Research Methodology& Statistical Analysis

Part A , Question no: (d)

A confidence interval is a range of population values with which the sample data are
compatible. A significance test considers the likelihood that the sample data has come from a
particular hypothesised population.
The 95% confidence interval consists of all values less than 1.96 standard errors away from
the sample value, testing against any population value in this interval will lead to p > 0.05.
Testing against values outside the 95% confidence interval (which are more than 1.96
standard

errors

willlead

to

p-values

<

0.05.

Similarly, the 99% confidence interval consists of all values less than 2.58 standard errors
away from the sample value, testing against any hypothesised population value in this
interval will give a p-value > 0.01. Testing against values outside the 99% confidence interval
(which are more than 2.58 standard errors away) will lead to p-values < 0.01. In general:-

Managerial Economics
Part B Question number: 8
Ans:
Accurate cost measurement is critical to properly pricing goods or services. Businesses with
accurate cost measurement know whether they are making a profit on current goods and
know how to judge potential investments, new products or other opportunities. Using the
correct costing method for the opportunity is a primary focus of effective cost accounting and
financial control. Incremental and marginal costs are two of the primary tools to evaluate
future investment or production opportunities.
Incremental Costs
Incremental costs are associated with a choice and therefore only ever include forwardlooking costs. Previously made purchases or investments, such as the cost to build a factory,
are called sunk costs and are not included. The Incremental cost can include many different
direct and indirect cost inputs depending upon the situation. However, only costs that will
change as a result of the decision are to be included. When a factory production line is at full
capacity, the incremental cost of adding another production line might include cost of the
equipment, the people to staff the line, electricity to run the line and additional human
resources and benefits.
Marginal Costs
Marginal cost is a more specific term, referring to the cost to produce one more unit of
product or service. Originally used to optimize production, products with high marginal costs
tend to be unique, labour intensive or at the beginning of a product life cycle. Low marginal
cost items are often very price competitive. The classic example is the cost to print
encyclopaedias. It costs a lot to print the first encyclopaedia. Research must be done, entries
written, copy typeset. But it requires very little additional cost to print the 10,000th
encyclopaedia. Marginal cost may equal incremental cost when only one additional unit is
being considered.
Applications

The strict usage of incremental and marginal costs has been expanded over time to include
any sort of decision that has a cost impact. Public policy, medical trials and even
psychologists frequently use these terms to evaluate the fiscal, medical and emotional costs of
different options. These quantified terms help to guide critical thinking and make for better
decision outcome.

Relationship of marginal cost with slope down in the average cost curve
When average cost is declining as output increases, marginal cost is less than average cost.
When average cost is rising, marginal cost is greater than average cost. When average cost is
neither rising nor falling (at a minimum or maximum), marginal cost equals average cost.
Other special cases for average cost and marginal cost appear frequently:

Constant marginal cost/high fixed costs: each additional unit of production is

produced at constant additional expense per unit. The average cost curve slopes down
continuously, approaching marginal cost. An example may be hydroelectric generation,
which has no fuel expense, limited maintenance expenses and a high up-front fixed cost
(ignoring irregular maintenance costs or useful lifespan). Industries where fixed marginal
costs obtain, such as electrical transmission networks, may meet the conditions for
a natural monopoly, because once capacity is built, the marginal cost to the incumbent of
serving an additional customer is always lower than the average cost for a potential
competitor. The high fixed capital costs are a barrier to entry.

Two popular pricing mechanisms are Average Cost Pricing (or Rate of Return
Regulation) and Marginal Cost Pricing. A monopoly will produce where their average
cost curve meets the market demand curve under Average Cost Pricing, referred to as the
Average Cost Pricing Equilibrium. Conversely, the same assertion can be made for
Marginal Cost Pricing.

Minimum efficient scale / maximum efficient scale: marginal or average costs may be
non-linear, or have discontinuities. Average cost curves may therefore only be shown
over a limited scale of production for a given technology. For example, a nuclear plant
would be extremely inefficient (very high average cost) for production in small
quantities; similarly, its maximum output for any given time period may essentially be
fixed, and production above that level may be technically impossible, dangerous or

extremely costly. The long run elasticity of supply will be higher, as new plants could be
built and brought on-line.

Zero fixed costs (long-run analysis) / constant marginal cost: since there are
no economies of scale, average cost will be equal to the constant marginal cost.

