FRAMINGHAM (01/27/2000) - How would you like to give premium customers access to fancy electronic commerce, but need to limit what newcomers can do? Then startup Indigo Security Technologies may have the software for you.
The company is beta testing Elara, Java-based server software that financial organizations can use to set rules that determine what transactions certain customers can perform.
Based on Sun's Java Enterprise Server Beans architecture, the Elara software is designed to enforce "entitlement rules," says John Weinschenk, chief executive officer and president of Indigo. For example, these rules might indicate a person is allowed to make a transaction up to a certain amount, or only do stock trades not Electronic Funds Transfers. "Once you authenticate a user on the network, you can set fine-grain access controls that decide in real time whether any Web-based transaction should be allowed," Weinschenk explained.
This authentication can be based on the user's IP address, digital certificate, Kerberos ticket or RAC-F mainframe authorization. The Elara software uses that information to set access-controls on Web servers that can be distributed throughout an enterprise. The central Elara "entitlement server," as Indigo calls it, caches this access-control information in a database, and periodically replicates it to departmental servers running Elara software so it can validate Web-based transactions. Weinschenk said Elara could process for approval up to 1,000 transactions per second.
Indigo's product, to be released in March, is derived from homegrown software developed in-house by Bankers Trust, which was bought by Deutsche Bank last year. Deutsche Bank later decided to establish an independent company -- Indigo -- to sell a commercial version of the Bankers Trust access-control software.
Backed with US$3.5 million in venture capital from Pyramid Ventures, Indigo Technologies now plans to ship the Elara product later in March for about $75,000 per CPU (central processing unit.)Will Deutsche Bank decide to eat its own dog food, as the saying goes, by using Elara internally? The bank is beta testing the software, says Phil Venables, chief information security officer at Deutsche Bank. The bank's applications make a call to the Elara entitlement server to find out if customers are allowed to make a particular transaction, he explained.
But as of yet, there has been no final decision on whether Elara will be used on an operational basis, Venables added.