WHAT'S THIRD PARTY CERTIFICATION?
Third party certification is an assessment implemented to make sure there is compliance with industry standard. This method of securing transactions on the internet is well-embraced because it uses independent party.This technique is done by a third party organization that is qualified and licensed to issue certification. Certification will be licensed when the assessment is completed successfully.
WHAT'S UP?
Now we all know, of course, that "trust" is very very important when it comes to buying and selling online. Most people refuse to transact on the internet is because they lack of this element. Users are afraid that the sellers are either just pure scam bag, sending wrong items or poor quality items. On the other hand, sellers will also worry if the buyer is not genuine. I personally confess that I do not really trust buying things online because I simply do not have confidence in abstract shopping. Thus, what is stopping e-commerce is the "lack of trust" issue.
In the light of all these, MSC TrustGate and VeriSign have given solution to this matter, which is by the "third party certification". MSC Trustgate.com Sdn Bhd is a licensed Certification Authority (CA) operating within the Multimedia Super Corridor. MSC Trustgate was incorporated in 1999 to meet the growing need for secure open network communications and become the catalyst for the growth of e-commerce, both locally and across the ASEAN region.
TrustGate is licensed under the Digital Signature Act 1997 (DSA), a Malaysia law that sets a global precedent for the mandate of a CA. As a CA, Trustgate’s core business is to provide digital certification services, including digital certificates, cryptographic products, and software development.
TrustGate is also committed to provide the finest Public Key Infrastructure (PKI) to assist all types of companies and institutions conducting their business over the Internet.
Moving on to VeriSign Inc, it is the trusted provider of Internet infrastructure services for the networked world. Billions of times each day, our SSL, identity and authentication, and domain name services allow companies and consumers all over the world to engage in trusted communications and commerce.
HOW DO THESE TWO SYSTEMS WORK?
1. Cryptography, the science of coding messages so that only a specific audience understands them, is an ancient craft that has become a highly specialized science in the digital age. Certificate authorities, like a latter-day notary public, provide encryption services for "netizens" of the world wide web that insure security for anything from credit card purchases to national defense intelligence.
2. Verisign/TrustGate, the certificate authority (CA) organizations, assigns a digital signature to a customer that contains two encrypted codes called keys--a private key that certifies the customer and a public key, which certifies the customer to anyone using the customer's web site. These codes form what is called a "secure socket layer", or SSL (a digital system developed by Netscape) that insures the website's authenticity.
3. Verisign/TrustGate verifies web sites using a process that examines traditional documents like articles of incorporation and business licenses as well as digital verification of each site operated by the organization. It is this certification process that is represented by the Verisign/TrustGate trademark on participating web sites. The trademark is generally found in an upper or lower corner of a page and any order forms where personal information is requested should display one. Most Windows systems also display a warning screen when the computer switches to secure mode.
4. Each web site is issued a public key and a private key. The public key allows consumers or users to encrypt their transactions using SSL technology. The private key allows authorized users of the web site to receive information sent using the public key. This double-handshake system assures consumers that their transaction is secure and that only authorized representatives of the recipient's company have access to the information (like credit card numbers or bank information) they've sent.
5. Public and private key encryption has been used by merchants for years, but many banks are beginning to add another layer of security for consumers by providing systems that allow the consumer to verify with his own private key. Although this adds a second step to the log-in process for banking and other financial activities, it is the next step in secure encryption and will become more prevalent as CA's develop new ways to protect against cyber-theft and terrorism.
6. Verisign/TrustGate session services are available in various bit (number or pieces of data, or complexity of codes) sizes, beginning with 128 or 40 bits. Public/private keys within certificates are issued in 512 or 1024 bit packages. Since Verisign/TrustGate IDs work on almost all browsers, these companies have become pre-eminent, controlling a majority of certification of sites.
IS THE IMPLEMENTATION OF THIRD PARTY CERTIFICATION IMPROVING CUSTOMER TRUST?
1.Easy-to-use and manage with Web-based user and administrator services.
Customer are able to register or apply for extra certification through via web, thus, it will help customers to have faith on the third party programme because so simple to use and it doesn’t require complicated procedures.
2.Efficient of management of digital certificates.
Customer authorization for digital certificate and certificate issuance are done via Web-based service. Both customer and administrator services are browser-based and accessed through the Web. Therefore, it will tremendously strenghthen customer trust because they can access the digital certification and inquire about the certificate online.
3. Availability of solutions
Customer will have a better solution provided by the administrator if there are any threats that tampers the company system. The user can contact the administrator to provide a solution to the customer to solve the problem. All in all, it will increase customer trust because of the efficient and effective management of the programme.
4.Complete control over digital certificate issuance, usage, certificate content.
By having this application users would have ultimate control over the service level and certificate. Unlike other public CA deployment model which customer only can rely on the public CA.
PROBLEMS WITH VERISIGN'S NEW FLASH-BASED "TRUST MARK" SEAL.
The newly designed VeriSign Trust Mark is positioned as a way for VeriSign's customers to better communicate the authenticity of their site to potential consumers online. Unfortunately, they implemented it very poorly. One of the Flash designer and developer, analyzed their implementation and found numerous problems, including several ways in which it can be trivially spoofed. His analysis, with a live demonstration, appears at http://www.infinitumdesign.com/verisign.html
Well, in my opinion, third party certification definitely helped in the trust issue by minimizing risk of information being leaked or exposed. However, nothing is a guarantee, so as users of internet, we should be more aware of the current issues on information privacy breaches and equip ourselves with necessary knowledge to avoid damages transacting online.
