Serving Up Merchant Digital Certificates

On successive days this week, two prominent technology vendors set out to capture what has quickly come to be seen as one of the biggest prizes in electronic commerce security.

Anticipating an explosion in on-line retailing and other transactions requiring security assurances, Entrust Technologies Inc. and Equifax Secure Inc. both announced digital certificate programs for Web server computers.

The companies have a technology foundation in common: Reaching for the cross-system interoperability that will simplify on-line shopping experiences, both licensed the underlying root certificate authority from Thawte Certification that is compatible with the vast majority of Internet- connected computers and browsers.

Entrust formally unveiled its plans Wednesday for Entrust.net, a new company and Web site. Server certificates, the first offering, are available now.

John Ryan, president and chief executive officer of Plano, Tex.-based Entrust, said a second Entrust.net phase will follow in the third quarter, to include insurance protection, additional cryptography, support for electronic mail, and an expanded partner program.

He said demand "for services to enable secure Internet transactions and relationships is rapidly growing," but he called the market "inadequately serviced."

Mr. Ryan stressed the Entrust products' ability to weather the millennium date change, saying that 25% of the estimated 160 million Web browsers worldwide use root keys that will automatically expire in 1999 and potentially put a damper on electronic commerce.

Entrust hopes to differentiate itself from competitors in service quality throughout the certificate life cycle, Mr. Ryan said, in competitive value, and in the completeness of its service portfolio. He said the price points-$299 for a one-year server certificate and $499 for two years-are 10% to 15% below the competition.

Equifax Secure of Atlanta sent similar messages Tuesday about how digital certificates issued to business sites on the World Wide Web would assure on-line visitors that the server computers are authentic and as advertised.

The data security subsidiary of Equifax Inc., the consumer data base giant, has entered into numerous alliances in an effort to provide a complete range of digital certificate services to banks and others. It said it expects to be issuing server certificates by July.

"We intend to be a major player in the server certificate marketplace with an easy-to-deploy product that is compatible with about 95% of the browsers in the marketplace," said Vijay Balakrishnan, vice president of marketing for Equifax Secure.

Like Entrust, Equifax became a member of Thawte's Chained CA, or certificate authority, program.

Thawte, based in South Africa, was one of the first Internet certificate authorities. Its software is almost universally recognized by Web browsers, which assures broad acceptability of certificates based on the company's root key.

"Thawte has committed itself to a strategy of creating interoperability between Internet and corporate CAs through the Chained CA program and partnerships with technology, audit, and consulting firms," said Thawte chief executive officer Mark Shuttleworth.

He described the tie-in with Entrust as "a meeting of two great forces in PKI," the public key infrastructures that are based on data encryption technology.

He also said that Equifax Secure's entry could "dramatically change the competitive landscape" in Internet certificate authorities. Equifax "has the muscle to make a significant mark on the industry."

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER