Operations: Securing J.P. Morgan

J.P. Morgan has chosen KyberPASS Corp., based in Ottowa, to provide authentication services for the public key infrastructure the bank is building for global operations.

KyberPASS is designed to work with Entrust Technologies' systems, the backbone of the Morgan security system for its dial-up customer connections. Entrust is a division of Nortel Corp. "We were looking for something that provided strong authentication, and KyberPASS has a product that was Entrust-ready that we could plug into our infrastructure," says J.P. Morgan vp Ainsley Rattray. The idea, he says, is to provide information to its clients that's "strongly authenticated and protected from unauthorized disclosure."

"It's a form of access control," he adds. "Using public keys gives us a very strong form of authentication. This way our clients get authenticated at the gateway and then have access to certain information."

The combined systems, he acknowledges, are part of the Web-based information system that Morgan is building to communicate with its clients on specific topics. With this system, a client buying Brady Bond options, for instance-but not interest rate swaps-would have access only to Brady Bond option information, thus controlling the bank's communications with the client, and vice-versa.

J.P. Morgan has been building its Entrust infrastructure for about three years, says Rattray, but only plugged in the KyberPASS system recently because, he says, commercial applications of what's actually 20- year-old technology "are fairly new."

Public key technology enables things like digital signature capabilities. Rattray says this allows non-repudiation, which, in turn, fosters electronic commerce. The KyberPASS system went live in October.

-reinbach tfn.com