Herb Heskeths Weblog

An interesting article:

‘There are, however, further and more sophisticated forms of authentication of users. Public key encryption can be used to develop additional protections, such as:

•  Digital signatures: Each document is processed initially by a special function (called a hash function) to produce material that functions as the signature; this along with the original data is then encrypted in the normal asymmetric way; the recipient then decrypts in the usual way, and also reverses the hashed material; if the de-hashed material mirrors the original message, then there has been no tampering with it since initiation from source; in this way each document has a unique identification.
• Digital certificates: There are now a number of central authorities, called certificate authorities, that issue certificates that verify the identity of an e-business, including digital signature and other relevant information; these authorities include private organisations such as Verisign, and state bodies such as Post Offices.’

Transmission security

Potentially, there can be many different kinds of signature, many different kinds of certificate structure. Two protocols have been developed that standardise this aspect of security:

• Secure sockets layer: SSL – also known as TLS or Transport Layer Security – is a standard relating to authentication and certification.
• Secure Electronic Transaction: SET is a more comprehensive approach to authentication developed to facilitate online credit card transactions; not only does it verify who someone is, it also carries out the other electronic only does it verify who someone is, it also carries out the other electronic messaging necessary to complete a transaction, such as contacting the credit card company.’

This interesting article was from:
Groucutt, J & Griseri, P. (2004). User identification/Transmission security. Mastering e-business. P 85, 86. Published by Palgrave Macmillan : N.Y.