Diversinet Enters E-Security

Diversinet Corp. announced Tuesday at the 1998 RSA Conference, the premier international cryptography event of the year, its plans to launch an all-new product line as the company changes its strategic direction to offer ground-breaking technology for secure electronic commerce-enabling servers.

Diversinet’s technology will provide businesses with efficient and versatile turnkey security solutions for Intranet, Extranet and Internet applications. Compared to the more cumbersome products available on the market today, a Diversinet-enabled system is much more scalable. It can service several hundred users or several million users, without frustrating lag times.

“The key advantage of the Diversinet technology is its simplicity,” said Dr. Taher Elgamal, Chief Scientist for Netscape Communications Corp. “It is a flexible, effective and efficient security solution for e-commerce applications,” added Dr. Elgamal, who also serves on Diversinet’s board of directors.

Complete anonymity and security

Diversinet’s certification server, the company’s core product, issues on-demand `D-certificates’ and distributes public keys in an anonymous and trusted manner. Unlike current systems where the certificates include additional personal information that is irrelevant to the user’s need for access to the system (e.g. name, address, phone number), D-certificates only carry the user’s alpha-numerical ID. This reduces process time and the amount of memory required to store the certificate, making it more efficient and significantly less expensive to encode on a smart card. Diversinet products can be either software-based or can use hardware smart cards for authenticating users.

There is also no need for a revocation process since the owner of the certificate controls the certificate public key. The certification server distributes the certificate but does not attest to any knowledge of the owner.

The certification server, which is scheduled for release in May, will include client software to retrieve, store and maintain D-certificates as well as a toolkit to allow developers to use D-certificates within their applications. The product will include a “light authentication” system that will allow companies to simply integrate the certification process into existing and/or new systems.

Streamlined authorization process

Diversinet’s authorization server works with the certificate server to increase the security of applications by enabling them to determine the level of permitted access for any user. Unlike other authorization servers, the Diversinet product will allow access to users without prior setup within the applications. The authorization server utilizes D-permits – portable credentials that are carried by the users and presented when needed, eliminating the need for an application database. The authorization servers will be available in the third quarter of this year.

“Diversinet is poised to revolutionize the burgeoning e-commerce security market with its flexible, efficient, and effective products,” said Nagy Moustafa, President and Chief Executive Officer of Diversinet Corp. “Our patented authorization and authentication technology positions Diversinet to be an industry leader.”

“Diversinet is working with OEMs to license the technology for future product development so that it becomes a standard for secure, corporate e-commerce solutions”, Moustafa added.

About the company

Diversinet Corp., (), is a developer of products based on public-key infrastructures (PKI) and technologies required for corporate networks, Intranets and electronic commerce on the Internet. The Toronto, Canada based-company’s proprietary PKI technology offers customers ease of use, as well as efficient and flexible implementation for a variety of diverse security authentication applications.

Details

Security Dynamics & Schlumberger Partner

Security Dynamics Technologies, Inc. and Schlumberger Limited announced a partnership whereby Security Dynamics plans to use Schlumberger technology to provide SecurID(R) smart cards as part of its new SecurSight product portfolio announced yesterday.  The addition of smart cards to Security Dynamics’ family of SecurID solutions is designed to provide customers with additional choices for implementing strong user authentication in enterprise security solutions.

Security Dynamics is adding Schlumberger’s RSA cryptographic smart cards to its existing line of SecurID authentication devices, including hardware tokens and SoftID(R) software tokens.  As part of its SecurSight product roadmap, Security Dynamics is providing customers with a migration path that outlines the opportunities and transition issues for companies looking to implement next-generation security technologies, such as public key and digital certificate technology.   To protect customers’ existing security investments, SecurSight solutions will work with both SecurID tokens and smart cards.  Additionally, SecurSight will support Security Dynamics’ traditional time-synchronous authentication method as well as public-key authentication simultaneously.

“As digital certificate technology and smart card readers become more prevalent, smart cards will become an alternative form factor for customers implementing user authentication,” said Dave Power, senior vice president of marketing and corporate development at Security Dynamics.  “Through its partnership with Schlumberger, Security Dynamics plans to deliver a broader range of options for its smart card customers who want to deliver information to their users anytime, anywhere, securely.”

“Public Key Infrastructure is recognized by the IT community as the cornerstone of future network security, and smart cards are a natural multi- application token for large scale deployments,” said Lou Bisasky, general manager of Schlumberger Smart Cards North America. “We are pleased and excited to work with Security Dynamics, a pioneer and a leader in network security solutions.  Together, we plan to deliver to our mutual customers higher utilities thanks to the combination of Public Key and smart card technologies.”

