The solutions take advantage of technology from Microsoft, code-named “InfoCard,” the Microsoft Internet Explorer 7 browser, as well as VeriSign Secured Sockets Layer (SSL) certificates and the newly launched VeriSign Identity Protection (VIP) to protect consumers and Web site owners against phishing, pharming and other forms of online identity theft. The complementary technologies allow both the destination site and the consumer to easily and positively identify each other.
“With the damage of malicious online activities continuing to rise, new and creative technologies and approaches are needed to stem the tide,” said Nico Popp, vice president, Authentication Services, VeriSign Security Services. “VeriSign is working on a solution that marries Microsoft technology with our intelligent network infrastructure to create a solution to identity theft and make the Internet more secure, more trusted and safer for all of us.”
To help end-users clearly differentiate between a legitimate and spoofed Web site, Microsoft’s IE7 browser and “InfoCard” technology will use VeriSign’s “Enhanced Validation” SSL certificates to provide clear and un- spoofable visual feedback about the sites’ authenticity.
Only organizations that pass VeriSign’s rigorous authentication process will be issued “Enhanced Validation” SSL Certificates for their Web sites. When a consumer visits such a site, the IE7 address bar turns green and shows the name of the organization owning the certificate and the identity of the Certificate Authority, such as VeriSign, in the browser’s interface.
Providers or financial institutions will be able to strongly identify a user with the integration of Microsoft “InfoCard” technology with the VIP network. This integration will form the next generation of solutions for securely authenticating users, utilizing built-in Windows functionality that allows consumers to link any type of strong authentication device to their “InfoCard” and present it as an identity card to any VIP-enabled website.
“InfoCard” is a Microsoft technology that simplifies and improves the safety of accessing resources and sharing personal information on the Internet, and represents a key component of Microsoft’s implementation of an “identity metasystem” — an open, extensible framework based on the Web services WS-* Architecture that spans new and existing platforms and technologies across the industry. With “InfoCard,” consumers can download these credentials from trusted identity providers such as their bank, employer, government agency, or membership organization, or create their own self-issued cards. Moreover, digital identity and related personal information can be more securely stored and managed in a variety of ways, including via the online identity security providers such as VeriSign, which offers a choice of security and portable devices such as USB keychain devices, smart cards, and mobile devices.
“‘InfoCard’ provides customers with the control and flexibility they need to more safely access Internet-based resources,” said Richard Turner, product manager, Web Services Strategy at Microsoft. “This demonstration shows how ‘InfoCard’ can combine the collective strengths of our technology with service partners’ offerings to provide new and unique proactive fraud and identity theft measures.”
VIP is a modern approach to combating digital identity theft targeted at both consumers and online services that enables the use of stronger authentication across multiple Web sites by promoting a shared authentication network approach. With VIP, the same authentication device will work across any network member sites, leveraging a shared infrastructure and enabling everyday devices in consumer hands to become authentication devices.