Using public-key infrastructures for security and risk management

Companies around the world are embracing electronic commerce, and within two years this long-heralded yet largely unrealized "killer application" for the Internet is poised for explosive 300 percent growth, according to Deloitte Consulting's 1998 Global Survey of Chief Information Executives. Security is an essential ingredient in enabling these electronic transactions. The fundamental requirements are to identify and authenticate the parties involved, and to protect the information from compromise. This article will describe the elements of public-key infrastructures, and show how they are well suited to provide these security services. The pioneering experience of Scotiabank, an early adopter of PKI technology and operator of one of the largest deployed PKIs on the Internet, is outlined.