Unit 3

Internet/extranet/intranet
 Automotive Network Exchange
• is the company that owns and operates the Automotive Network
Exchange (ANX), a large private extranet that connects automotive
suppliers to automotive manufacturers.

• The Automotive Network Exchange is the private extranet initially set

up and maintained by the Automotive Industry Action
Group,Telcordia,General Motors, Ford, and Chrysler.

• It was built as a private network for the auto industry in 1995 to

provide consistent, reliable speed and guaranteed security for data
transmissions between the automakers and their suppliers.

• The ANX Network allows trading partners to collaborate electronically

on product design and development; solicit and process orders; and
facilitate just-in-time manufacturing and post shipping schedules.
• The ANX Network is a secure private network that uses
standard, open Internet protocols but carries all traffic
over private lines leased from various carriers.

• the ANX Network provides secure service to its

customers like that of a typical VPN.

• Where it’s different from a typical VPN is that the

routers that make up the network check every packet
to make sure it comes from an IP address on the
private network.
 Conceptual Design
IPSec gateway
TP TP = trading partner
TP CSP = Certified service provider

IPsec CEPO = Certified Exchange Point Operator

gateway
CSP

Overseer
(Bellcore) CEPO

CSP
ISP
CSP

ISP
TP TP TP TP

ISP 4
 Intranets, Extranets, and the Internet
Internet Web Sites

Internet Links

Engineering Marketing
Server Server

Extranet Links CORPORATE

INTRANET Extranet
Links
Suppliers
Customers H.R. Legacy Data
Server Server

Intranet Links

Other Company Locations

 An intranet
• A network connecting an affiliated set of clients using
standard internet protocols.

• An intranet is a network within an organization that uses

internet technologies to enable users to find, use, and
share documents and Web pages. Corporations use
intranets to communicate with employees.

• They usually reside behind firewalls, for security, and are

not limited by physical location—anyone around the world
can be on the same intranet. Intranets also link users to the
outside Internet, and with the proper security in place may
use public networks to transfer data
• Intranet System Architecture
– Firewalls – hardware devices with special software that
prevent unauthorized access
– An intranet server is placed behind the firewall
– Packets are never routed outside the firewall, but remain
within the organizations network
Intranet Architecture
a firewall is a software or hardware-
based network security system that
controls the incoming and outgoing
network traffic by analyzing the data
packets and determining whether they
should be allowed through or not,
based on applied rule set.
 Intranet software
• Software used for creating intranets is intranet software.

• Microsoft SharePoint is the dominant software used for

creating intranets. Estimates indicate that around 50% of
all intranets are developed using SharePoint.

• There are many popular intranet software includes:

• Autonomy Corporation
• Atlassian Confluence
• Drupal Liferay
• Lotus Notes
• Open Text etc..
 Applications of Intranets
Communications
and
Collaboration

Web Publishing Business

and Intranet Operations
Management and Management
 Intranet Communications
& Collaboration
Electronic
Mail

Voice
Groupware Intranet Mail
Communication
and Collaboration
within an Enterprise

Faxes Paging
 Intranets - Business Operations
& Management
Develop and deploy critical business applications to support business
operations and managerial decision making.

Companies are developing custom applications that can be implemented

on intranets, extranets, and the Internet.

Custom applications are designed to interface with and access existing

company databases and legacy systems.

Software (applets or crossware) are installed on intranet webservers.

Employees and external business partners can access and run custom
applications using web browsers from anywhere on the network
whenever needed.
 Web Publishing
Ease, attractiveness, and lower cost of publishing and accessing
multimedia business information internally via intranet web sites.

Used for products such as company newsletters, technical

drawings, and product catalogs.

Information publishing including hypermedia web pages, E-mail,

net broadcasting, and as part of in-house business applications.

Uses intranet software browsers, servers, and search engines

to help users easily navigate and locate business information.

