Search our
entire site
Enter your search
terms below, or visit
our search page

Search case
studies only
Enter your search
terms below:

For the table
of contents and
hyperlinks to
general topics
proceed to toc

Certificate Authorities

Resellers have the keys to secure e-commerce

Web-based electronic commerce is not a distant goal. It is a reality, and it's about to get very large, very quickly. Resellers, distributors, and systems integrators would be well advised to focus on the products that enable the irreversible tide of Internet transactions. Certificate authorities (CAs) are indispensable tools of e-commerce--they provide the signature for validating agreements between parties who never meet in person.

The need for a mechanism that verifies the authenticity of legally binding transactions over the Internet thrusts CAs into the spotlight. Resellers can take advantage of the opportunity CAs present by emphasizing to potential customers the time and money saved by combining standard digital certificates with customers' existing business processes. By detailing how companies can use CAs to work smarter on the Internet, a new market of e-commerce users can be developed--and using e-commerce products soon will become second nature.

VARs should not ask whether a corporate customer plans to jump on the e-commerce bandwagon, but should ask instead when and if the customer has the proper tools to take full advantage of the flexibility, savings, and new earnings potential that Web commerce promises. A company can benefit at so many functional levels--purchasing, sales, sales support, technical support--that they should immediately consider using the Internet for many different types of secure transactions.

With a CA, sharing information over the Web is immediate and secure, accelerating the rate of projects, commerce, and profitability. CAs should not be lumped in with a thick catalog of tools that merely serve to defend existing online information. Instead, customers must be made aware that CAs are offensive weapons that enable an enterprise to buy, sell, and build working relationships while increasing profitability all over a public network, which unites producers and customers worldwide.

Reduced Cost Of Sales

Parts of a company's supply chain are valuable, and parts of it are just plain expensive. Costs of labor and equipment for maintaining inventory, shipping, and customer-support systems off the Internet now appear quite prohibitive. Having people who otherwise could be developing relationships with suppliers or customers working on order entry and configuration is a waste of time with the availability of today's e-commerce technology.

VARs have a powerful selling point in convincing businesses to migrate their legacy systems to the Web, a move that will begin to peel away the links in the supply chain that separate producers from customers. For example, instead of a 15-minute customer support call on an 800 line costing tens of dollars, customers can get the assistance they need for tens of cents through a company's Web site--if it has access to the core information.

Companies implementing secure Web commerce are saving millions of dollars in customer acquisition, product configuration, price quotation, inventory analysis, order-fulfillment, and post-sale support, even if they still "sell" through traditional channels. Eliminated in the new Web commerce model are the various functions formerly handled by third-party product brokers. The "everywhere at once" capabilities of the Internet let corporate buyers search for the best prices on products and supplies themselves, without the assistance of brokers.

Naturally, the benefits of CAs apply to those buying online as well. Although some product listing and pricing information often is available online for a company's purchasing department to view, information regarding bulk pricing and other pricing policies often may be viewable only by authorized customers. Plus, a buyer needs a secure system to place orders, make payments, and track shipments. Having this confidential product information on a secure Web page protected by a CA system saves time and eliminates layers of labor and paperwork that raise costs for both buyers and sellers.

Virtual Private Internet

A certificate authority also can be the user-authentication and content-verification mechanism of a Virtual Private Internet (VPI). VPIs are Internet-based systems for communications and enterprise transactions. The Internet is the medium for a VPI, yet these virtual networks provide the same level of security as private lines through data security mechanisms, user authentication, and authorization--all inherent in a private system. A typical CA-based VPI configuration consists of a sender and recipient Web server protected by firewalls, each with access to a certificate-authority system.

Benefits of a CA-enabled virtual network include industrial-strength security, a flexible architecture that uses multiple browser and server applications across platforms, a fine-tuned level of access control that can grant access to different levels of users down to the document level, the ability to support various online and e-mail applications, and the ability to scale to thousands or even millions of users.

What Is A Certificate Authority?

During an Internet message or transaction, not only must parties offer guarantees of their identities but they also must ensure data integrity and confirm that the transfer of information did occur. Certificate authorities provide the electronic keys that form a directory of certificates to identify users owning the keys. Creating a signature begins when a sender produces a mathematical summary or digest of a message called a "hash." The hash is encoded via the sender's private encryption key and attached as a fingerprint to the message. The contents of the transmitted message cannot be changed without also changing the hash code. When the message is received, the attached hash code is compared to the hash code possessed by the recipient. If the two codes match, the recipient knows the message came only from the sender, and that the contents of the message were not altered (see Figure 1).

The encryption keys used to create digital signatures are filed in directories made up of "certificates" that identify the users with access to the keys. These certificates verify identities and provide better security than what is offered by password systems. These certificates contain the key, the user's name, the issuance and expiration date of the key, the name of the certificate authority that issued the certificate, the issuer's signature, as well as other information.

A certificate-authority service manages and distributes these certificates and the electronic keys. A commercial CA can be operated either in-house by a customer or outsourced to a trusted third-party CA service. A CA service is responsible for the complex process of registering new users, securing Web servers, distributing and updating private keys and certificates, recovering lost or forgotten keys, and maintaining audit trails that track any administrative changes made to the system (see Figure 2).

