User login

Security Aspects of Digital File Transfer

(March 2001) posted on Thu Jul 26, 2001

Coudray explores some of the security factors involved in moving files over the Internet.


By Mark A. Coudray

Closely associated with the authentication process is one of authorization. This means that not only are you who you say you are, but that you are legally authorized to conduct the transaction. It is possible to authenticate someone, but they may not be authorized to start a transaction or to enter into a contract. The procedures for establishing who is authorized to conduct business are established in advance. The authorization parameters can be extremely precise, even tying the user to a specific computer from which transactions must be sent. This is done to assure that someone (like a disgruntled employee) does not steal a user name and password in order to initiate a fraudulent transaction.

 

Part of the authorization process is a step called nonrepudiation. This means that when the transaction is consummated and the work done, you cannot back out of the deal by claiming that you did not order the work. This is legally binding and will stand up in court. Nonrepudiation is an essential part of doing business on the Internet. The entire e-commerce model would fall apart if users were not certain they will get paid for the work they do or products they deliver.

 

Confidentiality and privacy

 

The security of the transactions that take place between parties is critical. No one wants the details or the specifics of their business affairs to be open to the public. With something so public as the Internet, protecting this privacy becomes especially important. Secure data transmission and the authentication and authorization processes are designed to strengthen the confidence of the transacting parties.

 

Security is crucial if database access is involved in the transaction process. And in the current B2B Internet environment, you can usually be certain that a database will be involved. Company account activity, purchasing records and history, order information, customer data, and so forth are all examples of information that must be retained in a confidential--yet accessible--way. If you send or receive files, make sure you establish policies for maintaining security.

 

Certificates and signatures

 

All of these functions--authentication, authorization, and security are handled within the scope of a digital certificate. These electronic codes are issued by the secure server to each and every client and are essentially the keys every user must have to get into and use the site. I will not go into the technical specifics about digital certificates and signatures, but they are key to all aspects of security online. For more information, visit Verisign at www.verisign.com. There you'll find several excellent white papers on Website security, digital certificates, digital signatures, and secure server protocol--all required reading for anyone transacting business on the Internet today.

 

Beef up you security

 

I will close with a bit of advice. If you are really concerned about the security of your transactions, Verisign offers some excellent, low cost products to protect you. If digital security is a new area for you, look for the Verisign logo on the secure site you use. By clicking on the logo, you will be sent to a Versign Website, which details the registration, ownership, and other relevant data about the individual or company who is behind the secure site you're using. It can be comforting to know that neutral third party companies like Verisign are out there to make your business transactions safer.

 

 


Terms:

Did you enjoy this article? Click here to subscribe to the magazine.