MODULE 1

•Threats in E-commerce
•Encryption Overview
•Elements of Encryption
•Secret key encryption
•Public key encryption
•Digital Signatures
•Digital Certificates
•Types of Cryptoghraphies
•SSL
•Smart cards and applications
•EDI
•Evolution,
•uses ,benefits,
•Working of EDI
•EDI component
•Services
•ANSI X12
•EDIFACT
 Computer security

• Computer security is the protection of unauthorized

access, use, alteration, or destruction hardware,
software, and data.
• Two types of computer security:
– Physical - protection of computing devices
using physical objects such as guards,
alarms, security doors, vaults, etc.
– Logical - protection through password,
firewall, and encryption are logical solutions to
security
 Threats

• Threat: Any act or object that poses a danger to

computer assets is known as a threat.

• Countermeasures are procedures, either physical

or logical, that recognize, reduce, or eliminate a
threat

• Threats that are low risk and unlikely to occur can

be ignored if the cost of protection is higher the
asset (hardware, software, data) value.
 Security policy

• A Security policy is a written statement describing what assets are to be

protected and why, who is responsible, which behaviors are acceptable or not.
Any organization involved in e-commerce, should have a security policy in
place.
• Specific elements of a security policy addresses:
• Authentication
– Who is trying to access the site?
• Access Control
– Who is allowed to logon and access the site?
• Secrecy
– Who is permitted to view selected information
• Data integrity
– Who is allowed to change data?
• Audit
– What and who causes selected events to occur, and when?
 Security policy

• Security policy should address an integrated security of an

organization.
• Integrated security policy should address all security
measures in order to prevent unauthorized disclosure,
destruction, or modification of assets. It includes:
– Physical security
– Network security
– Access authorizations
– Virus protection
– Disaster recovery
 Secure electronic commerce

• Secure electronic commerce include protection of three

assets in the “commerce chain”.
• These are:
• Client computers
• Messages travelling from the client computer
to the Web server through the Internet
• Web/Commerce servers
 Threats in E-commerce

• Three key points of vulnerability:

1. Internet communications channels

2. Server level

3. Client level and there are

Database Threats
 Client threats

• Java applets,
• Active X controls,
• JavaScript, and
• VBScript
• Cookies
 Client threats

– Active Content
• Programs that are embedded transparently in Web
pages and cause actions to occur.
• E.g., Display moving graphics, down-load and play
audio, implemented Web-based spreadsheet
programs.
• Programs that interpret or execute instructions
embedded in downloaded objects
• Malicious active content can be embedded into
seemingly innocuous Web pages
 Client threats

Java Applet

• An applet is a program that executes within another

program and cannot execute directly on a computer
• Once downloaded, a Java applet can run on a client
computer, so security violations can occur
 Client threats

• JavaScript
• JavaScript is a scripting language developed by
Netscape Corporation to enable Web page designers to
build active content.

• When downloaded a Web page with embedded

JavaScript, it runs in the client computer and can destroy
hard disk, send back e-mail accounts to the originating
Web server, and so on
 ActiveX

• ActiveX is an object, called a control, that contains

programs and properties that perform certain tasks
• ActiveX controls only run on computers with
Windows 95, 98, or 2000
• Once downloaded, ActiveX controls execute like any
other program, having full access to a computer’s
resources reformatting a hard disk, sending e-mail
addresses, or shut down the computer.
 Communication Channel Threats

• Secrecy Threats:
– Secrecy is the prevention of unauthorized information
disclosure. It requires sophisticated physical and logical
mechanism to implement
– Theft of sensitive or personal information (e-mail
address, credit card number)is a significant danger in e-
commerce
– Sniffer programs can tap into a router of the Internet and
record information while it passes from a client computer
to a Web server.
– IP address of a computer is continually revealed to a
Web server while a user is on the web
 Communication Channel Threats

• How to Hide an IP address from a Web site:

