Working digital identities in the corporate space

Written by

Posted on Leave a comment

[Dave Birch] A perfect target group for digital identity are corporate treasurers.  They have to send important messages where authentication and encryption are required and they are busy people who don’t want to mess around with complicated solutions.  What’s more, since each of them may be dealing with a number of different banks and each bank on they use may require different levels of integration and security, they have desks cluttered with smart cards, USB tokens and key fobs for different log-ins and transaction approvals.  SWIFT and our good friends at Identrust have been running a pilot to change all of this, showcasing a new "double" digital signature information delivery model in which a corporate payment order file, layered with SWIFT’s PKI security protocol, as well as an IdenTrust digital certificate identifying a specific corporate employee (required for Sarbannes-Oxley and such like), is delivered and then verified by two separate institutions.  And it works.

Technorati Tags:

Banks aren’t interested in relying on a federated model of identity: they don’t care whether the airline says who you are or whether you have an Amazon account.  If they are going to accept a digital identity, it has to be one issued by another bank, under the same relevant know-your-customer law mand other legislation.  And, most importantly of all, they want to understand and agree the distribution of liabilities that go along with using (and relying) on the identities.  This is what makes Identrust useful to them: not that it defines X.509v3 certificate format, but that it defines — very clearly — what happens when things go wrong.

But this, it seems to me, ought to make Identrust certificates useful to corporates in general and not just in respect of financial transactions.  This will be one of the topics I’m discussing with Karen Wendel, the Identrust CEO, and some other knowledgeable persons at the CSFI round-table discussion on trusted electronic transactions in London on April 17th.

My opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public.
[posted with ecto]

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this:
Verified by MonsterInsights