The digital certificate vendor Verisign Inc., fresh from registering its first quarterly profit in terms of both operating and net income, announced two agreements to extend its authentication services for government agencies.
Growing rapidly in almost every major category of its business, including the OnSite service offering to banks and other organizations serving as trusted authenticating parties in Internet commerce, Verisign said its systems are being used in more than 40 federal pilot programs. Among the users are the Federal Bureau of Investigation and Internal Revenue Service.
The Mountain View, Calif., company announced in October that it had teamed up with AT&T Corp. to participate in the General Services Administration's ACES initiative, the Access Certificates for Electronic Services, which are to be used in securing citizens' and businesses' transactions with federal agencies.
Verisign also said it obtained accreditation from the Department of Defense as an Interim External Certificate Authority, or IECA, which makes Verisign certificates an immediate option for authenticating 350,000 trading partners doing business with that department.
Business with and accreditations from government agencies tend to enhance the credibility of companies in the relatively young digital security market. Recent ACES and IECA announcements were seen as a boon to Digital Signature Trust Co., a unit of Zions Bancorp. of Salt Lake City, which is a leading proponent of a central role for banks in vouching for the identities of parties to on-line transactions.
Verisign and competitors such as Entrust Technologies Inc. of Plano, Tex., make that same argument, but offer themselves as service and software supporters of banks. Verisign has "most major banks" as clients in some form, as well as top Internet retailing sites, Anil Pereira, vice president of the Internet services group and corporate marketing, said in a recent interview. Verisign also has an extensive relationship with the eccelerate.com initiative of Dun & Bradstreet to provide digital credentials with the latter's data repository on 57 million businesses.
The vendors see the increasing digital signature requirements of government agencies here and abroad helping to carry their business into the private sector. Ben Golub, Verisign's director of Internet product marketing, said that security trend will be "key to making e-business legitimate. And the banking industry is key to the growth of this."
U.S. GSA administrator David Barram said Verisign is one of the "companies with a proven track record (that) are invaluable to ensuring public confidence in the security of on-line services and the rapid implementation of ACES."
"The federal government is in a significant position to take full advantage of the new tools of a networked society to provide better services for its citizens," said Verisign president and chief executive officer Stratton Sclavos. "By delivering these services in real time, government agencies will be able to reduce costs, improve service levels, and foster better relationships" with citizens.
Verisign is further establishing its bona fides financially. Its third-quarter revenue of $22.8 million was up 22% from the second quarter and 117% from a year earlier.
Net income of $1.6 million reversed losses of $152,000 the prior quarter and $4.2 million in the third quarter of 1998. It sold 31,500 Web site certificates in the latest quarter, bringing the total to 180,000 since 1995. Client-side certificates exceed four million, thanks largely to Verisign's connections with Microsoft and Netscape browser systems.
Electronic messaging and security analyst David Ferris, president of Ferris Research in San Francisco, called the earnings report "a good sign. It indicates that PKI (public key infrastructure technology, the backbone for digital certificates) is beginning to be real."
The wealth is being spread around. Publicly held Entrust's third-quarter revenue was an almost identical $22.6 million, up 14% quarter-to-quarter and 74% year-over-year. Net income of $2 million reversed a year-earlier loss of $1.6 million.
Entrust serves some blue-chip banks, such as Chase Manhattan Corp. and J.P. Morgan & Co. It is also building on especially strong government ties in the United States and Canada, the latter stemming from the company's roots in that country as a spinoff of Nortel Networks. Among Entrust's recent announcements were a contract to supply a PKI system to the North Dakota government and approval from France to offer systems at the strong 128-bit level of data encryption.
For the ACES program, AT&T Government Markets will offer to register citizen requests for certificates, which would be used with electronic submissions of loan and grant forms, for example, or to obtain information on government-benefit accounts. Verisign would provide the certificate issuance, life-cycle management, and validation that the credentials have not expired or been revoked.
"Digital certificates provide a way for government agencies to strongly authenticate users over open networks like the Internet," said Rich Guida, chairman of the federal steering committee for PKI. "ACES will provide digital certificates to members of the public and government trading partners, fulfilling a critical need to enable electronic transactions with federal agencies to flourish."
At the Defense Department, "we have made a policy decision to rely on commercial certificate authorities" for trading partners, said Art Money, assistant secretary for command, control, communications, and intelligence. "Verisign's IECA services fill a critical need in our evolving information assurance strategy by enabling us to securely and reliably communicate with our contractor and vendor community."
Verisign said this service will combine its PKI offering with commercial notaries to validate individual identities. For companies with in-house notaries, both individual identities and corporate affiliations can be proved in a single transaction.