Students can Download Computer Applications Chapter 17 E-Commerce Security Systems Questions and Answers, Notes Pdf, Samacheer Kalvi 12th Computer Applications Book Solutions Guide Pdf helps you to revise the complete Tamilnadu State Board New Syllabus and score more marks in your examinations.

Tamilnadu Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Samacheer Kalvi 12th Computer Applications E-Commerce Security Systems Text Book Back Questions and Answers

PART – I
I. Choose The Correct Answer

Question 1.
In E-Commerce, when a stolen credit card is used to make a purchase it is termed as ………………………
(a) Friendly fraud
(b) Clean fraud
(c) Triangulation fraud
(d) Cyber squatting
Answer:
(b) Clean fraud

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 2.
Which of the following is not a security element involved in E-Commerce?
(a) Authenticity
(b) Confidentiality
(c) Fishing
(d) Privacy
Answer:
(c) Fishing

Question 3.
Asymmetric encryption is also called as ……………………..
(a) Secure Electronic Transaction
(b) Certification Authority
(c) RSA algorithm
(d) Payment Information
Answer:
(c) RSA algorithm

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 4.
The security authentication technology does not include
(i) Digital Signatures
(ii) Digital Time Stamps
(iii) Digital Technology
(iv) Digital Certificates
(a) (i), (ii) & (iv)
(b) (ii) & (iii)
(c) (i), (ii) & (iii)
(d) all the above
Answer:
(b) (ii) & (iii)

Question 5.
PGP stands for
(a) Pretty Good Privacy
(b)Pretty Good Person
(c) Private Good Privacy
(d) Private Good Person
Answer:
(a) Pretty Good Privacy

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 6.
…………………… protocol is used for securing credit cards transactions via the Internet
(a) Secure Electronic Transaction (SET)
(b) Credit Card Verification
(c) Symmetric Key Encryption
(d) Public Key Encryption
Answer:
(a) Secure Electronic Transaction (SET)

Question 7.
Secure Electronic Transaction (SET) was developed in
(a) 1999
(b) 1996
(c) 1969
(d) 1997
Answer:
(b) 1996

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 8.
The websites secured by Secure Socket Layer protocols can be identified using
(a) html://
(b) http://
(c) htmls://
(d) https://
Answer:
(d) https://

Question 9.
3-D Secure, a protocol was developed by
(a) Visa
(b) Master
(c) Rupay
(d) PayTM
Answer:
(a) Visa

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 10.
Which of the following is true about Ransomware
(a) Ransomware is not a subset of malware
(b) Ransomware deletes the file instantly
(c) Typopiracy is a form of ransomware
(d) Hackers demand ransom from the victim
Answer:
(d) Hackers demand ransom from the victim

II. Short Answers

Question 1.
Write about information leakage in E-Commerce?
(i) Information leakage:
The leakage of trade secrets in E-Commerce mainly includes two aspects:

  1. The content of the transaction between the vendor and customer is stolen by the third party;
  2. The documents provided by the merchant to the customer or vice versa are illegally used by the another. This intercepting and stealing of online documents is called information leakage.

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 2.
Write a short note on typopiracy?
Answer:
Typopiracy:

  • Typopiracy is a variant of Cyber Squatting. Some fake websites try to take advantage of users’ common typographical errors in typing a website address and direct users to a different website.
  • Such people try to take advantage of some popular websites to generate accidental traffic for their websites, e.g. www.goggle.com,www.faceblook.com

Question 3.
Define non-repudiation?
Answer:
Non-repudiation: prevention against violation agreement after the deal.

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 4.
List the different types of security technologies in E-Commerce?
Answer:

  1. Encryption technology is an effective information security protection.
  2. It is defined as converting a Plaintext into meaningless Ciphertext using encryption algorithm thus ensuring the confidentiality of the data.
  3. The encryption or decryption process use a key to encrypt or decrypt the data.

