According to one authority, there are five key elements needed for secure transactions over an open network. They are authentication, authorization, confidentiality, integrity, and message validation.2
Authentication: who are you? How does the vendor know it is you? Next, how can vendors be certain that the order being placed with them is from a valid customer? One of the methods being suggested is the Intel Pentium III processor. The feature is the one that concerns many privacy activists. Embedded in the chip is a processor serial number. It will allow a business receiving orders to positively identify those sending the orders. This in conjunction with a password will positively identify their customers. Only time will tell how or if this feature will be used.
Authorization: are you authorized to make a purchase? What else will we let you do? Will I let you look at my product files? Will I let you see my drawings, inventory levels, and order status?
Confidentiality: can we be sure that our messages are not intercepted or shared with others? If password security is practiced on both ends of the transmission, there should be little or no problem there. The only question is the security of the Web provider. Is their system secure? For the most part, the answer to that question is yes.
Integrity: Is what you sent me correct? How reliable is it? I think that this is no longer a real issue. The basic mechanism to ensure that a message is transmitted without error from sender to recipient is in place. How many of you have received a message that was garbled in transmission? I wish I could blame misspelled words in my e-mails on garbled transmission rather than my poor typing skills.
Several security issues exist. They include protection of the customer's information and assurance that the order placed by the customer is valid. Will your competitors get access to your electronic sales or purchase information? In fact, there are easier ways for your competitors to get that information, ranging from diving into your trash to bugging your property. Unfortunately, this is a very real issue.
The threat of having a vendor share information with a competitor is real but unlikely. The short-term gain that a company might get from sharing data with unauthorized companies and individuals will be outweighed by the long-term damage that will be done to them. The company will never be able to do business again in that supply chain, and their long-term reputation will be destroyed. What is the true value of that short-term gain?
The first supply chains that can overcome the security issues and make full use of E-commerce will be in a position to literally drive their competitors out of business. For example, Wal-Mart believes that its internal and external processes of inventory management provided a competitive advantage. It has filed a lawsuit to protect those processes.
Digital Signature Standards and Certification Authorities
"Cyberspace security" has taken some giant leaps in the last year. There are three common methods of certification in use today. They are based on X.509 certificates and certification authorities, PGP and SKIP. There is not enough time or space to address them fully here. For an extensive discussion of the subject, I recommend that you look at the article listed in the bibliography on certification systems.
A pilot program was run last summer to test security. It was put together by several state groups including the National Association of State Purchasing Officials, banks, and technology companies. A second program will test Web site certification. This will ensure that bogus Web sites do not absorb private information to which they should not have access. To accomplish this, a third party certifies Web sites. This third party becomes a certification authority (CA). They in effect act like credit card companies. Credit card companies certify that we can pay for our purchases. The CAs certify that the site that we will be placing our purchase with will provide us with the desired product. In short, you will be safer in making a purchase on the Internet than making
purchases on the telephone and giving your credit card to some stranger.
The results of the tests were not available at the time this paper had to go to the publisher. Information on these tests will be presented at the conference.
Into the Gap
The Better Business Bureau (BBB) has stepped into the gap and is providing certification in two areas. The first is security. Businesses that meet the security standards will be authorized to place a symbol on their site. As of now only 14 sites are approved to display the logo, with over 240 more awaiting approval. The second area allows qualified sites to display an electronic BBB logo. The BBB has built in a methodology that ensures only qualified sites can display the logo.
To Be Continued
For balance of this article, click on the below link:
Need help in bringing this training to your company, may I
suggest that you forward this Web page to your leader. If you do,
we'll send you our Power-Point presentation, "7-Rules for Surviving in an Entirely New Economy."
To open the
"Forward to" form:
To stay current on Lean Management Basics and
Best Practices, subscribe to our weekly MBBP Bulletin... and we'll send you
presentation, "Introduction to Kaizen Based Lean Manufacturing™." All at no cost of course.
personal information will never
be disclosed to any third party.
what one of our 13,000 plus subscribers
wrote about the MBBP Newsletter:
"Great manufacturing articles. Thanks for the insights. I often share portions of your articles
with my staff and they too enjoy them and fine aspects where they can
integrate points into their individual areas of responsibilities. Thanks
Kerry B. Stephenson. President. KALCO
to Basics" Training for anyone ... anywhere ... anytime
6003 Dassia Way, Oceanside, CA 92056
West Coast: 760-945-5596