There Is a Middle Ground for Solving Certification Difficulties

To the Editor:

Your interesting article on who will play the role of brokers in electronic commerce ("Privacy Broker: Likely Internet Role for Banks?" Oct. 8, page 1) reviews the two extreme technology positions: open public key infrastructures (PKIs) a la Verisign et al., wherein anybody can authenticate a digital signature; and account authorities, a la Lynn and Anne Wheeler, wherein there are no certificates to enable validation.

Open PKIs are chaotic and hard to control. Account authorities are old- technology bottlenecks that suffer from serious performance issues.

There is a third alternative called "closed PKIs." These, which my company develops, involve certificates enabling distributed authentication. But they are closed in the sense that only verifiers designated by the issuing authority are allowed to authenticate transactions.

This solves the certificate revocation problem that is a serious downside to open PKIs. As an added bonus, closed PKIs can support what we call "software smart cards"-get the convenience of software with most of the security benefits of smart cards.

Our technology has been endorsed by several brand names in security and payment technologies and has been deployed in several applications in health care, financial services, and consumer electronic commerce.

B.N. "Nat" Kausik

President and CEO,Arcot SystemsPalo Alto, Calif.