Application of Public Key Infrastructure in E-Business
|
|
- Phoebe Skinner
- 7 years ago
- Views:
Transcription
1 Application of Public Key Infrastructure in E-Business A. Kazerooni, M. Adlband, O. Mahdiyar Department of Electrical Engineering, Kazerun Branch, Islamic Azad University IRAN Abstract: Public Key Infrastructures (PKIs) are bases of secure internal communications for an organization. Using PKIs for ultra-organization communications provides many advantages. However, it is too difficult to achieve required level of cooperation between PKIs. E-Business needs implementation of PKIs between domains which have different Certificate Authority (CA). Thus, some problems arise due to security policies and different coding methods in PKI of each firm business. This paper introduces the public key infrastructure and its implementation requirements for the firms. Then we investigate issues of PKI cooperation. Key-Words: E-Business,PKI,Public Key Infrastructure 1 Introduction Security is an important center of attention in the world of electronic commerce or electronic business which is done on the internet. In 1999, an audit found that reliance and privacy are main barriers for e-commerce from CEO view. E- commerce is broader than simple shopping on the Internet. Thus, security of e-commerce not only is necessary for online retail, but also it is required for every electronic task, whether B2C or B2B. Using digital certificate, it is more than 20 years that PKI technology is available. It seems that PKI includes privacy requirements, data integrity, identification, and access/denial control. Version is the best known company in the field of PKI management service. It is usually seen through pop up messages when one navigates webpages. A simple definition of PKI can be arranged as follows; a developed software infrastructure using public key technology which applies digital certificates and codding algorithms in order to secure data transfer over a public network such as internet [3]. Digital certificate is an official document which ensures dependency of key and ID. It covers following data; Key, ID, key application type and document validity period [7]. 1.1 Main Components of PKI PKI usually has one or more Trusted Third Porttes (TTPs) which are named as Certificate Authority (CA). A CA produces public key certificates (see Figure 1). generally, PKI includes a set of CAs, their produced certificates, policies of certificate propagation and other parties (Interface Protocols) which are supports for management production and distribution of public key certificates (see Figure 1). There are four main components in PKI: - Certificate Authority (CA) - Registration Authority (RA) for certificate content control and to make sure that it belongs to its owner. - Repository for distribution of certificates and certificate cancellation lists with maximum efficiency and accessibility. - Archive for the safe and long-term storage of information [1,7]. - 2 Smart Cards In PKI, unlike other methods of electronic signature, codes are unique to its owner and each operation. Digital signatures operate as if there is a printing and stamping machine in each smart card. They put an especial signal on each message or file produced by its career. Such digital signatures are valid indefinitely. That s, signal can always be evaluated to verify its source, easily. For processing of digital signature operation, receiving software needs a copy of sender certificate and special identified master code. The master code is used as root certificate for ISBN:
2 evaluation of all certificates of a PKI project. Different master codes define different PKIs. Application software can include all required master codes. Alternately, one can install the required codes later. - Figure 1: Application and certification process [7]. Digital certificates can be canceled at any time, electronically. Cancellation may be applied when carrier has lost his/her smart card. Alternatively, you can automatically revoke the certificate of a business to cancel membership or being disqualified [2]. 3 Fundamentals of PKI Implementation The steps required to implement an organization PKI are; - Step One: Gathering Information - Step Two: Decision - Step Three: Selection of PKI vendors - Step Four: Preparing for Infrastructure - Step Five: Implementation of PKI 3. PKI Interoperability Issues in E-Commerce The most basic PKI architecture is a CA included type which contains production and provision of certificate information to all end users of PKI. Use and management of a PKI in a "controlled environment" seems to be relatively simple. It is similar to a single organization affiliated with several departments. However, B2B e-commerce requires a more complex architecture of PKI containing several CA, since it contains trades using digital tools between partners that usually each have their own CA. Apart from the security services, other related factors should also be considered, such as realtime services, delivery time of products and. To meet consumer needs, effective supply chain management is crucial for an e-commerce organization. General requirements for an organization with e-commerce are as follows; - Company should be able to be in touch with its suppliers and customers, safely and quickly. To operate at maximum efficiency and to provide timely services for consumers. - E-commerce companies should be able to cooperate with other companies to share and exchange information. To meet these needs, e-commerce organizations should be able to establish secure communication links. For instance, to manage value chain in real time, a staff from company A may need to communicate with financial unit of company B and the also supply unit of company C. This is quite natural that we try to use available PKIs previously provided for internal security of organization. Furthermore, there would be enormous potential benefits if such facilities are available. However, it is too difficult to gain required standards for interoperability of different PKIs. Basically, a PKI is normally based on a set of rules and understanding meanings and applications of public key certificates. The rule set may be frank such as certificate policy and/or it may be implicit such as certificate practice statements. Rule sets and their interpretations are inevitably different. Therefore, some difficulties may arise in PKI cooperation. That is, certificate interpretation as a component of a PKI is quietly confusing. As a result, interoperability has become a serious issue affecting the growth of PKI in e-commerce. However, there are some efforts for simplification of PKI cooperation (2001, PKI Forum), but it is still some problems as follows; - Different Developments of X Different policies for issued certificates. - Different requirements on certification issues. - Different Library Protection. - Different Properties of PKI Applications - Differrent standards for Storing and Retrieving Certificates. - Different PKI Knowledge among organization Staff. 4 PKI Interoperability Models There are some models available for definition of CA communication. Model selection affects interoperability. There are three models which are ISBN:
