In his June editorial Stop Signs, editor Andrew Kantor detailed the obstacles that currently stand in the way of widespread use of digital certificates, which are necessary components in general, secure e-commerce. He argued that digital certificates are currently nothing more than a novelty and will stay that way until significant strides are made in how the technology is implemented and managed. I argue that we are much further along than Mr. Kantor realizes.
Lets draw a comparison between digital certificates and credit cards. Decades ago, businesses and consumers saw no need for, or benefit of, a widely accepted credit card such as Visa.
Today, however, credit cards are a universally accepted, trusted, and often preferred way of doing business. What changed? As more businesses began accepting credit cards, more consumers began using them. A key component driving adoption was a common understanding of how to effectively mitigate risk. The business that accepts the card, the issuing bank, and the cardholder have well defined and enforceable rights that make the transaction a manageable risk for each. Digital certificates currently hold a spot at the beginning of this inevitable adoption curve.
Typically, implementing digital certificates requires selecting a technology and deploying that infrastructure within your own closed systema costly and time-consuming process. In this in-sourced model, the digital certificate system would be analogous to a department store only accepting its own credit card and not Visa, MasterCard, or American Express. The digital certificates work only within that system, severely limiting their appeal.
On the other hand, imagine an open public key infrastructure (PKI) system, with universally accepted digital certificates and managed risk. Suddenly, digital certificates come in line with the universality of todays credit cards. An individual could use the same digital certificate for secure document exchange at work, access to his or her own private information from government agencies, and to purchase something on the Web.
This type of open infrastructure immediately moves digital certificates much closer to widespread adoption. Its a matter of policy, risk management, and an outsourced model.
By establishing risk management policies and warranties (such as what has been done with TrustID digital certificates, which are sponsored by the American Bankers Association), those parties relying on the certificates are assured of the identity of the certificate holdersa necessary component for ensuring the integrity of a business transaction. And finally, by adhering to an outsourced model, organizations need not be burdened by the cost, technical hurdles, and implementation constraints of closed systems.
Breaking Barriers
Kantor detailed three significant problems with digital certificates: getting one, paying for it, and installing it successfully. All three points prove moot in the outsourced model. Applying for and getting a digital certificate is as simple as going to, for example, our own Digital Signature Trust Web site (www.trustdst.com), providing pertinent information, and paying a small fee. Soon, universally accepted digital certificates will be issued by employers, banks, or government agencies at no cost to individuals. And what about implementation? Although there is technology behind the scenes, using a digital certificate is becoming easier than upgrading your Internet browser.
For relying partiesthose that accept digital certificates in business transactionsthe outsourced model proves equally compelling. When viewed as an in-house technology implementation, PKI is still cumbersome, expensive, and difficult to master. However, when seen as an outsourced modelwith someone else establishing the policies and managing the risk on an existing and proven infrastructureusing digital certificates in your business is analogous to a merchant signing up to accept Visa or MasterCard, and as simple as signing up for a Web-based service and paying as you go.
The traditional barriers of cost, time, and technology have fallen. Digital certificates are gaining widespread use throughout the government and private industry. The new outsourced digital certificate model gives those with limited current needs a painless path into future widespread implementation. In reality, its only a matter of time before consumer demand and application availability merge. When that happens, who can afford to be left on the outside looking in?
Yuriy Dzambasow is chief technical officer of Digital Signature Trust.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
