The problems encountered in moving toward electronic commerce resolve themselves into issues of authenticity and privacy. Unlike traditional modes of commerce, electronic transactions are inherently anonymous. The user typically interacts with a computer, which in turn acts as a surrogate in interacting with other computers and people. The use of cryptographic techniques can add assurance of authenticity and privacy.

The crux of these techniques is known as asymmetric encryption. It is based on a pair of sophisticated passwords called "keys." One of these is made public, the other is kept private. Information encrypted (scrambled) by one key of the pair can only be decrypted (unscrambled) by the other. If some correspondent encrypts a message with the recipient’s public key, only that recipient can decrypt it (by using the private key)– the equivalent of an electronic envelope. If the author encrypts the message with his own private key, anyone else can decrypt it (using the public key), but only the author could have created the message – the equivalent of a signature.

This process works well between individuals. If you want to send me encrypted information, you give me your public key and I give you mine. The process gets more difficult as more people become involved. There must be a mechanism to obtain a key from someone you don’t know, and be assured of its authenticity. In traditional business interactions, this is the role of a notary, or letter of introduction. Some trusted third party vouches for the identities of correspondents to their mutual satisfaction. In an electronic environment, the Certificate Authority (CA) performs this role. Each participant is issued a public key certificate. This certificate contains the identity and affiliation of the individual, and that person’s public key. This certificate is bound together with the digital signature of the Certificate Authority. Thus, the CA vouches for the identity of the certificate’s owner and binds the owner’s public key to that identity. The authenticity of the certificate is verifiable through the mechanism of the digital signature.

A user’s public key certificate is stored in a special directory which acts much like an electronic phonebook. The sender of a message looks up the recipient’s certificate in this directory. The authenticity of the certificate can be verified via digital signature. A message can then be encrypted using the key embedded in the certificate. The sender can then sign the message using his own private key. The recipient can verify the signature by using the sender’s public key, because that key is vouched for – signed – by the CA. Traditionally, to send a letter to someone, you look up the recipient’s address in an address book. This may be your own compilation, a published phone book, or a reference given to you by someone you trust. The degree of trust you place in the directory listing is related to your trust in the creator of that directory and your judgement of whether or not it is likely to be out of date. The analogous electronic directory contains addresses and subscriber certificates. It is kept current, taking into account certificate expirations and revocations. The contents of the directory can be trusted because they are packaged and signed by your trusted CA.

The system of certificate authorities, certificate directories, certificates, and related components is collectively known as a Public Key Infrastructure (PKI). PKIs are new. There is not yet a single, agreed-upon standard for setting up or operating a PKI. The underlying technologies of cryptography and directory services are well known and well understood. There is no traditional equivalent of a PKI. The components of a PKI mirror the functions of notaries, directories, identifiers such as passports, driver’s licenses, and letters of introduction.

The risks inherent in this new electronic world of anonymous interactions are new twists on the same risks that have been understood as part of traditional commerce. Messages can be misaddressed and so sent to the wrong person or rendered undeliverable. Information can be disclosed to the wrong people. One can be impersonated; authorship of a message can be forged. Information can be altered. Services or goods can be stolen. These risks are mitigated by the ability to correctly tie an individual to an action and by the ability to correctly identify an individual. The ambiguities of human interaction have always been the points of attack for the unscrupulous and points of disagreement even when all parties are well intentioned.

The technologies under discussion here, based on cryptographic tools and mathematical proofs, permit us to establish a high level of trust in the confidentiality and integrity of electronic transactions. As high, in fact, as in face-to-face meetings between individuals known to each other.

When two organizations, each with its own CA, wish to transact business, they can agree to accept the authenticity of each other’s subscribers via contract. This is known as cross certification. For instance, if a manufacturer wished to electronically place orders with a supplier, it might contractually agree with the supplier to honor each other’s digital signatures. The two CAs would then exchange certificates, thereby vouching for each other’s subscribers and enabling validation of keys between them.

Just as complexities arise when the number of individuals involved rise, complexity also becomes a factor when multiple peer organizations wish to transact business. A trusted third party may vouch for all the peer organizations in the same way that a CA vouches for its subscribers. This trusted third party is known as a Root CA. It vouches for its subscriber CAs who in turn vouch for their individual subscribers. While complex to describe, the result is quite straightforward. The users of one CA can do business with members of another CA, since both CAs are vouched for by the same root CA and so can trust one another. For instance, while larger stock brokers might be known to each other and prearrange to cross-certify, a broker might have a need to transact business with a smaller brokerage in another part of the country. Since the process of cross-certification (which involves each party becoming comfortable with the responsibility, security precautions, and management of the other) is a relatively long one, it might not be feasible to do this on an ad hoc basis. There are too many brokerages to cross certify on a broad scale. So the brokerages might set up a utility organization, whose function is to act as the Root CA for its members. This arrangement would permit the two brokers to recognize each other’s electronic identity, vouched for by the trusted third party of the Root CA.

One major component of a PKI is not digital at all. It is the Certificate Practice Statement, the set of policies describing the operation and obligations of the CA, the obligations of the subscribers, and acceptable uses of the certificates issued by the CA. Since the user’s identity is vouched for by the CA, there are warranty and liability concerns that must be clearly understood and addressed by all parties.

 
Home  Top 
Larry LaBella, N2SLX, last updated this page on July 15, 1998 
Copyright © 1998 by Lawrence LaBella