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 5.
Write about digital signature?
Answer:

  1. A digital signature is a mechanism that is used to verify that a particular digital document, message or transaction is authentic.
  2. Digital signatures are used to verify the trustworthiness of the data being sent.

PART – III
III. Explain in Brief Answer

Question 1.
Write a note on certification authorities (CA)?
Answer:
Digital certificates are issued by recognized Certification Authorities (CA). When someone requests a digital certificate, the authority verifies the identity of the requester, and if the requester fulfills all requirements, the authority issues it. When the sender uses a certificate to sign a document digitally, receiver can trust the digital signature because he trusts that CA has done their part verifying the sender’s identity.

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 2.
List some E-Commerce Security Threats?
Answer:

  1. Information leakage
  2. Tampering
  3. Payment frauds
  4. Malicious code threats
  5. Distributed Denial of Service (DDoS) Attacks
  6. Cyber Squatting
  7. Typopiracy

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 3.
Differentiate asymmetric and symmetric algorithms?
Answer:
Symmetric Key Encryption:

  1. Same key is used for both encryption and decryption
  2. Speed of encryption or decryption is very fast
  3. Plain text and cipher text are of same size
  4. Algorithms like DES, AES, RC4 uses symmetric key encryption
  5. Provides confidentiality
  6. The number of key used grows exponentially with the number of users

Asymmetric Key Encryption:

  1. Different keys are used for encryption and decryption
  2. Speed of encryption or decryption is comparatively slow
  3. The size of cipher text is always greater than plain text.
  4. Algorithms like RSA, ECC, DSA use asymmetric key encryption
  5. Provides confidentiality, authenticity and ‘ non-repudiation
  6. The number of key used grows linearly with the number of users

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 4.
Write a note on PGP?
Answer:
Pretty Good Privacy (PGP): Phil Zimmermann developed PGP in 1991. It is a decentralized encryption program that provides cryptographic privacy and authentication for data communication. PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography and asymmetric-key cryptography and works on the concept of “web of trust”.

Question 5.
Explain 3D secure payment protocols?
Answer:
3-D Secure is a secure payment protocol on the Internet. It was developed by Visa to increase the level of transaction security, and it has been adapted by MasterCard. It gives a better authentication of the holder of the payment card, during purchases made on websites. The basic concept of this (XML-based) protocol is to link the financial authorization process with an online authentication system. This authentication model comprise 3 domains (hence the name 3D) which are:

  1. The Acquirer Domain
  2. The Issuer Domain
  3. The interoperability Domain.

PART – IV
IV. Explain in detail

Question 1.
Write about dimensions of E-Commerce Security?
Answer:
The following are some of the security elements involved in E-Commerce:

  1. Authenticity: conforming genuineness of data shared.
  2. Availability: prevention against data delay or removal.
  3. Completeness: unification of all business information.
  4. Confidentiality: protecting data against unauthorized disclosure.
  5. Effectiveness: effective handling of hardware, software and data.
  6. Integrity: prevention of the data being unaltered or modified.
  7. Non-repudiation: prevention against violation agreement after the deal.
  8. Privacy: prevention of customers’ personal data being used by others.
  9. Reliability: providing a reliable identification of the individuals or businesses.
  10. Review ability: capability of monitoring activities to audit and track the operations.

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 2.
Explain encryption technology?
Answer:
Encryption technology:
Encryption technology is an effective information security protection. It is defined as converting a Plaintext into meaningless Ciphertext using encryption algorithm thus ensuring the confidentiality of the data. The encryption or decryption process use a key to encrypt or decrypt the data. At present, two encryption technologies are widely used. They are symmetric key encryption system and an asymmetric key encryption system.

Symmetric key encryption:
The Data Encryption Standard (DES) is a Symmetric key data encryption method. It was introduced in America in the year 1976, by Federal Information Processing Standard (FIPS).

