Establishing credentials with e-business partners
- 22 May, 2000 12:01
Establishing proper trust and verifiable credentials with electronic trading partners is a vital part of an e-business strategy, but has until now been complex for enterprises to implement.
For this reason, vendors are developing a new breed of business-to-business PKI (public key infrastructure) management services and products that are designed to eliminate this administrative headache.
Vendors' ultimate goal, according to one analyst, will be an e-commerce management engine that is capable of handling the entire end-to-end authentication and payment process. However, the analyst also acknowledged that this has yet to be achieved.
"Everybody seems to realise that's likely to be the endgame, but there's been so much pain because it has never happened," said Charles Rutstein, senior analyst at Forrester Research.
Rutstein also noted, however, that vendors are waking up to this need. In particular, he said, the growing breed of B2B management services being offered by traditional and nontraditional PKI vendors is a step in the right direction.
"Services like this make it easier to get there because somebody else takes care of the administration hassles," Rutstein said.
VeriSign is one vendor hoping to simplify PKI with its new Trust Services platform suite. The suite is designed to allow enterprises and their trading partners to incorporate authentication, payment, and validation for high-volume transactions conducted over extranets, Internet marketplaces, and B2B exchanges.
Services include different models for buyers and suppliers to obtain digital credentials for authentication and payment services to process various payment types used in e-commerce, such as Level 3 purchasing card support and Automated Clearing House (ACH). The service also provides proof' of digital signatures, receipts, and records that are generated by real-time services.
With the same aim in mind, PricewaterhouseCoopers has launched beTRUSTed, a new business unit which will market a global service of the same name to secure large commercial transactions and communications over the Internet via the issuing of digital certificates. The service will focus on large companies, vertical industry sectors, B2B exchanges, and major government institutions.
Due to the bank level' of security needed to safeguard CA (Certificate Authority) certificates, Andrew Bartles, an analyst at Giga Information Group, said for now, few vendors are trusted to offer a "package" of managed PKI services.
"Providing of certificates on an outsource basis is something that can realistically be done by a seasoned and high-scale provider, because one of the key elements is having highly secure, highly redundant CA complex," Bartles said. "The security alone can be a very significant cost in this because someone who has access to this has the ability to generate bogus IDs and compromise the whole purpose of generating IDs."
Essentially a third-party service, beTRUSTed issues digital certificates to secure Web applications, Web-based transactions, and e-mail communications for customers.
It can also be used to provide certificates for VPNs (virtual private networks) to allow remote, encrypted access outside the system or to establish a secure link between multiple intranets, officials said.
Opting to deploy PKI managed services makes sense for B2B Web users because it allows them to validate themselves before entering into a transaction, analysts said.
"With PKI managed services, you're validated right up front, so you can do advanced enrolment or loans for consumers," said Joseph Marino, an analyst at Current Analysis. "It just opens up an entire new range of financial services."