CertCo

CertCo was a financial cryptography startup spun out of Bankers Trust in the 1990s. It had offices in New York City and Cambridge, Massachusetts. It offered three main public key infrastructure (PKI) based products: an Identity Warranty system (tracking and insuring reliance on identity assertions in financial transactions); an electronic payment system (internally known as Acquire); and an Online Certificate Status Protocol (OCSP) responder for validating X.509 public key certificates.

Early History

CertCo was founded in March 1994 by Frank Sudia and Peter Freund as an internal bank department known as BT Electronic Commerce (BTEC). It spun out in November 1996 as CertCo with a number of outside strategic and financial investors in a transaction managed by Goldman Sachs.

Some of its better known early employees included Rich Ankney, Ed Appel, Alan Asay, Ernest Brickell, David Kravitz (inventor of the Digital Signature Algorithm), Yair Frankel, Dan Geer, C.T. Montgomery, Jay Simmons, Nanette Di Tosto, and Moti Yung.

Early on it licensed the "Fair Cryptosystem" key escrow patents of MIT Professor Silvio Micali and announced plans to implement a "Commercial Key Escrow System" (mentioned in [1]). Thereafter the policy climate for key escrow turned negative [2], market interest waned, and the system was never built.

CertCo and Bankers Trust promoted the creation of a bank consortium to serve as a PKI certificate authority for global commerce, leading to the 1999 launch of Identrus, later renamed Identrust. The banks, however, declined to license CertCo's proprietary technology, opting instead for a vendor-neutral approach.

CertCo's most notable commercial customer was SETCo [3], the operating company for the Visa-Mastercard Secure electronic transaction credit card security protocol, to which it provided certificate authority technology.

Technical Contributions

CertCo made various contributions to the fields of cryptography and public key infrastructure. Its most heavily-cited patents by subject are:

• U.S. patent 5,659,616 Attribute Certificates
• U.S. patent 5,825,880 Certificate Authority
• U.S. patent 5,995,625 Digital Rights Management
• U.S. patent 5,903,882 Identity Warranty
• U.S. patent 5,799,086 Key Escrow
• U.S. patent 6,029,150 Payment System

Standards & Policy

CertCo personnel contributed to a number of standards bodies and policy projects, including:

• IETF Online Certificate Status Protocol OCSP
• American Bar Association Digital Signature Guidelines
• ANSI X9.30

The Digital Signature Algorithm (DSA)

• ANSI X9.31

[http://webstore.ansi.org/RecordDetail.aspx?sku=ANSI+X9.31%3a1998 Reversible Public Key Cryptography (rDSA)]

• ANSI X9.45 Attribute Certificates
• ANSI X9.57

[http://webstore.ansi.org/RecordDetail.aspx?sku=ANSI+X9.57%3a1997 Certificate Management for Financial Services]

Endgame

CertCo used up all of its money, never found a wide market for its products, and went out of business in Spring 2002, following substantial reductions in technical staff in November and December 2001.

Near the end of its life CertCo briefly achieved public notoriety by suing PayPal [4] for patent infringement, briefly delaying the latter's highly anticipated IPO. The dispute was reportedly settled for a nominal amount [5].

References

• The Payment System: Emerging Issues (FDIC)
• CertCo Providing Security for High-Value Transactions