DES is the typical block algorithm that takes a string of bits of cleartext (plaintext) with a fixed length and, through a series of complicated operations, transforms it into another encrypted text of the same length. DES also uses a key to customize the transformation, so that, in theory, the algorithm can only be deciphered by people who know the exact key that has been used for encryption. The DES key is apparently 64 bits, but in fact the algorithm uses only 56. The other eight bits are only used to verify the parity and then it is discarded.

Today, it is considered that DES is not safe for many applications, mainly because of its relatively smaller key size (56-bit). But the key length can be easily increased by multiple use of the DES, described as Triple-DES, also known as TDES, 3DES or DESede.

Asymmetric or Public key encryption:
Asymmetric encryption also called as RSA (Rivest-Shamir-Adleman) algorithm. It uses public- key authentication and digital signatures. Until 1970s, there were only symmetric cryptosystems in which transmitter and receiver must have the same key. This raises the problem of key exchange andJcey management.

Unlike a symmetric encryption, the communicating parties need not know other’s private- key in asymmetric encryption. Each user generates their own key pair, which consists of a private key and a public key. A public-key encryption method is a method for converting a plaintext with a public key into a ciphertext from which the plaintext can be retrieved with a private key.

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 3.
Differentiate digital signatures and digital certificates?
Answer:
Digital signature:

  1. A digital signature is a mechanism that is used to verify that a particular digital document, message or transaction is authentic.
  2. Digital signatures are used to verify the trustworthiness of the data being sent
  3. Digital signature is to ensure that a data remain secure from the point it was issued and it was not modified by a third party.
  4. It provides authentication, non-repudiation and integrity
  5. A digital signature is created using a Digital Signature Standard (DSS). It uses a SHA- 1 or SHA-2 algorithm for encrypting and decrypting the message.
  6. The document is encrypted at the sending end and decrypted at the receiving end using asymmetric keys.

Digital certificate:

  1. A digital certificate is a computer file which officially approves the relation between the holder of the certificate and a particular public key.
  2. Digital certificates are used to verify the trustworthiness of the sender.
  3. Digital certificate binds a digital signature to an entity
  4. It provides authentication and security.
  5. A digital certificate works on the principles , of public key cryptography standards (PKCS). It creates certificate in the X.509 or PGP format.
  6. A digital certificate consist of certificate’s owner name and public key, expiration date, a Certificate Authority ‘s name , a Certificate Authority’s digital signature.

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 4.
Define Secure Electronic Transaction (SET) and its features?
Answer:
There are two kinds of security authentication protocols widely used in E-Commerce, namely Secure Electronic Transaction (SET) and Secure Sockets Layer (SSL).

Secure Electronic Transaction:
Secure Electronic Transaction (SET) is a security protocol for electronic payments with credit cards, in particular via the Internet. SET was developed in 1996 by VISA and MasterCard, with the participation of GTE, IBM, Microsoft and Netscape.

The implementation of SET is based on the use of digital signatures and the encryption of transmitted data with asymmetric and symmetric encryption algorithms. SET also use dual signatures to ensure the privacy.

The SET purchase involves three major participants: the customer, the seller and the payment gateway. Here the customer shares the order information with the seller but not with the payment gateway. Also the customer shares the payment information only with the payment gateway but not with the seller.

So, with the SET, the credit card number may not be known to the seller and will not be stored in seller’s files also could not be recovered by a hacker. The SET protocol guarantees the security of online shopping using credit cards on the open network. It has the advantages of ensuring the integrity of transaction data and the non-repudiation of transactions. Therefore, it has become the internationally recognized standard for credit card online transaction.

SET system incorporates the following key features:

  • Using public key encryption and private key encryption ensure data confidentiality.
  • Use information digest technology to ensure the integrity of information.
  • Dual signature technology to ensure the identity of both parties in the transaction.

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 5.
Briefly explain SSL?
Answer:
Secure Sockets Layers:
The most common Cryptographic protocol is Secure Sockets Layers (SSL). SSL is a hybrid encryption protocol for securing transactions over the Internet. The SSL standard was developed by Netscape in collaboration with MasterCard, Bank of America, MCI and Silicon Graphics.

