Jomon Semester 6 bScit

8/11/2019 Jomon Semester 6 bScit

http://slidepdf.com/reader/full/jomon-semester-6-bscit 1/82



[2 ]

Subject:

Basics of .NET

Subject Code: BSIT – 61Assignment: TA (Compulsory)

1) What does .NET framework comprised off?

ANS: The .NET Framework is Microsoft's platform for building applications that havevisually stunning user experiences, seamless and secure communication, and the ability tomodel a range of business processes. The .NET Framework consists of:

Common Language Runtime - provides an abstraction layer over the operatingsystem

Base Class Libraries - pre-built code for common low-level programming tasksDevelopment frameworks and technologies - reusable, customizable solutions forlarger programming tasks

2) Which are the platform technologies supported by .NET framework?

ANS: The platform technologies mainly supported by .NET framework are ADO.NET,internet technologies and interface designing.

3) How the windows programming is different from .NET programming?

ANS: In windows programming the application program calls the windows API functiondirectly. The application runs on the windows environment i.e operating system itself.These type of application are called unmanaged or unsafe application.



[3 ]

In .NET programming the application program call .NET BaseClass Library function which will communicate with the operating system. The applicationruns in .NET Runtime environment. These type of application are called managed or safeapplication. The .net Runtime starts code execution, manages thread, provides services,manages memory etc. The .NET Base Classes are fully object oriented. It provides all the

functionalities of traditional windows API along with functionalities in new areas likeaccessing database, internet connection and web services.

4) What is the function of CTS? Explain the classification of types in CTS with a diagram.

ANS: The Common Type Specification (CTS) performs the following functions:

Establishes a common framework that enables cross language integration, typesafety and high performance code execution.

Provides an object-oriented model.

defines rules that a language must follow, so that different language can interactwith other language.

The classification for types of CTS

5) What are assemblies? What are static and dynamic assemblies?



[4]

ANS: Assemblies are the building blocks of .NET Framework applications; they form thefundamental unit of deployment, version control, reuse, activation scoping, and securitypermissions. An assembly is a collection of types and resources that are built to worktogether and form a logical unit of functionality. An assembly provides the commonlanguage runtime with the information it needs to be aware of type implementations. To

the runtime, a type does not exist outside the context of an assembly.

Static assemblies can include .NET Framework types (interfaces andclasses), as well as resources for the assembly (bitmaps, JPEG files, resource files, and soon). Static assemblies are stored on disk in PE files. You can also use the .NET Framework tocreate dynamic assemblies, which are run directly from memory and are not saved to diskbefore execution. You can save dynamic assemblies to disk after they have executed.

6) Explain general structure of c#?

ANS: C# programs can consist of one or more files. Each file can contain one or morenamespaces. A namespace can contain types such as classes, structs, interfaces,enumerations, and delegates, in addition to other namespaces. The following is theskeleton of a C# program that contains all of these elements.

// A skeleton of a C# programusing System;namespace MyNamespace1{

class MyClass1{}struct MyStruct{}interface IMyInterface{}delegate int MyDelegate();enum MyEnum

{}



[5 ]

namespace MyNamespace2{}class MyClass2{

public static void Main(string[] args){}

}}

7) How do namespaces and types in c# have unique names? Give examples.

ANS: Namespaces are C# program elements designed to help you organize your programs.They also provide assistance in avoiding name clashes between two sets of code.Implementing Namespaces in your own code is a good habit because it is likely to save youfrom problems later when you want to reuse some of your code. For example, if youcreated a class named Console, you would need to put it in your own namespace to ensurethat there wasn't any confusion about when the System. Console class should be used orwhen your class should be used. Generally, it would be a bad idea to create a class namedConsole, but in many cases your classes will be named the same as classes in either the.NET Framework Class Library or a third party library and namespaces help you avoid theproblems that identical class names would cause. Namespaces don't correspond to file ordirectory names. If naming directories and files to correspond to namespaces helps youorganize your code, then you may do so, but it is not required. For ex- mynamespace1,mynamspace2 etc

8) What is delegate? What is the use of it? Give example.

ANS: A delegate is a type that references a method. Once a delegate is assigned a method,it behaves exactly like that method. The delegate method can be used like any othermethod, with parameters and a return value.

A delegate is extremely important for C# as it is one of the four entitiesthat can be placed in a namespace. This makes it shareable among classes. Delegates arefully object oriented as they entirely enclose or encapsulate an object instance and a

method. A delegate defines a class and extends System. Delegate. It can call any function aslong as the methods signature matches the delegates. This makes delegates ideal for



[6 ]

anonymous invocation. The methods signature only includes the return type and theparameter list. If two delegates have the same parameter and return type, that is, theyshare the same signature; we consider them as different delegates Public delegate intPerform Calculation (int x, int y);

9) Write a program to demonstrate use of enums in C#?

ANS: === Example program that uses enums (C#) ===Using System;Class Program{

Enum Importance

{None,Trivial,Regular,Important,Critical

};static void Main(){

// 1.Importance i1 = Importance. Critical;// 2.If (i1 == Importance. Trivial){

Console.WriteLine("Not true");

}Else if (i1 == Importance. Critical){

Console.WriteLine ("True");}

}}Output of the programTrue



[7]

10) What is the use of attributes in C# programs?

ANS: The advantage of using attributes resides in the fact that the information that itcontains is inserted into the assembly. This information can then be consumed at varioustimes for all sorts of purposes:

An attribute can be consumed by the compiler. The System.ObsoleteAttributeattribute that we have just described is a good example of how an attribute is usedby the compiler; certain standard attributes which are only destined for thecompiler are not stored in the assembly. For example, the Serialization Attributeattribute does not directly mark a type but rather tells the compiler that type can beserialized. Consequently, the compiler sets certain flags on the concerned typewhich will be consumed by the CLR during execution such attributes are also named

pseudo-attributes.

An attribute can be consumed by the CLR during execution. For example the .NETFramework offers the System.ThreadStaticAttribute attribute. When a static field ismarked with this attribute the CLR makes sure that during the execution, there isonly one version of this field per thread.

An attribute can be consumed by a debugger during execution. Hence, theSystem.Diagnostics.DebuggerDisplayAttribute attribute allows personalizing thedisplay of an element of the code (the state of an object for example) duringdebugging.

An attribute can be consumed by a tool, for example, the .NET framework offers theSystem.Runtime.InteropServices.ComVisibleAttribute attribute. When a class ismarked with this attribute, the tlbexp.exe tool generates a file which will allow thisclass to be consumed as if it was a COM object.

An attribute can be consumed by your own code during execution by using thereflection mechanism to access the information. For example, it can be interestingto use such attributes to validate the value of fields in your classes. Such a field mustbe within a certain range. Another reference field must not be null. A string field canbe at most 100 characters. Because of the reflection mechanism, it is easy to writecode to validate the state of any marked fields. A little later, we will show you suchan example where you can consume attributes by your own code.

An attribute can be consumed by a user which analyses an assembly with a tool such

as ildasm.exe or Reflector. Hence you could imagine an attribute which wouldassociate a character string to an element of your code. This string being contained



[8 ]

in the assembly, it is then possible to consult these comments without needing toaccess source code.

Assignment: TB (COMPULSORY)

PART - A

Answer all questions:1. What are the advantages of using .NET ?Ans-Advantages of Using .NET:

Newest technology from MS for app development Supports fully managed, but also a hybrid mix of managed and native through

P/Invoke and Managed/Unmanaged C++, which means that its easier to write codethat doesn't have lots of memory leaks

WPF and WCF are the new way of building UI's and Communicating betweenprocesses and systems

Fully integrated IDE available Linux and Mac support through 3rd parties (Mono) Many languages available, both dynamic and static (C#, VB.NET, C++), both object

oriented (C#, VB.NET, C++) and functional (F#)

2. Explain .NET framework?Ans- The .NET Framework is set of technologies that form an integral part of the .NETPlatform. It is Microsoft's managed code programming model for building applications thathave visually stunning user experiences, seamless and secure communication, and theability to model a range of business processes.The .NET Framework has two main components: the common language runtime (CLR) and.NET Framework class library. The CLR is the foundation of the .NET framework andprovides a common set of services for projects that act as building blocks to build upapplications across all tiers. It simplifies development and provides a robust and simplifiedenvironment which provides common services to build application. The .NET framework

class library is a collection of reusable types and exposes features of the runtime. Itcontains of a set of classes that is used to access common functionality.

3. What is unsafe code? Explain.Ans-C# provides the ability to write “unsafe” code. Such code can deal directly with pointertypes and object addresses; however, C# requires the programmer to fix objects totemporarily prevent the garbage collector from moving them. This “unsafe” code feature isin fact a “safe” feature from the perspective of both developers and users. Unsafe codemust be clearly marked in the code with the modifier unsafe, so developers cannot possibly



[9 ]

use unsafe language features accidentally, and the compiler and the execution engine worktogether to ensure that unsafe code cannot masquerade as safe code.

4. What are the different types of arrays supported by C# programming?Ans-The different types of arrays supported by C# programming are:

Single-Dimensional Arrays Multidimensional Arrays

Jagged Arrays Passing Arrays Using ref and out

5. How .NET remoting different from web services and DCOM ?Ans-.NET Remoting versus Distributed COM (DCOM) In the past interprocesscommunication between applications was handled through Distributed Component Object

Model, or simply DCOM. DCOM works well and the performance is adequate whenapplications exist on computers of similar type on the same network. However, DCOM hasits drawbacks it relies on a proprietary binary protocol that not all object models support. Italso wants to communicate over a range of ports that are typically blocked by firewalls.These are two major drawbacks of DCOM..NET Remoting eliminates the difficulties of DCOM by supporting different transportprotocol formats and communication protocols. This allows .NET Remoting to be adaptableto the network environment in which it is being used..NET Remoting versus Web Services

ASP.NET based Web services can only be accessed over HTTP. Whereasthe .NET Remoting can be used across any protocol. Web services work in a stateless environment where each request results in a new

object created to service the request. .NET Remoting supports state managementoptions and can identify multiple calls from the same client.

Web services serialize objects through XML contained in the SOAP messages and can

thus only handle items that can be fully expressed in XML. .NETRemoting relies on the existence of the metadata within assemblies that containinformation about data types. This limited metadata information is passed aboutan object, when it is passed by reference.Web services support interoperability across platforms and are good forHeterogeneous environments. .NET Remoting requires the clients be builtusing .NET, which means a homogeneous environment. PART - BAnswer any FIVE full questions:



[10]

1. a) Write a program in C# to display “Welcome to C Sharp”. Explain the program.Ans-Program to display “Welcome to C Sharp” class Hello{

static void Main(){System.Console.WriteLine("Welcome to C Sharp!”); }}ExplanationThe important points to be noted in this program are:Comments

The Main MethodInput and OutputCompilation and Execution

b) What is the function of CTS ? Explain the classification of types in CTSwith a diagram.Ans-The Common Type System (CTS) defines how types are declared, used, and managed inthe runtime. It is an important for Language Interoperability. The CTS performs thefollowing functions:Establishes a common framework that enables cross-language integration, type safety, andhigh performance code execution. Provides an object-oriented model.Defines rules that languages must follow, so that different languages can interact with eachother.Classification of typesThe CTS supports two categories:

1. Value types2. Reference types





[12]

contract. Interfaces can contain methods, properties, indexers, and events as members.They cannot contain constants, fields (private data members), constructors and destructorsor any type of static member. All the members of an interface are public by definition.

3. a) Write a program to C# to add two matrics.

Ans-using System;class Matrix3D{// its a 3D matrixpublic const int DIMSIZE = 3;private double[,] matrix = new double[DIMSIZE, DIMSIZE];// allow callers to initializepublic double this[int x, int y]

{get { return matrix[x, y]; }set { matrix[x, y] = value; }}// let user add matricespublic static Matrix3D operator +(Matrix3D mat1, Matrix3D mat2){Matrix3D newMatrix = new Matrix3D();for (int x=0; x < DIMSIZE; x++)for (int y=0; y < DIMSIZE; y++)newMatrix[x, y] = mat1[x, y] + mat2[x, y];return newMatrix;}}class MatrixTest

{// used in the InitMatrix method.public static Random rand = new Random();// test Matrix3Dstatic void Main(){Matrix3D mat1 = new Matrix3D();Matrix3D mat2 = new Matrix3D();// init matrices with random values



[13]

InitMatrix(mat1);InitMatrix(mat2);// print out matricesConsole.WriteLine(“Matrix 1: “); PrintMatrix(mat1);

Console.WriteLine(“Matrix 2: “); PrintMatrix(mat2);// perform operation and print out resultsMatrix3D mat3 = mat1 + mat2;Console.WriteLine();Console.WriteLine(“Matrix 1 Matrix 2 = “); PrintMatrix(mat3);}

// initialize matrix with random valuespublic static void InitMatrix(Matrix3D mat){for (int x=0; x < Matrix3D.DIMSIZE; x++)for (int y=0; y < Matrix3D.DIMSIZE; y++)mat[x, y] = rand.NextDouble()*10;}// print matrix to consolepublic static void PrintMatrix(Matrix3D mat){Console.WriteLine();for (int x=0; x < Matrix3D.DIMSIZE; x++){Console.Write(“* “); for (int y=0; y < Matrix3D.DIMSIZE; y++)

{// format the outputConsole.Write(“ 0,8:#.00-”, mat*x, y+); if ((y+1 % 2) < 3)Console.Write(“, “); }Console.WriteLine(“ +”); }Console.WriteLine();



[14]

}}The output will beMatrix 1:[ 5.40, 9.89, 5.47 ]

[ 7.08, 4.63, .70 ][ .42, 5.14. 5.96 ]Matrix 2:[ 9.95, 8.76, 5.35 ][ 8.42, 4.43, 7.53 ][ 3.57, 7.69, 3.60 ]Matrix 1 + Matrix 2 =[ 15.35, 18.66, 10.82 ]

[ 15.50, 9.07, 8.23 ][ 3.99, 12.83, 9.56 ]

b) What is data provider? Explain.Ans-Data Provider:- A .NET data provider is used for connecting to a database, executingcommands, and retrieving results. Those results are either processed directly, or placed inADO.NET Data Set. The .NET data provider is designed to be lightweight,creating a minimal layer between the data source and application code, increasingperformance without sacrificing functionality.