Used to develop and publish hyper-linked multimedia documents

to hypermedia databases accessible on Word Wide Web servers.
Business Value of Intranets
Impressive Investment Cost
Returns Recovered

Risk of Internet
Quick Payback
Project is Low
 Extranet
• Use of the Internet (network) and its technologies but in a secured
way (people in general cannot access the web sites) for business-to-
business transactions, customer service and support and
communication.

• a business-to-business intranet that allows limited, controlled,

secure access between a company's intranet and designated,
authenticated users from remote locations“

• Extranets are networks that connect companies with customers and

partners. When it comes to extranets, a company has to work with
the other organizations on the network, so that it’s available to
specific people or groups outside of an organization.

• Extranets require more security and technical consideration because

they have to send private information securely over public networks
• Extranet System Architecture
– Extranet
• Connects two or more business partners
• Like an intranet
• Same software, hardware, and networking
• Additional component:
– Virtual Private Network (VPN)
– Secure transmission of proprietary info
• Extranet System Architecture
– Virtual Private Network (VPN)
• Tunneling
– A technology that encapsulates, encrypts, and transmits
data over the Internet
– A secure “tunnel” is created over the VPN connecting the
two intranets
• Authentication
– Confirms the identity of the remote user who is attempting
to access information from the Web server
 Business Value of
Extranets
Extranet technology such as web browsers make it easier and faster
for customers and suppliers to access resources.

Extranets enable a company to offer new kinds of interactive Web-enabled

services to their business partners.

Extranets are a way that a business can build and strengthen strategic
relationships with its customers and suppliers.

Extranets can enable and improve collaboration by a business with

its customers and other business partners.
Extranets facilitate an online, interactive product development,
marketing, and customer-focused process that can bring better designed
products to market faster.
Business model of extranet
applications
 Business model of extranet
applications
• The strategic role of the extranet
– The extranet represents the bridge between the public Internet
and the private corporate intranet. The extranet connects
multiple and diverse organizations on-line, enabling strategic
communities of stakeholders with common interests
(communities of interests) to form a tight business relationship
and a strong communication bond, in order to achieve
commerce-oriented objectives.
– The extranet defines and supports this extended business
enterprise including partners, suppliers and distributors,
contractors, customers and others that operate outside the
physical walls of an organization but are nonetheless critical to
the success of business operations.
 Business model of extranet
applications
• Characteristics of Emerging Interactive Communities
of Interests
– One of the strongest characteristics of the on-line interactive community
is an active member-centric focus. With the ability to capture both active
(user-entered) and passive (system-recorded) information throughout
the user's on-line experience, the site owner now has a wealth of
information that can be used for promotional efforts
– Another characteristic for these interactive business models is a change
in the way content is Presented The third major characteristic is
transaction management activities. Millions of people have already
made their way to the Web, and the accompanying flow of currency is
not far behind.
• The Knowledge Factory
– the extranet is also likely to redefine the business evolution of a
conventional corporation into the knowledge factory. It will radically
change the way private and public sector organizations would conduct
their business in the new Internet-driven global economy.
 Extranet Applications

– Supply Chain Management

• Example: Dell Computers
– Real-Time Access to Information
• Example: CSX railroad
– Collaboration
• Example: Caterpillar
 Managerial issues of extranet
1. Promote employees for new technology and
development.
2. Teach and trained the employees for new
technology.
3. Take confidence of trade partners for new
technology.
4. Secure the information of customer and trading
partner.
5. Motivate to the trading partner for the use of
extranet .
 Extranet product and services
• The Digital Bell
– The Digital Bell is an e-Rate approved software-as-a-service (SaaS)
platform that helps schools and districts manage their
relationships with parents and other constituent groups via the
web, social media, and mobile devices.

• HillTop CMS
– This product is well designed and useful websites needs of
government offices.

• FrontRunner CMS
– for non-profit and commercial organizations. It provides
powerful, yet easy-to-use, content management tools for full-
feature websites.
• Electronic payment system
• Traditionally, a customer sees a product, examines
it, and then pays for it by cash, check, or credit card
• In the e-commerce world, in most cases the
customer does not actually see the concrete
product at the time of transaction, and the method
of payment is performed electronically.

