See Also   Introduction   Encryption   SSL   SET   Smart Cards   Links   FAQ

The most basic storage method is to encrypt the private key using a password and store it on the computer's hard disk - this is what programs such as Netscape's Navigator do. This method although convenient, does have some security risks as anyone who discovers or intercepts the password can use the private key if they have access to the computer where the key is stored. Another vulnerability is that once the key is decrypted it is held within the computer's memory where it could be copied by a rogue program.

Security can be increased by storing the encrypted key on removable media, for example a floppy disk. An attacker would then need access to this media and knowledge of the password before they could use the private key. However, this method still requires the key to be decrypted and held within the computer's memory where again it could be copied by a rogue program.

In its most basic implementation, smart cards can be used to store private keys and digital certificates protected with a password. Security can be further enhanced by using a microprocessor within the card to generate the public and private key pairs and to perform the actual encryption. Data to be decrypted or digitally signed is passed to the card where the microprocessor performs the operation and then passes the data back to the computer. That way the key never leaves the card and is therefore not vulnerable to attack by rogue programs scanning the computer's memory for keys.

Electronic purses
Many applications in place today use a smart card as a replacement for cash because of the higher security they offer over standard credit cards. Although most of these systems (for example Mondex, VisaCash, CLIP and Proton) were developed for point of sales applications, their use is likely to extend to Web commerce as they provide an easy and secure way to handle cash transactions. Many project that smart card readers will become a standard component of PCs - indeed the Intel PC98 specification recommends that Office PCs have a smart card reader installed as standard.

User profile portability
One factor that could potentially restrain the growth of Web commerce is restricted access to the Internet. Although the number of home and office computers with Internet access is continually growing, it is still not universally available and even the introduction of low cost access devices (for example Web TV) will not solve this completely. Also, even those with Internet enabled computers are unable to access them when away from their office or desk.

Smart cards could provide an answer to this by providing secure access over public Internet terminals or screen phones. Personal profile information could be stored on the card so no matter what device was being used the appearance would be the same. The on board microprocessor would be able to encrypt all messages thus eliminating security risks.