.
This is one of FSTC’s five major development projects, the others being:
1. Cheque truncation.
2. Electronic commerce.
3. Security measures.
4. Smart and systems.

RISK AND E-PAYMENT SYSTEMS:

There are three major risks:
1. Data Protection – The abuse of data related to users.
2. Data Reliability – The authentication of parties involved.
3. Taxation – Issues related to tax.
 Related to the above main issues is the type of legal frame work in which this model
works.
 Electronic commerce is difficult to regulate for two main reasons:
 1. The scope of electronic commerce and the technology involved changes rapidly.
Traditionally, the information of the law has been an evolutionary process, adapting
to suit the needs of society.
2. The very nature of the technology involved means that it is transnational. This leads
to problems as to which legal systems has jurisdiction over e-commerce transactions.
Data Protection:
 Technologies concerned with authorization include firewalls, password access, smart
cards, and biometrics fingerprinting.
 One essential challenge of e-commerce is risk management. Operation of e-payment
systems incurs three major risks: fraud or mistake, privacy issues, and credit risk.
Risk from Mistake and Disputes: Consumer Protection:
 Virtually, all e-payment systems need some ability to keep automatic record, for obvious
reasons.
 From a technical standpoint, this is not a problem for electronic systems.
 Credit and debit cards have them, and even the paper-based cheque creates an automatic
record.
 The nature of electronic transactions and dispute resolution relying solely on records, a
general law of payment dynamics and banking technology might be that no data need
ever be discarded.
 The features of the automatic records include:
 Permanent storage.
 Accessibility and traceability.
 A payment system database.
 Data transfer to payment maker, bank, or monetary authorities.
Managing Information Privacy:
 The e-payment systems must ensure and maintain privacy. Every time one purchases
goods using a credit card, subscribes to magazine, or accesses a server, that information
goes in to the database.
Managing Credit Risk:
 Credit or systemic risk is a major concern in net settlement systems, because a bank’s
failure to settle its net position could lead to chain reaction of bank failures.
 Without such guarantees, the development of clearing and settlement systems and money
markets may be impeded.

DESIGNING E-PAYMENT SYSTEMS:

 Despite cost and efficiency gains, many hurdles need to be overcome for the spread of e-
payment systems.
1. Privacy:
A user expects trustworthiness of a secure system.
2. Security:
 A secure system verifies the identity of two-party transactions through “User
Authentication”, and reserves flexibility to restrict information / services through
access control.
3. Intuitive interfaces:
The payment interface must be as easy to use as a telephone.
4. Database integration:
With home banking, for example, a customer wants to play with all his accounts. The
challenge before banks is to tie this database together and allow customer’s access to
any of them while keeping the data up-to-date and error-free.
5. Brokers:
A “Network banker” – someone to broker goods and services. Settle conflicts, and
facilitate financial transactions electronically.
6. Pricing:
One fundamental issue is how to price payment system services. Thus investment in
systems not only might not be recovered, but also substantial ongoing operational
subsidies will be necessary.
7. Standards:
Without standards, the welding of different payment users in to the different networks
and different systems is impossible.
The Key to Security: Cryptography:
 Cryptography relies on two basic components: an algorithm (or cryptographic
methodology), and a key.
 Algorithm is the method used to encrypt the message, and key is the object used to
decrypt the message.
 Cryptosystems are being increasingly used in encryption, authentication, integrity, non-
repudiation, and management of other crypto systems like key management.
Examples of Encryption Techniques:
Caesar’s Method:
 This is one of the oldest techniques of encryption. It traces its history back to Roman
times.
 It is really simple method of encrypting a message. It involves shifting each letter of the
message to a letter that appears k letters after it.
 In the method that was first devised by the Romans, k was equal to 3. What this meant
was that each letter was shifted 3 places to the right.
 For example, ‘A” would be transformed to ‘D’, ’B’ to ‘E’, ‘C’ to ‘F’, and so on. So
starting with ABCDEFGHIJKLMNOPQRSTUVWXYZ and sliding everything up by 3,
you get DEFGHIJKLMOPQRSTUVWXYZABC where, D=A, E=B, F=C, and so on.
Using this scheme, the plain text “SECRET” encrypts as “VHFUHW”.
Letter Pairing:
  This method is similar to Caesar’s method. Here, instead of shifting each letter to some
places to its right, letters are paired off with each other in a random manner. For example,
consider the pairing A →Z, B→Y, C→X, and so on.
RSA:
 RSA Stands Rivest, Shamir and Adlemen – the three cryptographers who invented first
practical commercial public key cryptosystems.
 It works on the basic fact that large numbers are extremely difficult to factorize.
 RSA uses two large prime numbers. Numbers must be quite large in length, 100 to 300
bits, and must have a prime value.
 RSA seems to be a reliable and a fast algorithm, but the serious persisting flaws consist
of the hiding of two initial numbers chosen from the IP table.
DES:
 This is an example of a widely used secret key encryption system.
 DES encrypts and decrypts data in 64-bit blocks, using a 64-bit key although the effective
key strength is only 56 bits).
 It takes a 64-bit block of plain text as input, and outputs a 64-bit block of cipher text.
 It always operates on blocks of equal size, and it uses both permutations and substitutions
in the algorithm.
Attacks on Crypto Systems:
 One of the most important perspectives of key management is to prevent attacks or to
make attacks practically infeasible.
Symmetric Key Crypto Systems:
 This is historically known as the secret key systems. In this crypto system, the key for the
underlying mathematical function can be used to reverse this mathematical function.
 There are two types of symmetric key crypto systems: ‘Stream’ ciphers are used in
mobile communication, and ‘block’ ciphers are used for encryption/authentication.
Asymmetric Key Crypto Systems:
 This is also known as public key systems. The key for the underlying mathematical
function cannot be easily used to reverse the mathematical function.
 A separate key is required to do this.
 This system is based on a one-way mathematical function – easy in one direction but very
difficult to reverse.
 Asymmetric key crypto systems are flexible to implement as compared to secret key
systems, but are much slower to execute. This system is widely used in digital signature,
key management, and entity authentication.
A Matter of Keys:
 The key for any crypto system is a string of binary digits (bits) that holds information.
 For asymmetric systems also, the key is a string of binary digits but all such strings are
not valid keys.
  In symmetric system, the technique for finding unknown key for block and stream
ciphers is the same.
 For some data processed by block ciphers, one has to try all possible keys until one finds
out a small collection of keys that work.
 The objective for strong block cipher design is to ensure that exhaustive key search takes
far longer time and is far more expensive than it is feasible, and there is no other way of
getting the unknown key more quickly and more cheaply than exhaustive.
Exhaustive Search:
 An exhaustive attack on a block cipher is very complex. This is because one has to look
for all the keys for an exhaustive key search, and the larger the number of keys, the
harder this is.
 An exhaustive key search for a DES key will require 256 tests, which is equal to 7.2 x
1016 tests.
 Clearly, the feasibility of an attack depends on the computing resources of the attackers.

