Search results

This article has been withdrawn as it was published elsewhere and accidentally duplicated. The original article can be seen here: 10.1108/09685229610114222. When citing the article, please cite: Carrie Liddy, (1996), “Commercial security on the Internet”, Information Management & Computer Security, Vol. 4 Iss: 1, pp. 47 - 49.

Discusses the requirements ‐ both technical and geopolitical ‐ for enabling seamless, secure transactions over the Internet. Discusses options in technical approaches, including trusted third party (TTP) and self‐signed certification authorities. Depicts the relevant layers of interactions each option entails. Explains the structures of proprietary keying systems and of hierarchical certification authorities. Addresses the geopolitical elements ‐ especially policy and procedures, and national legal frameworks ‐ required to effectively implement the trust that secure transactions require.

Presents the major approaches for achieving commercial security on the Internet, public key and key escrow. Discusses the implications of (US) legislation putting limitations on the type or strength of key it is best to employ for a given business. Presents the typical modes of delivering authentication and other services.

Many products and enterprise solutions are becoming available to ensure seamless, secured electronic transactions, all of which must find common trust. This paper reviews the models along a continuum with the low‐assurance self‐signing certificate authority (CA) at one end, and the high‐assurance PKI hierarchical CA at the other. The evolution of technologies and market readiness along the continuum is discussed. The authors expand on earlier discussions of technology and geopolitical solutions and suggest mechanisms, principally the adoption of international standards and protocols, to establish universal trust across national boundaries.

There is a growing trend to delivering more efficient and more effective products and services with fewer and fewer resources. This trend is reflected in both the commercial and government sectors. The Internet is being viewed as the vehicle that could resolve many of these business delivery challenges. With the advent of public key security and certification, the transition from current business delivery to future Internet‐based systems is now possible. Deals with how public key cryptography may be used for business applications in the future, and also considers the theoretical applications of public key technology and certification processes. Examples of current technical solutions will be addressed in a future paper.