SAN JOSE, Calif. — Got green in your browser’s URL bar? If you do with
the latest IE, the technology industry wants you to associate it with
confidence in secure online transactions. Or at least give the user a visual
clue if a site is actually spoofed.
At a time when research suggests that more consumers are slamming the
brakes on online commerce amid fears of identity theft, technology providers
are pouring fuel on new authentication engines to keep the digital economy
growing.
They may be doing more than talking this time. More than 60 vendors —
hardware, software and everything in between — are promising to line up
better identity protection and authentication tools for businesses and
consumers.
The projects are already sparking new smart cards to use with
Web-based transactions. And they’re delivering.
Take digital signature provider VeriSign. The company plans to integrate its latest digital certificates of authentication to support Microsoft’s “InfoCard,” the
smart card identity management project Bill Gates touted during his keynote at the RSA Security Conference yesterday.
The partnership means VeriSign’s Sockets Layer (SSL) certificates and its
just-launched VeriSign Identity Protection (VIP) offering will be integrated
with Microsoft Internet Explorer 7, which recently went into beta.
“It’s time to put a new face on identity security,” said Stratton
Stavlos, CEO of the digital certificate provider, during a keynote address
at the RSA Security Conference.
As part of a keynote demonstration of the integration with IE7, the color
green in the URL bar indicated to the user that VeriSign’s high-level
certificate authority stamped their assurance that the Web site has been
authenticated.
A spoofed site? Not with the levels of checking that go into
getting that certificate into the site. Green is the signal to the user that
this is a Web site that it can trust — and conduct business with confidence.
After all, the little “lock” that appears in the lower right
corner of a browser can be easily spoofed, noted Microsoft’s Michael
Stephenson, director of product management in Microsoft’s server and tools
division.
The VeriSign certificate that lights up green in the URL field is the
result of a network of security providers sharing information on
the validity of the Web site in question — and updating that status in
real-time, executives here said.
The VeriSign Identity Protection (VIP) offering is a mix of software
and intelligence that gives consumers something more than a password to
authenticate who they are during online transactions.
VeriSign and Microsoft call the integration “mutual authentication” on the
Internet, meaning a transaction requires that both the destination site and
the consumer positively identify each other.
That SSL certificate, and the VIP offering, are “comprehensive, strong
authentication from a variety of vendors,” Stavlos said during a keynote
today. The companies share intelligence with each other on anomalies they
discover.
“It’s a network effect around security, sharing that ID
credential.”
The industry-wide effort to improve authentication tools among devices
people carry, such as cell phones, PDAs and USB devices, is dovetailing with
OATH (Initiative for Open AuTHentication), the industry group representing
some 60 device, platform and application companies, as well as end users of
authentication technologies.
Just today, OATH sent drafts to
the Internet Engineering Task Force (IETF) for protocols governing symmetric
keys between different systems, which are key to that all-important digital
handshake that establishes who the two transacting parties really are.
The idea is to keep confidence high that the Web site is actually what or
who it says it is, at a time when confidence is high on the minds of
technology executives.
John Thompson, CEO of security provider Symantec, noted during his keynote
address today the results of a Conference Board survey of 10,000 households.
It found that 41 percent are buying fewer items online and that 54 percent
are more concerned today about their personal information.
“Unless each and every one of us — enterprises and consumers — can
prove to the other that we are trusted partners, the risks associated with
online transactions will become unacceptable,” he told attendees here.
For a company, failure to protect their customers’
information will result in customers simply taking their business someplace
else, to someone they can trust.
“If we fail to create a trusted digital environment, we won’t just slow
the growth of e-business, but of all business. We won’t just hurt the
digital economy, but the economy as a whole,” he said.
“And, this is the
real hidden threat today — not some massive cyber attack, but the loss of
consumer confidence in the digital world.”