DIGITAL SIGNATURE:
 Digital signature provides information regarding the sender of an electronic document.
The technology has assumed huge importance recently, with the realization that it may be
the remedy to one of the major barriers to growth of electronic commerce: fear of lack of
security.
 Digital signatures provide data integrity, thereby allowing the data to remain in the same
state in which it was transmitted.
 The identity of the sender can also be authenticated by third parties.
 The most widely used type of cryptography is public key cryptography, where the sender
is assigned two keys – one public, one private.
 The original message is encrypted using the public key while the recipient of the message
requires the private key to decrypt the message.
 The recipient can then determine whether the data has been altered.

Public Key
Certification Authority

 the owner of the key pair Message Public Key

 the organization of th owner Digest Algorithm
 their public key Algorithm
Digital
Signature
  expiration information
 A certification authority (CA) performs the task of managing key pairs, while the
verification of the person or entity bound to that key pair is initially ascertained at the
time of application by the registration authority.
 A certificate is issued by a CA and links an individual or entity to its public key, and in
some cases to its private key.
Legal Positions of Digital Signatures:
 A substantial amount of legislation regulating the use of digital signatures And their legal
status has been enacted.
 Developments are also taking place at a global level. The Internet Engineering Task
Force (IETF), the International Organization for Standardization (ISO) and W3C are
currently working on standardization of digital signatures.

Signatures and the Law:

A signature is not a part of the substances of a transaction, but rather its representation or
form. Signing writings serve the following general purposes:
Evidence:
 A signature authenticates the writing by identifying the signee with the signed document.
When the signer makes a mark in a distinctive manner, the writing becomes attributes to
the signer.
Legality:
 The act of signing a document calls to the signer’s attention, the legal significance of the
signers act, and thereby helps prevent “inconsiderate” engagements.
Approval:
 In certain contexts defined by a law or custom. a signature expresses the signer’s
approval or authorization of the writing, or the signers claim that it has legal validity.
Efficiency and Logistics:
 A Signature on a written document often imparts a sense of clarity and finality to the
transaction, and may lessen the subsequent need to inquire beyond the face of a
document.
Authenticity:
To achieve the basic purposes of signatures outlined thus, a signature must have the
following attributes:
 Signer authentication:
A signature should indicate who signed a document, a message or a record, and should be
difficult for another person to produce without authorization.
 Document authentication:
A signature should identify what is signed, making it impracticable to falsify or alter
either the signed matter or the signature without detection.
Affirmation:
  The affixing of the signature should be an affirmative act, which serves the ceremonial
and approval functions of a signature and establishes the sense of having legally
consummated a transaction.
How Digital Signature Technology Works:
 Digital signatures are created and verified by cryptography. Digital signatures use public
key cryptography, which employs an algorithm using two different but mathematically
related “keys”.
 The complementary keys of an asymmetric crypto system for digital signatures are
arbitrarily termed private key, which is known only to the signer and used to create the
digital signature, and the public key , which is ordinarily more widely known and is used
by a relying party to verify the digital signature.
 Another fundamental process, termed hash function, is used in both creating and
verifying a digital signature. A hash function is an algorithm which creates a digital
representation or “fingerprint” in the form of a “hash value”.
Digital Signature Creation:
 This uses a hash result derived from and unique to both the signed message and a given
private key.
Digital Signature Verification:
 This is the process of checking the digital signature by reference to the original message
and the given public key, there by determining whether the digital signature was created
for that same message using the private key corresponding to the referenced public key.
 To sign a document or any other item of information, the signer first delimits precisely
the borders of what is to be signed.
 Typically, a digital signature is attached to its message and stored or transmitted with its
message.
 Verification of a digital signature is accomplished by computing a new hash result of the
original message by means of the same hash function used to create the digital signature.
 Various asymmetric cryptosystems create and verify digital signatures using different
algorithms and procedures, but share this overall operational pattern.
Signer Authentication:
 If a public and a private key pair is associated with an identified signer, the digital
signature attributes the message to the signer.
Message Authentication:
 The digital signature also identifies the signed messages, typically with far greater
certainty and precision than paper signatures.
Affirmative Act:
 The process of creating and verifying a digital signature provide a high level of assurance
that the digital signature is genuinely the signers.
  Digital signatures have been accepted in several national and international standards
developed in cooperation with, and accepted by many corporations, banks, and
government agencies.
Digital Signature and Indian Websites:
INDIAN WEBSITES THAT USE DIGITAL SIGNATURE
Shopping and Auctions sites Sify Mall
Bazee
Fabmall
Rediff
Bookings and Reservations All major airlines
Indian Railways
Service Companies e-payments Cellular Providers
ISPs
Net Banking ICICI
Following is the list of certifying authorities in India
 SafeScrypt.
 National Informatics Centre.
 Tata Consultancy Services.
Public Key Certificates:
 To verify a digital signature, the verifier must have access to the signer’s public key and
have assurance that it corresponds to the signer’s private key.
 In a transaction involving only two parties, each party can simply communicate the
public key of the key pair each party will use.
 To assure both message and identity authenticity of the certificate, the certifications
authority digitally signs it.
 A digital signature, whether created by a subscriber to authenticate a message or by a
certification authority to authenticate its certificate.
 To make a public key and its identification with a specific subscriber readily available for
use in verification, the certificate may be published in a repository or made available by
other means.
The Secure E-Payment Process Method:
 Secured payment transactions system is critical to e-commerce. Without a secured
payment transaction system, e-commerce will be castle built on sand.
 There are two common standards used for secure e-payments – SSL and SET.
 Secure Socket Layer (SSL) and Secure Electronic Transactions (SET) are two major
players in the secured payment transactions market.
SSL:
 SSL is a secured socket connection for cyber shoppers to send payment information to e-
tailor’s shop.
 Currently, the fast growing Internet consumer commerce is mainly based on accepting
credit card over SSL.
  One of the reasons for the growth in this direction is that SSL provides secured
connection with encryption and authentication between two computers over the Internet.
SET:
 SET is messaging protocol designed by VISA and MasterCard for securing credit card
transactions over open networks, such as Internet.
 In the SET protocol, a transaction has three players – the customer, the merchant, and the
merchant’s bank.
 SET protocol has three principal features as listed in the following:
1. All sensitive information sent within the three parties is encrypted.
2. All three parties are required to authenticate themselves with certificates from the
SET certificate authority.
3. The mechanism never sees the customer’s card number in plain text.