7. a) Explain the steps involved in implementing .NET remoting applications.Ans- The phases involved in implementing .NET remoting applications are:i) Create a remotable object: A remotable object is an object that inherits from othersystem object. In .NET remoting, remote objects are accessed through channels. Channels

physically transport the messages to and from remote objects.



[15]

ii) Create a server to expose the remote object: A server object acts as a listener to acceptremote object requests. For this we first create an instance of the channel and then wehave to register it for use by clients at a specific port.iii) Create a client to use the remote object: A client object will connect to the server, createan instance of the object using the server, and then execute the remote methods.iv) Test the Remoting sample : In this phase, code is tested. After the executing of code the

client window will then closed while the server remain open and available.

b) Explain remoting architecture.Ans- .NET remoting uses channels to communicate method calls between two objects indifferent application domains (AppDomains). Channels rely on formatters to create a wirerepresentation of the data being exchanged. Below Figure shows the main elements of the.NET remoting infrastructure.

The following list briefly outlines the main components of the .NET remoting infrastructure: Channels . .NET remoting provides two channel implementations:

HttpChannel TcpChannel

Formatters . Each channel uses a different formatter to encode data on the wire. Twoformatters are supplied:

BinaryFormatter . This uses a native binary representation. SoapFormatter . This uses XML-encoded SOAP as the message format. Sinks . The .NET remoting infrastructure supports an extensibility point called a sink.

The BinaryFormatter and SoapFormatter classes are examples of system-provided



[16]

sinks. You can create custom sinks to perform tasks such as data compression orencryption.

Proxy . Clients communicate with remote objects through a reference to a proxyobject. The proxy is the representation of the remote object in the local applicationdomain. The proxy shields the client from the underlying complexity of marshaling

and remote communication protocols. Host .This is the process that hosts the remoting endpoint. Possible hosts includeInternet Information Services (IIS) or custom executables such as a Windows service.The choice of host affects the type of channel that can be used to communicate withthe remote object. Possible hosts include:

A Windows service application. IIS and ASP.NET. A Windows application.

A console application.

8. Explain the following:

a) Abstract classAns-Abstract class:A class can indicate that it is incomplete, and is intended only as a base class for the other

classes, by including the modifier abstract. Such a class is called an abstract class. Anabstract class can specify abstract member. These abstract members are member that anon-abstract class must implement.Example:using System;abstract class A{public abstract void F();

}class B:A{public override void f(){Console.Writeline(“B.F”); }}class Test



[17]

{static void Main(){B b = new B();b.F();

A a = b;a.F;}}b) Static constructorsAns-Static constructor:A static constructor is a member that implements that action required to initialize a class.Static constructor can't have parameters, they can't have accessibility modifiers, and they

can't be called explicitly. The static constructor for a class is called automatically.

c) JIT compiler.Ans-JIT Compiler:JIT stands for Just In Time compiler. The compilation converts IL into native machine code.The name Just-in-Time is because it compiles portion of the code as and when required atrun time.





[19]

orders, shipping notices, and invoices. It supports both synchronous (immediate) andasynchronous (delayed) message delivery and processing. It is not associated with anyparticular communication protocol. No preprocessing is necessary, although there is anincreasing need for programs to interpret the message. Messaging is well suited for bothclient-server and peer-to-peer computing models.The main disadvantages of messaging are the new types of applications it enables –

which appear to be more complex, especially to traditional programmers – and the jungle of standards it involves. Also, security, privacy, and confidentiality through dataencryption and authentication techniques are important issues that need to be resolved.

3. Explain the architecture frame work of electronic commerce?

ANS: The electronic commerce application architecture consists of six layers offunctionality, or functionality, or services: (1) applications; (2) brokerage services, data ortransaction management; (3) interface and support layers; (4) secure messaging, security,and electronic document interchange; (5) middleware and structured documentinterchange; and (6) network infrastructure and basic communications services.

Electronic Commerce Application Services:

The application services layer of e-commerce will be comprised of existing and futureapplications built on the innate architecture. Three district classes of electroniccommerce applications can be distinguished; customer-to-business, business-to-business,and intra-organization.

Information Brokerage and Management:The information brokerage and management layer provides service integration throughthe notion of information brokerages, the development of which is necessitated by theincreasing information resource fragmentation. We use the notion of information

brokerage to represent an intermediary who provides service integration betweencustomers and information providers, given some constraint such as a low price, fastservice, or profit maximization for a client.Information brokerage does more than just searching. It addresses the issue of addingvalue to the information that is retrieved. For instance, in foreign exchange trading,information is retrieved about the latest currency exchange rates in order to hedgecurrency holdings to minimize risk and maximize profit. With multiple transactions beingthe norm in the real world, service integration becomes critical.

Interface and Support Services:







[22 ]

experienced, long-term employees or totally inexperienced trainees. In either case,these representatives are in constant contact with customers.

iv. Order Selection and PrioritizationCustomer service representatives are also often responsible for choosing which ordersto accept and which to decline. In fact, not all customer orders are created equal; someare simply better for the business than others.

Another completely ignored issue concerns the importance of order selection andprioritization.Companies that put effort into order selection and link it to their business strategy standto make more money.

v. Order SchedulingDuring the ordering scheduling phase the prioritized orders get slotted into an actualproduction or operational sequence. This task is difficult because the different functionaldepartments – sales, marketing, customer service, operations, or production-may haveconflicting goals.Communication between the functions is often nonexistent, with customer servicereporting to sales and physically separated from production scheduling, which reports tomanufacturing or operations. The result is lack of interdepartmental coordination.

vi. Order Fulfillment and DeliveryDuring the order fulfillment and delivery phase the actual provision of the product orservice is made. While the details vary from industry to industry, in almost everycompany this step has become increasingly complex. Often, order fulfillment involvesmultiple functions and locations. The more complicated the task the more coordination

required across the organization.vii. Order Billing and Account / Payment Management

After the order has been fulfilled and delivered, billing is typically handled by the financestaffs, who view their job as getting the bill out efficiently and collecting quickly.

viii. Post-sales ServiceThis phase plays an increasingly important role in all elements of a company’s profitequation: customer value, price, and cost. Depending on the specifics of the business, itcan include such elements as physical installation of a product, repair and maintenance,customer training, equipment upgrading and disposal. Because of the informationconveyed and intimacy involved, post sales service can affect customer satisfaction andcompany profitability for years.

6. What are the three type’s electronic tokens? Explain.

ANS: Electronic tokens are of three types:

Cash or real-time. Transactions are settled with the exchange of electroniccurrency. An example of on-line currency exchange is electronic cash (e-cash)





[24 ]

computer, it might be preferable to store cash on a dedicated device that cannot bealtered. This device should have a suitable interface to facilitate personal authenticationusing passwords or other means and a display so that the user can view the card’scontents.

E-cash should not be easy to copy or tamper with while being

exchanged; this includes preventing or detecting duplication and double-spending. Counterfeiting

poses a particular problem, since a counterfeiter may, in the Internet environment, be anywhere

in the world and consequently be difficult to catch without appropriate international agreements.

Detection is essential in order to audit whether prevention is working. Then there is the tricky

issue of double spending (DFN88). For instance, one could use e-cash simultaneously to buy

something in Japan, India, and England. Preventing double-spending from occurring is extremely

difficult if multiple banks are involved in the transaction. For this reason, most systems rely onpost-fact detection and punishment.

Assignment: TB (Compulsory)

PART – A

1. Explain different operations carried out in e-commerce.

Ans:- 1) Transaction between a supplier/ a shopkeeper and a buyer or between twocompanies over a public network like the service provider network (like ISP). With suitableencryption of data and security for transaction, entire operation of selling/buying andsettlement of accounts can be automated.

2) Transaction with the trading partners or between the officers of the company located atdifferent locations.

3) Information gathering needed for market research.

4) Information processing for decision making at different levels of management.5) Information manipulation for operations and supply chain management.

7) Transaction for information distributions to different retailers, customers etc. Includingadverting, sales and marketing.

The use of computers in these area not only make the operations quicker, but also errorfree and provides for consolidated approach towards the problem.It is not that the conceptof e-commerce is totally without side effect.There are several areas of security, safety

against fraud etc., the concept of legal acceptance that is however to be solved.



[25 ]

2. What are the basic banking services provided in e-commerce ?

Ans:-

1).Basic banking services : -normal customer would be transacting with his bank most of thetime. They are mainly related to personal finances. A customer has with his bank can beclassified into the following:

i) Checking his accounts statements ii) Round the clock banking (ATM) iii) Payment of billsetc. iv) Fund transfer and v) Updating of his pass books etc.

2).Home shopping : -We assume it is television based shopping. It may be noted that thisconcept is picking up now in India in a small way, wherein the channels set apart only a verysmall portion of their broadcasting time to teleshopping. Customer can order the itemsover phone. The goods are delivered to his home and payment can be made in the normalmodes. Concepts of traditional marketing like negotiations, trial testing etc. are missingfrom this scheme and it is most suitable for those customers who are almost sure of whatthey need to buy but who are to busy to go to the shops.

3).Home entertainment : – The next example of this type of commerce is homeentertainment. Dubbed on line movies, it is possible for the user to select a movie/CDonline and make his cable operator play the movie exclusively for him (movie on demand)cause against payment like Tata Sky. Payment can be either online/ payable to his account.It is also possible to play interactive games online/download them to your computer toplay. The concept of downloading games/news etc. At a cost to the mobiles is also asimilar concept.

4).Micro-transaction for information : – The telephone directories provide a basic type ofmicro-transaction. If we want by one particular type of item – say books – they list theaddresses and phone numbers of the various book dealers whom we may contact. Similarfacilities are available on the internet – may be for more number of items and also withmore details. This can be though of as an extension of the earlier described television basedordering.

3. Explain the three stages of e-commerce architecture on web ?

Ans:-

The electronic commerce application architecture consists of six layers of functionality orservices:

(1) Applications Services: The application services layer of e-commerce will be comprised ofexisting and hope applications built on the native architecture.

(2) Brokerage services, data or transaction management: The information brokerage andmanagement layer provides service integration through the concept of informationbrokerages, the development of which is necessitated by the increasing informationresource fragmentation. The concept of information brokerage to represent an



[26 ]

intermediary who provides service integration between customers and informationproviders, given some constraint such as a low price, fast service, or profit maximization fora client. In foreign exchange trading, information is retrieved about the latest currencyexchange rates in order to hedge currency holdings to minimize risk and maximize profit.The brokerage function is the support for data management and traditional transactionservices. Brokerages may provide tools to accomplish more sophisticated, time-delayed

updates or future- compensating transactions.(3) Interface and support layers: Interface and support services, will provide interfaces forelectronic commerce applications such as interactive catalogs and will support directoryservices – job needed for information search and access. Interactive catalogs are themodified interface to consumer applications such as home shopping. An interactive catalogis an extension of the paper-based catalog and incorporates additional features. Theprimary difference between the two is that unlike interactive catalogs, which deal withpeople, directory support services interact directly with software applications. For this

reason, they need not have the multimedia flash and ballet generally associated withinteractive catalogs.

4. What are the desirable characteristics of an electronic market place ?

Ans:- Desirable characteristics of E-Marketplace:

The following criteria are essential for consumer-oriented electronic commerce:

i).Critical mass of buyers and sellers. The trick is getting a critical mass of corporations andconsumers to use electronic mechanisms. In other words, the electronic marketplaceshould be the first place customers go to find the products and services they need.

ii).Opportunity for independent evaluations and for customer dialogue and discussion. Inthe marketplace, not only do users buy and sell products or services, they also comparenotes on who has the best products and whose prices are outrageous. The ability to openlyevaluate the wares offered is a fundamental principle of a viable marketplace.

iii).Negotiation and bargaining. No market place is complete if it does not supportnegotiation. Buyers and sellers need to be able to haggle over conditions of mutual

satisfaction, including money, terms and conditions, delivery dates, and evaluation criteria.iv).New products and services. In a viable marketplace, consumers can make requests forproducts and services not currently offered and have reasonable expectations thatsomeone will turn up with a proposed offering to meet that request.

v).Seamless interface. The biggest barrier to electronic trade is having all the pieces worktogether so that information can flow seamlessly from one source to another. This requiresstandardization. On the corporate side, companies need compatible EDI software andnetwork services in order to send electronic purchase orders, invoices, and payments backand forth.