Five Ways CAs Energize E-Commerce

Deploying a certificate-authority system encourages the use of the e-commerce transactions that can:

• lower communications costs by taking advantage of the dramatic savings of using the Internet instead of expensive leased lines
• quicken access to markets by using the ever-growing reach of the Internet, exposing products and services electronically to countless new customers
• reduce the cost of sales by discouraging unnecessary investment in corporate network infrastructure
• improve remote access capabilities for telecommuting and traveling employees because only browser-based local Internet access is needed for a remote employee to access a Web-based legacy system
• turn the Internet into a revenue-generating tool instead of just an information-gathering resource

A reseller that details these benefits will profit from e-commerce as well. Resellers can build on the existing relationships they have with their customers to teach them about Internet products and services and explain how CAs turn the Web into a potential moneymaker. As examples of profitable implementations of CA-based Web applications proliferate, reseller opportunities will increase accordingly.

Sweep Out The Closet

For many IT departments, their concentrator closets are a nightmare of tangled cables and outdated modems that allow remote access to the network. This typical setup is unwieldy, costly to maintain, and not very secure. Larger companies often lease expensive T1 lines from the main network to the remote networks. All of this is currently necessary so an organization's legacy systems can be operated and accessed outside its headquarters.

Now VARs can help their customers sweep out the closet. The simple answer to this problem is a certificate authority. By transferring business-critical systems to a secure Web server, an enterprise relies less on modems, greatly reducing the amount of money spent to upgrade and maintain them. A Web-based system also frees a company from the staggering cost of leased network lines, and all of this comes with the added benefit of a higher level of system security. Resellers provide the value-add of system programming, installation and configuration, and sales and installation of the client and server hardware and software necessary to support a specific CA-based application. There is also a flight from value-added networks (VANs) to the Internet. VANs are usually expensive proprietary solutions that limit users to specific hardware and software platforms. They also require direct dial-up connections or dedicated telephone lines, which add additional expense. Also, in order to exchange EDI documents, companies must belong to the same VAN. The number of companies sharing these networks is minuscule compared to the near-entirety of the developed world that is linked to the Internet, which usually requires local "hub" access or the less-expensive local dial-in.

In addition, both companies communicating over a VAN must agree on a standard EDI format for purchase orders, invoices, and other electronic forms. Standard formatting is a hassle for one or both companies if existing electronic documents have to be redesigned. When customers ask why they should abandon their VAN, resellers should make it clear that VANs offer the security of isolation but limit the ability and up the costs to link with potential clients and customers throughout the world.

Faster Time-to-Market

Resellers have a new answer for corporate customers who wonder what it takes to start doing business with another company an ocean away. It can be as simple as issuing a digital certificate, e-mailing it to the recipient corporation, and telling it the name of the sender's home page. If the sender's internal systems are already Web-accessible, nothing more is necessary. Many applications, browsers, and Web servers are already certificate-ready, and for others, simple plug-in software is currently available. CAs can allow an enterprise to be conducting business on the Web in a matter of hours, not months.

Behind the security of a CA-based VPI, corporations can open their internal trusted systems to authorized partners over the Internet (see Figure 3). Early commercial deployment of the Internet, other than e-mail gateways, were basically electronic brochures with standard company information and marketing material. To successfully implement Web-based commerce, a company must create the forms and supply Web addresses for information that was previously relegated to proprietary networks.

But not all information that a company posts on the Web is accessible to everyone with a browser-secure pages are still used. When part of a CA-based VPI, trusted information detailing customers, business plans, product development, inventory, and other business processes can be posted on the Web, but accessed only by those approved by the CA and authorized by fine-grained access-control applications. With the help of the CA, all the systems needed to transact with remote partners are available to the select few granted access.

Business use of the Internet has grown from a public forum that showcases static information about products and services to a dynamic network for corporations to communicate with their remote locations and conduct both their confidential and everyday transactions. VARs familiar with the evolution of Web implementation, from the static to the dynamic, will profit from the sale of tools that protect these processes.

Becoming Mobile And Agile

The future belongs to the quick and the agile. The reality of highly competitive global markets dictates that for companies to survive and flourish, they must deploy tools that foster business intelligence and quick, efficient communication. The Internet is a world of public information to anyone who wants to search it, but it also can offer a secure thoroughfare for discourse on business planning and dealmaking critical to a corporation's future.

VARs who want to sell CAs as part of a secure VPI system can address issues critical to a company's survival--issues more critical than the security of any single online transaction. A VAR should ask if mergers and acquisitions are ongoing in the customer's industry: did the company predict the last one, and will it be part of the next one? Does the customer have the authentication infrastructure in place to make deals securely over the Web? If it is possible to partner with another company for a specific project, would that increase the customer's shareholder value?

If the answer is yes, then the customer should consider installing a CA-based secure VPI that can open a conduit for secure communication in just a matter of hours. A CA authorizes a business partner's access to corporate information based on the needs of a project workgroup, purchasers, or the executives conducting crucial negotiations. And once a project is completed or a deal is signed, authorization can be revoked by the certificate authority, and a secure Web page once again becomes off-limits to the partner.

TABLE OF CONTENTS