3 usually discussed; Hierarchical Model, peer to peer model (or Mesh Model) and the Bridge Model. In these models, pairs of CAs have direct relationships. The relationship between CA includes confidential exchange of public keys and construction of a pair of specific public key certificates called Cross-Certificate. It means that if A and B communicate, then A signs a public key certificate for B, and vice versa. If an A client (an existence in PKI territory which contains A) is going to evaluate public key certificates signed by B, at first, It can evaluate Cross-Certificate. Therefore, the public key of B is evaluated and as a result, client is able to evaluate B signature on the public key certificate. The cross-certificate concept can be extended to certificate chain which evaluates a series of cross certificate connecting the pairs of CAs. 4.1 Hierarchical Model Many of current PKI implementations use hierarchical schema which contains public key rules. Hierarchical schema may also be signed by an authority. The authority may have a certificate issued by a higher reference. The chains of authority references may goes to the top authority, hierarchically. This is the approach which usually defines the infrastructure of certificate management or public key infrastructure [3]. In hierarchical models, all CAs are arranged in a clear and strict hierarchy. At the top, there is a Root CA. Each pair of CAs has an upper CA. Therefore, an end user can simply determine a unique chain of certificates. As a result, the end user is able to evaluate any public key. Although it is a simple and attractive issue, it is not a model for all of real world situations. CA hierarchy needs relationship with a trust adaption hierarchy. Otherwise, the implementation is not possible (See Figure 4). Trade entities, which are CA operators of B2B e-business, usually don't belong to a natural hierarchical authority. Thus, hierarchical model is not simply applicable. In addition, if a hierarchy of CAs can effectively be implemented, it exposes large load of trust on one point called as Root CA. It is noticeable that the trust concentration may be inevitable and it may happen in Bridge model [1]. In practice, PKI hierarchy is instantly implemented in well-defined administrative domains. Complicated operation methods between Registration Authority (RA) and Certificate Authority (CA) from one side, and CA to CA relations from other side arise several challenges in CA communications. One of considerable problems is Certificate Practice Statements (CPS) and the process of effective and timed management of cancelled certificate lists [3]. Figure 4: Hierarchical Model for CA communication in PKI [4] 4.2 Peer to Peer Model (Mesh Model) Peer-to-Peer model provide a cross-certificate for each pair of CA. This is very much related to business reality. Probably, it finely works for a small community organization (a few CAs) which each couple of CA can have one relationship. In this case, an end user needs to evaluate a crosscertificate, only (See Figure 5). Figure 5: Mesh Model for CA Communication in PKI [1]. Unfortunately, this model can t be used for many of CAs in the complicated multi-national world of e-business. However, it is discussable that we don't need to have a relationship for each pair of CA. There are two problem related to this model; i) it exposes unacceptable large amount of potential load on end user. ii) Using a non-public chain, effective transportation of trust (such as what is need for interoperability of PKI) is probably low. 4.3 Bridge Model Bridge model is roughly a compromise between two mentioned models. In this model, there is one or more CAs which communicates with other ISBN:
4 CAs. In this case, a chain of certificates including pairs of cross-certificates is enough for enabling end user to evaluate public key certificate of other user. This model needs much less crosscertificates in comparison to basic peer-to-peer model. In addition, the end user can still make a short chain and well-defined certificate (see Figure 6). Figure 6: Bridge Model for CA Communication in PKI [1] The only problem is to determine proper authorities in order to provide and implement CA Bridge. Such an organization should have a trustable well-defined communication with other CAs. A possible candidate for implementation of Bridge CA can be a federal government such as US federal bridge. In addition, there are several positive results for federal bridge CA. However, such a solution cannot be used for international interoperability. 5 The goal of PKI interoperability issues There are the following issues for PKI interoperability. PKI profile Standards Development and application of Bridge Model Personnel education of PKI technology Rules of industrial forums and Merchants New models for establishing liability transfer Certificate Translation Services Government Support The relationships between Bridge CA PKI current situations After the passage of the hopelessness, public key infrastructure recovers slowly and trustfully about the year New interest in PKI is for better understanding of its unique properties and requirements of immediate security in many new types of e-business. In Asia, PKI applications are progressing rapidly. The progression is affected by many models of new and important vertical construction of PKI. Certain courts in the region, including Australia, Hong Kong, SAR and Singapore were PKI pioneers since 1990s. Public key infrastructure has had some success across the world in the past 10 years. Although some courts, such as Australia and America were quite disappointed, others such as China and Korea, considered PKI infrastructure necessary for e- Business. In Asia, PKI is in an optimal position, but its implementation is difficult and expensive. Specifically, regulators are bewildered in their proper duty. PKI licensing programs in places like Singapore, Hong Kong and Australia are not in large demand. All countries should carefully examine the new PKI test. Particularly, they should also be sure about having flexible governmental sites which have reference to the quality standards of authentication and identification. 