Electronic commerce (or e-commerce) encompasses all business conducted by means of computer networks - such as the Internet. Both business people and consumers are amazed at what can be done on the Internet, however for many e-commerce users, trust is still an issue that concerns them when dealing with e-commerce.
Pierre Kotze, product manager at Integrated Card Technology (ICT) says that two elements of trust when performing an Internet transaction are authenticity and non-repudiation. The now well-known cartoon depicting two dogs talking to each other over the Internet with the caption "On the Internet no-one knows you`re a dog", seems to epitomise the problem of authenticity. How does the individual know that he/she is transacting with a legitimate entity?
"Smart cards are a secure and effective way to help to ensure authenticity and non-repudiation when an individual is involved in an e-commerce transaction," says Kotze. "After any transaction between two parties, it is essential that neither party can deny having participated - i.e. non-repudiation. Hand-written signatures have been universally accepted for centuries as binding evidence of commitments - an essential pillar of business dealings. `Digital Signatures` are a two-decade old solution to the problem of realising the electronic equivalent of hand-written signatures. However, digital signatures alone are not a panacea since the software for generating a digital signature resides on a PC. Therefore if the security of the PC is breached, the non-repudiation and authentic that a digital signature is supposed to provide disappears.
"Smart cards coupled with the use of digital signatures, provide consumers and businesses with greater security and flexibility. This is so since the smart card is capable of generating digital signatures that are entirely secure. The fact that the smart card is portable is also an advantage, as unlike software solutions on PC`s, the user can carry their digital identity anywhere to any PC in the world.
"Furthermore, smart cards provide enhanced security by protecting their digital identity (or digital certificate) with a Personal Identification Number (PIN). An individual merely inserts the smart card into a smart card reader and enters the PIN to unlock the card. The digital certificate is then presented to the application along with any other data that may have been securely stored on the smart card. By demanding that the user enter the PIN before making any meaningful response, a smart card is equipped to positively identify its authorised bearer on each occasion."
The smart card with its ability to store a digital certificate and its ability to generate a digital signature solves a number of the security and portability issues associated with e-commerce. Furthermore, ICT believes that the smart card will become an integral part of the Windows platform, because smart cards will enable new breeds of applications in the same manner that the mouse and CD-ROM did when they were first integrated with the PC. Microsoft`s vision to ensure that the Windows platform is smart-card-enabled will drive the PC`s infrastructure for smart card acceptance for future e-commerce and network security applications.
Share