New developments in digital-certificate technology may arm netizens with the electronic tools they need to ensure that they are indeed who they claim to be.
This week VeriSign expanded the scope of its digital-ID services, an enhanced signature that allows users to develop identities that reflect their preferences and needs as they engage in various online activities, including shopping and banking.
The company also added NetSure Protection Plan, a liability scheme backed by the US Fidelity and Guaranty that will cover up to US$25,000 in damages resulting from "economic loss due to theft, impersonation, corruption, or loss of use."
"IDs are secure containers that can hold any type of information, with the benefit that it has been verified by procedures of authority," said Greg Smirin, group product manager at VeriSign.
The need for multiple electronic IDs reflects the growing demand upon industries such as banking and shopping to ensure users that sensitive information about them, including credit card and account numbers, is secure and doesn't wind up in the wrong hands when they sign on to a service. By tying account numbers and other individual information into a digital signature, VeriSign hopes to allay these concerns.
In addition, the company sees the expanded identity signature serving another purpose: a user-controlled proxy that would allow various sites to learn about a user's preferences. For example, a visitor to Amazon.com may hold a signature that identifies an interest in history. Upon reading the signature, Amazon.com, which would have a copy of a public key for the visitor, would take the person to the history section of the site.
Eventually, VeriSign's technology could lead to people holding several electronic IDs with information pertaining to various interests - one for financial services, one for health care, and one for network access rights. The company also intends the expansion to include data fields for basic personal information, such as age, gender, ZIP code, and nationality.
To read the ID, a Web site will need a VeriSign reader, possession of which will mean that the business has disclosed to VeriSign its intent for the use of the data.
Between the IDs and the reader requirements, VeriSign may be providing the answer to cookies. This could also be a boon for businesses themselves as users will have the comfort of knowing that a Web site represents a legitimate business and is not a spoof or a fraudulent operation.
And this is welcome news for businesses, said Susan Scott, executive director of eTrust, a nonprofit group which registers Web sites with logos that tell consumers what personal information will be collected and where it will be used.
"Businesses should realize that it's in their best interest to disclose what they do with information they collect," Scott said.