ONLINE FINANCIAL SERVICES IN INDIA:

 Web-based banks figured their pitch was irresistible – by eliminating physical branches,
tellers, and brokers hours, they could slash costs and offer customers higher interest rates
and more convenience.
 Online banks have also learned that convenience means more than just twenty-four-hour
banking.
 Online banks require that deposits be made by cheque or money order, eliminating this
cash option available at traditional banks.
Features of E-banking in India:
 Can access current account balances at any time.
 Can obtain charge and credit card statements.
 Can pay bills online.
 Can download account transactions.
 Can transfer money between accounts.
 Can keep a track of accounts online.
 Can send e-mails to the bank.
 Customers have a flexible schedule.
 Can also use additional services like free phone banking, ATM withdrawals, bill paying.
Personal Finance Online:
Often electronic banking and portfolio management are combined with personal finance.
1. Bill tracking.
2. Tracking of bank accounts, expenditure, and credit cards.
3. Portfolio management, including reports and capital gain computations.
4. Investment tracking and monitoring of securities.
5. Stock quotes.
6. Personal budget organization.
7. Record keeping of cash flow and profit and loss computations.
 8. Tax computations and preparations.
9. Retirement goals, planning, and budgeting.
Online Billing and Bill Paying:
 In India, banks like ICICI and SBI make it easier with a facility of paying bills from
online accounts.
 ICICI provides this feature absolutely free of cost offers customer to view the bill, status
checks, and queries.
 SBI on the other hand also provides a feature called Autopay.
Auxiliary Services:
 ICICI offers a few auxiliary services online as part of their online services, apart from bill
payment and e-banking.
 Online shopping: using the Internet banking ID and transaction password, one can visit
affiliated shopping sites online and make online transactions.
 Online trading: one of the most popular features of ICICI is their online trading feature.
Their products and services offer the following features:
1. Trading in shares.
2. Trade in derivatives.
3. Investing in mutual funds.
4. IPOs and bonds online.
5. Personal finance and portfolio, risk management.
6. Customer servicing.
Mutual Funds online:
Mutual funds online are very useful in providing financial assistance and predictions, offering
services like
1. Funds fact sheet.
2. New launches of public offerings.
3. Portfolio trackers and fund monitors.

ONLINE STOCK TRADING: THE HIGH SPEED ALTERNATIVE:

Technical experts make live calls, the news desk supplying with the fastest information
updates.

No More Paper Hassles:

 Mutilated certificate, lost certificates, postal delays, and counterfeit shares are a thing
of the past.
 Convert the securities to electronic format with the demat account. It is easy as opening
a bank account.

E-banking for Funds Transfer:

 Buying and selling of shares online can now be done with the help of Internet Banking.
 The Act provides legal recognition to electronic contracts and digital signature.
Features Offered while Trading in Stocks Online:

 Several features offered while trading in stocks are enumerated below.

1. View positions online:
The customer can view the status of all his orders online.
2. View transactions history online:
Transactions details for all the trades done are available online.
3. Online quotes, streaming, quotes and ticker:
The customer gets free online quotes for all his favorite stocks.
4. Online news analysis:
This gets the latest news affecting the markets.
5. Follow the Market:
This gets the latest stock trends by accessing its market centre.
6. IPO centre:
It tells about all the latest IPOs (Initial Public Offerings) which are about to hit the
market and our analysis on these.

Some of the major Indian players in the online stock trading business are:

 ICICIDirect.com
 InianInfoline.com
 Fivepaisa.com
 HDFCBank.com

A Unique E-broking Service:

 Stock market investors in India have never had it so good – low brokerage rates and
some of the research, thanks to Internet Technology and E-broking.
 Besides high quality investment advice from an experienced research team, the site
offers real-time stock quotes, market news, and multiple tools for technical analysis.

How Does Online Stock Trading Occur?

 Selling of shares is just a click away.

 This integration ensures that money is transferred to/from the bank account and the
shares are transferred from/to the DEMAT account automatically without any
paperwork.

The Advantages:

 The advantages of opening a Demat account are many, and few of them are as follows:
 Shorter settlements, thereby enhancing liquidity.
 No stamp duties on transfer of securities held in Demat form.
 No Concept of Market Lots.
How to Transact:

 Some of the transactions which take place in a demat account are:

1. Credit transactions
2. Debit transactions
3. Pledging of dematerialized securities.

Credit transactions can take place in you’re demat account by way of:

 Transfer of securities from the account of a clearing member.

 Transfer of securities from the account of another beneficiary.
 Allotment on public issues directly in your demat account.
 Credit of non-cash benefits like bonus, rights etc., directly in your demat

account. Debit transactions can take place in you’re demat account by:

 Transfer of securities to the account of a clearing member.

