Year of digital certificates?

This year may go down as the year of the digital certificate, if announcements set for Monday at the RSA Data Security conference are an indicator of things to come in the next 12 months.

At least seven certificate authorities--including well-known names like VeriSign and Entrust, plus newcomer Arcanvs--will outline new initiatives.

Digital certificates are electronic IDs that identify two separate parties in cyberspace. They are used to verify the identity of an individual or Web site for secure email, Internet credit card purchases under the Secure Electronic Transactions (SET) protocol, online banking, Internet stock trading, and electronic data interchange (EDI).

GTE CyberTrust, which offers both CA products plus

1.6M Information Security VP Victor Wheatman on digital certification

an outsourcing service, will announce it is absorbing the consulting arm and some technology elements from BBN, which parent GTE acquired last year, according to spokeswoman Erica Vanderhoof. BBN Technology markets security hardware for CAs.

CyberTrust also will announce an enterprise-oriented partnership with Hewlett-Packard to expand sales, marketing, and professional services worldwide. The partnership eventually could impact the Internet commerce space as well, because HP's VeriFone division is active with banks and retailers on and off the Net. CyberTrust also issues SET certificates for MasterCard and American Express.

Entrust, a spin-off of Canada telecom equipment giant Northern Telecom, will announce a major partnership with desktop utilities firm Symantec. Entrust chief executive John Ryan, a keynoter at the conference, will be joined by Symantec chief executive Gordon Eubanks for Monday's announcement.

VeriSign, which has filed an IPO to issue stock to the public market, will announce an expansion of its enterprise offerings, building on its September announcement of OnSite. That service lets companies issue digital IDs to employees, partners, or customers but has VeriSign handle the back-end functions of verifying certificate holders, revoking certificates, and otherwise managing the public key infrastructure.

Arcanvs, a Utah firm, is expected to announce it will issue digital certificates based on technology from Pretty Good Privacy, which sometimes is an RSA rival that is now part of emerging security consolidator Network Associates.

CertCo, focused on CA software for financial institutions, will unveil a suite of certificate authority software that includes a module for managing "root keys" for CAs and another to issue certificates over the Web.

Initially, the suite is designed for business-to business commerce over the Net, not consumer-oriented transactions. CertCo provided Visa and MasterCard the root CA system for SET, which allows for secure card transactions over the Net.

Ireland's Baltimore Technologies will release the 2.1 version of its UniCert CA software. The company, which has tapped the European e-commerce market for digital IDs, also will name global resellers and technology partners.

ValiCert, a new company that validates certificates issued by various CAs, is due to announce it has added new participants to its global field trial. It also will announce OEM pacts with other security vendors.

In non-CA news, host RSA will announce officially that its BSafe 4.0 encryption engine will support elliptic curve cryptography, which RSA has criticized in the past as untested. Chief executive Jim Bidzos said RSA also will announce a new partnership with a maker of small devices.