Third party certification is an assessment implemented to make sure there is compliance with industry standard. This method of securing transactions on the internet is well-embraced because it uses independent party.This technique is done by a third party organization that is qualified and licensed to issue certification. Certification will be licensed when the assessment is completed successfully.
WHAT'S UP?
Now we all know, of course, that "trust" is very very important when it comes to buying and selling online. Most people refuse to transact on the internet is because they lack of this element. Users are afraid that the sellers are either just pure scam bag, sending wrong items or poor quality items. On the other hand, sellers will also worry if the buyer is not genuine. I personally confess that I do not really trust buying things online because I simply do not have confidence in abstract shopping. Thus, what is stopping e-commerce is the "lack of trust" issue.
In the light of all these, MSC TrustGate and VeriSign have given solution to this matter, which is by the "third party certification". MSC Trustgate.com Sdn Bhd is a licensed Certification Authority (CA) operating within the Multimedia Super Corridor. MSC Trustgate was incorporated in 1999 to meet the growing need for secure open network communications and become the catalyst for the growth of e-commerce, both locally and across the ASEAN region.
TrustGate is licensed under the Digital Signature Act 1997 (DSA), a Malaysia law that sets a global precedent for the mandate of a CA. As a CA, Trustgate’s core business is to provide digital certification services, including digital certificates, cryptographic products, and software development.
TrustGate is also committed to provide the finest Public Key Infrastructure (PKI) to assist all types of companies and institutions conducting their business over the Internet.
Moving on to VeriSign Inc, it is the trusted provider of Internet infrastructure services for the networked world. Billions of times each day, our SSL, identity and authentication, and domain name services allow companies and consumers all over the world to engage in trusted communications and commerce.
HOW DO THESE TWO SYSTEMS WORK?
1. Cryptography, the science of coding messages so that only a specific audience understands them, is an ancient craft that has become a highly specialized science in the digital age. Certificate authorities, like a latter-day notary public, provide encryption services for "netizens" of the world wide web that insure security for anything from credit card purchases to national defense intelligence.
2. Verisign/TrustGate, the certificate authority (CA) organizations, assigns a digital signature to a customer that contains two encrypted codes called keys--a private key that certifies the customer and a public key, which certifies the customer to anyone using the customer's web site. These codes form what is called a "secure socket layer", or SSL (a digital system developed by Netscape) that insures the website's authenticity.
3. Verisign/TrustGate verifies web sites using a process that examines traditional documents like articles of incorporation and business licenses as well as digital verification of each site operated by the organization. It is this certification process that is represented by the Verisign/TrustGate trademark on participating web sites. The trademark is generally found in an upper or lower corner of a page and any order forms where personal information is requested should display one. Most Windows systems also display a warning screen when the computer switches to secure mode.
4. Each web site is issued a public key and a private key. The public key allows consumers or users to encrypt their transactions using SSL technology. The private key allows authorized users of the web site to receive information sent using the public key. This double-handshake system assures consumers that their transaction is secure and that only authorized representatives of the recipient's company have access to the information (like credit card numbers or bank information) they've sent.
5. Public and private key encryption has been used by merchants for years, but many banks are beginning to add another layer of security for consumers by providing systems that allow the consumer to verify with his own private key. Although this adds a second step to the log-in process for banking and other financial activities, it is the next step in secure encryption and will become more prevalent as CA's develop new ways to protect against cyber-theft and terrorism.
6. Verisign/TrustGate session services are available in various bit (number or pieces of data, or complexity of codes) sizes, beginning with 128 or 40 bits. Public/private keys within certificates are issued in 512 or 1024 bit packages. Since Verisign/TrustGate IDs work on almost all browsers, these companies have become pre-eminent, controlling a majority of certification of sites.
IS THE IMPLEMENTATION OF THIRD PARTY CERTIFICATION IMPROVING CUSTOMER TRUST?
1.Easy-to-use and manage with Web-based user and administrator services.
Customer are able to register or apply for extra certification through via web, thus, it will help customers to have faith on the third party programme because so simple to use and it doesn’t require complicated procedures.
2.Efficient of management of digital certificates.
Customer authorization for digital certificate and certificate issuance are done via Web-based service. Both customer and administrator services are browser-based and accessed through the Web. Therefore, it will tremendously strenghthen customer trust because they can access the digital certification and inquire about the certificate online.
3. Availability of solutions
Customer will have a better solution provided by the administrator if there are any threats that tampers the company system. The user can contact the administrator to provide a solution to the customer to solve the problem. All in all, it will increase customer trust because of the efficient and effective management of the programme.
4.Complete control over digital certificate issuance, usage, certificate content.
By having this application users would have ultimate control over the service level and certificate. Unlike other public CA deployment model which customer only can rely on the public CA.
PROBLEMS WITH VERISIGN'S NEW FLASH-BASED "TRUST MARK" SEAL.
The newly designed VeriSign Trust Mark is positioned as a way for VeriSign's customers to better communicate the authenticity of their site to potential consumers online. Unfortunately, they implemented it very poorly. One of the Flash designer and developer, analyzed their implementation and found numerous problems, including several ways in which it can be trivially spoofed. His analysis, with a live demonstration, appears at http://www.infinitumdesign.com/verisign.html
Well, in my opinion, third party certification definitely helped in the trust issue by minimizing risk of information being leaked or exposed. However, nothing is a guarantee, so as users of internet, we should be more aware of the current issues on information privacy breaches and equip ourselves with necessary knowledge to avoid damages transacting online.
1 comments:
hmmmph... this information is really helpful. Now i'm more confident in online transactions, as long as the website is well-secured.Thanks!
Post a Comment