[28 ]

b). A scope for interactions: Interactions include trial runs of the products, classifications ofdoubts on the part of the customers, details of after sales services, ability to comparedifferent products and of course scope for negotiations and bargaining.

c).Scope for designing new products: The customer need not buy only what is available. Hecan ask for modifications, up-gradations etc. The supplier must be able to accept these andproduce made to order items.

d). A seamless connection to the marketplace: It is obvious that each customer will beoperating with a different type of computer, software, connectivity etc. There should beavailable standards sot that any of these costumers will be able to attach himself to any ofthe markets without changing his hardware/software/interfaces etc.

e). Recourse for disgruntled users: It is naïve to believe that transaction of such a place endup in complete satisfaction to all parties concerned. Especially because of the facelessnessof the customer and the supplier, there should be a standard recourse to settle such

disputes.

2. a) Explain the architecture frame work of electronic commerce ?

Ans:- The electronic commerce application architecture consists of six layers offunctionality or services:

(1) Applications Services: The application services layer of e-commerce will be comprised ofexisting and hope applications built on the native architecture.

Three district classes of electronic commerce applications can be famous: a)Customer-to-business: b) Business-to-business: c) Intra-organization:

(2) Brokerage services, data or transaction management: The information brokerage andmanagement layer provides service integration through the concept of informationbrokerages, the development of which is necessitated by the increasing informationresource fragmentation. The concept of information brokerage to represent anintermediary who provides service integration between customers and informationproviders, given some constraint such as a low price, fast service, or profit maximization fora client

(3) Interface and support layers: Interface and support services, will provide interfaces forelectronic commerce applications such as interactive catalogs and will support directoryservices – job needed for information search and access. Interactive catalogs are themodified interface to consumer applications such as home shopping. An interactive catalogis an extension of the paper-based catalog and incorporates additional features.

(4) Secure messaging, security, and electronic document interchange: The importance ofthe fourth layer, secured messaging, is clear. Messaging is the software that sits between

the network infrastructure and the clients or e-commerce applications, masking the



[29 ]

peculiarities of the environment. Messaging products are not applications that solveproblems; they are more enablers of the applications that solve problems.

(5) Middleware and structured document interchange: Middleware is a relatively newconcept. With the growth of networks, client-server technology, and all other forms ofcommunicating between / among unlike platforms, the harms of getting all the pieces towork together grew. Middleware is the ultimate mediator between diverse s/w programsthat enables them talk to one another. Middleware is the computing shift from applicationcentric to data centric.

(6) Network infrastructure and basic communications services: Transparency implies thatusers should be unaware that they are accessing multiple systems. Transparency isessential for dealing with higher-level issues than physical media and interconnection thatthe underlying network infrastructure is in charge of. Transparency is accomplished usingmiddle ware that facilitates a distributed computing environment. Marketing researchershave isolated several types of purchasing:

1.Specifically planned purchases. The need was recognized on entering the store and theshopper bought the exact item planned.

2.Generally planned purchases. The need was recognized, but the shopper decided in-storeon the actual manufacturer of the item to satisfy the need.Reminder purchases. Theshopper was reminded of the need by some store influence. This shopper is influenced byin-store advertisements and can substitute products readily.

3.Entirely unplanned purchases. The need was not recognized entering the store like giftitems.

b) List the OMC’s (order management cycle) generic steps.

Ans:- 1) Order Planning and Order Generation: The business process begins long before anactual order is placed by the customer. The first step is order planning. Order planningleads into order generation. Orders are generated in number of ways in the e-commerceenvironment.

2)Cost Estimation and Pricing: Pricing is the bridge between customer needs and companycapabilities. Pricing at the individual order level depends on understanding, the value tothe customer that is generated bye each order, evaluating the cost of filling each order.

3)Order Receipt and Entry: After an acceptable price quote, thecustomer enters the order receipt and entry phase of OMC.

4)Order Selection and Prioritization: Customer service representatives are also oftenresponsible for choosing which orders to accept and which to decline. In fact, not allcustomer orders are created equal; some are simply better for the business than others.

5)Order Scheduling: Ordering scheduling phase the prioritized orders get slotted into anactual production or operational sequence.



[30 ]

6)Order Fulfillment and Delivery: The order fulfillment and delivery phase the actualprovision of the product or service is made.

3. a) Explain mercantile models from the merchant’s perspective?

ANS: The order-to- delivery cycle from the merchant’s perspective has been managed withan eye toward standardization and cost. To achieve a better understanding, it is necessaryto examine the order management cycle (OMC) that encapsulates the more traditionalorder-to-delivery cycle. OMC has the following generic steps.

.i. Order Planning and Order Generation: The business process begins long before an actualorder is placed by the customer. The first step is order planning. Order planning leads intoorder generation. Orders are generated in number of ways in the e-commerceenvironment. The sales force broadcasts ads (direct marketing), sends personalized e-mail

to customers (cold calls), or creates a WWW page.

ii.Cost Estimation and Pricing: Pricing is the bridge between customer needs and companycapabilities. Pricing at the individual order level depends on understanding, the value to thecustomer that is generated by each order, evaluating the cost of filling each order; andinstituting as system that enables the company to price each order based on its valued andcost. Although order-based pricing is difficult work that requires meticulous thinking anddeliberate execution, the potential for greater profits is simply worth the effort.

iii.Order Receipt and Entry: After an acceptable price quote, the customer enters the orderreceipt and entry phase of OMC. Traditionally, this was under the purview of departmentsvariously titled customer service, order entry, the inside sales desk, or customer liaison.These Departments are staffed by customer service representatives, usually either veryexperienced, long-term employees or totally inexperienced trainees. In either case,theserepresentatives are in constant contact with customers.

iv. Order Selection and Prioritization: Customer service representatives are also oftenresponsible for choosing which orders to accept and which to decline. In fact, not allcustomer orders are created equal;some are simply better for the business thanothers.Another completely ignored issue concerns the importance of order selection andprioritization.Companies that put effort into order selection and link it to their businessstrategy stand to make more money.

v. Order Scheduling: During the ordering scheduling phase the prioritized orders get slottedinto an actual production or operational sequence. This task is difficult because thedifferent functional departments – sales, marketing, customer service, operations, or



[31]

production-may have conflicting goals.Communication between the functions is oftennonexistent, with customer service reporting to sales and physically separated fromproduction scheduling, which reports to manufacturing or operations. The result is lack ofinterdepartmental coordination.

vi. Order Fulfillment and Delivery: During the order fulfillment and delivery phase the actualprovision of the product or service is made. While the details vary from industry to industry,in almost every company this step has become increasingly complex. Often, orderfulfillment involves multiple functions and locations. The more complicated the task themore coordination required across the organization.

vii.Order Billing and Account / Payment Management: After the order has been fulfilled anddelivered, billing is typically handled by the finance staffs, who view their job as getting the

bill out efficiently and collecting quickly.viii.Post-sales Service: This phase plays an increasingly important role in all elements of acompany’s profit equation: customer value, price, and cost. Depending on the specifics ofthe business,it can include such elements as physical installation of a product, repair andmaintenance, customer training, equipment upgrading and disposal. Because of theinformation conveyed and intimacy involved, post sales service can affect customersatisfaction and company profitability for years.

b) What are the normal constraints put on e-cash ?

Ans-A validity limit, the more amount that can be stored, more no. of exchanges and no. ofexchanges within a time period.

4. a) What is e-cash give the properties of e-cash ?

ANS: Electronic cash (e-cash) is a new concept in on-line payment systems because itcombines computerized convenience with security and privacy that improve on paper cash.Its versatility opens up a host of new markets and applications. E-cash presents someinteresting characteristics that should make it an attractive alternative for payment overthe Internet.E-cash focuses on replacing cash as the principal payment vehicle in consumer-orientedelectronic payments.

The predominance of cash indicates an opportunity for innovative business practice that

revamps the purchasing process where consumers are heavy users of cash. To reallydisplace cash, the electronic payment systems need to have some qualities of cash that



[32 ]

current credit and debit cards lack. For example, cash is negotiable, meaning it can begiven or traded to someone else. Cash is legal tender, meaning the payee is obligated totake it. Cash is a bearer instrument, meaning that possession is prima facie proof ofownership. Also, cash can be held and used by anyone even those who don’t have abank account, and cash places no risk on the part of the acceptor that the medium ofexchange may not be good.

Properties of e-cash: E-cash must have the following four properties Monetary value Interoperability Retrievability Security

E-cash must have a monetary value; it must be backed byeither cash (currency), bank-authorized credit, or a bank- certified cashier’s check. Whene-cash created by one bank is accepted by others, reconciliation must occur without anyproblems. Stated another way, e-cash without proper bank certification carries the riskthat when deposited, it might be returned for insufficient funds.

E-cash must be interoperable – that is, exchangeable aspayment for other e-cash, paper cash, goods or services, lines of credit, deposits inbanking accounts, bank notes or obligations, electronic benefits transfers, and the like.E-cash must be storable and retrievable. The cash could be stored on a remotecomputer’s memory, in smart cards, or in other easily transported standard or special-purpose devices. Because it might be easy to create counterfeit cash that is stored in acomputer, it might be preferable to store cash on a dedicated device that cannot be

altered. This device should have a suitable interface to facilitate personal authenticationusing passwords or other means and a display so that the user can view the card’scontents.

E-cash should not be easy to copy or tamper with while being exchanged; this includes preventingor detecting duplication and double-spending. Counterfeiting poses a particular problem, since acounterfeiter may, in the Internet environment, be anywhere in the world and consequently bedifficult to catch without appropriate international agreements. Detection is essential in order toaudit whether prevention is working. Then there is the tricky issue of double spending (DFN88).

For instance, one could use e-cash simultaneously to buy something in Japan, India, and England.Preventing double-spending from occurring is extremely difficult if multiple banks are involved inthe transaction. For this reason, most systems rely on post-fact detection and punishment.

b) What is electronic pulse? Explain.

Ans-A pulse is a burst of current, voltage, or electromagnetic-field energy. In practical electronicand computer systems, a pulse may last from a fraction of a nanosecond up to severalseconds or even minutes. In digital systems, pulses comprise brief bursts of DC(direct

http://searchcio-midmarket.techtarget.com/definition/current

http://searchcio-midmarket.techtarget.com/definition/voltage

http://searchcio-midmarket.techtarget.com/definition/electromagnetic-field

http://searchcio-midmarket.techtarget.com/definition/nanosecond

http://searchcio-midmarket.techtarget.com/definition/digital

http://searchcio-midmarket.techtarget.com/definition/DC

http://searchcio-midmarket.techtarget.com/definition/DC

http://searchcio-midmarket.techtarget.com/definition/digital

http://searchcio-midmarket.techtarget.com/definition/nanosecond

http://searchcio-midmarket.techtarget.com/definition/electromagnetic-field

http://searchcio-midmarket.techtarget.com/definition/voltage

http://searchcio-midmarket.techtarget.com/definition/current



[33 ]

current) voltage, with each burst having an abrupt beginning (or rise) and an abrupt ending(or decay).

5. a) Compare push and pull based supply chains?

Ans-

The business terms push and pull originated in the marketing and selling world. but are alsoapplicable in the world of electronic content and supply chain management. The push/pullrelationship is that between a product or piece of information and who is moving it. A customer"pulls" things towards themselves, while a producer "pushes" things toward customers. With apush-based supply chain, products are pushed through the channel, from the production side upto the retailer. The manufacturer sets production at a level in accord with historical orderingpatterns from retailers. It takes longer for a push-based supply chain to respond to changes in

demand, which can result in overstocking or bottlenecks and delays, unacceptable service levelsand product obsolescence. In a pull-based supply chain, procurement, production and distributionare demand driven so that they are coordinated with actual customer orders, rather than forecastdemand. A supply chain is almost always a combination of both push and pull, where the interfacebetween the push- based stages and the pull-based stages is known as the push-pull boundary. Anexample of this would be Dell's build to order supply chain. Inventory levels of individualcomponents are determined by forecasting general demand, but final assembly is in response to aspecific customer request. The push-pull boundary would then be at the beginning of theassembly line.

b) What is meant by integrity of data ?

Ans-Although there is no universal way to ensure the integrity of data and technical errors arebound to occur from time to time, consumers and companies alike are able to take measures toprotect themselves. Common sense and critical evaluation were essential first lines of defense forboth parties. For consumers, measures could be taken to verify the identity of a Web site's owner.Secure certificates issued by companies like VeriSign and CyberTrust were means of doing this inthe early 2000s. Additionally, consumers were able to limit their transactions to those companiesproviding encryption methods, whereby information was scrambled between the sender andreceiver.

Companies engaging in e-commerce had several methods of ensuring the integrity of data.Simple measures involved limiting the number of parties responsible for posting data totheir Web sites and building in extra layers for fact checking. Special software programs fordetecting and correcting errors were likewise available.





[35 ]

Email.Email is now an essential communication tools in business. It is also excellent forkeeping in touch with family and friends. The advantages to email is that it is free ( nocharge per use) when compared to telephone, fax and postal services.

Information.There is a huge amount of information available on the internet for just about every

subject known to man, ranging from government law and services, trade fairs andconferences, market information, new ideas and technical support.

