The American Institute of Certified Public Accountants (AICPA) announced today that Entrust.net Inc., a provider of trust solutions and digital certificates over the Internet and Web services subsidiary of Entrust Technologies Inc., has become the first Certification Authority in the world to meet the standards of and qualify for a WebTrust for Certification Authorities (CAs) Seal of Assurance. The WebTrust for Certification Authorities program includes standards for the issuance of digital certificates so users of these certificates can feel confident that the certificate is valid, credible and trustworthy. These standards are designed to increase confidence in the security of the public key infrastructure (PKI) used by Certification Authorities.
As the number of organizations providing digital certificates over the Internet grows steadily, so does the uncertainty as to who the issuer is and whether or not the issuer can be trusted, said Anthony Pugliese, vice president of Member Innovation at the AICPA. A trusted third party able to verify that a Certification Authority is legitimate, reliable and has the proper security controls in place is absolutely critical. WebTrust for Certification Authorities provides this independent verification, building trust and confidence among users of digital certificates issued by a CA. Through WebTrust for CAs, a certification authority such as Entrust.net can demonstrate to its customers that its digital certificates are trustworthy and legitimate.
Entrust.net's business practices, controls and procedures were independently reviewed for compliance with the WebTrust for CAs standards by the professional services firm of Deloitte & Touche LLP.
According to the Aberdeen Group, a Boston-based research firm, the number of global companies using digital certificates will surge from 30 percent in 2001 to 98 percent by 2003. Equally important, on Oct. 1, 2000, the Electronic Signatures in Global and National Commerce Act, or E-Sign, went into effect, giving electronic signatures the same legal standing as their paper-and-pen counterparts. Both the widespread use of digital certificates and the expected exponential growth in use of electronic signatures are expected to increase the demand among users for independent verification of the organizations that issue them.
In obtaining the WebTrust Seal, Entrust.net Inc. has clearly set the standard and raised the bar for other Certification Authorities, said Bruce Barrick, Deloitte & Touche enterprise risk services partner. Deloitte & Touche is extremely pleased to have worked with Entrust.net Inc. to help them not only become the first CA in the world to be approved to the WebTrust for Certification Authorities Standard, but to help promulgate a set of standards for e-commerce.
Compliance with the WebTrust of Certification Authorities standards confirms that the CA maintains effective controls to provide reasonable assurance that subscriber and relying party information is properly authenticated, restricted to authorized individuals and protected from uses not related to the CA's business; the continuity of key and certificate life cycle management operations is maintained; and CA systems development, maintenance and operation are properly authorized and performed to maintain CA systems integrity.