Product/service

Payment{cash/check/credit}

Traditional method for payment

 Electronic payment system:-

• Electronic payment system:-

• “ is any transfer of funds initiated through an electronic terminal,
telephonic instrument or computer or magnetic tape so as to order ,
instruct or authorize a financial institution to debit or credit an
amount.”

• An electronic payment system is a convenient way of

making a purchase or paying for a service without having to
hold physical cash or going through the process of
completing a cheque.

• This may be achieved through a credit card , on-line or off-

line , electronic cash, electronic cheque, smart cash etc
 Electronic payment system
• EPSs enable a customer to pay for the goods and
services online by using integrated hardware and
software systems.
• The main objectives of EPS are to increase
efficiency, improve security, and enhance customer
convenience and ease of use. Although these
systems are in their immaturity, some significant
development has been made.
• There are several methods and tools that can be
used to enable EPS implementation
Payments{EFT, e-cash, e-check etc}

Product /services or digital services

Electronic payment schemes

• Electronic payment system need to fulfill certain
requirements in order to emulate the properties of the
existing payment schemes.

• Some of the requirements are as follows:

1. Acceptability
2. Convertibility
3. Efficiency
4. Flexibility
5. Reliability
6. Scalability
7. Usability
8. security
 Types of EPS
1. Instant paid or cash
– In this method transactions are settled with the exchange
of electronic currency. Ex:- e-cash.

2. Debit or pre-paid
– In this process of payment use have to first pay in advance
and then can buy a product or service . Ex:- payments by
smart cards/e-wallet/ e-purse.

3. Credit or post paid

– This system allows to the user to buy a product or service
and pay afterwards. Ex:-credits cards payments
 Electronic cash
• Also known as electronic cash or e-cash or digital
money or digital cash.

• E-cash provide the facility to transfer money between

transacting parties over network.

• Properties of E-cash
1. Monetary value
2. Interoperability
3. Storability and Retrievability
4. Security
5. Diversibility
 The electronic cash system
• The electronic cash system is based on the
cryptographic systems called “Digital signatures”.

• This method involves a pair of numeric keys one

for encoding and other for decoding . The
encoding key is kept private and the decoding
keys made public.

• The bank provide a public keys to customers for

decoding the messages which are encoded by the
private keys.
• When customer decode messages by public
keys ,the bank send a recognition message
that confirm to the customer that this
message is issued by bank.

• These digital signatures are very secure and

have proved to be more resistant to forgery
than handwritten signatures.

• The bank that provide this digital signature is

called as e-mint.
 The Electronic cash transaction

E-mint
6. Credit
1.Request to
merchants
obtain e-cash+
amount or pay in
a random
5. cash
number
2. Send Rede
e-cash em e-
cash

3. Send e-cash

Customer Merchant
4.Deliver goods
 Pros and cons
• Electronic cash is secure as neither the customer nor the
merchant can counterfeit the bank’s digital signature.

• Electronic cash can be completely anonymous. Customer can

buy any product by using e-cash.

• The problem with the e-cash is the double spending.

• The drawback of e-cash is its inability to be easily divided

into smaller amounts.

• The enormous currency fluctuations in international finance

pose another problem.
 Electronic cheques
• Electronic cheques also known as digital token based
system.

• The payer issues a digital cheque to the payee and the

payee deposits it in the bank to redeem the money.

• Each transaction is carried over the internet.

• Before issue issuing e-cheque the buyer must register

with the bank. The bank server authenticate the buyer
after that buyer can purchase any product after this
authentication.
• An e-cheque transaction involves the following steps:-

1. The Buyer accesses the seller’s server to select the goods

and services.

1. The buyer purchases the goods by sending an electronic

cheque to the seller’s server. The cheque may sent
through e-mail.

1. The seller forwards the cheque to his bank electronically.

1. The seller’s bank forwards the e-cheque to the

accounting server for payer authentication and clearing.
 5.The accounting server works with the buyer’s bank, clears the
cheque and transfers the money to the seller’s bank. The seller’s
bank updates the seller’s account.

