Browse > Article

Development and Application of a Digital Certificate Classification Framework: A Configuration Perspective  

Kim, Chang-Su (School of Business, Yeungnam University)
Gafurov, Dilshodjon (School of Business, Yeungnam University)
Publication Information
Information Systems Review / v.11, no.3, 2009 , pp. 107-123 More about this Journal
Abstract
In this paper, we review digital certificate technologies and their applications in e-commerce. Current digital certificate technologies are evaluated and their importance is explained. The configuration of certificate flows from providers to users through software, hardware, and network technologies is described. These five domains and the configuration of digital certificate flows guide our review of the characteristics of digital certificates. We then develop a framework for the classification of digital certificates that integrate these five domains with VeriSign's types and levels of assurance. In order to demonstrate the adequacy of our digital certificate classification framework, we populated it with VeriSign's digital certificates. Within each domain, VeriSign's classes of digital certificates are classified in accordance with the VeriSign type and level of assurance. The results of our analysis suggest that the framework is a useful step in developing a taxonomy of digital certificate technologies. The strengths and weaknesses of the study are discussed, and opportunities for further research are identified and discussed.
Keywords
Digital Certificates; Digital Certificate Technology; Classification Framework;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Chheda, N., The Governing Dynamics of Digital Certificates: The Evaluation of the Adoption of Digital Certificates in the E-Business Environment., Temple University, Fox School of Business, Unpublished research, 2004
2 Gerck E., "Overview of Certification Systems: X. 509, PKIX, CA, PGP and SKIP", THE BELL, Vol.1, No.3, July 2000, pp. 3-8, (continued on http://www.thebell.net/papers/certover.pdf)
3 IdenTrust, IdenTrust ECA Digital Certificates, The IdentTrust ECA Program, 2007
4 Laudon, K. C. and P. Jane, Management Information Systems, Prentice-Hall, Inc., 2002
5 McKnight, D. H., V. Choudhury, and C. H. Kacmar, "Developing and Validating Trust Measures for e-Commerce: An Integrative Typology", Information Systems Research, Vol.13, No.3, September 2002, pp. 334-359   DOI   ScienceOn
6 VeriSign, The Latest Advancements in SSL Technology, White Paper, 2008
7 Wiedenbeck, S., J. Waters, J. Birget, A. Brodskiy, and N. Memon, "PassPoints: Design and Longitudinal Evaluation of a Graphical Password System", International Journal of Human-Computer Studies, Vol.63, 2005, pp. 102-127   DOI   ScienceOn
8 http8, http://www.techagreements.com/agreementreview.aspx?num = 23724&title = Microsoft%20/%20VeriSign%20~%20Preferred%20Provider% 20Agreement
9 http15, http://technet.microsoft.com/en-us/library/cc758348.aspx
10 Levi, A., and C. K. Koç6, "Inside Risks: Risks in Email Security", Communications of the ACM, Vol.44, No.8, August 2001, p. 112   DOI   ScienceOn
11 Venter, H. S., J. H. P. Eloff, A Taxonomy for Information Security Technologies, Elsevier, 0167-4048/03, 2003, pp. 299-307
12 Weise, J., Public Key Infrastructure Overview, SunPSSM Global Security Practice Sun Blue-PrintsTM OnLine, 2001
13 Hancock, B., "Digital Certificates Get Creative", Computers and Security, Vol.19, No.6, 2000, pp. 480-482   DOI   ScienceOn
14 Hunt, R., "Technological Infrastructure for PKI and Digital Certification", Computer Communications, Vol.24, 2001, pp. 1460-1471   DOI   ScienceOn