– A Web site called “Anonymizer” that provides a
measure of secrecy by hiding the IP address of a
client computer from sites that a user visits.
– It requires that a users starts his/her visit from the
“anonymizer” home page: http://www.anonymizer.com
– Anonymizer
acts as a firewall and shields private information from
leaking out.
 Communication Channel Threats

• Integrity Threats:
– Also known as active wiretapping
– Unauthorized party can alter data such as
changing the amount of a deposit or
withdrawal in bank transaction over the
Internet
– A hacker can create a mechanism such that
all transactions from a Web site redirects to a
fake location.
 Communication Channel Threats

• Necessity Threats:
– Also known as delay or denial threats
– Disrupt normal computer processing
• Deny processing entirely
• Slow processing to intolerably slow speeds such
that customers get bored not to visit the site
anymore.
• Remove file entirely, or delete information from a
transmission or file
• Divert money from one bank account to another
 Server Threats

• The more complex a Web server software becomes, the

higher the probability that errors (bugs) exist in the code
- security holes through which hackers can access.

• Web servers run at various privilege levels:

• Highest levels provide greatest access and flexibility
to a Web user (from a browser)
• Lowest levels provide a logical fence around a
running program
 Server Threats

• Secrecy violations occur when the contents of a server’s

folder names are revealed to a Web browser
• Web site administrators can turn off the “Allow Directory
Browsing” feature to avoid secrecy violations
• Cookies requested by a Web server, containing a user’s
Userid and Password in a client computer, should never
be transmitted unprotected
• One of the most sensitive files on a Web server holds
the username and password pairs
• The Web server administrator is responsible for ensuring
that this, and other sensitive files, are secure
 Database Threats

• A company database systems store data on user,

products, and orders for e-commerce

• In addition, a company’s valuable and private information

could be stored in a company database

• Security in a database is often enforced through defining

the user “privileges” which must be enforced

• Some databases are inherently insecure and rely on the

Web server to enforce security measures
 Other threats

• Common Gateway Interface (CGI) Threats

– CGIs are programs that present a security threat if
misused
– CGI programs can reside almost anywhere on a Web
server and therefore are often difficult to track down
– CGI scripts do not run inside a sandbox, unlike
JavaScript
 Most Common Security Threats in the
E-commerce Environment

• Malicious code
– Viruses
– Worms
– Trojan horses
– Bots, botnets
• Unwanted programs
– Browser parasites
– Adware
– Spyware
 Most Common Security Threats

• Phishing
– Deceptive online attempt to obtain confidential
information
– Social engineering, e-mail scams, spoofing legitimate
Web sites
– Use of information to commit fraudulent acts (access
checking accounts), steal identity
• Hacking and cybervandalism
– Hackers vs. crackers
– Cybervandalism: Intentionally disrupting, defacing,
destroying Web site
– Types of hackers: White hats, black hats, grey hats
 Most Common Security Threats
• Credit card fraud/theft
– Hackers target merchant servers; use data to establish credit
under false identity
• Spoofing: is the creation of Internet Protocol (IP) packets with a forged
source IP address, with the purpose of concealing the identity of the
sender or impersonating another computing system.
• Pharming [ is a cyber attack intended to redirect a website traffic to
another, fake site

• Spam/junk Web sites

• Denial of service (DoS) attack
– Hackers flood site with useless traffic to overwhelm
network
– Distributed denial of service (DDoS) attack
 Encryption Overview

– Transforms data into cipher text readable only by

sender and receiver
– Secures stored information and information
transmission
– Provides 4 of 6 key dimensions of e-commerce
security:

