VeriSign and AOL explores 'safe chat room' idea

Internet service provider America Online (AOL) is demonstrating a "safe chat room" for children and teenagers that uses so-called...

Internet service provider America Online (AOL) is demonstrating a "safe chat room" for children and teenagers that uses so-called "multi-factor authentication" technology from VeriSign to verify a child's age.

Equipped with secure tokens that plug into computer USB outlets, children will be able to securely access AOL chat rooms without fear of being preyed upon online criminals, according to a statement from VeriSign.

Verisign will work with AOL and i-SAFE America, a non-profit organisation, to promote the use of secure tokens in schools and other venues frequented by the young.

The two companies demonstrated the safe chat service at the Digital ID World 2004 conference in Denver this week.

As part of the demonstration, VeriSign is integrating its Unified Authentication service with AOL's infrastructure to allow children to log on using a secure token, in addition to a user name and password.

The extra "factor", such as a USB device containing a unique digital certificate, gives the children access to special token-secured chat rooms that would not be accessible to those without the tokens, according to Judy Lin, executive vice-president of VeriSign's Security Services.

"It's a very neat concept and something we think there may be some interest in among parents," said Andrew Weinstein, an AOL spokesman.

However, AOL is only exploring the secure chat room idea, and other applications for multi-factor authentication and has no immediate plans to launch it as a service, he said.

VeriSign launched the Unified Authentication service in September as an extension of its Intelligence and ControlSM Services, which offer businesses such as ISPs network security information and tools.

User log-in and permissions information resides in the customer's user directory, but is linked to a unique serial number for a secure token or other authentication device stored on a VeriSign server.

Login requests by users will be passed to the VeriSign server where a stored algorithm will validate the serial number of the secure token or the one-time password is valid for the user requesting access, VeriSign said. 

In addition to announcing the safe chat room idea, AOL and VeriSign said they would work to integrate VeriSign's Unified Authentication service and tokens with AOL standards, enabling the use of VeriSign's service beyond the chat arena.

The announcement with VeriSign is the latest move by AOL to secure customer access to its services using tokens.

In September, AOL said it would partner with RSA Security on a new program called "Passcode", which offers AOL-branded SecurID tokens from RSA to AOL customers for added account protection.

The demonstration with VeriSign does not reflect in any way on the Passcode program, which is already available to AOL customers, Weinstein said

"We're looking at various authentication services we might offer. We think Passcode is a terrific service and plan to continue offering it, but we're looking at a range of services with different partners," he said.

Paul Roberts writes for IDG News Service

Read more on IT risk management