A Systematic Framework for Building Trusted Online Transaction Environment: Three Information Infrastructures

Absence of trusted online transaction environment (TOTE) becomes the biggest obstacle to e-commerce development, which embodies three key problems: unauthentic identity information, false product information and insecure transaction process. In order to present a systematic method to build trusted online transaction environment with identity authentic information, accurate product information and secure transaction process, this article puts forward a framework composed of three information infrastructures: Identity Authentication Service (IAS), Product Information Service (PIS) and Electronic Contracts Service (ECS). They have been implemented in online pharmaceutical transaction field in China, and have facilitated all online transaction participants such as pharmaceutical manufactures, dealers, consumers, online market operators and government regulators.


Introduction
The rise and rapid development of e-commerce brings about a revolution of supply chain, which benefits both manufactures and consumers by speeding up the flow of goods and gathering numerous amount of supply and demand information together.It's no doubt that online transaction could reduce transaction cost by saving the time [1,2] ; however, the fact that current online transaction has a higher security risk simultaneously raises the transaction cost [3,4] .Absence of trusted online transaction environment becomes the biggest obstacle to e-commerce development, which embodies three key problems: unauthentic identity information, counterfeit product information and insecure transaction process [5][6][7] .
Unauthentic identity is one important handicap to building trust of online transaction, and can facilitate the frauds escaping from legal sanctions.Digital certificates issued by Trust Third Party (TTP) are widely used to cope with this problem [8,9] .However, we can't get more detail information from digital certificates or TTPs, which could be very essential to assess the qualification of the traders in some markets.For instance, GMP (Good Manufacture Practice) Certificate, Pharmaceutical Production License and Quality Inspection Report are necessary for validating identities of drug manufacturers in online drug markets in China.The simple form of Digital Certificate and TTP can't satisfy the demands of complex identity information, which ultimately restrain the development of e-commerce in these areas.
Counterfeit products information and advertises are now flooding on the internet, which confused the consumers [10] .Generally speaking, sellers are responsible for publishing product information or advertise.As a result, they incline to exaggerate the functions or effects and conceal the flaws.In addition, different merchants selling the same product may publish inconsistent descriptive information according to their marketing strategies.Therefore, it's important for consumers that they can acquire a set of true and integrated information of target product, which should also contain necessary qualification information as same as identity information.
Insecure transaction process is a major reason why people are afraid to conduct transactions online.Information privacy and legality are the factors mostly concerned [11] .E-contract is proved to be an efficient approach for enhancing the security of transaction process.However, in fact, only an application implementing the E-contract technique can't solve security and legality problems, without establishing a whole set of institutions and methods, including related laws, standards, rules and necessary infrastructures.Accordingly, e-contract infrastructure is of great urgency, as it's the foundation of all institutions.
To cope with these problems, it is necessary to present a systematic method for building trusted online transaction environment with identity authentic information, accurate product information and secure transaction process.By employing system analysis method, this article puts forward a framework for building trusted online transaction environment, which is based on three public information infrastructures: Identity Authentication Service (IAS), Product Information Service (PIS) and Electronic Contracts Service (ECS).

Previous work
In recently years, a lot of studies focus on trust problems in online markets.Friedman et al. considers that the greatest difference between trust online and in all other contexts is that when online, we have more difficulty of reasonably assessing the potential harm and good will of others, as well as what counts as reasonable machine performance [12] .Ba et al. proposes TTP (Trusted Third Party) is ideal type of institutions that can promote trust in the electronic market [13] , and uses an evolutionary game theoretic approach to analyze the electronic marketplace, and demonstrate that electronic transaction through a TTP is an evolutionarily stable strategy [14] .Li-Ting et al.'s investigation also points out that trusted third party Web seal on Web pages is also an effective way to induce sufficient trust necessary to online transaction [15] .Salo and Karjaluoto find that the actual outcome of trust-enhancing methods in online environments should be the development of long-term trusted customer relationships [16] .Manchala introduces a notion of quantifiable trust and then develops models that can use these metrics to verify e-commerce transactions in ways that might be able to satisfy the requirements of mutual trust [17] .The studies above give different ways addressing online trust problems, among which, TTP is commonly recognized as one indispensible approach.However, they haven't employed systematic methods to analyze how TTP should do to help enhance online trust.
Besides, Basu and Muylle try to address the question, how can the authentication of the parties, products, and processes involved in online transactions be supported to foster the continued and widespread expansion of electronic commerce, through a framework of authentication in e-commerce and an evaluation of current technology and practice in online authentication [6] .However, their framework stays at conceptual level, which cannot direct practical application.With the merits of their conceptual framework, we propose a systematic and hierarchical framework whose novel contribution is the design of three e-services as infrastructure of whole framework.Xiao et al. presents a secure model for e-contract enactment, monitoring and management [18] .Their model can be employed to cope with the insecure transaction process problems.

Framework
The framework for building Trusted Online Transaction Environment (TOTE) is a conceptual hierarchy involving all kinds of websites and e-services related to online transaction or e-commerce, which are classified into three layers: Online Transaction Market layer, Third Party Service layer and E-Infrastructure layer.The great contribution of this article is the E-Infrastructure layer of the framework TOTE, which is the foundation and guarantee of the whole framework.
Hierarchy.The hierarchy of framework TOTE consists of three layers: Online Transaction Market Layer, Third Party Service Layer and E-Infrastructure Layer, which is illustrated in Fig. 1.The specifications of them are demonstrated as follow: 1) Online Transaction Market Layer: This layer contains all kinds of online transaction market, which offer online transaction services directly to traders and consumers.These markets are the places where online transactions happen, for which the "trusted environment" title is an irreplaceable competitive edge.

