Compaq Computer's announcement that its home computers will have smart-card readers built into them represents a huge step forward for Internet transactions.
Smart cards are a tool for providing
See news story:
Sun, Compaq support smart-card push
The smart card is a credit card-size piece of plastic containing an embedded microcontroller chip with numerous software and hardware security features. Smart cards are the highest-volume semiconductor-based product manufactured worldwide, with 435 million produced in 2000.
The smart card is fundamentally the most secure silicon hardware that exists because of the engineering efforts of silicon manufacturers and card vendors. Various "tamper-proof" hardware and software measures prevent reverse engineering or "snooping" on the silicon chip.
Smart cards are more secure than other tokens because they contain a microcontroller that not only stores data--such as a PIN or biometric measure--but also runs executable code. That capability is critical for key generation or encryption within the public-key infrastructure (PKI). The microcontrollers being developed for smart card applications are being optimized for that function.
The security of the smart card is proven to some degree by the variety of operators that have committed to the technology, including those involved in mobile telecommunications, pay TV and financial services providers.
The easier to use, the better
In the past, financial institutions have issued smart-card readers that can be attached to PCs. That approach has not worked out well; the average person has difficulty attaching equipment to PCs because of the complexity of configuring and installing software. Early trials by American Express in association with the American Express Blue card were not successful for that reason.
Consumers will not independently seek out the technology. They will not purchase a smart-card reader on their own, nor will many bother to install a free reader. However, they are more likely to take advantage of a reader if it is a standard PC feature. To the extent that the built-in technology is easy to use, smart cards will be used more extensively. Therefore, PC vendors and service providers using the readers must make those devices as simple as possible to use.
Microsoft is actively promoting the smart card, which greatly helps to position it as the hardware-authentication token of choice for the PC.
Another accelerator is PKI adoption. Smart cards are a powerful enabling technology for PKI, particularly when on-card cryptographic algorithms are used. Although many semiconductor vendors have only recently released products that meet the cryptographic demands of modern PKI, many PKI vendors integrate smart cards within their product portfolios.
Businesses that rely on Web-based delivery using user ID and passwords as a security medium could prevent multiple-user access (by shared passwords) by mandating smart-card conditional access. Potential adoption drivers that would create momentum in the IT security industry include the following:
Internet service providers make smart-card log-on compulsory for use of their services.
Financial services providers make the use of smart cards obligatory for online purchases.
On May 16, Visa International announced the launch of its Smart Visa Ready program, which certifies qualified manufacturers' products as compatible with smart Visa cards. The first manufacturer certified under the program, Compaq, is now introducing PCs equipped with Visa-ready smart-card readers.
Gartner believes that smart cards will play a key role in reducing online fraud and accelerating the growth of online transactions. If Visa and Compaq commit sufficient resources and management attention to seed the market with smart-card enabled PCs, enterprises, online merchants and credit card issuers will benefit.
(For related commentary on smart cards, see TechRepublic.com--free registration required.)
Entire contents, Copyright © 2001 Gartner, Inc. All rights reserved. The information contained herein represents Gartner's initial commentary and analysis and has been obtained from sources believed to be reliable. Positions taken are subject to change as more information becomes available and further analysis is undertaken. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of the information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof.