Symantec Unveils Consumer Identity Strategy 2

Symantec Corp. Wednesday showed off a new consumer identity client at the DEMO 07 conference, the centerpiece of the Cupertino, Calif. security company's Security 2.0 initiative.

The new program, still in development, will be called the Norton Identity Client, and is the first step in a 12- to 24-month project that will tie together services and software, consumers and businesses. Symantec likened the client to the e-tailing world's version of a driver's license that establishes the buyer's identity to the seller.

It will also include buyer-specific tools, such as site reputation information, including when the domain was registered and whether the site is using a known phishing digital certificate. Other tools will generate one-time e-mail addresses to plug into potentially "spammy" Web sites to protect users' real e-mail accounts. "Security 2.0 is aimed at giving the user a safe and confident online experience," says Brian Hernacki, a software architect working on the initiative. "Identity is an important part of that."

Symantec hopes to tap into the projected $1.1 billion business in online consumer authentication through 2011, and sees the market -- which is primarily driven by banks and brokerage houses -- as a new revenue stream. "We think it's an important market opportunity," says Hernacki, "both in the consumer and enterprise space. We work in both markets, and identity is a two-sided problem."

Symantec could use a boost to its bottom line. Last week, the firm posted third-quarter 2007 figures showing earnings of $248 million, down from $282 million in the same quarter the year before. In response, Symantec said it would slash $200 million in costs, including some jobs, during the year.

The company's also counting on indirect losses by e-commerce to aggressive drive adoption of authentication and identity management. According to late 2006 research by Gartner, consumer fears over security cost e-tailers nearly $2 billion in lost sales during the year.

Norton Identity Client will be identity protocol agnostic, Hernacki stresses. "We'll support whatever the industry supports. Our goal is to make authentication simple and easy to use." Initial plans are to support both CardSpace and OpenID, for instance, the digital identity storage system from Microsoft and an open-source identity framework, respectively.

The client will also support one-time passwords, which are coming into use by some banks and brokerage houses via specialized USB hardware, and may show up in debit or credit cards in the U.S. as early as this year.

Symantec will leverage its own Norton Account -- which stores consumer software product keys on the company's servers for later retrieval during program re-installation -- to jumpstart the identity client. Symantec claims that more than half of its Norton product line users have signed up for an account.

Hernacki wasn't ready to get specific about how Norton Identity Client might be sold or distributed to consumers, however. "We're working on how we package it up," he says. "There will be some people who just want a simple identity manager, so it may be offered separately, like Norton Confidential." Alternately, it could be bundled into other Symantec consumer titles, such as the Norton Internet Security suite. Symantec will be ready to share news about its packaging plans for the identity client in six months or so, Hernacki says.

"We want [Norton Identity Client] to enable consumers to conduct business with confidence," he says. "And enterprises to be able to focus on their core business, not authentication."