It is based on a public key cryptography process to ensure the security of data transmission over the internet. Its principle is to establish a secure communication channel (encrypted) between a client and a server after an authentication step.

The SSL system acts as an additional layer, to ensure the security of data, located between the application layer and the transport layer in TCP.

For example, a user using an internet browser to connect to an SSL secured E-Commerce site will send encrypted data without any more necessary manipulations. Secure Sockets Layers (SSL) was renamed as Transport Layer Security (TLS) in 2001. But still it is popularly known under the name SSL. TLS differs from SSL in the generation of symmetric keys.

Today, all browsers in the market support SSL, and most of the secure communications are proceeded through this protocol. SSL works completely hidden for the user, who does not have to intervene in the protocol. The only thing the user has to do is make sure the URL starts with https:// instead of http:// where the “s” obviously means secured. It is also preceded by a green padlock.

Samacheer Kalvi 12th Computer Applications E-Commerce Security Systems Additional Questions and Answers

I. Choose The Correct Answer

Question 1.
…………………… has become the critical factor and core issue in any E-business.
Answer:
Security

Question 2.
…………………… cause harm to the computers.
Answer:
Viruses

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 3.
The stealing of online documents is called …………………….
(a) phishing
(b) virus
(c) Frauds
(d) information leakage
Answer:
(d) information leakage

Question 4.
Destroying the authenticity and integrity of the business information is ……………………….
(a) Information leakage
(b) Tampering
(c) Squatting
(d) Phishing
Answer:
(b) Tampering

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 5.
How many types of payment frauds are there?
(a) 2
(b) 3
(c) 4
(d) 5
Answer:
(b) 3

Question 6.
When the customer demands free reclaim or refund then it is …………………….
(a) Friendly Fraud
(b) Clean Fraud
(c) Triangular Fraud
(d) Unclean Fraud
Answer:
(a) Friendly Fraud

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 7.
Which is the fake online shops offering cheapest price and collecting credit card data?
(a) Friendly Fraud
(b) Clean Fraud
(c) Triangulation Fraud
(d) Square Fraud
Answer:
(c) Triangulation Fraud

Question 8.
The credit card information can be extracted using ……………………….
(a) malware
(b) cross site scripting
(c) SQL injection
(d) all of these
Answer:
(d) all of these

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 9.
DDoS means ……………………..
Answer:
Distributed Denial of Service

Question 10.
What is the other name for DDoS attacks?
(a) Nature Flood
(b) Network Flood
(c) Cyber Flood
(d) Virus Flood
Answer:
(b) Network Flood

Question 11.
Which is true about information leakage?
Answer:
(I) The contents of the transaction between the vendor and customer is stolen by the third party
(II) The documents provided by the merchant to the customer or vice versa are illegally used by another.
(a) I, II-both True
(b) I, II-False
(c) I-True, II-False
(d) I-False, II-True
Answer:
(a) I, II-both True

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 12.
…………………… is the illegal practice of registering an Intranet domain neames.
(a) Cyber squatting
(b) DDoS
(c) Malicious code
(d) Tampering
Answer:
(a) Cyber squatting

Question 13.
Directing users to a different website by taking advantage of user’s common type graphical errors in typing and direct users to different website is ………………………
(a) Cyber Squatting
(b) Typopiracy
(c) DDoS
(d) Tampering
Answer:
(b) Typopiracy

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 14.
Identify the typography.
(a) google.com
(b) facebook.com
(c) goggle.com
(d) gmail.com
Answer:
(c) goggle.com

Question 15.
Which refers to unauthorized intrusion into a computer or a network?
(a) Cracking
(b) Hacking
(c) Tampering
(d) DDoS
Answer:
(b) Hacking

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 16.
Unification of all business information is
(a) Authenticity
(b) Availability
(c) Completeness
(d) Integrity
Answer:
(c) Completeness

