Electronic Commerce: Xcert Offers Upgrade of Its Public Key

Xcert International Inc., which gained banking industry prominence as a supplier of data encryption technology to the American Bankers Association, is seeking further momentum with enhancements to its public key infrastructure system.

To be shown next week at the RSA Data Security Conference in San Jose, Calif., Xcert's Sentry 3.5 products are said to take flexibility and scalability-two qualities for which the corporate sector always seems to clamor-to new levels.

The company with Canadian roots and a Walnut Creek, Calif., headquarters set out to be especially bank-friendly with the ability to handle large volumes of digital certificates for on-line business commerce, with a unique approach to real-time verification, and by being interoperable with any other public key infrastructure, or PKI.

Those principles made Xcert appealing to the ABA. The association relies on Xcert technology for internal purposes, and Xcert works with Digital Signature Trust Co. to serve ABAecom, the for-profit venture developing certificate authority services for banks and other financial service companies.

Xcert's 3.5 components are "already certified to scale-running on systems with in excess of 100,000 customers," said Patrick Richard, the company's co-founder and chief technology officer.

"Previous products were designed to let you run your own CAs," the certificate authorities that issue and manage the digital credentials for Internet commerce, Mr. Richard said. "Now you can have multiple machines running CA processes concurrently, which is meaningful for scalability."

Beyond that, Mr. Richard said Xcert has achieved a milestone in delivering a "full suite" for CA operations. They are closer to "plug and play" than products that require significant "proprietary work for special applications," he said.

The flexibility extends to accommodating not only the commonplace RSA data encryption algorithms but also elliptic curve cryptography and the Digital Signature Algorithm.

The 3.5 rollout, available immediately, consists of Sentry CA; Sentry RA, or registration authority, for enrollment functions; Web Sentry, allowing for collaboration with parties outside the organization; and an Xcert Developer Kit to minimize technical complexity.

"Until now, there was no simple way of tying in Web applications with certificates, which is what Web Sentry is meant to address," Mr. Richard said. "It can enable a PKI for high-security applications that have never been available in full production mode."

Kawika Daguio of the American Bankers Association, PKI architect for ABAecom, said it and Xcert have been mutually pushing for advances in the technology and "they built (version 3.5) to a pretty tough specification."

"There is tremendous potential for the technology, but that can get lost if the vendor is not paying attention to what you need," Mr. Daguio said. "I am pleased with the support and flexibility we have gotten," which is essential for meeting the varying needs of large numbers of banks and their clients.

Mr. Daguio acknowledged that he and Xcert are pushing a technology envelope that may be "Internet decades" ahead of banks today. But he is convinced that widespread adoption of PKIs is just around the corner and "it doesn't hurt to be six to eight months early on some applications" to make necessary adjustments and "be where banks will need to go."

"The market is maturing and CA products are becoming mainstream," Mr. Richard said. "A number of recent announcements-Novell and Sun (Microsystems) are strategically committed to put PKI in all their products-are signs that the technology is here to stay."

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER