Project Report
On
E-Commerce and Digital Signature
Submitted Ior Partial FulIillment Ior the Award oI the Degree oI
MASTER OF BUSINESS ADMINISTRATION
(MBA)
UNDER THE SUPERVISION OF
MS. Ranjeeta Popli
SUBMITTED BY
Nidhi
Vaibhav
Swati Grover
Shobhika
Akshay
Nitin
GITARATTAN INTERNATIONAL BUSINESS SCHOOL
(AffiIiated to GURU GOBIND SINGH INDRAPRASTHA UNIVERSITY)
ROHINI,NEW DELHI- 110085
(MBA- 2011-2013)
TABLE OF CONTENTS
Acknowledgement
2 ertiIicate
3 Introduction to E-ommerce
4 History
5 Types oI E-ommerce
a 2
b 2
c 2
d Peer to Peer
e -ommerce
6 Advantages and Disadvantages oI E-ommerce
7 Introduction to Digital Signature
8 History oI Digital Signature
9 urrent state oI use
ibliography
ACKNOWLEDGEMENT
The satisIaction and euphoria that accompany a successIul completion oI any task is incomplete
without mentioning the persons involved whose consistent guidance and encouragement crowned the
eIIorts with success.
We would like to thank our guide s. Ranjeeta Popli Ior her guidance and motivation, which was
pivotal in completion oI our report.
Last but not least, we Ieel indebted to all those persons who have provided help directly or indirectly in
successIul completion oI this study.
Date:
Swati Grover
Nidhi
Shobhika
Vaibhav
Akshay
Nitin
CERTIFICATE
This is to certify that the project report entitled E-Commerce and Digital Signature
submitted for the degree of MBA is bonafide work done by Nidhi, Vaibhav Shukla, Akshay
Chaddha, Nitin, Swati Grover and Shobhika Tyagi. They have worked under my guidance
and supervision for this project.
I hereby certify her project report and approve it.
PRO1ECT GUIDE
(Ms. Ranjeeta Popli)
(Lecturer)
Gittarattan International Business School
Introduction to E-Commerce
EIectronic commerce, commonly known as e-commerce, refers to the
buying and selling of products or services over electronic systems such as
the nternet and other computer networks. However, the term may refer to
more than just buying and selling products online. t also includes the entire
online process of developing, marketing, selling, delivering, servicing and
paying for products and services. The amount of trade conducted
electronically has grown extraordinarily with widespread nternet usage.
The use of commerce is conducted in this way, spurring and drawing on
innovations in transfer, supply, nternet marketing, online transaction
processing, electronic data interchange (ED), inventory
management systems, and automated data collection systems. Modern
electronic commerce typically uses the Web at least at one point in the
transaction's life-cycle, although it may encompass a wider range of
technologies such as e-mail, mobile devices and telephones as well.
A large percentage of electronic commerce is conducted entirely in
electronic form for virtual items such as access to premium content on a
website, but mostly electronic commerce involves the transportation of
physical items in some way. Online retailers are sometimes known as e-
tailors and online retail is sometimes known as e-taiI. Almost all big
retailers are now electronically present on the World Wide Web.
Electronic commerce that takes place between businesses is referred to
as business-to-business or B2B. B2B can be open to all interested
parties (e.g. commodity exchange) or limited to specific, pre-qualified
participants (private electronic market). Electronic commerce that takes
place between businesses and consumers, on the other hand, is
referred to asbusiness-to-consumer or B2C. This is the type of electronic
commerce conducted by companies such as Amazon.com. Online
shopping is a form of electronic commerce where the buyer is directly
online to the seller's computer usually via the internet. There is no
intermediary service involved. The sale or purchase transaction is
completed electronically and interactively in real-time such as in
Amazon.com for new books. However in some cases, an intermediary may
be present in a sale or purchase transaction such as the transactions
on eBay.com.
Electronic commerce is generally considered to be the sales aspect of e-
business. t also consists of the exchange of data to facilitate the financing
and payment aspects of business transactions.
History
EarIy deveIopment
Originally, electronic commerce was identified as the facilitation of
commercial transactions electronically, using technology such as Electronic
Data nterchange (ED) and Electronic Funds Transfer (EFT). These were
both introduced in the late 1970s, allowing businesses to send commercial
documents like purchase orders or invoices electronically. The growth and
acceptance of credit cards, automated teller machines (ATM) and
telephone banking in the 1980s were also forms of electronic commerce.
