Why current systems should make you think twice before using the internet for business communication.

Growth in the use of the Internet for business communication is currently constrained by a number of concerns:

• Identity of correspondent
• Security
• Confirmation of delivery/receipt
• No historical records for certificates
• Lack of flexibility
• No international legal framework for digital communication

• The identity of an internet correspondent is never guaranteed
• Is your transmission actually going where you think it is?
• How do you establish the identity of a correspondent organisation (and, if required, the individual within that organisation)?
  
  The Credentials Solution
  • A series of confirmations is issued by organisations (Credential Holders) known to and trusted by the parties to the transmission, such as clearing banks, with whom a relationship of confidentiality and trust will already exist.
  • Each party's Credential Holders will provide identification of the other correspondent and their public keys, which may be used to verify signatures embedded in the distribution.
  • The sending organisation's internal signing authorities can also be verified without public disclosure of its directory/name & address book.

Confirmation of delivery/receipt

• No certainty that the transmission has arrived at its destination
  
  The Credentials Solution
  • Non-repudiation - the sender will receive date- and time-stamped confirmation of delivery to the receiving organisation's mail system (post-room)
  • Messaging audit trail - both parties retain logs of mail sent and receipts generated

Security

• eMail source addresses can be faked
• Such current certification procedures as exist, designed to provide a degree of comfort as to the internet correspondent, are cumbersome and must constantly be checked to ensure that certificates have not been revoked.
  
  The Credentials Solution
  • Identification and public keys are issued at the time of transmission as a one-time authentication
  • No need to check for revocation
    

The Credentials Solution
• Credentials attaches electronic signatures to all transmissions, allowing the recipient to validate the sender's ID and document integrity.

No historical records for certificates

• Current certification systems (identifying correspondents) delete certificates as soon as they are revoked/replaced. No record of historical certificates is maintained, should proof of certification be required at a later date
• Expired certificates can not, in any event, be used retrospectively to validate authenticity
  
  The Credentials Solution
  • All Credential Holders will maintain historical records of:
  • requests for correspondent information
  • relevant identification and public keys returned
  • The key history is therefore available, should proof be required at some later date.
  • Credential Holders do not, however, have any knowledge of the content of any transmission.

Lack of flexibility

• VANs/any forms of network restrict communications to a defined set of correspondents. Additions to the set are cumbersome.
• No scope for secure communication with external parties who may be potential clients or trading partners.
  
  The Credentials Solution
  • Any business internet subscriber is a potential secure correspondent, client or trading partner.

No international legal framework for digital communication

• Some countries are beginning to put legal frameworks in place but there is no international industry standard. For example, the relevant law in Japan directly contradicts German law
  
  The Credentials Solution
  • Clients sign a Memorandum of Understanding, which voluntarily extends their obligations to include the Credentials framework and represents a simple, traditional contractual obligation. Each Credentials client undertakes, via a publicly available document, to honour any transmission properly validated via the Credentials system.

Installation

• The Credentials product involves minimal initial installation and subsequent maintenance/supervision. It sits on the Client's firewall, outside any secure areas.