CertCo Leverages Utah Digital Signature Deal

When Utah Gov. Mike Leavitt signed a proclamation with the state's first official electronic signature last November, it symbolized the coming together of years of work to establish a legal and technical framework for electronic commerce in the state. But for New York City-based CertCo LLC, a partner in the effort, it also represented a first stake in opening up the state market for its brand of electronic financial services.

The company, formed in a December 1996 spin-off from megabank Banker's Trust, specializes in technology and services that enable financial institutions to build the infrastructure for secure EC. Under a deal valued at close to $50,000, CertCo worked with Utah-based Digital Signature Trust, a state-licensed digital signature certification authority, to create a public-key infrastructure for the state.

DST will use CertCo technology to issue and manage accreditation "certificates" on behalf of the state. "It boils down to a license," said Allen Asay, legal counsel and vice president of business policy for CertCo., referring to the system of electronic handoffs that ensure the trustworthiness of a transaction. To protect the integrity of those "licenses," CertCo makes use of a split-key cryptographic technique called distributed Multi-Step Signing.

CertCo is hoping to leverage work done in Utah among other states that are working to create a public-key infrastructure (PKI) for EC. That requires experience in a diverse set of disciplines-including cryptography, risk management, law and technology — which tend to converge in the financial arena.

"Banks and financial institutions are becoming crucial to PKI efforts," said Charles Walton Jr., a CertCo senior vice president who predicted that the financial community will bridge the gaps in the nation's scattered EC efforts. "The various digital signature policies that have been enacted to date have been contradictory in some minor ways and in some major ways," he said. "It seems quite difficult to see them merged, aside from a scenario in which the banking community begins to decide some of the rules for broad-based use."