Tutorial Glaxy
Friday, July 9, 2010
Secure Electronic Transaction
Secure Electronic Transaction (SET) is a system for ensuring the security of financial transactions on the Internet. It was supported initially by Mastercard, Visa, Microsoft, Netscape, and others. With SET, a user is given an electronic wallet (digital certificate) and a transaction is conducted and verified using a combination of digital certificates and digital signatures among the purchaser, a merchant, and the purchaser's bank in a way that ensures privacy and confidentiality. SET makes use of Netscape's Secure Sockets Layer (SSL), Microsoft's Secure Transaction Technology (STT), and Terisa System's Secure Hypertext Transfer Protocol (S-HTTP). SET uses some but not all aspects of a public key infrastructure (PKI).
Here's how SET works:
Assume that a customer has a SET-enabled browser such as Netscape or Microsoft's Internet Explorer and that the transaction provider (bank, store, etc.) has a SET-enabled server.
1. The customer opens a Mastercard or Visa bank account. Any issuer of a credit card is some kind of bank.
2. The customer receives a digital certificate. This electronic file functions as a credit card for online purchases or other transactions. It includes a public key with an expiration date. It has been through a digital switch to the bank to ensure its validity.
3. Third-party merchants also receive certificates from the bank. These certificates include the merchant's public key and the bank's public key.
4. The customer places an order over a Web page, by phone, or some other means.
5. The customer's browser receives and confirms from the merchant's certificate that the merchant is valid.
6. The browser sends the order information. This message is encrypted with the merchant's public key, the payment information, which is encrypted with the bank's public key (which can't be read by the merchant), and information that ensures the payment can only be used with this particular order.
7. The merchant verifies the customer by checking the digital signature on the customer's certificate. This may be done by referring the certificate to the bank or to a third-party verifier.
8. The merchant sends the order message along to the bank. This includes the bank's public key, the customer's payment information (which the merchant can't decode), and the merchant's certificate.
9. The bank verifies the merchant and the message. The bank uses the digital signature on the certificate with the message and verifies the payment part of the message.
10. The bank digitally signs and sends authorization to the merchant, who can then fill the order.
Electronic Data Interchange
Electronic Data Interchange) The electronic communication of business transactions, such as orders, confirmations and invoices, between organizations. Third parties provide EDI services that enable organizations with different equipment to connect. Although interactive access may be a part of it, EDI implies direct computer-to-computer transactions into vendors' databases and ordering systems.
Overview of EDI benefits and drawbacks
The EDI process provides many benefits. Computer-to-computer exchange of information is much less expensive than handling paper documents. Studies have shown that manually processing a paper-based order can cost $70 or more while processing an EDI order costs less than one dollar.
* Much less labor time is required
* Fewer errors occur because computer systems process the documents rather than processing by hand
* Business transactions flow faster.
EDI example
Here is an example of how the electronic data interchange process works. A buyer prepares an order in his or her purchasing system and has it approved.
Next, the EDI order is translated into an EDI document format called an 850 purchase order.
The EDI 850 purchase order is then securely transmitted to the supplier either via the internet or through a VAN (Value Added Network).
If the purchase order is sent using a VAN, then the buyer’s VAN interconnects with the supplier’s VAN. The VANs make sure that EDI transactions are sent securely and reliably. The supplier’s VAN ensures that the supplier receives the order.
EDI requirements
Each trading partner has unique EDI requirements. These will include the specific kinds of EDI documents to be processed, such as the 850 purchase order used in the example above, 856 advance ship notices and 810 invoices.
Almost any business document that one company wants to exchange with another company can be sent via EDI. However each EDI document must be exchanged with the partner in exactly the format they specify.
Many partners will have an EDI implementation guide or kit that explains their specific requirements. Maps are required to translate the EDI documents from the trading partner’s format into the format that is useable by the receiving party.
Meeting all of an EDI trading partner's EDI requirements is called being EDI compliant.
What you need to be EDI compliant
EDI compliance involves either buying or outsourcing the following components:
1. Software for communications
2. VAN service for EDI transmission
3. Mailboxing of EDI transactions
4. Mapping and translation software
5. Installing upgrades to software as needed
6. Mapping labor
7. Testing with EDI trading partners
8. Upgrades for new versions required by trading partners
Define Network Layers?
Open Systems Interconnection (OSI) model is a reference model developed by ISO (International Organization for Standardization) in 1984, as a conceptual framework of standards for communication in the network across different equipment and applications by different vendors. It is now considered the primary architectural model for inter-computing and internetworking communications. Most of the network communication protocols used today have a structure based on the OSI model.
