Analysts: Microsofts Latest Move into Identity Management Could Signal Smart-Card Renaissance

News Analysis: The deal could herald an upsurge in enterprise use of smart cards.

Analysts said Microsoft Corp.s Monday acquisition of a public-key identity management developer may herald an upsurge in the use of smart cards by enterprises and Microsofts position in the still-growing security management industry.

Alacris, a small, privately held, Ottawa-based company founded in 1998, makes a security management software product called IDNexus that uses PKI (public key infrastructure) and biometrics in smart-card deployments for large commercial and government organizations that employ Windows-based systems. Terms of the deal were not disclosed.

PKI uses public and private cryptographic keys and digital certificates to securely encrypt messages and data over public networks.

"Id say Microsoft is expecting an upturn in the use of smart cards by large enterprises with Windows systems. Thats why they made the acquisition," Gartner Group security analyst Ray Wagner told "This is a very narrow-market kind of software, but it fits right in with what the company needs right now."

Alacris non-government customers are mainly in the pharmaceutical, health care, banking and securities, and insurance sectors.

The companys core technology helps IT departments streamline the provisioning of new smart cards and the configuration of existing smart cards.

The technology also provides Web-based policy-driven workflow management that helps users manage their administrative and end-user experiences, the company said.

Windows uses smart cards and other authentication technologies on the desktop through its Active Directory and Microsoft Certificate services.

However, enterprise customers are still have problems with the complexity of provisioning smart-card hardware, deploying digital certificates, managing certificate revocation, and auditing IT pro and end-user activity, said Michael Atalla, Microsoft group product manager in the security division.

He offered one example of how IDNexus would work for an enterprise:

If a smart-card holder were to lose or misplace the card and thus become unable to access a building or other location, he or she could obtain a blank one on the spot at a company reception desk.

The blank card could then be inserted into an IDNexus kiosk in the lobby. The user would then enter a username and password, enabling IDNexus to program the temporary card with the cardholders personal information, preferences and privileges for as long as needed. In the meantime, the original misplaced smart card would be deactivated.

"This automation cuts down the administrative process greatly," Atalla told Ziff Davis Internet. "Theres no helpdesk call, it saves a lot of headaches of sysadmins, and its much easier for the user. The incident gets taken care of a lot faster and more efficiently."

Microsoft has produced user-activated security software for years, but it doesnt have much history in providing software than manages the administration of security services.

/zimages/3/28571.gifClick here to read more about Microsofts acquisition of Alacris.

Wagner said he believes Microsoft is hoping to catch a future wave of smart-card use.

"The Alacris software will provide much-needed functionality around Web services, identity management, identity services, and in deployment and management of all those services," Wagner said.

"It might be a simple as a providing Web certificate or updating the information on a smart card, but this product will do it more efficiently that anything they currently have."

Forrester analyst Paul Stamp told Ziff Davis Internet that although the Alacris software can be used for Web-based security purposes, he said Microsoft was looking at this acquisition "as a specific strategy that leans toward using automated PKI in smart cards. Whereas Microsoft could have just written now tools to do this work, they just decided to acquire the company."

Alacris signed a partnership with Microsoft in 2003, when it first developed IDNexus. Last July, the company released v3.0 of the product; Microsoft plans to announce a beta version of the product at a later date, the company said.

Alacris posted $2.3 million in sales and had 21 employees in 2004, according to Hoovers.

Co-founders Ron MacDonell and Conrad Bayer currently serve as president-CEO and vice president-CTO, respectively.

Alacris is the latest in a series of Microsoft security acquisitions during the past two years.

The others are e-mail security software maker FrontBridge Technologies (July); anti-virus software maker Sybari (February); anti-spyware maker Giant Company Software (December 2004); and anti-virus software maker GeCAD Software (2003).

/zimages/3/28571.gifCheck out eWEEK.coms for Microsoft and Windows news, views and analysis.

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 13 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...