The partnership between the companies is designed to allow Security Dynamics’ customers to leverage Schlumberger’s leading portfolio of smart card technology and applications, worldwide manufacturing and distribution channels.  Conversely, Schlumberger’s Corporate Campus customers will have the opportunity to migrate to enterprise security solutions offered by Security Dynamics’ SecurSight solutions.

Schlumberger was first to introduce state-of-the-art 1024-bits RSA crypto smart cards required for public key operations such as dynamic two-factor user authentication or document and message signing.  Schlumberger’s cryptocards are integrated as plug-ins in such solutions as Microsoft’s Internet Explorer and Netscape’s Navigator and Communicator browsers.  Schlumberger is also the leading provider of smart card-based multi-application campus cards particularly targeted at Corporate Campuses.  Schlumberger’s cards are designed from open systems and industry standards, such as the RSA crypto- algorithm, the PKCS#11 specification and the PCSC specification.

About Schlumberger

Schlumberger Electronic Transactions offers a flexible portfolio of smart card-based solutions for businesses and communities of all kinds.  The company provides cards, terminals, development tools and support in open configurations for operators, developers, integrators and distributors worldwide.  Under the Smart Village brand, the Schlumberger product offering includes the milestone Cyberflex card, the industry’s first Java-based smart card.

The Electronic Transactions group employs over 5,000 people and operates 45 facilities. Among dedicated facilities in 34 countries, the group has nine research and development centers strategically located in Europe, Asia and North America.  Schlumberger Electronic Transactions is a business segment of Schlumberger Limited, a $9 billion global technology service company providing oilfield services, natural resource management, transactions-based technology and associated systems, and semiconductor test equipment.  More information can be found at .

About Security Dynamics

Security Dynamics Technologies, Inc. is the leading provider of enterprise network and data security solutions that help companies conduct business securely, protect corporate information assets and facilitate business-to- business electronic commerce.  With more than two million users of its SecurID authentication technology, Security Dynamics is the world leader in two-factor user identification and authentication.  RSA Data Security, Inc., a wholly owned subsidiary of Security Dynamics, is a leading supplier of software components that secure electronic data, with more than 300 million of copies of RSA encryption and authentication technologies installed worldwide.  RSA technologies are part of existing and proposed standards for the Internet and World Wide Web, ISO, ITU-T, ANSI, IEEE, and business, financial and electronic commerce networks around the globe.  Security Dynamics and RSA can be found on the World Wide Web at and , respectively.

This press release contains forward-looking statements relating to the planned introduction by Security Dynamics of SecurID smart cards incorporating Schlumberger technology, and such statements involve a number of risks and uncertainties.  Among the important factors that could cause actual results to differ materially from those indicated by such forward-looking statements are delays in product development, undetected software errors or bugs, competitive pressures, market acceptance of Security Dynamics’ SecurSight products and Public Key and smart card technologies, technical difficulties, changes in customer requirements, government regulations, general economic conditions, and the risk factors detailed from time to time in Security Dynamics’ periodic reports and registration statements filed with the Securities and Exchange Commission, including without limitation Security Dynamics’ Registration Statement on Form S-3, as amended (File No. 333-35035), filed on September 5, 1997.

Details

Flat Fleet

Fleet Financial Group’s fourth quarter was essentially flat compared to the third quarter according to Bankcard Update/CardData. Fleet’s receivables grew a mere $42.2 million and its credit card customer base increased slightly less than 8,000 accounts. The issuer is in the process of absorbing the Advanta portfolio and installing a new card czar.

               FLEET FINANCIAL FOURTH QUARTER 1997 STATS (12-31-97)
          RECV      Q-VOL     YTD-VOL   ACCTS     ACTVS     CIF
Fleet     $2.7b     $1.0b     $3.4b     2.3m      1.4m      N-R
     recv-receivables; vol-volume; accts-accounts; actvs-actives;
cif-cards-in-force
     Source CardWeb, Inc.’s Bankcard Update/CardData

Details

ValiCert Service Global Pilot

ValiCert, a company delivering encryption technology and services for assuring the validity of digital certificates, today announced it has expanded its global field trials of the ValiCert Service with several leading digital certificate product partners.  The ValiCert Service — a unique service which provides an intelligent clearinghouse for checking the validity of digital certificates — will now be supported by Baltimore Technologies, Entegrity Solutions, Entrust Technologies, GTE CyberTrust, and Xcert International, Inc. Initial field trials for the ValiCert Service were announced in late 1997 with international CAs Belsign (Europe) and Thawte (South Africa/USA).

