Next issue (February 2003): Human-Computer Interaction Preview of  Vol. III, Issue no. 6, December 2002 Security in e-Commerce  Published on behalf of CEPIS by Novática (ATI, Spain)  Summary and abstracts Click here for full edition Guest Editors: Javier Areitio-Bertolín, Javier López-Muñoz,  José A. Mañas-Argemí, and Stephanie Teufel

Website hosted by

Presentation. e-Commerce: Security and Trust
(includes a list of Useful References for those interested in knowing more about Security in e-Commerce)
Javier Areitio-Bertolín, Javier López-Muñoz, José A. Mañas-Argemí, and Stephanie Teufel
Abstract: The guest editors present the issue and describe its purpose and contents.

A Best Practice Guide for Secure Electronic Commerce
Sokratis K. Katsikas and Stefanos A. Gritzalis
Abstract: This paper puts forward “A Best Practice Guide for Secure Electronic Commerce” on the grounds that Security for e-Commerce must be thought of as a primary functional requirement and therefore must be designed and implemented a priori, in such a way that it will not constitute a hindering factor, but an enabler.

Public Key Infrastructure in Switzerland
Stefano Casa and Thomas Schlienger
Abstract: The authors offer an overview of how to implement Public Key Infrastructure (PKI) and how it is regulated in Switzerland.

CPC-OCSP: an Adaptation of OCSP for m-Commerce
José L. Muñoz-Tapia and Jordi Forné-Muñoz
Abstract: A modification of the revocation system OCSP, Online Certificate Status Protocol, used in Public Key Infrastructure (PKI) is presented. According to the authors, CPC-OCSP is particularly appropriate for use in wireless certification environments, which will be an aid to the development of mobile Commerce applications.

New Threats to Internet Electronic Commerce
José-María Sierra-Cámara, Julio-César Hernández-Castro, and Arturo Ribagorda-Garnacho
Abstract: This paper describes how search engines can be used as tools to make an attack on a company’s web server, and explains some of the measures that can be implemented to make it harder for these attacks to succeed.

CREDO: A Secure System for the Remote Certification of Documents
Francisco J. Rico-Novella, Jordi Forga-Alberich, Emilio Sanvicente-Gargallo, Jorge Mata-Díaz, Juan-José Alins-Delgado, and Luis de la Cruz-Llopis
Abstract: This paper presents the CREDO system for remote certification of documents, which generates unduplicatable documents with an associated monetary value, in an individual and decentralized way.

An Access Control Method for Mobile Agents in Sea-of-Data Applications
Guillermo Navarro-Arribas, Sergi Robles-Martínez, and Joan Borrell-Viader
Abstract: A resource access control method based on RBAC using SPKI certificates is presented. It is part of a secure platform for mobile agents, project MARISM-A, for Sea-of Data applications (mass processing of distributed data).

Security Architecture for Agent Communication
Luis Mengual-Galán and Julio García-Otero
Abstract: The authors present a security architecture that enable communication between distributed entities and incorporates the innovative concept of automatic implementation of security protocols.

Privacy, Personalisation and Security Management
Andreas Erat
Abstract: In this paper the author explains the importance of good customer data security management in e-Commerce, with special reference to privacy.
 

Javier Areitio-Bertolín is a Full Professor of the Faculty of Engineering, Dpt. of Telecommunications, Universidad de Deusto (Bilbao, Spain). He forms part of CORDIS (Community Research and Development Information Service) European Commission, Directorate General XIII-D.2. He is a Tutor at the AECI (Spanish Agency for International Cooperation). He is a regular speaker, moderator and evaluator at Conferences, Seminars and Symposia and is author of more than 200 scientific articles in specialist reviews, and is the author of technical books on Security in Computer Networks, Cryptography and Cryptoanalysis. He currently directs projects such as Security/Cryptology in Information and Communication Technologies with various Spanish companies and he participates in European projects with other universities. He belongs to several Spanish and foreign associations including ATI where he is the coordinator of the Technical Section “Security” of
their review, Novática. <jareitio@eside.deusto.es>

Javier López-Muñoz is a Doctor of Engineering in Computer Science, attached to the Area of Telematic Engineering of the Dept. of Computer Languages and Science of the Universidad de Malaga, Spain. He teaches as a Tenured Professor at the ETS (Higher Technical School) of IT Engineering at the same university and carries out his research work in the GISUM (Malaga University Software Engineering Group) group, where he coordinates the Security subgroup. His research work is centred around the area of Security in Communication Networks and Electronic Commerce, having carried out part of that research in various universities in the USA specializing in the subject. In GISUM he is the technical head of several research projects related with practical aspects of Security in ICTs, one of the most important of which is the international project “Global PKI” of the Japanese Telecommunications Advancement Organization. He is also Technical Director of the IST project “CASENET” of the Fifth European Union Framework Programme. <jlm@lcc.uma.es>

José A. Mañas-Argemí is a Telecommunications Engineer and a Doctor of Computer Science, Full Professor of Telematic Systems Engineering in the ETSI (Higher Technical School of Engineering) of Telecommunications of the Universidad Politécnica de Madrid, Spain. His specialisation is in communication networks (Internet in particular) and security (cryptography and secure protocols for communications and payment systems). He has participated in the creation of an Internet banking service for the Spanish banks BCH and Bankinter, in the design of the architecture of systems for the Salt Lake City Olympic Games and in the security analysis of the Internet channel for the State Lottery. He is a member of the ISO SC27 (security) committee and editor of the international standard 18014 (time stamping). He is a member of ATI and a regular contributor to Novática. <jmanas@dit.upm.es>

Stephanie Teufel studied Computer Science at the Technical University of Berlin, Germany, and at the Swiss Federal Institute of Technology, ETH (Zurich, Switzerland), where she graduated in 1987. Between 1989 and 1990 she was a lecturer at the University of Wollongong, Australia. Later she was a senior researcher at the Computer Science Department of the University of Zurich, where she received her doctorate in 1991. From 1999 to 2000 she lectured in Business Computing in the Department of Computer Science of the University Carl von Ossietzky of Oldenburg, Germany. Since April 2000 she has been Professor of Telecommunications Management at the University of Friburg, Switzerland. She is also Director of the IIMT (International Institute of Management in Telecommunications) of the same university. Her professional interests are: mobile phone ebusiness, information security management, information and communications management and technology management.
<stephanie.teufel@unifr.ch>

Copyright policy:

1. Copyright © CEPIS 2002. All rights reserved.
2. Abstracting of the articles included in UPGRADE is permitted with credit to the source. For copying, reprint, or republication permission, write to the editors.
3. Unauthorized access to pages, or parts thereof,  in this website reserved exclusively for persons authorized by UPGRADE is expressly prohibited. Any unauthorized access may be prosecuted according to the law.