Services.Many services are now provided on the internet such as online banking, job seekingand applications, and hotel reservations. Often these services are not available off-line or cost more.

Buy or sell products.The internet is a very effective way to buy and sell products all over the world.

Communities.Communities of all types have sprung up on the internet. Its a great way to meet upwith people of similar interest and discuss common issues.

7. a) Explain the legal and security aspects of EDI.

Ans-EDI: LEGAL, SECURITY AND PRIVACY ISSUES In EDI, Trading is done between countries and corporations.

• In EDI, legal issues and computer security are important.• Companies that deal with EDI should take the services of a lawyer during the design of EDI applications, so that evidentiary/admissibility safeguards are implemented.

There are 3 types of communications when considered for EDI issues:

1) Instantaneous: – If the parties are face to face or use an instantaneous communicationmedium such as telephone.2) Delayed with postal service: – The mailbox rule provides that an acceptancecommunicated viapostal service mail is effectively communicated when dispatched or physically deposited.3) Delayed with non postal service: – EX: – Couriers, telegram

• Messaging systems combine features of delayed and instantaneous • Messaging delay is a function of the specific applications, message routing, network s

traversed, system configuration and other technical factors.



[36 ]

One way of legal & security issue is Digital signatures. The technical uses of digitalsignatures are :-1. Messages are time- stamped or digitally notarized to establish dates and times at which arecipient hard access or even read a particular message.2. These signatures are to replace handwritten signatures, as it is same legal status ashandwritten signatures.3. Digital signatures should have greater legal authority than handwritten signatures.

b) Draw and explain EDI business application layer.

Ans-

Illustrated about the layered architecture of Electronic Data Interchange?

Layered Architecture of EDI:

Electronic Data Interchange is most commonly applied into the Execution and settlementstages of the trade cycle. Into execution of an easy trade exchange, the customers’ orderscan be sent through Electronic Data Interchange and the delivery notification by thesupplier can be electronic.For settlement the supplier can utilize EDI to send the invoice and the customer can

complete the cycle along with an electronic funds transfer through the bank and anElectronic Data Interchange payment notification to the supplier.

Layered Architecture of EDI



[37]

The complete cycle may be complicated and another electronic message can be comprised.Electronic Data Interchange can be used for Pre-Sales transactions; here have beenElectronic Data Interchange messages for transactions as like contract but are not wiselyexecuted.

8. Write a short note on :

a) Security toolsb) Secure socket layer (SSL)c) Cryptography.

a) Security Tools —

Perhaps one of the most daunting aspects of any electronic commerce project is security.Whether you're dealing with a business-to-business application or a business-to-consumerretail site, there are bound to be unseemly types bent on breaking into your network andstealing corporate assets, or simply wreaking havoc and causing embarrassment.

It's an unsettling thought, but you are far from defenseless. There are myriad software andhardware tools available to help steel your site against most any attack. Vendors are alsostarting to package products together, delivering a collection of tools that purport to easeyour integration chores. And you can also outsource the whole problem, with more andmore service providers stepping forward to take on some or all of your security needs.

In this article, you’ll learn about improving e -commerce security with the latest vulnerabilityscanning tools and appropriate alarm thresholds. Future articles in this series will look attrends in firewalls and improving access policies. This content originally appeared in theSeptember issue of Wiesner Publishing's Software Magazine and appears on TechRepublicunder a special arrangement with the publisher.No matter which route you choose, it's easier to get your arms around the e-commercesecurity dilemma if you think of the problem in terms of four general requirements:

Policies and procedures

Perimeter security, including firewalls, authentication, virtual private networks (VPNs),

and intrusion detection

Authorization, for both data and applications

Public key infrastructure (PKI), an authorization and encryption setup for those

applications where the stakes are particularly high and an audit trail is crucial



[38 ]

Producing good policiesOne of the biggest mistakes companies make when it comes to security is failing to comeup with good policies and procedures —and to make sure they get followed. Experts agreethat security is a moving target. Businesses just can't install a firewall and forget it. Everytime there's a change in the IS infrastructure, be it an operating system upgrade or a routerreconfiguration, the security implications of that change have to be taken into account.

"Coming up with policies is a whole lot easier than making sure they get followed," saysAlan Paller, president of The SANS Institute , a cooperative research and educationorganization that focuses on security.

In a January 1999 report, "Turning Security on its Head," Forrester Research , Cambridge,MA, says companies need to "shun complexity" and "set dirt-simple policies and use

measures that are invisible to users."

While that may be a tall order, the point is well-taken, for if a policy is too complex orburdensome to those who must adhere to it, odds are they won't.

Paul Donfried, chief marketing officer at Identrus , a New York-based company that isdeveloping a PKI service, says the key to good security policy development is inclusion."What you ideally should do is pull people from all the functional areas that are affected

and jointly develop policies and procedures," he says. "Then you've got a high likelihoodthat they will be followed and implemented."

This is no mean feat because there are innumerable aspects to consider when developingsecurity policies, such as server upgrades, as well as changes to firewalls and even modems.(Do you know about every modem that's attached to a PC in your organization? Doubtful,but each is a potential security risk.)

"One of the biggest areas for security breaches are misconfigurations. Period," says PatrickMcBride, executive vice president of the META Security Group , a security consulting firm inAtlanta. Whether a company is dealing with applications, network equipment, middleware,or Web servers, virtually anything can be a security risk if it's not configured properly, withall known patches applied," McBride says. "What you really need is people who understandwhat those holes are and how to close them."

A good practice is to apply vulnerability scanning tools after any reconfiguration, McBridesays. These tools, available from vendors including Networ k Assoc iates andInternet Security Solutions (ISS), look for known configuration problems and vulnerabilitiesin operating system, firewalls, and other network elements.



[39 ]

Toward the same end, Paller says SAN S is making available a script developed at Xerox'sPalo Alto Research Center that helps beef up security for Solaris servers. The tool scans theserver for a list of known security loopholes that have been identified by various SANSmembers, then automatically applies the recommended fix. SANS has also published aguide to identifying security problems in NT servers, but the fixes must be done manually.(The NT guide is available now for a nominal fee from SANS .)

Another key to good policy development is setting alarm thresholds to avoid too many falsealarms. "If a car alarm goes off in New York City, people don't pay attention anymore,"McBride says. Letting the same thing happen in your e-commerce security infrastructure isakin to leaving the front door open.

b) Secure socket layer (SSL) —

SSL ( pronounced as separate letters ) is short for Secure Sockets Layer , a protocol developed

by Netscape for transmitting private documents via the Internet. SSL uses

a cryptographic system that uses two keys to encrypt data − a public key known to

everyone and a private or secret key known only to the recipient of the message.

Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the

protocol to obtain confidential user information, such as credit card numbers. By

convention ,URLsthat require an SSL connection start with https: instead of http :.

Another protocol for transmitting data securely over the World Wide Web is Secure HTTP

(S-HTTP). Whereas SSL creates a secure connection between a client and a server, over

which any amount of data can be sent securely, S-HTTP is designed to transmit individual

messages securely. SSL and S-HTTP, therefore, can be seen as complementary rather than

competing technologies. Both protocols have been approved by the Internet Engineering

Task Force (IETF) as a standard.

c) Cryptography —

Cryptography is the science of information security. The word is derived from theGreek kryptos, meaning hidden. Cryptography is closely related to the disciplines

http://www.webopedia.com/TERM/P/protocol.html

http://www.webopedia.com/TERM/N/Netscape.html

http://www.webopedia.com/TERM/I/Internet.html

http://www.webopedia.com/TERM/C/cryptography.html

http://www.webopedia.com/TERM/K/key.html

http://www.webopedia.com/TERM/E/encryption.html

http://www.webopedia.com/TERM/N/Navigator.htm

http://www.webopedia.com/TERM/I/Internet_Explorer.htm

http://www.webopedia.com/TERM/W/web_site.htm

http://www.webopedia.com/TERM/U/URL.htm

http://www.webopedia.com/TERM/W/World_Wide_Web.htm

http://www.webopedia.com/TERM/S/S_HTTP.htm




http://www.webopedia.com/TERM/S/server.htm

http://www.webopedia.com/TERM/I/IETF.htm


http://www.webopedia.com/TERM/S/standard.htm

http://www.webopedia.com/TERM/S/standard.htm



http://www.webopedia.com/TERM/S/server.htm



http://www.webopedia.com/TERM/W/World_Wide_Web.htm

http://www.webopedia.com/TERM/U/URL.htm

http://www.webopedia.com/TERM/W/web_site.htm

http://www.webopedia.com/TERM/I/Internet_Explorer.htm

http://www.webopedia.com/TERM/N/Navigator.htm

http://www.webopedia.com/TERM/E/encryption.html

http://www.webopedia.com/TERM/K/key.html

http://www.webopedia.com/TERM/C/cryptography.html

http://www.webopedia.com/TERM/I/Internet.html

http://www.webopedia.com/TERM/N/Netscape.html

http://www.webopedia.com/TERM/P/protocol.html





[41]

Subject: AdvancedComputer Networks

Subject Code: BSIT - 63Assignment: TA (Compulsory)

1. What is DNS? Why is DNS required? What is the basis to choose the domain to anorganization?

ANS: DNS, the Domain Name System is a distributed hierarchical naming system forcomputers, services, or any resource connected to the Internet or a private network. Itassociates various information’s with domain names assigned to each of the participants.

This is required because domain names are alphabetic, as they're easier to remember.The Internet however, is really based on IP addresses. Every time we use a domain name,therefore, a DNS service must translate the name into the corresponding IP address. Forexample, the domain name www.example.com might translate to 198.105.232.4 .The basics of choosing domain to an organization by attaching random names to IPaddress and managing them is too nontrivial. So, a structured approach is needed.

Best way is to employ the postal addressing system.o Countryo Stateo Districto Taluko Cityo Street

Internet is divided into 200 Domains at Top level

Each top-level domain is further divided into sub domain.

Each sub domain is further divided into one or more levels of sub domains.



[42 ]

Top level domain can be split into two major classes.o Generic - generic domain names include

Om, int, mil, gov, org, net, edu...... biz, info, name (recent addition 2000 Nov)

aero, coop, museums (new ones) Country - each country has one entry, in, ae, us, jp etc

Top level domain should be unambiguous and non-contentious.

2. What are the different components of Internet cloud? How does WWW is

connected with Internet cloud? Explain.

ANS: A cloud client consists of computer hardware and/or computer software that relies oncloud computing for application delivery, or that is specifically designed for delivery ofcloud services and that, in either case, is essentially useless without it. Examples includesome computers, phones and other devices, operating systems and browsers

Cloud application services or "Software as a Service (SaaS)" deliver software as a service

over the Internet, eliminating the need to install and run the application on the customer'sown computers and simplifying maintenance and support. Key characteristics include

Network-based access to, and management of, commercially available (i.e., notcustom) software

Activities that are managed from central locations rather than at each customer'ssite, enabling customers to access applications remotely via the Web

Application delivery that typically is closer to a one-to-many model (single instance,multi-tenant architecture) than to a one-to-one model, including architecture,pricing, partnering, and management characteristics

Centralized feature updating, which obviates the need for downloadable patches andupgrades.



[43 ]

Cloud platform services or "Platform as a Service (PaaS)"deliver a computing platform and/or solution stack as a service, often consuming cloudinfrastructure and sustaining cloud applications. It facilitates deployment of applicationswithout the cost and complexity of buying and managing the underlying hardware andsoftware layers. Cloud infrastructure services or "Infrastructure as a Service (IaaS)" delivers

computer infrastructure, typically a platform virtualization environment as a service. Ratherthan purchasing servers, software, data center space or network equipment, clients insteadbuy those resources as a fully outsourced service. The service is typically billed on a utilitycomputing basis and amount of resources consumed (and therefore the cost) will typicallyreflect the level of activity. It is an evolution of virtual private server offerings. The serverslayer consists of computer hardware and/or computer software products that arespecifically designed for the delivery of cloud services, including multi-core processors,cloud-specific operating systems and combined offerings.

The Internet is a global system of interconnectedcomputer networks that use the standard Internet Protocol Suite (TCP/IP) to serve billionsof users worldwide. It is a network of networks that consists of millions of private, public,academic, business, and government networks of local to global scope that are linked by abroad array of electronic and optical networking technologies. The Internet carries a vastarray of information resources and services, most notably the inter-linked hypertextdocuments of the World Wide Web (WWW) and the infrastructure to support electronicmail. Most traditional communications media, such as telephone and television services,are reshaped or redefined using the technologies of the Internet, giving rise to services suchas Voice over Internet Protocol (VoIP) and IPTV. Newspaper publishing has been reshapedinto Web sites, blogging, and web feeds. The Internet has enabled or accelerated thecreation of new forms of human interactions through instant messaging, Internet forums,and social networking sites.

