Inconvenience of PKI not an issue for B2B

The inconvenience of ensuring secure systems for e-commerce is never an issue for B2B enterprises. But more will have to be done to provide secure systems for B2C models while at the same time, minimizing the inconvenience and cost incurred on the users.

Companies involved in B2B transactions have to be more concerned about security and have a higher demand for it - transactions typically run into the hundreds of thousands if not higher.

Therefore the inconveniences of installing secure systems for transactions will never be a hindrance to them as both companies involved in such a transaction demand for a secure link to protect themselves, said Dr. Ngair Teow Hin, CEO for Singapore-based Transparity.

The five cornerstones of security issues at the enterprise level include privacy, authenticity of user, integrity of data, non-repudiation and access control. These five areas of security ought to be present before companies carry out any transaction.

The determining edge of a better security system tends to be one with simple security requirements. This means that the security software will have to be installed on the client side but the more successful software providers are those that control the functions on the server side, according to Ngair.

YES

The difference between providing security solutions for B2B and B2C companies emerges in the use of Public Key Infrastructure (PKI) technology where the issue of Digital Certificates to the client-end of B2B companies is not a problem.

The cost of convenience
But the issue of such certificates to the user of B2C services is not commonly used at present as cost and inconvenience present obstacles to the process.

"This is the part of security that is not being picked up yet but is important in certain areas (of e-commerce transactions)," said Ngair. He cited the example of digital signatures where users have to be given digital certificates, which would in turn ensure authenticity and non-repudiation even for B2C transactions.

"The question now is how to build a system to minimize inconvenience to the user. On the software side, you want to build it as convenient as possible for the user," he said.

"Digital signature-PKI is considered very robust from the technology point of view. Someone will have to absorb the cost. Either the government or the enterprise has to do the work to get users ready in order for such applications to be developed," said Ngair. This is the reason for the greater acceptability of such security measures for B2B enterprises.

Official business?
It is difficult to predict how enthusiastic the government seems to be taking up PKI for secure e-commerce.

"It is very costly for governments to launch without knowing the returns. It depends on how much people believe in this," said Ngair. He added that the Singapore government might want to look around and see people in other countries implement it first.

Said Ngair, "Singapore is still very primitive when it comes to e-commerce and the biggest problem is infrastructure. Today, there is a lot of information sharing. This is all we can do because of the lack of infrastructure to support security."

The PKI forum recently organized in Singapore was a step forward to gathering feedback on PKI technologies, believes Ngair, and should have a positive effect on the promotion of PKI usage.

However without any direct government intervention in resolving cost issues, Ngair expects usage to be restricted to either sample server-side PKI protocols (such as SSL), or deployed within closed groups of users - typically enterprises or for B2B usage.

For digital certification to take off at the hands of the average user, the government might have to accelerate the trickle-down effect by stepping in and establishing a trusted party to issue digital certificates at little to no cost.