What Is Identrus

What Is Identrus
Identrus was formed in 1999 through a partnership of leading financial institutions, including ABN AMRO, Bank of America, Bankers Trust (since acquired by Deutsche Bank), Barclays, Chase Manhattan, Citigroup, Deutsche Bank, and Hypo Vereinsbank. The main purpose was to enable a trusted business-tobusiness (B2B) ecommerce marketplace with financial institutions as the key trust providers. The organization leverages financial institutions with a global reach that can still provide local presences. The organization provides identity validation and warranty protection for global B2B ecommerce. Identrus provides a vendor-neutral environment that has the legal backing of all that PKI brings. Need for Identrus

The two biggest benefactors of Identrus are the trading partners that require nonrepudiatable identities of their counterparts and financial institutions that want to extend their banking online. These benefactors, among others, can also leverage a global standard, which would be difficult to do on their own. In addition, through a common standard, more banks are willing to use PKIbased technology because the cost of deployment is decreased with an increasing number of applications and trading partners.

Architecture
The main components of the Identrus system are as follows
• The digital certificates termed Identrus Global IDs
• Real-time validation infrastructure of the Identrus Global IDs
• Assurance (or warranties) for the Global IDs
• Globally recognized and enforceable contracts binding all members of the system
• An audit trail that can be used for dispute resolution

The Identrus model is built around the concept of four corners, the main components in this model are these

Identrus root. This root is run by Identrus’s own private root. At this level Identrus maintains the trust relationship between the issuing and relying financial institutions.

CA for the subscribing (or issuing) member’s financial institution. The root for this organization is signed by the Identrus root CA. The issuing institution generates certificates and issues them on smart cards to subscribing customers. The use of smart cards creates a higher level of protection for the issued certificates.

CA for the relying member’s financial institution. The root for this organization is signed by the Identrus root CA. The relying institution, on behalf of its customers, checks the validity or status of the certificate being presented to the relying institution’s client (via the Identrus OCSP responder).

Merchantrelying party. The relying party receives digitally secured and signed transaction messages from a subscribing party (in other words, the buyer). Software at the relying partyfs site allows it to receive the Identrus-enabled signatures from the subscribing party and forward the signatures to the relying party’s financial institution for validation. Once the validation has occurred, the relying party can then act on the transaction message. One advantage of this four-corner model is that the relying party does not need to invest heavily in PKI or other systems as the relying party’s financial institution performs those functions.

Buyersubscribing party. This party is buying from the selling party.