3. What are the advantages of good routing protocol? Explain one of the routingprotocols in detail.

ANS: The main objectives of the network layer are to deliver the packets to the destination.The delivery of packets is often accomplished using either a connection-oriented or a

connectionless network service. In a connection-oriented approach, the network layerprotocol first makes a connection with the network layer protocol at the remote site before



[44 ]

sending a packet. When the connection is established, a sequence of packets from thesame source to the same destination can be sent one after another. In this case, there is arelationship between packets. They are sent on the same path where they follow eachother. A packet is logically connected to the packet traveling before it and to packettraveling after it. When all packets of a message have been delivered, the connection is

terminated. In a connection oriented approach, the decision about the route of a sequenceof packets with the same source and destination addresses can be made only once, whenthe connection is established. The network device will not compute the route again andagain for each arriving packet. In a connectionless situation, the network protocol treatseach packet independently, with each packet having no relationship to any other packet.The packets in a message may not travel the same path to their destination. The internetprotocol (IP) is a connectionless protocol. It handles each packet transfer in a separate way.This means each packet travel through different networks before settling to their

destination network. Thus the packets move through heterogeneous networks usingconnection less IP protocol.

DIRECT AND INDIRECT ROUTINGThere exits two approaches for the final delivery of the IP packets. In the Direct delivery,the final destination of the packet is a host connected to the same physical network as thedeliverer (Figure 1). Direct delivery occurs when the source and destination of the packetare located on the same physical network or if the delivery is between the last router andthe destination host.

The sender can easily determine if the delivery is direct. It can extract the network addressof the destination packet (Mask all the bits of the Host address) and compare this addresswith the addresses of the networks to which it is connected. If a match is found, then thedelivery is direct. In direct delivery, the sender uses the destination IP address to find thedestination physical address. The IP software then delivers the destination IP address withthe destination physical address to the data link layer for actual delivery. In practical sensea protocol called address resolution protocol (ARP) dynamically maps an IP address to thecorresponding physical address. It is to be noted that the IP address is a FOUR byte codewhere as the Physical address is a SIX byte code. The Physical address is also called as MACaddress, Ethernet address and hardware address. When the network part of the IP addressdoes not match with the network address to which the host is connected, the packet isdelivered indirectly. In an indirect delivery, the packet goes from router to router until it

reaches the one connected to the same physical network as its final destination. Note thata delivery always involves one direct delivery but zero or more indirect deliveries. Note also



[45 ]

that the last delivery is always a direct delivery. In an indirect delivery, the sender uses thedestination IP address and a routing table to find the IP address of the next router to whichthe packet should be delivered. The sender then uses the ARP protocol to find the physicaladdress of the next router. Note that in direct delivery, the address mapping is between theIP address of the final destination and the physical address of the final destination. In an

indirect delivery, the address mapping is between the IP address of the next router and thephysical address of the next router. Routing tables are used in the routers. The routing tablecontains the list of IP addresses of neighboring routers. When a router has received apacket to be forwarded, it looks at this table to find the route to the final destination.However, this simple solution is impossible today in an Internetwork such as the Internetbecause the number of entries in the routing table make table lookups inefficient. Severaltechniques can make the size of the routing table manageable and handle such issues assecurity.

4. What is streaming? Give some examples of streaming. What are the challenges indesigning multimedia networking?

ANS: Streaming . In a streaming stored audio/video application, a client begins playout ofthe audio/video of few seconds after it begins receiving the file from the server. Thismeans that the client will be playing out audio/video from one location in the file while itis receiving later parts of the file from the server. This technique, known as streaming,avoids having to download the entire file (and incurring a potentially long delay) beforebeginning playout. There are many streaming multimedia products, such as RealPlayer,QuickTime and Media Player.

Examples are

Streaming stored audio/video,

Streaming live audio/video

Real-time interactive audio/video.

Packet Loss

Consider one of the UDP segments generated by our Internet phone application. TheUDP segment is encapsulated in an IP datagram. As the datagram wanders through the



[46 ]

network, it passes through buffers (that is, queues) in the routers in order to accessoutbound links. It is possible that one or more of the buffers in the route from sender toreceiver is full and cannot admit the IP datagram. In this case, the IP datagram isdiscarded, never to arrive at the receiving application.

End-to-End DelayEnd-to-end delay is the accumulation of transmission, processing, and queuing delays inrouters; propagation delays in the links; and end-system processing delays. For highlyinteractive audio applications, such as Internet phone

5. What is the purpose of E-mail? What are the tools provided in the E-mail? Mention

different E-mail –service providers and their special features.

ANS: Electronic mail is the most widely used tool in the present world for fast and reliablecommunication. It is based on RFC 822.

E-mail system supports five basic functions.

1) Composition: Helps in creating message and answers, supports many functions

such as insertion of address after extraction from the original message duringreplying etc.

2) Transfer: Causes movement of message to the destination. Connectionestablishments and passage of message is done here.

3) Reporting: Do involve in reporting the origin of email whether it is delivered,

lost or abandoned.

4) Disposition: Do involve in invoking certain tools to enable reading emailmessage which come as attachment.

Ex: Abode to read a pdf file attachment.

5) Disposition: Involves, Reading, discarding, savings, replying, forwarding etc.

Additional features of E-mail system

Forwarding: forward email to another email ID



[47]

Mail box: storing/retrieving email

Mailing list: Send copies to the entire email list.

Other functions: CC: carbon copy

BCC: Blind copy

High priority

Yahoo, Gmail, Hotmail, AOL etc

6. How does UBL work? Explain the various steps of server side operation. Give anexample.

ANS: XML is only the foundation on which additional standards can be defined to achievethe goal of true interoperability. The Universal Business Language (UBL) initiative is thenext step in achieving this goal.

The UBL effort addresses this problem by building on thework of the ebXML initiative. EbXML is a joint project of UN/CEFACT, the world bodyresponsible for international Electronic Data Interchange (EDI), and the Organization forthe Advancement of Structured Information Standards (OASIS), a nonprofit consortiumdedicated to the open development of XML languages. UBL is organized as an OASISTechnical Committee to guarantee a rigorous, open process for the standardization ofthe XML business language. The development of UBL within OASIS also helps ensure a fitwith other essential ebXML Specifications.

Server Side Operation

Upon clicking a URL, the server side offers the following operations.

Accepts a TCP connection from a client.

Get the name of the file requested disk.

Get the file from the disk.

Return the file to the client.

Release the TCP connection

Problems with this type is the disk access with every request



[48 ]

SCSI disk have a disc access time of 5 ms. so it permits 200 disks access per second

It is still lower if the files are larger.

To overcome this, the web server maintains a large cache space which holds ‘n’ mostrecent files. Whenever a request comes, the server first look into caches and respondappropriately.

To make the server faster, multithreading is adapted.

There exists different concepts and design in one design. The server has a front endmodule and k processing modules (threads). The processing modules have access tothe cache. The front end module accepts input request and pass it to one of themodule. The processing module verifies the cache and responds if the file exists elseit invokes disk search and caches the file and also send the file to the client. At anyinstant of time‘t’ out of k modules, K -X modules may be few to take requests, Xmodules may be in the queue waiting for disk access and cache search. If the numberof disks is enhanced then it is possible to enhance the speed.

1. Each Module does the following.



[49 ]

Resolve the name of the Web page requested.E.g.: http:// www.cisco.com

2. There is no file name here. Default is index .html.

3. Perform access control on the client check to see if there are any restrictions.

4. Perform access control on the web page. Access restrictions on the page itself.

5. Check the cache.

6. Fetch the requested page.

CACHE

Front end

- - - - - - - K Processes

K - Module

Threads

In coming

Request. Out going

Reply

7. Determine MIME type

8. Take care of miscellaneous address ends.(Building User profile, Satisfaction.)

9. Return the reply to the client.

10. Make an entry in the server log.



[50 ]

If too many requests come in each second, the CPU will notbe able to handle the processing load, irrespective of no of disks in parallel. The solutionis to add more machine with replicated disks. This is called server form. A front end stillaccepts the request and sprays them to all CPUs rather than multiple threads to reducethe load on that machine. Individual machines are again Multithreaded with Multiple

disks.

It is to be seen that cache is local to each machine. TCPconnection should terminate at processing node and not at front end.

7. What are the criteria consider to develop a routing protocol? Explain the OSPF routingprotocol in detail?

ANS: There exits two approaches for the final delivery of the IP packets. In the Directdelivery, the final destination of the packet is a host connected to the same physical

network as the deliverer (Figure 1). Direct delivery occurs when the source anddestination of the packet are located on the same physical network or if the delivery isbetween the last router and the destination host.

The sender can easily determine if the delivery is direct. It canextract the network address of the destination packet (Mask all the bits of the Hostaddress) and compare this address with the addresses of the networks to which it isconnected. If a match is found, then the delivery is direct. In direct delivery, the sender

uses the destination IP address to find the destination physical address. The IP softwarethen delivers the destination IP address with the destination physical address to the data



[51]

link layer for actual delivery. In practical sense a protocol called address resolutionprotocol (ARP) dynamically maps an IP address to the corresponding physical address. Itis to be noted that the IP address is a FOUR byte code where as the Physical address is aSIX byte code. The Physical address is also called as MAC address, Ethernet address andhardware address. When the network part of the IP address does not match with the

network address to which the host is connected, the packet is delivered indirectly. In anindirect delivery, the packet goes from router to router until it reaches the oneconnected to the same physical network as its final destination.

Note that a delivery always involves one direct delivery but zero or more indirectdeliveries.

Note also that the last delivery is always a direct delivery. In an indirect delivery, thesender uses the destination IP address and a routing table to find the IP address of thenext router to which the packet should be delivered.

The sender then uses the ARP protocol to find the physical address of the next router.Note that in direct delivery, the address mapping is between the IP address of the finaldestination and the physical address of the final destination.

In an indirect delivery, the address mapping is between the IP address of the nextrouter and the physical address of the next router.

Routing tables are used in the routers. The routing tablecontains the list of IP addresses of neighboring routers. When a router has received apacket to be forwarded, it looks at this table to find the route to the final destination.

However, this simple solution is impossible today in an Internetwork such as the Internetbecause the number of entries in the routing table make table lookups inefficient. Severaltechniques can make the size of the routing table manageable and handle such issues assecurity.

OPEN SHORTEST PATH FIRST(OSPF) O pen Shortest Path First (OSPF) is a routing protocol

developed for Internet Protocol (IP) networks by the Interior Gateway Protocol (IGP)working group of the Internet Engineering Task Force (IETF). The working group was formed



[52 ]

in 1988 to design an IGP based on the Shortest Path First (SPF) algorithm for use in theInternet. Similar to the Interior Gateway Routing Protocol (IGRP), OSPF was createdbecause in the mid-1980s, the Routing Information Protocol (RIP) was increasinglyincapable of serving large, heterogeneous internetworks. This chapter examines the OSPFrouting environment, underlying routing algorithm, and general protocol components.

OSPF was derived from several research efforts,including Bolt, Breakneck, and Newman’s (BBN’s) SPF algorithm developed in 1978 for theARPANET (a landmark packet-switching network developed in the early 1970s by BBN), Dr.Radia Perlman’s research on fault -tolerant broadcasting of routing information (1988),BBN’s work on area routing (1986), and an early version of OSI’s Intermediate System -to-Intermediate System (IS-IS) routing protocol. OSPF has two primary characteristics. The firstis that the protocol is open, which means that it is in the public domain. The OSPF

specification is published as Request for Comments (RFC) 1247. The second principalcharacteristic is that OSPF is based on the SPF algorithm, which sometimes is referred to asthe Dijkstra algorithm, named for the person credited with its creation. OSPF is a link-staterouting protocol that calls for the sending of link-state advertisements (LSAs) to all otherrouters within the same hierarchical area. Information on attached interfaces, metrics used,and other variables is included in OSPF LSAs. As OSPF routers accumulate link-stateinformation, they use the SPF algorithm to calculate the shortest path to each node. As alink-state routing protocol, OSPF contrasts with RIP and IGRP, which are distance-vector

routing protocols. Routers running the distance-vector algorithm send all or a portion oftheir routing tables in routing-update messages to their neighbors.

7. Why is BGP needed? Explain com 1BGP used in place of the 1GP?

ANS: The Border Gateway Protocol (BGP) is the protocol backing the core routing decisionson the Internet. It maintains a table of IP networks or 'prefixes' which designate networkreach ability among autonomous systems (AS). It is described as a path vector protocol.BGP does not use traditional Interior Gateway Protocol (IGP) metrics, but makes routingdecisions based on path, network policies and/or rule sets. For this reason, it is moreappropriately termed a reach ability protocol rather than routing protocol.BGP was createdto replace the Exterior Gateway Protocol (EGP) routing protocol to allow fully decentralizedrouting in order to allow the removal of the NSFNet Internet backbone network. Thisallowed the Internet to become a truly decentralized system. Since 1994, version four ofthe BGP has been in use on the Internet. All previous versions are now obsolete. The majorenhancement in version 4 was support of Classless Inter-Domain Routing and use of routeaggregation to decrease the size of routing tables. Since January 2006, version 4 is codifiedin RFC 4271, which went through more than 20 drafts based on the earlier RFC 1771 version



[53 ]

4. RFC 4271 version corrected a number of errors, clarified ambiguities and brought the RFCmuch closer to industry practices. Most Internet users do not use BGP directly. Since mostInternet service providers must use BGP to establish routing between one another(especially if they are multihued), it is one of the most important protocols of the Internet.Compare this with Signaling System 7 (SS7), which is the inter-provider core call setupprotocol on the PSTN. Very large private IP networks use BGP internally. An example would

be the joining of a number of large Open Shortest Path First (OSPF) networks where OSPFby itself would not scale to size. Another reason to use BGP is multihoming a network forbetter redundancy either to multiple access points of a single ISP (RFC 1998) or to multipleISPs.

