Providing Cost-effective Security Functionality into Applications

Abstract

This paper asserts that the current approach to the use of asymmetric cryptography and the provision of digital certificates is overly cumbersome, expensive and forces unreasonable requirements on standard business users and consumers; so they ignore or resist their use. In addition, many web-based applications are emerging without appropriate security functionality built-in. It proposes the management of digital certificates within an enhanced commercial environment using best practice personnel recruiting and management procedures and best practice information security management combined with enhanced cryptographic services within the installed base of the corporate IT infrastructure. This, combined with a security middle layer based on the XML Key Management Specification will suffice. The benefit is commercially "fit-for-purpose" identity management, and security functionality, provided at a corporate level, which meets the requirements of applicable law whether it is the EU Directive, or other legislation such as the US HIPAA and Sarbanes-Oxley law.