Previous Table of Contents Next


Chapter 10
Developing a Trusted Infrastructure for Electronic Commerce Services

David Litwack

For businesses to embrace open systems such as the Internet as a means of conducting commercial transactions, methods of ensuring security must be more fully developed. This chapter proposes ways of confirming sender and recipient identities, protecting confidentiality, and date and time stamping in an effort to develop a trusted network infrastructure for electronic commerce.

INTRODUCTION

The use of internetworking applications for electronic commerce has been limited by issues of security and trust and by the lack of universality of products and services supporting robust and trustworthy electronic commerce services. Specific service attributes must be addressed to overcome the hesitation of users and business owners to exploit open systems — such as the Internet — for commercial exchanges. These service attributes include:

  Confirmation of identity (non-repudiation). This indicates proof that only intended participants (i.e., creators and recipients) are party to communications.
  Confidentiality and content security. Documents can be neither read nor modified by an uninvited third party.
  Time certainty. Proof of date and time of communication is provided through time stamps and return receipts.
  Legal protection. Electronic documents should be legally binding and protected by tort law and fraud statutes.

SERVICE ATTRIBUTE AUTHORITY

To support these service attributes, an organization or entity would need to provide:

  Certificate authority services, including the registration and issuance of certificates for public keys as well as the distribution of certificate revocation and compromised key lists to participating individuals and organizations.
  A repository for public key certificates that can provide such keys and certificates to authorized requesters on demand.
  Electronic postmarking for date and time stamps, and for providing the digital signature of the issuer for added assurance.
  Return receipts that provide service confirmation.
  Storage and retrieval services, including a transaction archive log and an archive of bonded documents.

These service attributes could be offered singly or in various combinations. The service attribute provider would have to be recognized as a certificate and postmark authority. The following sections describe how a service attribute provider should work.

Certificate Authority

Although public key encryption technology provides confidentiality and confirmation of identity, a true trusted infrastructure requires that a trusted authority certify a person or organization as the owner of the key pair. Certificates are special data structures used to register and protectively encapsulate the public key users and prevent their forgery. A certificate contains the name of a user and its public key. An electronic certificate binds the identity of the person or organization to the key pair.

Certificates also contain the name of the issuer — a certificate authority (CA) — that vouches that the public key in a certificate belongs to the named user. This data, along with a time interval specifying the certificate’s validity, is cryptography signed by the issuer using the issuer’s private key. The subject and issuer names in certificates are distinguished names (DNs), as defined in the International Telecommunications Union-Telecommunications Standards Sector (ITU-TSS) recommendation X.500 directory services. Such certificates are also called X.509 certificates after the ITU-TSS recommendation in which they were defined.

The key certificate acts like a kind of electronic identity card. When a recipient uses a sender’s public key to authenticate the sender’s signature (or when the originator uses the recipient’s PKS to encrypt a message or document), the recipient wants to be sure that the sender is who he or she claims to be. The certificate provides that assurance.


Exhibit 1.  The Registration Process.

A certificate could be tied to one individual or represent an organizational authority that in turn represents the entire organization. Also, certificates could represent various levels of assurance — from those dispensed by a machine to those registered with a personally signed application. Additional assurance could be provided by the personal presentation of a signed application along with proof of identity or by the verification of a biometric test (e.g.,fingerprint or retina scan) for each use of the private key.

Exhibit 1 shows a possible scenario for obtaining a certificate. The registration process might work as follows:

  The affiliate (i.e., candidate for certificate) fills out the application, generates private-public key pairs, and sends for the certificate, enclosing his or her public key.
  The organizational authority approves the application.
  The organizational authority passes the certificate application to the certification authority.
  The certification authority sends back a message confirming receipt of the application.
  After proper proofing, the certification authority sends the certificate to the applicant-affiliate.
  The applicant-affiliate then loads the certificate to his or her workstation, verifies the certificate authority’s digital signature, and saves a copy of the certificate.

Digital Signatures

Exhibit 2 illustrates how a digital signature ensures the identity of the message originator. It shows how a message recipient would use an originator’s digital signature to authenticate that originator.

On the Web, authentication could work as follows:

  The originator creates a message and the software performs a hash on the document.
  The originator’s software then signs the message by encrypting it with the originator’s private key.
  The originator sends the message to the server attaching his or her public key and certificate to the message, if necessary.
  The server either requests the originator’s public key from a certificate/key repository or extracts the certification from the originator’s message.

With this service, the authentication authority could either attach an authentication message verifying the digital signature’s authenticity to the originator’s message or provide that authentication to the recipient via a publicly accessible database. Upon receipt, the recipient would either acknowledge the originator’s authenticity via the attached authentication message or access the public key and certificate from the publicly accessible database to read the signature.

To provide such levels of assurance, the certification authority must establish proofing stations where individuals and organizations can present themselves with appropriate identification and apply for certificates. The authority must also maintain or be part of a legal framework of protection and be in a position to mount an enforcement process to protect customers against fraud.


Previous Table of Contents Next

Copyright © CRC Press LLC