1. Message integrity
2. Non repudiation
3. Authentication
4. Confidentiality
 Encryption Overview

Cryptography: The word cryptography, describing the art of

secret communication, comes from Greek meaning “secret
writing.”
The field of study related to encoded information
Encryption
The process of converting plaintext into ciphertext
Decryption
The process of converting ciphertext into plaintext
 Cryptography
• A cryptosystem is called secret-key cryptosystem if some
secret piece of information – the key – has to be agreed first
between any two parties that have, or want, to communicate
through the cryptosystem. Example: CAESAR, HILL
• Types
• Symmetric
– Same key for encryption and decryption
– Key distribution problem
• Asymmetric
– Mathematically related key pairs for encryption and
decryption
– Public and private keys
 Cryptography

• A cryptographic system consists of four essential

components:
– Plaintext – the original message to be sent.
– Cryptographic system (cryptosystem) or a cipher –
consisting of mathematical encryption and decryption
algorithms.
– Ciphertext – the result of applying an encryption
algorithm to the original message before it is sent to
the recipient.
– Key – a string of bits used by the two mathematical
algorithms in encrypting and decrypting processes.
Two basic types of secret-key cryptosystems
• substitution based cryptosystems
• transposition based cryptosystems
Basic types of substitution cryptosystems
• monoalphabetic cryptosystems – they use a fixed
substitution –
• polyalphabetic cryptosystems– substitution keeps
changing during the encryption
• A monoalphabetic cryptosystem with letter-by-letter
substitution is uniquely specified by a permutation of letters.
(Number of permutations (keys) is 26!)
 Symmetric encryption

• Symmetric encryption or secret key encryption uses a

common key and the same cryptographic algorithm to
scramble and unscramble the message
• The transmitted final cipher text stream is usually a
chained combination of blocks of the plaintext, the
secret key, and the ciphertext.
• The security of the transmitted data depends on the
assumption that eavesdroppers and cryptanalysts with
no knowledge of the key are unable to read the message
 Symmetric encryption

• Sender and receiver use same digital key to encrypt and

decrypt message
• Requires different set of keys for each transaction
• Strength of encryption
• Length of binary key used to encrypt data
• Advanced Encryption Standard (AES)
• Most widely used symmetric key encryption
• Uses 128-, 192-, and 256-bit encryption keys
• Other standards use keys with up to 2,048 bits
 Advanced Encryption Standard (AES)

• Developed by two Belgian cryptographers, Joan Daemen and

Vincent Rijmen, and submitted to the AES selection process
under the name "Rijndael",
• Offers key lengths of 128 bit, 192 bit, and 256 bit
• Efficient in terms of processing power and RAM requirements
compared to 3DES
• Can be used on a wide variety of devices including
• Cellular phones
• PDAs
• Etc.
 Symmetric encryption

• Two categories of methods

• Stream cipher: algorithm operates on individual bits (or bytes);
one at a time
• Block cipher: operates on fixed-length groups of bits called
blocks
• Only a few symmetric methods are used today
 Block Cipher

• The ciphers we have seen so far are known as block

ciphers.
• Plaintext is broken into blocks of size k.
• Each block is encrypted separately.
• Advantages: random access, potentially high security
• Disadvantages: larger block size needed, patterns
retained throughout messages.
 Stream cipher

• A stream cipher encodes a symbol based on both the key

and the encoding of previous symbols.
– Ci = Mi XOR Ki XOR Mi-1
• Advantages:
– can work on smaller block sizes – little
memory/processing/buffering needed.
• Disadvantages:
– Random access difficult, hard to use large keys.
– Sender and receiver must be synchronized
• Inserted bits can lead to errors.
 DES
• DES is a block encryption method, i.e. uses block
cipher
• DES uses a 64 bit key; actually 56 bits + 8 bits
computable from the other 56 bits
• Problem: same input plaintext gives same output
ciphertext
 Triple DES (3DES)

• 168-Bit Encryption with Three 56-Bit Keys

Sender Receiver

Encrypts original plaintext with theDecrypts ciphertext with

1st key the 3d key

Decrypts output of first Encrypts output of the

step with the 2nd key first step with the 2nd key 2nd

Encrypts output of second Decrypts output of second

step with the 3d key; gives step with the 1st key; gives 1st
the ciphertext to be sent the original plaintext
 DES 3DES AES

