Electronic Commerce

E-commerce consists primarily of the buying and selling of products or services over electronic systems such as the internet and other computer networks.

Electronic Commerce
Types of e-Commerce transactions: 1. Online goods and services Streaming media content www.mp3.com

Electronic books www.ebooks.com Software www.download.com

Electronic Commerce
2. Retail product sales Online retailers www.amazon.com Online ticket sales www.indianrail.gov.in Online banking www.icicidirect.com

Electronic Commerce
3. Marketplace services. Facilitate b2b, b2c, c2c, b2e, g2b, and other transactions through an online community or online auction business model. E.g. www.ebay.com, www.dell.com, www.echoupal.com Online wallet services. (stores online shopping information) Online advertising Price comparison service

Electronic Commerce
Government to citizen sales and services www.mca.gov.in

E-procurement www.eprocurement.gov.in

Online payment system

Credit cards Smart cards Paypal Electronic bill presentment and payment Mobile payment Electronic fund transfer Bank wire transfer Electronic money

Assignment-1: Describe functioning of each of the online payment system.

Setting up ecommerce website

This section is divided into the following issues. Registering a domain name Hosting the domain Uploading content to the website Setting up email accounts Enabling online payments Legal issues
Terms of use Privacy policy disclaimer

Search engine optimization

E-commerce Indian Law

The Indian Information Technology Act, 2000 aims to facilitate the development of a secure signature regulatory environment for electronic commerce by providing legal infrastructure governing electronics contracting, security and integrity of electronic transactions, the use of digital signatures and other issues relating to electronic commerce.

Act provides:
Minimize the incidence of electronic forgeries; Enable and foster authentication of computer based documents; Facilitate commerce by means of computerized transactions. Legal recognition of electronic contracting and acceptance and use of electronic records and electronic signatures by the government entities. Also provides for civil and criminal liabilities for fraudulent falsifying computer records, circumventing controls, unauthorized use or access into the computer system and unauthorized alteration or destruction of computer data or system

Digital signature
The Information Technology Act, 2000 (IT Act) prescribes digital signature as a means of authentication of electronic record.

Digital signature
Digital signatures are an application of asymmetric key cryptography. Cryptography is primarily used as a tool to protect national secrets and strategies. In 1978, Ron Rivest, Adi Shamir and Leonard Adleman discovered the first practical public key encryption and signature scheme, now referred to as RSA.

Digital signature
How it works: It is the science of using mathematics to encrypt and decrypt data.

Digital signature
Objective: Confidentiality Data integrity Authentication Non-repudiation

Digital signature
Different types of cryptography Symmetric cryptography Asymmetric cryptography Hash function

Digital signature
The digital signature creation and verification process achieves the following: Signer authentication Message authentication Affirmative act

Digital signature
Digital signature certificate contains a public key as certified by a Certifying authority (CA).

Digital signature
Digital signature should satisfy following conditions: It should be unique to the subscriber affixing it. It should be capable of identifying such subscriber. It should be created in a manner or using a means under the exclusive control of the subscriber. It should be linked to the electronic record to which it relates in such a manner that if the electronic record were altered, the digital signature would be invalidated.

According to notification G.S.R. 735 (E), notified by the Central government on the 29th of October, 2004, as secure digital signature is one to which the following security procedure has been applied.
A smart card or a hardware token is used to create key pair. Private key always remain present in smart card. Private key retrieval and returning should be take place in smart card. Smart card is solely under the control of the person who is purported to have created the digital signature. Digital signature can be verified by using public key listed in the digital signature certificate issued to that person. Rule 6 of the IT (CA) rules, 2000 have been complied with, in so far as they relate to the creation, storage and transmission of the digital signatures. The digital signature is linked to the electronic record in such a manner that if the electronic record was altered the digital signatures would be invalidated.

According to notification G.S.R. 735 (E), notified by the Central government on the 29th of October, 2004, as secure digital signature is one to which the following security procedure has been applied.
A smart card or a hardware token is used to create key pair. Private key always remain present in smart card. Private key retrieval and returning should be take place in smart card. Smart card is solely under the control of the person who is purported to have created the digital signature. Digital signature can be verified by using public key listed in the digital signature certificate issued to that person. Rule 6 of the IT (CA) rules, 2000 have been complied with, in so far as they relate to the creation, storage and transmission of the digital signatures. The digital signature is linked to the electronic record in such a manner that if the electronic record was altered the digital signatures would be invalidated.

List of licenced CAs

Safescrypt NIC IDRBT TCS MTNL Customs and Central Excise (n)code solutions CA (GNFC)

Digital signature Certificate

Digital signature certificate cannot be granted unless the certifying authority is satisfied that:
The applicants holds the private key corresponding to the public key to be listed in the digital signature certificate The applicants holds a private key, which is capable of creating a digital signature The public key to be listed in the certificate can be used to verify a digital signature affixed by the private key held by the applicant.

Representations upon issuance of Digital signature Certificate

1. It has complied with the Provisions of the IT Act and allied rules. 2. It has published the digital signature certificate or otherwise made it available to such person relying on it and the subscriber has accepted it. 3. The subscriber hold private corresponding to the public key, listed in the digital signature

Representations upon issuance of Digital signature Certificate

5. The subscribers public key and private key constitute a functioning key pair. 6. The information containing in the digital certificate is accurate. It has no knowledge of any material fact, which if it had been included in the digital signature certificate would adversely affect the reliability of the representation made in (1) and (6) above.

Suspension of a digital certificate

On a request from the subscriber listed in the digital signature certificate On a request from any person duly authorized to act on behalf of that subscriber If it is of opinion that the certificate should be suspended in public interest. Cannot be suspended for a period exceeding 15 days.

Revocation of digital signature certificate

Request of the subscriber Request of any person authorized by him or Upon the death, dissolution or winding up of the subscriber It can be revoke at any time Any material fact is false or has been concealed. Requirement is not satisfied The certifying authoritys private key or security system was compromised in a manner materially affecting the digital signature certificates reliability The subscriber has been decaled insolvent or dead, has been dissolved, wound up or otherwise ceased to exist.

Certifying authority to follow certain procedure

Make use of hardware, software and procedures that are secure from intrusion and misuses. Provide a reasonable level of reliability in its services which are reasonably suited to the performance of intended functions Adhere to security procedures to ensure that the secrecy and privacy of the digital signature are assured and Observe other specified standards. Assignment-2: Describe regulation of Controller and procedure to issue and suspension and revocation of digital signature license to Certifying Authority.