We are witnessing a revolution in commerce and society primarily due to an explosion in information technology and the resulting rapid emergence of electronic commerce (EC),which already is making fundamental changes in the economic landscape,affecting every aspect of how business is and will be conducted. Security is a critical issue in EC among many of the issues involved. Therefore careful study on certification and certification authority (CA) in EC both abroad and at home are carried out in this thesis. In addition series results are presented systematically for the first time.International standards for CA are introduced in details in the first part to illustrate some essential concepts related to this field. Besides,an example of X.509 standard,the earliest agreed-upon practice adopted globally to govern information-collection in EC,is well provide to give an overall description in this part.In order to demonstrate the functions of a CA,VeriSign Int.,one of the most important the verification agencies for digital signatures in the world is described and analyzed,thus the requirements to operate a CA are concluded in the second part. In China many different kinds of CA are developing and are urged to coordinate internationally to move electronic commerce forward. Therefore a carefully thought-out research on CA at home is conducted in the third part. Shanghai Electronic Certificate Authority Center Corporation is analyzed as a typical example and is compared with the CA abroad in many aspects such as Community and Applicability,Identification and Authentication,Management of Key Pair,Security Controls,Operational RequirementsThe latest developments of electronic commerce in China are summarized and some suggestions in building up CA are provides based on the above comparison,which are pretty useful in future practice. |