Key Length (bits) 56 112 or 168 128, 192, 256

Key Strength Weak Strong Strong

Processing
Moderate High Modest
Requirements

RAM Requirements Moderate High Modest

 Symmetric encryption
• Symmetric encryption, although fast, suffers from several
problems in the modern digital communication environment
including:
– The biggest problem - that of a single key that must be shared
in pairs of each sender and receiver.
– In a distributed environment with large numbers of combination
pairs involved in many-to-one communication topology, it is
difficult for the one recipient to keep so many keys in order to
support all communication.
 Symmetric encryption

– The size of the communication space presents

problems. Because of the massive potential number
of individuals who can carry on communication in a
many-to-one, one-to-many, and many-to-many
topologies supported by the Internet
– for example, the secret-key cryptography, if strictly
used, requires billions of secret keys pairs to be
created, shared, and stored.
 Symmetric encryption
PROBLEMS(contd)
• The integrity of data can be compromised because the
receiver cannot verify that the message has not been
altered before receipt.
• It is possible for the sender to repudiate the message
because there are no mechanisms for the receiver to
make sure that the message has been sent by the
claimed sender.
• The method does not give a way to ensure secrecy
even if the encryption process is compromised.
• The secret key may not be changed frequently enough
to ensure confidentiality.
 Asymmetric encryption
• Public key encryption, commonly known asymmetric
encryption,
• Uses two different keys, a public key known by all and a
private key known by only the sender and the receiver.
• Both the sender and the receiver own a pair of keys,
one public and the other a closely guarded private one.
• Both keys used to encrypt and decrypt message
• Once key used to encrypt message, same key cannot be
used to decrypt message
• Sender uses recipient’s public key to encrypt message;
recipient uses his/her private key to decrypt it
 Asymmetric encryption

• To encrypt a message from sender A to receiver B, both A and

B must create their own pairs of keys.
• Then A and B publicize their public keys – anybody can acquire
them.
• When A is to send a message M to B, A uses B’s public key to
encrypt M. On receipt of M, B then uses his or her private key to
decrypt the message M.
• As long as only B, the recipient, has access to the private key,
then A, the sender, is assured that only B, the recipient, can
decrypt the message. This ensures data confidentiality.
• Data integrity is also ensured because for data to be modified
by an attacker it requires the attacker to have B’s, the recipient’s
private key. Data confidentiality and integrity in public key
encryption is also guaranteed
Public Key Cryptography – A Simple Case
 Public Key Encryption using Digital Signatures and Hash
Digests

• Hash function:
• Mathematical algorithm that produces fixed-
length number called message or hash digest
• Hash digest of message sent to recipient along with
message to verify integrity
• Hash digest and message encrypted with recipient’s
public key
• Entire cipher text then encrypted with recipient’s private
key – creating digital signature – for authenticity, non-
repudiation
Public Key Cryptography with Digital Signatures

45
 Asymmetric encryption
• Although public key encryption seems to have solved the major
chronic encryption problems of key exchange and message
repudiation, it still has its own problems.
– The biggest problem for public key cryptographic scheme is
speed. Public key algorithms are extremely slow compared to
symmetric algorithms. This is because public key calculations
take longer than symmetric key calculations since they involve
the use of exponentiation of very large numbers which in turn
take longer to compute. For example, the fastest public key
cryptographic algorithm such as RSA is still far slower than any
typical symmetric algorithm. This makes these algorithms and
the public key scheme less desirable for use in cases of long
messages.
– Public key encryption algorithms have a potential to suffer from
the man-in-the-middle attack. The man-in-the-middle attack is a
well known attack, especially in the network community where
an attacker sniffs packets off a communication channel, modifies
them, and inserts them back on to the channel.
 Public key cryptography
• With public key cryptography, there are two keys involved.
• One key is needed to encrypt (the recipient's public key) and
another key is needed to decrypt (the recipient's private key).
• Both keys are needed: once you've encrypted your
message with one of these keys, you can only decrypt it with
the other.
• So when you use PGP, you create a keypair.
• One of those, the public key, you publicize as widely as
possible.
• The other one, the private key, you keep safe. Anyone who
wants to send you private email encrypts the message with
your public key.
• Once that message is encrypted, only you -- the owner of
the corresponding private key -- can decipher the message
 Encryption Hashing

