Digital certificates move toward interoperability

More than a dozen vendors of public key infrastructure, or PKI systems, are making news at this week's annual RSA Data Security conference, including RSA itself, a new and somewhat belated entrant in the market. (See related story)

The three biggest PKI vendors--VeriSign, Entrust, and GTE CyberTrust--hope PKI systems will come to be broadly deployed in 1999. They and smaller firms are focusing on interoperability--letting certificates issued by one certificate authority (CA) be accepted by other companies.

"We are now seeing interoperability within industries. Then we'll see it across industries," said Tom Carty, GTE CyberTrust's vice president of business strategy, who contends the enterprise market, not consumers, will generate the most revenue in 1999.

"We are for the first time seeing feedback from customers being reflected in products from multiple vendors," Carty added, calling it a sign of maturation of the PKI market.

Entrust made the biggest splash in interoperability today, releasing a free software toolkit that lets developers build applications once and use digital certificates from any PKI vendor that supports two Internet PKI standards. The tools are available on a CD-ROM or can be downloaded from the company's Web site.

"It's critical for developers to develop an application once and have it work with any vendor's PKI," said Entrust CEO John Ryan. "We have an absolute, complete commitment to open standards."

That marks a shift for Entrust, whose technology largely predated the Internet and has been criticized by competitors for being proprietary.

In another shift, Entrust announced a worldwide network of PKI customers that offer digital certificate services on an outsourced basis. The alliance marks Entrust's first outsourcing initiative.

GTE announced a get-up-and-running-fast program dubbed CyberTrust Accelerator, which includes GTE's basic PKI software plus consulting services to get a PKI running in corporate enterprises. The PKI software is priced at a flat $150,000 for unlimited certificates, a departure from the standard price structure that charges per-certificate on an annual basis.

For GTE, the new program represents a move toward product sales rather than outsourcing.

VeriSign said its OnSite Key Manager offering, which provides back-up of user's cryptographic keys and digital certificates, is now shipping worldwide for $40,000 and up, based on the number of certificates issued. VeriSign operates OnSite as an outsourcing service that lets companies issue their own digital IDS to employees, customers, and suppliers.

VeriSign also announced a series of partnership programs to make outsourcing PKIs available worldwide.

In other PKI announcements at the RSA show:
Baltimore Technology released version 2.4 of its PKI software, UniCert Certification Authority. Ireland's Baltimore, which recently merged with Britain's Zergo Holdings, also unveiled a technology alliance program and backed Intel's Common Data Security Architecture (CDSA) framework.
Another European PKI company, Celo Communications, made its U.S. debut, unveiling a PKI product suite designed for multinational corporations involved in Internet-based financial services.
ValiCert said it's shipping "validation authority" software to check the validity of digital IDs issued by different certificate authorities. The company also unveiled offerings that let users check the validity of S/MIME secure email certificates and SSL certificates used by Web servers.
Entegrity demonstrated interoperability with digital certificates from VeriSign, GTE, and IBM. Entegrity also announced that Entrust and IBM support Entegrity's tools for making digital IDs from different vendors interoperate. Digital Signature Trust announced it recently completed a pilot with more than 15 financial securities firms to act as the central certificate authority for an industrywide test using digital certs to verify the identity of brokers.
="" href="http://www.spyrus.com/" rel="noopener nofollow" class="c-regularLink" target="_blank">Spyrus debuted its hardware-based PKI software, acquired in September with Australia's Signet Systems, and a new focus on the enterprise market. Spyrus, which has largely sold to U.S. government agencies in the past, uses smart cards or other hardware tokens in its PKI systems. The company is exploring a dozen or so vertical markets to market its system.
Security smart-card vendor Litronic launched a family of products and services to speed deployment of PKI systems based on smart cards.
As reported, Netscape updated its certificate and directory server offerings.