Ray Van Eng (05/20/97)
Using hardware encryption technology, the CertCo/Spyrus team will use a root private key to generate unique digital signatures that will be "signed onto the top-level MasterCard-branded and Visa-branded digital certificates" which will be embedded into all bank, merchant and cardholder certificates.
The CertCo/Spyrus root key signatures can be relied upon as tokens which signify the ultimate authority. It is a system that can provide a way for auditing. Digital certification is central to the secure electronic transactions (SET) protocol sets forth by Visa, Mastercard and their banking and technology partners.
Obviously, the root private key would be heavily guarded. In reality, the key is actually broken into fragments and pieces of which are being stored by independent parties. Rather than keeping the key in one single location, this distributed approach creates a more secure and lower cost way to ensure that the integrity of the root private key would be preserved.
With the root CA system in place, various other certificate authorities (CAs) would then be able to derive digital certificates to be used by financial institutions, merchants and cardholders as digital IDs to identify themselves during cyber shopping sessions.
So who would these secondary CAs be? Well, generally speaking, any institution that can be trusted can qualify. They will include banks, government agencies such as the post office, and other well established and 'trusted' commercial enterprises such as GTE Corp., Verisign Inc., etc. And really, there is no shortage of companies or entities ogling the opportunities in this area of the burgeoning e-commerce market.
This latest move from Visa & Mastercard can be regarded as laying the tarmac runway that will finally set Internet shopping off the ground. American Express, Japan's JCB, and Novus, issuer of the Discover cards have all concurred to the appointment of CertCo and Spyrus as root agents.
Visa has indicated that a SET service mark or logo will be unveiled in August for software developers to incorporate into their products.
It was more than 15 months ago when we first reported that the SET protocol was being formulated. At that time, it was widely believed that the standard and infrastructure would be in place in time for the '96 Christmas shopping season. Now, it looks like that it will be running a year late.
Well, it is better late than never.
© Copyright Ray Van Eng 1997 - 1999. All Rights Reserved.