Password is usually added

Uses a key as an
to text; the two are
Use of Key input to an
combined, and the
encryption method
combination is hashed

Output is of a fixed
Length of Output is similar in
short length,
Result length to input
regardless of input

Reversible; ciphertext One-way function; hash

Reversibility can be decrypted cannot be “de-hashed” back
back to plaintext to the original string

48
 Public key cryptography

• Public key cryptography is computationally very

expensive.
• It takes a lot of computing power to decrypt and encrypt
a message.
• Therefore, PGP can be done by encrypting your
message with a conventional algorithm (the IDEA
algorithm), and then use the recipient's public key to
encrypt just the IDEA key needed to decrypt the
message.
• Digital certificate includes:
– Name of subject/company
– Subject’s public key
– Digital certificate serial number
– Expiration date, issuance date
– Digital signature of CA
• Public Key Infrastructure (PKI):
– CAs and digital certificate procedures
– PGP
 Example of how PGP Works
• John creates his key pair and wants to distribute his public key so
that anyone can send him email.
• The first thing he does after he's made the key available is walk
down the hall to Sue's office to get her to sign it.
• She adds the key to her public key ring, verifies with John that it
really is his key, and she signs it. The easiest way to verify the key is
to compare its fingerprint.
• John then takes a copy of his key with her signature and makes that
version of his public key available.
• Now anyone who gets his public key will find Sue's signature
attached to it. So if Bill gets the key and doesn't know John but does
know Sue, he can use the key confidently because he can verify
Sue's signature. Sue is guaranteeing John's key.
Digital Certificates and Certification Authorities

52
 Electronic signature

• An electronic signature must be message-dependent,

as well as signer-dependent.
• Otherwise the recipient could modify the message before
showing the message-signature pair to a judge.
• Or he could attach the signature to any message
whatsoever, since it is impossible to detect electronic
"cutting and pasting."
 Electronic signature

• How can user Bob send the bank a "signed" message M in a

public-key cryptosystem?
• He first computes his "signature" S for the message M using
DB :
• S = DB (M).
• He then encrypts S using EA (for privacy) and sends the result
EA (S) to the bank. He need not send M as well since it can be
computed from S.
 Electronic signature
• The bank first decrypts the cyphertext with D A to obtain S.
The bank knows who is the presumed sender of the
signature.
• The bank then extracts the message with the encryption
procedure of the sender, in this case E B available on the
public file:
• M = EB (S)
• The bank now posses a message-signature pair (M,S) with
properties similar to those of a signed document.
• Bob cannot later deny having sent to the bank this
message since no one else could have created S = D B (M).
• The bank can convince a judge that E B (S) = M, so the
bank has proof that Bob signed the document
 SSL

• A protocol developed by Netscape.

• It is a whole new layer of protocol which operates above
the Internet TCP protocol and below high-level
application protocols.
• SSL uses TCP/IP on behalf of the higher-level protocols.
• Allows an SSL-enabled server to authenticate itself to an SSL-
enabled client;
• Allows the client to authenticate itself to the server;
• Allows both machines to establish an encrypted connection.
 What Does SSL Concern?

• SSL server authentication.