6 Current Important PKI Designs New ways of thinking about PKI is based on previous transactions and communications between all parties of structured e-business. Contemporary PKI almost always includes the communities of fans. All users have a prior business relationship. This are remained PKI which are now in progress. They are vertical in nature with well-defined areas and strict controls on cooperation. Partners often have predefined communications such as governmental certificates and there are regular legal responsibilities. Therefore, PKI implementation is easy. Asia PKI Forum (APKIF) is a PKI coalition of national associations from China, Hong Kong, Japan, Korea, Singapore, Chinese Taipei and Vietnam. Observers from Thailand and Kazakhstan and international organizations (Organization for the Advancement of Structured information Standards) and (The European Tele Communications Standards Institude) ETSI also attend these activities. Malaysia and India are goaled membership countries. APKIF also links regional forums in Mexico, South America, Africa and the Middle East. APKIF works in four working groups: Applications and business, Interoperability and exchange, Legal infrastructure and global cooperation. ISBN:
5 Their duty is to analyze legal responsibilities in cross-border e-commerce and online disputes. Asian Business Coalition (PAN Alliance Asia e- Commerce) supervise nine CA with commercial CA digital certificate in online documentation of trades between Hong Kong, China, Chinese Taipei, Korea and others [1]. In Korea, Six of the largest banks exchange 10 million certificates [2]. In Australian, There is a great interest in the publication of digital "communications certificate" for "known customers". That s, people who are already known to the certificate releaser. This is the new model for central core of current reforms for PKI accreditation program in commonwealth countries [2]. 7 Conclusions E-commerce security is a prerequisite. Good standards of security are trust prerequisite for economic actors operating in the electronic environment. In fact, security is considered as one of the major challenges in developing and developed countries. In the world of distributed services, timeless and network provide massive amounts of opportunities for vulnerabilities. E-commerce is entering a new generation of digital certificates. Using electronic signature, a big evolution occurs in relationships and interactions. Actually, using digital certificates, documents are identifiable and can be followed. Development of electronic commerce in areas such as transactions between the firms is of growing security of digital certificate. More than 80 percent of global e-commerce is based on B2B model (interaction between the firms). Reducing bureaucracy in the interaction, digital certificates helps development of this model and as a result the prosperity of macroeconomics. Using digital certificate, PKI technology platform regulates Internet transactions and virtual identity authentication. Using PKI for secure B2B e- commerce arena has a lot of advantages. Many organizations have implemented a PKI to support their internal security functions. PKI is a business, like most new technologies of information has its own difficulties. However, exclusive value of PKI in specific types of on-line transactions has been widely acknowledged. Today, we have more advance understanding of PKI. According to Australian IT Security; «overwhelming experience in the PKI is used for the automation of routine transactions, what removes existing relationships and creates most value." Thus, use of PKI in vertical marketplaces and specific applications spread, quickly [2]. Therefore, It is still a goal for future to promise an effective public key infrastructure which its data transfer is safe at anytime and anywhere and it needs no setup or pre-planned communication. Serious problems in interoperability limit PKI application for over boundaries of organizations. Removing such barriers for cooperation and promotion of PKI is critical for the future of B2B e-commerce. In this study, we study some issues of PKI implementation and cooperation in interactions between firms and we provide solutions to deal with them. 8 References [1] Pita Jarupunphol and Chris J.Mitchell, Information Security Group, Royal Holloway, University of London, "PKI Implementation Issues in B2B E-Commerce "EICAR Conference Best Paper Proceedings 2003 [2] Stephen Wilson, Managing Director, Lockstep Cosulting Pty Limited, Australia "The Importance of PKI Today", China Communications December 2005 [3] Eric C.Turner, School of Business and Public Management, The George Washigton University, "Public Key Infrastructure: Is this Digital ID system Having an Identity Crisis of Its Own?", Decision Line, September/October 2000 [4] Nura Information Technology center Public Key Infrastructure 87/12/15. In Persian. [5] [6] Rahbar Anformatik Services Applcation of Electronic Certificate in Applied Systems (Digital Signature). In Persian. [7] Esfahaan University of Technology- Introduction of Public Key Infrastructure (PKI) and X.509 Standard. In Persian. [8] Trade Ministry, E-Commerce Development Office, ICT Performance Report and E- commerce In Persian. 20Commerce%20ICT%20Performance%20Repor t.doc [9] Fannavaran e Ettela at, Interview of e- commerce development prime manager. 6th of Aban, In Persian. ISBN:
PKI implementation issues in B2B e-commerce Pita Jarupunphol and Chris J. Mitchell Information Security Group, Royal Holloway, University of London
PKI implementation issues in B2B e-commerce Pita Jarupunphol and Chris J. Mitchell Information Security Group, Royal Holloway, University of London About the authors Pita Jarupunphol (B.B.A. (Dhurakijpundit)
More informationConclusion and Future Directions
Chapter 9 Conclusion and Future Directions The success of e-commerce and e-business applications depends upon the trusted users. Masqueraders use their intelligence to challenge the security during transaction
More informationA Model of a Localized Cross-Border E-Commerce
ibusiness, 2012, 4, 136-145 http://dx.doi.org/10.4236/ib.2012.42016 Published Online June 2012 (http://www.scirp.org/journal/ib) A Model of a Localized Cross-Border E-Commerce Abbas Asosheh 1, Hadi Shahidi-Nejad
More informationAITSF Position Paper. PKI Governance in Australia
AITSF Position Paper PKI Governance in Australia Prepared by Stephen Wilson, SecureNet V 1.0 April 2003 AITSF Position Paper on PKI Governance in Australia April 2003 Page 2/5 Abstract This paper presents
More informationThe Importance of PKI Today
The Importance of PKI Today Stephen Wilson Managing Director, Lockstep Consulting Pty Limited, Australia ABSTRACT Public Key Infrastructure around the world has had mixed success over the past ten years.
