tceic.com
学霸学习网 这下你爽了
相关文章
当前位置:首页 >> 管理学 >>

Online privacy and security of Internet digital certificates A study of the awareness, perceptions,


ONLINE PRIVACY AND SECURITY OF INTERNET DIGITAL CERTIFICATES: A STUDY OF THE AWARENESS, PERCEPTIONS, AND UNDERSTANDING OF INTERNET USERS by

Carolyn V. King

RUBYE BRAYE, Ph.D., Faculty Mentor and Chair

PR EV

JOHN HANNON, D.B.A., Committee Member

CHARLES NICHOLAS, Ph.D., Committee Member

KURT LINBERG, Ph.D. Dean, School of Business & Technology

A Dissertation Presented in Partial Fulfillment Of the Requirements for the Degree Doctor of Philosophy

Capella University August 2008

IE

W

3320814 Copyright 2008 by King, Carolyn V. All rights reserved

PR EV
2008

IE
3320814

W

? Carolyn V. King, 2008

PR EV

IE

W

Abstract As electronic commerce develops, its success critically depends on providing security and privacy for its customers’ personal data. Unlike Business to Consumer (B2C) commerce where the technological transactions are managed by the business, B2C ecommerce requires the consumers to engage the technologies. In doing so, the consumers face a variety of security risks. The prevailing solution is Public Key Infrastructure (PKI). When e-commerce PKI transactional processes fail, consumers are required to make decisions about digital certificate technologies, in the middle of their transactions.

purchase, when the majority of them do not know what a digital certificate is or who it represents. This study addressed consumers’ familiarity with the Internet digital certificate authentication process. The research specifically addressed the following questions: Are consumers aware of the presence and purpose of Internet digital certificates in the online purchasing process? Does Internet experience impact consumers’ privacy concerns about Web browser invalidated Internet digital certificates? The research was completed using a descriptive quantitative cross-sectional methodology, with an online survey instrument. The analyses were completed with Pearson’s chi-square exact test and descriptive cross-tabulations. The analyses provided descriptive frequencies for the research variables—education, income, gender, age—and for each of the study’s research constructs—Awareness, Understanding, Perception, Privacy Concern, and Internet experience. The findings suggested that Internet experience is significant in its relationship of awareness, understanding, and perception of the Internet digital certificate authentication process. This study contributes to the

PR EV

IE

W

Consumers must often agree to trust digital certificates in order to complete an Internet

online consumer security behavior line of research introducing consumer behavior toward Internet digital certificate technology as an e-commerce security problem.

PR EV

IE

W

Dedication To My Mother Evelyn Montgomery.

PR EV
iv

IE

W

Acknowledgments I would like to express my sincere gratitude for the continued support of my mentor and committee chair, Dr. Rubye H. Braye. Without her patience, timely guidance, and knowledge, it would have been impossible to complete this dissertation as planned. I would also like to thank Dr. John Hannon and Dr. Charles Nicholas, members of my dissertation committee, and Dr. James Poindexter, chair of my comprehensive committee, for rendering helpful direction and support during my dissertation process. I would like to thank my parents, Evelyn Montgomery and Robert L. Speights, for

inspired me to become a scientist. My special thanks go to my family and friends for their love and support throughout my doctoral studies and dissertation process, especially to my sister Gail Stevenson M.Ed., my daughters, Aliceson Y. King M.D. and Labrisha M. King M.B.A., and my husband William King Jr., M.D. for their continuous encouragement and support.

PR EV

IE
v

W

teaching me the importance of an education., and my Aunt Eula Pearl Spraggins who

Table of Contents Acknowledgments List of Tables List of Figures CHAPTER 1. INTRODUCTION Introduction to the Problem Background of the Study Statement of the Problem v ix xii 1 1 4 6

Research Hypotheses Significance of the Study Definition of Terms Assumptions and Limitations

W IE
vi

Purpose of the Study

7 8 9 9 15 16 20 22 22 22 41 67 67 67 67

Theoretical/Conceptual Framework

Organization of the Remainder of the Study CHAPTER 2. LITERATURE REVIEW Introduction

Part 1: E-Commerce Security Part 2: Constructs for Study CHAPTER 3. METHODOLOGY Introduction Purpose Research Design

