Skip navigation

Microsoft Boosts Its Ability to Provide End-to-end PKI Solutions

Microsoft announced that it has acquired privately-held Alacris, maker of identity and access management solutions. Terms of the acquisition were not disclosure, however Microsoft plans to integrate the company and did indicate that it would evaluate individual Alacris employees to determine how they best fit in at Microsoft.

Alacris' idNexus Identity Assurance Management System is based on public key infrastructure (PKI) and is designed specifically for Microsoft platforms. The solution works with certificates, whether stored on computers or in smartcards, and integrates with Windows 2003 Certificate Authority and Active Directory to extend functionality centered around registration and credential management. According to the company, idNexus also provides "advanced registration, management, reporting and auditing functionality required by large enterprise organizations that have deployed an Entrust PKI."

The company's other solution, OSCP Identity Validation System, is based on the Online Certification Status Protocol (OSCP) and helps introduce certificate awareness to applications. The validation systems brings realtime certificate validation to client-server applications, such as email clients, Web-based applications, and desktop applications. OSCP enhances security by superceding Certificate Revocation Lists (CRLs), which cannot be used to perform realtime verification.

Conrad Bayer, vice president and CTO of Alacris , said, "Our technology vision has always been around the Microsoft Windows operating systems, even more particularly around Microsoft Active Directory service. What we’ve focused on is delivering a very flexible, configurable solution that extends the capabilities of Windows Server 2003 and Active Directory in ways that fit each customer’s needs."

Bayer added that he sees a future where smartcards become a single point of identity for multiple devices, including desktop systems and mobile computing platforms. While many smartcard technologies already exist, including credit card sized units and key fob type devices, Mike Nash, corporate vice president of Microsoft’s Security Technology Unit, added that smartcard technology will eventually come in other forms, including tokens stored in commonly used tools such as a typical pen. Nash pointed out that smartcards can be used for authentication as well as proximity devices.

Bayer went on to say the acquisition enables Microsoft to take the solutions beyond enterprise environment and out to consumers. The acquisition puts Microsoft in a better position to offer an end-to-end solution and to provide platforms that eliminate the need for usernames and passwords. Such technology could also be used to enhance digital rights management (DRM).

The acquisition is timely considering that Microsoft is currently developing its next Windows server platform, code-named Longhorn, which is tenantively scheduled for release sometime in 2007. Microsoft intends to release a beta version of the newly acquired Alacris solutions sometime in the future, although no timeframe has been accounced for that upcoming beta program.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.