The field trials are now being opened up to organizations worldwide as a unique opportunity for application developers, enterprises deploying a public key infrastructure, and users of certificate-enabled applications and services to test certificate validation in a real-world setting using the first available global validation service.  The trial will be capable of managing an average transaction rate of more than 30 million certificate validation requests per day.  For more information about the ValiCert field trial, see .

ValiCert’s global field trial validates digital certificates using live data by aggregating an array of Certificate Revocation List (CRL) data from ValiCert’s CA service and product partners.  The CA service partners feed all live data from their CRLs into the ValiCert Service in order to provide scalable validation services that assure the validity of their customers’ certificates across the global Internet, intranets and extranets.  The service partners who also market CA products can now incorporate the ValiCert Service Plug-in which will give their customers the option to participate in the ValiCert Service for communicating and conducting commerce across the Internet and enterprise intranets.

Expanded Field Trial Partnerships

ValiCert’s newest partners in the field trials include global leaders in products and services for encrypted communications and Internet commerce infrastructure.  “We are very pleased with the success so far of our ValiCert service and the high interest level in the field trials,” said Chini Krishnan, chairman and chief technology officer of ValiCert.  “Our expanded partnerships with the industry’s premier partners is an indication of our commitment to work with the top organizations who are focused on meeting the information security needs for today’s electronic environment.”

Baltimore Technologies is a global leader in the provision of cryptographic software solutions securing electronic commerce and Internet business.  From their headquarters in Dublin, Baltimore Technologies operate the EuroTrust Trusted Third Party (TTP) infrastructure for electronic commerce throughout the EU.

“Baltimore Technologies are excited about integrating ValiCert’s products into our UniCERT Certification Authority system,” commented Fran Rooney, CEO of Baltimore Technologies.  “The inclusion of ValiCert’s products allows our customers worldwide to perform truly secure cross-realm validation for electronic commerce.”

Entegrity Solutions is the leading provider of a Public Key Infrastructure (PKI) Security Development Platform (SDP) to rapidly deploy secure applications.  “Supporting ValiCert’s validation services in our Security Development Platform and Certificate Authority enables our customers to have access to a higher performance global validation service,” said John Weinschenk, vice president of marketing, Entegrity Solutions.  “We believe that a global validation service will also play a key role in Certificate Authority interoperability and assurance in the global Public Key Infrastructure.”

Entrust Technologies is a leading provider of Certification Authority (CA) and public-key management products for both Internet and intranet applications.  “There’s no doubt that certificate validation is an important value-added service for electronic commerce,” said Brian O’Higgins, chief technology officer, Entrust Technologies.  “Entrust provides an open platform that allows third parties and customers to provide additional certificate validation processes or technologies that are appropriate for business processes.  We will support ValiCert’s product and service development in this area.”

GTE offers a suite of high assurance certification authority products and services for use with public key-enabled security applications.  “GTE CyberTrust is committed to providing customers with the strongest security solutions available.  To accomplish this, GTE is working closely with industry pioneers like ValiCert to ensure that a comprehensive infrastructure is available,” said Tom Carty, vice president of marketing and business development for GTE CyberTrust Solutions Incorporated.  “Certificate validation is a critical component in this infrastructure and GTE is proud to participate in field trials of the ValiCert Service.”

Xcert International provides secure electronic business solutions to the global financial services market.  Xcert technology is based upon an interoperable Public Key Infrastructure that is cryptographically independent. “We believe that ValiCert’s pioneering efforts in certificate validation are an important part of the framework for global expansion of electronic commerce,” said Thomas Nolan, president and CEO of Xcert.  “Xcert is pleased to be a part of this expansion and to help define the infrastructure for secure online commerce.”

The ValiCert Service

The ValiCert Service is a scalable and network efficient system for users, merchants and enterprises that are conducting communications and commerce across the Internet.  The service enables certificate issuers to distribute all revocation data confirming the validity of a digital certificate in a timely, secure manner and to make this data — traditionally associated with unscalable, network-intensive Certificate Revocation Lists — easily available to applications and people that they wish to conduct business with around the world.  It enables any application, server or person accepting certificates, regardless of its source, to be assured of the certificate’s validity.  The ValiCert Service is targeted at enterprises that are conducting broad-based Internet communications and commerce, as well as individuals using public certificate authorities (CAs).

Digital Certificates

Digital certificates are gaining momentum and acceptance for use as electronic credentials for identification (comparable to a driver’s license or employee ID badge), for payment (comparable to a credit card), and for other communications or business transactions conducted over the Internet or corporate intranets.  As with the credit card industry, which developed a way to electronically validate the millions of credit card numbers issued by any bank in the world, the use of digital certificates requires its own clearinghouse network for certificate confirmation, so that individuals and businesses can assure the validity of any certificate.

