As the grab for digital security real estate intensifies, certification authorities are queuing up to partner with Australia Post (AP) in their push to generate consumer confidence in digital certificates.
eSign has become the second certification authority to sign up Australia Post's KeyPOST authentication service as its registration authority. In the same way as AP does it for passport applicants, KeyPOST will carry out face-to-face authentication of buyers of eSign digital certificates at any post office branch, starting at the end of this month.
After selling its certification authority service to Secure Network Solutions last year, AP has positioned itself in the digital certificate arena "as an independent and impartial organisation," according to Roger Lee, product manager for KeyPOST.
"The certification authority wasn't using our strengths," he said. "KeyPOST is positioning itself to take advantage of the business forecast to take place in the near future."
Authenticating buyers of digital certificates is a key part of the PKI (Public Key Infrastructure) system.
"As the PKI market matures, a registration authority with integrity is needed," Lee said, "and certification authorities don't have the infrastructure to service that need".
The organisation has to confirm the identity of the person buying a digital certificate, which is then countersigned, and endorsed by the certification authority, and issued to that person.
PKI is putting in place an infrastructure-all the behind-the-scenes elements-so that people will rely on digital certificates as a way of doing business people can trust. Much in the same way people have confidence when applying for and using an American Express card today, Lee said.
According to Lee, the role fits well with Post's position in the marketplace.
"We already certify passports and bank accounts," he said. "Post believes it has an opportunity as a registration authority as a trusted third party for businesses and individuals.
"We're talking with most major certification authorities who are positioning themselves to play a roll and compete in the emerging PKI marketplace," Lee said. "In the next few months we'll be acting for a number of other certification authorities. Ultimately there may be 10 or 15 players in the market," he said.
According to Iain Waters, technology director at eSign, the strength of AP is that it has the largest infrastructure of face-to-face branches and it is a "non-threatening" environment.
A person wanting to purchase a digital certificate will have three grades of security from one to three, Waters explained. Level one is the basic level, level two is the equivalent of a bank account, according to Waters, and three is for high value transactions, involving proof of ID such as a passport, proof of residence and employment.
The digital certificate will need to be periodically renewed as people's circumstances, such as contact details, change, Waters said.
For security, the digital certificate will need to reside on a floppy disk or smart card. eSign will make smart cards, and smart-card readers, available with their certificates, Waters said.
The market is predominantly focused on corporates at the moment, according to Waters. At the moment they are being used for high value transactions, but the Australia Post agreement extrapolates this back into the community, he said.
Lee agrees. At the shopfront, most of the business is coming through organisational and industry groups he calls "closed hierarchies"-between people who already have a relationship. "These closed models are the first part of the market to use digital certificates," he said.
Both Australia Post and eSign are working towards "Gatekeeper" accreditation status by the Australian government. Lee believes Gatekeeper will become the industry standard.
"It is the original government standard, and there are no others at this stage," he said.
The accreditation is some months away yet, "but we will probably be the only registration authority with this status," he said.
