Making Online Purchases
Well, as many of you know, for some time now, there is one thing that has always eluded me, and it has been that security exam called the CISSP. I started studying for it last year, but ended it up giving up the idea of taking it in 2010. So now, after receiving a voucher to reschedule it, I plan to take it next year. Really, I have no choice in this matter, I have to take the exam next year. A couple of nights ago, I was looking online at some websites to see what study materials I could get for a reduced cost (believe me, these testing materials are pretty darn expensive). I came across Amazon.com, and after a doing a key word search for “CISSP”, I noticed one big, thick book.
Well, it happened to be an updated version of the book I was using before. But the package I got was a real sweet deal. For about $70 or so, not only did get the updated book, but I got another book full as well as CD’s full of practice exams. I will be getting the package next week, and this time, I really have to start studying seriously. On another note, I was actually pretty impressed with how quickly it was to purchase online at Amazon.com. Just a few clicks, my order was placed, and within seconds, I got a confirmation e-mail that my package was sent. And of course, I also paid attention to the all of the Security details when it came to making the online purchase (such as only the few digits of the credit card number appeared, 128 bit encryption was being enforced, etc.). In this regard, Internet and Cyber Security continues to be an ever, exponentially increasing, uphill battle for not only customers but for the major Security Vendors as well.
Today, I came across a Press Release which the Department of Commerce announced a new initiative called the “National Strategy for Trusted Identities in Cyberspace”. This initiative is being led amongst some of the largest Security Vendors here in Corporate America. Here are the details: “A newly developed Cross-Sector Digital Identity Initiative, led by Northrop Grumman Corporation, Microsoft, CA Technologies, and CertiPath was demonstrated today as a "Proof of Concept" for the administration's announcement of the National Strategy for Trusted Identities in Cyberspace (http://www.nist.gov/nstic/) . . . Unveiled by U.S. Commerce Secretary Gary Locke during an event at the U.S. Chamber of Commerce, the NSTIC identifies a set of guiding principles for accelerating the use of trusted digital identity credentials. The strategy aims to deploy a system that helps secure transactions on the Internet, improve the public's awareness and control of personal information and stimulate growth of online commerce . . . the Cross-Sector Digital Identity Initiative brings together private and public sector participants to demonstrate key NSTIC concepts and to identify barriers to adoption across technical, political, social and economic domains . . . The Cross-Sector Digital Identity Initiative will prove their concept -- a proposed "trusted architecture framework" -- through various real-life case scenarios. Today's scenario will show how mobile devices enabled with cloud-based, trusted identity credentials can be used to authenticate online transactions in a way that improves both security and privacy.” (SOURCE: http://www.findbiometrics.com/industry-news/i/8836/).
Final Thoughts On Today’s Posting
As you can see from the above quote, these are some big name Security guys involved here. So, even just by this, this is some serious stuff going on here. The primary thrust of this initiative is to create some sort of common and uniform standards for the use of digital identity credentials. In this light, this is where E-Commerce and online Security relies heavily upon the use of the principles and the constructs of Cryptography.
Examples of this include private and public keys, tokens, digital certificates, public key infrastructure, the entire works. But more importantly, one of the other goals of this key initiative embarked by the Federal Government is to create a sense of awareness of the importance of being proactive about Security with the American public. And believe me, we all could use a lot more education in this regard (yes, even me, as I was totally caught off guard when my laptop was hit with a very nasty piece of Spyware). Both the private and the public sectors are taking part, which touches across all foundries of our daily lives, including the political, economic, and even the social spheres.
Ultimately, the overall arching theme is to create what is known as a “Trusted Architecture Framework”. As I read through the Press Release and wrote today’s Posting, it struck me that there were no direct Biometric Vendors involved here. In today’s E-Commerce world, everybody involved has to make use of all available tools involved in order to combat the Identity Theft thieves whom lurk on the Web. And, this includes the use of Biometrics. When making an online purchase, it is the password which is the weakest link in the chain. I mean, what is the good of having all this fancy Security stuff if all of the private and confidential information about a customer can be stolen because of a hijacked password??? In this regard, Biometrics can be used, as Single Sign On Solution, to replace the password when making online transactions.
Oh, well, here is another idea: Why can’t the Biometric Vendors and all of these Security Vendors mentioned in this Posting all come together and discuss a newer means of Security for E-Commerce called “Bio-Cryptography”??? This combines the elements as well as the theoretical constructs of Biometrics and Cryptography, and makes into a super-duper line of defense??? Bio-Cryptography is currently being studied, and is still at the birth stage. Who knows, given the continual rise of Identity Theft, this could give rise to its explosion . . .
Comments