• SSL client authentication. (optional)
• An encrypted SSL connection or Confidentiality. This
protects against electronic eavesdropper.
• Integrity. This protects against hackers.
 SSL

The exchange of messages facilitates the following

actions:
• Authenticate the server to the client;
• Allows the client and server to select a cipher that
they both support;
• Optionally authenticate the client to the server;
• Use public-key encryption techniques to generate
share secrets;
• Establish an encrypted SSL connection
 How SSL works

• The SSL protocol uses RSA public key cryptography for

Internet Security.
• Public key encryption uses a pair of asymmetric keys for
encryption and decryption.
• SSL includes two sub-protocols: the SSL Record Protocol and
the SSL Handshake Protocol.
• Record Protocol -- defines the format used to transmit data.
• Handshake Protocol -- using the Record protocol to exchange
messages b/t an SSL-enable server and an SSL-enable client.
 How SSL works
Client’s SSL version #,
cipher settings, r.g. data,
other inf. the server needs
to comm with the client
Authenticate the server by
some of the inf. If succeed
use all data so far to create
the premaster secret for the
session, encrypts it with the
server’s public key.
Server’s SSL version #, cipher
settings, r.g. data, other inf.
The client needs to comm with
the server over SSL.
Also send its own certificate
If the server has requested
client authentication (optional)
the client also signs another
piece of data known by both
the client and the server.
 If the server has requested
client authen., the server
attempts to authen the client.
If succeed, uses its private key
decrypt the premaster secret,
then perform a series of steps
to generate the master secret
Use the master secret to generate
the session keys.
Also performs a series of
steps, starting from the
same premaster secret
to generate the
master secret.
Use the master secret to
generate the session keys

Session keys are used to encrypt and decrypt information exchange

during the SSL session and to verify its integrity.
Master secrets protect session keys in transit.
Informing the server Informing the client
that the future that the future message
message from here from here will be
will be encrypted with encrypted with the
the session key. session key.

Then sends a separate Then sends a separate

(encrypted) message (encrypted) message
indicating that the indicating that the server
client portion of portion of handshake
handshake is finished. is finished.
• The SSL handshake is now complete. The
server and the client use the session keys to
encrypt and decrypt the data
• they send to each other and to validate its
integrity.
 Smart Cards

• A smart card is a device that includes an embedded

integrated circuit chip (ICC) that can be either a secure
microcontroller or equivalent intelligence with internal
memory or a memory chip alone.
• The card connects to a reader with direct physical
contact or with a remote contactless radio frequency
interface.
 Advantages of Smart Cards

• The capacity provided by the on-board microprocessor

and data capacity for highly secure, off-line processing
• Adherence to international standards, ensuring multiple
vendor sources and competitive prices
• Established track record in real world applications
• Durability and long expected life span (guaranteed by
vendor for up to 10,000 read/writes before failure)
• Chip Operating Systems that support multiple
applications
• Secure independent data storage on one single card
 Applications of smart cards

Financial Applications
• Electronic Purse to replace coins for small purchases in vending
machines and over-the-counter transactions.
• Credit and/or Debit Accounts, replicating what is currently on the
magnetic stripe bank card, but in a more secure environment.
• Securing payment across the Internet as part of Electronic
Commerce.
Communications Applications
• The secure initiation of calls and identification of caller (for billing
purposes) on any Global System for Mobile Communications
(GSM) phone.
• Subscriber activation of programming on Pay-TV.
 Applications of smart cards

Government Programs
• Electronic Benefits Transfer using smart cards to carry
Food Stamp and WIC food benefits in lieu of paper
coupons and vouchers.
• Agricultural producer smart marketing card to track
quotas.
Information Security
• Employee access cards with secured passwords and the
potential to employ biometrics to protect access to
computer systems.
 Applications of smart cards
Physical Access Control
• Employee access cards with secured ID and the potential to employ
biometrics to protect physical access to facilities.
Transportation
• Drivers Licenses.
• Mass Transit Fare Collection Systems.
• Electronic Toll Collection Systems.
Retail and Loyalty
• Consumer reward/redemption tracking on a smart loyalty card, that is
marketed to specific consumer profiles and linked to one or more specific
retailers serving that profile set.
Health Care
• Consumer health card containing insurance eligibility and emergency medical
data.
Student Identification
• All-purpose student ID card (a/k/a campus card), containing a variety of
applications such as electronic purse (for vending machines, laundry
machines, library card, and meal card).
 EDI: Electronic Data Interchange