15 http13, http://www.securecomputing.com/index.cfm?sKey = 664
16 http14, http://www.aladdin.com/etoken/devices/pro-anywhere.aspx
17 Mott, S., "The Second Generation of Digital Commerce Solutions", Computer Networks, Vol.32, 2000, pp. 669-683   DOI   ScienceOn
18 Ward, M., "Digital Certificates and Payment Systems", Information Security Technical Report, Vol.2, No.4, 1998, pp. 23-31   DOI   ScienceOn
19 http6, http://en.wikipedia.org/wiki/Digital_certificates
20 http10, https://www.verisign.com/products-services/index.html
21 VeriSign, VeriSign Cable Modem Authentication Service, Data Sheet, 2005a
22 VeriSign, Maximizing Site Visitor Trust Using Extended Validation SSL, White Paper, 2007
23 Gerck, E., Comparison of Secure E-Mail Technologies X.509/PKI, PGP, and IBE. ICFAI University Press, 2007, pp. 171-196
24 Jaweed, S., "Could There Ever Be a Unitary Digital Certificate?", Information Security Technical Report, Vol.8, No.3, 2003, pp. 36-44   DOI   ScienceOn
25 http11, http://www.verisign.com/ssl/buy-ssl-certificates/secure-site-services/index.html
26 Cisco Systems, Inc., "Certificate Server: Simplifying IPSec VPN Deployment with Digital Certificates", Data Sheet, 2003, pp. 1-2
27 http5, http://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/rzahu/rzahutypesofcerts.htm
28 http12, http://en.wikipedia.org/wiki/Wireless_Application_Protocol
29 Josang, A., D. Povey, and A. Ho, "What You See is Not Always What You Sign", In the proceedings of AUUG2002, Melbourne, September 2002. Vol.4, No.6
30 VeriSign, What Every E-business Knows About SSL Security and Consumer Trust, Business Guide, 2005c
31 http3, http://www.computerworld.com/action/article. do?command = viewArticleTOC&special ReportId = 11&articleId = 62002
32 http1, http://www.arx.com/digital-signatures-faq.php
33 http4, http://www.geotrusteurope.com/enterprise_ssl/enterprise-ssl.htm
34 Lioy, A., M. Marian, M. Moltchanova, and M. Palapast, "PKI Past, Present and Future", Vol. 5, No.1, January 2006, pp. 18-29
35 Oracle, Managing E-Business Security Challenges. White Paper, 2002
36 http7, http://www.gsa.gov/aces
37 Bosworth, K. P. and N. Tedeschi, "Public Key Infrastructures-The Next Generation", BT Technology Journal, Vol.19, No.3, July 2001, pp. 44-59   DOI   ScienceOn
38 http16, http://technet.microsoft.com/en-us/library/cc778623.aspx
39 Aladdin, Using EntrustTM Digital Certificates with eToken, 2001, www.eAladdin.com
40 VeriSign, VeriSign Microsoft Office/Visual Basic for Applications (VBA) Code Signing Digital Certificates, Business Guide, 2005b
41 Chau, J., "Digital Certificates-Is Their Importance Underestimated?", Computer Fraud and Security, December 2005, pp. 14-16
42 Lopez, J., R. Oppliger, and G. Pernul, "Why Have Public Key Infrastructures Failed so Far?", Internet Research, Vol.15, No.5, October 2005, Emerald, Bradford, England
43 Nambiar, S., C. H. Lu, and L. R. Liang, "Analysis of Payment Transaction Security in Mobile Commerce", Information Reuse and Integration, Proceedings of the 2004 IEEE International Conference, Vol.8, No.10, 2004, pp. 475-480
44 http9, https://www.verisign.com.au/repository/tutorial/digital/intro1.shtml
45 Schneier, B., "Two Factor Authentication: Too Little, Too Late", Communications of the ACM, Vol. 48, No.4, April 2005, p. 136   DOI   ScienceOn
46 Wilson, S., "Digital Signatures and Future of Documentation", Information Management and Computer Security, Vol.7, No.2, 1999, pp. 83-87   DOI   ScienceOn
47 VeriSign, Digital ID: A Brief Overview, White Paper, 2004
48 http2, http://www.computerworld.com/printthis/2001/0,4814,61990,00.html