In a continued effort to bolster consumer confidence in the online channel and help combat phishing attacks, Entrust (Nasdaq: ENTU) is the first certification authority (CA) to successfully meet the WebTrust operational requirements for Extended Validation (EV) SSL certificates, the frontline of protection in a layered security defense. Entrust met the audit requirements established by the Canadian Institute of Chartered Accountants, based on the EV guidelines produced by the CA/Browser Forum.

When consumers use a browser that can recognize EV SSL certificates, the technology will help users make smarter trust decisions, including the ability to verify the identity of the owner of an EV certificate-protected Web site. Sites that have implemented EV SSL certificates will display a green address bar and information about the company operating the site, as well as the certification authority that issued the certificate, will be prominently displayed.

Compliance with the WebTrust for Certification Authorities standards confirms that the certification authority maintains controls to provide reasonable assurance on a number of defined important public key infrastructure (PKI) criteria. Certification authorities must undergo annual operational audits and meet the WebTrust for Certification Authorities criteria in order to be able to display the WebTrust for Certification Authorities seal on their sites. Parallel with the annual WebTrust for Certification Authorities audit, Entrust's EV operations were audited under the new WebTrust for EV requirements for the period since they started issuing EV certificates. Both audits will be renewed annually.

All certification authorities participating in the Microsoft root embedding program for extended validation underwent EV-readiness audits in the fall of 2006, prior to submitting roots to Microsoft for the Internet Explorer 7 release. Operational audits differ from readiness audits in that they cover actual operations and certificate issuance.

Extended validation refers to rigorous, industry-standard validation methods used by a certification authority before issuing an EV SSL certificate. An EV SSL certificate is a new category of SSL certificate created by an industry consortium called the CA/Browser Forum. Conceived in response to the growing threats of phishing and man-in-the-middle attacks, EV SSL certificates are issued to Web site operators only after the rigorous new validation process has been performed by an authorized third-party.

Deloitte facilitated the WebTrust for Extended Validation audit for Entrust Certificate Services, as part of Entrust Limited, at Entrust's Ottawa, Ontario, office.

Entrust EV SSL Certificates are available for purchase through Entrust's Certificate Services Web site, individually or as part of a cost-effective Certificate Management Service subscription, at www.entrust.com.