Question 17.
Match the following
(i) Authencity – 1. preventing data to be altered
(ii) Integrity – 2. Conforming genuineness of data shared
(iii) Reliability – 3. prevention against violation agreement after deal
(iv) Non Repudiation – 4. reliable identification of ‘individual’
(a) (i)-2 (ii)-1 (iii)-4 (iv)-3
(b) (i)-1 (ii)-2 (iii)-3 (iv)-4
(c) (i)-4 (ii)-3 (iii)-2 (iv)-1
(d) (i)-4 (ii)-2 (iii)-1 (iv)-3
Answer:
(a) (i)-2 (ii)-1 (iii)-4 (iv)-3

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 18.
Review ability is the capability of …………………………
(a) monitoring activities to audit and track the operations
(b) prevention of customer data used by others
(c) effective handling of hardware, software
(d) preventing data delay or removal
Answer:
(a) monitoring activities to audit and track the operations

Question 19.
Identity which is not a security technology in E-commerce transaction.
(a) Encryption
(b) Authentication technology
(c) Authentication protocol
(d) Integrity
Answer:
(d) Integrity

Question 20.
How many types of encryption technologies are there?
(a) 2
(b) 3
(c) 4
(d) 5
Answer:
(a) 2

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 21.
The conversion of plaintext into meaningless ciphertext is done by ………………………..
Answer:
encryption algorithm

Question 22.
DES is ………………………
Answer:
Data Encryption Standard

Question 23.
Which one is the symmetric key data encryption method?
(a) DAS
(b) DES
(c) SED
(d) EDS
Answer:
(b) DES

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 24.
FIPS means
(a) Finance Insurance Private Sector
(b) Finance Insurance Public Sector
(c) Federal Information Processing Standard
(d) None of these
Answer:
(c) Federal Information Processing Standard

Question 25.
Data Encryption standard was introduced in ………………………..
(a) America
(b) Africa
(c) India
(d) Russia
Answer:
(a) America

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 26.
DES was introduced in the year
(a) 1972
(b) 1975
(c) 1976
(d) 1978
Answer:
(c) 1976

Question 27.
DES was introduced by ………………………..
(a) FEPS
(b) FIPS
(c) FPS
(d) FPSE
Answer:
(b) FIPS

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 28.
The DES key is apparently ……………………….. bits.
(a) 16
(b) 32
(c) 64
(d) 128
Answer:
(c) 64

Question 29.
How many bits are used for parity check?
(a) 2
(b) 4
(c) 8
(d) 16
Answer:
(c) 8

Question 30.
How many bits are used by DES algorithm?
(a) 8
(b) 1
(c) 56
(d) 64
Answer:
(c) 56

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 31.
Triple – DES are also known as
(a) IDES
(b) 3DES
(c) DESede
(d) all of these
Answer:
(d) all of these

Question 32.
RSA means …………………….. algorithm.
Answer:
Rivest-Shamir-Adleman

Question 33.
What is the other name for Asymmetric key encryption?
(a) Symmetric
(b) DES
(c) Public
(d) Private
Answer:
(c) Public

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 34.
A ……………………. method is used for converting a plain text with a public key into a cipher text.
Answer:
public-key encryption

Question 35.
Find the correct statement about symmetric key encryption.
(a) plain text and cipher text are of same size
(b) The size of cipher text is always greater than plain text.
Answer:
(a) plain text and cipher text are of same size

Question 36.
The number of key used grows lineraly with the number of users in ……………………….
Answer:
asymmetric key Encryption

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 37.
Pick the odd one out.
(a) DES
(b) AES
(c) RC4
(d) DSA
Answer:
(d) DSA

Question 38.
Pick the odd on out.
(a) RSA
(b) RC4
(c) ECC
(d) DSA
Answer:
(b) RC4

Question 39.
Find the statement which is not true?
(a) Different keys are used for encryption and decryption
(b) Speed of encryption is Fast
(c) Speed of decryption is Slow
(d) The number of key used grows linearly
Answer:
(b) Speed of encryption is Fast