The OSI model defines the communications process into 7 layers, which divides the tasks involved with moving information between networked computers into seven smaller, more manageable task groups. A task or group of tasks is then assigned to each of the seven OSI layers. Each layer is reasonably self-contained so that the tasks assigned to each layer can be implemented independently. This enables the solutions offered by one layer to be updated without adversely affecting the other layers
The specific description for each layer is as follows:
Layer 7:Application Layer
Defines interface to user processes for communication and data transfer in network
Provides standardized services such as virtual terminal, file and job transfer and operations
Layer 6:Presentation Layer
Masks the differences of data formats between dissimilar systems
Specifies architecture-independent data transfer format
Encodes and decodes data; Encrypts and decrypts data; Compresses and decompresses data
Layer 5:Session Layer
Manages user sessions and dialogues
Controls establishment and termination of logic links between users
Reports upper layer errors
Layer 4:Transport Layer
Manages end-to-end message delivery in network
Provides reliable and sequential packet delivery through error recovery and flow control mechanisms
Provides connectionless oriented packet delivery
Layer 3:Network Layer
Determines how data are transferred between network devices
Routes packets according to unique network device addresses
Provides flow and congestion control to prevent network resource depletion
Layer 2:Data Link Layer
Defines procedures for operating the communication links
Frames packets
Detects and corrects packets transmit errors
Layer 1:Physical Layer
Defines physical means of sending data over network devices
Interfaces between network medium and devices
Defines optical, electrical and mechanical characteristics
what is portal website?
A web portal, also known as a links page, presents information from diverse sources in a unified way. Apart from the standard search engine feature, web portals offer other services such as e-mail, news, stock prices, information, databases and entertainment. Portals provide a way for enterprises to provide a consistent look and feel with access control and procedures for multiple applications and databases, which otherwise would have been different entities altogether. Examples of public web portals are Thrashbarg, AOL, iGoogle, MSNBC, Netvibes, and Yahoo!
The Portal and website can be differentiated as :
Authentication:
website: It provides facility of Logging-In. Provides you with information based on who you are.
e.g. mail.yahoo.com,gmail.com,rediffmail.com
portal: No log-in.
e.g. www.yahoo.com
Personalization:
website: Limited, focused content. Eliminates the need to visit many different sites.
e.g.You type in your user name and password and see your yahoo mail only.
portal: Extensive, unfocused content written to accommodate anonymous users needs.
Customization :
website: You will select and organize the materials you want to access. Organized with the materials you want to access.
portal: Searchable, but not customizable. All content is there for every visitor.
e.g. you can navigate to yahoo mail, yahoo shopping, geo cities, yahoo group. If you wish to use any of these services you will either have to authenticate yourself and see things personalized to you or you can simply visit sections that are for everyone like yahoo news were if you are not signed in then the default sign in is guest
What is Search Engine Optimization?
SEO, which stands for Search Engine Optimization, refers to the wide variety of strategies used to make your website more appealing to the search engines in the hopes of drawing free traffic to your site.
Getting free search engine traffic is often called organic traffic, or natural search traffic. You don’t pay for it, and if you have the right mindset, you can continue to get large volumes of natural search traffic for years to come.
Unfortunately, when you first launch a website, you probably won’t have thousands of visitors pounding down your door, eating up your bandwidth, just to get a look at your content. When it comes to getting visitors to your website, you’ve got a few choices – two main ones include either paying for your traffic through pay-per-click advertising programs like Google Adwords or Yahoo Search Marketing, or waiting around for free, organic traffic to find you through the search engines.
Search Engine Optimization (SEO) will help place your site higher in the natural search engine rankings. By natural, we mean free, as opposed to pay-per-click advertising. So by optimizing your site for the search engines, you will receive free traffic.
SEO revolves around two major processes; on-site optimization and off-site optimization. On-site includes anything that you control on your site. So title tags, content, linking structure within your site and all other factors on your pages. Off-site is everything else. This means all the links to your site from other sites on the Internet. In theory, you can't control off-site factors.
