UNIT 2

1. Explain the architecture framework of E commerce

 The architecture framework of e-commerce refers to how the system is structured to enable
online transactions efficiently and securely. It involves multiple layers, components, and
technologies working together. Here’s a simple explanation:
 Presentation Layer (Front-End)
i. What it does: The part customers interact with directly, like websites or mobile apps.
ii. Examples: Product pages, shopping carts, search bars, and payment forms.
iii. Key Technologies: HTML, CSS, JavaScript, and frameworks like React or Angular.
 Application Layer (Business Logic)
i. What it does: Handles the core functionality, like processing orders, managing
inventory, and calculating prices.
ii. Examples: Adding items to a cart, Validating payment details, Checking product
availability.
iii. Key Technologies: Programming languages like Python, Java, or PHP; frameworks like
Django or Spring.
 Data Layer (Database Management)
i. What it does: Stores all data related to the e-commerce platform.
ii. Examples: Customer information, Product catalog
iii. Key Technologies: Databases like MySQL, MongoDB, or Oracle.
 Middleware Layer
i. What it does: Acts as a bridge between the front-end, application, and database layers,
ensuring smooth communication.
ii. Examples: APIs that connect the payment gateway with the system, Authentication
tools to verify user identities.
iii. Key Technologies: API frameworks, message brokers like RabbitMQ.
 Network Layer
i. What it does: Facilitates secure communication between users and the platform.
ii. Examples: Secure payment processing., Encrypting customer data during transmission.
iii. Key Technologies: SSL/TLS certificates, firewalls, and content delivery networks (CDNs).

Summary Diagram of E-commerce Architecture Framework:

Customer Interface (Front-End)

Business Logic (Application Layer)

Data Storage (Database Layer)

Middleware (Connecting Components)

Network & Security Layers

2. Explain the security issues of E commerce
 E-commerce platforms face various security challenges that can harm businesses and
customers. Here are the main security issues in e-commerce:
 Fraudulent Transactions
i. What happens: Fake transactions or payments using stolen credit cards.
ii. Impact: Financial loss for businesses and potential legal issues.
iii. Example: Hackers use someone else's credit card details to place orders.
 Data Breaches
i. What happens: Cybercriminals steal sensitive information like customer names,
addresses, passwords, or payment details.
ii. Impact: Loss of customer trust and legal penalties for the company.
iii. Example: Hacking into the database to steal customer credit card details.
 Phishing Attacks
i. What happens: Fake websites or emails trick users into sharing login credentials or
payment information.
ii. Impact: Customer accounts are compromised, leading to unauthorized purchases.
iii. Example: Receiving an email that looks like it's from Amazon but leads to a fake login
page.
 Weak Authentication
i. What happens: Poor security practices like simple passwords or lack of two-factor
authentication (2FA).
ii. Impact: Accounts are easily hacked, putting customer data at risk.
iii. Example: Using "password123" as an admin password.
 Lack of Security Updates
i. What happens: Outdated software or plugins create vulnerabilities.
ii. Impact: Hackers exploit these gaps to access the system.
iii. Example: An e-commerce site running on an old version of software gets hacked.
 Identity Theft
i. What happens: Criminals steal personal information to impersonate someone online
ii. Impact: Fraudulent orders, fake accounts, and loss of customer trust.
iii. Example: A hacker using stolen IDs to create fake customer accounts.
 How to Address These Security Issues?
1. Use SSL/TLS: Secure data transmission with encryption.
2. Enable 2FA: Add an extra layer of security to user accounts.
3. Regular Updates: Keep software and plugins up to date.
4. Fraud Detection Tools: Monitor transactions for suspicious activities.
5. Educate Users: Teach customers to recognize phishing scams and secure their accounts.
 Conclusion: By implementing robust security practices, e-commerce platforms can reduce risks
and protect both customers and businesses

3. what is data encryption and explain its types?

 Data encryption is a method of converting plain text (readable data) into unreadable code
(ciphertext) to protect it from unauthorized access. Only those with the correct decryption key
 can convert the data back into its original form. Encryption ensures that even if hackers access
the data, they can’t understand or misuse it.
 Types of Data Encryption
1. Symmetric Encryption: The same key is used for both encryption and decryption.
Advantages: Faster and efficient for large amounts of data.
Disadvantages: Sharing the key securely is challenging. If the key is intercepted, the data is
compromised.
2. Asymmetric Encryption: Two keys are used: a public key for encryption and a private key
for decryption. The public key can be shared openly, but the private key is kept secret.
Advantages: More secure as private keys are never shared.
Disadvantages: Slower than symmetric encryption due to complex computations.
 Other Types of Encryption Techniques
1. Hashing (One-Way Encryption): Converts data into a fixed-size hash value (irreversible).
Hashes cannot be decrypted; they are only used for verification.
2. End-to-End Encryption (E2EE): Data is encrypted on the sender’s device and decrypted only
on the receiver’s device. Even the service provider cannot read the data.
 Comparison of Encryption Types

Type Key usage Speed Use case

Symmetric Single shared key Faster File encryption,
secure databases
Asymmetric Public-private key Slower Secure emails, digital
pair signatures
Hashing No key (one-way Fast Password storage,
process) data integrity
End-to-End Combination (both) Depends Messaging, video
calls

Real-Life Applications of Encryption:

1. Symmetric Encryption: Encrypting files, securing online transactions.

2. Asymmetric Encryption: Securing websites with SSL certificates, digital signatures.
3. Hashing: Storing passwords or verifying file integrity.
4. End-to-End Encryption: Protecting communications in apps like Signal or WhatsApp.