Sparks of Life (and Green) in Smart Cards
VeriSign steps up to advance Microsoft's next smart card play and the industry gets real about authentication in more devices.
SAN JOSE, Calif. -- Got green in your browser's URL bar? If you do with the latest IE, the technology industry wants you to associate it with confidence in secure online transactions. Or at least give the user a visual clue if a site is actually spoofed.
At a time when research suggests that more consumers are slamming the brakes on online commerce amid fears of identity theft, technology providers are pouring fuel on new authentication engines to keep the digital economy growing.
They may be doing more than talking this time. More than 60 vendors -- hardware, software and everything in between -- are promising to line up better identity protection and authentication tools for businesses and consumers.
Take digital signature provider VeriSign. The company plans to integrate its latest digital certificates of authentication to support Microsoft's "InfoCard," the smart card identity management project Bill Gates touted during his keynote at the RSA Security Conference earlier this week.
The partnership means VeriSign's Sockets Layer (SSL) certificates and its just-launched VeriSign Identity Protection (VIP) offering will be integrated with Microsoft Internet Explorer 7, which recently went into beta.
"It's time to put a new face on identity security," said Stratton Stavlos, CEO of the digital certificate provider, during a keynote address at the RSA Security Conference.
As part of a keynote demonstration of the integration with IE7, the color green in the URL bar indicated to the user that VeriSign's high-level certificate authority stamped their assurance that the Web site has been authenticated.
A spoofed site? Not with the levels of checking that go into getting that certificate into the site. Green is the signal to the user that this is a Web site that it can trust -- and conduct business with confidence.
After all, the little "lock" that appears in the lower right corner of a browser can be easily spoofed, noted Microsoft's Michael Stephenson, director of product management in Microsoft's server and tools division.
The VeriSign certificate that lights up green in the URL field is the result of a network of security providers sharing information on the validity of the Web site in question -- and updating that status in real-time, executives here said.
The VeriSign Identity Protection (VIP) offering is a mix of software and intelligence that gives consumers something more than a password to authenticate who they are during online transactions.
VeriSign and Microsoft call the integration "mutual authentication" on the Internet, meaning a transaction requires that both the destination site and the consumer positively identify each other.
That SSL certificate, and the VIP offering, are "comprehensive, strong authentication from a variety of vendors," Stavlos said during a keynote. The companies share intelligence with each other on anomalies they discover.
"It's a network effect around security, sharing that ID credential."