Public Key Infrastructure: Securing E-Business Across the Supply Chain
In an environment where ever increasing, and increasingly sensitive, corporate information is exchanged electronically, a secure electronic networking environment is critical. Public Key Infrastructure (PKI) offers a strong linkage between business identities and transactions throughout the supply chain. Recent advances in PKI that will build on and maintain trusted relationships across the supply chain are detailed in this paper.
Business is about establishing, maintaining and expanding trusted relationships and transactions. The future state of business with suppliers, customers and employees is going to be conducted electronically. This raises issues about security in particular about the ability to establish trust in the identity between communicating parties and secure the data transmitted between them. Public-key technology has become the preferred means for providing encryption and digital signature capabilities to establish a trustworthy networking environment. A Public-Key Infrastructure (PKI) enables e-businesses to establish, maintain and expand trusted relationships and transactions throughout the supply chain.
The E-Business Need
Enterprise Resource Planning (ERP) applications are increasingly utilized by organizations to capture valuable data, and improve and expand business processes. These ERP applications enable electronic commerce between internal business units and external supply chain business partners. Effective e-business solutions need to secure, then selectively unleash this data to employees, partners and customers across private and public networks.
E-Business Opportunities Require Robust Security
The Internet has emerged as an inexpensive, efficient means of conducting business. ERP applications take advantage of this medium to expand electronic business boundaries. The need to secure mission-critical transactions over this untrusted network increases as the value of online transactions and the number of online supply chain participants increase.
 |
|
| Figure 1. |
Public Key Infrastructure Management |
E-Business with PKI Keys and Certificates
Securing mission-critical transactions can be accomplished by integrating a PKI with supply chain applications such as Web servers, virtual private networks (VPN), SAP R/3, PeopleSoft, EDI, and more. Integration of a complete PKI, which manages the keys and certificates used to establish and maintain a trustworthy networking environment, provides confidentiality, authentication, integrity and trust for ERP transactions.
A PKI is the comprehensive system required to provide public-key encryption and digital signature1 services across a wide variety of applications. In the world of cryptography, the term "key" is a numerical value used by an algorithm to alter information, making that information secure and visible only to individuals who have the corresponding key to recover the information. For public-key cryptography, keys come in pairs of matched "public" and "private" keys. The public portion of the key pair can be distributed in a public manner without compromising the private portion, which must be kept secret by its owner. A message encrypted with the public key can only be undone with the corresponding private key.
 |
|
| Figure 2. |
A Certificate and its Contents |
Digital certificates are issued to users and applications throughout the supply chain. PKI-enabled ERP applications use these digital certificates to perform digital signatures to prove who the users are without the risk and cost associated with sharing and managing shared passwords. When done properly, certificates with a robust PKI provide a non-reputable mechanism to bind a user to a transaction.
The Result: PKIs Secure E-Business
The result of integrating a PKI with your e-business infrastructure, such as ERP applications, is a fundamentally more secure supply chain transaction environment. This trustworthy networking environment is conducive to reduced transaction costs, more frequent and higher value electronic transactions, reduced time to market, and ultimately greater competitiveness for the supply chain participants.
CONCLUSION
Private and public networks, such as the Internet, have opened up tremendous business opportunities to expand the supply chain transaction environment. However, the use of these untrusted networks has also brought new issues to light such as the need for security. The PKI addresses these issues by establishing and maintaining a secure, trustworthy networking environment. It achieves this by providing key and certificate management services that enable encryption and digital signature capabilities across multiple applications. A comprehensive PKI solution, enabling mission-critical communication over private and public networks, secures e-business across the supply chain.
| TABLE 1 |
Quick Reference to PKI Business Benefits
|
|
Business Need |
PKI Technology Solution |
| Data Privacy over untrusted networks |
Encryption |
| Data Integrity | Digital Signature |
|
Password management |
PKI does not require shared passwords. Password authentication is replaced with public key authentication techniques. |
| Electronic Authentication and Identity of transacting parties |
Digital Signature with PKI certificates
|
|
Strong binding between a user and a transaction |
Public Key Infrastructure - Digital Signature Encryption - Digital Certificates (X.509v3 Certificate) - Timestamping of transactions and events - Trust Management (Certificate Revocation) - Encryption Key Recovery PKI Integration with Business Applications |
About The Author
Michel Ranger
Director, Entrust Technologies
Mr. Ranger has been helping Entrust/PKI™ customers build secure e-business supply chains since 1994. His e-mail address is: michel.ranger@entrust.com