 Transfer of securities to the account of another

beneficiary. Pledging of Dematerialized Securities:

 Pledge is the entity who wants to mark a lien on securities.

 Pledge is the entity in whose favor the lien is marked.

Share Price Chart:

Some of the information provided absolutely free on the site is:

1. Stock:
Buy/Sell recommendations.
2. Real time:
New/Stories, prices, commendatory, gainer/losers, new IPO prices, Arbitrage.
3. Stock Statistics:
Winners/Losers, All India turnover, Settlement program, closures, board meetings, debit
instruments.

Stock Ideas:

 Daily round-up.
 Investment ideas.
 Punter’s diary.
 Bargain hunter.
 Wakeup call.
 Runway stocks.
 HINTS

E-PAYMENT SYSTEMS
E-banking
 Changing the banking industry and is having the major effects on banking relationships.
Automated Teller Machine (ATM)
 ATM is designed to perform the most important function of bank.
 It is operated by plastic card with its special features.
Credit Cards/ Debit Cards
 The Credit Card holder is empowered to spend wherever and whenever
 Credit Card within the limits fixed by his bank.
 Credit Card is a post paid card.
 Debit Card, on the other hand, is a prepaid card with some stored value.
Mobile Banking
 Keep track of everything related to your finance and blocking.
DIGITAL SIGNATURE:
 Information regarding the sender of an electronic document.
Signatures and the Law:
 A signature is not a part of the substances of a transaction, but rather its representation or
form.
 Signing writings serve the following general purposes
SSL:
 SSL is a secured socket connection for cyber shoppers to send payment information to e-
tailor’s shop.
SET:
 SET is messaging protocol designed by VISA and MasterCard for securing credit card
How to Transact:

Some of the transactions which take place in a demand at account are:

4. Credit transactions
5. Debit transactions
6. Pledging of dematerialized securities.

Message Authentication:
 certainty and precision than paper signatures.
 UNIT –IV
2 MARKS:

1. What are the barriers of change management? (APRIL/MAY 2014)

2. Define: Firewall? (APRIL/MAY 2014)
3. Define E-Payment Systems?
4. Digital Signature
5. Write down the Properties of Electronic Cash?

5 & 10 MARKS:

1. Write down the guidelines for cryptography policy? (APRIL/MAY 2014)

2. Explain about the E-cash over the internet? (APRIL/MAY 2014)
3. What is the Classification of New Payment Systems?
4. Explain Risk and e-Payment Systems?
5. Discuss Online Stock Trading?
6. Write short notes on Designing e-payment Systems?
7. What are the Main Concerns in Internet Banking?
8. Explain in detail about Digital Payment Requirements?
9. Advantages of Cheque Payment Systems on the Internet?
10. Write short notes on Designing e-payment Systems
11. Explain the Online Financial Services in India?
12. Define Digital Token-based e-payment Systems
13. Write a short note BPR methodology
 UNIT-V

Information Systems for Mobile Commerce

What is Mobile Commerce?

Mobile Commerce, or m-Commerce, is about the explosion of applications and services that are
becoming accessible from Internet-enabled mobile devices. It involves new technologies,
services and business models. It is quite different from traditional e0Commerce. Mobile phones
or PDAs impose very different constraints than desktop computers.

Ideal m-Commerce Market characteristics

Financial Institutions such as Banks see mobile commerce as offering new channels of service
to customers as well as offering them new and innovative products. These financial institutions
are working to design and implement new applications that will offer mobile payment (i.e being
able to pay for groceries) and mobile brokering.

Wireless Applications
A wireless application is a software that runs on a wireless device that exchanges content over a
wireless network.
Web Phones: The most common device is the Internet-ready cellular phone, which we
call a web phone. There are three major Web phones: the US HDML & WAP phone, the
European WAP phone, and the Japanese I-mode phone.
Wireless handnelds: The wireless handheld, such as a Palm, can also message and use a
microbrowser.
Two-way pagers: A. device used often in business is the pager.
Voice portals: A recent innovation is the voice portal, which lets you have a
conversation with an information service by using a kind of telephone or mobile phone.
Communicating appliances: Such electronic devices are outfitted with wireless
technology that can participate in the Internet.
Web PCs: The standard Internet-connected personal computer is still used as an access
method to mobile accounts, wirelessly or not.

