nd arrange the access privileges of the staff to ensure that information is properly restricted. The certificates would control access and allow the archive to ensure that requests are authentic.
IBM plans to offer this technology on a larger scale to the public by renting space on Big Blue's servers. The company plans to run the software in two different geographical locations in order to defend against any physical damage and to ensure that the data is always available if a network connection drops. IBM even uses the term "hardened" to describe the security around the computer as if it were a nuclear missile silo.
GTE's CyberTrust.
This is the system that MasterCard chose to maintain the top level in its Secure Electronic Transactions (SET) system. Banks with credit card divisions that want to support Maste
rCard's SET system will get certificates from GTE. And individual banks that want to maintain their customers' certificate authority can license SETSign from GTE.
GTE also plans to help corporations maintain their own certificate infrastructures. CyberSign will serve all the functions on a local corporate machine. If you don't want the problems and security implications of running it locally, you can contract out with GTE. VirtualCA will do the work remotely.
Nortel's Entrust.
One of the most established products on the market is the Nortel Entrust encryption, certificate, and signature system. (See "Don't Lose Your Crypto Keys," May 1996 BYTE.) The Entrust central database issues two public-key pairs to each person. One, used for signatures, is longer to add more security. The other, for encrypting messages, is somewhat shorter because it's more likely to be changed. Entrust also distributes an API that would allow companies to develop custom applications that run on their local sy
stems.
Certificate Systems