Question 40.
Public key encryption is devised by
(i) Whitfield Diffie
(ii) Mastin E. Heilman
(iii) Robert John
(a) (i)
(b) (ii), (iii)
(c) (i), (iii)
(d) (i),(ii)
Answer:
(d) (i),(ii)

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 41.
Public key encryption was devised in the year ………………………
(a) 1972
(b) 1974
(c) 1976
(d) 1978
Answer:
(c) 1976

Question 42.
A …………………….. is also known as public key certificate.
Answer:
digital certificate

Question 43.
Which one of the following is not present in the digital certificates?
(a) Sender’s identity
(b) digital signature
(c) Sender Name
(d) Public key
Answer:
(c) Sender Name

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 44.
Digital certificates are issued by recognized
(a) CA
(b) MA
(c) DA
(d) DC
Answer:
(a) CA

Question 45.
CA stands for ……………………..
Answer:
Certification Authority

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 46.
Common digital certificate systems are ……………………. and ………………………..
Answer:
X.509 and PGP

Question 47.
PGP was developed by ………………………
(a) Whitfield Diffie
(b) Martin E. Heilman
(c) Phil Zimmermann
(d) all the three
Answer:
(c) Phil Zimmermann

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 48.
PGP was developed in the year …………………….
(a) 1988
(b) 1981
(c) 1973
(d) 1991
Answer:
(d) 1991

Question 49.
PGP works on the concept of ………………………
Answer:
“Web of trust”

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 50.
Which One of the following is the decentralised encryption program?
(a) PGP
(b) X.509
(c) MGP
(d) X.511
Answer:
(a) PGP

Question 51.
The X.509 system is a centralized system digital certificate.
Answer:
X.509

Question 52.
Pick the odd one out.
(a) TCS
(b) CTS
(c) MTNL
(d) e-mudhra
Answer:
(b) CTS

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 53.
A …………………….. is a mechanism that is used to verify that the particular digital document, message or transaction is authentic
Answer:
digital signature

Question 54.
PKI means
(a) Public Key Instruction
(b) Public Key Infrastructure
(c) Public Key Interface
(d) Public Key Interrupt
Answer:
(b) Public Key Infrastructure

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 55.
A …………………….. is a hardware component that are used to identify and authenticate users.
Answer:
Security token

Question 56.
DSS means ………………………
Answer:
Digital Signature Standard

Question 57.
PKCS means …………………………
Answer:
Public key cryptography standards

Question 58.
A digital signature is created using
(a) HSS
(b) DSS
(c) PKCS
(d) PGP
Answer:
(b) DSS

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 59.
A digital signature has ……………………. algorithm for encrypting and decrypting the message.
(i) SHA-1
(ii) SHA-2
(iii) PGP
(iv) X.509
(a) (i),(ii)
(b) (ii), (iii)
(c) (iii), (iv)
(d) (i), (iv)
Answer:
(a) (i),(ii)

Question 60.
Digital certificate binds a ……………………… to an entity.
Answer:
(a) 2

Question 61.
There are …………………… kinds of security authentication protocols widely used in E-commerce.
(a) 2
(b) 3
(c) 4
(d) 5
Answer:
(a) 2

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 62.
SET means
(a) Secure Electronic Transaction
(b) Safe Encryption Time
(c) Signature Ensure Transaction
(d) Socket Electronic Transaction
Answer:
(a) Secure Electronic Transaction

Question 63.
SSL means ……………………..
Answer:
Secure Sockets Layer

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 64.
SET was developed with the participation of
(a) GTE
(b) IBM
(c) Microsoft
(d) all of these
Answer:
(d) all of these

Question 65.
Find the wrong statement.
(a) SET uses dual signatures to ensure privacy.
(b) The SET protocol guarantees the security of online shopping using credit cards.
(c) SET is a security protocol.
(d) It ensures non-integrity of information.
Answer:
(d) It ensures non-integrity of information.

