Sean Lancaster a,1, David C. Yen a,*, Shi-Ming Huang b,2 b a
Department of DSC and MIS, Miami University, 309 Upham, Oxford, OH 45056, USA
Department of Information Management, National Chung Cheng University, Ming Hsiung, Chia-Yi, Taiwan, ROC
Received 25 March 2003; received in revised form 25 March 2003; accepted 30 March 2003
Abstract
The Internet has increasingly been used for communication between people. Most users have no problem relaying messages, which do not contain confidential information, over a network. Yet, for it to be accepted as a medium of conducting monetary transactions there will need to be a higher degree of confidence in the technology’s reliability and security. No one will agree to send his or her financial information over the Internet if there is any doubt in the security of that medium. Likewise, companies involved in E-commerce must have a means to verify the customers using the Internet to order goods and services. Public Key
Infrastructure, PKI, attempts to provide the answer to the reliability question, as a method of digital security. PKI provides the ability to verify the sender and the recipient of electronic messages, protecting against E-commerce fraud, corporate espionage, and the theft of intellectual property.
D 2003 Elsevier Science B.V. All rights reserved.
Keywords: Cryptography; Digital security; Digital signatures; E-commerce; Electronic security; Encryption; Internet privacy; Public Key
Infrastructure, PKI
1. Introduction
As technology increasingly plays a key role in how people communicate and do business, the authentication and the verification of that information becomes an important issue to consider. The Internet is used to store, inform, communicate, and transact data on an everyday basis. The security of that data is essential to most companies and individuals.
* Corresponding author. Tel.: +1-513-529-4826; fax: +1-513529-9689.
E-mail addresses: lancassp@muohio.edu (S. Lancaster), yendc@muohio.edu (D.C. Yen), smhuang@mis.ccu.edu.tw
(S.-M. Huang).
1
Tel.: +1-513-529-4826; fax: +1-513-529-9689.
2
Tel.: +886-5-272-1500; fax: +886-5-272-1501.
Corporate espionage, E-commerce fraud, and the theft of intellectual property have given rise to digital security. PKI is seen as the answer to electronic security, ensuring the authenticity of the communicators’ identities, and protecting the privacy of the information. Many predict that the growth of public key cryptography will allow E-commerce to flourish providing the necessary security blanket to waylay consumers’ fears of online fraud.
The Internet population has risen from 144 million in 1998 to 327 million in 2000. Still, this figure is predicted to jump to 1 billion users by the year 2005
[22]. Additionally, online retail sales were nearly $3 billion in 2000, and expected to jump to over $8 billion in 2005. In order for this growth to occur, users must be totally convinced in the reliability, security, and authenticity of transacting online [22].
0920-5489/03/$ - see front matter D 2003 Elsevier Science B.V. All rights reserved. doi:10.1016/S0920-5489(03)00043-6 438
S. Lancaster et al. / Computer Standards & Interfaces 25 (2003) 437–446
The following paper will examine public key infrastructure starting with an overview of PKI. The overview will define what PKI is and also discuss the components, characteristics, and functions of public key infrastructure. The paper then will examine the internal factors affecting PKI. A third section will look at the current developments of public key infrastructure; looking at its organizational, commercial, global affects, and a case study of a Public Key solution provider. The paper will then discuss the future implications of PKI, detailing the obstacles to its adoption as well as the legal implications that it offers. 2. PKI: an overview
For a