584
Mechatronics and Information Technology 2) Third Party Service Layer: This layer contains all kinds of third party services which support the online transactions, such as CA (Certification Authority) service, Logistics service, E-Payment service and Search service.The services in this layer are indispensable for online markets, but online markets are always not able to offer by themselves.As a result, online markets have to employ good third party services, whose quality and productivity have a great impact on efficiency of online markets.
3) E-Infrastructure Layer: This layer contains all e-infrastructures which can facilitate building online transaction environment.E-infrastructure is set of e-services, which is the foundation of framework TOTE.In general, companies or organizations are always not able to construct and operate the e-infrastructure, because they don't have enough public credibility and the e-infrastructure is not profitable.This article presents three important e-services as e-infrastructure: Identity Authentication Service (IAS), Product Information Service (PIS) and Electronic Contracts Service (ECS).IAS offers functions of registering, examining, publishing, inquiring and monitoring the transaction participants' online identity information.PIS supplies standardized and integrated product information uploaded by manufactures, who are responsible for the authenticity and integrity.ECS offers uniform format of e-contracts, common methods of generating, modifying, e-signing, delivering, enforcing and monitoring e-contracts.
Identity Authentication Service.Identity Authentication Service (IAS) dedicates to give participants of online transaction an online authentic identity, which should be more flexible than real-world identity and more secure than anonymous identity.The IAS should have public credibility to collect integrate and factual information of companies and organizations and individuals.Therefore, IAS can only be held by government or the organization authorized by government.The usage scenario of IAS is illustrated in Fig. 2.
The online transaction participants, including enterprises, organizations and individuals, should register on IAS at first with necessary information and files (such as scan copy of certificate).After that, IAS checks and verifies the identity information by accessing public database held by government, such as public security database, industry and commerce database, and so on.If information is authentic, IAS will issue an e-certificate to applicant with a unique identity number, by which user can register and log on all online markets without inputting the same information again.It's because that online transaction markets can identify users by accessing IAS, which is in charge of operation and maintenance of Identity Information Database.The Identity Information Database is important and useful for government to monitor all online markets and to find illegal traders by employing an e-monitoring system.

Advanced Engineering Forum Vols. 2-3
The first advantage of this mechanism is that online markets can save the human cost on examining and verifying user's identity, which may be huge in some area, for example, online drug transaction.At the same time, users can save time cost on submitting qualification information to every online market.The second advantage is that IAS is responsible for protecting users' information security instead of various operators of online markets.The third advantage of this mechanism is that fraud can't commit a crime by anonymous or fake identity, which greatly facilitates government to arrest criminals.

Fig. 2. The usage scenario of Identity Authentication Service
Product Information Service.Product Information Service (PIS) contributes to providing a comprehensive and integrate product information database.All product information should be published by manufacturers who know the products best, and be linked or cited by dealers on any online markets.In this way consumers can find the accurate and integrate information of products.The usage scenario of PIS is illustrated in Fig. 3.
To start with, manufacturers publish their product information through PIS according to specific standards issued by authoritative associations or administrations.Then, PIS validates the product information items after examining their accuracy and integrity.After that, these information items can be linked and cited anywhere, and can't be tempered with by employing digital signatures and watermarks.Finally, as same as IAS, product information database maintained by PIS also contributes to the E-monitoring system held by government, which facilitates the government to punish those who publish false product information.The advantages of PIS are similar with IAS.Electronic Contract Service.Electronic Contract Service (ECS) aims to facilitate online markets to offer a secure transaction process for users.ECS offers uniform contract files which can be extracted and displayed by all kinds of OS and web browsers.These e-contracts are also easy to encrypt, decrypt and sign digital signatures.The services of whole lifecycle management of e-contracts are provided to protect users' legitimate rights.The usage scenario is illustrated in Fig. 4.
When conducting a transaction process on online market, participants can use ECS to generate, modify, print, delivery, sign, monitor, revise and cancel e-contracts conveniently.The contracts generated by ECS accords to the standards issued by authoritative associations or administrations like PIS.ECS save all e-contracts in contract database, which is an important resource for government to monitor and inspect illegal transactions.The contracts stored in database can be notarized by notary organization, which helps protect transaction participants' legitimate rights.

586
Mechatronics and Information Technology Implement IAS, PIS and ECS have been implemented in online pharmaceutical transaction field in China.A set of management approaches and information regulations has been generated from the framework offered by this article; also tens of information systems have been developed to implement three public e-services, which facilitate all online transaction participants such as pharmaceutical manufactures, dealers, consumers, online market operators and government regulators.The whole pilot project has achieved sufficient innovative and positive application effect in online pharmaceutical transaction field, which can be introduced into more other fields.

Conclusion
In this article, we focus on how to build trusted online transaction environment.To cope with it, we present a systematic framework with three layers and three key information infrastructures: IAS, PIS and ECS.After introducing the three-layer hierarchy of framework, we specify the architecture design and usage scenario of these three e-services.Finally, we introduce the implement situation of this framework in online pharmaceutical transaction field, which is proved successful to have brought about not only technical reformation but also an institutional one.
Advanced Engineering Forum Vols.2-3 We consider that identity information, product information and contract information are key factors which control the credibility of online transaction environment.This hypothesis needs further observing and reasoning.In addition, the e-infrastructures will definitely encounter various problems when we implement them in different areas.Therefore, we need more practical study and case study on how to implement this framework and how to improve our framework and services.

Fig. 1 .
Fig. 1.Three-layer hierarchy of the framework for building TOTE.