London 24 April 2007: Det Norske Veritas (DNV) is launching its new Validation Authority solution at Infosecurity ’07. This solution provides a single independent trust anchor which enables organizations to conduct electronic business securely with any party, even where no previous business relations already exist with that party, thus enabling organizations to establish real trust in e-business transactions.
Building on its 140 year role as an independent trusted third party, providing qualitative and quantitative assessments for a wide variety of business processes, products and services, DNV has taken the lead in offering a globally applicable signature verification and certificate validation service.
“DNV’s Validation Authority takes a radically new approach,” says Jahn Henry Løvaas, Business Development Director in DNV, “providing clients with ‘One-stop-shopping’ for validation of digital certificates and verification of digital signatures: One point of trust, one agreement, one point of billing, one technical integration and one point of communication.”
The real challenge in the accelerating drive towards international e-business is to establish trust between the communicating parties, and how that trust can be readily and securely extended beyond the boundaries of their own trusted community. Public key cryptography used with a PKI (Public Key Infrastructure) can meet this challenge. However, it is required that interoperability can be established between the various PKI domains as represented by a large number of Certificate Authorities (CAs).
Rather than trying to solve interoperability through trust structures amongst CAs, DNV introduces an independent Validation Authority (VA). The idea of a VA is not new, but in DNV’s approach, the VA replaces the CAs as the trust anchor for the client (the Relying Party), as opposed to present PKI theory and practice, where only a CA may be trusted.
The DNV Validation Authority is neutral with respect to the various CAs and their certificates, so upon trusting the VA, the Relying Party is then able to trust any CA that the VA handles. The VA handles each CA individually, regardless of any trust structure that the CA may participate in.
Certificate path discovery and path processing are irrelevant since there is no need to prove a path to a “trusted CA”. The VA can answer for the validity and quality of certificates issued by, in principle, any CA. Thus, the VA provides the Relying Party with a single, independent trust anchor, making it possible to trust any CA that the VA handles.
DNV is partnering with Ascertia Limited to provide key elements of the Validation Authority technology. The DNV Validation Authority provides third party trust services to enable effective use of digital identities and digital signatures for securing electronic business processes.
About Ascertia
Ascertia is a UK company with many years of experience with digital signatures and certificates. Ascertia offers a comprehensive range of signature generation, verification, certificate validation, time-stamping and encryption products and services for transactions and documents, e.g. PDF, XML, Files, Web forms, etc.