More informationAsia-Pacific Application Performance Management Market CY 2013 Rapidly Changing Application Architecture and Business Environment Drives the Market
Asia-Pacific Application Performance Management Market CY 2013 Rapidly Changing Application Architecture and Business Environment Drives the Market October 2014 Contents Section Slide Number Executive
More informationCertification Practice Statement
FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification
More informationCisco IOS Public-Key Infrastructure: Deployment Benefits and Features
Data Sheet Cisco IOS Public-Key Infrastructure: Deployment Benefits and Features Introduction to Public Key Infrastructure Public Key Infrastructure (PKI) offers a scalable method of securing networks,
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationCurrent Regulatory Barriers Against Foreign Lawyers Practicing In Malaysia
Current Regulatory Barriers Against Foreign Lawyers Practicing In Malaysia To practice law in Malaysia, one has to be a qualified person. To be a qualified person, one must be called to the Bar by fulfilling
More informationINFORMATION ECONOMY REPORT 2015: Unlocking The E-commerce Potential For Developing Countries
INFORMATION ECONOMY REPORT 2015: Unlocking The E-commerce Potential For Developing Countries Torbjörn Fredriksson (torbjorn.fredriksson@unctad.org) Chief, ICT Analysis Section, UNCTAD Commonwealth Cybersecurity
More informationSingaporean exports set to accelerate due to Asian economic rebound and global trade agreements coming online
News Release 29 May 2015 Singaporean exports set to accelerate due to Asian economic rebound and global trade agreements coming online ** Singapore expected to see one of the highest trade growth rates
More informationGLOBAL PAYMENTS AND CASH MANAGEMENT. Solutions For Asia-Pacific
GLOBAL PAYMENTS AND CASH MANAGEMENT Solutions For Asia-Pacific INTRODUCTION HSBC s commitment to supporting your cash management needs goes well beyond our extensive geographic coverage of the Asia-Pacific
More informationEricsson Group Certificate Value Statement - 2013
COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...
More informationCONNECTING WITH CONFIDENCE: OPTIMISING AUSTRALIA S DIGITAL FUTURE. AIIA Response
CONNECTING WITH CONFIDENCE: OPTIMISING AUSTRALIA S DIGITAL FUTURE AIIA Response 14 November 2011 INTRODUCTION The Australian Information Industry Association (AIIA) is the peak national body representing
More informationNumber of relevant issues
Electronic signature Lecture 8 Number of relevant issues cryptography itself algorithms for signing documents key management generating keys, distribution, key revocation security policy certificates may
More informationHow To Manage An Ip Telephony Service For A Business
Enabling organisations to focus on core revenue generating activities Your business needs reliable, flexible and secure communication tools to enable better connectivity and collaboration with your employees,
More informationCertificate Policies and Certification Practice Statements
Entrust White Paper Certificate Policies and Certification Practice Statements Author: Sharon Boeyen Date: February 1997 Version: 1.0 Copyright 2003 Entrust. All rights reserved. Certificate Policies and
More informationUNCITRAL United Nations Commission on International Trade Law Introduction to the law of electronic signatures
Introduction to the law of electronic signatures Luca Castellani Head, Regional Centre for Asia and the Pacific UNCITRAL Secretariat Incheon, Republic of Korea Outline 1. Methods and technologies for electronic
More informationPKI for Supporting Cross-Border
PKI for Supporting Cross-Border e-commerce Kwok-Yan Lam 3 October 2004 1 Background Research project commissioned by Asia-Pacific Economic Cooperation TEL in 2002 Acknowledge APEC TEL (chaired by IDA of
More informationTowards Securing E-Banking by an Integrated Service Model Utilizing Mobile Confirmation
Research Inventy: International Journal of Engineering And Science Vol.4, Issue 9 (Sept 2014), PP 26-30 Issn (e): 2278-4721, Issn (p):2319-6483, www.researchinventy.com Towards Securing E-Banking by an
More informationSWIFT Response to ESMA s consultation paper on
SWIFT Response to ESMA s consultation paper on Draft technical standards on access to data and aggregation and comparison of data across TR under Article 81 of EMIR 01 February, 2016 SWIFT thanks ESMA
More informationManaged Service for Visual Communications
Managed Service for Visual Communications Managed Service for Visual Communications Videoconferencing can have multiple benefits in your organisation. It can help your employees be more productive and
More informationWhich Root Certification Authority can you trust? Australia can show you the way.
