E-PAYMENT SECURITY Recommendations about the use of a PKI for e-payment security

摘要

The security of the electronic payment requires not only the deployment of cryptographic technologies such as encoding and the electronic signature, but above all, the existence of third parties of confidence whose role is to enable the users of electronic payment applications to have confidence in the use of these technologies. In general, Authorities of Certification belonging to the same infrastructure of management and publication of public keys, commonly called Public Key Infrastructure or PKI, can ensure the role of these third parties of confidence. In this paper, first of all, I will pass in review the various methods of electronic payment. Then, the requirements of the participants of these methods will be presented. Finally, I will introduce some elements of response to the question on which this paper is focused: "Which PKI for the electronic payment security". Indeed, I will present my recommendations concerning both the desirable qualities and the characteristics of such a PKI, namely, the nature of its entities, its trust model and the format of its certificates.