Digital certificates are sort of like smart cards: They are both cool technologies that may some day come in handy, but there is still very little you can do with them.
Another similarity is that digital certificates may soon have their day in the sun.
Zions Bancorp and Bank of America Corp. are among the U.S. banks that have become certificate authorities and have recently let customers conduct some transactions authorized by digital signatures linked to certificates. Other banks are starting to follow, leading people in Internet security circles to predict a digital-certificate boom for 2001.
"We are putting together very appealing programs for the banks to go out and adopt this technology," said Geoff Kahler, vice president of marketing for Digital Signature Trust Co., the Zions Bancorp subsidiary that sells digital certificate technology to banks. "What we're saying is a bank-authenticated certificate is better than a certificate that's verified by Joe Schmo technology company."
Like a passport or a driver's license, digital certificates verify in the online world that the bearers are who they say they are. Just as a government agency vouches for the passports and driver's licenses it issues, so must a certificate authority, or "trusted third party," stand behind the certificates that are issued to people and companies for use in the Internet world.
People at many certificate technology companies are pushing banks to take on this role, since banks have been sources of trust ever since the days when people who moved to new towns needed letters of credit in order to conduct business.
Several large banks have already embraced this view and begun acting as certificate authorities, and it will be interesting to see how the market evolves. It is possible that every bank, large or small, will want to get into this business eventually, if it does indeed turn out that people and businesses come to rely on this technology for secure transactions. Many smaller banks will probably take a pass, but a lot of them may also want to participate, to ensure they play central roles in their customers' online commercial activities.
Given that plenty of transactions already take place through the Internet without digital certificates and signatures, there may be a longer adoption curve than the exuberant forecasters wish. Certificate enthusiasts say the E-Sign law, which as of Oct. 1 gave digitally signed computer files the same legal validity as documents signed with pen and ink, will jump-start the market for digital certificates, but this may be an overly optimistic view, given that there are not yet many places to use the technology.
Mr. Kahler of Digital Signature Trust said that finding ways for people and companies to use digital certificates is "the critical issue right now." Indeed, he said, when his company presents its technology to bankers to try to win their business, often the first question asked is how the certificates can be used.
One answer, he said, is that banks could make them valid for opening and closing loans online. The banks could then store records of the transactions in digital repositories, saving space and money.
"If you look at the process involved in a mortgage loan and the number of entities that are involved with that, it is a tremendous cost-saver and time-saver," Mr. Kahler said. "You might be able to close a loan in a day instead of two weeks."
Zions, which is offering online safe deposit boxes backed by digital certificate technology, expects to offer totally paperless loans as well. In October, Zions announced that as one of the first transactions completed under the E-Sign law, a Zions customers had taken out an auto loan in this manner. Zions is working with a company called iLumen Corp. of Orem, Utah, which makes online form-signing software called Digital Handshake.
While Digital Signature Trust Co. has not yet identified any bank customers other than Zions, Mr. Kahler said he expects to make some announcements on that front soon, and predicts that "the number of certificates is going to catapult from the tens of thousands to the hundreds of thousands very quickly."
So far there are pockets of activity, with banks lining up behind vendors that facilitate their roles as certificate authorities. Wachovia Corp. is working with Xcert of Walnut Creek, Calif., to serve as a certificate authority for business-to-business transactions. Bank of America is doing the same through Identrus LLC. Wells Fargo & Co. is also a certificate authority through Identrus, the New York technology firm, but so far has not come forward with a live application.
First Data Corp., which will act as certificate authority for any bank that wants to outsource such a service, is doing so on behalf of FleetBoston Financial Corp., which is offering certificates on its Fusion smart cards. Star Systems Inc., the huge national electronic funds transfer network, announced this month it was piloting Internet debit card transactions authorized with digital signatures.
"This will be the breakout year," predicted Laura Rime, acting vice president of marketing at Identrus. "It only takes a few key applications to get out there and have some commercial viability. Once we and our banks can show the potential, it will really take off."
There are several factors besides the E-Sign law that would seem to work in favor of digital certificates. One is the strong support of the federal government. David Temoshok, the electronic government program manager for the General Services Administration's office of governmentwide policy, says that Uncle Sam wants to conduct as much business as it can with citizens electronically, to cut down on paperwork and expenses - and that to do so the government needs the type of online security that the certificate-and-signature system seems to promise.
Another good sign is that it is quite easy to get a digital certificate. Consumers can apply directly for them through Digital Signature Trust's Web site (and others), which checks various databases (much as an online lender would) to confirm a person's identity. Once people are approved, they get verification in the mail, including an activation code that lets them download the certificate onto their browser, there they could use it to sign e-mail or, some day, to apply for online loans. They could also store it on a smart card or other hardware token.
Mr. Kahler of Digital Signature Trust said the number of people applying for certificates is "in the hundreds per day," despite the $24 charge for a TrustID digital certificate, which is valid for one year.
As with smart cards, there is a chicken-and-egg quandary: most people won't want them until there are good uses for them, and good uses may not be developed quickly until people have them.
When it comes to issuing digital certificates and coming up with ways to use them, "the banks are on their own in terms of deployment and readiness," said Ms. Rime of Identrus. "We have to do what we can to follow their lead, but it's really up to them. They have to be the ones to do it."