Which Root Certification Authority can you trust? Australia can show you the way. By Simon R Grant LLB LLM, Senior Legal Officer, Crown Law Queensland & Mediator and Steve Mathew, FIMC CMC, Director ArticSoft
More informationWelcome to Paysec Delivering your Asia Payments
Welcome to Paysec Delivering your Asia Payments Delivering Asia We provide Payment Gateways enabling Merchants to accept debit card payments from the biggest networks in the Asian markets. We offer a
More informationFlexible Cloud Services to Compete
white paper Service Providers Need Flexible Cloud Services to Compete Enterprise Customers Demand Flexible Cloud Solutions When the concept of cloud services first came about, there was a great deal of
More informationTrustNet A proposal for establishing Trust and Interoperability over secure network infrastructures
TrustNet A proposal for establishing Trust and Interoperability over secure network infrastructures Dean Adams Agenda Check! j Barriers to Business TrustNet Proposal How do we start Next! 2 Barriers to
More informationFive Steps Towards Effective Fraud Management
Five Steps Towards Effective Fraud Management Merchants doing business in a card-not-present environment are exposed to significantly higher fraud risk, costly chargebacks and the challenge of securing
More informationMEDIA KIT 2015. Security Solutions: Digital Certificates in Asia. www.cybersecureasia.com. www.cybersecureasia.com Page 1. CSA Media Kit 2015
MEDIA KIT 2015 www.cybersecureasia.com Security Solutions: Digital Certificates in Asia www.cybersecureasia.com Page 1 Cyber Secure Asia - Expanding the Japan Network With an increasing number of data
More informationUnderstanding Travel Performance Marketing in Asia
Understanding Travel Performance Marketing in Asia March 6, 2013, ITB: Berlin Eric J. Gerritsen Vice President, Sales & Business Development, Neverblue Travel Affiliate Network http://www.travelaffiliatenetwork.com
More informationFrost & Sullivan. http://www.marketresearch.com/frost-sullivan-v383/ Publisher Sample
Frost & Sullivan http://www.marketresearch.com/frost-sullivan-v383/ Publisher Sample Phone: 800.298.5699 (US) or +1.240.747.3093 or +1.240.747.3093 (Int'l) Hours: Monday - Thursday: 5:30am - 6:30pm EST
More informationHKUST CA. Certification Practice Statement
HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of
More informationPublic Key Infrastructure for a Higher Education Environment
Public Key Infrastructure for a Higher Education Environment Eric Madden and Michael Jeffers 12/13/2001 ECE 646 Agenda Architectural Design Hierarchy Certificate Authority Key Management Applications/Hardware
More informationCross-Certification and PKI Policy Networking
Entrust Cross-Certification and PKI Policy Networking Author: Jim Turnbull Date: August 2000 Version: 1.0 Copyright 2000-2003 Entrust. All rights reserved. 1 Entrust is a registered trademark of Entrust,
More informationEskom Registration Authority Charter
REGISTRATION WWW..CO.ZA Eskom Registration Authority Charter Version 2.0 applicable from 20 November 2009 Megawatt Park Maxwell Drive Sunninghill, SOUTH AFRICA, 2157 Phone +27 (0)11 800 8111 Fax +27 (0)11
More informationNorway Post s Electronic ID Case study on authentication. Oslo 17. June 1999 Terje Kolnes, Norway Post
Norway Post s Electronic ID Case study on authentication Oslo 17. June 1999 Terje Kolnes, Norway Post.0 Presentation Objective The Norway Post National electronic ID, The enabler for e-commerce Global
More informationIntroducing competition between stock exchanges. Introducing competition between stock exchanges: the costs and benefits
Agenda Advancing economics in business Introducing competition between stock exchanges Introducing competition between stock exchanges: the costs and benefits Over the past two decades, the competitive
More informationINSITE. Dimension Data s monitoring offering
Dimension Data s offering What s on your mind? Is your infrastructure management strategy optimal? Are you achieving optimum ROI on your infrastructure management investment? Are you employing the latest
More informationIT Security. Securing Your Business Investments
Securing Your Business Investments IT Security NCS GROUP OFFICES Australia Bahrain China Hong Kong SAR India Korea Malaysia Philippines Singapore Sri Lanka Securing Your Business Investments! Information
More informationCMS Illinois Department of Central Management Services
CMS Illinois Department of Central Management Services State of Illinois Public Key Infrastructure Certification Practices Statement For Digital Signature And Encryption Applications Version 3.3 (IETF
More informationStrategies for the implementation of a Public Key Authentication Framework (PKAF) in Australia
Miscellaneous Publication Strategies for the implementation of a Public Key Authentication Framework (PKAF) in Australia SAA MP75 1996 STRATEGIES FOR THE IMPLEMENTATION OF A PUBLIC KEY AUTHENTICATION FRAMEWORK
More informationPKI - current and future
PKI - current and future Workshop for Japan Germany Information security Yuichi Suzuki yuich-suzuki@secom.co.jp SECOM IS Laboratory Yuichi Suzuki (SECOM IS Lab) 1 Current Status of PKI in Japan Yuichi
More informationPKI Disclosure Statement
Land Registry Version 2.0 23/07/2008 PKI Disclosure Statement 1. Introduction Land Registry has created an e-security platform for its customers to facilitate role-based access, authentication and electronic
More informationEvaluate the Usability of Security Audits in Electronic Commerce
Evaluate the Usability of Security Audits in Electronic Commerce K.A.D.C.P Kahandawaarachchi, M.C Adipola, D.Y.S Mahagederawatte and P Hewamallikage 3 rd Year Information Systems Undergraduates Sri Lanka
More informationUnionPay, Your access to China & Asia. June 2015
UnionPay, Your access to China & Asia June 2015 UnionPay Updates Chinese equivalent of VISA/Master/AMEX + EFTPOS Funded in 2002 in Shanghai, China Card usage on purchase from 4% to 47% Card issued from