BGP neighbors, or peers, are established by manualconfiguration between routers to create a TCP session on port 179. A BGP speaker willperiodically send 19-byte keep-alive messages to maintain the connection (every 60seconds by default). Among routing protocols, BGP is unique in using TCP as its transportprotocol. When BGP is running inside an autonomous system (AS), it is referred to asInternal BGP (IBGP or Interior Border Gateway Protocol). When it runs betweenautonomous systems, it is called External BGP (EBGP or Exterior Border Gateway Protocol).Routers on the boundary of one AS exchanging information with another AS are calledborder or edge routers. In the Cisco operating system, IBGP routes have an administrativedistance of 200, which is less preferred than either external BGP or any interior routingprotocol. Other router implementations also prefer EBGP to IGPs, and IGPs to IBGP.


PART - A

Answer all questions:

1. Explain Domain Name System (DNS).

Ans- DNS stand for Domain Name System. It translates the domain name into IP addressand also maps the domain name into Common Generic Name.

Working of DNS:- Whenever an application program calls a library procedure called‘Resolver’ with its domain name as p arameter. The Resolver sends an UDP packet to thelocal DNS server. The DNS server searches its table and returns the IP address whichmatches the domain name. Now, the program can establish a connection or send UDPpackets.



[54 ]

2. Explain Post Office Protocol (POP).

Ans- POP3 stands for Post Office Protocol version 3. It begins when a user starts the mailreader. The mail reader calls up the ISP and establishes a TCP connection with the messagetransfer agent at port 110.Once the connection has been established, the POP3 protocolgoes through three stages in sequence:

Authorization:- This state deals with the user log in

Transactions:- This state deals with the user collecting e-mail messages and marking themfor deletion from the mailbox.

Update:- The update state causes the e-mail messages to be deleted. During theauthorization state, at times, when the server is set for three passwords trials, if you give

the wrong password thrice, your mail box will get locked.

3. List out the advantages and disadvantages of WLAN.

Ans- Advantages:- i) WLANs are more flexible. With in radio coverage, nodes cancommunicate without further restriction.

ii) Wireless network allow communication without previous planning.

iii) Wireless networks can survive in disasters.

Disadvantages:- i) WLANs offer lower quality due to less bandwidth than wired networks.

ii) WLAN adapter are very costly. Ex- PC-Card is available in the range from 100 pounds.

iii) WLANs are limited to low power senders and certain license-free frequency bands.

iv) Using radio waves for data transmission might interfere with other high-tech equipment.

4. Explain conventional encryption model.Ans-





[56 ]

i)RTP provides end-to-end delivery services for data with real-time characteristics such asinteractive audio and video. However, it does not provide any mechanism to timelydelivery. It needs support from the lower layers of OSI model that actually have controlover resources in switches and routers.

ii) RTP provides timestamps, sequence numbers as hooks for adding reliability, flow, andcongestion control for packet delivery, but implementation is totally left to the application.

iii) RTP is a protocol framework that is deliberately not complete. It is open to new payloadformats and new multimedia software. By adding new profile and payload formatspecifications, one can tailor RTP to new data formats and new applications.

iv) The flow and congestion control information of RTP is provided by Real-Time ControlProtocol (RTCP) sender and receiver reports.

v) RTP provides functionality and control mechanisms for carrying real-time content.

5. a) What is cryptography ? Explain one cryptographic algorithm.

Ans- Cryptography:- Cryptography is the science of using mathematics to encrypt anddecrypt data. It enables us to store sensitive information or transmit it across insecurenetwork so that it cannot be read by anyone except the intended recipient. Cryptography isthe science of securing data.

Different cryptographic algorithms are:

Substitution cipher, Monoalphabetic cipher, Playfair cipher,

Hill cipher, & Transposition cipher.

6. a) Explain internet security model.

Ans- When two parties exchanging their information through internet. They need security

so that no one could access their information or messages. To accomplish it, a securitymodel will designed to protect the information transmission form an opponent who may



[57 ]

present a threat to confidentiality. This technique has two components:-- i) A security-related transformation on the information to be sent.

ii) Some secret information shared by the two principals and it is hoped, unknown to theopponent.

A third party is needed to achieve secure transmission Or a third party is needed toarbitrate dispute the two principals concerning the authenticity of a message transmission.

Designing of Internet Security Model include following:-- i) Design an algorithm forperforming the security-related transformation.

ii) Generate secrete information to be used with the algorithm.

iii) Develop methods for the distribution and sharing of the secret information.

iv) Specify a protocol to be used by the two principals that makes use of the securityalgorithm and the secret information to achieve a particular security service.

b) What is steganography ? Explain.

Ans- Steganography:- This is technique that hides the message in other messages. Thesender writes an innocuous message and then conceals on the same piece of paper. Somemethods of stenography are: -

Character marking:- Selected letters of printed written text are over written in pencil. Thesemarks are ordinarily not visible unless the paper is held at an angle to bright light.

Invisible inks:- A number of substances can be used for writing but leave no visible trace

until heat or some chemical is applied to the paper.

Pin punctures:-Small pin punctures on selected letters are ordinarily not visible unless thepaper is held up in front of a light.

Typewriter correction ribbon:- It is used between lines typed with a black ribbon, theresults of typing with the correction tape are visible only under a strong light.

The advantage of steganography is that the parties can employ the stenographer to reveal

the secrecy of the message. It main disadvantage is that it requires a lot of overhead to hide



[58 ]

few bits of information and once the system is discovered, it becomes useless withoutmaintaining the secrecy.

7. Compare IEEE 802.11a, 802.11b, 802.11g WLAN architectures and blue tooth.

Ans-

Features 802.11a 802.11b 802.11g Bluetooth

Data Rate 54-72mbps 11mbps 54mbps 721-56kbps

Frequency 5Ghz 2.4Ghz 2.4Ghz 2.4Ghz

Modulation OFDM DSSS/CCK DSSS/PBCC FHSS

Channels 12/8 11/3 11/3 79(1Mhz wide)

Bandwidth 300 83.5 83.5 (22Mhz perchannel)

83.5

Power 40-800mW 100mW 100mW 100mW

8. Write short note on :

a) Time out timer

Ans- Time out timer is used to help purge invalid routes from a RIP node. Routes that arenot refreshed for a given period of time are likely to be invalid because of some change inthe network. Thus, RIP maintains a timeout timer for each known route. When a route'stimeout timer expires, the route is marked invalid but is retained in the table until theroute-flush timer expires.

b) CSMA/CA mechanism

Ans- CSMA/CA is a network contention protocol that listens to a network in order to avoidcollisions, unlike CSMA/CD that deals with network transmissions once collisions have beendetected. The basic mechanism is shown in following figure:

If the mechanism is sensed idle for at least the duration of DIFS, a node can access themedium at once. This allows for short access delay under light load.



[59 ]

If the medium is busy, nodes have to wait for the duration of DIFS, entering a contentionphase afterwards. Each node now chooses a random back off time with a contentionwindow and additionally delays medium access for this random amount of time.

The additionally waiting time is measured in multiples of slots. Slots time is derived fromthe medium propagation delay, transmitter delay and other PHY dependent parameters.

c) Best effort service.

Ans- best effort service by which we can make several design decisions and employ a fewtricks to improve the user-perceived quality of a multimedia networking application.

Limitations of the best effort service are:

Packet loss, Excessive end-to-end delay Packet jitter



[60 ]

Subject: Computer Ethics

& Cyber Lab

Subject Code: BSIT - 64

Assignment: TA (Compulsory)

1. Why is computer ethics defined? Explain its evolution. What is computercrime? Explain different computer crimes.

ANS: Computer ethics is the analysis of the nature and social impact of computertechnology and the formulation and justification of the policies for the ethical use of suchtechnology. Computer ethics examine the ethical issues surrounding computer usage andthe connection between ethics and technology. It includes consideration of both personaland social policies for ethical use of computer technology. The goal is to understand theimpact of computing technology upon human values, minimize the damage that technologycan do to human values and to identify ways to use computer technology to advance

human values. The term computer ethics was coined in the mid 1970s by Walter Manor torefer to that field of applied professional ethics dealing with ethical problems aggravated,transformed or created by human technology. (James H Moor, 1997).

The computer revolution is occurring in two stages. Thefirst stage was that of “technology introduction” in which computer technology wasdeveloped and refined. The second stage is of “technological permeation” in whichtechnology gets integrated into everyday human activities. Thus evolution of computer

ethics is tied to the wide range of philosophical theories and methodologies, which is



[61]

rooted in the understanding of the technological revolution from introduction topermeation.

In the era of computer “viruses” and spying by “hacking”, comput er security is a topic ofconcern in the field of computer ethics. Computer crime can be can be looked into fromfive different aspects:

1. Privacy and confidentiality

2. Integrity – Ensuring that data and programs are not modified withoutproper authority

3. Unimpaired service

4. Consistency: Ensuring that data and behavior we see today will be thesame tomorrow.

5. Controlling access to resources.Malicious kinds of software or programmed threats provide a

significant challenge to computer security. These include “viruses” whichcannot run on their own but are inserted into other computer programs.“Worms” are s oftware that are programmed to move from machine tomachine across networks and could consist of parts of themselvesrunning on different machines; “Trojan horses” are programs which tendto appear as a sort of program but actually end up doing damage behindthe scenes; “logic bombs” check for particular favorable conditions andthen execute when such conditions arise and “bacteria” or “rabbits” are

programs which are programmed to multiply rapidly nod fill up thecomputer’s memory. Computer crimes are norm ally committed bypersonnel who have the permission to use the system. An “hacker” is onewho enters the system without authorization. It is done to steal data,commit vandalism or merely explore the system to see how it works andsee what is contained. However every act of hacking is harmful as itinvolves the unauthorized entry into a system thus in fact trespassing intoa person’s private domain. Even if the hacker did indeed make no





[63 ]

connecting people all over the globe. Efforts are on to develop mutually agreed standardsof conduct and efforts to advance and defend human values. Some of the global issuesbeing debated are:

Global laws: Over two hundred countries are already interconnected by the internet.Given this situation, what is the effect and impact of the law of one particular countryon the rest of the world? Issues regarding freedom of speech, protection ofintellectual property, invasion of privacy vary from country to country. The framing ofcommon laws pertaining to such issues to ensure compliance by all the countries isone of the foremost questions being debated.

Global cyber business : Technology is growing rapidly to enable electronic privacy andsecurity on the internet to safely conduct international business transactions. Withsuch advanced technology in place, there will be a rapid expansion of global cyberbusiness. Nations with a technological infrastructure already in place will enjoy rapideconomic growth, while rest of the world lags behind. This disparity in levels oftechnology will fuel a political and economic fallout, which could further widen thegap between the rich and the poor.

Global education : Inexpensive access to the global information net for the rich andthe poor alike is necessary for everyone to have access to daily news from a freepress, free texts, documents, political, religious and social practices of peopleseverywhere. However the impact of this sudden and global education on differentcommunities, cultures and religious practices are likely to be profound. The impacton lesser known universities would be felt as older well-established universities beginoffering degrees and knowledge modules over the internet.

3. What do you mean by Professional ethics? Explain the code of ethics. What are thebasic features of Internet? What is Cyber crime? What is an Electronic Warfare?



[64 ]

ANS: Professional ethics: A code fulfilling its function will change the approach of many tothe internet and provide a counter pressure against the tendency to behave unethically. Itwould also help many to realize that their behavior may be unethical. The standardsexpected and t he realization of one’s conduct will make them pause and think about theconsequences of their actions. This is summed up in the preamble to the Software

Engineering Code of Ethics and Professional Practice:“These principles should influence internet developers / users to

consider broadly who is affected by their work; to examine if they and their colleagues aretreating other human beings with due respect; to consider how the public, if reasonablywell informed, would view their decisions; to analyze how the least empowered will beeffected by their decisions; and to consider whether their acts would be judged worthy ofthe ideal professional working as a software engineer. In all these judgments, concern for

the health safety and welfare of public is primary; that is “public interest” is central to thecode.” (Donald Gotternbarn, 1994).

Code of ethics: Code of ethics are more apparitional. They are mission statementsemphasizing the professional objectives and vision. The degree of enforcement possible isdependent on the type of code. Code of ethics, which is primarily apparitional, uses nomore that light coercion. Codes of conduct violations generally carry sanctions ranging from

warning to exclusion from the professional bodies. Violations of the codes of practice maylead to legal action on the grounds of malpractice or negligence. The type of code used toguide behavior affects the type of enforcement. The hierarchy of codes parallels the threelevels of ethical obligations owed by professionals. The first level identified is a set of ethicalvalues, such as integrity and justice, which professionals share with other human beings byvirtue of their shared humanity. Code statements at this level are statements of aspirationthat provide vision and objectives. The second level obliges professionals to morechallenging obligations than those required at the first level. At the second level, by virtueof their role as professionals and their special skills, they owe a higher degree of care tothose affected by their work. Every type of professional shares this second level of ethicalobligation. Code statements at this level express the obligations of all professionals andprofessional attitudes. They do not describe specific behavior details, but they clearlyindicate professional responsibilities. The third and deeper level comprises severalobligations that derive directly from elements unique to the particular professionalpractice. Code elements at this level assert more specific behavioral responsibilities that are

more closely related to the state of art within the particular profession. The range of



[65 ]

statements is from more general apparitional statement to specific and measurablerequirements. Professional code of ethics needs to address all three of these levels.

