Tradelink-eBiz Tradelink corporate website
Members
Login ID

Password

Login
Free Membership Forgot your password?
Training Courses
Exhibitions/Seminars
What's New
eBiz-Highlights
eBiz Pulse
e-Post
BizCentral
TexWeb
CIECC
TradeAids
e-Law
Tariffs & Regulations
Trade Info Circular
TradeStat
Labour Legislation
e-Connect

Ad in eBiz

Chinese VersionHome
e-PostBizCentralTradeAids
Search eBiz

 
| Talking Point | Interviews | Success Stories | China Today | Import & Export | Legally Speaking | Regional Development |
Global certification: trusting online transactions
As more businesses rely on the internet to trade at cyberspeed, an innovative verification system promises much-needed security for financial transactions.

Validation of electronic transactions from unknown digital - credential holders can be a headache for enterprises conducting international business. How can you be sure, when doing electronic transactions, your business partner's digital signature, issued by a certification authority which is unknown to you, is authentic?

The new concept of Global Certification Services (GCS) seems to be the solution.

Currently, digital certificates of different countries are issued and authenticated by local certification authorities. Each authority has its own certificate issuance and management procedures, which may - or may not - be globally recognised. Such a situation creates a potential risk for enterprises doing online transactions with business partners in other countries. Although local online transactions in general are protected by the local jurisdiction, when trading internationally businesses must find a way to ensure their online transactions are secure.

Right now, different authorities apply different systems. You may, for example, have heard of terms like Chained Hierarchy Certification, Bridge Certification Authority or Cross CA Certification. They are traditional methods for certificate validation amongst multiple certification authorities. However, they involve complicated procedures, and each has its own disadvantages. With these traditional methods, true global certification is still not possible.

Mutually Recognised

GCS has the potential to make a huge difference by promising true global certification in the future. The service aims at providing enterprises with a single point of certification that allows them to accept with confidence digital credentials from previously unknown third parties. Time-consuming dealings and negotiations between specific certificate authorities will no longer be required. Enterprises making use of the GCS will find it far more convenient because they won't have to deal with multiple certification authorities, locally or overseas. Liability issues will also be clarified as the local service provider, an entity called Global Certification Service Centre (GCSC), will take up the legal responsibility. As such, enhanced security will be ensured for international electronic transactions.

The GCSC is an important element in the system. Offering a national single point of certification for all the subscribing certification authorities and enterprises, it provides the trust gateway between the certification authorities and the global customers and enterprises who actually use their certificates.

In a typical GCS model, the global network is designed as a full peer-to-peer network with a local presence in each country - a GCSC. These centres are connected to the Internet and each centre operates under the jurisdiction of the host country.

Reliable verification

Let's explore how GCS works. When an enterprise receives a digital transaction from its customer, it submits the transaction for signature and assurance processing to the Global Certification Appliance - which is a rank-mounted computer. The appliance verifies the signature and formats a request to obtain assurance from the local GCSC.

The GCSC then determines the origin of the certificate. If the assurance originates in the same country as the GCSC, an assurance can easily be generated locally. Certificate chain validation will be performed, after which a response will be generated. The request is digitally signed by the GCSC and returned to the requester, the Global Certification Appliance. The appliance finally approves the transaction to the business application.

If the assurance originates in a foreign country, the GCSC will locate a correct peer GCSC in the original issuing country. A formatted request will be sent to the target GCSC, which will then perform a validation process and return the results to the local GCSC. After that, the local GCSC will log and verify the response. Finally, the local GCSC will digitally sign the response before returning it to the customer's Global Certification Appliance.

In a nutshell, the validation process involves the following procedures:

  • The issuing certification authority subscribes to be part of the GCS
  • The certificate holder performs an online digital transaction with the acquiring enterprise
  • The acquiring enterprise, while not knowing if the transaction or certificate holder is valid, passes a request to the GCSC for processing
  • The GCSC validates the request and certifies the certificate holder with the issuing certification authority
  • A response is passed back to the acquiring enterprise with the certification results.

Saving resources

The application of GCS is advantageous to both enterprises and certification authorities. Since those certification authorities joining the GCS network will have reached an agreement with the GCSC regarding their duties and liabilities should any disputes arise, there will be clearly delineated liability boundaries even in complex transactions. Thus, enterprises will be able to trade confidently within legally recognized - and enforceable - parameters.

A simple, single-contact point for certification of transactions also means a saving in time and resources; and management overheads in maintaining and establishing global relationships with third parties can be reduced.

Finally, GCS usage results in a simplified global business process through one or two trusted local entities, essential for the expansion of business for most enterprises. With the GCS, enterprises will feel safe while doing international online transactions.

For certification authorities, the GCS creates an opportunity to market and sell more certificates into their chosen markets. This is beneficial to the development of the industry, and in future a wider application of digital certificates in electronic transactions can be envisaged. Moreover, with the backing of the GCS, the digital certificates issued by such certificate authorities can virtually be treated as globally recognised certificates, which again will be of great benefit to both the certificate holders and the certificate authorities concerned.

In addition, because of increased sales, the operational cost per certificate will be reduced. One the one hand, application services providers and certification authorities will generate more revenue from increased sales; on the other hand, customers are likely to benefit from the reduction of unit costs - creating a win-win situation.

A pilot scheme for the GCS is currently under way. As a major certification authority in Hong Kong, Digi-Sign Certification Services Limited, a wholly owned subsidiary of Tradelink Electronic Commerce Limited, has joined this pilot to explore the new concept. Although the full impact of the GCS is yet to be realized, true global certification for secured international online transactions is not far away, and could soon prove commonplace.
 
October 2004

divide
 


| Home | About Us | Site Map | Legal Notice | Privacy Policy | Help | Contact Us |
Tradelink Electronic Commerce Limited. All rights reserved.