US Bancorp teams up with VeriSign on banking security

[R.A. Hettinga]

>The bank will use VeriSign's Unified Authentication service to validate
>and secure interactions with commercial banking customers, providing them
>with a secure USB token that they must use when accessing services online.


>Those tokens will hold a digital certificate that identifies the bearer
>and will need to be inserted into machines before accessing web-based
>commercial banking applications, Lin said.



<http://www.computerweekly.com/print/ArticlePrinterPage.asp?liArtID=134593&liFlavourID=1>


Printed from ComputerWeekly.com

Technology: Security Products
Wednesday 27 October 2004
US Bancorp teams up with VeriSign on banking security
US Bancorp will use a hardware-token based authentication service from
VeriSign to secure access to commercial banking services for its customers.

The bank will use VeriSign's Unified Authentication service to validate and
secure interactions with commercial banking customers, providing them with
a secure USB token that they must use when accessing services online.

The deal is just the latest evidence of renewed interest in so-called
"multifactor" authentication within the banking industry, which is
struggling with an epidemic of sophisticated online identity theft scams,
according to Judy Lin, executive vice-president for VeriSign's security
services.

As part of the programme, US Bancorp will make VeriSign security tokens
available to more than 10,000 commercial banking customers. Those tokens
will hold a digital certificate that identifies the bearer and will need to
be inserted into machines before accessing web-based commercial banking
applications, Lin said.

The Unified Authentication service combines VeriSign-branded eToken USB
authentication devices from Aladdin Knowledge Systems with a managed
validation service that runs on VeriSign's infrastructure.

It also includes software modules that plug into a bank's existing back-end
infrastructure. Banks can also choose to operate their own validation
server as part of the service, Lin said.

At US Bancorp, the authentication service will be integrated with existing
user directory and identity management technology, validating interactions
between the bank and its customers. A server operated by VeriSign will
handle token validation, but no customer information will leave US
Bancorp's network in the process, she said.

VeriSign launched the Unified Authentication service in September as an
extension of its Intelligence and ControlSM Services, which offer
businesses network security information and tools.

User login and permission information resides in the customer's user
directory, but is linked to a unique serial number for a secure token or
other authentication device stored on a VeriSign server. Login requests by
users will be passed to the VeriSign server, where a stored algorithm will
validate that the serial number of the secure token or the one-time
password is valid for the user requesting access, VeriSign said.

US Bancorp  is the eighth largest bank in the US.

The bank is looking into a similar programme for its consumer banking
customers, although such a service would likely forgo use of USB hardware
tokens, which can cost $20 or more each. Instead, inexpensive solutions
such as plastic cards with lists of single-use passwords could be employed,
she said. 

Paul Roberts writes for IDG News Service


© 2004 ComputerWeekly.com Ltd. All rights reserved



-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com