Cellular Network
A cellular network is a radio network made up of a number of radio cells (or
just cells) each served by a fixed transmitter, known as a cell site or base station. These cells are
used to cover different areas in order to provide radio coverage over a wider area than the area
of one cell.
Cellular networks are inherently asymmetric with a set of fixed main
transceivers each serving a cell and a set of distributed (generally, but not always, mobile)
transceivers which provide services to the network’s users.
Cellular networks offer a number of advantages over alternative solutions:
 1. Increased capacity
2.Reduced power usage
3.Better coverage
Presently, there are two standardized solutions to this issue: frequency division multiple access
(FDMA) and; code division multiple access (CDMA).
FDMA works by using varying frequencies for each neighbouring cell. The principle of CDMA
is more complex, but achieves the same result; the distributed transceivers can select one cell
and listen to it.
Broadcast Messages and Paging
In mobile telephony systems, the most important use of broadcast information is to set up
channels for one to one communication between the mobile transreceiver and the base station.
This is called paging.
Frequency Reuse
The increased capacity in a cellular network, compared with a network with a single
transmitter, comes from the fact that the same radio frequency can be resued in a different area
for a completely different transmission.
The frequency reuse factor is the rate at which the same frequency can be used in the
network. It is 1/K where K is the number of cells which cannot use the same frequencies for
transmission. Common values for the frequency resue factor are 1/3, ¼, 1/7, 1/9 and 1/12.
In case of N sector antennas on the same base station site, each with different direction, the base
station site can serve N different cells. N is typically 3. A reuse pattern of N/K denotes N
sector antennas per site. Common reuse patterns are 3/3, 3/9, and 3/12.
Movement from Cell to Cell and Handover
The use of multiple cell means that, if the distributed transceivers are mobile and
moving from place to place, they also have to change from cell to cell. The mechanism for this
differs depending on the type of network and the circumstances of the change.
Cell service area may also vary due to interference from transmitting systems, both
within and around that cell. This is true especially in CDMA based systems. The receiver
requires a certain signal-to-noise ratio. As the receiver moves away from the transmitter, the
power transmitted is reduced.
As the interference (noise) rises above the received power from the transmitter, and
the power of thee transmitter cannot be increased any more, the signal becomes corrulpted and
eventually unusable.
Cellular Telephony
A mobile phone is a portable telephone which receives or makes call through a cell
site (base station), or transmitting tower. Ratio waves are used to transfer signals to and from the
cell phone. Large geographic areas representing the coverage range of a service provider) are
split up into smaller cells to deal with line-of-sight signal loss and the large number of active
phones in an area.
As the phone user moves from one cell area to another, the switch automatically commands the
handset and a cell site with a stronger signal (reported by the handset) to go to a new radio
channel (frequency).
Modern mobile phones use cells because radio frequencies are a limited, shared resource.
Since almost all mobile phones use cellular technology, including GSM, CDMA, and AMPS
(analog), the term “cell phone” is used interchangeably with “mobile phone,”: however, an
exception of mobile phones not using cellular technology is satellite phones.
Wireless Spectrum
The electromagnectic spectrum, or simply spectrum, is the entire range of energy waves over
which communicating devices transmit. The elctromagnectic spectrum is assigned common
groupings of energy waves, commonly called airwaves, that make bands of the spectrum. Over
the airwaves, TV, radio, cell phones,, or any wireless Internet devices communicate with a
transceiver. Each kind of transceiver uses dedicated frequency ranges that are measured in Hertz
(Hz); 1 Hz is one cycle per second.
GSM Frequency Bands
There are eight frequency bands defined in 3GPP TS
05.05: Standard or primary GSM 900 Band, P GSM
GSM 450 Band
GSM 480 Band
GSM 850 Band
Extended GSM 900 Band, E GSM (includes Standard GSM 900 Band)
Railways GSM 900 Band, R GSM (includes Standard and Extended GSM 900 Band)
DCS 1 800 Band
PCS 1 900 Band
GSM-900 and GSM-1800
GSM-900 and GSM-1800 are used in most parts of the world: Europe, Middle East, Africa and
most of Asia.
GSM-900 uses 890-915 MHz to send information from the Mobile Station to the Base
Transceiver Station (uplink) and 935-960 MHz for the other direction (downlink), providing 124
RD channels (channel numbers 1 to 124) spaced at 200 kHz.
GSM-850
GSM-850 uses 824-849 MHz to send information from the Mobile Station to the Base
Transceiver Station (uplink) and 869-894 MHz for the other direction (downlink). Channel
numbers 128 to 251).
Multi-band and Multi-mode Phones
Dual-band phones can cover GSM networks in pairs such as 900 and 1800 MHz frequencies.
The multi-mode phones which can operate on GSM systems as well as on mobile-phone
systems using other technical standards.
 TECHNOLOGIES FOR MOBILE COMMERCE:
Wireless Spectrum:
 The electromagnetic spectrum, or simply spectrum, is the entire range over
which communicating devices transmit energy waves.
 The electromagnetic spectrum is assigned common groupings of energy
waves, commonly called airways that make bands of the spectrum.
 Each kind of transceiver uses dedicated frequency ranges that are measured in
hertz(HZ); 1 HZ is one cycle per second.
Wireless Application Protocol (WAP):
 WAP is an open specification that offers a standard method to access Internet-based
content and services from wireless devices such as mobile phones and PDAs
(Personal Digital Assistants).
 The WAP model is very similar to the traditional desktop Internet.
 The Content for wireless devices can be stored on any web server on the Internet.
 Content is written in a markup language called Wireless Markup Language (WML).
 WML script enables client side
intelligence. The main benefits of WAP
include:
1. Non-proprietary method to access Internet-based content and services.
2. It is network independent.
3. It has been adopted by 95 percent of handsets manufacturers and is being implemented by
the majority of carriers.
Origins of WAP:
 The WAP forum had a hand in the currently available WAP technology set, its basis was
a gift from phone.com.
 While HTML and related technologies such as JavaScript, Java, and Flash work well
for desktop computers and laptops with the large displays, it is a poor markup language
for devices with small screens and limited resolution.

Philosophy of WAP:
 WAP takes a client/server approach. It incorporates a relatively simple micro-browser in
to the mobile phone, requiring only limited resources on the mobile phone.
 This makes WAP suitable for thin clients and early smart phones.
 WAP puts the intelligence in the WAP gateways whilst adding just a micro-browser to
the mobile phones themselves.
 Web embraces and extends the previously conceived and developed wireless data
protocols.
 The most significant difference is the need for what is called a gateway between
the client and the web server, which contains the information to accessing.
 The WAP transaction model diagram.
 The gateway is also responsible for knowing the character sets and languages of the WAP
devices that use it.
WAP step-by-step:

 A user request a URL by entering it into a WAP device. for the sake of argument let us
say the request id for www.wmlserver.com/myweather.wml
 the WAP device encodes the request into an encrypted ,compact binary format suitable
for transmission over a wireless link and send it to the WAP gateway.
 the gateway examines the message converts it into a valid HTTP based URL request
and forwards it to www.wmlserver.com.
 when wmlserver.com receives the request it fulfils it by returning the requested document
back to the gateway.
 the gateway converts the HTTP response back into an encrypted binary format and ship
it off to the WAP device.
 the WAP device decodes the response and displays the result on the WAP devices screen.

