For business-to-business e-commerce to supplant traditional, costly, and time consuming exchanges with low-cost and readily available Internet technology, the security of business documents must be ramped up considerably and comprehensively. With digitally signed documents, both senders and receivers are assured that messages originated at their advertised source and no tampering of message contents occurred en route.

Fundamental to the uses of digital signatures are pairs of public and private cryptographic keys that people possess in lieu of credentials in the off-line world. Typically, private keys remain private under exclusive control of the key holder, while the public key is shared when the key holder wishes to conduct secure communications. Public keys are wrapped up in the form of a digital certificate that binds the key-pair to an individual after they''ve presented proper credentials to prove their right for such attestation. A Certificate Authority (a trusted party that operates on behalf of a corporation or entity) creates a digital certificate for the requester under what''s called a Public Key Infrastructure (PKI). You can learn more about PKIs -- and their challenges -- through a series of articles here at E-commerce Watch. Here''s a link to the first one -- Growing A Tree Of Trust -- Part One.