6.The buyer’s bank updates the buyer’s account.

7.The accounting server forwards the cheque to the buyer’s

bank and updates the buyer’s account.

8.The buyer’s bank transfers the money to the accounting

server.

9.The accounting server sends the transaction money to the

seller’s bank which updates the seller’s account.

In case if the digital cheque is not authentic, the accounting

server will return the cheque to the seller’s bank.
 Buyer’s bank Seller’s bank
5. Forward 4. Forward
cheque cheque
6. Transfer
money Accounting 7.Transfer
server money

3. Forward
E-cheque to
Account bank
update

1. Access and browse

Buyer’s browser Seller’s server
2. Select goods, transfer E-cheque
• An electronic cheque like a paper cheque contains the name of
the payer, the name of payer’s bank, the payer’s account
number, the name of the payee and the amount of the cheque.

• All these information is in coded form.

• Like a paper cheque digital cheque contains the digital

signature in the form of private number.

• The E-cheque is signed using the payer’s private key. The payee
uses the payer’s public key to decrypt the digital signature .this
assures the payee that sender signed the cheque.

• The E-cheque is also contain the digital signature of the payer’s

bank . This will assure the payee that the cheque is written on a
valid bank account.
 Benefits of E-cheque
1. Saving in time.
2. Reduction in paper handling cost.
3. Reduction in bounced cheques.
 Credit card-based electronic
payment systems
• To avoid the complexity associated with
digital cash and electronic cheques,
consumers and vendors are looking at credit
card payments on the internet as one of the
time tested alternatives.
• A credit card is small plastic card has a
magnetic strip on the exterior. The magnetic
strip carries some form of encoded
information about the card number and the
card holder.
 Credit card-based electronic
payment systems
• A credit card is small plastic card has a magnetic
strip on the exterior. The magnetic strip carries
some form of encoded information about the
card number and the card holder.

• The data that is encoded onto the card may be

encrypted making it difficult for thieves to
decode the information on to card.

• A card reader is required to read and write

information to the magnetic strip.
 Credit Cards There are two types of
credit cards on the market today:

1. Credit cards issued by credit card companies

(e.g., MasterCard, Visa) and major banks .

Credit cards are issued based on the customer's

income level, credit history, and total wealth.

The customer uses these cards to buy goods and

services or get cash from the participating
financial institutions.
 Contd..
The customer is supposed to pay his or her debts during the
payment period; otherwise interest will accumulate.

Two limitations of credit cards are their unsuitability for very

small or very large payments. It is not cost-justified to use a credit
card for small payments. Also, due to security issues, these cards
have a limit and cannot be used for excessively large transactions.
2. Credit cards issued by department stores , oil
companies
Businesses extremely benefit from these company cards
and they are cheaper to operate.
They are widely issued to and used by a broad range of
customers.
Businesses offer incentives to attract customers to open
an account and get one of these cards.
 The Credit Card Transaction Process:
Step-by-Step

1. The bank issues a credit card to a customer

2. The customer purchases products from the merchant

3. The merchant creates an invoice

The invoice includes details of the transaction, including the customer’s payment information.
4. The merchant enters the customer’s payment
information into their accounting software, such as
QuickBooks or Sage
Without an integrated payment system, the merchant would have to open a separate web
browser and reenter all of the payment information into a virtual terminal. Then, they
would have to go back into their accounting software and manually post every transaction
to each invoice. With an integrated payment system, merchants can skip this process.
5. Payment information is sent from the integrated
payment system to the payment gateway
The payment gateway provides merchants with a list of transactions. A secure
payment gateway will also tokenize credit card numbers to allow the gateway to
store sensitive information for future transactions.
6. The payment gateway sends credit card information
to the Credit Card Network, such as First Data
The Credit Card Network reaches out to the card issuing bank to find out if the credit card
has acceptable funds to purchase goods.
The Credit Card Network communicates back to the payment gateway to approve the credit
card transaction.
7. The payment gateway communicates back to
the accounting software to let it know that the
card is preauthorized or authorized to make the
charge
The merchant can either authorize or preauthorize a charge.
An authorization means that funds are transferred directly from a
customer’s bank to a merchant’s account. This happens after a batch
closes.
During a preauthorization, funds are not charged immediately. Instead, they
are put on hold. When a merchant is ready, they can capture those funds.
If a merchant is unable to fulfill an order, they can release funds back to
the customer instead of having to process the charge and issue a refund.
8. At the end of the day, a batch settles within
the payment gateway
During this process, funds are finally routed from the customer’s bank to the
merchant’s bank
 Debit Card

