Security software determines how much customers can do

How would you like to give premium customers access to fancy electronic commerce, but limit what newcomers can do?

Start-up Indigo Security Technologies may have the software for you. The company is currently running beta tests on Elara, Java-based server software that financial organizations can use to set rules that determine what transactions certain customers can perform.

Based on Sun’s Java Enterprise Server Beans architecture, the Elara software is designed to enforce “entitlement rules,” said John Weinschenk, CEO and president of Indigo. For example, these rules might indicate a person is allowed to make a transaction up to a certain amount, or only do stock trades and not Electronic Funds Transfers. “Once you authenticate a user on the network, you can set fine-grain access controls that decide in real time whether any Web-based transaction should be allowed,” Weinschenk said.

This authentication can be based on the user’s IP address, digital certificate, Kerberos ticket or RAC-F mainframe authorization. The Elara software uses that information to set access-controls on Web servers that can be distributed throughout an enterprise. The central Elara “entitlement server,” as Indigo calls it, caches this access-control information in a database, and periodically replicates it to departmental servers running Elara software so it can validate Web-based transactions. Weinschenk said Elara could process for approval up to 1,000 transactions per second.

Indigo’s product, to be released in March, is derived from home-grown software developed in-house by Bankers Trust, which was bought by Deutsche Bank last year. Deutsche Bank later decided to establish an independent company – Indigo – to sell a commercial version of the Bankers Trust access-control software. Indigo Technologies plans to ship the Elara product later in March for about US$75,000 per CPU.

Will Deutsche Bank decide to eat its own dog food, as the saying goes, by using Elara internally? The bank is beta testing the software, said Phil Venables, chief information security officer at Deutsche Bank. The bank’s applications make a call to the Elara entitlement server to find out if customers are allowed to make a particular transaction, he said. But as yet, there has been no final decision on whether Elara will be used on an operational basis, Venables added.