Medepass Deploys Microsoft Software and Chrysalis-ITS Hardware to Ensure Security in Verifying Physician Identities

San Francisco, CA and Ottawa, Ontario – January 6, 2003 – MEDePass, the leading provider of authenticated digital identities for healthcare professionals and medical staff, has combined Certificate Services in Windows 2000 Advanced Server from Microsoft with Luna CA3 from Chrysalis-ITS, a leading provider of hardware security modules, to create a digital identity service for physicians and healthcare professionals. Microsoft’s Certificate Services software provides the engine for managing certificates; while Chrysalis-ITS’ Luna CA3 provides hardware-based private key protection to ensure an efficient, secure solution for healthcare transactions.

MEDePass Certificates, designed to meet Health Insurance Portability and Accountability Act (HIPAA) security regulations, provide proof of a physician’s identity and the ability to encrypt and digitally sign email messages and other types of data such as medical records. The Medepass solution incorporates a highly customized version of Microsoft Windows Certificate Services to issue MEDePass Certificates, and uses Chrysalis-ITS Luna CA3 hardware security modules to store and protect the critical private encryption key used in the issuance process.

“Clearly we needed a comprehensive security strategy to provide this highly sensitive service. This strategy had to encompass security measures including cryptographic hardware for key storage and recovery,” said Girard Pessis, CEO of MEDePass. “We used the MEDePass ASN.1 toolkit built with .NET to customize Microsoft Certificate Services for our unique application and we chose Chrysalis-ITS for the HSM, as Luna CA3 is the de facto standard in the industry for protecting sensitive encryption keys used to sign certificates. These measures provide our customers with a highly secure digital identity solution.”

“Microsoft Certificate Services in Windows 2000 Advanced Server offers customers like Medepass a flexible public key infrastructure integrated with critical hardware security products like those from our partner Chrysalis-ITS,” said Michael Stephenson, Lead Windows Server Product Manager, Microsoft Corp. “In combination this solution enables the secure exchange of information across the Internet, extranets, and intranets, addressing the specific online security requirements affecting customers in the healthcare and other industries.”

The sensitive nature of healthcare transactions poses unique demands on establishing the identity of physicians and other healthcare professionals on the Internet. These individuals benefit from using digital certificates to represent their online identities to perform transactions involving medical records and exchange of private information. The Certificate Authority (CA) creates, revokes and manages digital certificates for end users. The trust associated with these digital identities is directly related to the integrity of the CA’s private root key, which is used to sign certificates. If the root key is compromised, there is the potential for identity counterfeiting, or theft, which could in turn jeopardize the security and privacy of sensitive patient information.

“MEDePass provides a critical service to healthcare professionals and their patients by allowing them to use the Internet to improve the way healthcare information is shared,” said Randy Kun, Vice President of Marketing and Product Line Management, Chrysalis-ITS. “By selecting Chrysalis-ITS hardware for storing the sensitive keys used to issue digital certificates to their customers they are demonstrating to their customers a commitment to the highest levels of security for their service – ensuring a protected chain of trust for online healthcare transactions.”

About MEDePass, Inc.
MEDePass, Inc. is a trusted 3rd party in healthcare issuing authenticated digital identities, expressed as digital certificates, to licensed healthcare professionals in conjunction with state medical associations. Trading partners such as health plans, hospitals, and other health care organizations can rely upon these certificates to verify the identities of healthcare professionals on the Internet. MEDePass is actively involved in national standards setting to insure that the best interests of patients, professionals and trading partners are protected by an effective and trusted security infrastructure. MEDePass, Inc. is based in San Francisco, CA. For more information, visit .

About Chrysalis-ITS
Chrysalis-ITS is a leading vendor of hardware security products to secure and accelerate applications including electronic financial transactions, SSL, smart card issuance, document security and digital identity management. The company is revolutionizing hardware security with a line of appliances that dramatically simplify the deployment of secure applications. Chrysalis-ITS products power security solutions deployed to customers spanning the world’s leading financial institutions, service providers, and government agencies. Chrysalis-ITS products are delivered through a global network of distributors and value-added resellers. Founded in 1994, Chrysalis-ITS is headquartered in Ottawa, Canada, with regional offices throughout North America, Europe, and Asia. The company website is www.chrysalis-its.com .