Another form of e-commerce was the airline reservation system typified by
Sabre in the USA and Travicom in the UK.
From the 1990s onwards, electronic commerce would additionally
include planning systems (ERP), data mining and data warehousing.
n 1990, Tim Berners-Lee invented the Worldwide Web web browser and
transformed an academic telecommunication network into a worldwide
everyman everyday communication system called internet/www.
Commercial enterprise on the nternet was strictly prohibited by NSF until
1995. Although the nternet became popular worldwide around 1994 with
the adoption of Mosaic web browser, it took about five years to introduce
security protocols and DSL allowing continual connection to the nternet. By
the end of 2000, many European and American business companies
offered their services through the World Wide Web. Since then people
began to associate a word "ecommerce" with the ability of purchasing
various goods through the nternet using secure protocols and electronic
payment services.
Features of E-Commerce
Ubiquity - n traditional commerce, a marketplace is a physical place we
visit in order to transact. For example, television and radio are typically
directed to motivating the customer to go someplace to make a purchase.
E-commerce is ubiquitous, meaning that it is available just about
everywhere at all times. t liberates the market from being restricted to a
physical space and makes it possible to shop from your desktop. The result
is called a market space. From consumer point of view, ubiquity reduces
transaction costs - the cost of participating in a market. To transact, it is no
longer necessary that you spend time and money traveling to a market. At
a broader level, the ubiquity of e-commerce lowers the cognitive energy
required to complete a task.
GIobaI Reach - E-commerce technology permits commercial transactions
to cross cultural and national boundaries far more conveniently and
effectively as compared to traditional commerce. As a result, the potential
market size for e-commerce merchants is roughly equal to the size of
world's online population.
UniversaI Standards - One strikingly unusual feature of e-commerce
technologies is that the technical standards of the nternet and therefore
the technical standards for conducting e-commerce are universal standards
i.e. they are shared by all the nations around the world.
Interactivity - Unlike any of the commercial technologies of the twentieth
century, with the possible exception of the telephone, e-commerce
technologies are interactive, meaning they allow for two-way
communication between merchants and consumer.
Information Density and Richness - The nternet vastly increase
information density. t is the total amount and quality of information
available to all market participants, consumers and merchants. E-
commerce technologies reduce information collection, storage,
communication and processing costs. At the same time, these technologies
increase greatly the accuracy and timeliness of information, making
information more useful and important than ever. As a result, information
becomes plentiful, cheaper and of higher quality. nformation richness
refers to the complexity and content of a message.
PersonaIization - E-commerce technologies permit personalization.
Merchants can target their marketing messages to specific individuals by
adjusting the message to a person's name, interests and past purchases.
The technology also permits customization. Merchants can change the
product or service based on user's preferences or prior behavior.
E-commerce technologies make it possible for merchants to know much
more about consumers and use this information more effectively than ever
before. Online merchants can use this information to develop new
information asymmetries, enhance their ability to brand products, charge
premium prices for high quality service and segment the market into an
endless number of subgroups, each receiving a different price.
Types of E-Commerce
Business to Consumer
B2C stands for Business to Consumer as the name suggests, it is the
model taking businesses and consumers interaction.Online business sells
to individualsThe basic concept of this model is to sell the product online
to the consumers.
B2c is the indirect trade between the company and consumers. t provides
direct selling through online. For example: if you want to sell goods and
services to customer so that anybody can purchase any products directly
from supplier's website.
Directly interact with the customers is the main difference with other
business model. AsB2B it manages directly relationship with consumers,
B2C supply chains normally dealwith business that are related to the
customer
Business to Business
B2B stands for Business to Business. t consists of largest form of
Ecommerce. This model defines that Buyer and seller are two different
entities. t is similar to manufacturer issuing goods to the retailer or
wholesaler. Dell deals computers and other associated accessories online
but it is does not make up all those products. So, in govern to deal those
products, first step is to purchases them from unlike businesses i.e. the
producers of those products
"t is one of the cost effective way to sell out product throughout the world
Consumer to Consumer
C2C stands for Consumer to Consumer. t helps the online dealing of
goods or services among people. Though there is no major parties needed
but the parties will not fulfill the transactions without the program which is
supplied by the online market dealer such as eBay.
Peer to Peer
t is a discipline that deal itself which assists people to instantly shares
related computer files and computer sources without having to interact with
central web server.f you are going to implement this model, both sides
demand to install the expected software so that they could able to convey
on the mutual platform. This kind of e-commerce has very low revenue
propagation as from the starting it has been tended to the release of use
due to which it sometimes caught involved in cyber laws.