WAP ARCHITECTURE:
This layered format mimics the international standards organization(ISO) open
system interconnections(OSI) network models.
The OSI model defines a layered framework for generically describing and
designing protocols. The OSI model has seven layers.WAP uses six but approach is
similar.
 APPLICATION

OTHER SERVICES AND

SESSION LAYER APPLICATIONS

TRANSACTION

SECURITY

TRANSPORT LAYER (WDP)

BEARERS:GSM,CDMA,CDPD,FLEX AND

WAP APPLICATION ENVIRONMENT(WAE):The wireless application environment layer

is the one you are most likely concerned with if you are considering deploying WAP
applications. It encompasses the devices the content development languages you use ,the
telephony API for accessing telephony functionality from within WAE programs and some well
defined content formats for phone book records ,calendar information and graphics.
WIRELESS SESSION PROTOCOL(WSP)
WSP layers provides a consistent interface to WAE for two types of session services:
 connection mode
 connectionless service.
 creating and releasing a connection between the client and server.
exchanging data between the client and server using a coding scheme that is much more compact
than traditional HTML text. suspending and releasing sessions between the client and server.
WIRELESS TRANSACTION PROTOCOL(WTP):
WTP manages different classes of transactions for WAP devices: unreliable one way request ,
reliable one-way request and reliable two way request.
A reliable request means that acknowledgements are send from the receiving device. an
unreliable request from a WAP device means that no precautions are taken to guarantee0 that the
request for information makes it to the server.
WIRELESS TRANSPORT LAYER SECURITY(WTLS):
WTLS provide service to protect your data and include data integrity, privacy,
authentication and denial-of-service protection. data integrity guarantees that the data is send in
the same as received.
WIRELESS DATAGRAM PROTOCOLS(WDP):
WDP provide a consistent interface to the higher layers of the WAP architecture so that
they need not concern themselves with the exact type of wireless network the application is
running on. among other capabilities WDP provide data error corrections.
WIRELESS COMMUNICATION NETWORKS:
the bearers or wireless communications networks are at WAP’s lowest level.
WAP is designed to run on a variety of networks ,including short message services(SMS),circuit
switched connections and packet switched networks.
A CLOSER LOOK AT WAE:
1. MICRO-BROWSER:It defines how WML and WML script are interpreted by a WAP
enabled device for presentations to the end user.
2. WIRELESS MARKUP LANGUAGE(WML):It is similar to HTML and defines how data
should be formatted and presented to the user.
3. WML script: similar to java script WML script provide some programming logic for
performing calculation within an application.
4. WIRELESS TELEPHONY APPLICATIONS: WTA provides functionality so that
developers can integrate micro-browser functions with the telephone. for example an incoming
call may trigger the micro-browser to search your contact list and show the information at the
time the call is received.
Wireless Datagram protocol (WAP)
WDP allows WAP to be bearer independent by adapting the transport layer of the underlying
bearer. WAP presents a consistent data format to the higher layers of the WAP protocol stack,
thereby conferring the advantage of bearer independence to application developers.
Short message service (SMS)
Given its limited length of 160 characters per short message. SMS may not be an
adequate bearer for WAP because of the length of the protocol.
The overhead of the WAP protocol that would be required to be transmitted in an SMS
message would mean that even for the simplest of transactions, several SMS messages might in
fact have to be sent.
This means that using SMS bearer can be a time-consuming and an expensive exercise.
Only one network operator-SBC of the US- is known to be developing WAP services based on
SMS.
Circuit switched data (CSD)
Most of the trial WAP-based services use CSD as the underlying bearer. Since CSD has
relatively few users currently, WAP could kick-start usage of and traffic generated by this bearer.
However CSD lacks immediacy-it takes 10 seconds to connect the WAP client to the
WAP gateway, and this is the best case scenario when there is a complete end-to-end digital call.
When there is a need for analog modem handshaking, the connect time is increased to about 30
seconds.
Unstructured supplementary services data (USSD)
USSD is a means of transmitting information or instructions over a global system for
mobile (GSM) network. USSD has some similarities with SMS sine both use the GSM network’s
signaling path.
Unlike SMS, USSD is not a store and a forward service and is session oriented such that
when a user accesses a USSD service, a session is established and the radio connection stays
open until the user, application, or time –out releases it. USSD text messages can be up to 182
characters in length.
USSD have some advantages and disadvantages as a tool for deploying services on
mobile networks.
General packet radio service (GPRS)
GPRS is a new packet-based bearer that has been introduced on many GSM and time
Division multiple Access (TDMA) mobile networks from the year 2000 onwards.
 It is an exciting new bearer because it is immediate (there is no dial-up connection),
and supports virtual connectivity, allowing relevant information to be sent from the network as
and when it is generated.
Applications
WAP is being used to develop enhanced forms of existing applications and new
versions of today’s applications. Existing mobile data software and hardware supplies are adding
WAP support to their offering, either by developing their own WAP interface or more usually,
partnering with one of the WAP gateway suppliers profiled above.
Previously, application developers wrote proprietary software applications and had to
port that application to different network types and bearers within the same platform. By
separating the bearer from the application, WAP facilitates easy migration of applications
between networks and bearers
WIRELESS TECHNOLOGIES:
AMPS AND EUROPEAN ANALOG CELLULAR:
Advanced mobile phone services or AMPS is the analog cellular transport used
throughout the North America and in the other parts of the world, notably in central and south
America, New Zealand , Australia.
It has the best coverage of all north American systems.
AMPS operates at 800 MHZ. It is a voice only analog transport. You can also use it with cellular
modem for circuit switched data communications. AMPS is slowly being replaced with various
computing digital networks.
TDMA:
Time Division Multiple Access (TDMA) is a digital transport that divides the frequency
rang allotted to it into series of channels. Each channel is then divided into time slots.
Each conversation within that channel gets a time slot. hence the term division in the name.
TDMA has been in use for quite some time in Europe as the basis for GSM(global systems for
mobile communications)
CDMA:
Code Division Multiple Access is a digital transport that has been in use by the US
military since the 1940. However as a commercial wireless transport it is the new kid on the
block compared to TDMA and AMPS.
Pioneered by US-based QUALCOMM, a CDMA transmitter assigns a unique code to each
wireless connections and then broadcasts in data out on the channel simultaneously with all other
connections. the is able code decode each conversation by knowing the unique code assigned to
each connections.
GSM:
In late 1980 the wide disparity of analog cellular systems in Europe various European
political trade and academic interest started collaborating on an all-digital cellular
communications network.
It is used by millions of people in more than 200 countries. Using an all-digitals TDMA
based network every GSM phone has access to a variety of data functions at speeds limited to
9600 bps .
These services include direct-connect internet access without requiring a modem mobile
fax capabilities and short message service.
CDPD:
Cellular Digital Packet Data or CDPD is a TCP/IP based mobile data only service that
runs on AMPS networks. Since CDPD runs on analog networks it requires a modem to convert
the TCP/IP based data to analog signals when sending and receiving. CDPD friendly networks
offer analog voice circuit switched data and packet data services
VOICE/DATA NETWORKS.
Network names classification frequency Location
AMPS analog 800MHZ US/GLOBAL
AMPS/CDPD Analog 800MHZ US
CDMA Analog/digital 800MHZ US/GLOBAL
iDEN Analog/digital 800MHZ US
TDMA/D-AMPS Analog/digital 800MHZ US/GLOBAL
GSM/GSM 900 digital 900MHZ EUROPE/GLOBAL
GSM/GSM Digital 1800MHZ EUROPE/GLOBAL
1800/PCN
CDMA/PCS/PCS Digital 1900MHZ US
1900
TDMA/PCS/PCS Digital 1900MHZ US
1900
GSM-NA/GSM Digital 1900MHZ US
1900/PCS 1900
A network is a unique combination of a spectrum block a transport and a protocol. Different
networks often have multiple common names and transport and protocol names are often used
interchangeably. This can make thing a bit confusing.
All of these network support circuit switched data connections. All of these networks expect for
pure AMPS support packet data-like connections or SMS both of which can be used for WAP.
DIFFERENT GENERATION IN WIRELESS COMMUNICATIONS:
THE FIRST GENERATIONS:(1G)
The first generation of cellular phones can be traced to the early eighties and is marked
by the use of analog technology.
The bandwidths used then were confined to a maximum of 30 khz.
The most widely used analog cellphones standard in this generation was advanced mobile
phone system(AMPS).
The 832 channels can be divided into 4 categories:
1. Control: to manage the systems
2. Paging: to alert mobile users to call for them
3. Access: for call set up and channel assignment
4. Data: for voice, fax, or data.
The problem with AMPS is that in 800 MHZ band, radio, waves are
40 cm long and travel in straight lines. Hence they are absorbed by trees and plants and bounce
off buildings, leading to a high level of echo and signal distortion.
THE SECOND GENERATAION :(2G)
The first generation of mobile phones was analog. the second generation was digital. Just as
there was no worldwide standardization during the first generation , there was none in the second
either .
GROUP SYSTEM MOBILE(GSM)
GSM was the first European digital standard, developed to establish cellular compatibility
throughout Europe. It is the first digital cellular system to be used commercially, and its success
Has spread all parts of the world including countries in asia, middle east, Africa, central and
south America. It is most widely developed digital network in the world to date.
Mobile frequency range Rx:925-960
Multiple access method TDMA/FDM
Duplex method FDD
Number of channels 124
Channel spacing 200 khz
Modulation GMSK
Channel bit rate 270.833 kilobits