Debit card, like credit card, is a small plastic card with a unique
number mapped with the bank account number.
It is required to have a bank account before getting a debit card
from the bank.
The major difference between a debit card and a
credit card is that in case of payment through
debit card, the amount gets deducted from the
card's bank account immediately and there
should be sufficient balance in the bank account
for the transaction to get completed; whereas in
case of a credit card transaction, there is no such
compulsion.
Debit cards free the customer to carry cash and
cheques. Even merchants accept a debit card
readily. Having a restriction on the amount that can
be withdrawn in a day using a debit card helps the
customer to keep a check on his/her spending.
 Smart Cards
A smart card is about the size of a credit card, made of a plastic with
an embedded microprocessor chip that holds important financial and
personal information.

The microprocessor chip is loaded with the relevant information and

periodically recharged. In addition to these pieces of information,
systems have been developed to store cash onto the chip.

The money on the card is saved in an encrypted form and is

protected by a password to ensure the security of the smart card
solution. In order to pay via smart card it is necessary to introduce
the card into a hardware terminal.
 Smart Cards
The device requires a special key from the issuing
bank to start a money transfer in either direction.

Smart cards can be disposable or rechargeable.

A popular example of a disposable smart card is

the one issued by telephone companies. After
using the pre-specified amount, the card can be
discarded.
Smart cards have been extensively used in the
telecommunications industry for years. Smart-
card technology can be used to hold information
on health care, transportation, identification,
retail, loyalty programs and banking, to name a
few.

Smart cards are broadly classified into two

groups:
Contact: This type of smart card must be inserted into a special card reader to be
read and updated. A contact smart card contains a microprocessor chip that
makes contact with electrical connectors to transfer the data.
• Contact-less: This type of smart card can be read from a short distance using radio
frequency. A contact-less smart card also contains a microprocessor chip and an
antenna that allows data to be transmitted to a special card reader without any
physical contact.

• This type of smart card is useful for people who are moving in vehicles or on foot.
They are used extensively in European countries for collecting payment for
highway tolls, train fares, parking, bus fares, and admission fees to movies,
theaters, plays, and so forth.
Smart cards can accommodate a variety of applications
that allow the customer to make purchases from a credit
account, debit account, or stored value on the card.

These cards can even have multiple applications

operating at the same time. The customer, for example,
could have a frequent flyer program working on the same
card as the customer debit or credit account. This
enables the customer to earn points in his or her favorite
program.
 ELECTRONİC FUNDS TRANSFER
(EFT)
• Electronic funds transfer is one of the oldest electronic
payment systems. EFT is the groundwork of the cash-less
and check-less culture where paper bills, checks, envelopes,
stamps are eliminated.

• EFT is used for transferring money from one bank account

directly to another without any paper money changing
hands.

• The most popular application of EFT is that instead of

getting a paycheck and putting it into a bank account, the
money is deposited to an account electronically.

• EFT is considered to be a safe, reliable, and convenient way

to conduct business.
• The advantages of EFT contain the following:
– Simplified accounting
– Improved efficiency
– Reduced administrative costs
– Improved security
 SECURE EPS
INFRASTRUCTURE
• Secure electronic funds transfer is crucial to e-commerce. In
order to ensure the integrity and security of each electronic
transaction and other EPSs utilize some or all of the
following security measures and technologies directly
related to EPSs:
1. Authentication,
2. public key cryptography,
3. digital signatures,
4. certificate,
5. certificate authorities
6. SSL,
7. S-HTTP,
8. secure electronic transmission (SET).
• Authentication
– This is the process of verification of the authenticity
of a person and/or a transaction.
– There are many tools available to confirm the
authenticity of a user.
– For instance, passwords and ID numbers are used
to allow a user to log onto a particular site.
• Public Key Cryptography

1. Public key cryptography uses two keys , one public and

one private , to encrypt and decrypt data, respectively.