M-Commerce
t deals with conducting the transactions with the help of mobile. The
mobile device consumers can interact each other and can lead the
business. Mobile Commerce involves the change of ownership or rights to
utilize goods and related services.
Advantages and Disadvantages of E-Commerce
The invention of faster internet connectivity and powerful online tools has
resulted in a new commerce arena Ecommerce. Ecommerce offered
many advantages to companies and customers but it also caused many
problems.
Advantages of E-Commerce
O Faster buying/selling procedure, as well as easy to find products.
O Buying/selling 24/7.
O More reach to customers, there is no theoretical geographic
limitations.
O Low operational costs and better quality of services.
O No need of physical company set-ups.
O Easy to start and manage a business.
O Customers can easily select products from different providers without
moving around physically.
Disadvantages of E-Commerce
O Any one, good or bad, can easily start a business. And there are
many bad sites which eat up customers' money.
O There is no guarantee of product quality.
O Mechanical failures can cause unpredictable effects on the total
processes.
O As there is minimum chance of direct customer to company
interactions, customer loyalty is always on a check.
O There are many hackers who look for opportunities, and thus an
ecommerce site, service, payment gateways; all are always prone to
attack.
DigitaI Signature
A digital signature or digital signature scheme is a mathematical scheme
for demonstrating the authenticity of a digital message or document. A valid
digital signature gives a recipient reason to believe that the message was
created by a known sender, and that it was not altered in transit. Digital
signatures are commonly used for software distribution, financial
transactions, and in other cases where it is important to detect forgery or
tampering.
ExpIanation
Digital signatures are often used to implement electronic signatures, a
broader term that refers to any electronic data that carries the intent of a
signature, but not all electronic signatures use digital signatures n some
countries, including the United States, ndia, and members of the
European, electronic signatures have legal significance. However, laws
concerning electronic signatures do not always make clear whether they
are digital cryptographic signatures in the sense used here, leaving the
legal definition, and so their importance, somewhat confused.
Digital signatures employ a type of asymmetric cryptography. For
messages sent through a non secure channel, a properly implemented
digital signature gives the receiver reason to believe the message was sent
by the claimed sender. Digital signatures are equivalent to traditional
handwritten signatures in many respects; properly implemented digital
signatures are more difficult to forge than the handwritten type. Digital
signature schemes in the sense used here are cryptographically based,
and must be implemented properly to be effective. Digital signatures can
also provide non-repudiation, meaning that the signer cannot successfully
claim they did not sign a message, while also claiming their private key
remains secret; further, some non-repudiation schemes offer a time stamp
for the digital signature, so that even if the private key is exposed, the
signature is valid nonetheless. Digitally signed messages may be anything
representable as a bit string: examples include mail, contracts, or a
message sent via some other cryptographic protocol.
Definition
A digital signature scheme typically consists of three algorithms:
A key generation algorithm that selects a private key uniformly at random from a set
of possible private keys. The algorithm outputs the private key and a
corresponding public key.
A signing algorithm that, given a message and a private key, produces a signature.
A signature verifying algorithm that, given a message, public key and a signature,
either accepts or rejects the message's claim to authenticity.
Two main properties are required. First, a signature generated from a fixed message
and fixed private key should verify the authenticity of that message by using the
corresponding public key. Secondly, it should be computationally infeasible to
generate a valid signature for a party who does not possess the private key.
History
n 1976, Whitfield Diffie and Martin Hellman first described the notion of a
digital signature scheme, although they only conjectured that such
schemes existed. Soon afterwards, Ronald Rivest, Adi Shamir, and Len
Adleman invented the RSA algorithm, which could be used to produce
primitive digital signatures (although only as a proof-of-concept"plain"
RSA signatures are not secure). The first widely marketed software
package to offer digital signature was Lotus Notes 1.0, released in 1989,
which used the RSA algorithm.
To create RSA signature keys, generate an RSA key pair containing a
modulus N that is the product of two large primes, along with
integers e and d such that e d = 1 (mod (N)), where is the Euler phi-
function. The signer's public key consists of N and e, and the signer's
secret key contains d.
To sign a message m, the signer computes o = m
d
(mod N). To verify, the
receiver checks that o
e
=m (mod N).
