A Secure Electronic Commerce Environment : Only with “Smart Cards”
There is growing move to rely upon penetration detection / analysis schemes and add-on software processes and network security products to combat attacks on information systems used for the operation of global electronic business / commerce systems. These sub-systems and management procedures have taken the place of the development and deployment of solid information systems security and assurance technologies, particular at the computer security levels, both hardware and software. This is most notable at the small, commodity systems level; those system largely used by small to medium size enterprises, both private and public, and by divisions of larger corporate and government and even defence units, as well as by individuals.
This paper presents the proposition that current commodity level systems do not present the level of information assurance needed to create the necessary trust required for rapid and reliable uptake of electronic commerce systems, against a reliable, legal framework. Indeed, it appears impossible to raise the level of security of these systems, both at client and server levels, without the addition of supplementary hardware and software systems that provide appropriate security services and mechanisms in a trusted systems environment capable of being independently assessed as being effective. Smart cards, coupled with associated trustworthy reader/writer/terminal facilities, appear to be the most suitable method to create such necessary trust in electronic commerce facilities, providing a “trusted path” between the user and the electronic commerce infrastructure. However, it would appear that their usage may need to be legislated by Governments since without such “force of law” it appears unlikely that end-users or PC/server manufacturers will voluntarily meet the cost, albeit small. At the same time, however, the sound and secure integration of such sub-systems into commodity, commercial-off-the-shelf (COTS) systems is a subject of active research.
Key wordsSmart cards electronic commerce
- GATE-99 Gates, Bill “Why the PC Will Not Die.” Newsweek, 31 May 1999. Pg. 64Google Scholar
- ILLI-98 The State of Illinois, USA. “Illinois Electronic Commerce Security Act” 24 August 1998 1997 Illinois House Bill 3180, Illinois 90th General Assembly 1997–98 Regular SessionGoogle Scholar
- NEWS-99 Front Cover, Newsweek, 31 May 1999Google Scholar
- SENA-99 Senate of the United States of America Senate Bill S.1059, Sections 346–347.Google Scholar
- VIST-99.Vistica, G. L. “Cyberwar and Sabotage” Newsweek, 31 May 1999, Pg. 38.Google Scholar