Valicert Inc. has gained an attractive outlet for its digital validation technology by signing a formal alliance agreement with the GTE Cybertrust unit of GTE Internetworking.
As a major source of public key infrastructure systems for Internet commerce security, GTE Cybertrust gives Valicert a valuable credibility boost.
Valicert-which has been working at least informally with GTE, Entrust Technologies Inc., Baltimore Technologies, and others in the data security field-is purveyor of a technique called CRT for ascertaining whether a digital certificate is valid.
CRT, for certificate revocation tree, is touted as more streamlined than the certificate revocation lists, or CRLs, incorporated in conventional models of the digital authentication technology. CRLs are seen as too unwieldy and unreliable for the stressful, high-volume conditions that are expected to develop with mass-market on-line commerce.
For the certificate authority that manages the intricacies of issuing and verifying digital credentials, GTE Cybertrust can add Valicert to its service menu and has rights to resell the two-year-old validation company's Enterprise Server. The system can check revocation status by any standard means including CRL, CRT, and On-line Certificate Status Protocol.
"Digital certificate validation is critical to enterprises implementing open PKI (public key infrastructure) solutions to secure transactions among large numbers of users, including employees, customers, partners, and suppliers," said Joe Vignaly, director of marketing and business development for GTE Cybertrust, Needham Heights, Mass.
As a Valicert reseller, "Cybertrust meets the growing needs of our customers," he said, "by providing a one-stop source for both CA (certificate authority) products and services and certificate validation."
"GTE participated in our field trial before this, but now we have a more formal relationship," said Sathvik Krishnamurthy, vice president of marketing and business development for Valicert in Mountain View, Calif. "GTE is the largest company we have done a distribution agreement with." Another is Entegrity Solutions Corp. of San Jose, Calif.
"Our goal is to make our validation solution ubiquitous, and that requires relationships with CAs and tool kit licensees" such as GTE and Intel Corp., Mr. Krishnamurthy added.
Like others in information security, Mr. Krishnamurthy can sound like an evangelist on the subject of "an expanded definition of trust" for electronic commerce. "Our agreements with CAs like GTE reinforce that notion," he said in an interview.
The CRL processing challenge has daunted system developers. Valicert offers one solution. In November, Entrust Technologies of Texas announced several licensing agreements for its CRL Distribution Points patent, a "scalability" measure that Valicert president Yosi Amram said he could support.
Others have proposed different approaches that would do away with revocation lists altogether. But Mr. Krishnamurthy pointed out that virtually all major CA proposals, including the Global Trust Enterprise that eight multinational banks announced in October, are following de facto standards that have validation components.
"A variety of techniques are on offer," said analyst David Ferris of Ferris Associates, San Francisco. Focusing on "an important part of the PKI puzzle, Valicert is carving itself a useful little niche."
