Predict your next investment

Corporation
SOFTWARE (NON-INTERNET/MOBILE) | Security Software
identrust.com

See what CB Insights has to offer

Founded Year

1999

Stage

Acquired | Acquired

Total Raised

$20M

Revenue

$0000 

About IdenTrust

IdenTrust is a provider in trusted identity solutions recognized by financial institutions, government agencies and businesses around the world. The only bank-developed identity authentication system, IdenTrust provides a legally and technologically interoperable environment for authenticating and using identities in more than 175 countries. IdenTrust enables end-users to have a single identity that can be used with any bank, any application, and across any network. IdenTrust identities are globally interoperable under uniform private contracts.

IdenTrust Headquarter Location

55 Hawthorne Street Suite 400

San Francisco, California, 94105,

United States

415-486-2900

Latest IdenTrust News

Let’s Encrypt comes up with workaround for abandonware Android devices

Dec 23, 2020

When you haven't been updated since 2016, expiring certificates are a problem. Enlarge / Pictured: An alternate future for many Android phones in 2021. Things were touch-and-go for a while, but it looks like Let's Encrypt's transition to a standalone certificate authority (CA) isn't going to break a ton of old Android phones. This was a serious concern earlier due to an expiring root certificate, but Let's Encrypt has come up with a workaround. Let's Encrypt is a fairly new certificate authority, but it's also one of the world's leading. The service was a major player in the push to make the entire Web run over HTTPS, and as a free, open issuing authority, it went from zero certs to one billion certs in just four years . For regular users, the list of trusted CAs is usually issued by your operating system or browser vendor, so any new CA has a long rollout that involves getting added to the list of trusted CAs by every OS and browser on Earth as well as getting updates to very user. To get up and running quickly, Let's Encrypt got a cross-signature from an established CA, IdenTrust, so any browser or OS that trusted IdenTrust could now trust Let's Encrypt, and the service could start issuing useful certs. Further Reading When it launched in 2016, Let's Encrypt also issued its own root certificate ("ISRG Root X1") and applied for it to be trusted by the major software platforms, most of which accepted it sometime that year. Now, several years later, with IdenTrust's "DST Root X3" certificate set to expire in September 2021, the time has come for Let's Encrypt to stand on its own and rely on its own root certificate. Since this was submitted four years ago, surely every Web-capable OS currently in use has gotten an update with Let's Encrypt's cert, right? That's true of every mainstream OS except for one. Sitting in the corner of the room, wearing a dunce cap, is Android, the world's only major consumer operating system that can't be centrally updated by its creator. Believe it or not, there are still quite a lot of people running a version of Android that hasn't been updated in four years. Let's Encrypt says it was added to Android's CA store in version 7.1.1 (released December 2016) and, according to Google's official stats, 33.8 percent of active Android users are on a version older than that. Given Android's 2.5 billion strong monthly active user base, that's 845 million people who have a root store frozen in 2016. Oh no. Advertisement Ron Amadeo In a blog post earlier this year,  Let's Encrypt sounded the alarm that this would be an issue, saying "It's quite a bind. We're committed to everybody on the planet having secure and privacy-respecting communications. And we know that the people most affected by the Android update problem are those we most want to help—people who may not be able to buy a new phone every four years. Unfortunately, we don’t expect the Android usage numbers to change much prior to [the cross-signature] expiration. By raising awareness of this change now, we hope to help our community to find the best path forward." An expired certificate would have broken apps and browsers that rely on Android's system CA store to verify their encrypted connections. Individual app developers could have switched to a working cert, and savvy users could have installed Firefox (which supplies its own CA store). But plenty of services would still be broken. Yesterday, Let's Encrypt announced it had found a solution that will let those old Android phones keep ticking, and the solution is to just... keep using the expired certificate from IdenTrust? Let's Encrypt says "IdenTrust has agreed to issue a 3-year cross-sign for our ISRG Root X1 from their DST Root CA X3. The new cross-sign will be somewhat novel because it extends beyond the expiration of DST Root CA X3. This solution works because Android intentionally does not enforce the expiration dates of certificates used as trust anchors. ISRG and IdenTrust reached out to our auditors and root programs to review this plan and ensure there weren’t any compliance concerns." Advertisement Let's Encrypt goes on to explain, "The self-signed certificate which represents the DST Root CA X3 keypair is expiring. But browser and OS root stores don't contain certificates per se, they contain 'trust anchors,' and the standards for verifying certificates allow implementations to choose whether or not to use fields on trust anchors. Android has intentionally chosen not to use the notAfter field of trust anchors. Just as our ISRG Root X1 hasn't been added to older Android trust stores, DST Root CA X3 hasn’t been removed. So it can issue a cross-sign whose validity extends beyond the expiration of its own self-signed certificate without any issues." Soon Let's Encrypt will start providing subscribers both the ISRG Root X1 and DST Root CA X3 certs, which it says will ensure "uninterrupted service to all users and avoiding the potential breakage we have been concerned about." The new cross-sign will expire in early 2024, and hopefully versions of Android from 2016 and later will be dead by then. Today, your example eight-years-obsolete install base of Android starts with version 4.2, which occupies 0.8 percent of the market.

Predict your next investment

The CB Insights tech market intelligence platform analyzes millions of data points on venture capital, startups, patents , partnerships and news mentions to help you see tomorrow's opportunities, today.

Expert Collections containing IdenTrust

Expert Collections are analyst-curated lists that highlight the companies you need to know in the most important technology spaces.

IdenTrust is included in 2 Expert Collections, including Enterprise SaaS.

E

Enterprise SaaS

2,452 items

Software-as-a-service (SaaS) – internet based software offered as a subscription – continues to become the de facto standard for software distribution and consumption. Enterprise SaaS continues to show particular promise, emerging as one of the most well-funded categories. Startu

C

Cybersecurity

4,589 items

IdenTrust Patents

IdenTrust has filed 7 patents.

patents chart

Application Date

Grant Date

Title

Related Topics

Status

5/20/2003

6/20/2017

Key management, Public key infrastructure, Transport Layer Security, Certificate authorities, Cryptographic protocols

Grant

00/00/0000

00/00/0000

Subscribe to see more

Subscribe to see more

Subscribe to see more

00/00/0000

00/00/0000

Subscribe to see more

Subscribe to see more

Subscribe to see more

00/00/0000

00/00/0000

Subscribe to see more

Subscribe to see more

Subscribe to see more

00/00/0000

00/00/0000

Subscribe to see more

Subscribe to see more

Subscribe to see more

Application Date

5/20/2003

00/00/0000

00/00/0000

00/00/0000

00/00/0000

Grant Date

6/20/2017

00/00/0000

00/00/0000

00/00/0000

00/00/0000

Title

Subscribe to see more

Subscribe to see more

Subscribe to see more

Subscribe to see more

Related Topics

Key management, Public key infrastructure, Transport Layer Security, Certificate authorities, Cryptographic protocols

Subscribe to see more

Subscribe to see more

Subscribe to see more

Subscribe to see more

Status

Grant

Subscribe to see more

Subscribe to see more

Subscribe to see more

Subscribe to see more

CB Insights uses Cookies

CBI websites generally use certain cookies to enable better interactions with our sites and services. Use of these cookies, which may be stored on your device, permits us to improve and customize your experience. You can read more about your cookie choices at our privacy policy here. By continuing to use this site you are consenting to these choices.