Abstract
We have presented the design for an EDI auditing and control workbench which can combine the use of workflow as a tool to control intra-enterprise documentation together with EDI as the means by which trade documents can be transferred between organisations. The security architecture outlined protects a company from the normal risks associated with electronic trading as well as providing some means of control over the ‘signing power’ allocated to employees of the enterprise. Keys issued to individuals are coupled with a control vector specifying the conditions under which the key can be used. By extending the control vector scheme with support from appropriate secure hardware modules, it is possible to allow an individual who ordinarily can only authorise a document at a given level to collaborate with employees at the same level to enhance this signing power to that of a higher level. This reflects existing practices within organisations when paper-based trading is in force.
Throughout all of the processing, explicit recognition is given to the requirements of both internal and external auditors. This is the final ingredient in a system that provides a firm basis for making the shift to true electronic commerce.
Preview
Unable to display preview. Download preview PDF.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1996 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tewari, H., McCourt, M., O'Mahony, D. (1996). Advanced electronic commerce security in a workflow environment. In: Adam, N.R., Yesha, Y. (eds) Electronic Commerce. EC 1994. Lecture Notes in Computer Science, vol 1028. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-60738-2_14
Download citation
DOI: https://doi.org/10.1007/3-540-60738-2_14
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-60738-0
Online ISBN: 978-3-540-49355-6
eBook Packages: Springer Book Archive