NEW YORK-As wireless telecommunications heads into the new frontier of electronic commerce,
service providers must answer a question posed by an old British rock song: “I really want to know, who are
you?”
Toronto-based Diversinet Corp. is in business to provide an answer in the form of based digital
certificate management tools and public-key infrastructure (PKI) technology.
“I have only one signature, so it
is important to have one certificate to authenticate me, regardless of the device. PKI is the infrastructure for managing
digital certificates,” said Nagy Moustafa, Diversinet president and chief executive officer.
The Internet is a
public network. Consequently, even if data is secured at the sending and receiving points, it is an easy read for all
prying eyes as it travels through cyberspace, much like whatever is written on a postcard.
Diversinet claims to be
the only company today that offers “anonymous” digital certificates, which present only essential
credentials. They function the way credit cards do, allowing verification at the point of sale without releasing other
personal identification information. This feature ensures privacy when a certificate holder buys goods and services
electronically or transmits messages via wireless telecommunications devices.
“It’s like a sealed envelope that
doesn’t care about the contents,” Moustafa said.
“(Diversinet’s) technology allows the telco to provide
the envelope and the application developer, the contents. It needs to be at this level to avoid the need for multiple I.D.
cards.”
Diversinet’s technology also operates independent of the individual encryption algorithms employed
by various countries, he said.
The publicly traded company, with a market capitalization of about $60 million, has
targeted wireless communications as the business segment for half its future sales, Moustafa said. The smart card and
cable TV industries are its other target markets.
During the last two months, the 4-year-old Diversinet reached three
milestones. It received a U.S. patent for its public key infrastructure technology, which it said, “obtains and
verifies the validity of certificates through a single-step process, providing unparalleled efficiency and simplicity in e-
commerce applications and other bandwidth-constrained environments.”
The patent award permits Diversinet
greater flexibility in licensing arrangements, Moustafa said. One of the company’s goals is to license its technology to
network infrastructure providers, like Ericsson Inc. and Lucent Technologies Inc., he added.
At about the same time
as the patent grant was made public, Diversinet also announced a licensing agreement with Research in Motion Ltd.,
Waterloo, Ontario.
Under the agreement, Diversinet will supply its Passport Certificate Server digital certificate
authentication technology, combined with advanced data security technology from Certicom Corp., for the RIM
Inter@ctive Pager. The pager operates on the Cantel AT&T wireless data network in Canada and the BellSouth
Intelligent Wireless Network in the United States.
Toronto-based Certicom, in which Motorola Inc. holds a small
stake, is providing its Elliptic Curve Cryptography, which requires less computing power than standard cryptographic
methods.
Digital certificates are based on “public key cryptography,” which matches the public key, an
identifier that serves like a listed telephone number, with the private key, which possesses more detailed personal
identification information about an individual.
“It’s like a safe deposit box with matched key pairs, one from
the depositor and one from the banker,” Moustafa said.
Additionally, Diversinet announced in February the
availability of the beta version of its Passport Permit Server 2.0, a system to allow companies to attach various kinds of
authorized uses to holders of digital certificates.
“Designed to operate in much the same way as a visa acts in
conjunction with a passport, the Passport Permit Server grants privileges to the holder of a digital certificate … enabling
companies to authenticate and authorize clients to access services and resources over corporate networks, wireless
devices and the Internet,” Diversinet said.