1. Cryptography is the process of protecting the integrity

and accuracy of information by encrypting data into an
unreadable format, called cipher text. Only those who
possess a private key can decrypt the message into plain
text.

1. Public key cryptography uses a pair of keys, one private

and one public. private key cryptography uses only one
key for encryption.
1. The advantage of the dual-key technique is that
it allows the businesses to give away their public
key to anyone who wants to send a message.

2. The sender can then encrypt the message with

the public key and send it to the intended
businessman over the Internet or any other
public network, the businessman can then use
the private key to decrypt the message.
Obviously, the private key is not publicly known
Digital Signature
1. Rather than a written signature that can be used by an
individual to authenticate the identity of the sender of
a message or of the signer of a document; a digital
signature is an electronic one.

1. E-check technology also allows digital signatures to be

applied to document blocks, rather than to the entire
document.

1. This lets part of a document to be separated from the

original, without compromising the integrity of the
digital signature.

1. This technology would also be very useful for business

contracts and other legal documents transferred over
the Web.
A digital signature includes any type of electronic message encrypted
with a private key that is able to identify the origin of the message.

The followings are some functions of digital signature.

• The authentication function: The term digital signature in general is

relevant to the practice of adding a string of characters to an electronic
message that serves to identify the sender or the originator of a
message.

• The seal function: Some digital signature techniques also serve to

provide a check against any alteration of the text of the message after
the digital signature was appended.

• The integrity function: This function is of great interest in cases

where legal documents are created using such digital signatures.

• The privacy function: Privacy and confidentiality are of significant

concerns in many instances where the sender wishes to keep the
contents of the message private from all hut the intended recipient
• Certificate
– A driver’s license is accepted by numerous
organizations both public and private as a form of
identification due to the legitimacy of the issuer, which
is a government agency.

– Since organizations understand the process by which

someone can obtain a driver’s license, they can trust
that the issuer verified the identity of the individual to
whom the license was issued.

– A certificate provides a mechanism for establishing

confidence in the relationship between a public key
and the entity that owns the corresponding private
key.
• Certificate Authorities
– Certificate authorities are similar to a notary
public, a commonly trusted third party. In the e-
commerce world, certificate authorities are the
corresponding of passport offices in the
government that concern digital certificates and
validate the holder’s identity and authority.
 • Protocols for secure EPS

• Secure Sockets Layer (SSL)

• Secure Sockets Layer transmits private documents via
the Internet .

• SSL uses a cryptographic system that uses two keys to

encrypt data - a public key known to everyone and a
private or secret key known only to the recipient of the
message.

• It operates between the transport and the application

layers in the network stack and uses both public and
private key cryptography.
• SSL provides a relatively secure method to encrypt data
that are transmitted over a public network such as the
Internet, also offers security for all Web transactions,
including file transfer protocol (FTP), HTTP, and Telnet-
based transactions.

• It provides an electronic wrapping around the transactions

that go through the Internet.

• The open and nonproprietary nature of SSL is what makes it

the preferred choice for TCP/IP application developers for
securing sensitive data.

• The protocol is vulnerable to attacks on the SSL server

authentication. Despite its vulnerabilities, when properly
implemented, SSL can be a powerful tool for securing Web-
sensitive data.
• SSL offers comprehensive security by offering
authentication and encryption at the client and server
sides. Authentication begins when a client requests a
connection to an SSL server. The client sends its public
key to the server, which in turn generates a random
message and sends it back to the client.

• Then, the client uses its private key to encrypt the

message from the server and sends it back. All the
server has to do at this point is decrypt the message
using the public key and compare it to the original
message sent to the client.

