New E-Commerce Security Standard Proposed

Security solution provider Verisign, Microsoft, and business-to-business (B2B) applications integration vendor WebMethods have proposed a set of protocols that would make it easier for companies to incorporate security features, such as digital signatures and encryption, into e-commerce applications. The XML Key Management Specification (XKMS), which will be submitted to Internet standards bodies for approval, will support secure exchanges of eXtensible Markup Language (XML) documents. Microsoft hopes the standard will help alleviate e-commerce security concerns, which in turn could enhance the market for .NET Enterprise Servers and future .NET-related products.

The Proposed Standard and Public Key Infrastructure

To increase security in business transactions, businesses (and individual employees or managers) use public-key encryption technology to digitally sign or encrypt messages or data transfers. Public Key Infrastructure (PKI) systems, provided by vendors such as Baltimore Technologies, Entrust, RSA, and Verisign, manage the encryption keys (public keys) employed by these technologies. PKI functions include registering a user’s public key, retrieving a key for a given user, verifying that a particular public key is valid and belongs to a particular user, and revoking the validity of a public key. Developers use a software toolkit from the PKI vendor to build applications that call on PKI functions.