According to the agreement, the two companies will add Cylink's encryption software as an option to vendors that currently support RSA Data Security's widely used crypto algorithms. RSA has dominated the encryption market because its technology is both tested over time and licensed on favorable terms.
"Cylink's reputation in the security market and the strength of the code we've licensed from them makes Cylink the best independent organization to help us build better security into Java," David Spenhoff, director of product marketing for Sun's JavaSoft unit, said in a statement.
The Sun and Microsoft licenses follow Cylink's announcement last month that it would license its encryption algorithm to start-up Phaos Technology for Phaos's Java-based security toolkit. Analysts suggest growing acceptance of non-RSA algorithms could undermine RSA, now a subsidiary of Security Dynamics Technology (SDTI).
JavaSoft will include Cylink's X.509 digital certificate technology in a future release of its Java Development Kit, which is used to build e-commerce and other secure applications.
Microsoft has licensed Cylink's software for future versions its Internet Explorer 4.0 Web browser and version 5.0 of its Windows NT operating system. Cylink security is built into current beta versions of IE 4.0.
Cylink's software is based on Diffie-Hellman and the Digital Signature Standard (DSS) public-key cryptography.
JavaSoft's new kit will include a set of foundation classes to handle X.509, version 3 digital certificates, which serve as digital IDs to verify the identity of parties in an online exchange. Digital certificates in the Java development kit will help developers build strong authentication into Java applications.
Standards bodies ANSI (American National Standards Institute and ISO/ITU have approved X.509 certificates as a standards, and the Internet Engineering Task Force (ITEF) is considering the same action.