More information2016 ASIA PACIFIC HIGH TECH TOTAL REMUNERATION DATABASE
HEALTH WEALTH CAREER 2016 ASIA PACIFIC HIGH TECH TOTAL REMUNERATION DATABASE THE LEADING SOURCE OF COMPETITIVE PAY INFORMATION FOR THE HIGH TECH INDUSTRY WWW.IMERCER.COM/TRD 2 WANT TO UPGRADE YOUR COMPENSATION
More informationL@Wtrust Class 3 Registration Authority Charter
Class 3 Registration Authority Charter Version 1.0 applicable from 09 November 2010 Building A, Cambridge Park, 5 Bauhinia Street, Highveld Park, South Africa, 0046 Phone +27 (0)12 676 9240 Fax +27 (0)12
More informationbest practice guide The Three Pillars of a Secure Hybrid Cloud Environment
best practice guide The Three Pillars of a Secure Hybrid Cloud Environment best practice guide The Three Pillars of a Secure Hybrid Cloud Environment Introduction How sound risk management, transparency
More informationNeutralus Certification Practices Statement
Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3
More information82-01-32 DATA SECURITY MANAGEMENT. Sanford Sherizen INSIDE
82-01-32 DATA SECURITY MANAGEMENT THE BUSINESS CASE FOR INFORMATION SECURITY: SELLING MANAGEMENT ON THE PROTECTION OF VITAL SECRETS AND PRODUCTS Sanford Sherizen INSIDE The State of Information Security;
More informationPUBLIC KEY INFRASTRUCTURE CERTIFICATE REVOCATION LIST VERSUS ONLINE CERTIFICATE STATUS PROTOCOL
WHITE PAPER PUBLIC KEY INFRASTRUCTURE CERTIFICATE REVOCATION LIST VERSUS ONLINE CERTIFICATE STATUS PROTOCOL CERTIFICATE REVOCATION CHECKING ON CISCO IOS SOFTWARE Introduction The support for x.509 digital
More informationLocalize to Globalize: Your Next Growth Frontier
Localize to Globalize: Your Next Growth Frontier Sushant Mantry, Vice President Group Logistics, Singapore Post 13 th October 2015 Quick introduction to Singapore Post and Quantium Solutions International
More informationGROWING WITH THE NATION
GROWING WITH THE NATION For a young nation with a short history, Singapore s rapid and steady progress from third world to first has been spectacular and unprecedented. We have turned an island that was
More informationencryption keys, signing keys are not archived, reducing exposure to unauthorized access to the private key.
The way the world does business is changing, and corporate security must change accordingly. For instance, e-mail now carries not only memos and notes, but also contracts and sensitive financial information.
More informationDimension Data s Uptime Support Service
Dimension Data s Uptime Support Service As more technology enters the world, and is introduced into organisations, the typical IT environment increases in complexity. Businesses require higher levels of
More information10/6/2015 PKI. What Is PKI. Certificates. Certification Authorities (CA) PKI Models. Certificates
PKI IT Network Security Administration Instructor: Bo Sheng What Is PKI Informally, the infrastructure supporting the use of public key cryptography. A PKI consists of Certificate Authority () Certificates
More informationCloud Channel Summit 2015 @rhipecloud #RCCS15
Cloud Channel Summit 2015 @rhipecloud #RCCS15 About the Cloud Security Alliance Global, not-for-profit organisation 300 member driven organization with over 56,000 individual members in 65 chapters worldwide
More informationSybase Solutions for Healthcare Adapting to an Evolving Business and Regulatory Environment
Sybase Solutions for Healthcare Adapting to an Evolving Business and Regulatory Environment OVERVIEW Sybase Solutions for Healthcare Adapting to an Evolving Business and Regulatory Environment Rising medical
More informationSecurity Assessment and Compliance Services
Security Assessment and Compliance Services Despite the best efforts of IT security teams, hackers and malicious code continue to find their way into corporate networks. Adding to the pressure is the fact
More informationIFS ApplIcAtIonS For Document management
IFS Applications for Document management OUR SOLUTION S DNA When we first set out to create IFS Applications over 25 years ago, our goal was to make the most usable business software on the market. And
More informationUNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION
UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION Foreword. Preface. About the Authors. I. CONCEPTS. 1. Introduction. 2. Public-Key Cryptography. Symmetric versus Asymmetric
More informationCyber Security Recommendations October 29, 2002
Cyber Security Recommendations October 29, 2002 Leading Co-Chair (Asia/Oceania) Co-Chair (Americas) Co-Chair (Europe/Africa) Dr. Hiroki Arakawa Executive Vice President NTT Data Corporation Richard Brown
More informationThe Importance of Corporate Governance for an International Financial Centre
The Importance of Corporate Governance for an International Financial Centre Eddy Fong Chairman 9 September 2008 Good morning ladies and gentlemen. I would like to start by congratulating the Chamber of
More informationING Public Key Infrastructure Technical Certificate Policy
ING Public Key Infrastructure Technical Certificate Policy Version 5.1 - May 2010 Commissioned by ING PKI Policy Approval Authority (PAA) Additional copies Of this document can be obtained via the ING
More informationBALI MINISTERIAL CONFERENCE AD HOC EXPERTS' GROUP II REGIONAL WORKSHOP IDENTITY MANAGEMENT: CHALLENGES AND OPPORTUNITIES FOR COOPERATION
BALI MINISTERIAL CONFERENCE AD HOC EXPERTS' GROUP II REGIONAL WORKSHOP IDENTITY MANAGEMENT: CHALLENGES AND OPPORTUNITIES FOR COOPERATION SOME RECENT NATIONAL AND REGIONAL INITIATVES IN IDENTITY MANAGEMENT
More informationHistory of JASTPRO. http://www.meti.go.jp/english/index.html. http://www.mof.go.jp/english/index.htm
Profile of JASPRO Updated in August 2015 History of JASTPRO JASTPRO stands for Japan Association for Simplification of International Trade PROcedures Founded in December 1974 as NPO with support of three
More informationIF YOU CHOOSE NOT TO ACCEPT THIS AGREEMENT, WHICH INCLUDES THE CERTIFICATE POLICY, THEN CLICK THE "DECLINE" BUTTON BELOW.
