Body language, security and e‐commerce
| Date | 01 March 2000 |
| Pages | 61-74 |
| Published date | 01 March 2000 |
| DOI | https://doi.org/10.1108/07378830010314483 |
| Author | Norman Desmarais |
| Subject Matter | Information & knowledge management,Library & information science |
Body language, security
and e-commerce
Norman Desmarais
Introduction
Security is a major concern for computer users
and system administrators. Whether to protect
confidential information in individual files, lock
a computer system to unauthorized users,
control access to an intranet or an extranet, or
conduct business on the Internet, one needs to
determine an appropriate level of security and
the effective means to achieve the objective.
The Internet uses simple mail transfer
protocol (SMTP) as the protocol to transmit
electronic mail and most business transactions.
These transmissions have as much privacy as a
postcard and travel over insecure, untrusted
lines. Anyone anywhere along the transmission
path can obtain access to a message and read
the contents with a simple text viewer or any
word processing program. Because the
transmission lines are insecure, it is easy to
forge e-mail or use another person's name.
Theft of identity is becoming the nation's
leading incidence of fraud. A person can even
claim that someone else sent a message, for
example, to cancel an order or avoid paying an
invoice.
Yet we continue to transmit purchase orders
and other private messages via e-mail in ASCII
text which is the least common denominator for
electronic text. The first objective to improve
security is to control physical access by limiting
it to authorized individuals. The principle is
that the fewer people who can get physical and
administrative access to sensitive files or to
server systems, the greater the security will be.
Most applications rely on passwords, cards,
personal identification numbers, and keys to
access restricted information or confidential
files. But passwords, cards, personal
identification numbers, and keys can be
forgotten, stolen, forged, lost, or given away.
Moreover, these devices serve primarily to
identify the person. They cannot verify or
authenticate that the person really is who he or
she claims to be. Systems that rely on IP
address verification limit access to users with a
specific domain name or Internet address.
Basically, this procedure identifies an individual
by the machine he or she uses. Anybody using a
particular computer can impersonate the
rightful owner; and authorized users trying to
obtain access via a different server or domain
The author
Norman Desmarais is Professor and Acquisitions Librarian
at Phillips Memorial Library, Providence College, Providence,
Rhode Island, USA; and Editor of
Electronic Resources
Review
, and a columnist for
Against the Grain
.
normd@providence.edu
Keywords
Data security, Electronic data interchange, Biometrics
Abstract
Security is be coming an incre asingly more im portant conc ern
both at the desktoplevel and at the network level. This article
discusses several approaches to authenticating individuals
through theuse of biometric devices.While libraries mightnot
implementsuch devices, they mayappear in the near future of
desktop computing, particularly for access to institutional
computers or for access to sensitive information. Other
approaches to computer security focus on protecting the
contents of electronic transmissions and verification of
individual users. After a brief overview of e ncryption
technologies, the article examines public-key cryptography
which is getting a lot of attention in the business world in
what is called public key infrastructure. It also examines other
efforts, such as IBM's Cryptolope, the Secure Sockets Layer of
Web browsers, and Digital Certificates and Signatures. Secure
electronic transmissions are an important conditio n for
conducting business on the Net. These business transactions
are not limited to purchase orders, invoices, and contracts. This
could become an important tool for information vendors and
publishers to control access to the electronic resources they
license. As license negotiators and contract administrators,
librarians need to be aware of what is happening in these new
technologies and the impactthat will have on their operations.
Electronic access
The current issue and full text archive of this journal is
available at
http://www.emerald-library.com
Other articles
61
Library Hi Tech
Volume 18 .Number 1 .2000 .pp. 61±74
#MCB University Press .ISSN 0737-8831
To continue reading
Request your trial