Internet service provider America Online (AOL) is
demonstrating a "safe chat room" for children and teenagers that
uses so-called "multi-factor authentication" technology from
VeriSign to verify a child's age.
Equipped with secure tokens that plug into computer USB outlets,
children will be able to securely access AOL chat rooms without
fear of being preyed upon online criminals, according to a
statement from VeriSign.
Verisign will work with AOL and i-SAFE America, a non-profit
organisation, to promote the use of secure tokens in schools and
other venues frequented by the young.
The two companies demonstrated the safe chat service at the
Digital ID World 2004 conference in Denver this week.
As part of the demonstration, VeriSign is integrating its
Unified Authentication service with AOL's infrastructure to
allow children to log on using a secure token, in addition to a
user name and password.
The extra "factor", such as a USB device containing a unique
digital certificate, gives the children access to special
token-secured chat rooms that would not be accessible to those
without the tokens, according to Judy Lin, executive vice-president
of VeriSign's Security Services.
"It's a very neat concept and something we think there may be
some interest in among parents," said Andrew Weinstein, an AOL
spokesman.
However, AOL is only exploring the secure chat room idea, and
other applications for multi-factor authentication and has no
immediate plans to launch it as a service, he said.
VeriSign launched the Unified Authentication service in
September as an extension of its Intelligence and ControlSM
Services, which offer businesses such as ISPs network security
information and tools.
User log-in and permissions information resides in the
customer's user directory, but is linked to a unique serial number
for a secure token or other authentication device stored on a
VeriSign server.
Login requests by users will be passed to the VeriSign server
where a stored algorithm will validate the serial number of the
secure token or the one-time password is valid for the user
requesting access, VeriSign said.
In addition to announcing the safe chat room idea, AOL and
VeriSign said they would work to integrate VeriSign's Unified
Authentication service and tokens with AOL standards, enabling the
use of VeriSign's service beyond the chat arena.
The announcement with VeriSign is the latest move by AOL to
secure customer access to its services using tokens.
In September, AOL said it would partner with RSA Security on a
new program called "Passcode", which offers AOL-branded SecurID
tokens from RSA to AOL customers for added account protection.
The demonstration with VeriSign does not reflect in any way on
the Passcode program, which is already available to AOL customers,
Weinstein said
"We're looking at various authentication services we might
offer. We think Passcode is a terrific service and plan to continue
offering it, but we're looking at a range of services with
different partners," he said.
Paul Roberts writes for IDG News Service