next up previous
Up: 6 Conclusion Previous: 6.1 General

6.2 Prospectives: Opportunities for Your company

With Web browsers, products can now be attractively presented with rich graphics and detailed descriptions, and customers can have a convenient, fast communications channel in which to obtain a quotation and place an order. Security, however, continues to be a point of concern and a barrier for commercial transactions over the Internet.

Smart card technology, in allowing to prevent unauthorized access to information and accounts, can address most of the issues to protect a business from fraud. If smart card is used as a way to unambiguously identify a user or a computer, then there are at least two applications that Your company could exploit in order to allure new users and to gain advantage over its competitors.

Now that Web-related products have proved to be reliable, scaleable, efficient, user-friendly and cost-effective tools to convey and to present information all around the world, we can assume that these tools will be brought inside companies, as a way for a firm to broadcast its own internal information to each of its employees. Netscape Communications already proposes a version of its well-known browser that is specifically dedicated to internal use (See Appendix 8 [*]: Putting the Web to Work Inside Your Business). For example, many companies have been on the Internet for several years and now develop internal information systems called Intranet. We may think that several firms will follow the same path.

The only security issue that remains when using internal information systems like Huevo, is to give the right person the right piece of information and to be sure that the price quotation, for example, will not leak outside the internal network. If each employee is issued a smart card, then the internal Web server (the Intranet) can be embedded with a piece of software allowing to personalize information access for each of these smart cards (i.e., for each of the employees): each user (employee) would see only the information pertinent to him/her, and access to information which he/she is not authorized to see would be denied to him/her; this can be done seamlessly for the user, without requesting him/her to enter anything like passwords but his/her smart card into the reader at the beginning of the session.

Thus, Your company has to work with Netscape Communications (or other firms distributing Web servers) in order to embed smart card capabilities inside the server software. It is important that security not be a feature added on top of other applications: it must be integrated so that the user will not be bored with it.

If we go further, we can even imagine that the smart card can be used not only as a mean to secure access to information, but also as a way to personalize the user environment and to provide him/her with settings he/she is familiar with. For example, when a user login into a computer by inserting his/her smart card, he/she will be recognized and retrieve all his/her bookmarks for his/her preferred browser.

Another advantage of the smart card is that it would allow employees connecting from outside the firewall to have access to their company's internal information. Internal information has to be encrypted for everybody else outside the firewalls. Web servers and clients like Netscape with SSL already allow the encryption feature, so that the same system needed for internal applications (like a smart card compliant Intranet) could be used for giving selected external access to the company's internal information.

There is another application where Your company could find a good way to gain advantage over its competitors.

After months of negative headlines about the raunchy sites kids are able to visit online and on the Internet, the people who bring cyberspace are getting ready to turn parents into police force (See Appendix 9 [*]: Parents Cast in Cybercop Role). America Online, CompuServe, Prodigy, AT&T, MCI, Netscape, Microsoft and other heavyweights are banding together to create tools that could help parents begin to set limits on the places their children can visit online. The goal is not to replicate the type of ratings system used to judge the content of movies. Rather, the group wants to create tools that companies can use to build and market their own rating or filtering systems. Then, it will be up to parents to select the kind of family standards they want to set for their home computers. Software could be available by March.

Called the Platform for Internet Content Selection (PICS), the standards would allow outside companies to create their own ratings systems that could be marketed to families. Parents then could block their children's access to any site that does not carry the equivalent of a ``Good Housekeeping'' seal for family-suitable electronic content. Parents would have the option of buying ratings filter software for their home computers or relying on access providers to offer the filter options online. It is very clear that smart card technology could be the ``natural'' end-part of the access control by the parents. Browsers (only clients and not servers) should be altered in order to give the smart-card-equipped children restricted access to the only sites they are allowed to by their parents, according to the ratings broadcasted by the server.

PICS is still in a definition stage so that it may not be too difficult for Your company to participate to it and to urge for smart card utilization: membership for the alliance is open (See Appendix 9 [*]: Parents Cast in Cybercop Role) to companies that want to participate in the standards-setting process, and these companies are expected to contribute input and resources that will help speed development of the technical standards.

next up previous
Up: 6 Conclusion Previous: 6.1 General
Denis Arnaud