Page 87 - DCAP306_DCAP511_E-COMMERCE_AND

Page 87 - DCAP306_DCAP511_E-COMMERCE_AND_E-BUSINESS

P. 87

E-Commerce and E-Business

Establishing a Secure Communication for a Leading Stock Exchange
Company
Caselet
This case study is of a leading stock exchange that covers major cities and towns across India. The stock
exchange has an automated online trading system within national reach. This stock exchange has
reformed the Indian securities market to establish a better microstructure, trading volumes, and market
practices.
The challenge is the exchange of data between the stock exchange and a member stock broking
company. The stock exchange communicates its business information to other member companies and
receives information from them. The stock exchange requires this communication to be authenticated,
automated, and secure. To achieve this, the stock exchange must use a secured e-commerce system that
will:
1. Get the PDF documents digitally signed by multiple authorities at the server end.

2. Get the HTML forms digitally signed at the client end and verify the signed data at the server
end, after filling the data.
The stock exchange’s challenge was taken up by E-Lock Solutions and they designed a SuperSigner
SDK (Java version) which satisfied the requirement. The system was able to authenticate the
transmitted information between the two entities. It reduced the overheads caused due to the use of
paper communication and established a faster and reliable exchange of information.

Source: http://www.elock.com/nse-casestudy.html
6.4 Summary
• An efficient e-commerce system should guarantee confidentiality, integrity, availability,
authenticity, non-repudiability, and auditability of information.
• SQL injection, price manipulation, buffer overflow, cross-site scripting, and remote command
execution are some of the vulnerabilities found in e-commerce systems.
• To ensure secured communication cryptosystems are used. They involve encryption and
decryption methods to ensure confidentiality, and integrity of information.
• Cryptosystems are classified into symmetric and asymmetric cryptosystems. Symmetric
cryptosystems make use of a single key to establish communication between two users. They
operate in block cipher mode and stream cipher mode. Asymmetric cryptosystems use private and
public keys for establishing a secure communication between two users.
• RSA algorithm uses public key for achieving confidentiality and authenticity of the information.

• Digital signatures prevent a receiver from using the sender’s digital signature to ‘sign’ information
on behalf of the sender.
• Public Key Cryptography Standards (PKCS) defines a standard format to transmit information
over the network using public key cryptography technique.
• Privacy Enhanced Mail (PEM), MIME Object Security Services (MOSS), Secure Multipurpose
Internet Extensions (S/MIME), and Pretty Good Privacy (PGP) are the protocols used for
establishing secured communication.
• Public key Certificates define a standard certificate format for establishing secured communication
using private and public key.
• Electronic cash over Internet allows a consumer to use e-cash to do online shopping and transfer
money.

80 LOVELY PROFESSIONAL UNIVERSITY

82 83 84 85 86 87 88 89 90 91 92