PR EV

Hypotheses Population and Sample Selection of Participants Instrumentation/Measures Variables for E-Commerce Digital Certificates Data Collection Data Analysis Validity and Reliability

69 70 71 71 74 75 76 77

CHAPTER 4. DATA COLLECTION AND ANALYSIS Introduction The Survey Population

W

Ethical Considerations

77 78 78 79 80 82 94 119 121 121 121 125 128 134 136

Demographics Analysis of the Survey Sample Inferential Analysis for Hypothesis Testing Summary

CHAPTER 5. DISCUSSION, IMPLICATIONS, RECOMMENDATIONS Introduction Summary of the Study Discussion of Sample Demographics Discussion of Research Null Hypotheses Conclusion to Discussion Limitations vii

PR EV

IE

Implications Recommendations REFERENCES APPENDIX. INTERNET DIGITAL CERTIFICATE SURVEY

137 143 144 155

PR EV
viii

IE

W

List of Tables Table 1. Correlation Matrix for Research Hypotheses and Study Instrument Table 2. Pilot Study’s Reliability Analysis: Spearman Rho Correlation Statistics For (N = 8) Table 3. Distribution Frequencies by Education Level (N = 60) Table 4. Distribution Frequencies for Household Incomes (N = 60) Table 5. Distribution Frequencies for Gender (N = 60) Table 6. Distribution Frequencies for Age (N = 60) Table 7. Distribution Frequencies for Internet Experience (N = 60) Table 8. Cross-Tabulation for Gender and Internet Experience (N = 60) 72 81 82 84 85 86 87 88 90 91 93 95 97 98 99 101 101 103 104

Table 10. Distribution Frequencies for Perception (N = 60) Table 11. Distribution Frequencies for Understanding (N = 60) Table 12. Distribution Frequencies for Privacy Concern (N = 60) Table 13. Results of Inferential Analysis for Hypothesis 1 Using Chi-Square and Exact Tests for Internet Experience and Awareness (N = 60) Table 14. Results of Inferential Analysis for Hypothesis 2 Using Chi-Square and Exact Tests for Gender and Awareness Levels Table 15. Cross-Tabulation for Awareness and Gender Table 16. Results of Inferential Analysis for Hypothesis 3 Using Chi-Square and Exact Tests for Awareness and Age Levels Table 17. Cross-Tabulation for Awareness and Age Table 18. Results of Inferential Analysis for Hypothesis 4 Using Chi-Square and Exact Tests for Awareness and Education Levels Table 19. Cross-Tabulation for Awareness and Education ix

PR EV

IE

Table 9. Distribution Frequencies for Awareness (N = 60)

W

Table 20. Results of Inferential Analysis for Hypothesis 5 Using Chi-Square and Exact Tests for Awareness and Household Income Levels Table 21. Cross-Tabulation for Awareness and Household Income Table 22. Results of Inferential Analysis for Hypothesis 6 Using Chi-Square and Exact Tests for Internet Experience and Understanding Levels Table 23. Cross-Tabulation for Understanding and Internet Experience Table 24. Results of Inferential Analysis for Hypothesis 7 Using Chi-Square and Exact Tests for Internet Experience and Perception Levels Table 25. Cross-Tabulation for Perception and Internet Experience

105 106 108 109 110 111 113 114 115 116 118 118 120 122 123 126 127

Table 27. Cross-Tabulation for Privacy Concern and Internet Experience Table 28. Results of Inferential Analysis for Hypothesis 9 Using Chi-Square and Exact Tests for Privacy Concern and Awareness Levels Table 29. Cross-Tabulation for Awareness and Privacy Concern Table 30. Results of Inferential Analysis for Hypothesis 10 Using Chi-Square and Exact Tests for Privacy Concern and Perception Levels Table 31. Cross-Tabulation for Perception and Privacy Concern Table 32. Comparison of Cross-Tabulation for Levels 1 & 2 Perception and Privacy Concern With Levels 1 & 2 Awareness Table 33. Frequency Distribution for Variables in Study (N = 60) Table 34. Summary of Internet Digital Certificate Study’s Null Hypotheses, ChiSquare Exact Test for Dependence, Significance and Results Table 35. Summary of Supported Alternate Hypotheses Table 36. Comparison of Selected Demographics in Current Study to Warrington (2000)

