Security: securing legal-grade transactions on the Web digital signatures & validation. The future of high value EDT.High value e-commerce is projected to rapidly shift from proprietary Electronic Data Interchange See EDI. (application, communications) electronic data interchange - (EDI) The exchange of standardised document forms between computer systems for business use. EDI is part of electronic commerce. (EDT EDT abbr. Eastern Daylight Time EDT Eastern Daylight Time EDT n abbr (US) (= Eastern Daylight Time) → hora de verano de Nueva York EDT ) technology and paper based transactions and more towards the Internet and open digital signature-based solutions. Unlike consumer electronic commerce, which is quickly moving into the mainstream, high-value ecommerce for very diverse applications such as supply-chain management, trade finance, loan processing healthcare delivery and information access is typically conducted by large corporations exchanging information either over proprietary networks using EDT formats or using paper-based mechanisms. But now a new market shift is underway where enterprises are moving away from proprietary EDT technology and paper, and more towards an open Internet infrastructure. Why then dramatic change; when current EDT systems support procurement The fancy word for "purchasing." The procurement department within an organization manages all the major purchases. efficiencies, enable savings by automating tasks, increase visibility of information among vendors plus providing stronger links to customers, partners, and suppliers? The reality, is that the scope of EDT has always been limited, intentionally in·ten·tion·al adj. 1. Done deliberately; intended: an intentional slight. See Synonyms at voluntary. 2. Having to do with intention. to ensure controlled activity within a closed environment, however as a result of heavy overheads associated with the EDT infrastructure, many small, medium and even large businesses have been shut out. In direct contrast, an open Internet infrastructure opens doors to an expanded supply chain while, at the same time, enabling lower operational costs plus enhanced procurement efficiencies. Yet the extranet environment also poses new challenges. By far the most important, is the need to protect the high-value transactions typical of B2B (Business to Business) Refers to one business communicating with or selling to another. See B2B e-commerce, B2C and B2G. B2B - business to business commerce, financial services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. and related areas. These high-value transactions require much greater security and management than most online consumer transactions. Consider a typical consumer e-commerce transaction. Is it a book from amazon.com for US $21.99? Or a higher-value purchase like an airline ticket or a personal computer? One way or another, the average transaction will likely fall below-probably well below-the US $1,000 mark. Yet with mission-critical applications like electronic bill payment, insurance policy management and claims processing in addition to regulatory compliance and supply chain management being conducted over extranets, a B2B transaction is routinely in the thousands, millions, or even hundreds of millions of dollars. Moreover, while a credit card maximum liability cap of a US $50 protects consumers engaging in e-commerce, there are no such guarantees in place for B2B e-commerce (Business to Business Electronic-COMMERCE) Refers to one business selling to another business via the Web. See e-commerce. . With so much money at stake, failure to provide robust protection can prove massively expensive - financial repercussions repercussions npl → répercussions fpl repercussions npl → Auswirkungen pl can be astronomical as·tro·nom·i·cal also as·tro·nom·ic adj. 1. Of or relating to astronomy. 2. Of enormous magnitude; immense: an astronomical increase in the deficit. , legal entanglements limitless and the effect on business partners incalculable in·cal·cu·la·ble adj. 1. a. Impossible to calculate: a mass of incalculable figures. b. Too great to be calculated or reckoned: incalculable wealth. . The following examples offer and insight into potential fallout fallout, minute particles of radioactive material produced by nuclear explosions (see atomic bomb; hydrogen bomb; Chernobyl) or by discharge from nuclear-power or atomic installations and scattered throughout the earth's atmosphere by winds and convection currents. from unprotected B2B transactions: Typical examples are as follows: An insurance company transfers confidential medical information to an associated medical facility. An unauthorized medical facility staff member receives the communication and, for malicious or monetary reasons, threatens to release subscriber information to employers and other interested parties. The authorization breach occurs within the confines con·fine v. con·fined, con·fin·ing, con·fines v.tr. 1. To keep within bounds; restrict: Please confine your remarks to the issues at hand. See Synonyms at limit. of the medical facility, but the insurance company is accused of liability. How many thousands of lives could be affected in this single, incomplete transaction? How many lost customers? What price in customer confidence and reputation? And how many ensuing en·sue intr.v. en·sued, en·su·ing, en·sues 1. To follow as a consequence or result. See Synonyms at follow. 2. To take place subsequently. legal battles? In Europe, a high tech manufacturer accepts a contract from a supplier in the US and begins to market and manufacture product But when the required parts fail to appear on time, the supplier disavows the contractual agreement. Because communication occurred online and the necessary evidence is unavailable, the company has no legal recourse. Meanwhile, major customers are lost and the after-effects ripple throughout the company's supply chain. Finally, a company accepts a contract from a supplier internationally and supplies a letter of credit. But, the supplier rejects the letter of credit because it's communicated digitally and neither the supplier nor his bank has the means to verify its authenticity The correct attribution of origin such as the authorship of an e-mail message or the correct description of information such as a data field that is properly named. Authenticity is one of the six fundamental components of information security (see Parkerian Hexad). or legal validity. Such examples only serve to illustrate that legally binding electronic commerce is critical to support high value transactions. In order to achieve widespread acceptance of such high-value e-commerce, a level of integration and enhancement