Assessing Certification Authorities: Guarding the Guardians of Secure E‐commerce?

Electronic commerce denotes the use of electronic means, usually the Internet, for creating and often fulfilling contracts without the use of face‐to‐face encounters. In recent years many countries have passed legislation to render to the electronic signature the same significance in contract formation as the traditional hand‐written signature. The general desire is to promote user trust and confidence in the process of authentication in the information age. Leading the charge to transform their traditional business into e‐commerce is the financial services industry, although many other sectors have begun to develop their electronic marketplace with gusto. What this means for money laundering is that wealth may be rapidly moved around the globe and so layering and integration become child's play. Online brokers, bankers and intermediaries of all varieties already accept instructions from clients using traditional user name and password type authentication. But the flawed nature of this type of authentication is rapidly forcing the adoption of public key cryptography with digital signatures and digital certificates. Unless a financial services institution can be absolutely certain about the identity of the online client, it is taking very great risks to accept instructions on their behalf. Recent advances in public key cryptography provide an enabling platform for the secure transaction of business.

[1]  Bruce Schneier,et al.  Inside risks: risks of PKI: e-commerce , 2000, CACM.

[2]  Ronald M. Lee Automated generation of electronic procedures: procedure constraint grammars , 1999, Proceedings of the 32nd Annual Hawaii International Conference on Systems Sciences. 1999. HICSS-32. Abstracts and CD-ROM of Full Papers.

[3]  Rossouw von Solms,et al.  The evaluation and certification of information security against BS 7799 , 1998, Inf. Manag. Comput. Secur..

[4]  James Backhouse,et al.  Structures of responsibility and security of information systems , 1996 .