Business Law& Regulations

Part B , Question number: 10
Ans: Digital signatures
Secure technologies, such as digital signatures and digital certificates, go some way to
meeting these challenges. Digital signatures enable the unambiguous confirmation of the
identity of the sender and the authenticity and integrity of electronic documents. Unique to
the sender and unique to the message sent, digital signatures are verifiable and non-reputable.
Similarly, the exchange of Internet certificates through an automatic 'digital handshake'
between computers provides assurance that the parties are who they say they are and helps to
assess whether the service provided and the goods or services delivered are genuine.
Copyright protection mechanisms also based on secure technologies such as cryptography
and smart cards, help to ensure the protection of digital material and are a crucial factor in the
emergence of a mass-market in electronic content. Also based on cryptographic methods,
secure electronic payment mechanisms provide the final element of trust: the ability to pay
and be paid. Such secure technologies are for the most part fully operational and
commercially available today.
The Communication recognises that digital signatures will be the driving force behind the
development of many new services which vary from certification (e.g. likely to identify with
a public key) to fully fledged digital notary services (e.g. adding a time stamp to an electronic
document, electronic archiving etc). These services are expected to play a dominant role in
the Information Society, particularly in electronic commerce. However, the Communication
concludes, the necessary regulatory and institutional framework supporting technologies is

not yet complete, particularly in areas such as interoperability and mutual recognition across
borders.
Explanation of Digital Signatures
Several different methods exist to sign documents electronically. These electronic signatures
vary from very simple methods (e.g. inserting a scanned image of handwritten signature in a
word processing document) to very advanced methods (e.g. using cryptography). The sub-set
of electronic signatures based on public key cryptography, is often called digital signatures.
The basic nature of digital signatures is that the author of an electronic document can sign his
or her electronic document by using a secret cryptography key. This key must be kept private
at all times by the user. The signature can only be verified with the associated public key of
the author. This public key is widely known.
The idea behind this form of authentication is the confirmation of identity by proving the
possession of a secret key. The author encrypts the message or a part of it with his or her
secret key. The recipient of the message can check the identity of the author by decrypting the
information with a public key of the presumed author. If the decryption is not successful, the
recipient will not validate the message. This process of authentication relies on the public
keys of the users that are accessible to all the communication partners and on a trusted
relationship between the identity of the users and their public key.
Like the signature used on written documents today, digital signatures are now being used to
identify authors of e-mail or other information objects of electronic data. Digital signatures
can provide three important functions:
1. Authentication - to authenticate the identity of the person who signed the data so it is
known who participated in the transaction.
2. Integrity - to protect the integrity of the data so it is possible to know the message read has
not been changed, either accidentally or maliciously.
3. Non-repudiation - to allow it to be proved later who participated in a transaction so that it
cannot be denied who sent or received the data.

It should be noted that in order to create a signed message, it is not necessary to send the
message itself in encrypted form. The digital signature can be appended to the message and
can be verified irrespective of the form of the message itself.
Cryptography is a highly important instrument for achieving secure electronic commerce.
There are a number of ways that cryptography can work in an electronic environment. The
most popular method being used today is where the encoding and decoding of the message is
performed by using two keys:
(i)

a public key which is publicly know and

(ii) a secret key which is only known by the sender or the recipient or both. This
cryptography technique is often known as 'public key encryption'. The public key can be
used by anyone to encrypt a message. Only the owner of the secret key can decrypt it. Thus,
if two parties want to send information to each other, they exchange their public keys. The
public keys could also be retrieved from a database which is open to the public. When X
sends to Y a message, X enciphers the message using the public key of Y. Only Y can
decipher the message using his secret key.
The primary advantage of public key cryptography is increased security. The secret keys do
not have to be transmitted or revealed to anyone. Another advantage of the system is that the
public key and the secret key can both be used for encoding as well as for decoding. Their
functions are interchangeable. This means that X can encode a message with his own secret
key, which Y can decode by using the public key of X. On first sight, this seems a silly
method, because everybody has access to the public key of X and can thus decrypt and read
the message. This is, indeed, true. On the other hand, Y can be sure that the message can only
originate from X, since he is the only one who knows the secret key. Without having
contacted X before, Y can trust on the authenticity of a message. It is on this technology of
sharing a public key that digital signatures are based. The key pair can be generated by the
user himself by running specific cryptography software. Even the recent versions of the most
popular Internet communication software such as MS Internet Explorer and NetScape
Communicator, allow the user to create his own key pair.
Temporarily, secret keys are being stored on the hard disc of the user's computer. The user
gains access to the secret key by entering a password or pass phrase. This type of storage,

