IBM seeks to boost use of digital certificates by banks

IBM is hoping to encourage banks to make more use of digital certificates through a tie-up with trusted identity company Identrus, Big Blue announced Wednesday. Identrus has certified version 1.5 and higher of IBM's z/OS mainframe operating system so that users of the software can act as their own digital certificate authorities, eliminating potentially costly middleman certifiers, according to an IBM executive.

The deal draws on previously unexploited embedded PKI (public key infrastructure) capabilities of IBM's z/OS software. IBM first included PKI in release 1.3 of z/OS back in March 2002, but Wednesday's announcement marks the first time the operating system has received the seal of approval of a certification authority.

"Setting up PKI infrastructure is nontrivial, " said June Felix, general manager, IBM Global Banking. "We heard our clients say that it's important to make PKI as easy and as pervasive as possible." Enabling the secure transfer of financial information is becoming ever more crucial as the number of hacker attacks increases, she added. In addition to using digital certificates to verify partners' identities, some financial institutions are employing the technology internally as a way to confirm that they are indeed communicating with what they believe are parts of their own networks, according to Felix.

Charles King, principal analyst with Pund-IT Research of Hayward, California, sees IBM's relationship with Identrus as a way for Big Blue to drum up more business in the banking arena. "IBM's mainframe solutions own about two-thirds of the financial institutions" with its eServer zSeries mainframes running z/OS, he said. "This is a nice enhancement allowing IBM to go to the one third [of banks] it doesn't work with to offer them an operating system-based feature that obviates the need to work with third-party groups."

Identrus was established in 1999 by a group of global banks including Citibank NA, Wells Fargo & Co., and the Royal Bank of Scotland. To date, the privately held company has sixty-plus banks acting as Identrus Certificate Authorities, facilitating millions of transactions in over 166 countries. While these Identrus members have tended to be the largest worldwide financial institutions, Felix expects an increasing number of smaller banks to also deploy PKI and digital certificates. She pointed to the Swift network which is adopting PKI as a common protocol to be embedded into the systems of all of the 7,000 banks it supplies with software over the next three years.

IBM's news builds on earlier mainframe security announcements from the company, with more to come this summer, according to Felix, most likely in relation to identity and fraud management, she said. The company is also hoping to transition the technology to non-financial users, notably pharmaceutical companies and biotechs, Felix added.