PR EV

IE
x

W

Table 26. Results of Inferential Analysis for Hypothesis 8 Using Chi-Square and Exact Tests for Internet Experience and Privacy Concern Levels

Table 37. Comparison Demographic Frequencies Adult Internet Use (King Internet Digital Certificate Survey [Current Study] With U.S. Census Bureau on Adult Internet Use [Day et al., 2005])

129

PR EV
xi

IE

W

List of Figures Figure 1. Internet Explorer 6.0 dialog window Figure 2. The view certificate option Figure 3. The view certificate option from Figure 1 Figure 4. Uncertified digital certificate Figure 5. Digital signature process Figure 6. Authentication process Figure 7. Version 1 and Version 3 digital certificates 2 2 3 14 24 25 29 30 30 31

Figure 10. Third, select the Contents tab from the Internet Options window and, fourth, select the Publishers button within the Contents window Figure 11. Fifth, select the Trusted Root Certificate Authorities from the Certificates window and see the certificate store of Trusted Root Certificate Authorities (right) Figure 12. Trusted CAs within Netscape 7.2

PR EV

IE
xii

Figure 9. Second, select Internet Options from the Tools menu

W

Figure 8. To navigate to digital certificate store in Internet Explorer 7.0, first select the Tools button from the toolbar

31 33 34 35 36 37 38 39 65

Figure 13. Trusted CAs within Internet Explorer 6.0 service pack 1 Figure 14. Certificates of merchants in different domains Figure 15. A simple PKI hierarchical chain Figure 16. CVK.Associates.com’s Internet digital certificate chain Figure 17. Consumer data are securely transferred to merchant via public key encryption Figure 18. Internet Explorer 7 automated authentication processes for digital certificates fail and block user Figure 19. Get a free HP Pavilion laptop computer

Figure 20. Descriptive statistics education level (N = 60) Figure 21. Histogram of household income and normal curve Figure 22. Distribution frequencies for age (N = 60) Figure 23. Distribution frequency for level of Internet experience (N = 60) Figure 24. Gender and Internet experience Figure 25. Web browser security warning about problematic Internet digital certificate Figure 26. Histogram and normal curve for Awareness Figure 27. Histogram and normal curve for Internet users’ perception (N = 60) Figure 28. Digital certificate attributes

83 84 85 87 88 89 90 92 92 94 95 141 142 142

Figure 30. Histogram with normality curve for Privacy Concern (N = 60) Figure 31. Internet experience related to Awareness Figure 32. Internet experience related to Understanding Figure 33. Internet experience related to Perception

PR EV

IE
xiii

Figure 29. Histogram and normality curve for Understanding (N = 60)

W

CHAPTER 1. INTRODUCTION

Introduction to the Problem This research was designed to study consumers’ level of awareness, perceptions, and understanding of digital certificates in regard to online privacy and security. Consumers must often agree to trust digital certificates in order to complete an Internet purchase when the majority of them do not know what a digital certificate is or who it represents. Even when the consumer understands the digital certificate, there are other

that provide security and privacy for e-commerce will verify the identity of the business entity (certificate authority) that sold the digital certificate to the Web store but not necessarily the identity of the store (Ellison & Schneier, 2000). The consumer’s Web browser (e.g., Internet Explorer, Netscape, Mozilla) automatically reads the certificate provided by the Web storefront and performs a verification process that is transparent to the user (Josang & Patton, 2002). Based on the type and version of the Web browser, and the implementation of one of many PKI standards, options are presented to the consumer in a security window. Typically, there are three choices: proceed with the transaction, decline the transaction, or view the certificate (see Figure 1). The consumer is left to make the trust decision. Selecting the view certificate provides additional information (see Figure 2).

PR EV

IE
1

W

related concerns. For example, the Commercial Public Key Infrastructure (PKI) systems

Figure 1. Internet Explorer 6.0 dialog window. Warns that revocation information is not available for the Web site that the user is approaching on 06 15 2007 for a log-on session.

Figure 2. The view certificate option. Provides general information on the subscriber and issuer of the Web site’s digital certificate.

PR EV
2

IE

W

Figure 3. The view certificate option from Figure 1. Provides detailed information about the digital certificate presented to the author ensuing a log-on session with the Web site.

