Huge Opportunity In Public Key Infrastructure: Survey

Mumbai: | Updated: Jan 28 2003, 05:30am hrs
Most of us will not be comfortable making payments on the Internet if we wre not sure of the security of information. Similarly, only a few vendors will accept orders from the Internet unless they are able to authenticate the buyers and their buying capacities.

Public Key Infrastructure (PKI) technology that forms the core of digital signature applications satisfies both the buyers and the sellers on the Internet. PKI provides for a digital certificate that can identify and authenticate an individual or an organisation through a directory service that stores and provides information whenever required. The embedded encryption technology also makes the transaction secure and private.

According to a survey conducted by Dataquest and Gartner Group last year, the opportunity in PKI is hugeas there is a growing need for strong security for increasing online transactions.

Apart from Internet, PKI is also being used by the companies for their supply chain transactions. The report of the survey said that most organisations do not use digital certificates for simple applications like e-mail transactions. However, when business partnersin a supply chain environmentexchange highly confidential information such as demand forecasts, and when suppliers send their payment details over the network, they want to ensure that the information is not accessed by unauthorised parties. Digital signatures are important to supply chains. Because, for example, they provide the certification to confirm the identities of the companies participating in Internet-based supply chain integration. Further, authorisation processes surrounding the digital signatures can ensure that various supply chain participants have access only to the information intended for them. Some of the important questions that bother supply chain partners are: How can I give access only to the data I choose Or how can I ensure that the data is accessed only by my partners PKI offers the right solution to these issues by offering these companies the option of what to share and whom to share it with in a secure environment.

In addition to the commerce-oriented applications, PKI technology is important for remote access, secure e-mail and messaging, and secure client/server environments.

The opportunities may be plenty, but so are the hurdles. The way these hurdles are addressed would determine the slow or accelerated adoption of PKI. One such hurdle is the market confusion, says the survey report.

In many industries and organisations, a lack of understanding of digital certificates and its role in e-commerce is hindering adoption. As one systems integrator consultant commented, E-commerce is a big PKI driver. But enterprises are still struggling to understand what it means. They ask, Where do we need authentication Do we want to own the root Do we want an industry consortium to do the certificate authority services PKI is very technical and sophisticated. Pilots end up being driven by the IT departments, but the e-commerce initiatives are driven by marketing or the supply chain divisions.

We need to come up with the context and the business language that speaks to both sides of the house.

Interestingly, the survey reveals that pharmaceutical sector can also be among future adopters of PKI. The report adds that these organisations will develop supply chain integration efforts like those of many other manufacturing companies, but the US Food and Drug Administration approval required as part of new product development adds an additional layer of complexity to the industry.

As approval communications migrate to the Internet, digital certificates will provide the privacy, authentication, and non-repudiation needed for this highly sensitive communication.