Digital certs advance for Net
The National Automated Clearing House Association and VeriSign demonstrate the growing acceptance of digital IDs.
Digital certificates function as an electronic ID card in cyberspace, vouching for the identity of an individual or an Internet server in an online communication or transaction. Certificates are issued by a "certificate authority," either as an outsourced service such as certificate authority VeriSign or by a trusted institution such as a bank, employer, or government agency.
Digital IDs could play a key role in Internet commerce because buyers and sellers have difficulty knowing whether to trust the other party. In the NACHA pilot, financial institutions are showing interest in exploring digital certificates as an important technology for e-commerce. VeriSign, in a series of other announcements this week, is easing how digital IDs are issued for Internet servers or host machines on intranets and extranets.
The NACHA pilot, which involves four banks and six CAs, is designed to help financial institutions determine the best ways to handle digital IDs.
"The pilot is all about interaction between banks and authenticating certificates," said Julie Foster, NACHA director of network products. "We will try to help banks develop a business case for being a CA."
The resulting recommendations could be used to deploy either consumer-oriented retail banking or business-to-business banking. The NACHA trial is expected to continue at least through the summer.
Bank participants in the NACHA pilot include Mellon Bank, Bank of America, Citibank, and Zion's First National Bank. Technology providers include GTE CyberTrust, Digital Signature Trust, Entrust Technologies, and IBM.
In related news, VeriSign is expected to announce later this week that it will now issue Server IDs for Apache servers, a popular freeware Web server used by roughly half the sites on the Internet
Also, VeriSign is expected to announce that its OnSite service will let corporations issue their own digital IDs for Web servers within their domains, then let VeriSign manage those certificates in its outsourcing service. Today VeriSign announced that Microsoft resellers can now sell Server IDs with the Internet Information Server Web server.
Altogether, VeriSign's announcements this week are designed to make it easier for companies to get VeriSign digital certificates to identify Internet servers on their intranets and extranets as well as the public Internet.
VeriSign, which has issued more than 50,000 server IDs, offers a training program for Microsoft resellers, a Web site, and a 15 percent discount on Server IDs.
Web sites that use Apache servers will be able to obtain VeriSign server IDs if they use the SSLeay toolkit, which supports the secure sockets layer (SSL) protocol that VeriSign certificates require.
The new wrinkles to VeriSign's OnSite outsourcing service will let companies issue digital certificates for their own servers immediately, rather than the several-day processing period for VeriSign-issued certs.
That change also would streamline the process for corporate customers that may have hundreds or thousands of servers on corporate intranets or extranets or on the public Internet.
Pricing is 10 percent to 20 percent below VeriSign's price for issuing a single server ID. Ten self-issued server IDs cost $2,850, while 100 go for $20,450.