Modernizing Authentication — What It Takes to Transform Secure Access
Identrus is making strides in its effort to establish a secure, online community of trust for the financial community. In recent weeks, the company has announced two programs to certify products and applications as compliant with the Identrus infrastructure. In addition, it announced three additional financial institutions have signed on to become members of the Identrus network, bringing the total number of members to 50. The new firms join some 100 vendors that have signed up to get their products and applications certified by Identrus.
Identrus was formed in 1999 by a group of financial institutions to create an infrastructure that would allow for secure e-commerce transactions. Founding members include such heavyweights as ABN AMRO, Bank of America, Barclays, Chase Manhattan, Citigroup and Deutsche Bank. The firms created a set of policies and procedures, based on underlying public key infrastructure (PKI) technology, that would allow companies to authenticate one another such that they could transact business online with certainty, mitigating the risk of fraud.
The two certification programs the company launched are Identrus Ready and Identrus Compliant.
The Identrus Compliant program is for hardware and software products that serve as part of the Identrus infrastructure, including certificate authorities, online certificate status protocol (OCSP) responders, smart card subystems and digital signature messaging systems (DSMS).
"The launch of the Ready and Compliant programs is a significant incremental step in enabling businesses to have a choice for their e-business initiatives," says Elizabeth Halaki, senior VP of marketing and business development for Identrus. "It's all about reducing the risk of fraud."
To ensure that application providers meet the requirements of the Identrus Ready certification program, Identrus and IBM Global Services have entered into an agreement to create a testing laboratory in Gaithersburg, Md. The lab will be used to determine whether an application meets the requirements to be deemed "Identrus Ready."
The idea for the lab is to demonstrate third-party objectivity in the certification process, says Rupen Mehta, solutions relations manager at Identrus. For example, the test lab could be used to ensure that a transaction between a subscribing and a relying customer, who are issued certificates from two different Identrus participants, works as expected.
Identrus has established a set of criteria and methodology that IBM Global Services will use to test for all the applications undergoing Identrus Ready certification. This criteria includes functional test cases - or those that can be repeated - to determine how the application behaves, as well as procedural tests, which involve analyzing application code.
As for the new financial institutions that have signed on with Identrus, they are Standard Chartered Bank, Chohung Housing Bank of Korea and Korean Exchange Bank. They join 47 other institutions that have previously signed on with Identrus. To date, however, only seven banks have met all of Identrus' stringent requirements that allow them to begin issuing certificates to customers.