Cyber crime: In an influential research work, Prof. Ulrich Sieber observed that;

“the vulnerability of today’s information society in view of computer crimes is stil l notsufficiently realized: Businesses, administrations and society depend to a high degree onthe efficiency and security of modern information technology. In the business community,for example, most of the monetary transactions are administered by computers in form ofdeposit money. Electronic commerce depends on safe systems for money transactions incomputer networks. A company’s entire production frequently depends on the functioningof its data-processing system. Many businesses store their most valuable company secretselectronically. Marine, air, and space control systems, as well as medical supervision rely to

a great extent on modern computer systems. Computers and the internet also play anincreasing role in the education and leisure of minors. International computer networks arethe nerves of the economy, the public sector and society. The security of these computerand communication systems and their protection against computer crime is therefore ofessential importance.

Electronic warfare: In the meantime, the possibilities of computermanipulations have also been recognized in the military sector. “Strategic InformationWarfare” has become a form of potential warfare of its own. This type of warfare isprimarily directed t o paralyze or manipulate the adversary’s computer systems. Thedependency of military systems on modern information systems became evident in 1995when a “tiger -team” of the US Air Force succeeded in sending seven ships of the US Navy toa wrong destination due to manipulations via computer networks. Thus broadly speaking,the following specified nature of offences are recognized by respective nation states in their

legislations. The list by no means is to be construed as exhaustive but only illustrative.

3. Brief the evolution of Computer Ethics. What are the three levels ofcomputer ethics? Explain

ANS: The computer revolution is occurring in two stages. The first stage was that of

“technology introduction” in which computer technology was developed and ref ined. Thesecond stage is of “technological permeation” in which technology gets integrated into



[66 ]

everyday human activities. Thus evolution of computer ethics is tied to the wide range ofphilosophical theories and methodologies, which is rooted in the understanding of thetechnological revolution from introduction to permeation.

In the 1940s and 1950s computer ethics as a field of studyhad its roots in the new field of research called “cybernetics” -the science of information

feedback systems undertaken by Professor Norbert Weiner? The concepts of cyberneticsled Weiner to draw some remarkable ethical conclusions about the technology that is nowcalled information and communication technology. He foresaw revolutionary social andethical consequences with the advance of technology. In his view the integration ofcomputer technology into society would eventually constitute the remaking of society,which he termed as the “second industrial revolution”. H e predicted that workers wouldhave to adjust to radical changes in the workplace, governments would need to establish

new laws and regulations, industries would need to create new policies and practices,professional organizations would need to develop new code of conduct for their members,sociologists and psychologists would need to study and understand new social andpsychological phenomena and philosophers would need to rethink and redefine old socialand ethical concepts. In the 1960s Don Parker of SRI Inc. began to examine the unethicaland illegal uses of computers by computer professions. He published “Rules of Ethics inInformation Processing” and headed the development of the first code of professionalconduct for the association of computing machinery. The 1970s saw Walter Maner coin the

term “Computer Ethics” to refer to that field of inquiry dealing with ethical problemsaggravated, transformed by computer technology. He disseminated his starter Kit incomputer ethics, which contained curriculum materials and guidelines to develop and teachcomputer ethics. By the 1980s a number of social and ethical consequences of informationtechnology were becoming public issues in America and Europe. Issues like computerenabled crime, disasters caused by computer failures, invasions of privacy throughcomputer databases etc become the order of the day. This led to an explosion of activitiesin the field of computer ethics. The 1990s heralded the beginning of the second generationof computer ethics. Past experience led to the situation, which helped to build andelaborate the conceptual foundation while developing the frameworks within whichpractical action can occur, thus reducing the unforeseen effects of information technologyapplication.

Computer ethics questions can be raised and studied at

various levels. Each level is vital to the overall goal of protecting and advancing humanvalues.



[67 ]

On the most basic level, computer ethics tries tosensitize people to the fact that computer technology has social and ethical consequences.Newspapers, magazines and TV news programs have highlighted the topic of computerethics by reporting on events relating to computer viruses, software ownership law suits,

and computer aided bank robbery, computer malfunction, computerized weapons etc.These articles have helped to sensitize the public at large to the fact that computertechnology can threaten human values as well as advance them.

The second level consists of someone who takes interestin computer ethics cases, collects examples, clarifies them, looks for similarities anddifferences, reads related works, attends relevant events to make preliminary assessmentsand after comparing them, suggests possible analyses.

The third level of computer ethics referred to as‘theoretical’ computer ethics a pplies scholarly theories from philosophy, social science, lawetc. to computer ethics cases and concepts in order to deepen the understanding of issues.All three level of analysis are important to the goal of advancing and defending humanvalues. (James H Moor, 1997)

4. What are the codes of ethics? Compare its significance with present dayscenario.

ANS: Professional societies have used the codes to serve the following functions:

1. Inspiration : Codes function as an inspiration for “positive stimulus” for

ethical conduct. Codes also serve to inspire confidence in the customer oruser.

2. Guidance: Historically, there has been a transition away from regulatorycodes designed to penalize divergent behavior and internal dissent, towardscodes which help someone determine a course of action through moral judgement.



[68 ]

3. Education : Codes serve to educate, both prospective and existing membersof the profession about their shared commitment to undertake a certainquality of work and the responsibility for the well being of the customer anduser of the developed product. Codes also serve to educate managers ofgroups of professionals and those who make rules and laws related to the

profession about expected behavior. Codes also indirectly educate thepublic at large about what the professionals consider to be a minimalacceptable ethical practice in the field, even if practiced by a non-professional.

4. Support for positive action : Codes provide a level of support for theprofessional who decides to take positive action. They provide an

environment in which it will be easier, than it would otherwise be, to resistpressure to do what the professional would rather not do. The code couldbe used as a counter pressure against the urging by others to have theprofessional to act in ways inconsistent with an ethical pattern of behavior.

5. Deterrence and discipline : Codes can serve as a formal basis for actionagainst a professional. The code defines a reasonable expectation for allpractitioners. A failure to meet these expectations could serve as a formalbasis in some organizations to revoke membership or suspend license topractice.

6. Enhance the profession’s public image : Codes serve to educate multipleconstituencies about the ethical obligations and the responsibilities of theprofessional. They educate the professionals about what they should expectfrom themselves and what they should expect from their colleagues. Codesalso serve to educate society about its rights, about what society has a rightto expect from the practicing professional.

A code fulfilling its function will change the approach ofmany to the internet and provide a counter pressure against the tendency to behaveunethically. It would also help many to realize that their behavior may be unethical. Thestandards expected and the realization of one’s conduct will make them pause and thinkabout the consequences of their actions. This is summed up in the preamble to the

Software Engineering Code of Ethics and Professional Practice:



[69 ]

“These principles should influence internet developers /users to consider broadly who is affected by their work; to examine if they and theircolleagues are treating other human beings with due respect; to consider how the public, ifreasonably well informed, would view their decisions; to analyze how the least empoweredwill be effected by their decisions; and to consider whether their acts would be judged

worthy of the ideal professional working as a software engineer. In all these judgments,concern for the health safety and welfare of public is primary; that is “public interest” iscentral to the code.” (Donald Gotternbarn, 1994).

5. State and Discuss primary assumptions of a legal system. What are the basicfeatures of Internet? Explain

ANS: Any legal system is premised upon the following primary assumptions as a foundation.They are:

a) Sovereignty

b) Territorial Enforcement

c) Notion of property

d) Paper based transactions

e) Real relationships

a) Sovereignty: Law making power is a matter of sovereign prerogative. As a result, thewrit of sovereign authority runs throughout wherever sovereign power exercisesauthority. Beyond its authority, which is always? Attributed to determinate

geographical boundaries, the sovereign cannot regulate a subject matter throughlegal intervention. However, in the cyber context, geography is a matter of history, inthe sense that barriers in terms of distance and geographical boundaries do not makemuch sense.

b) Enforcement: Any law in real world context can only be subjected to predeterminedterritorial enforcement. In other words, the territory over which the sovereign

authority exercises power without any qualification or impediment will be able toenforce the law. However, this proposition carries some exceptions. It is a normal



[70]

practice in the case of criminal law, the sovereign authority enjoins extra -territorial jurisdiction as well. It is to indicate that even if the crime is committed beyond thelimits of territory, the sovereign authority will be able to initiate prosecution,provided if the custody of the person is fetched. Towards this end, it is a normalpractice to invoke extradition proceedings (which reflect mutual understanding and

undertaking to co-operate with each other nation in cases of crime commission).However, serious impediment in this respect is, the proceedings must comply withthe principle of ‘double criminality’. It means that, in both the countries, the allegedact of commission must have been criminalized. In the context of cyber law, there areonly twelve countries in the globe, where relevant laws have been enacted. But whenit comes to Civil law, say in the case of international contracts, pertinent principles ofPrivate International Law are invoked to address these issues. When it comes tocyber context, territory does not hold any meaning. Connectivity without any

constraint is the strength of cyber world.

c) Notion of Property: The obtaining premise (though of late subjected to marginalchange) of the legal response considers ‘property’ as tangible and physical. With theadvent of intellectual property, undoubtedly, this concept or understanding of‘property’ has undergone change. In the cyber context, ‘property’ in the form ofdigitized services or goods poses serious challenges to this legal understanding.

Similarly, ‘domain names’ raise fundamental questions vis -à-vis the legalunde rstanding of what constitutes ‘property’.

d) Real Relationships: Quite often, legal response considers relationships, which arereal world oriented. In view of connectivity, pace and accuracy as to transmission, inthe cyber context, these relationships acquire unique distinction of virtual character.In the broad ambit of trade and commerce, it is the commercial transaction in the

form of contracts, which constitutes the foundation of legal relationship. Hence, ifthe relationships are virtual, what should be the premise of contract law, which isbasically facilitating in nature? Even with regard to other activities, which arepotentially vulnerable to proscription, what kind of legal regulation is required to bestructured?

e) Paper Based Transactions: Obtaining legal response considers and encouragespeople to create and constitute legally binding relationships on the basis of paper-based transactions. No doubt, the definition of ‘document’ as is obtaining underSection 3 of Indian Evidence Act, 1872 takes within its fold material other than paper



[71]

also, still popularly the practice covers only paper based transactions. But in thecyber context, it is the digital or electronic record, which forms the basis of electronictransactions. As a result of which transactions will be on the basis of electronicrecords.

In the light of these seemingly non-applicable

foundations, the legal system originating from a particular sovereign country has to facecomplex challenges in formalizing the structure of legal response. However, the inherentcomplexity did not deter select countries in making an attempt in this regard. From theobtaining patterns it can be understood that, substantial numbers of these countries haveapparently considered the following benchmarks in structuring the relevant legal response.

Application of the existing laws duly modified to suitthe medium of cyber context with an appropriate regulatory authority monitoring the

process and adjudicating the rights and liabilities of respective stakeholders; respectivelegislations enacted by the concerned sovereign states with a deliberate attempt toencourage and facilitate international co-operation to enforce these laws.

The IP provides for ‘telepresence’ or geographicallyextended sharing of scattered resources. An internet user may employ her internet link toaccess computers, retrieve information, or control various types of apparatus from aroundthe world. These electronic connections are entirely transparent to the user. Access tointernet resources is provided via a system of request and reply; when an online userattempts to access information or services on the network, his/her local computer requestssuch access from the remote server computer where the addressee is housed. The remotemachine may grant or deny the request, based on its programmed criteria, only if therequest is granted does the server tender the information to the user’s machine. Thesefeatures make available a vast array of interconnected information, including computerizeddigitalized text and graphics and sound. A crop of private internet access providers hasdeveloped to offer network access and facilities to such customers outside the research

community. Consequently, although the academic and scientific research communityremains an important part of the internet community as a whole, private and commercialtraffic has become a dominant force in the development and growth of the ‘electronicfrontiers’. In particular, the network offers novel opportunities for transactions involvinginformation based goods and services.



[72]


PART – A

PART - A

Answer all questions:

1. Explain the four classifications of ethical issues.

Ans- Computer Ethics:- Computer ethics is the analysis of the nature and social impact ofcomputer technology and the formulation and justification of the policies for the ethical useof technology. It includes consideration of both personal and social policies for ethical useof computer technology. Its main goal is to understand the impact of computing technologyupon human values.

There are four kinds of ethical issues:--

i) Privacy:- It deals with collection, storage and dissemination of information about

individuals.ii) Accuracy:- It deals with authenticity, fidelity and accuracy of information collected andprocured.

iii) Property:- It deals about ownership and value of information (intellectual property).

iv) Accessibility:- It deals about right to access information and payment towards the same.

2. Explain the social and ethical issues arising out of the presence of computers in

the workplace.

