Previous | Table of Contents | Next |
Integrity is the concept that none of the information involved in a transaction is modified in any manner not known or approved by all the participants in the transaction, either while the transaction is in progress or after the fact. In the previous homework example, when the student turns in the homework, the total transaction may not actually be concluded until the teacher reviews the homework and records a grade. In this simple example, the integrity of the information is maintained by the teacher keeping the homework in controlled possession until it is graded and the grade recorded. The students integrity facility in this case is to get the homework back from the teacher and be able to review it to make sure that its in the same state as when it was turned in.
For the homework example, the integrity of the transaction system is typically not of paramount importance to the student since teachers dont often maliciously modify homework in their possession. The teacher might be more concerned with the integrity of the informationfirst, in the sense of knowing that the homework hasnt been modified since it was turned in (usually not too likely), and second, in knowing that the homework was actually done by the student.
This latter aspect is often not guaranteed by any stringent mechanism in the case of homework. In the case of examinations, which might be viewed as more valuable, more proactive mechanisms are sometimes used. For example, some universities make use of an honor code under which a student might be required to attest to the fact that an examination was completed by the student and that the student neither gave nor received any assistance during the examination proper. Providing mechanisms to facilitate this concept in the highly dispersed environment of electronic transactions across a wide area computer network is a bit more challenging.
Nonrepudiation is establishing the fact of participation in a particular transaction by all the parties to the transaction, such that none of the parties can claim after the fact that they did not actually take part in the transaction. Mechanisms to facilitate this concept are typically closely related to the mechanisms used to authenticate identity. In many discussions, the two concepts are viewed as essentially equivalent.
Note:
Of these five characteristics of security, it is the concept of privacy that precipitates the greatest concerns on the part of governmental entities. As you will see, encrypting information through mechanisms that allow only the intended participants of a transaction to be able to understand it is often a highly regulated capability. The same encryption mechanisms used to establish privacy can often also be used to authenticate identity. When used for authentication, encryption is viewed much more benignly by governmental entities than when used for privacy.
The previous section defines some of the abstract characteristics of security as it relates to a variety of transactions. This section defines the components of a networked system; that is, those elements comprising a system through which transactions can be realized. More specifically, this networked system uses smart cards as an integral element of the security infrastructure.
Smart cards use a computer platform on which information can be stored such that access to it can be strictly controlled by the cardholder, the card issuer, or the provider of any specific applications on the card. Further, software can be executed on the card under strict control of either the cardholder, the card issuer, or the provider of specific applications on the card. Given these characteristics, the smart card provides a variety of useful security characteristics, including
A smart card can represent the cardholder in an electronic environment. Further, the card can be programmed to require some type of identity authentication from the cardholder before it will provide such electronic representation for the cardholder. That is, the smart card can use a variety of mechanisms in a transaction with the cardholder through which the cardholder convinces the card that it should act on the cardholders behalf. Some of the mechanisms used by the card to authenticate the identity of the bearer include
The identity authentication transaction that occurs between the card and the cardholder is a rather complete specific example of the transaction that one wants to occur generally through the enabling actions of the card. Both sides of the transaction (that is, the card and the cardholder) must be concerned with
Previous | Table of Contents | Next |