What's the importance of digital certificates?

When you do a transaction on the Net, there is absolutely no way of identifying who all are the parties involved. 

That's not the case when you do a physical transaction, where payments can be settled through cash, credit cards or by instruments like cheques etc. On the Internet, there is no other option but to go in for digital certification, which identifies a person clearly and hence supports B2B and B2C transactions. 

Ultimately, these digital certificates ensure that you know who you are interacting with. That itself is a great advantage.

What are the challenges in this business?
The challenges are many! But it's less a technology issue than a business one. Certifications business is akin to the infrastructure business like telecom or even credit cards. 

In India we have pumped in close to five million dollars and have set up an infrastructure which caters to the entire spectrum of the market. But currently, the e-business market in the country is in its infancy. 
Those who are in business are looking at the Internet as yet another window to the world, rather than as a channel where they can accomplish complete end-to-end business transactions. 

In the next stage, we expect businesses to seek certifications for their servers and Websites so that their customers, suppliers and partners can instantly know that they can trust them. Public Key infrastructure business growth will happen as more users use the Internet not just for information, but also for business.

What kinds of solutions are being provided currently in India?
Since the IT Act has been passed by parliament, digital signatures are legally valid in India. Hence, for any e-business (not just on the Internet), various solutions could be deployed. 

This includes the space within an enterprise intranet or even within the government infrastructure where the government can use to connect to the public for payment collections and bureaucratic work. Solutions are varied and will address several vertical domains like banking, finance, insurance etc.
Most popular are solutions related to Web servers and payment over 
the Net. 

While payment over the Internet is still in its infancy in the country, we provide SSL (Secure Socket Layer) and other certifications to more than 50 types of Web servers and software. Apart from these, certification solutions based on PKI are being provided to Virtual Private Networks, extranets and even vertical products like SAP. 

Currently, all Microsoft and Adobe downloads are verified by Verisign. 
We can provide solutions for even software downloads, which states clearly that you are downloading software from the right vendor, and not some malicious code.

A study conducted by the government has shown that payments made by cash or cheque for public utility services like electricity and water supply takes an average of 23 days to reach the treasury.

This means there is a huge loss of revenue since money collected every day runs into crores of rupees. So, moving to an e-business model has its own advan

What are the fundamental goals you achieve through a digital certificate? 
The way Verisign, our partners, see it is that through digital certificates a business entity should be sure of the following: 

Authentication: Customers must be able to assure themselves that they are, in fact, doing business with a real entity and the person on the other side is who he claims to be.

Authorization: Similarly, the right person should be authorizing the different steps involved in any form of transaction. 

Confidentiality: Sensitive Internet communications and transactions, such as the transmission of credit card information, must be kept private. 

Data integrity: Communications must be protected from undetectable alteration by third parties during transmission on the Internet. 

Non-repudiation: It should not be possible for a sender to claim that he or she did not send a secured communication or did not make an online purchase. 
In Brazil, for instance, the government tried to get citizens to file returns over the Net, and nearly 15 per cent of the people came back at the end of the procedure and said that they never filed the returns themselves. This was because of lack of proper and secure digital certifications that support non-repudiation. 

The Internet was expected to bring down the cost of transactions. But despite that, merchants complain that credit card discounts are way too expensive for them compared to physical card transactions.

There are again two reasons. One is the issue of trust, and that is where we come from.It is just not possible for a company to trust a buyer who claims that he is someone because of the credit card number and details he or she has typed in. Hence there is an element of risk involved, and this risk will definitely be defined as a higher per cent of the discount. 

Secondly, current volumes of transaction over the Net are low and merchants are not able to negotiate good discounts. But when we started in India, the lowest discounts were as high as 10%. I think, it has since dropped to 3-5% for a reasonable business entity. So what do you think is the future? When do you think small merchants can safely, and profitably do business on the Net?
We need infrastructure to collect payments securely where there should be no complaints about transactions on the Net. 

Once such infrastructure is in place, the volumes will soar and with volumes the discounts will also be better. Visa is working on 3D Secure, which involves principles of encryption and PKI, to use for credit card payments. 
We need similar solutions for credit card payment to be very cost effective.

----------------

Safescrypt is India's leading Public Key Infrastructure solution company and is a partner of Verisign in India. Atul Saran, its Managing Director, is a veteran in the business of security solutions and e-transactions. He spoke to DeveloperIQ on security solutions and digital certificates.