• If the messages match, then the server knows that it is

from the client communicating with the intended
client.
Advantages of SSL : Some of the advantages of SSL contain
the following:

• Authentication: Permits Web-enabled browsers and servers

to authenticate each other.

• Access Limit: Permits controlled access to servers,

directories, files, and services.

• Data Protection : Guarantees that exchanged data cannot

be corrupted without detection.

• Information Share: Permits information to be shared by

browsers and servers while remaining out of reach to third
parties.
 Disadvantages of SSL:
Disadvantages of SSL: Some of the disadvantages of SSL contain the
following:
• Simple Encryption: This might increase the chances of being hacked by
computer criminals.
• Stolen Certificate/Key: One important drawback of SSL is that certificates
and keys that originate from a computer can be stolen over a network or
by other electronic means.
• Point-to-Point Transactions: SSL handles only point-to-point interaction.
Credit card transactions involve at least three parties: the consumer, the
merchant, and the card issuer. This limits its all purpose applications.
• Customer's risk: Customers run the risk that a merchant may expose their
credit card numbers on its server; in turn, this increases the chances of
credit card frauds.
• Merchant's risk: Merchants run the risk that a consumer's card number is
false or that the credit card won't be approved.
• Additional overhead: The overhead of encryption and decryption means that
secure HTTP (SHTTP) is slower than HTTP.
 Secure Hypertext Transfer Protocol
(S-HTTP)
• Secure Hypertext Transfer Protocol (S-HTTP)

• Another protocol for transmitting data securely over the

World Wide Web is Secure HTTP (S-HTTP) .

• Whereas SSL creates a secure connection between a client

and a server , over which any amount of data can be sent
securely, SHTTP is designed to transmit individual messages
securely.

• SSL and S-HTTP, therefore, can be seen as complementary

rather than competing technologies. Both protocols have
been approved by the Internet Engineering Task Force (IETF)
as a standard.
 Secure Electronic Transmission (SET)
What Is Secure Electronic Transaction (SET)?

Secure electronic transaction (SET) was an early communications

protocol used by e-commerce websites to secure electronic
debit and credit card payments. Secure electronic transaction
was used to facilitate the secure transmission of consumer card
information via electronic portals on the Internet.
c transaction was used to facilitate the secure transmission
Secure electronic transaction protocols were responsible for
blocking out the personal details of card information, thus
preventing merchants, hackers, and electronic thieves from
accessing consumer information.n via electronic portals on
the Internet. 
Understanding Secure Electronic Transaction (SET)

Secure electronic transaction protocols were supported by most of the major

providers of electronic transactions, such as Visa and MasterCard.

These protocols allowed merchants to verify their customers' card

information without actually seeing it, thus protecting the customer. The
information on the cards was transferred directly to the credit card
company for verification.

The process of secure electronic transactions used digital certificates that

were assigned to provide electronic access to funds, whether it was a
credit line or bank account.

Every time a purchase was made electronically, an encrypted digital

certificate was generated for participants in the transaction–the
customer, merchant, and financial institution–along with matching digital
keys that allowed them to confirm the certificates of the other party and
verify the transaction.
The algorithms used would ensure that only a party with the corresponding
digital key would be able to confirm the transaction.

As a result, a consumer’s credit card or bank account information could be

used to complete the transaction without revealing any of their personal
details, such as their account numbers.

Secure electronic transactions were meant to be a form of security against

account theft, hacking, and other criminal actions.
The two major reasons for lack of widespread acceptance are followings:
(1) The complexity of SET
(2) The need for the added security that SET provides.
Though, this might change in the future as encryption technology becomes
more commonly utilized in the e-business world.

Advantages of SET: Some of the advantages of SET contain the following:

• Information security: Neither anyone listening in nor a merchant can
use the information passed during a transaction for fraud.
• Credit card security: There is no chance for anybody to steal a credit
card.
• Flexibility in shopping: If a person has a phone he/she can shop.

Disadvantages of SET: Some of the disadvantages of SET include its

complexity and high cost for implementation.