November 2018

Cross-border Verification with LIGHTest

By Olamide Omolola, Tu Graz

LIGHTest leverages on existing infrastructures to verify electronic transactions. This ability is especially useful for transactions that are not created in the same trust scheme or country as the entity validating the transaction. This is mainly because creating new infrastructure takes time, money and possibly other unforeseen costs. This post shows an example of how to use LIGHTest in practice.

Let us assume there are two businesses that are working together for the first time, one from France and one from the United States. The ability to validate necessary documents to form a business relationship protects business partners.

The French business buys goods in the United States but makes the order request available online, which contains a request for goods worth millions of dollars. Once the order is over a certain specified amount, the company fulfilling the order needs to be confident that the other company will pay for the goods. In some cases, they could request a document from the company ordering the goods that was issued by a bank that guarantees payment. However, how does one know the document is from a bank? How does one verify the bank is in France? Has the document been signed by the right person in the bank? These questions need to be answered before the order can/should be fulfilled.

Wouldn’t it be great if the process to answer these questions is automated and requires minimal human intervention before providing a valid answer? This automation can replace existing time-consuming and human-intensive processes. The solution? LIGHTest! The infrastructure helps in building trust between business partners by enabling them to verify that the right partner created the electronic transaction and that the transaction is valid. In this article, we call the company in the United States fulfilling the order as the validating business. We also refer to all the documents needed for verification in electronic form as electronic transaction too.

In the LIGHTest infrastructure, trust lists help to identify identities that are recognised by a given trusted third party. The principle behind trust lists works because any institution issuing a trust list implicitly states that it recognises the identities in the trust list. The validating business uses this trust list to gain identity information about the other business. Once the validating business uploads a transaction to the Automatic Trust Verifier (ATV), the ATV contacts the trust scheme listed on the transaction through DNS (Domain Name System). It indirectly confirms the authenticity of the transaction's claim about its origin by establishing that the certificate included in the transaction and used to sign the transaction is in the trust list, or has been issued by one of the organisations listed in the trust. The ATV is a tool provided in LIGHTest while the DNS is generally the phonebook of the internet. It holds the records describing the location of all websites or services on the internet.

If the validating business has requirements on the kind of identity within its trust scheme, how can this restriction be applied to identities from another trust scheme? LIGHTest introduces the concept of trust translations which enables the mapping of an identity from a trust scheme to an equivalent identity in another trust scheme. The ATV checks this mapping against the trust scheme and confirms that the transaction is signed with the correct kind identity and authorisation.

How can a validating business verify a restriction on the role of the person that can create the transaction and whether a holder of that position can request that another employee does it on his behalf (delegation)? The ATV can ascertain a delegation if there is a delegation within the transaction. It contacts a delegation provider provided in the transaction and confirms the delegation’s origin and the revocation status of the delegation.

A validating business can tune the process above to suit their business process. The validating business uses a set of formalised rules called trust policy. The validating business can use the trust policy also to validate other specific requirements such as the acceptance or refusal or a delegation and more.

LIGHTest automates the process described in the preceding paragraphs and provides an explanation for the result it returns. This is a quicker way of verifying electronic transactions. Another superb feature of LIGHTest is that it can easily be adapted to new domains such as the Internet of Things, to different communication modes such as human to machine, machine-to-machine and finally to new business processes.