Does the displayed certificate represent the identity of the merchant? A major retail company’s Web site presented the certificate. Most consumers will not know the difference. However, they proceed with the transaction. Merchant authentication with Internet digital certificates is an e-commerce infrastructure problem affecting both online consumer privacy and security that needs to be addressed. This research was designed to study consumers’ level of awareness, perceptions, and understanding of digital certificates in regard to online privacy and security.

PR EV

IE
3

W

Background of the Study Between 2000 and 2003, “the number of adult Americans using the Internet increased by 50%, reaching 126 million users in 2003” (Hoffman, Novak, & Venkatesh, 2004, p. 10). A boom in e-commerce accompanied this growth. From 2000 to 2003, online banking usage increased from 24% to 60% and online shopping from 40% to 76% (Hoffman et al.) as shopping from the comfort of home alleviates the hassles of traffic and the frustration of long checkout lines. But with this convenience has come increased opportunities for identity theft and invasion of privacy. “Between January and December

Federal Trade Commission (FTC) received over half of a million consumer fraud and identity theft complaints” (Federal Trade Commission [FTC], 2004, p. 3). E-commerce has witnessed a period of rapid growth in a commercially selfregulated environment (Y.-C. Lee, 2002; Regan, 2003). To foster the growth of safe ecommerce, both consumers and businesses need to have confidence in the enforceability and confidentiality of any electronic contract or message exchanged. The prevailing solution is PKI. This structure was developed with the intention of providing security in an electronic environment. “Users need to be able to trust [the] infrastructure on which they depend to facilitate their private and business exchanges. Businesses need to be able to trust other unknown persons with whom they want to do business” (Bharvada, 2002, p. 269). Authentication in the paper/pen/ink era ascertained an individual’s identity by associating documentation that verified knowledge and identity. Documents such as birth certificates and driver’s licenses were presented to a notary public, “a verifier,” to identify an individual (Computer Science and Telecommunications Board, 2003). 4

PR EV

IE

W

2003, Consumer Sentinel, the complaint database developed and maintained by the

Certificate Authorities (CAs) play a similar key role in PKI, serving as trust intermediaries (Backhouse, Hsu, & McDonnell, 2003). They provide an electronic identification card to the individual/company that contains a digital certificate. In theory, digital certificates offer a solution to both businesses and consumers by providing a measure of confidence regarding the identity of the other party. Many commercial PKI systems are lacking the needed checks and balances to ensure privacy and security of the public’s personal identifying information (Forno & Feinbloom, 2001). Recent research (Backhouse, Hsu, Baptista, & Tseng, 2003; Ellison &

digital certificates for identification of merchants that receive e-consumers’ personal data. Ellison and Schneier’s seminal work explained that the producer of digital certificates, CAs, are self-appointed, unregulated agents in the PKI business. Lloyd’s (2001) CA-CA interoperability study noted that for interdomain interoperability, as in the case for ecommerce, the customer is expected to make the trust decision. Most Internet consumers are unaware of digital certificates and the implications of accepting them. By clicking the yes button when the Web browser asks the consumer whether or not to proceed with the pending transaction, the consumer agrees to trust the identity of the distributor of the certificate but not necessarily the identity of the store owner (Backhouse, Hsu, Tseng, & Baptista, 2005). “A digital signature is only useful if all parties involved can be sure that the other party is who they say they are” (Minihan, 2003, p. 12). Consumers are accepting the risk that someone other than the storeowner may be receiving their personal identifying data by completing the ensuing transaction. Consumers need to be aware of, and understand, Internet digital certificates. 5

PR EV

IE

W

Schneier, 2000) brought attention to problems inherent in the use of commercial PKI)