of legal protections similar to the ones that EDI (Electronic Data Interchange) The electronic communication of business transactions, such as orders, confirmations and invoices, between organizations. Third parties provide EDI services that enable organizations with different equipment to connect. offers, must be also be made available within the Internet environment. Achieving legal-grade e-commerce, however, involves several complex issues-Some relate to security, others to the law, while additional issues relate to operational practices in place at the parties engaging in the high-value e-commerce. But to really understand what it means to be legal-grade, it's first important to understand the more basic issue of how do legally binding contracts get formed between entities transacting business? When two parties engage in business, they mutually agree to a set of assurances to each other. For any transaction exceeding four hundred dollars, law requires that the parties put their agreement in the form of a written contract. The contract can then be used as evidence by a court of law or an arbitrator arbitrator n. one who conducts an arbitration, and serves as a judge who conducts a "mini-trial," somewhat less formally than a court trial. In most cases the arbitraror is an attorney, either alone or as part of a panel. in resolving any disputes between parties. From a legal standpoint, a contract's use in a court of law as evidence of the agreement between the parties conducting business is its most important function. When a court examines a contract, it applies several tests to determine whether or not a contract was properly formed between the parties. Specifically, these tests are: 1. Authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. : Is the contract an original document? 2. Signature: Have the parties involved signed it? Can we demonstrate that they indeed intended to sign a contract? 3. Writing: Is the contract in the "proper" form that one might expect a contract to be in? 4. Validity: Are the terms legal? 5. Operational: Were the signing parties authorized au·thor·ize tr.v. au·thor·ized, au·thor·iz·ing, au·thor·iz·es 1. To grant authority or power to. 2. To give permission for; sanction: to do so at the time they did? 6. Effective: Is the contract "in force" now? 7. Record: Have the parties kept a copy of the record safely? 8. Registered: if required, have they recorded the document in a registry? When a court however examines a contract in digital form, these tests need to be changed appropriately: 1. Authentication: Can the digital contract be truly verified as the original that the two parties agreed to? In other words Adv. 1. in other words - otherwise stated; "in other words, we are broke" put differently , can there be assurance that its content is complete & unaltered? Is there proof that the electronic communications involved in the business transactions actually came from the parties that they purport To convey, imply, or profess; to have an appearance or effect. The purport of an instrument generally refers to its facial appearance or import, as distinguished from the tenor of an instrument, which means an exact copy or duplicate. PURPORT, pleading. to come from? 2. Signature: Can we be sure that the two parties involved intended to sign the document and indeed did so? Can we be sure that the individual that signed had the authority to commit his organization to the transaction? Did the system for exchange and signing of digital contracts enable each reach recipient to determine who really sent the message and if that individual is, in fact, who he says he is? 3. Writing: Did both parties sign an identical version of the contract? Is the contract in a standard digital form? Can we be sure that each party when signing the contract submitted their signatures to the other and was sure of delivery? Do we have proof of the content of the transaction, namely, the communications that actually occurred between the parties during the contract formation process? 4. Validity: If the contract called for the terms to be confidential, as many do, then did the system for implementing digital contracts ensure prevention of disclosure of the transaction to unauthorized persons? 5. Operational: Is the contract properly time-stamped? Can it be verified that the individuals that signed digitally had the authority to sign at the time they did? 6. Record: Can the parties demonstrate that they both kept a copy of the contract in a tamper-proof and secure manner? Can the parties demonstrate that they took measures to reduce the possibility of deliberate or inadvertent alteration of the contents of the electronic record of the transactions? 7. Registration: If required, was the digital contract recorded at a digital notary notary or notary public Public officer who certifies and attests to the authenticity of writings (e.g., deeds) and takes affidavits, depositions, and protests of negotiable instruments. service? The concerns about the validity and enforceability of a traditional contract are similar to the concerns regarding a digital contract. The question that confronts us now is-how do we put an effective means in place which allows enterprises to implement a legally enforceable digital contract system? The computer industry has until now focused on creating security, encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. and trust technologies for encrypting and signing data transmissions, detecting network intrusions and authenticating user identity with digital certificates. Yet without an effective means for businesses to put all these technologies together, enterprises are still unable to rely on the Internet for high-value business transactions. If enterprises are therefore to proceed with confidence, they must first address three issues-firstly what security and trust technologies are needed by parties doing business with each other to satisfactorily meet the tests of evidence required for a digital contract? Secondly, what business practices must th e enterprise conform to Verb 1. conform to - satisfy a condition or restriction; "Does this paper meet the requirements for the degree?" fit, meet coordinate - be co-ordinated; "These activities coordinate well" in order to meet the tests required by the laws of evidence? Finally, how should enterprises indeed deal with the legal uncertainties and the relative new-ness of digital contracts? To address such questions and build legal-grade e-business systems enterprises must make important technology choices combined with the implementation of essential operations procedures: isse@eema.org |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion