Security middleware for enhancing interoperability of Public Key Infrastructure

This paper describes a security middleware for enhancing the interoperability of public key infrastructure (PKI). Security is a key concern in e-commerce and is especially critical in cross-enterprise transactions. Public key cryptography is widely accepted as an important mechanism for addressing the security needs of e-commerce transactions because of its ability to implement nonrepudiation. The deployment of public key cryptography is facilitated by the provision of PKI which assures the integrity of cryptographic keys. Nevertheless, industry experiences have shown that the task of implementing PKI-based e-commerce applications is challenging. Prior studies have identified interoperability as a major issue that hinders the adoption of PKI in spite of its effectiveness in implementing strong security mechanisms and protocols. In this paper, we discuss the interoperability issue of PKI applications. This research is part of our effort in designing security infrastructure for ecommerce systems. A middleware architecture was designed to enhance interoperability of PKI applications. The security middleware aims to promote cross-enterprise cross-border e-commerce transactions. The proposed mechanism is proven to be practical in real deployment environment.