Electronic transaction's future in Hungary
download the zip file (8409 bytes) which contains this paper in rtf and txt format!
Szerzô neve: Kincses Zoltán
PhD student - ELTE Informatics Program
témavezetô: dr. Mezgár István - SZTAKI
Abstract
Electronic Commerce (EC or e-commerce) is a new, fast growing field of conduct business, selling any type of services, goods or even stocks on the network of computers using the Internet. The development of EC is extremely fast, according to statistics the number of firms/providers duplicates each six month in some regions of the world. The lack of secure money transfer through the Internet is a barrier for the even faster spreading of the e-commerce.
The same situation is in Hungary where the market is still not definitive in every place, so the companies are trying to find new and newer ways to make money.
For a lot of them is not understandable the Internet's power, but they feel necessary to have an e-mail address or a homepage even if they do not use them! Of course there is a lot of good example also!
On this race for better positions it must be taken in consideration the secure functioning. Unfortunately the existing system's security is still not good enough. There is a lot of problems with the identification, security or even the authenticity.
In Hungary there is near 200.000 employee on the security man field, but their education sometimes is ending in body education. The future security man must be a good computer guru, and an up-to-date man in existing security applications in computer systems.
The Hungarian brain always searches the holes on every system or application and with an extremely good sense they find it. Sometimes the cheap and the unsuitable systems are guilty because these holes. Now there is a complex solution at an acceptable price.
SmartCard (SMC) technology can offer a solution for current problems by fulfilling simultaneously the main demands of identification, security and authenticity. The application of the chip-based cards, the SMC probably can offer a general solution even beyond the EC. There is an ongoing research work in the SZTAKI to disclose the theoretical background of a complex SmartCard technology and to outline some integration aspects and possibilities of the main functions.
ELECTRONIC COMMERCE AND THE SMARTCARD
The application of SMC technology in e-commerce can result the next step of the technological revolution because of offering new possibilities in effective integration of commercial, banking and identification functions. "Traditional" SMC-based applications are spreading very fast in different fields (telephone cards, bank cards, etc.) and according to forecasts the SMC market volume will double every year until the year 2000. Of course these are international statistics. The growth numbers are the same in Hungary, only the base numbers are less.
As the SMC technology will be widely applied in many fields of the everyday life, all members of the society must have the possibility to use SMCs including the handicapped users. The present research work aims to disclose the possibilities of widening SMC applicability into this direction by extending and integrating the different SMC functions into an enhanced SMC.
THE IDEA OF THE ENHANCED SMC
In electronic commerce individuals have to be identified instead validating the identity tools. Transaction security and validity can be guaranteed through properly selected methods. It is important to handle the different aspects of security, identification and applicability of different fields and developments on a common base, therefore platform independent open architectures have to be applied both in case of hardware and software means. Finally all the solutions of these demands must be integrated into an easy-to-use application.
The research goal is to disclose the theoretical background of a complex SmartCard technology and to outline some integration aspects and possibilities taking into consideration the following functions:
- certainty determination of identity (1),
- secure data transmission (2),
- open architecture and a platform independent management (3),
- complex handy application (4).
1. The best solution which resolve the identification is the live fingerprint recognition (LFPR). Today there exist Hungarian software tools also which recognition rate are 100%! These software works on dactyloscopycal methods, but it is worth to mention the existence of optical methods which generate bioscrypts of the fingerprint. There are other biometrics recognition systems, but the most practical is the LFPR. The other approaches should complete or substitute the LFPR if the user has any type of deficiency. Extending the characteristics of the SMC with this factor, the new, enhanced SMC can become a real all-round tool for electronic identification.
2. The security and the authentication is guaranteed by using RSA based cryptography. The 40 and 48 bit lengths code have already been broken with brute force algorithms by network based parallel programming. The 56 bit challenge is in progress. The application of the 1024 bit length code offers strong enough protection against brute force attacks and the coding/decoding procedures need acceptable time.
3. The open architecture and platform independent ideas should contain open standards (like ISO 7816 in SmartCard world). The platform independent Java language ought to be applied in future standards and it plays a key role in our research especially from the appearance date of the JavaCard specification. It is also important for that Hungary who wants to reach the European Community membership, to follow with attention the European standardization, and apply them in own system.
4. The handy tools are SmartCards which had an unsuccessful period because of their high production price. Today's technology allows to make handy SMC in a big number at a low price with high and secure data storage capacity and with own operating system. There are some joint ventures who can give their capacity for issuing SmartCards in Hungary.
A key point of the research is the definition and integration of SMC functions for handicapped users as already outlined in point 1. Some ideas for the possible solutions are given, but enormous work has to be done to find solutions for the "empty cells" before reaching a global or a local standardization.
The problem of multiple deficiency (one can't act without permanent help) also has to be mentioned. In this case the master-slave card should be a solution. The slave card belongs to the multiply disabled person while the master card is used by the person in charge. The slave card can be used only with the master one. The master card can be used alone by the master card's owner, but not for the slave's user transactions. One slave card can have more masters, and vice versa.
Conclusion
The conclusion can be that in order to develop a widely applicable SMC concerning both functions and users, all the exceptions have to be taken into consideration during the design phase. There is a strong need for standard that guarantee the operation of particular identification systems as well. To develop such a standard needs an interdisciplinary team of experts (sociologists, lawyers, physicians, bankers, computer scientists) working in close co-operation. Nearly all the faculties are exists at the ELTE, where we can search the competitive experts. These search is in progress.
The standards must contain a general solution with less discrimination, placing humanity in the forefront instead technical solutions, offering equal opportunity also for the handicapped persons.
We hope that our research results in the SZTAKI will contribute to achieve these long-term standardization goals between the European and the Hungarian standards. We also hope that the Hungarian Government and the commercial sphere will give the right importance for this field.
There are some opposers, who want to keep the paper based commerce. Their voice is at a high level when the cyber terrorism or cyber thieves (with white colar) are on the front page in media. They forget (sometimes intentionally) that the "other part" is talking about a new system, with proved security, and the European future seems to be the same like the offered solution.
For useful informations in e-commerce field and SMC world see:
http://caesar.elte.hu/~kincses/phd/
Please contact:
Zoltán Kincses - ELTE/SZTAKI
WWW: http://dtalk.inf.elte.hu/~kzoli
E-mail: kincses@ludens.elte.hu