Statement of the Problem Users are confronted with numerous browser warnings due to unverified Internet digital certificates (Ye, Smith, & Anthony, 2005). Unfortunately, the authentication mechanism that spawns the warning is transparent to the user except when the browser cannot confirm the validity of the certificate (Xia & Brustoloni, 2005). When users are not aware of the functions going on, they often become confused with Web browser handling of security errors (Herzog & Shahmehri, 2007; Josang & Patton, 2002; Whitten & Tygar, 1998; Xia & Brustoloni). This unawareness is problematic for e-commerce

user’s privacy and computer” (Herzog & Shahmehri, p. 1). Research has demonstrated that consumers’ perception of the safety and privacy of their personal identifying information while online security is distorted (Xia & Brustoloni; X. Zhang, 2005). Xia and Brustoloni reported that even with a tool to aid in understanding how to verify the authenticity of an Internet digital certificate, only half of the users actually examined the certificates, while the other users continued to accept uncertified certificates. Feedback to the researchers included comments like, “I always just click ‘yes’ when I see these pop ups” (Xia & Brustoloni, p. 7). What is causing this behavior? Do consumers lack skepticism and believe an adequate job is being done to provide the information they require to make an informed decision? Miyazaki and Fernandez’s (2001) investigation into the relationship of Internet experience to consumers’ privacy and security concerns toward online purchasing determined that consumers with more Internet experience had less privacy concerns. Have consumers become numb to the error messages about invalidated Internet digital certificates? What perceptions are held by consumers about 6

PR EV

IE

W

consumers. “Failure to understand security messages or features, can compromise the

their role in verifying invalidated Internet digital certificates? Research is needed to identify the reasons for consumer behaviors that may jeopardize their online security and privacy.

Purpose of the Study This research determined consumers’ awareness, understanding, and perception of the Internet digital certificate authentication process to accept Internet digital certificates that have been invalidated by their Web browser. Specifically addressed were the

certificates in the online purchasing process? What are consumers’ perceptions toward the ease of use to determine the owner of the certificate? This study also determined if Internet experience and consumer privacy concerns are directly related. Drawing on the theory of reasoned action and the theory of planned behavior, this study aspired to fill the gap in the consumer Web security literature by extending the theory of planned behavior to explain consumer behavioral intention to accept invalidated Internet digital certificates. Does awareness of the authentication processes that spawn Web browser error messages, and understanding how to verify Internet digital certificate attributes, affect consumers’ perceived behavioral control toward invalidated Internet digital certificates? Also, does consumers’ perception, to mean their external control beliefs, about the e-commerce transactional environment cause them to accept invalidated Internet digital certificates? Furthermore, this study sought to determine if consumer Internet experience impacts consumers’ privacy concerns about Web browser invalidated Internet digital certificates. 7

PR EV

IE

W

following questions: Are consumers aware of the presence and purpose of Internet digital

Research Hypotheses The following null hypotheses were tested in this study. H01: There is no significant relationship between Internet experience (IE) and awareness (A) of the authentication process to verify the owner of a Web browser invalidated Internet digital certificate. H02: There is no significant relationship between gender (G) and awareness (A) of the authentication process to verify the owner of a Web browser invalidated Internet digital certificate.

the authentication process to verify the owner of a Web browser invalidated Internet digital certificate.

the authentication process to verify the owner of a Web browser invalidated Internet digital certificate.

H05: There is no significant relationship between household income (I) and awareness (A) of the authentication process to verify the owner of a Web browser invalidated Internet digital certificate.

H06: There is no significant relationship between Internet experience (IE) and understanding (U) of the authentication process to verify the owner of a Web browser invalidated Internet digital certificate. H07: There is no significant relationship between Internet experience (IE) and perception (P) of the authentication process to verify the owner of a Web browser invalidated Internet digital certificate. 8

PR EV

H04: There is no relationship between level of education (E) and awareness (A) of

IE

W

H03: There is no significant relationship between age (AG) and awareness (A) of

H08: There is no significant relationship between Internet experience (IE) and privacy concern (PC) regarding the authentication process to verify the owner of a Web browser invalidated Internet digital certificate. H09: There is no significant relationship between consumer privacy concern (PC) and awareness (A) of the authentication process to verify the owner of a Web browser invalidated Internet digital certificate. H10: There is no significant relationship between consumer privacy concern (PC) and perceptions (P) of the authentication process to verify the owner of a Web browser

Significance of the Study This study is significant as it serves to initiate a dialogue about the possible unknown risks consumers take as they accept digital certificates while shopping on the Internet. Data from the findings may identify needed areas of public education to facilitate private and secure online shopping. Policymakers may use the results to persuade producers of Web browsers to improve the presentation of merchants’ identifying information on Internet digital certificates.

