Title: PKI in B2C E-Commerce

Year of Publication: 2013
Page Numbers: 228-235
Authors: Pita Jarupunphol, Wipawan Buathong
Conference Name: The International Conference on E-Technologies and Business on the Web (EBW2013)
- Thailand


General purpose (open) and application-specific (closed) PKIs are two main categories of PKI that support a variety of cryptographic operations for providing secure environment. SSL/TLS and SET are two distinct security protocols utilising these PKI categories for securing e-commerce transactions. While the former protocol categorised as a general purpose PKI has been playing an important role in e-commerce security, there were several implementation issues associated with the latter protocol designed to support an application-specific (closed) PKI. Although resistance from e-commerce end-users to SET implementation implies that an application-specific PKI is not appropriate for an uncontrollable environment such as e-commerce, we discovered that this type of PKI has integrated with existing widely used technologies and should be considered as potential security risks for the users.