India Geared Up For Secure E-comm

Bangalore: | Updated: Jan 21 2003, 05:30am hrs
With the setting up of the Root CA (Certifying Authority) in the country, the infrastructure for secure e-commerce is believed to be coming of age in India. This coupled with cyber laws bill passed by the Parliament, according to industry representatives, will provide the much-needed impetus to the e-commerce segment with the digital signature technology being key to ensuring secure transactions through the web.

Interestingly, IT industry spokespersons place India only second to the US in having a comprehensive Cyber Law regulation in place. With a mature IT industry and an established banking segment, India, according to them, will be a successful launch pad for a successful e-commerce endeavor driven by the rapid adoption of digital signature technology.

The deployment of digital signature certificates will be driven primarily by businesses which see significant advantages in migrating their businesses to open networks.

The online banking corporates and retail fund transfers e-Cheques (subject to RBI approvals), foreign exchange trading Electronic Bill Presentment and Payment (EBPP), the government sector, defense, Intelligence Departments, intra & inter government communications, work flow automation (online tendering, negotiations and contracts), E-Governance - electronic voting; government services and utilities for the citizen will particularly be explosive segments for such a technology in India, besides the financial services sector.

As a market, India has greater potential than most of the developing nations because of a large body of IT professionals and IT enabled services available today. This would be the early adopters who are amenable to technology, prefer non-intrusive methods (as opposed to standing in queue) and could well drive the demand, believes IndiaLife Hewitt head of IT applications Soubir Bose. The company itself is a user of digital signature technology and is one of the leading players in the HR payroll and administration outsourcing sector.

In terms of implementation, IT experts say that for India, deployment at a pan India level would pose issues with respect to lack of adequate infrastructure, Internet access and end user awareness on the benefits. Therefore the solution may lie in first setting the ball rolling by opting for a closed community deployment where the change process can be monitored and managed. Readying itself for this explosive market opportunity, global software product major Computer Associates is set with its range of end-to-end offerings including - Computer Associates eTrust PKI (Public Key Infrastructure), eTrust OCS PRO, eTrust Directory - to offer an integrated secure method of enabling digital certification.

We want to facilitate a single window for all security needs of an organisation. And going by market statistics we expect the sectors/segments like e-banking, and e-retail ventures to be particularily benefitted by this technology. This will also ensure the spread of e-governance faster,says Computer Associates national manager eSecurity Business Vaidyanathan Iyer.

In terms of this technology blending in with the existing security related implementations, this will function more as a logical extension of existing security technologies. While the network security measures address the threat management issue, digital signature addresses the next level of identity management.

According to ICICI Infotech executive director Manoj Kunkalienkar the four cardinal tenets of a business transaction are confidentiality, authentication, integrity and non-repudiation. While an offline business transaction ensures that the aspects of the above are met with, technology will be the tool to make sure that such compliance is available in the online space as well.

There are technologies available today to make sure all the aspects are taken care of. For instance with respect to confidentiality & integrity - encryption technologies play a role, while authentication is enabled by a combination of passwords, tokens & biometrics - like thumbprints and retinal scans.

Deployment of digital signature certificates can therefore be viewed as a trust accelerator for secure online transactions. However, several fundamental issues need to be addressed prior to the market witnessing any large-scale deployment of digital signature technology. Mainly Interoperability - Standards need to be evolved with respect to defining the interoperability amongst the digital signature certificates issued by individual licensed trust entities (Certifying Authorities). Secondly, mobility is a another big factor responsible for the complete realization of such technologies.

Thus the business profitability would not be in selling commodity digital signature certificates but in the cost liberation, trust and value enhancement enabled by the deployment of digital signature certificates, Mr Kunkalienker said.

Interestingly, ICICI Infotech has partnered with Sweden-based Sonera SmartTrust, a provider of infrastructure software for managing digital identity in wireline and wireless networks to provide secure Internet services to the Indian communications industry.