CODE DIVISION MULTIPLE ACCESS(CDMA)

CDMA is an air link interface coding scheme, where multiple subscribers are granted
access to the same radio frequency source by assigning subscribers transmitted and received
signals a spectrum spreading code.
Developed originally by QUALCOMN, CDMA is characterized by its high capacity and
its small radius and the fact that it employs spread spectrum technology and a special sheme
Mobile frequency range Rx:869-894
Multiple access method CDMA/FDM
Duplex method FDD
Number of channels 20
Channel spacing 1250 khz
Modulation QPSK/OQPSK
Channel bit rate 1.2288 kilobits
A CDMA transmitter assign a unique code to each wireless connection and then broad cast its
data out on the channel simultaneously with all other connections. The receiver is able to decode
each conversation by deciphering the unique code assigned to each connections.
THE THIRD GENERATION (3G)
The most recent generation of cellular radio systems for mobile telephony are referred to
as third generation (3G) technologies and generally refer to those that provide high performance
and transmission speeds.
The technical framework for 3G has been defined by the international telecommunication union
(ITU) as a part of international mobile telecommunications 2000(IMT-2000) program.
CDMA 2000 AND WCDMA:
The two 3g model of CDMA are wideband CDMA(WCDMA) AND CDMA 2000 and
both use the direct spread spectrum type of modulation.
WCDMA is the third generation technologyproposed by Ericsson,that increases data
transmission rates in GSM systems using CDMA instead of TDMA. CDMA 2000 has
beenproposed by QUALCOMM. It is basically an extension of IS-95 and backward compatible
with it.
SECURITY ISSUES PERTAINING TO CELLULAR TECHNOLOGY:
In general the aim of mobile phones security system would include:
1. To make the radio path as secure as the fixed network, which implies anonymity and
confidentiality to protect against eaves dropping.
2. To have strong authentication to protect the operator against billing fraud.
3. To prevent operators from compromising each others security whether inadvertently or
because of competitive pressures.
On the other hand, a security process must not:
1. significantly add to the delay of the initial call setup or subsequent communications.
2. Increase the bandwith of channel.
3. Allow for increased error rates, or error propagation.
4. be-cost ineffective.
THE GLOBAL COVERAGE
No. of global GSM users 1050 million
No.of global CDMA users 186 million
Global monthly SMS 36/user