however, has the disadvantage of non-mobility. The user always needs his own computer in
order to put his digital signature on an electronic file. Therefore, the storage of the secret key
on a removable carrier, such as a smart card, is getting more popular. The user simply inserts
his smart card into a reader by which he can sign digitally.
Once a person has generated or received his public and private key, it is extremely important
to keep the secret key free from access by others. If someone gains access to the secret key,
that person will be able to counterfeit the key and, thus, to create digital signatures. Protection
of the secret key is, however, for the user a local matter under his control or the control of a
responsible site security officer. Every person bears responsibility for his own signature and
should protect it from loss, theft or illegal use. Neither should the user forward his secret key
to other people such as his secretary or colleague.
The user needs the public key of his partner in order to check the authenticity of his digital
signature. His public key can be delivered by the partner himself but can also be retrieved
from a data base which is publicly accessible. Normally, the communication software of the
user will automatically check the digital signature by retrieving previously stored public keys
or accessing the relevant public database.
Process of Certificationin the context of Digital signature
The authentication procedure is based on the presumption that the public key really belongs
to the signer. This presumption is, however, not self-evident. The risk exists that somebody
creates a key pair, places the public key in a public directory under somebody else's name and
thus signs electronic messages in the name of somebody else. Furthermore, a public and
private key pair has no inherited association with any identity, it is simply a pair of numbers.
Therefore, the assurance should exist that the public key really belongs to the claimed
identity. The answer is to rely on third parties to certify public keys. A third party can
guarantee the relationship between the identity and the public key. This association is
achieved in a certificate that binds the public key to an identity. These third parties are known
as 'Certification Authorities' (CAs) and must be accepted by all users as impartial and a
'Trusted Third Party' (TTP). In addition, the process of key certification must be full proof
and should be afforded the highest level of security. The act of using a registered digital
signature to sign an electronic message becomes very similar to appearing in front of a notary
public to manually sign a paper.

The CA can check the identity of the user by for example passing out the certificates after a
simple e-mail address check. This type of assurance is minimal, and only good for
establishing a consistent presence, not for guaranteeing someone is a real person. Other
certificates could be issued after receiving third party proofing of name, address and other
personal information provided in the online registration. Usually this would be a check on
some consumer databases.
The best identification is, of course, the personal appearance. CAs could require someone to
personally take their application to a notary, who will check identification before endorsing it.
This adds an additional layer of credibility to the certificate.
Digital certificates could contain every type of information necessary to identify the creator
of the digital signature. Usually they contain the owner's public key, the owner's name, the
expiration date of the certificate, the name of the Certification Authority that issued the
digital certificate, a serial number and perhaps some other information. CAs signs
information and thereby adds credibility to the certificate. People who receive the certificate
check the signature and will believe the attribute information/public key binding if they trust
that certifying authority. In order to allow an automated checking of the certificates it is
important that the certificates are built up in the same form. It is therefore necessary that
standards are being followed, describing the elements that the certificate should contain.
Many cases could exist where the certificate of somebody should not be used or trusted any
more, such as an employee who leaves the company, someone's computer or smart card
containing the secret key is stolen. When a certificate becomes compromised, there must be a
way to call up the Certification Authority and request that the certificate is disallowed. The
most common way of making the revocation public is to put it in a database, called a
'Certificate Revocation List' or CRL. The CRL can be accessed by the public to check if the
certificate of a user is still valid. A Certification Authority thus must maintain two databases,
a complete list of certificates and a list of revoked certificates.
Why should the user trust the CA of the other party? There is a need for both parties who use
different CAs to trust each other's authority. One way to achieve this confidence is by crosscertification. This means that both CAs certify each other's public key. Another solution could
be that the two CAs are certified by a third CA, functioning as a top CA. In this hierarchical
CA structure each CA only needs to be certified once in order to gain trust. At the moment,

most practising CAs however, are certifying themselves by simply signing their own public
key and posting the certificate on their own web sites. This self-certification is possible
because the CAs rely on their trust gained from other activities, such as postal services or
banking activities. In order to assess the level of trust that may be put into a CA, the CA
should also provide a combination of technology (such as security protocols and standards,
securing messaging and cryptography), infrastructure (including secure facilities, customer
support and redundant systems), and practices - a defined model of trust and legally binding
framework for subscriber activities and disputes. In short, a CA should be a trusted on-line
service operating 24 hours a day, seven days a week on a global basis.