USER AUTHENTICATION FOR E-BUSINESS

There are many factors that need to be addressed before e-business is seen as a truly usable service to the ordinary customer. The most well known factors are: · The speed of access to the Internet and service providers · The cost of access to the Internet infrastructure. The poor quality of a large number of e-business/e-commerce web sites – in particular aspects such as the interface, design … A less well-known, but perhaps equally important factor is user authentication. User authentication is the process whereby the Service Provider (SP) is able to identify the person using the web site. This is normally done by a username/password combination. User Authentication is important for the SPs because if a product is ordered or a service is requested, then the supplier needs to be reasonably confident that the order/request is valid, and not a hoax. Unfortunately, the situation has arisen where a user who is a frequent web user may have accounts with many different SPs, e.g. Their bank, telephone company, ISP, superannuation/pension fund, insurance company, government (often with different departments within the Government) and so on. In these cases the SPs use a registration process where the user has a username and password. It is unfortunately usually the case that the username and password combinations are different between sites. This is a deterrent to the whole registration process as you have people with multiple registrations. There are many e-Gateway systems that offer a single-point-of-logon, for example the e-Government within the UK e-Government Project which aims to solve the problem at least within their infrastructure. The very large private sector has no such mechanism. This paper investigates current e-Gateway systems (including those where the primary purpose is not necessarily user authentication) and proposes a model for a more universal e-Gateway.