• Exchange of electronic data between companies using

precisely defined transactions
• Electronic Data Interchange is the computer-to-computer
exchange of business data and documents between
companies using standard formats recognized both
nationally and internationally.
• The information used in EDI is organized according to a
specified format set by both companies participating in
the data exchange.
 Electronic Data Interchange: Benefits

• Benefits of EDI
 Advantages
• Lower operating costs
– Saves time and money
• Less Errors = More Accuracy
– No data entry, so less human error
• Increased Productivity
– More efficient personnel and faster throughput
• Faster trading cycle
– Streamlined processes for improved trading
relationships
Suppliers, manufacturers, and retailers cooperate in some of the most successful
applications of EDI.
 Electronic Data Interchange

How does EDI work?

• Supplier’s proposal sent electronically to
purchasing organization.
• Electronic contract approved over network.
• Supplier manufactures and packages goods,
attaching shipping data recorded on a bar
code.
• Quantities shipped and prices entered in
system and flowed to invoicing program;
invoices transmitted to purchasing organization
 Electronic Data Interchange
How does EDI work?

• Manufacturer ships order.

• Shipment notice EDI transaction sent (not shown)
• Purchasing organization receives packages, scans
bar code, and compares data to invoices actual items
received.
• Payment approval transferred electronically.
• Bank transfers funds from purchaser to supplier’s
account using electronic fund transfer (EFT).
 EDI

• EDI Standards
– EDI requires companies to agree on standards
• Compatible hardware and software
• Agreed upon electronic form format

– Established EDI standards

• Automotive Industry Action Group (AIAG)
• X.12 de facto umbrella standard in U.S. and Canada
• EDI for Administration, Commerce, and Trade
(EDIFACT) umbrella of standards in Europe
 EDI
• These standards have been updated 5 times since their
creation in 1979,
– They are updated to include new facets in the
business world, or update any information that has
become obsolete.
• As the standards evolved, subcommittees were added to
ASC X12.
– In 1986 X12F was added for the Financial Industry
– In 1989 X12M was added for the Warehousing
sets
– In 1991 X12N was formed for the B2B Insurance
and Healthcare needs.
 UCS

UCS = Uniform Commercial Standard

• Subset of ANSI ASC X12
• Foundation for creation from the Transportation industry
• Grocery and Retail-oriented Industry – 1976
• Sponsorship and Funding
– Manufacturers
– Retailers
– Wholesalers
– Brokers
 UCS

• Objective
– Provide for the communication of EDI data
– Identify alternative communication methods
– Specify the communication standard for
industry use
– Provide operational guidelines for using the
standard
 EDI
The Importance of EDI
– Need for timely, reliable data exchange in response to
rapidly changing markets
– Emergence of standards and guidelines
– Spread of information into many organizational units
– Greater reliability of information technology
– Globalization of organizations
 EDI

How to Subscribe to EDI

– Larger companies purchase hardware and
software
– Medium and small companies seek third-party
service
• Value-added networking (VAN)
• Managed network services available for a
fee
 EDI

• EDI on the Web

– Advantages of Web EDI
• Lower cost
• More familiar software
• Worldwide connectivity

– Disadvantages of Web EDI

• Low speed
• Poor security
 Disadvantages

• High Dependence on the participation of trading partners

• Costly for smaller companies

• Difficult to agree on standard to be used

 VAN
• Communications networks supplied and
managed by third-party companies that
facilitate electronic data interchange, Web
services and transaction delivery by
providing extra networking services
 VAN

Retailer A Wholesaler A

Retailer B Wholesaler B
Value-added
Network
Retailer C Wholesaler C

Retailer D Wholesaler D