VeriSign inks deal for smart cards

ActivCard will provide the company with the hardware for secure sign-in systems, deepening a rift between the digital security firm and its parent RSA Data Security.

Robert Lemos
Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
3 min read
Smart-card software maker ActivCard plans to announce a partnership with digital security firm VeriSign on Thursday to provide companies and governments with a secure way to log into computer networks, CNET News.com has learned.

The deal will make VeriSign a stronger player in the market to provide such systems and should boost Fremont, Calif.-based ActivCard into the major leagues, say analysts. The partnership also breaks a long-standing tie between VeriSign and the company from which it grew, RSA Data Security.

"VeriSign did not have a solution at their fingertips that they could sell; now they do," said Charles Kolodgy, research manager for Internet security at market researcher IDC. "For ActivCard, it raises their profile as well. They have some big customers, but they are not a big name."

VeriSign will use smart cards--called "tokens"--loaded with ActivCard's software as part of its system to allow customers to securely sign into a network using the card and a password. The cards typically hold encrypted digital certificates and unscramble the keys once the proper password is given.

"This now gives VeriSign many of the same capabilities that many of the other public-key infrastructure providers have," Kolodgy said. Public-key infrastructure (PKI) technology allows encryption to be used to sign documents and verify identity on the Internet.

Smart cards, a technology that embeds computer chips into credit cards and ID cards, haven't taken off in the United States but are popular in Europe and Asia. Like a minicomputer, the cards have an operating system and software; ActivCard bases its software on Sun Microsystems' JavaCard operating system.

While the cards only make up about 15 percent of the $314 million market for systems used for secure sign-in, that share is growing, said Vic Wheatman, vice president and research director at market analyst Gartner.

"The year of the smart card looks to be 2002," he said.

RSA Data Security, the company that originally spun off VeriSign in 1996, offers several smart-card-based security tokens as well. Several other companies--such as Rainbow Technologies, Arcot Systems and Aladdin Knowledge Systems--use hardware keys that plug into a USB port to store the digital certificates.

Cost played a big role in making the decision to partner with ActivCard, said John Weinschenk, vice president of VeriSign's Enterprise Services group.

"It's a huge savings to our customer base," he said, adding that an ActivCard-loaded smart card cost only half the $40 a comparable security token from RSA would cost.

VeriSign's Weinschenk said that about three quarters of the users of its service are from business and the other quarter from government.

ActivCard already has a number of large customers under its belt.

The U.S. Department of Defense plans to issue 4.3 million ActivCard-based smart-card ID badges to all employees and contractors. The new badges will act as access cards allowing entry into government buildings, grant access to government services and personnel information and allow people to digitally sign electronic documents.

Companies such as Hewlett Packard, Sun and Lloyds of London use smart cards to control access to networks and services.