As noted earlier, this basic scheme is not very secure. To prevent attacks,
one can first apply acryptographic hash function to the message m and
then apply the RSA algorithm described above to the result. This approach
can be proven secure in the so-called random oracle model
.
Other digital signature schemes were soon developed after RSA, the
earliest being Lamport signatures, Merkle signatures (also known as
"Merkle trees" or simply "Hash trees"),and Rabin signatures.
n 1988, Shafi Goldwasser, Silvio Micali, and Ronald Rivest became the
first to rigorously define the security requirements of digital signature
schemes They described a hierarchy of attack models for signature
schemes, and also present the GMR signature scheme, the first that can
be proven to prevent even an existential forgery against a chosen message
attack.
Most early signature schemes were of a similar type: they involve the use
of a trapdoor permutation, such as the RSA function, or in the case of the
Rabin signature scheme, computing square modulo composite n. A
trapdoor permutation family is a family of permutations, specified by a
parameter that is easy to compute in the forward direction, but is difficult to
compute in the reverse direction without already knowing the private key.
However, for every parameter there is a "trapdoor" (private key) which
when known, easily decrypts the message. Trapdoor permutations can be
viewed as public-key encryption systems, where the parameter is the public
key and the trapdoor is the secret key, and where encrypting corresponds
to computing the forward direction of the permutation, while decrypting
corresponds to the reverse direction. Trapdoor permutations can also be
viewed as digital signature schemes, where computing the reverse
direction with the secret key is thought of as signing, and computing the
forward direction is done to verify signatures. Because of this
correspondence, digital signatures are often described as based on public-
key cryptosystems, where signing is equivalent to decryption and
verification is equivalent to encryption, but this is not the only way digital
signatures are computed.
Used directly, this type of signature scheme is vulnerable to a key-only
existential forgery attack. To create a forgery, the attacker picks a random
signature o and uses the verification procedure to determine the
message m corresponding to that signature. n practice, however, this type
of signature is not used directly, but rather, the message to be signed is
first hashed to produce a short digest that is then signed. This forgery
attack, then, only produces the hash function output that corresponds to o,
but not a message that leads to that value, which does not lead to an
attack. n the random oracle model, this hash-and-decrypt form of signature
is existentially enforceable, even against a chosen-message attack.
There are several reasons to sign such a hash (or message digest) instead
of the whole document.
For efficiency: The signature will be much shorter and thus save time
since hashing is generally much faster than signing in practice.
For compatibiIity: Messages are typically bit strings, but some
signature schemes operate on other domains (such as, in the case of
RSA, numbers modulo a composite number N). A hash function can be
used to convert an arbitrary input into the proper format.
For integrity: Without the hash function, the text "to be signed" may
have to be split (separated) in blocks small enough for the signature
scheme to act on them directly. However, the receiver of the signed
blocks is not able to recognize if all the blocks are present and in the
appropriate order.
How DigitaI Signatures works:
Assume you were going to send the draft of a certain contract to your
lawyer in another town. You want to give your lawyer the assurance that it
was unchanged from what you sent and that it is really from you.
Here then would be the process:
1. You copy-and-paste the contract (it's a short one!) into an e-mail note.
2. Using special software, you obtain a message hash (mathematical
summary) of the contract.
3. You then use a private key that you have previously obtained from a
public-private key authority to encrypt the hash.
4. The encrypted hash becomes your digital signature of the message.
(Note that it will be different each time you send a message.)
Diagram showing how a simple digital signature is applied and then
verified.
Advantages and Disadvantages of E-Signature:
Just as with any technology, there will be plus and minuses. This is the
way it is with anything, whether it is technology related or not. The
advantages of using digital signatures include:
Imposter prevention: By using digital signatures you are actually
eliminating the possibility of committing fraud by an imposter signing the
document. Since the digital signature cannot be altered, this makes
forging the signature impossible.
Message integrity: By having a digital signature you are in fact showing
and simply proving the document to be valid. You are assuring the
recipient that the document is free from forgery or false information.
LegaI requirements: Using a digital signature satisfies some type of
legal requirement for the document in question. A digital signature takes
care of any formal legal aspect of executing the document.
The Disadvantages of using digital signatures involve the primary avenue
for any business: money. This is because the business may have to spend
more money than usual to work with digital signatures including buying
certificates from certification authorities and getting the verification
software.
