By getting the encryption technology in its mainframe operating system certified, International Business Machines Corp. has made it easier for banks to use digital certificates.
The technology, public key infrastructure, is used to create certificates that authenticate anyone who connects to the banks' systems. Though the certificates can be used in customer-facing situations, they are commonly used to verify the identities of employees who are accessing a network.
The Armonk, N.Y., technology giant said Wednesday that its widely used z/OS operating system, which includes the encryption technology, has been certified by Identrus LLC, a New York security software company owned by 23 banks.
"Two-thirds of the banks in the U.S. alone" are using some version of z/OS, said June Felix, IBM's general manager for global banking. Any companies using version 1.5 or higher have the PKI capability and do not need to buy it from another vendor, she said.
PKI use is becoming more prevalent because banks are becoming more sensitive to security issues, including those involving interaction with customers, Ms. Felix said.
For example, if someone is applying for a mortgage, "what the technology allows you to do is issue certificates to the particular consumer," she said. "When that individual digitally signs a document, say, applying for a mortgage, you know that that came from that individual."
Identrus issues the certificates, based on a PKI encryption key that the bank generates through the z/OS mainframe operating system. Banks that are part of the Identrus network do not need to pay extra to use this feature.
Karen Wendel, the chief executive of Identrus, said interest in PKI among banks was low initially but has been picking up in the last few years, especially because of the rise in computer-based crime and fraud and the passage of the USA Patriot Act.
She said she is working on a similar arrangement with Microsoft Corp. to incorporate the technology in less commonly used mainframe systems, though this deal is up to a year away.
"In my perfect world, Identrus identities would be embedded in every operating system on the planet," she said.
Charles King, the president and principal analyst for the Hayward, Calif., firm Pund-IT Research, said, "IBM has offered PKI as part of the z/OS operating environment for a couple of years," but until recently it lacked the Identrus certification that many banks deemed necessary. "As far as I know, IBM is the only vendor that offers PKI as part of the operating system."
IBM is responding to market demand, but adding the Identrus certification may not be enough to encourage banks to use PKI more often, Mr. King said. Identrus is "very specific about the features that PKI requires to merit their certification," and IBM's version is not distinctly different from what is already available through other vendors.
However, Ms. Felix said that by providing an easier way to use digital certificates, IBM could be opening the door to their more widespread use, especially as fraud, viruses, and other digital threats have become more important issues in the banking industry.
"The hacking experiences and the viruses all circle around information security and are unfortunately becoming a very big expense for the bank," she said.
Jacob Jegher, a senior analyst for the Boston market research firm Celent Communications LLC, said that by making it easier to issue certificates, IBM could spur adoption of PKI technology "if banks could really look at this as a method of saving money."