About ValiCert

ValiCert was established in 1996 by a group of leading cryptographers and executives from the Internet services industry to build a broad validation infrastructure for the net economy.  Utilizing technology based on an innovative cryptographic technique called certificate revocation trees, ValiCert delivers an efficient, scalable and transparent solution for checking the validity of digital certificates in any Internet or intranet transaction. ValiCert is headquartered in Palo Alto, Calif. and is available on the World Wide Web at , or by e-mail at info@valicert.com.v

Details

Citi 98-2 Card Bonds Rated

Citibank Credit Card Master Trust I’s (CCIMT I) $500 million 6.05% class A credit card participation certificates, series 1998-2, are expected to be rated ‘AAA’ by Fitch IBCA.  The corresponding $32 million 6.20% class B certificates are expected to be rated ‘A+’.  In addition, Fitch IBCA expects to affirm its master trust ratings indicating that the issuance of series 1998-2 will not result in a reduction or withdrawal of current ratings assigned to outstanding trust certificates.

The expected ratings reflect the quality of the receivables generated from Visa and MasterCard credit card accounts, the available credit enhancement, the servicing expertise of Citibank (South Dakota), and transaction’s sound legal and financial structures.

Class A’s enhancement, equal to 11% of the total initial invested amount, is derived from a 5% shared cash collateral account (CCA) and the subordination of the 6% class B certificates.  The shared CCA will first support class A then class B, covering losses not paid by excess finance charge collections. Class B’s enhancement, equal to 7% of the total initial invested amount, is derived from a 2% CCA dedicated just to class B, along with the 5% shared CCA.

Credit enhancement levels were determined by stressing portfolio steady state yield and payment rate assumptions to determine the level of defaults the enhancement could sustain.  Class A is able to support a 35% decrease in yield, payment rates dropping in half, and defaults increasing to a level above 30%, and still make full and timely payments to investors.  Class B can sustain a 25% decrease in yield, along with a decline in payment rates by more than 40% and defaults increasing to a level above 25%, while meeting all investor principal and interest obligations.

Class A and B investors will receive the semi-annual interest payments based on the aforementioned respective annual interest rates throughout the revolving and accumulation periods and on the scheduled final payment date. If an early payout occurs, class A and B investors will receive principal on an accelerated schedule, along with monthly interest payments.  Following the variable accumulation period, principal is expected to be paid in January, 2008.

Series 1998-2’s terms contain an accelerated payout feature to protect investors from deteriorating collateral or a servicer default.  If certain triggers are breached, the amounts available in the 5% shared CCA will be drawn upon and immediately distributed to class A investors.  In addition, the 2% CCA dedicated solely to class B will be drawn upon and immediately distributed to class B investors.

Details

Outsourcing Picks Sherman Financial

Outsourcing Solutions Inc. (OSI), the nation’s largest receivables management company, announced that it has selected the Sherman Financial Group, LLC of New York as its exclusive agent for the purchase of distressed consumer debt.

Under the terms of the affiliation, Sherman Financial will manage the acquisition of debt and OSI will purchase and service it, primarily through its Account Portfolios, Inc. division. The firm will purchase consumer debt from a variety of industries, including credit card, health care, student loans, telecommunications and utilities.

Bryan Faliero, OSI Senior Vice President of Portfolio Operations, noted that the joint effort would further expand OSI’s already significant portfolio management capabilities. “Sherman has extensive experience in capital markets and asset acquisition. Its expertise, combined with OSI’s receivables management capabilities, make this affiliation an important part of our continuing growth. Together we will be better able to structure transactions for various types of distressed assets with flexible terms that recognize sellers specific needs,” Faliero said.

Sherman Financial’s managing director, Benjamin Navarro, said that as OSI’s exclusive debt acquisition affiliate it would develop and manage relationships with financial companies nationwide. “Sherman specializes in structuring transactions that address the unique situations faced by sellers of distressed debt,” Navarro said. “Our affiliation with OSI enhances our ability to focus on client needs and offer competitive pricing and superior service.”

OSI was formed in September 1995 by McCown De Leeuw & Co., a private equity firm with offices in New York and Menlo Park, California, to become one of the leading companies in the highly fragmented and rapidly consolidating credit collections industry. In addition to Atlanta-based Account Portfolios, Inc., it has acquired The Continental Alliance, Seattle, a contingent collection agency; A.M. Miller, Minneapolis, a contingent collection agency; Payco American Corp., Milwaukee, a multi-line firm providing contingent collections and outsourcing services to credit grantors in a wide range of industries; Accelerated Bureau of Collections, Englewood, Colorado, a contingent collection agency; and North Shore Agency, Great Neck, New York, one of the largest providers of letter series collection and billing services to direct marketers, utilities and cable companies. OSI also has initiated a tender offer to acquire The Union Corporation, Charleston, South Carolina, which operates collection agencies and provides credit usage and receivables management outsourcing services to major corporations.