United States Department of Justice Drug Enforcement Administration Controlled Substance Ordering System (CSOS) Subscriber Agreement (Revision 8, February 7, 2007) SUBSCRIBERS MUST READ THIS SUBSCRIBER
More informationReCentre. Our expertise. Is our people. Document No1 in the capability series. Insurance and reinsurance. Outsourcing and support leadership.
Our expertise. Is our people. Regulatory. Financial. Support. Visit us at www.recentre.com.au ReCentre Contents manifest. Introduction. Since 1957. Our firm began mid last century and currently our expertise
More informationMasterCard SecureCode Building Consumer Confidence, Extending Your Market Reach
An Introduction for Issuers MasterCard SecureCode Building Consumer Confidence, Extending Your Market Reach The time is now for gaining greater control over nonface-to-face transactions, reassuring consumers
More informationKeywords: Public Key Infrastructure, Cryptography, Certification Authority, Bridge Certificate Authority, B2B, and Electronic Commerce
Bridge Certification Authorities: Connecting B2B Public Key Infrastructures William T. Polk and Nelson E. Hastings National Institute of Standards and Technology Businesses are deploying Public Key Infrastructures
More informationFour steps to improving cloud security and compliance
white paper Four steps to improving cloud security and compliance Despite the widespread proliferation of cloud computing, IT decision makers still express major concerns about security, compliance, and
More informationThe Coming Global Digital Stock Market
International Finance 2:3, 1999: pp. 441 447 The Coming Global Digital Stock Market Frank G. Zarb National Association of Securities Dealers, Inc. I. Introduction There is little doubt that the stock market
More informationPrivate Cloud for Every Organization
white paper Private Cloud for Every Organization Leveraging the community cloud As more organizations today seek to gain benefit from the flexibility and scalability of cloud environments, many struggle
More informationEgypt s E-Signature & PKInfrastructure
EGYPT-MCIT ITIDA Egypt s E-Signature & PKInfrastructure Seminar on Electronic Signature Algeria 8-9 Dec. 2009 By: Hisham Mohamed Abdel Wahab Head of the E-Signature CA Licensing ITIDA- MCIT EGYPT Email:
More informationAPEC s evolving supply chain
2012 APEC CEO Summit: PwC issues spotlight APEC s evolving supply chain Leading up to this year s Asia-Pacific Economic Cooperation CEO Summit in Vladivostok, Russia on September 7 8, PwC is sharing a
More informationCHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS
70 CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 4.1 INTRODUCTION In this research work, a new enhanced SGC-PKC has been proposed for improving the electronic commerce and
More informationTRADE BLOCS. Trade Blocs page 1
TRADE BLOCS The Treaty of Rome reached in 1957 set in motion a process of integrating the economies of Western Europe. As we enter the new millennium, the European Union, instituting a common currency
More informationGovernance, Risk and Compliance Assessment
Governance, Risk and Compliance Assessment Information security is a pervasive business requirement and one that no organisation can afford to get wrong. If it s not handled properly, your business could
More informationThe DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions
The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a
More informationWhitepaper Online Selling in China in 3 Easy Steps
Whitepaper Online Selling in China in 3 Easy Steps www.salesupply.com Copyright 8-2015 Salesupply AG, All rights reserved Introduction China is at present the world s second largest economy and the EU
More informationSome 4 500 organizations implement ISO/IEC 27001. Information security INTERNATIONAL
Some 4 500 organizations implement ISO/IEC 27001 for information security The author reports on global progress in the implementation of the international information security management system standard
More informationWhat is a digital certificate, why do I need one, and how do I get it?
