After changing its strategy and products to concentrate on the mobility world, a Toronto ISV has struck a licensing deal for its wireless authentication solution with a major American network security company.
VeriSign Inc. said this week it will include the MobiSecure soft token product
suite made by Diversinet Corp., which generates one-time numeric passwords on a range of mobile devices including cell phones. Typically, corporate users then input the numbers into PCs for network access or verifying large transactions, but both companies hope the system could also be used by consumers buying goods on the Internet.
“This is a pretty important first deal following 2004, which as been a real restructuring time for the company,” said Charles Walton, Diversinet’s executive vice-president of corporate development.
Until last year, publicly-traded Diversinet’s products centred on PKI certificate authority solutions, which were used mainly in pilots and early stage deployments.
Last year it earned $7 million, Walton said, but mainly from a U.S. division that did integration and professional services work. That unit has since been sold.
Looking for a better source of revenue it decided to create a product for generating passwords on devices that most people carry. For security-conscious enterprises who demand strong two-factor authentication (a password plus a randomly-generated number or code), the usual solution has been to have employees carry a USB memory key-sized device that at the press of a button pops up digits on a tiny screen.
A number of companies – including VeriSign – make these hardware-based tokens, which are often proprietary. Not only does that mean they’re expensive, but it also means employees have to carry an extra device around with them.
Diversinet reasoned that making a system that generates numbers on cell phones, PDAs, and Blackberrys, which many people have, made more sense. It says its application can be integrated with a company’s existing IT infrastructure, making it less expensive than hardware-based token systems. MobiSecure pushes out software on mobile devices that generate the random numbers. Devices that can carry the application include those than run Java, Sybian and Windows Mobile Pocket PC operating systems.
The application is consistent with the architecture of open authentication (OATH) system and compliant with the OATH HOTP algorithm proposed as a standard within the Internet Engineering Task Force, the company said.
Diversinet and VeriSign aren’t strangers: They’ve been partnering for some time, giving potential customers an alternative to hardware tokens, with VeriSign acting as the authentication authority.
Mark Griffiths, VeriSign’s vice-president of authentication services, said the company decided to licence Diversitnet’s applications rather than build a similar system itself.
VeriSign will integrate MobiSecure into its Unified Authentication product line by the end of the third quarter or early in the fourth quarter of this year, offering it as an a choice to its line of hardware tokens. Griffiths wouldn’t say what the solution will be priced at.
Initially the MobiSecure solution will be pitched at enterprises, Griffiths said, but he believes eventually it could work its way into the retail market for the general public.
He also said the deal should help increase the number of VeriSign VARs in North America. “We are in the process of building a reseller program for this product and service,” he said. Fifteen partners have signed up since the program was announced in February.
“It adds to VeriSign’s ability to offer complete, secure solutions,” said Joe Greene, an IDC Canada Internet analyst who was briefed on the deal, and could be a spur to companies and consumers afraid of identity theft from buying on the Web.
“If this can help alleviate some of that fear it’ll make people offer products and services and make buyers more confident,” he said.
Diversinet wouldn’t detail the financial benefits it will receive in the deal. “We do expect that through the entry of this channel . . . this will become a very substantial revenue producer for us,” said Walton.
