1996-02-07 - GTE’s Virtual CA

Header Data

From: nobody@REPLAY.COM (Anonymous)
To: cypherpunks@toad.com
Message Hash: b08d083aba8eedace8046b90153c16722a10cdf6adaf1fe1f36403a953f7e92c
Message ID: <199602070103.CAA12764@utopia.hacktic.nl>
Reply To: N/A
UTC Datetime: 1996-02-07 10:51:33 UTC
Raw Date: Wed, 7 Feb 1996 18:51:33 +0800

Raw message

From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 7 Feb 1996 18:51:33 +0800
To: cypherpunks@toad.com
Subject: GTE's Virtual CA
Message-ID: <199602070103.CAA12764@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



GTE's CyberTrust For Web Electronic Commerce


Washington, D.C., 6 February 1996 -- GTE officials say
that the company's new CyberTrust electronic commerce
program will allow companies for the first time to handle
most of the CA (Certification Authority) function by
themselves, by means of secure Web servers. 

At the Comnet press conference, reporters were told that
GTE, a partner of both Mastercard and Visa, will
introduce its new "Virtual CA" capability for Webmasters
in conjunction with a trio of related services.

The four new services from GTE are aimed at financial  
institutions, online merchants, and government agencies,
as well as at the corporate and consumer markets, said
Charles S. Walton, Jr., CyberTrust's program director,
speaking at the Comnet press event. 

One component of CyberTrust, called the Electronic
Commerce Service, will provide an "infrastructure" for
credit card companies using new secure payment standards
for online transactions, Walton added. 

Another new service, the Partner Forum, will provide
online test services and tech support for developers and
integrators in the electronic commerce arena. 

Through GTE's new Cybersign service, GTE will directly
handle the maintenance of public key certificates, as
well as the issuance, renewal, and revocation of these
certificates.

But with Virtual CA, GTE will manage certificate
management only, permitting Webmasters at subscribing
companies to do their own issuance, renewal, and
revocation of certificates.

Walton acknowledged that GTE's new suite of services will
be targeted at the same market now dominated by Verisign.
But the GTE services, he maintained, will be
differentiated on the basis of general "operational
environment," as well as by Virtual CA. 

In a follow-up interview later, Walton said that GTE, a
long-time consultant to Mastercard, began working with
both Mastercard and Visa last November on development of
SET (Secure Electronic Transactions), a new joint
standard for online credit card transactions. 

GTE, he added, hosted both Mastercard and Visa last week
at GTE headquarters in Needham, Massachusetts. Aside from
GTE, Mastercard and Visa, other partners in the SET
effort include Verisign, IBM, Microsoft, Netscape, SAIC,
and Terisa Systems.

GTE had previously helped Mastercard to create the SEPP
standard, according to Walton. GTE's new CyberTrust,
first announced as supporting SEPP, will now support its
"successor," SET, he noted. CyberTrust will also comply
with the SSL protocol for Web security.

During the press event at Comnet, Walton reported that
Cybersign and Virtual CA will implement a "dual card,
split RSA key design," with "strong access controls." The
two systems will use PCMCIA cryptographic hardware token
technology and X.509-certificate-compatible software.

Virtual CA, he continued, will initially be available on
Sun Solaris-based secure Web servers, but will be ported
to Windows NT-based secure Web servers by the end of
1996. End users will be able to access Virtual CA through
Netscape browsers.

The Web server-based service will introduce "verification
at the server level, which is really where you want it to
be," asserted the GTE official. 

On-site Webmasters are in a particularly good position to
confirm that users "are who they say they are," the
journalists were told. 

As a result, Virtual CA will use a technique called "pre-
verification," in which the Webmaster, or RA
(Registration Authority), will validate and approve
users' certificate requests before the requests go to
CyberTrust. CyberTrust will then return a certificate for
the end user, in the form of an algorithm, either direct
to the end user or through the RA.

Companies subscribing to Virtual CA will receive custom
home pages for certificate data entry, and for issuing,
renewing, and revoking certificates, Walton said. 

The CyberTrust program director said that the  
special PCMCIA hardware will be used at the "CA level"
only, and will not be required by either end users or
Webmasters.

No "actual cards" will be issued to, or needed by either
group, he added. GTE plans to begin offering both Virtual
CA and Cybersign in the second quarter.

--







Thread