Abstract
There is growing move to rely upon penetration detection / analysis schemes and add-on software processes and network security products to combat attacks on information systems used for the operation of global electronic business / commerce systems. These sub-systems and management procedures have taken the place of the development and deployment of solid information systems security and assurance technologies, particular at the computer security levels, both hardware and software. This is most notable at the small, commodity systems level; those system largely used by small to medium size enterprises, both private and public, and by divisions of larger corporate and government and even defence units, as well as by individuals.
This paper presents the proposition that current commodity level systems do not present the level of information assurance needed to create the necessary trust required for rapid and reliable uptake of electronic commerce systems, against a reliable, legal framework. Indeed, it appears impossible to raise the level of security of these systems, both at client and server levels, without the addition of supplementary hardware and software systems that provide appropriate security services and mechanisms in a trusted systems environment capable of being independently assessed as being effective. Smart cards, coupled with associated trustworthy reader/writer/terminal facilities, appear to be the most suitable method to create such necessary trust in electronic commerce facilities, providing a “trusted path” between the user and the electronic commerce infrastructure. However, it would appear that their usage may need to be legislated by Governments since without such “force of law” it appears unlikely that end-users or PC/server manufacturers will voluntarily meet the cost, albeit small. At the same time, however, the sound and secure integration of such sub-systems into commodity, commercial-off-the-shelf (COTS) systems is a subject of active research.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35575-7_19
Chapter PDF
Similar content being viewed by others
Key words
References
GATE-99 Gates, Bill “Why the PC Will Not Die.” Newsweek, 31 May 1999. Pg. 64
ILLI-98 The State of Illinois, USA. “Illinois Electronic Commerce Security Act” 24 August 1998 1997 Illinois House Bill 3180, Illinois 90th General Assembly 1997–98 Regular Session
NEWS-99 Front Cover, Newsweek, 31 May 1999
SENA-99 Senate of the United States of America Senate Bill S.1059, Sections 346–347.
Vistica, G. L. “Cyberwar and Sabotage” Newsweek, 31 May 1999, Pg. 38.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Caelli, W.J. (1999). A Secure Electronic Commerce Environment : Only with “Smart Cards”. In: Eloff, J.H.P., Labuschagne, L., von Solms, R., Verschuren, J. (eds) Information Security Management & Small Systems Security. IFIP — The International Federation for Information Processing, vol 26. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35575-7_18
Download citation
DOI: https://doi.org/10.1007/978-0-387-35575-7_18
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-5483-4
Online ISBN: 978-0-387-35575-7
eBook Packages: Springer Book Archive