U.S. Bancorp, VeriSign team on banking security

IDG News Service - U.S. Bancorp will use a hardware-token-based authentication service from VeriSign Inc. to secure access to commercial banking services for its customers, and may soon introduce a similar service for consumer banking customers, according to a VeriSign executive.
The bank will use VeriSign's Unified Authentication service to validate and secure interactions with commercial banking customers, providing them with a secure Universal Serial Bus token that they must use when accessing services online. The deal is just the latest evidence of renewed interest in so-called "multifactor" authentication within the banking industry, which is struggling with an epidemic of online identity theft scams, according to Judy Lin, executive vice president for VeriSign's security services.
As part of the program, U.S. Bancorp will make VeriSign security tokens available to more than 10,000 commercial banking customers. Those tokens will hold a digital certificate that identifies the bearer and will need to be inserted into machines before accessing Web-based commercial banking applications, Lin said.
The Unified Authentication service combines VeriSign-branded eToken USB authentication devices from Aladdin Knowledge Systems Inc. in Chicago with a managed validation service that runs on VeriSign's infrastructure. It also includes software modules that plug into a bank's existing back-end infrastructure. Banks can also choose to operate their own validation server as part of the service, Lin said.
At U.S. Bancorp, the authentication service will be integrated with existing user directory and identity management technology, validating interactions between the bank and its customers. A server operated by VeriSign will handle token validation, but no customer information will leave U.S. Bancorp's network in the process, she said.
VeriSign launched the Unified Authentication service in September as an extension of its Intelligence and ControlSM Services, which offer businesses network security information and tools. User log-in and permission information resides in the customer's user directory but is linked to a unique serial number for a secure token or other authentication device stored on a VeriSign server. Log-in requests by users will be passed to the VeriSign server, where a stored algorithm will validate that the serial number of the secure token or the one-time password is valid for the user requesting access, VeriSign said.
The eighth-largest bank in the country, U.S. Bancorp has over $190 billion in assets and 2,344 offices in 24 states. The bank chose VeriSign's new service for its ability to support many users and different types of authentication tokens, Richard Stephenson, U.S. Bancorp director of information security, said in a statement.
"U.S. Bancorp sees a large audience of different types of users,