The following definitions were used in this study: Asymmetric encryption. Associates a pair of keys, a public key and a private key, with an entity that “needs to authenticate its identity electronically or to sign or encrypt

PR EV

Definition of Terms

IE
9

W

invalidated Internet digital certificate.


推荐相关:

Online privacy and security of Internet digital certificates ....pdf

Online privacy and security of Internet digital certificates A study of the awareness, perceptions,_管理学_高等教育_教育专区。E-commerce ...

数字证书_Digital_Certificate_Brief_Introduce_图文.ppt

数字证书称为数字标识 (Digital Certificate Digital ID)。)。它提供了一种在 上身份验证的方式, ID)。它提供了一种在 Internet 上身份验证的方式,是用来 标志...

xenapp65 securegateway sg digital certificates wrapper v2_....pdf

xenapp65 securegateway sg digital certificates ...became crucial to the operation of the Internet.... Online privacy and sec... 24页 1下载券 ...

online payment security - 副本_图文.ppt

study Tuesday, November 01, 2016 Word study ...security include privacy, integrity, authenticity (...digital certificates, each with its own level of...

2012年5月 A Study of Third-party Online Payment Risk Control_....pdf

2012年5月 A Study of Third-party Online Payment Risk Control_金融/投资_...internet banking systems through a series of security certificates and digital...

Love All Trust a Few Does Culture Matter with Online Trust_....pdf

privacy and security (Dutton et al. 2005; ... website seals and digital certificates (Backhouse...Cyr et al. (2005) study of e-loyalty across ...

...and Implementation of Digital Certificates_免费....pdf

Online privacy and secur... 24页 1财富值 ..., Usage and Implementation of Digital Certificates...Internet and consequently certificates are now ...

New technique of the computer network.doc

deep into the people's work, life and study. ...keywords Internet Digital Certificates Digital Wallets...They allow for secure, encrypted online ...

Project Specification.pdf

website is at http://www.ryanmoore.co.uk/...work already completed within the field of study.... Digital Certificates - Applied Internet Security, ...

计算机专业英语论文翻译.doc

deep into the people's work, life and study. ...keywords Internet Digital Certificates 1. Foreword ...They allow for secure, encrypted online ...

...in the study of digital media and perceptions of....pdf

Online privacy and secur... 24页 1财富值 ... Methodological issues in the study of digital ...(ICTs) especially the Internet but the ...

For Online Digital Signature.pdf

For Online Digital Signature_专业资料。In this ...Internet Banking Security 2-factor authentication ...The complexity of the certificates and digital ...

...Digital Shadows, and Biggest Growth in the Far E....pdf

This is IDC's sixth annual study of the ...They deal with issues of copyright, privacy, and...of the digital universe may travel at Internet ...

Security of Electronic Commerce.doc

security technology, using open Internet for ...online identity of the parties and to ensure non...digital certificates, and can confirm the identity...

Integrating Digital Document Acquisition into a University ....pdf

University Library A Case Study of Social a_专业... of research information on the Internet. ...digital library and through the library's Online ...

1 Centrally-Secured Email and Non-Repudiation.pdf

1 Centrally-Secured Email and Non-Repudiation_专业...1. Introduction Cryptography is a study of ...digital certificates are provided in order to ...

Electronic commerce security policy.doc

security, ensuring that Internet-based electronic ...online transaction is based on digital certificates...studied, the most widely used algorithms, for ...

Towards a unique world-wide digital certificate.pdf

? Digital certificates There is a broad range of...of the transaction security problems arising with ... Online privacy and sec... 24页 1下载券 ...

The Study of the Application of O2O E-Commerce Model in China....pdf

Digital Innovation The Study of the Application of O2O E-Commerce Model in...online stores, run their business on the internet and achieve the goal ...

3D Scanning and Digital Processing Used in the Study of a ....pdf

3D Scanning and Digital Processing Used in the Study of a Neolithic ...(e.g. NTC 3D Laser Cutter), the digital publication on the Internet or...

网站首页 | 网站地图
All rights reserved Powered by 学霸学习网 www.tceic.com
copyright ©right 2010-2021。
文档资料库内容来自网络,如有侵犯请联系客服。zhit325@126.com