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 66.
SSL means ……………………
Answer:
Secure Socket Layers

Question 67.
Which is a hybrid encryption protocol for securing transactions over the Internet?
(a) DSL
(b) SSL
(c) IP
(d) HTTP
Answer:
(b) SSL

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 68.
TLS means ……………………
Answer:
Transport Layer Security

Question 69.
SSL was renamed as TLS in the year ……………………..
(a) 1999
(b) 2000
(c) 2001
(d) 2002
Answer:
(c) 2001

Question 70.
Where is SSL located?
(i) Transport layer
(ii) Application layer
(iii) Session layer
(iv) Physical layer
(v) Presenation layer
(a) (i) and (ii)
(b) (ii) and (iii)
(c) (iii) and (iv)
(d) (iv) and (v)
Answer:
(a) (i) and (ii)

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 71.
The SSL standard was developed by ……………………..
(a) Mozilla
(b) google
(c) Netscape
(d) Internet
Answer:
(c) Netscape

Question 72.
The most common cryptographic protocol is …………………….
Answer:
Secure Socket Layer

Question 73.
In https://, ‘s’ stands for …………………….
(a) safe
(b) secure
(c) socket
(d) squatting
Answer:
(b) secure

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 74.
…………………… is a secure payment protocol on the Internet.
Answer:
3D secure

Question 75.
3D secure is adapted by ……………………
(a) Visa
(b) Master card
(c) Smart card
(d) Gift cards
Answer:
(b) Master card

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 76.
How many domains are there in the 3-D secure protocol?
(a) 2
(b) 3
(c) 4
(d) 5
Answer:
(b) 3

Question 77.
Pick the odd one out.
(a) The Acquirer Domain
(b) The bearer domain
(c) The Issuer Domain
(d) The interoperability domain
Answer:
(b) The bearer domain

II. Short Answers

Question 1.
What is E-commerce Security?
Answer:
E-Commerce security is a set of protocols that safely guide E-Commerce transactions through the Internet.

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 2.
What is virus?
Answer:
Viruses cause harm to the computers thereby harms the efficient and smooth functioning of E-Commerce. Some viruses destroy all the information stored in a computer and cause huge loss of revenue and time.

Question 3.
What is meant by cyber squatting?
Answer:
Cyber Squatting:
Cyber squatting is the illegal practice of registering an Internet domain . name that might be wanted by another person in an intention to sell it later for a profit.

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 4.
What is security token?
Answer:
A security token is a hardware component that are used to identify and authenticate users.

Question 5.
Define Hacking?
Answer:
Hacking refers to unauthorized intrusion into a computer or a network. That is to say breaking security to gain access to a website illegally and intercept confidential information.

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 6.
What is Ransomware?
Answer:
Ransomware:
Ransomware is a type of malware that usually encrypt all the files in a target’s computer and threatens to publish the critical data unless a ransom (money) is paid.

Question 7.
List some common digital certificate systems?
Answer:
Common digital certificate systems are X.509 and PGR

  1. Pretty Good Privacy (PGP):
  2. The X.509

Question 8.
WMt is SSL?
Answer:
The most common Cryptographic protocol is Secure Sockets Layers (SSL). SSL is a hybrid encryption protocol for securing transactions over the Internet. It is based on a public key cryptography process.

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 9.
Define OTP?
Answer:
One-Time Password (OTP):
A dynamic password that is valid for one login session or transaction provides a potential security for a e-payment transaction.

Question 10.
Define Brute-Force attack?
Answer:
Brute-force attacks is the simplest attack method for breaking any encryption; that is, trying all the possible keys one by one.

III. Explain in Brief Answer

Question 1.
Define Phishing?
Answer:
Phishing is also a E-Commerce threat in which a target is contacted by e-mail, telephone or text message by someone who pretend himself as a genuine authority. They try to trap individuals to provide sensitive data such as, banking and credit card details, OTP, PIN or passwords. Once they succeed, the results would lead to devastating acts such as identity theft and financial loss.

