With the advance of electronic commerce and other networked services there is a growing need for easy to use secure software. The problem with the security features and applications in much of today's software is that it is very technology-oriented. In order to correctly use it a basic knowledge of the underlying technology is often necessary. Our objective is to develop a security concept that supports a user in making educated decisions and managing security issues in everyday networked service access situation. In this paper we present a user centered approach to the design of security software. We apply user centered design to the development of a security manager concept for a portable computer and communication device. The security manager supports the users in building a security policy and following this policy to form secure connections over an open network. The development of a user centered security concept for a personal communication device is described. The main focus is on the development of the relevant security concepts for a non-technical user of networked services. An example of how to implement such a concept using public-key infrastructures and digitally signed certificates is also presented, as well as discussion on how this concept can be applied to a more general case of secure access to networked services.
[1]
Randall J. Atkinson,et al.
On Internet Authentication
,
1994,
RFC.
[2]
Udo W. Pooch,et al.
Computer system and network security
,
1995
.
[3]
J. D. Tygar,et al.
Usability of Security: A Case Study,
,
1998
.
[4]
W. Douglas Maughan,et al.
Internet Security Association and Key Management Protocol (ISAKMP)
,
1998,
RFC.
[5]
Pekka Nikander,et al.
Storing and Retrieving Internet Certificates
,
1998
.
[6]
Pekka Nikander,et al.
Certifying Trust
,
1998,
Public Key Cryptography.
[7]
Pekka Nikander,et al.
Distributed Policy Management for JDK 1.2
,
1999,
NDSS.