Details

AT&T Surge

‘); } else { document.write(“); } //–> AT&T Universal is exiting the card issuing business with an impressive year-end surge. According to fourth quarter portfolio data gathered Monday by Bankcard Update/CardData, Universal’s receivables grew nearly 8% in the fourth quarter to $15.3 billion. For the first three quarters of 1997 AT&T posted a meager 5% YTD increase. Universal also posted a 4% quarterly gain in gross accounts and a 7.5% increase in cards-in-force.

               AT&T UNIVERSAL FOURTH QUARTER 1997 STATS (12-31-97)
          RECV      Q-VOL     YTD-VOL   ACCTS     ACTVS     CIF
AT&T      $15.3b    $8.0b     $27.7b    19.7m     N-R      24.2m
     recv-receivables; vol-volume; accts-accounts; actvs-actives;
cif-cards-in-force
     Source CardWeb, Inc.’s Bankcard Update/CardData

Details

PinnacleSET Expands Security

Hypercom Corp. Monday announced plans to provide hardware-based security engines from Atalla Corp. with Hypercom’s PinnacleSET software.

Hypercom’s Pinnacle suite of Internet electronic commerce software products incorporates software-based security based on the Secure Electronic Transaction (SET) Protocol, the emerging standard spearheaded by Visa and MasterCard.

Hypercom also plans to make available Atalla’s PayMaster/PCI Internet Security Processor. Atalla, at Booth 222, RSA Data Security Conference, is a leading provider of hardware-based security products for private networks, the public networks and the Internet/intranet arena.

Introduced in September by Hypercom, the PinnacleSET suite leverages Hypercom’s client/server software product line, the Pinnacle Transaction Environment. PinnacleSET, built on Release 1.0 of SET, will work with a greater range of payment cards and SET applications than any other SET product now available. PinnacleSET runs on platforms such as Windows NT, Sun Solaris, HP-UX and Tandem NSK.

Hypercom is a leading supplier of point-of-sale (POS) payment systems, enterprise networking solutions and client/server software.

“As electronic commerce grows, security is crucial to establishing and maintaining confidence of all parties involved, including banks, merchants, processors and consumers,” said Ted Cole, vice president, Hypercom’s Pinnacle Software Group.

“This hardware solution significantly increases the performance of encryption operations of SET transactions. As a result, customers can achieve new levels of transaction throughput and speed for financial payments.”

“This step brings together leaders in their respective markets,” said Gary Sabo, vice president, marketing, Atalla Corp. “We are excited about working with Hypercom because of the significant merchant acceptance of its products, worldwide presence, quality of products and commitment to providing customers with the lowest total cost of ownership.”

Atalla PayMaster/PCI Internet Security Processor

Atalla’s PayMaster/PCI Internet Security Processor provides a full onboard crypto-subsystem that fortifies and accelerates all SET security processing. Specialized hardware security engines from Atalla off-load the burden of public-key cryptography from the server CPU and free up additional cycles for the SET payment application.

Atalla products enhance PinnacleSET performance, while also helping safeguard sensitive information such as cryptographic keys using physically secure hardware. In addition, Atalla’s PayMaster/PCI adds robust key management and key typing for SET transactions. These capabilities help eliminate the possibility of keys being used for more than one purpose and minimize the risk of a so-called “backdoor” attack on the system.

Availability

Atalla’s PayMaster/PCI Internet Security Processor will be available with the PinnacleSET software suite by the second quarter of 1998.

The PinnacleSET Suite

Merchants using PinnacleSET client/server software products gain advantages for the use of the Internet for transaction modes such as loyalty, chip card and stored-value applications.

PinnacleSET applications currently include

— PinnacleSET Wallet, which resides on the cardholder’s computer.     The Wallet can carry the logo of banks, financial processors or     merchants, which can provide additional branding and     advertising opportunities.

— PinnacleSET POS, a point-of-sale application linking merchants     to their customers and financial processors for quick, secure,     easy payments.

— PinnacleSET Gateway, a gateway application, which connects the     merchant to the payment processing system for credit card     authorization.

— PinnacleSET CA, a certification authority server, which helps     generate and manage digital ID certificates for secure     electronic financial transactions and digital rights     management.

Atalla Corp.

Atalla (a Tandem Company) brings nearly 25 years of experience securing commerce over private networks to the public networks and the Internet/intranet arena. The company’s products include industry-leading hardware-based security processors for the Internet, intranet and the bank transfer networks, POS/POE (point-of-sale/point-of-entry) credit/debit payment terminals, customer authorization and PIN selection terminals, and secure enrollment products for banking and government applications.