Ans- The social and ethical issues that can arise out of the presence of computers in theworkplace are:

i)Task Automation: At workplace, computers have become universal tools that can in

principle perform any task and hence pose a threat to jobs. They are far more efficient thanhumans in performing many tasks. Therefore, economic incentives to replace humans with



[73]

computerized devices are very high. In the industrialized world, many workers doing jobs asbank tellers, autoworkers, telephone operators, typists etc have already been replaced bycomputers.. On the other hand, the computer industry has generated a wide range of new

jobs in the form of hardware engineers, software engineers, system analysts, webmasters,information technology teachers, and computer sales clerks. Even when a job is not

eliminated by computers, the job profile could be radically altered. So, job gains and lossesare to be viewed in the context of the society we live in.

ii)Health and Safety: Another workplace issue concerns health and safety. Often radiationfrom machines, repetitive injuries, and posture related problems are common at computerdominated workplaces. Another concern is poisonous non biodegradable computer waste,which is causing a major threat to the environment. The advent of stress in the workplacedue to the introduction of computers is becoming more and more evident.

iii)Employee Monitoring: Another major concern is the employee monitoring or surveillanceby the organizations using sophisticated computer driven technology. Some amount ofmonitoring may be vital for protecting the interest of the employer and to increaseproductivity, but excess of such surveillance can becomes unethical.

3. What are the fundamental conceptions regarding the evaluation of individual

actions?

Ans- There are two the fundamental conceptions regarding the evaluation of individualactions:-

i) Examine an issue under independently justified principles of what one considers beingright. This is referred to as “deontological” approach where one starts out with one or moremoral principle and see how they apply to particular case.

ii) Look for the course of action that maximizes the good. This approach is referred to as“teleological” means involves framing what is good for users, and spell out what is wrongwith actions that interfere with attempts to get in.

4. How is a professional code distinguished ?

Ans- Professional code is divided into three groups of code: --



[74]

i) Code of Ethics:- Code of ethics is more aspirational (aim). They are mission statementsstressed the professional objectives and vision.

ii) Code of Conduct:- Code of conduct are more oriented towar ds the professional’sattitude. They make clear the issues at risk in the different specialized fields.

iii) Code of Practice:- Technical document on health and safety issue approved by thegovernment minister. It provides particular guideline on way to achieve agreement withOMC legislation.

5. Describe the nature and features of internet.

Ans- Following are the three distinct features of Internet:-

i) Global scope : - Internet communications has much broader scope and reach. This featureof internet do things to one another demonstrates the great amount of power whenconnected to the internet. It also enables individuals apart from fraternizing with oneanother to disrupt, steal, damage, snoop, harass, stalk, and defame from great distance.

ii) Anonymity : - This feature of internet provides a certain kind of anonymity means it givesindividuals a senses if invisibility that allows them to engage in behavior that they might nototherwise engage in. The positive aspect of anonymity is that it might allow individuals to

get a free and equal treatment irrespective of their race, color or creed. It enables theirparticipation in activities where individuals might otherwise reluctant. It also leads a seriousproblem for accountability and integrity of information.

iii) Reproducibility: - Electronic information exists in the form that makes it easy to copywithout any loss of originality or value in the process of reproduction. Reproducibilityexacerbates the problem arising by global scope and anonymity. It also adds to theproblems of accountability and integrity of information arising out of anonymity.

All these three features of communication lead directly or indirectly to a widerange of ethical issues.

PART - B

Answer any FIVE full questions:



[75 ]

1. a) Explain the different sources of law.

Ans- Following are the different source of law:--

a) Legislation:- It is the formal enactment of law by the legislature created or authorized bythe constitution. It stands in contrasted with judge made law. Legislation consists of written

laws, as contrasted with judge made law or common law. It also stans in contrasted tocustomary law.

b) Common Law:- It comprises the body of principle, which derive their authority solelyfrom the decisions of courts. It is a body of law that develops and derives through judicialdecisions different from legislative enactments. Its principals do not derive their validityfrom formal law making by anybody, but from their enunciation through decisions ofcourts.

c) Custom:- Custom’ denotes a usage or practice of the people (including a particular socialgroup or a group residing in a particular locality) which by common adoption andacquiescence and by long and unvarying habit, has become compulsory and has acquiredthe force of law with respect to the place or subject matter to which it relates.

b) Discuss the significance of legislation.

Ans- Significance of legislation:-

i) The legislature can legislate in advance. But judges can’t do so.

ii) The legislature can make a law on any subject within its competence. But judges can dealwith a subject.

iii) The legislature can override the law laid down by the courts, on a particular pointbecause of the doctrine of separation of powers.

iv) Legislation is the most fertile source of law. The legislature can vest a subordinateauthority with power to make rules, orders, etc.

v) A legislative enactment is not subject to appeal; and the law enacted by it cannot bereversed.

2. a) Explain how “custom” is a source of law.



[76 ]

Ans- Custom’ denotes a usage or practice of the people (including a particular social groupor a group residing in a particular locality) which by common adoption and acquiescenceand by long and unvarying habit, has become compulsory and has acquired the force of lawwith respect to the place or subject matter to which it relates.

Legislation and case law can operate in any sphere of human activity, while the

operation of custom is generally restricted to a particular locality, group or family.

Custom’ denotes a usage or practice of the people (including a particular social group or agroup residing in a particular locality) which by common adoption and acquiescence hasbecome compulsory and has acquired the force of law with respect to the place or subjectmatter to which it relates.

b) State and discuss the primary assumptions of a legal system.

Ans- Following are the primary assumptions of a legal system:

i) Sovereignty : Law making power is a matter of sovereign prerogative. As a result, the writof sovereign authority runs throughout wherever sovereign power exercises authority.Beyond its authority, which is always attributed to determine geographical boundaries, thesovereign cannot regulate a subject matter through legal intervention.

ii)Territorial Enforcement : Any law in real world context can only be subjected topredetermined territorial enforcements. There are some exceptions to this. The sovereignauthority could join extra territorial jurisdiction in case of criminal law. This indicates that ifthe crime is committed beyond the limits of the territory the sovereign authority caninitiate prosecution.

iii) Notion of property : The obtaining premise of the legal response considers 'property' astangible and physical. In the cyber context, 'property' in the form of digitized services or

goods poses serious challenges to this legal understanding. Also that the 'domain names'raise fundamental questions.

iv) Paper-based transaction : Legal response considers and encourages people to create andconstitute legally binding relationships on the basis of paper- based transactions. Althoughthe word ‘document’ under law takes within its fold material other than paper also. Since incyber context, digital or electronic record forms the basis of electronic transactions. Hence,the transactions are on the basis of electronic records.



[77]

v) Real relationships : Legal response considers relationships, which are real world oriented.In view of connectivity, pace and accuracy as to transmission, in the cyber context, theserelationships acquire unique distinction of virtual character. In case of trade and commerce,commercial transaction in the form of contracts constitutes the foundation of legalrelationship.

3. a) Discuss the current forms of computer crimes.

Ans- Different forms of computer crimes:- i) Privacy infringement: The personal rights ofthe citizens are endangered with the collection, transmission, and storage of the personaldata. Therefore, in the data processing area, the protection of privacy needs to beconsidered. A balance needs to be maintained between the privacy interests of data

subjects concerned and the economic freedom of the holders of personal data.ii) Economic offences: The economic crimes are considered as the central area of computercrime. Hacking, fraudulent manipulation of the computer data is some of the economicoffences related to computers.

iii) Computer Hacking:-This is a greatest risk in terms of integrity, availability, andconfidentiality. Website defacements, credit card frauds, non-availability of web andapplication servers, and new virus attacks are common. These defacements are done by

hackers and this process is called as hacking.

iv) Software Piracy and Other forms of Product Piracy:- This includes illegal access ofcomputer programs. It also includes copying the important software and information of theindividual.

v) Computer Espionage:- It rarely appears in official statistics constitute a special dangercompared with traditional economic espionage. The object of this offence are especiallycopying computer program, data of research and defence, data of commercial accountingas well as address of client. It is done by data telecommunication.

vii) Computer Sabotage and Computer Extortion:- It is danger for business andadministration. It includes activities like destroying the store tangible and intangible datacontaining computer programs and other valuable information. It also affect the dataprocessing.

viii) Computer Fraud:- It describe a spectrum of various cases within the field of economic

crimes. It includes invoice manipulations concerning the payment of bill and salaries ofindustrial companies along with the manipulation of account balance and balance sheets.



[78]

viii) Illegal and Harmful content:- It includes providing harmful contents such as pornmovies or videos, adult picture or story, more violent games etc, on internet throughwebsite which are illegal.

b) Discuss the classifications of crimes under the IT act 2000.

Ans- The following acts are cyber crime in the I.T. Act 2000:-Without permission of the authorized user

i) Accessing or securing access to computer system or network.

ii) Downloading, coping or extracting any data or information.

iii) Introducing any computer, virus or contaminant in the computer.

iv) Disrupting the working of the computer.v) Disrupting the access of the computer of an authorized user.

vi) Providing assistance to ensure unauthorized access to the computer.

vii) Tampering with computer source documents.

viii) Hacking of computer system.

ix) Carring on activities that are not in compliance with the provisions of the Act.x) Failure to extend all facilities and technical assistance to the Controller to decrypt anyinformation necessary for the security of the nation.

xi) Publishing Digital Certificate that are false in certain particular.

xii) Misrepresenting or suppressing any material fact from the Controller or CertifyingAuthority for obtaining any license or Digital Signature Certificate.

4. a) Discuss the essentials of valid contract.

Ans- The general law of contracts is contained in the Indian Contract Act 1872. The Actdefines “contract” as an agreement enforced by law. The essentials of a valid contract are: -



[79 ]

i) Intention to be bound:- The intention to create a contract should be clear otherwise, itwill be treated as invalid.

ii) Offer and acceptance:-It is an essential ingredient of a contract that there must be anoffer and its acceptance. If there is no offer then there is no contract. But if one party offerbut another one does not accept it then also no contract will be formed

iii) Concept of offer:- An offer is not defined by statue. It is generally understood asdenoting the expression, by words or conduct, of a willingness to enter into a legallybinding contract. It expressly indicates that it is to become binding on the offer or as soonas it has been accepted.

iv) Offer by and whom: - An offer must be made by a person legally competent to contractor on his behalf by someone authorized by him to make the offer. If there is no particular

individuals to whom that offer a contract then that contract become a “unilateral contract”.So, there must be two parties to made contract.

vi) Statements which are not offer: - Every statement of intention is not an offer. Astatement must be made with the intention that it will be accepted and will constitute abinding contract.

b) What are the remedies for the breach of the contract?Ans- Remedies for breach of a contract:-

i)Damage:- When a contract has been broken, the party who suffer by such breach isentitled to receive compensation from the party who broken the contract for any loss ordamage caused by him. Such compensation is not to be given for any remote and indirectloss or damage sustained by reason of the breach.

ii)Penal Stipulations:- If a sum is named in the contract or if the contract contains any otherstipulation by way of penalty, the party complaining of the breach is entitled to receivereasonable compensation from party who broken the contract, whether or not actualdamage or loss is proved to have been caused thereby.

iii) Specific performance:- In certain cases the court may direct against the party in default“specific performance” of the contract means that party may be directed to perform thevery obligation which he has undertaken by the contract.



[80 ]

iv) Injunction:- An injunction is a preventive relief and is granted at the discretion of thecourt. The discretion of court is not arbitrary but is guided by judicial principles. A furthercheck on the discretion is the provision for correction through an appeal in a higher court.

5. a) Explain digital signature. What is a digital signature certificate?

Ans- Digital Signature: The IT Act states that any law provides that information shall be inwriting or in printed form. The key ingredients of the formation of electronic contractscomprise communication of offer and acceptance by electronic means, verification of thesource of the communication, authentication of the time and place of dispatch and finallythe verifiability of the receipt of the data communication. A 'digital signature' may beaffixed to authenticate an electronic record. The digital signature serves to satisfy the legalrequirement of affixing of a signature in a written or printed document. The CentralGovernment has the power to make rules about the type of digital signature.

Digital Signature Certificate: It certifies the identity of the subscriber and implies hisacceptance of the provisions of this act and the rules and regulations contained therein.The certificate is issued only on the following grounds:

i) The Certifying Authority being satisfied that the information contained in the applicationof certificate is accurate.

ii) The subscriber holds a Private Key capable of creating a Public Key.

iii) The Private Key corresponds to the Public Key to be listed in the Digital SignatureCertificate.

iv) The Public Key to be listed in the certificate can be used to verify a digital signatureaffixed by the Private Key held by the subscriber.

b) Discuss the adjudicatory processes incorporated in the act.

Ans- The adjudicatory processes incorporated in IT act 2000 are:



[81]

i)Penalty for damage to computer: If any damage cause by any computer due to accessingor securing data, Downloading, coping data and disrupting the working of computer by anyunauthorized user then he will have to paid one crore rupees as a compensation to theaffected person.

ii) Penalty for failure to furnish information, return: If any individual fall in its preview using

the computer to furnish any document, return or reports then he will have to give 1,50,000rupees as penalty.

iii) Residuary penalty: This act provides that whoever contravenes any rule or regulation forwhich a penalty has not specified, the person contravening the act is liable to pay 25,000rupees as compensation

iv) Power to adjudicate: According to this the adjudicating officer has power to: a) Summon

and enforce the attendance of any person and examine him on oath.b) Direct the production of records and other electronic records.

c) Issue warrant for the examination of witness and receive evidence on record.



::REFERENCES::

1.Course Materiel Provided.

2. http://www.wikipedia.com

Documents

Jomon Semester 6 bScit