Smart card technology, in allowing to prevent unauthorized access to
information and accounts, can address most of the issues to protect a
business from fraud. If smart card is used as a way to unambiguously
identify a user or a computer, then there are at least two applications
that Your company could exploit in order to allure new users and to gain
advantage over its competitors.
Now that Web-related products have proved to be reliable, scaleable,
efficient, user-friendly and cost-effective tools to convey and to present
information all around the world, we can assume that these tools will be
brought inside companies, as a way for a firm to broadcast its own internal
information to each of its employees. Netscape Communications already
proposes a version of its well-known browser that is specifically dedicated
to internal use (See Appendix 8
: Putting the Web to
Work Inside Your Business). For example, many companies have been on the
Internet for several years and now develop internal information systems
called Intranet. We may think that several firms will follow the same path.
The only security issue that remains when using internal information
systems like Huevo, is to give the right person the right piece of
information and to be sure that the price quotation, for example, will not
leak outside the internal network. If each employee is issued a smart card,
then the internal Web server (the Intranet) can be embedded with a piece of
software allowing to personalize information access for each of these smart
cards (i.e., for each of the employees): each user (employee) would see
only the information pertinent to him/her, and access to information which
he/she is not authorized to see would be denied to him/her; this can be
done seamlessly for the user, without requesting him/her to enter anything
like passwords but his/her smart card into the reader at the beginning
of the session.
Thus, Your company has to work with Netscape Communications (or other firms
distributing Web servers) in order to embed smart card capabilities inside
the server software. It is important that security not be a feature added
on top of other applications: it must be integrated so that the user will
not be bored with it.
If we go further, we can even imagine that the smart card can be used
not only as a mean to secure access to information, but also as a way
to personalize the user environment and to provide him/her with
settings he/she is familiar with. For example, when a user login into a
computer by inserting his/her smart card, he/she will be recognized and
retrieve all his/her bookmarks for his/her preferred browser.
Another advantage of the smart card is that it would allow employees
connecting from outside the firewall to have access to their company's
internal information. Internal information has to be encrypted for
everybody else outside the firewalls. Web servers and clients like Netscape
with SSL already allow the encryption feature, so that the same system
needed for internal applications (like a smart card compliant Intranet)
could be used for giving selected external access to the company's internal
information.
There is another application where Your company could find a good way to
gain advantage over its competitors.
After months of negative headlines about the raunchy sites kids are able to
visit online and on the Internet, the people who bring cyberspace are
getting ready to turn parents into police force (See Appendix 9
: Parents Cast in Cybercop Role). America Online,
CompuServe, Prodigy, AT&T, MCI, Netscape, Microsoft and other heavyweights
are banding together to create tools that could help parents begin to set
limits on the places their children can visit online. The goal is not to
replicate the type of ratings system used to judge the content of movies.
Rather, the group wants to create tools that companies can use to build and
market their own rating or filtering systems. Then, it will be up to
parents to select the kind of family standards they want
to set for their home computers. Software could be available by March.
Called the Platform for Internet Content Selection (PICS), the
standards would allow outside companies to create their own ratings
systems that could be marketed to families. Parents then could block
their children's access to any site that does not carry the equivalent
of a ``Good Housekeeping'' seal for family-suitable electronic content.
Parents would have the option of buying ratings filter software for
their home computers or relying on access providers to offer the filter
options online. It is very clear that smart card technology could be
the ``natural'' end-part of the access control by the parents. Browsers
(only clients and not servers) should be altered in order to give the
smart-card-equipped children restricted access to the only sites they
are allowed to by their parents, according to the ratings broadcasted
by the server.
PICS is still in a definition stage so that it may not be too difficult for
Your company to participate to it and to urge for smart card utilization:
membership for the alliance is open (See Appendix 9
:
Parents Cast in Cybercop Role) to companies that want to participate in the
standards-setting process, and these companies are expected to contribute
input and resources that will help speed development of the
technical standards.