An estimated 70 percent of all ATM transactions in North America (estimated value $1.4 trillion daily) are secured by Atalla’s specialized security processor products. Atalla has headquarters at 2304 Zanker Road, San Jose, Calif. 95131. Phone 408/435-8850.

Hypercom Pinnacle Software

The Hypercom Pinnacle Transaction Environment high-performance, client/server software operates under Microsoft Windows and UNIX. Pinnacle preserves host integrity while providing advanced payment capabilities and value-added services for networks.

Hypercom Corp.

Hypercom Corp. is a leading supplier of point-of-sale (POS) payment systems, enterprise networking solutions and client/server software. Phoenix-based Hypercom sells its products in more than 50 countries worldwide.

Details

MultiCom Signs Greenleaf

Greenleaf Technologies Corp. announced that it has entered into an agreement with MultiCom Services LLC , an Austin, Texas privately held service bureau and call receipt center for product orders.

MultiCom will provide GLFC with a basic, turnkey platform for credit card billing, capturing customer order information and verifying credit card purchases on-line. In addition, MultiCom’s Customer service division will interact with software supplied by GLFC to generate unlock codes to access PC based games initially distributed via the Internet that will be provided to customers upon approval of credit card purchases.

Allan King, president and CEO of MultiCom, stated, “Our initial relationship with Greenleaf will primarily entail building and maintaining customer databases for customer calls and orders. However, we believe that as this strategic relationship grows we will promote, market and incorporate Greenleaf’s proprietary high tech line of products and services to our existing and expanding client base of companies and organizations on behalf of Greenleaf.”

MultiCom Services provides a high quality, comprehensive package of turnkey telecommunications solutions for full customer support for its clients.

GLFC owns three high tech products to be marketed through various strategic relationships CommShield(TM), DIGITREK(TM) and MusiKey(TM), CommShield(TM) provides access protection for telecommunications networks. DIGITREK(TM) encrypts and decrypts information on CDs and DVDs. MusiKey(TM) allows major music distributors to control and secure the electronic distribution of new song titles.

GLFC, which is not presently a “reporting” company, intends to file a registration statement with the Securities and Exchange Commission as soon as practicable following the completion of the company’s audited financials.

For more information, please call Richard Margulies or Eric Low at CMI Public Relations Services Inc., a wholly owned subsidiary of Creative Media International Inc. (OTC BB CTVM), at 732/225-1234; fax 732/225-1230; Email NYCMI@aol.com; or via the Internet [www.CMICNN.com][1].

[1]: http://www.CMICNN.com

Details

Beyond SET

A global consortium of Internet commerce firms released a complete specification for the ‘Open Trading Protocol’ yesterday. The specification has been posted at otp.org for public comment and pilot implementations. The ‘OTP’ standard enables a consistent framework for multiple forms of e-commerce, ensuring an easy-to-use and consistent consumer purchasing experience regardless of the payment instrument or software and hardware product used. The protocol builds on ‘XML’ and supports ‘SET’.

Details

CertAuthority Solution Introduced

CertCo Monday introduced the CertAuthority Solution, a comprehensive, high- assurance Certification Authority product suite consisting of the Root CertAuthority and the Commerce CertAuthority.  A Certification Authority (CA) issues digital certificates that bind identity or other information to an electronic key used to encrypt and sign digital information. By issuing a certificate, the CA confirms the accuracy of the certificate information.

“The business practice driven and cost effective risk management techniques fundamental to the CertCo Root CertAuthority and Commerce CertAuthority will accelerate the availability of digital certification services provided by well established trusted third parties, such as banks and other financial institutions, government agencies, telecommunications providers, and corporations,” said CertCo Chairman, Peter Freund.  “Trust institutions can now build a global  infrastructure which can support high- value secure electronic trading among companies  not previously known to each other.  This opens up opportunities for banks and other trust institutions to profitably offer services valuable to corporations and other organizations.”

According to Jim Bidzos, President of RSA, “RSA is pleased that CertCo has chosen our technology for their high quality product offerings. We applaud their role in enabling electronic commerce for trust institutions.”

The CertCo Root CertAuthority(TM) and Commerce CertAuthority(TM) utilizes hardware-based cryptography and an implementation based upon time-honored banking practices and risk management techniques to effectively manage all levels of a digital certificate trust hierarchy.  A root certification authority plays a central role in a public key infrastructure by certifying other certification authorities.  The CertCo Root CertAuthority(TM) provides trust institutions with the ability to establish the policies and procedures for creating and managing a hierarchy of trusted certification authorities. The CertCo Commerce CertAuthority enables an organization to issue certificates that establish the binding of its trading partners, customers and employees to their electronic identities.  The Commerce CertAuthority(TM) can be used to issue digital certificates for use with web products such as browsers, servers and secure messaging (e.g., S/MIME) applications.

