news_VASCO’s PKI-based DIGIPASS CertiID and DIGIPASS Key 1 become IdenTrust compliant

September 8, 2009

Oakbrook Terrace, Illinois, Zurich, Switzerland, September 8, 2009 - VASCO Data Security Inc. (Nasdaq: VDSI;, a leading software security company specializing in authentication products, today announced that its PKI-based offering consisting of DIGIPASS CertiID® and DIGIPASS Key 1® has achieved IdenTrust Compliance. Thanks to the IdenTrust Rule Set compliance, new opportunities will arise for the use of VASCO’s PKI-based solutions in financial institutions considering that banks who have implemented the IdenTust architecture require using IdenTrust compliant middleware.

The IdenTrust Rules Set governs how member banks issue and validate globally interoperable digital certificates. IdenTrust’s trusted role in electronic transactions is to provide the identity network that issues and verifies the authenticity of the digital certificates used by the originator and recipient of the transaction, as well as to ensure the transaction is non-repudiable and legally-binding worldwide.

DIGIPASS CertiID is a client-based software suite using PKI-technology to sign transactions or confidential documents. It has been developed for large corporations, governments and banks providing two factor strong authentication for secure web login, windows PKI login to the desktop, e-mail signature, e-mail encryption and secure VPN access. The solution is ideal for identity management, banking and e-government transactions, as it complies with European legal recommendations.

DIGIPASS Key1 is an ultra-portable USB solution for strong authentication, secure access and secure transactions, offering the same capabilities as a smart card. The chip embedded in the DIGIPASS Key1 is FIPS140-2 level 3 and the applet signature is EAL4+ certified resulting in a highly secure data container. The user’s private key will be generated on the chip, when the user requests a certificate for the first time. The private keys which are stored on the chip can never be exported from the device. Whenever the user wants to sign a transaction, each time a PIN-code will be requested to use the private keys on the DIGIPASS Key1.

“VASCO is a leading provider of authentication solutions to the e-banking world. With the certification, we are able to offer standards-based interoperable solutions to banks and their end users. We are convinced that it will provide both parties with additional business opportunities and benefit our respective customers,” says Christy Serrato, Director Business Development at IdenTrust.

“We are glad that our PKI-based solutions have received IdenTrust certification. We are convinced that compliance with the IdenTrust Rule Set will generate new opportunities for us with both existing financial institutions that have chosen the IdenTrust platform for their trusted identity and access management, and those which will join the network in the near future,” says Jan Valcke, President and COO at VASCO Data Security.

IdenTrust is a leader in trusted identity solutions recognized by financial institutions, government agencies and businesses around the world. The only bank-developed identity authentication system, IdenTrust provides a legally and technologically interoperable environment for authenticating and using identities in more than 175 countries. IdenTrust enables end-users to have a single identity that can be used with any bank, any application, and across any network. IdenTrust identities are globally interoperable under uniform private contracts. For more information, visit

Statements made in this news release that relate to future plans, events or performances are forward-looking statements. Any statement containing words such as “believes,” “anticipates,” “plans,” “expects,” “intend,” “mean,” and similar words, is forward-looking, and these statements involve risks and uncertainties and are based on current expectations. Consequently, actual results could differ materially from the expectations expressed in these forward-looking statements.

Reference is made to the VASCO's public filings with the U.S. Securities and Exchange Commission for further information regarding VASCO and its operations.

This document may contain trademarks of VASCO Data Security International, Inc. and its subsidiaries, including VASCO, the VASCO “V” design, DIGIPASS, VACMAN, aXs GUARD and IDENTIKEY.

For more information contact:

Jochem Binst, +32 2 609 97 00, [email protected]