Advanced electronic commerce security in a workflow environment

Abstract

We have presented the design for an EDI auditing and control workbench which can combine the use of workflow as a tool to control intra-enterprise documentation together with EDI as the means by which trade documents can be transferred between organisations. The security architecture outlined protects a company from the normal risks associated with electronic trading as well as providing some means of control over the ‘signing power’ allocated to employees of the enterprise. Keys issued to individuals are coupled with a control vector specifying the conditions under which the key can be used. By extending the control vector scheme with support from appropriate secure hardware modules, it is possible to allow an individual who ordinarily can only authorise a document at a given level to collaborate with employees at the same level to enhance this signing power to that of a higher level. This reflects existing practices within organisations when paper-based trading is in force.

Throughout all of the processing, explicit recognition is given to the requirements of both internal and external auditors. This is the final ingredient in a system that provides a firm basis for making the shift to true electronic commerce.