Later this year, Internet security technologies are expected to pick up steam thanks to new standards and a new playing field.
From IBM chief Lou Gerstner to officials at the World Wide Web Consortium (W3C), technology leaders have been saying for years that the key to bringing Web commerce to fruition is better Internet security. Later this year, Internet security is expected to go through a mini renaissance with the help of new security standards and the expiration of a key patent.
Many companies are working on better security technologies and standards, and an onslaught of new approaches to security is expected in late September, when the patent on RSA's ubiquitous public-key encryption algorithm will expire, and the algorithm will become available in the public domain.
RSA held a far-reaching patent that many competitors claim stopped them from introducing new technologies.
IPSec on Deck
Among the brewing security standards, IPSec (Internet Protocol Security) is emerging as a leader. IPSec introduces security directly at the network or packet-processing layer of, say, an e-shopping or B2B site.
Previous security technologies introduced security at the application layer of communications with a site. IPSec is expected to be especially popular for virtual private networks (VPNs).
Proponents of IPSec, such as Cisco Systems (which is including support for the technology in its routers), point out that IPSec provides two choices for security: the Authentication Header (AH) protocol, which facilitates authentication of the sender of data, and Encapsulating Security Payload (ESP), which supports both authentication of the sender and encryption of data. The information these services traffic is inserted directly inside the packet in a header that follows the IP packet header.
In other security news, President Clinton is evaluating legislation that would allow easier authentication of digital signatures on the Internet, and the W3C is backing new standards for digital signatures.
Automated Privacy Protection
On the privacy front, the W3C is backing the Platform for Privacy Preferences Project (P3P), which lets Web sites express their privacy practices in a standard format that can be retrieved automatically and interpreted quickly by user agents.
P3P user agents, based on XML (eXtensible Markup Language) technology, will inform Web users of site privacy practices and automate privacy protection. The hope with P3P is to keep users from having to read a privacy policy at every Web site.
According to the W3C's Privacy Activity Statement: "When a user arrives at a Web site, the idea is that their browser will receive a privacy policy from that site, explaining what information it would like and how the data would be used."