The CertAuthority Solution(TM) employs sophisticated cryptographic solutions for the management of the root key and its certificate, certificate issuance and certificate revocation.  CertCo CertAuthority(TM) utilizes a unique, split-key cryptographic technique which CertCo calls distributed Multi-Step Signing(TM), in which the private key is split into fragments and stored in tamper-evident hardware devices to help protect against the risk of a compromise.  Joint action by a quorum of designated individuals with these fragments is required to approve certificate requests.  The multiple levels of certificate approval built into the CertAuthority(TM) certificate issuance process help ensure that only authorized certificates are issued. CertAuthority(TM) provides flexibility to assign different individuals the responsibility to input, verify, and approve requests.  Organizations adjust the degree of control over the certification practice, creating optimal operational procedures and minimizing the risk of fraudulent certification.

“Secure and efficient electronic commerce will become a reality only when established trust institutions create the same level of trust for electronic transactions that they previously created for paper transactions,” said Charles S. Walton, Jr., CertCo’s Chief Operating Officer.  “Only established trust institutions can do the job as they have the standing, the capital, the risk management and information technology skills the job requires.  CertCo will be providing The CertAuthority Solution(TM) to trust institutions as they transform the Internet arena.”

“The real impediment to electronic commerce is lack of trust,” explained Jay T. Simmons, Senior Vice President at CertCo.  “Existing models for electronic commerce leave transactions vulnerable to fraud, theft, or repudiation.  The CertAuthority(TM) model of business-practice driven certification provides a straightforward way for trusted third parties to provide liability bearing certification services.  Banks and other trust institutions,” Mr. Simmons continued, “are obvious candidates to become those trusted third parties, given their historic fiduciary and risk management roles.”

“The adoption of CertCo’s CertAuthority Solution(TM) by Digital Signature Trust Company, a subsidiary of Zions First National Bank, exemplifies a new model for global electronic commerce in which banks and other trusted third parties become the providers of digital certification services,” Scott Lowry, President of DST commented, “DST has adopted the CertAuthority Solution as it is one of the best solutions there is for managing the trust hierarchy on which electronic commerce must rely.  This is the case because it provides secure split-key technology.”

Selected based upon the security and the flexibility provided, MasterCard and VISA are using the CertCo Root CertAuthority(TM) to establish the global infrastructure for Secure Electronic Transactions (SET).  “The certification authority requirements for our SET infrastructure are among the most demanding in the world of commerce,” said Steve Herz, Senior Vice President for Internet Commerce at Visa International.  “CertCo’s technology was selected because it met these crucial demands and will play a key role in the development and global acceptance of SET.”

“Root CertAuthority offers an ingenious solution to the complex task of managing authentication for multiple brands in an electronic commerce environment,” said Steve Mott, Senior Vice President for Electronic Commerce/New Ventures at MasterCard.  “This technology enables SET to provide a secure infrastructure for the use of credit cards on the Internet, and that sets the stage for explosive growth in that marketplace.”

“HP will implement CertCo’s technology and products as part of our overall strategy to establish a secure network infrastructure for our customers” said Doug McGowan, director of Hewlett Packard’s International Cryptography Framework.  “It is critical to provide a high-level trust model where responsibilities can be geographically distributed — that is what the CertCo solution provides.”

CertCo has also deployed The CertAuthority Solution(TM) for the State of Utah to establish a Public Key Infrastructure (PKI) designed to encourage the use of digital signatures and electronic commerce in both government and business.  The system has been used to license Digital Signature Trust Company (DST), a subsidiary of Zions First National Bank, as the first Certification Authority in Utah.  The first planned use for the Utah PKI is an electronic court filing system for legal documents.  “The provision of digital certification services is a natural and logical extension of our role as a trusted third party for the people of Utah,” said Ken Allen, Digital Signature Coordinator for the Utah Department of Commerce.  “The CertCo solution does not require us to change the way we conduct our business; instead, it enables us to extend existing processes onto the Internet with an extremely high level of confidence.”

About CertCo

CertCo enables banks, corporations and other trust institutions to build a worldwide trust infrastructure to support high-value, secure electronic commerce.  The company combines its experience in cryptography, risk management, law, technology and banking with the expertise of its accomplished management team to deliver secure and cost-effective electronic business solutions.  These business solutions, which include the distribution of risk, enable banks and other trust institutions to open doors to electronic business and to offer profitable services to other organizations.

