You are in the: Small Business Computing Channelarrow
Small Business Technology
» ECommerce-Guide | Small Business Computing | Webopedia | WinPlanet

ECommerce-Guide News provides online business owners with information about new ecommerce products, ecommerce laws and taxes, trends in ecommerce and market research on how to run an eBay business.   News, reviews and practical solutions for your online business  
Home News & Trends Solutions Resources eBiz FAQ Selling on eBay Forums Video Products Glossary About
News Research Trends


Search
ECommerce-Guide

ECommerce Glossary
Enter a Term:

Free Newsletters
Small Business Tech Daily
Webopedia

You are in: ECommerce-Guide > News > Trends

ECommerce-Guide Essentials
eBiz FAQ
Everything you need to know to start your own successful e-business.

Selling on eBay
How to make money in the online marketplace.

PayPal Payments and More
What's new in secure payments for your online store.

Shopping Cart Software
Solutions to close, process and track your online sales.

ecommerce-guide news and trends

Growing a Tree Of Trust -- Part Three
By Mark Merkow, CCP, CISSP

January 28, 1999


What is Non-repudiation?

Repudiation is the principle that permits someone to disavow that a particular transaction or activity occurred -- a denial that they participated in some activity. Non-repudiation is the principle where repudiation is not possible -- where undeniable proof exists that they MUST have participated in the activity. Using digital cryptography, it operates as follows. If a person who possesses a private key has taken adequate precautions to protect access to their key, then messages signed using that key COULD ONLY HAVE COME FROM THEM. In other words, if a digital signature is properly verified through the persons public key certificate, then ONLY the private key could have been used to sign the message. This is especially important where digital signatures are accepted for financial transactions. Using credit cards as an example, if non-repudiation is enforced within the PKI, then the card issuer can treat any electronic transactions AS THOUGH the physical piece of plastic was used to transact (credit card present vs. credit card not present).

Another aspect of non-repudiation involves the process of requiring the proper mix of credentials to prove one''s existence or right to request a digital certificate. If the process is such that the data requested from one user could be easily spoofed by another user, non-repudiation won''t take. For example, in using your HR systems to verify employee data prior to issuing a certificate for secure e-mail, suppose you ask for the following information:
-Employee name
-Date of hire
-Social Security Number
-Home address

If that information is readily obtained in the off-line world, another employee could simply request a certificate that permits them to masquerade as the real employee. Rather, you''ll want to request information that, with high likelihood, could ONLY be known by the real employee. The following mix of attributes might be a better bet:
-Employee name
-Date of last merit increase
-Gross amount of last paycheck
-Emergency contact phone number

In the event of a full match of all these elements, you''re far more assured that you''re giving the certificate to the right person. In this case, because you''ve proven -- beyond a reasonable doubt -- that the key holder IS INDEED the employee and no other -- non-repudiation can take root.

Go to page: Prev  1  2  3  4  5  6  7  8  Next  

Tools:
Add ecommerce-guide.com to your favorites
Add ecommerce-guide.com to your browser search box
IE 7 | Firefox 2.0 | Firefox 1.5.x
Receive news via our XML/RSS feed