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 2.
What is meant by Tampering?
Answer:
Tampering:
E-Commerce has the problem of the authenticity and integrity of business information. When hackers grasp the data transmitted on the network, it can be falsified in the middle through various technical means, and then sent to the destination, thereby destroying the authenticity and integrity of the data.

Question 3.
Explain various types of payment frauds?
Answer:
Payment frauds: Payment frauds have subsets like Friendly fraud (when customer demands- false reclaim or refund), Clean fraud (when a stolen credit card is used to make a purchase) Triangulation fraud (fake online shops offering cheapest price and collect credit card data) etc.

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 4.
What is DDoS?
Answer:
Distributed Denial of Service (DDoS) Attacks: It is a process of taking down an E-Commerce site by sending continious overwhelming request to its server. This attack will be conducted from numerous unidentified computers using botnet. This attack will slow down and make the server inoperative. DDoS attacks is also called as network flooding.

Question 5.
What is DES?
Answer:
The Data Encryption Standard (DES) is a Symmetric key data encryption method. DES is the typical block algorithm that takes a string of bits of cleartext (plaintext) with a fixed length and, through a series of complicated operations, transforms it into another encrypted text of the same length.

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 6.
Explain the key features of SET?
Answer:
SET system incorporates the following key features:

  1. Using public key encryption and private key encryption ensure data confidentiality.
  2. Use information digest technology to ensure the integrity of information.
  3. Dual signature technology to ensure the identity of both parties in the transaction.

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 7.
Name the 3 domains of 3D secure?
Answer:

  1. The Acquirer Domain
  2. The Issuer Domain
  3. The interoperability Domain

IV. Explain in detail

Question 1.
Explain various types of E-commerce threats?
Answer:
(i) Information leakage:
The leakage of trade secrets in E-Commerce mainly includes two aspects: (a) the content of the transaction between the vendor and customer is stolen by the third party; (b) the documents provided by the merchant to the customer or vice versa are illegally used by the another. This intercepting and stealing of online documents is called information leakage.

(ii) Tampering:
E-Commerce has the problem of the authenticity and integrity of business information. When hackers grasp the data transmitted on the network, it can be falsified in the middle through various technical means, and then sent to the destination, thereby destroying the authenticity and integrity of the data.

(iii) Payment frauds:
Payment frauds have subsets like Friendly fraud (when customer demands false reclaim or refund), Clean fraud (when a stolen credit card is used to make a purchase Triangulation fraud (fake online shops offering cheapest price and collect credit card data) etc.

(iv) Malicious code threats:
Within an E-Commerce site, there are multiple vulnerable areas that can serve as an intrusion point for a hacker to gain payment and user information. Using malware, Cross Site Scripting or SQL Injection, an attacker will extract the credit card information and sell the acquired data on black markets. Fraud is then committed to extract the greatest value possible through E-Commerce transactions or ATM withdrawals, etc.

(v) Distributed Denial of Service (DDoS) Attacks:
It is a process of taking down an E-Commerce site by sending continious overwhelming request to its server. This attack will be conducted from numerous unidentified computers using botnet. This attack will slow down and make the server inoperative. DDoS attacks is also called as network flooding.

(vi) Cyber Squatting:
Cybers quatting is the illegal practice of registering an Internet domain name that might be wanted by another person in an intention to sell it later for a profit.

Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

Question 2.
Explain common digital certificate systems?
Answer:
Common digital certificate systems are X.509 and PGP:
1. Pretty Good Privacy (PGP):
Phil Zimmermann developed PGP in 1991. It is a decentralized encryption program that provides cryptographic privacy and authentication for data communication. PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography and asymmetric-key cryptography and works on the concept of “web of trust”.

2. The X.509 system is a centralized system in which the authenticity of the key is guaranteed by the hierarchy of certification authorities formally certifying the key relationship with the identity of its owner. Due to its clear responsibility, it is easier to implant in the law, X.509 is currently world wide accepted certification technology.