- By Category
- Entrust Authority
- Entrust SSL Certificates
- Entrust Entelligence
- Entrust GetAccess
- Entrust IdentityGuard
- Managed Services PKI
- Entrust Secure Transaction Platform
- Entrust TransactionGuard
- Entrust TruePass
- Entrust USB Tokens
- Products A-Z
Entrust First to Achieve Successful WebTrust Approval for Extended Validation SSL Certificates
May 30, 2007
Layered security leader first to receive WebTrust Seal of Assurance from Deloitte for Extended Validation, the latest anti-phishing technology to protect consumers online
DALLAS - In a continued effort to bolster consumer confidence in the online channel and help combat phishing attacks, Entrust [NASDAQ: ENTU] is the first certification authority (CA) to successfully meet the WebTrust operational requirements for Extended Validation (EV) SSL certificates, the frontline of protection in a layered security defense. Entrust met the audit requirements established by the Canadian Institute of Chartered Accountants, based on the EV guidelines produced by the CA/Browser Forum.
"Online trust continues to be critical for consumer confidence and e-commerce," said Deloitte associate partner Don Sheehy, who led the Entrust operational audit and is chairman of the International WebTrust for Certification Authorities Committee. "Entrust was the first certification authority to receive a WebTrust for Certification Authorities Seal of Assurance in 2001. Now, they are the first to pass an operational audit under the new WebTrust for EV guidelines and, thus, earn the right to display the new WebTrust for EV logo. We commend Entrust's longstanding commitment to online security."
When consumers use a browser that can recognize EV SSL certificates, the technology will help users make smarter trust decisions, including the ability to verify the identity of the owner of an EV certificate-protected Web site. Sites that have implemented EV SSL certificates will display a green address bar and information about the company operating the site, as well as the certification authority that issued the certificate, will be prominently displayed.
"Consumer confidence in the online channel is at a critical juncture. EV SSL certificates serve as the first indicator of trust when consumers brave the online channel to do business with an organization," said Entrust Chairman, President and CEO Bill Conner. "EV-enabled trust indicators like the green address bar can help quickly alleviate concerns over a phishing attack, allowing the consumer to feel more comfortable executing a sensitive transaction."
Compliance with the WebTrust for Certification Authorities standards confirms that the certification authority maintains controls to provide reasonable assurance on a number of defined important public key infrastructure (PKI) criteria. Certification authorities must undergo annual operational audits and meet the WebTrust for Certification Authorities criteria in order to be able to display the WebTrust for Certification Authorities seal on their sites. Parallel with the annual WebTrust for Certification Authorities audit, Entrust's EV operations were audited under the new WebTrust for EV requirements for the period since they started issuing EV certificates. Both audits will be renewed annually.
"The WebTrust for CA and WebTrust for EV programs give companies looking for an EV SSL solution a 'seal of approval' to check for when choosing an SSL provider," added Conner. "Combined with the level playing field provided by the EV SSL guidelines, organizations no longer have to buy from higher-priced SSL vendors in the name of better security. If a vendor offers EV SSL and has this WebTrust credential, an organization can make a confident purchase decision rather than just paying a premium for a vendor brand name."
All certification authorities participating in the Microsoft root embedding program for extended validation underwent EV-readiness audits in the fall of 2006, prior to submitting roots to Microsoft for the Internet Explorer 7 release. Operational audits differ from readiness audits in that they cover actual operations and certificate issuance.
"The importance of an independent third-party examination of the controls, processes and procedures of CAs is critical to underpinning higher confidence in EV SSL certificates," said Bryan Walker, principle assurance services, Canadian Institute of Chartered Accountants and responsible for the WebTrust for Certification Authorities program. "WebTrust, and the auditing profession, is pleased to be a participant - alongside Entrust and other CA/Browser Forum members - in the development of improved standards to strengthen trust on the Internet."
Extended validation refers to rigorous, industry-standard validation methods used by a certification authority before issuing an EV SSL certificate. An EV SSL certificate is a new category of SSL certificate created by an industry consortium called the CA/Browser Forum. Conceived in response to the growing threats of phishing and man-in-the-middle attacks, EV SSL certificates are issued to Web site operators only after the rigorous new validation process has been performed by an authorized third-party.
Deloitte facilitated the WebTrust for Extended Validation audit for Entrust Certificate Services, as part of Entrust Limited, at Entrust's Ottawa, Ontario, office.
Entrust EV SSL Certificates are available for purchase through Entrust's Certificate Services Web site, individually or as part of a cost-effective Certificate Management Service subscription, at www.entrust.net