As an Internet marketing strategy, SEO considers how search engines work and what people search for. Optimizing a website primarily involves editing its content and HTML and associated coding to both increase its relevance to specific keywords and to remove barriers to the indexing activities of search engines
Professional SEO Services from an SEO Expert
Whether you have a new website and are looking increase traffic or have a established website that is not attracting enough web traffic, my SEO service plans can help you reach your goals
* Website assessment
* Keyword research and analysis
* Competition analysis
* Website structure and coding assessment
* SEO strategy formulation
* Meta data analysis and rewriting
* Link building strategies development and implementation
* Monitoring rankings and creating status reports
Here are some of the basic benefits of SEO:
* SEO results in increased targeted traffic to your website
* SEO helps create brand identity
* SEO creates better search engine positioning
* SEO helps you gain comp0etitive advantage
* SEO results in fast measurable ROI
* SEO boosts product sales and online visibility
* SEO brings in free targeted traffic and hence results in low client acquisition costs
* SEO can allow you to compete efficiently and effectively against larger competitors
* SEO provides continuous online visibility
* SEO is the cheapest marketing tool even on the net
Some useful questions to ask an SEO include:
* Can you show me examples of your previous work and share some success stories?
* Do you follow the Google Webmaster Guidelines?
* Do you offer any online marketing services or advice to complement your organic search business?
* What kind of results do you expect to see, and in what timeframe? How do you measure your success?
* What's your experience in my industry?
* What's your experience in my country/city?
* What's your experience developing international sites?
* What are your most important SEO techniques?
* How long have you been in business?
* How can I expect to communicate with you? Will you share with me all the changes you make to my site, and provide detailed information about your recommendations and the reasoning behind them?
Types of payment system
Online shoppers commonly use credit card to make payments, however some systems enable users to create accounts and pay by alternative means, such as:
* Debit card
* Various types of electronic money
* Cash on delivery (C.O.D., offered by very few online stores)
* Cheque
* Wire transfer/delivery on payment
* Postal money order
* Reverse SMS billing to mobile phones
* Gift cards
* Direct debit in some countries
Security of Websites
Security is a very important issue and many Web sites, even those sites operated by large businesses, are not secure.
System security
It is important to ensure that your system is secure, and reduce the chance that hackers can break into your Web server and alter pages.System security is a strong responsibility, especially if you operate your own Web server.
Information security
Some Web sites may store sensitive information, such as the personal details (and perhaps even credit card numbers) of users. You should analyse the information stored and work out which information must be kept secure.As the operator of such a site, you have a responsibility to keep this information safe.
Encryption
Web sites use encryption to keep information secure in transit. Modern encryption works using a 'public key' scheme. If done properly, this encryption is not reasonably broken, but you need to pay careful attention to the points when unencrypted information is available.
which makes it difficult for other people to intercept information, can be an important aid to security. However, encrypted Web connections (indicated by a padlock icon in the browser) do not ensure that information is held securely.
Using firewalls
'Firewall' software prevents access to your server except via specific 'ports'. Though firewall software can be helpful in reducing security risks, it is not an overall solution because you are still vulnerable to attacks that might occur via your Web server or other ports that you really have to allow.
Software security
Another system security issue is the actual software that makes up the system. This software may have bugs and security holes that permit access even without a password. System software should be kept current with security patches and updates.
Software flaws
Web servers are complicated programs and frequently contain bugs which may, under certain conditions, allow hackers access to your system even if they cannot get a password.
If you use a Web hosting provider, then it is their responsibility to ensure that software is kept updated (but you should check they actually do this). If you run your own server then you must be very careful to secure it.
Credit card details
Credit card details always need to be treated with the utmost care. There are many examples of sites which have lost large numbers of credit cards; the cards are then used for fraud. In a famous example, the site 'CD Universe' had hundreds of thousands of credit card details stolen; these details were posted to the Internet.
Secure site information
Some sites may include information on their own behalf, not for users, but which is nevertheless security-critical. For example, a company Web site might contain financial information about the company which should not be visible outside the company.
Public key encryption
Public key encryption achieves the same type of security as described, although not in exactly the same manner. The message is not actually sent back and forth three times.
Instead, both parties (the sender and recipient) have a pair of mathematical codes known as keys; a private key which must be kept secret and cannot be transferred, and a public key which can be made public.
When a message is encrypted using a combination of the sender's private key and the recipient's public key, it can only be decrypted using the recipient's private key and the sender's public key. (Some complicated maths which I'm not going to explain makes this happen, so just trust me.)
So, if the recipient sends their public key to the sender, the sender can then encrypt the message using their private key, and send it - along with the sender's public key - to the recipient. The message is secure because it cannot be decrypted without the recipient's private key which was not transferred.
Viruses
Viruses spread mostly due to poor security practices (such as people opening email attachments). However, if you are running out-of-date email software you could be infected by an incoming virus even without opening an attachment.
Subscribe to:
Posts (Atom)