Uses of DigitaI Signature
As organizations move away from paper documents with ink signatures
or authenticity stamps, digital signatures can provide added assurances
of the evidence to provenance, identity, and status of an electronic
document as well as acknowledging informed consent and approval by a
signatory. The United States Government Printing Office (GPO)
publishes electronic versions of the budget, public and private laws, and
congressional bills with digital signatures. Universities including Penn
State, University, and Stanford are publishing electronic student
transcripts with digital signatures.
Below are some common reasons for applying a digital signature to
communications:
Authentication
Although messages may often include information about the entity
sending a message, that information may not be accurate. Digital
signatures can be used to authenticate the source of messages. When
ownership of a digital signature secret key is bound to a specific user, a
valid signature shows that the message was sent by that user. The
importance of high confidence in sender authenticity is especially
obvious in a financial context. For example, suppose a bank's branch
office sends instructions to the central office requesting a change in the
balance of an account. f the central office is not convinced that such a
message is truly sent from an authorized source, acting on such a
request could be a grave mistake.
Integrity
n many scenarios, the sender and receiver of a message may have a
need for confidence that the message has not been altered during
transmission. Although encryption hides the contents of a message, it
may be possible to change an encrypted message without
understanding it. (Some encryption algorithms, known
as nonmalleable ones, prevent this, but others do not.) However, if a
message is digitally signed, any change in the message after signature
will invalidate the signature.
Furthermore, there is no efficient way to modify a message and its
signature to produce a new message with a valid signature, because this
is still considered to be computationally infeasible by most cryptographic
hash functions.
Non-repudiation
Non-repudiation, or more specifically non-repudiation of origin, is an
important aspect of digital signatures. By this property an entity that has
signed some information cannot at a later time deny having signed it.
Similarly, access to the public key only does not enable a fraudulent
party to fake a valid signature.
Current State of Use- LegaI and PracticaI
Digital signature schemes share basic prerequisites that regardless of
cryptographic theory or legal provision they need to have meaning:
1. QuaIity aIgorithms
Some public-key algorithms are known to be insecure, practicable
attacks against them having been discovered.
2. QuaIity impIementations
An implementation of a good algorithm (or protocol) with mistake(s)
will not work.
3. The private key must remain private
if it becomes known to any other party, that party can
produce perfect digital signatures of anything whatsoever.
4. The pubIic key owner must be verifiabIe
A public key associated with Bob actually came from Bob. This is
commonly done using a public and the public key user association
is attested by the operator of the PK (called a certificate authority).
For 'open' PKs in which anyone can request such an attestation
(universally embodied in a cryptographically protected identity
certificate), the possibility of mistaken attestation is not trivial.
Commercial PK operators have suffered several publicly known
problems. Such mistakes could lead to falsely signed, and thus
wrongly attributed, documents. 'Closed' PK systems are more
expensive, but less easily subverted in this way.
5. Users (and their software) must carry out the signature protocoI
properIy.
Only if all of these conditions are met will a digital signature actually
be any evidence of who sent the message, and therefore of their
assent to its contents. Legal enactment cannot change this reality of
the existing engineering possibilities, though some such have not
reflected this actuality.
Legislatures, being importuned by businesses expecting to profit from
operating a PK, or by the technological avant-garde advocating new
solutions to old problems, have enacted statutes and/or regulations in
many jurisdictions authorizing, endorsing, encouraging, or permitting
digital signatures and providing for (or limiting) their legal effect. The
first appears to have been in Utah in the United States, followed
closely by the states Massachusetts and California. Other countries
have also passed statutes or issued regulations in this area as well
and the UN has had an active model law project for some time.
These enactments (or proposed enactments) vary from place to
place, have typically embodied expectations at variance
(optimistically or pessimistically) with the state of the
underlying cryptographic engineering, and have had the net effect of
confusing potential users and specifies, nearly all of whom are not
cryptographically knowledgeable. Adoption of technical standards for
digital signatures have lagged behind much of the legislation,
delaying a more or less unified engineering position
on interoperability, algorithm choice, key lengths, and so on what the
engineering is attempting to provide.
8|b||ography
WebslLe
wwwgooglecom
O en.wikipedia.org/wiki/Electronic_commerce
O www.wikinvest.com/concept/E-Commerce
O en.wikipedia.org/wiki/Digital_signature
O www.youdzone.com/signature.html
8eference 8ooks
ommerce kk 8a[a[
ommerce Iundamenta| and App||cat|ons Penry Chan and 8aymond Lee
D|g|ta| S|gnature Network Secur|ty ract|ces kallash n Agarwala raLeek Amar
Agarwala
