The commodity trading business
will be a profitable one only if it is properly managed. In the era of globalization, no business house can ever afford to ignore the fast developments in science and technology. Even when technology is available, the problem of security also needs to be considered. Technologies have, therefore been developed to add security to information on the net. This is an ongoing process since security requirements only increase with time.
The validity of any business transaction, whether on the net or otherwise, is based on its authenticity, integrity, privacy and non-repudiation. These are the four pillars on which a business or commercial deal stands. Let us understand each one of them.
Authentication: This involves comparing the user name and password to a list of authorized users and their passwords. It determines whether the message sent comes from the person/organization who claims to be the sender. There are two methods for the verification process:
1. Challenge and Receive
2. Digital Signatures
For example, an 'investor' providing details of his 'demat holdings' to a 'broker' to trade must be satisfied that the information is going into correct hands. Similarly, the 'Broker' has to be sure that the 'investor' is the real owner of the 'demat holdings'.
Integrity: To ensure that a third party has not tampered the information entered by the 'investor'.
Privacy: To ensure that the data inputted (entered) has not been intercepted and read by a third party.
Non-Repudiation: To ensure that the party does not refuse either having sent or received the respective messages. For example, it should not be possible for an 'investor' to report that he did not place an order to 'buy or sell' securities. At the same time, it should not be possible for the 'broker' to pretend that he did not receive the order to 'buy or sell' securities.
The internet, as a media, does not support any of the above parameters. Hence, technologies are being developed to permit sharing of authentic, integral, private and non-repudiable information.