Established in 1996, CertCo is headquartered in New York City with regional offices in Albuquerque (NM), Cambridge (MA), Salt Lake City (Utah), Washington, DC and has representatives in the United Kingdom.

CertCo, The CertAuthority Solution, CertAuthority, Root CertAuthority, Commerce CertAuthority and Multi-Step Signing are trademarks of CertCo LLC.

All other trademarks are the property of their respective companies.

Details

Digital Sig & Datakey Shake Hands

Digital Signature Trust Company (DST) of Salt Lake City and Minnesota-based Datakey Inc. announced Monday an agreement to provide digital certificates to users of Datakey’s SignaSURE line of information security products.  DST is a provider of digital signature authentication and certification services to business and government.  Datakey develops smart card-enabled electronic information security solutions.  Their SignaSURE product is fully integrated with both Netscape’s and Microsoft’s implementation of secure e-mail (S/MIME) and SSL. SignaSURE is also available for use with Netscape’s recently announced form signing utility.

Under the agreement, DST’s digital certificate service will be available to those SignaSURE users who do not wish to issue their own certificates.  In addition, Digital Signature Trust will include fields in the X.509 certificates which signify that the keys associated with certificates are held in a smart card token.  Therefore users can easily recognize the use of token-based security, and its higher security benefit.  The agreement also covers DST’s use of Datakey’s SignaSURE information security products into their service bureau installations, as well as being made available to DST’s customers.

“Datakey now offers SignaSURE product users several options in obtaining their digital certificates,” said Carl P. Boecher, Datakey’s president and CEO.  “Digital Signature Trust Company offers our customers digital certificates from several technologies to meet their particular user needs. This is a definite advantage to a corporate customer.  In addition, as a single-source supplier, we can bundle digital certificates with our SignaSURE systems.”

Scott Lowry, president of Digital Signature Trust Company, said, “DST is committed to providing Datakey’s customers with the most comprehensive digital certificate solutions available for secure electronic and smart card-based commerce.  We are thrilled to be working closely with Datakey in offering digital certificate solutions to Datakey’s customers, specifically where secure, affordable portability of the private key is a requirement.  And we are looking forward to introducing the SignaSURE smart card solutions to our service bureaus and our customers.”

Datakey’s SignaSURE line includes three end-user products.  SignaSURE CIP adds a cryptographic smart card or smart key to software-only information security systems designed with RSA’s PKCS#11 or Microsoft’s CryptoAPI interfaces.  SignaSURE NC is a Datakey product that bundles the CIP product with Netscape Communicator(R) for secure e-mail and secure file exchange applications.  SignaSURE ESS is an enterprise-wide system solution that includes secure e-mail, secure file exchange, access/read/modify/file privileges, seamless security with office suites and Microsoft Explorer.  It offers enterprise-controlled key backup and a complete public key infrastructure.  All of the SignaSURE products employ public key cryptography and use cryptographic tokens for high, two-factor security.  In the Datakey system solutions, digital certificates are securely stored on the cryptographic token, thereby offering the user the added benefit of credential portability.  SignaSURE allows users to download DST’s digital certificates onto smart cards.

About Digital Signature Trust Company

Digital Signature Trust Company (DST) is a subsidiary of Zions First National Bank under parent company Zions Bancorporation (Nasdaq ZION), which was named the #1 performing bank in the nation by U.S. Banker magazine in 1997.  DST is a premier provider of Secure Electronic Transaction (SET) and Public Key Infrastructure (PKI) technology services.  DST issues, stores and verifies digital certificates, which are used in the digital “signing” of electronic documents and electronic transactions.  DST provides secure certification services, including commercial Certification Authority (CA), service bureau CA and repository services, among others.

As the world’s first licensed CA, DST issues digital certificates with technologies from CertCo, Entrust, GlobeSet, Netscape and Xcert based on the RSA set of algorithms (RSA Data Security Inc. is a subsidiary of Security Dynamics Technologies Inc.).  DST also has the following strategic technology partners  Datakey, SAIC and Surety Technologies.  For more information, call DST at 801-524-8673 or see its Web site at

About Datakey

Datakey Inc. is an international supplier of electronic products and services.  The company provides products, subsystems and systems solutions to record, store and transmit electronic information.  Datakey is developing products and systems directed to the information security market which will enable user identification and authentication, secure data exchange and information validation.  It also provides OEM products consisting of proprietary memory keys, cards and other custom-shaped tokens that serve as a convenient way to carry electronic information and are packaged to survive in portable environments.

Shares of Datakey’s common stock are traded on the Nasdaq/NNM under the symbol DKEY.  Web address is

Details