PKI FAQ s What is a digital signature and how do you get one? You can t buy a digital signature. It s not like a handwritten one. A digital signature is different every time it is made, and is related
More informationContent Protection & Security (CPS) Certification Program Overview
Content Protection & Security (CPS) Certification Program Overview GOVERNANCE & SECURITY CULTURE PERSONNEL AND RESOURCES ASSET MANAGEMENT PHYSICAL SECURITY IT SECURITY TRAINING AND AWARENESS BUSINESS RESILIENCE
More informationTHAILAND B2C E-COMMERCE MARKET 2015
PUBLICATION DATE: AUGUST 2015 PAGE 2 GENERAL INFORMATION I PAGE 3 KEY FINDINGS I PAGE 4-5 TABLE OF CONTENTS I PAGE 6 REPORT-SPECIFIC SAMPLE CHARTS I PAGE 7 METHODOLOGY I PAGE 8 RELATED REPORTS I PAGE 9
More informationARTL PKI. Certificate Policy PKI Disclosure Statement
ARTL PKI Certificate Policy PKI Disclosure Statement Important Notice: This document (PKI Disclosure Statement, PDS) does not by itself constitute the Certificate Policy under which Certificates governed
More informationWhite paper. Implications of digital certificates on trusted e-business.
White paper Implications of digital certificates on trusted e-business. Abstract: To remain ahead of e-business competition, companies must first transform traditional business processes using security
More informationMeet The Family. Payment Security Standards
Meet The Family Payment Security Standards Meet The Family Payment Security Standards Payment Processing Electronic payments are increasingly becoming part of our everyday lives. For most people, it can
More informationSECURE DIGITAL SIGNATURES FOR APPRAISERS
ABSTRACT An appraiser s credibility is represented by a valid license and the signature affixed to a report. Providing a common requirement for the creation of digital signatures for licensed or certified
More informationAPEC Business Travel Card (ABTC)
Page 1 of 2 APEC Business Travel Card (ABTC) Tuesday, 22 June 2010 03:59 Overview APEC is an organization that formed in 1989 in creating wider economic cooperation in Asian Pacific region. There are 20
More informationTHE CPA AUSTRALIA ASIA-PACIFIC SMALL BUSINESS SURVEY 2015 HONG KONG REPORT
THE CPA AUSTRALIA ASIA-PACIFIC SMALL BUSINESS SURVEY 2015 HONG KONG REPORT 2 THE CPA AUSTRALIA ASIA-PACIFIC SMALL BUSINESS SURVEY 2015 HONG KONG REPORT LEGAL NOTICE CPA Australia Ltd ( CPA Australia )
More informationSee your business in a new way.
Sage 300 ERP Multicompany and International Operations Management Brochure See your business in a new way. Realize the future of your business today. See your business in a new way. Realize the future
More informationCommittee on National Security Systems
Committee on National Security Systems CNSS POLICY No.25 March 2009 NATIONAL POLICY FOR PUBLIC KEY INFRASTRUCTURE IN NATIONAL SECURITY SYSTEMS. 1 CHAIR FOREWORD 1. (U) The CNSS Subcommittee chartered a
More informationThe World Bank Reports on the Observance of Standards and Codes (ROSC) Overview of the ROSC Accounting and Auditing Program
The World Bank Reports on the Observance of Standards and Codes (ROSC) Overview of the ROSC Accounting and Auditing Program January 2004 OVERVIEW OF THE ROSC ACCOUNTING AND AUDITING PROGRAM CONTENTS I.
More informationDoing Business in Australia and Hong Kong SAR, China
Doing Business in Australia and Hong Kong SAR, China Mikiko Imai Ollison Private Sector Development Specialist Nan Jiang Private Sector Development Specialist Washington, DC October 29, 2013 What does
More information1 Public Key Cryptography and Information Security
International Carpathian Control Conference ICCC 2002 MALENOVICE, CZECH REPUBLIC May 27-30, 2002 IMPLEMENTATION ISSUES OF PKI TECHNOLOGY Victor-Valeriu PATRICIU, Marin BICA and Ion BICA Department of Computer
More informationBLACKICE ERA and PureData System for Analytics
BLACKICE ERA and PureData System for Analytics Address new and evolving regulations and best practices Highlights Utilize 120+ best practices reports in Cognos and Excel; prepackaged and complete with
More informationAsia Insight: Online to Offline The Great Technology Migration
Asia Insight: Online to Offline The Great Technology Migration July 25, 2015 by Michael Oh of Matthews Asia A few years back, when we last wrote extensively about the significant developments undergone
More informationDIMACS Security & Cryptography Crash Course, Day 2 Public Key Infrastructure (PKI)
DIMACS Security & Cryptography Crash Course, Day 2 Public Key Infrastructure (PKI) Prof. Amir Herzberg Computer Science Department, Bar Ilan University http://amir.herzberg.name Amir Herzberg, 2003. Permission
More informationTWX-21 Business System Cloud for Global Corporations
TWX-21 Business System Cloud for Global Corporations 8 TWX-21 Business System Cloud for Global Corporations Hidenori Kiuchi Yasuyuki Suzuki Sho Obayashi Manabu Naganuma Seiichiro Hayashi Taku Tozawa OVERVIEW:
More informationPosition Paper Cross Border e-logistics
Position Paper Cross Border e-logistics A Need for Integrated European E-Logistics Solutions www.ecommerce-europe.eu POSITION PAPER 3 Table of contents Summary Summary & Recommendations 3 Introduction
More information