Although a US court has ruled against the ban saying that the encryption can be posted on the internet without getting any licence for the code from the commerce department, if the government goes for an appeal it can further delay exports.

Siemens has entered this lucrative market in Asia and Europe targeting e-commerce providers and ISPs with the standard 128bit solutions.

Commenting on the background of the US ban on encryption technology exports, Siemens AG vice-president, technical marketing, Paul Cullen, said the Central Intelligence Agency (CIA) of the US was found unsuccessful in cracking the code of these software and hence, the ban.

Explaining the technology, he said, "encryption jumbles up a message or displaces the orderly things into a total chaos using algorithm, which then has to becracked to be read using methods like the public key cryptography." For example, a bank customer can send a message to his bank for a transaction using his private key which the bank will decode at its end with the public key as well the customer-specific key. The mutual authentication takes place and the order is through.

The 128bit encryption, considered to be highly safe, is becoming common among ISPs and e-commerce companies. "It is one of the toughest tools around. A normal Pentium processor will take 5x10 24 years to crack it or a group of one million Pentium processors will take 5x10 18 years," Cullen said.

Encryption is not a new method. During World War-II, German forces used to send encrypted messages to those based in Britain and receive messages also in the same form.

Siemens has an array of security products such as Trusted CA, which issues digital certificates, Trusted Mime, a product for e-mail security, Trusted Web for extranets and Trusted Doc for ensuring acceptability of purchaseorders.

In India, Siemens intends to educate ISPs and companies before they jump on to the e-commerce bandwagon. ISPs will have to look for intelligent solutions for backbone, value-added applications, video streaming and content enrichment while corporates will have to place priority for security in dealings. "ISPs have the hard task of reviewing security levels and upgrade with latest technologies," he said.

Following an alarming rise in threats from hackers, security of e-commerce has become the single most important issue to dominate the internet community with the US government's estimates showing an annual trade of close to $400 billion taking place on the web from 2000 onwards, any kind of security breach would take away all the charm of e-commerce and more importantly the confidence of the people.

The threat is in fact even greater with more companies using wide and complex enterprise networks including intranets and extranets. Today, key security technologies are available other than theencryption such as Firewalls, intrusion detection products, antivirus software and security audit tools.

A common way to deal with internet security is through Firewalls, which most enterprise have built up. These restrict traffic entering and leaving internal networks and control connections to the internet. Also, Firewalls support networks that operate within a set site security policy. Antivirus is another technology in common use.

An International Data Corporation (IDC) report has shown that there is still heavy use of older technologies and latest like digital certificates and sophisticated biometrics remain comparatively new to the organisations, leading to greater risk of attack. Although Firewalls cannot protect the internal network against security threats from insiders, viruses, or traffic that does not pass through the control points, Firewalls do constitute a growing market. A constant vigil will be the best policy as any kind of hardware and software security cannot totally prevent securitybreaches.An important observation here is that no system can be totally and completely secure. Also the actual level of security has to be appropriate to the assets being protected.

Other security concerns regarding data are corruption or repudiation and unwanted disclosures. Here the ideal security tools are network monitoring and user authentication tools rather than products to reduce data disclosure or corruption. So far, the only option braced by many is outsourcing of major security services. Firewalls monitoring and maintenance can be the most commonly outsourced service.

A recent phenomenon or a pattern emerging in the US in which the larger e-commerce companies are picking up smaller companies, which can tighten their security levels.

Future will be even tougher, the study reminds, as challenges posed by unauthorised access through the internet and increased external hacking will also be present.