Total 3G users 130 million

The number one mobile country China(300 million)
The number one GSM country China (282 million)
The number one in handsets Nokia(35.5%)
GSM VS CDMA:
GSM CDMA
Digital yes yes
Network type P-GSM 900 CDMA 800,800 MHZ band
900 MHZ band
Maximum talk range from a 35 km 70 km ER,EER 105 Approx 110 km
tower km possible with special
towers
Max output power 2w 200 mW
Background noise yes Yes
suppression
Talktime Higher due to DTX and the High
pulse nature of TDMA
Standby times Higher due to DRX and the Lower due to CDMA
pulse nature of TDMA transmitting all the time
International roaming yes Very low 15
Worldwide customers 200 million 35 million
Dual mode with AMPS no Yes
(analogue)
SMS yes Yes
Fax+data yes Yes
Voice quality high High
Built in intelligence High medium
PORTALS FOR E-BUSINESS:
Definition
Portal business models provide entry to content or services on the Internet. Search engines
are portal business models that include many kinds of content and services. They are profitable
for advertisers because they draw a large amount of user traffic. Many offer the user ways to
customize their interface making the portal even more alluring.
Generalized Portals
Generalized portals draw an extremely high volume of traffic, usually tens of millions of
visits per month, to generic information, diverse content or services. Search engines and sites
that support lots of content are great for advertisers because the high traffic increases the profit
of the add. To retain market share, some portal sites offer personal services like stock portfolios,
news and local information.
Special And Personalized Portals
The next step is to allow users to personalize their interface and experience through
personalized portals. These enhance the generic information offered in generalized portals. With
personalization, you can now support a specialized model.
These rely on a well-defined user base rather than high-user volume. A focused site
draws a specific group of advertisers willing to pay a higher premium to reach a certain
audience.
Horizontal, Vertical, Affinity Portals
Horizontal portals are all those that offer lots of information to a broad range of visitors
to sell space to advertisers. Vertical portals specialize in a particular area and make income
through specialized advertising and through additional sources such as commission.
Affinity portals offer a much deeper range of content and services, including networking
and commerce, and must depend on additional income sources beyond advertising, often
charging membership fees.
HUMAN RESOURCE MANAGEMENT:
Human Resource Management contains five Modules - Linking strategy and HRM in an
organisational context, Human Resources in the context of organization’s intrinsic systems,
Organisational Performance and HRM, Enhancing HR effectiveness through Training and
Development, and Relating Industrial relations With HR.
Module 1: Linking strategy and HRM in an organisational context
 Changing Business Environment & strategic role of HRM,
 HR Strategic Challenges,
 Changing Profile of HRM,
 Global HRM Practices, and
 Strategic Implications of a Dynamic HR Environment.
Module 2: Human Resources in the context of organization’s intrinsic systems
 Human Resource Planning and Job Analysis,
 Recruitment
 Employee Testing & Selection,
 Placement, and Induction,
 Internal Mobility & Separation, and
 Establishing HR Information System (HRMIS/HRIS)
Module 3: Organisational Performance and HRM
 Establishing Performance Management & Performance Appraisal System,
 Managing Careers, Compensation & Reward Management, and
 Human Resource Accounting and Audits.
Module 4: Enhancing HR Effectiveness through Training and Development
 Training & Development - Concepts and Need,
 Socialising, Orienting, and Developing Employees,
 Methods of Effective Training,
 Participative Management Employee Empowerment,
 Work life balance, and
 Building Emotional Bondage.
Module 5: Relating Industrial Relations With HR
 Understanding Industrial and Employees Relation,
 Industrial Relation & it’s Changing Paradigms,
 Stake Holders of Employee Relation,
 Industrial Relation and their Changing Roles,
 Understanding Collective Bargaining,
 Conflict/Dispute Resolution, Negotiations, Settlement & Award,
 Positive Employee Relations, and
 Future Issues & Trends in Industrial & Employee Relation.
What is HRIS?
A HRIS, which is also known as a human resource information system or human
resource management system (HRMS), is basically an intersection of human resources
 and information technology through HR software. This allows HR activities and
processes to occur electronically.
Some of the most popular modules are:
 Organization charts (Create professional looking, dynamic organization charts)
 Employee self service (Employees can update personal information and view benefits
elections, absence transactions, time-off balances and payroll information)
 Benefits Administration (Save paper and postage, take weeks off the benefits open
enrollment period, reduce administration time, and improve data accuracy).
 HINTS
Mobile Commerce accessible from Internet-enabled mobile devices.
Wireless Applications wireless device that exchanges content over a wireless network.
Web Phones the Internet-ready cellular phone, which we call a web phone.

Wireless handhelds message and use a microbrowser.

Web PCs access method to mobile accounts, wirelessly or not.
Cellular Network made up of a number of radio cells (or just cells) each served by a fixed
transmitter,
Wireless Spectrum entire range over which communicating devices transmit energy waves.
Wireless Application Protocol (WAP) -WAP is an open specification that offers a standard
method to access Internet-based content and services
Wireless transport layer security protect your data
Wireless datagram protocols (wdp) provide data error corrections.
Micro-browser It defines how WML and WML script are interpreted 2.WIRELESS markup
language (wml) how data should be formatted and presented to the user.
WML script provides some programming logic for performing calculation within an
application.
Wireless telephony applications can integrate micro-browser functions with the telephone.
Wireless Datagram protocol presents a consistent data format to the higher layers of the WAP
protocol stack
Short message service (SMS) - Given its limited length of 160 characters per short
message. Circuit switched data (CSD) - trial WAP-based services use CSD as the
underlying bearer. Unstructured supplementary services data (USSD)
Transmitting information or instructions over a global system for mobile (GSM) network.
TDMA:
Time Division Multiple Access (TDMA) is a digital transport that divides the frequency rang
allotted to it into series of channels.
CDPD:
Cellular Digital Packet Data or CDPD is a TCP/IP based mobile data only service that runs on
AMPS networks.
2 Marks:
1. Name any two reasons for electronic document (APRIL/MAY 2015)

2. Give any two names for web browsers (APRIL/MAY 2015)

3. What is Mobile Commerce?
4. Give a note on Wireless Applications
5. What is Wireless Spectrum
6. What are the Technologies for Mobile Commerce
7. Define Wireless Technologies
5 Marks
1. How to authenticate an electronic document? (APRIL/MAY 2015)
2. Discuss the legal issues for internet commerce (APRIL/MAY 2015)
3. Different Generations in Wireless Communication
4. What are the Security Issues Pertaining to Cellular Technology
5. Explain Human Resource Management
10 Marks :
1. State the laws foe E-Commerce in India (APRIL/MAY 2015)
2. What is a web? How to setup a website? (APRIL/MAY 2015)
3. Explain the Technologies for Mobile Commerce
4. Write a notes on Wireless Technologies
5. Explain Various HRIS Modules.