Convention to air issues

Cryptography companies will gather next week at the RSA Data Security Conference in San Francisco to unveil new products at a time when digital security is hot, politically and economically.

In addition to a host of product announcements--including secure hardware systems, digital certificates, and smart cards--next week's conference will provide a forum for a continuing debate over the role of the federal legislators and intelligence agencies in the regulation of encryption. Specifically, the concerns will focus on whether the government should liberalize export laws to promote e-commerce or keep a tight lid on the use of cryptography to prevent criminal abuse.

One highlight will be Tuesday's keynote speech from David Aron, President Clinton's newly appointed special envoy for cryptographic issues. Dubbed the "crypto czar," Aron's mission is to work with foreign governments on a global infrastructure that would give law enforcement authorities access to private encryption keys.

The administration's latest rules governing the export of encryption and encrypted software have been a major source of contention in the cryptography industry. Even though the new regulations are now in place, the industry will continue to lobby Congress for more favorable provisions through the so-called Pro-Code bill, which seeks to ban mandatory key-storage systems. (See related story)

But in the meantime, cryptography technology companies must modify their software to provide what is known as "key recovery" or "key escrow"--that is, a way to store cyrptography keys with third parties. This is a necessary condition under new regulations if companies want to get a license to export stronger encryption.

Companies such as Trusted Information Systems that already offer key recovery technology could profit greatly while their competitors look to catch up, and these firms will trumpet their technological prowess at next week's conference. Others will simply try to profit from the wider attention in security products that the larger policy debate has engendered.

These are some of the new announcements to be discussed next week:

IBM said today that it will license key recovery technology from Trusted Information for use within its own framework of security products. IBM wants to team up with Trusted Information because it is already vying with Hewlett-Packard to be the solution provider of choice for large businesses that need security systems for their intranets. To do that, it needs key recovery.

Conference host RSA Data Security is expected to announce an upgrade to its BSafe software toolkit to handle smart cards. Software companies use BSafe to create secure applications. RSA also is expected to release a toolkit for Secure Electronic Transactions, the emerging protocol for credit-card business over the Net, as well as discuss plans for a Japanese version of SET.

Major players in the "certification authority" arena will talk about their systems for issuing digital certificates that verify the identities of users involved in electronic transactions or communications. GTE, which launched its CyberTrust certification authority at last year's RSA conference, will outline product and service offerings.

Market leader VeriSign, which is dubbing 1997 "the Year of the Digital ID," will demonstrate digital certificates on smart cards.

Several companies will announce new kinds of security hardware, which is generally considered more secure than encryption software. Atalla, a division of Tandem Computers, will unveil its Internet security processor technologies and give an early peek at its VMS 310 NetArmor security processor chips, jointly developed with VLSI Technologies.

Aventail announce that it plans to integrate Secure Sockets Layer support into its entire S5 product line, thus letting users or network managers encrypt all communications, not just a single application. That ability will extend to applications using Java, ActiveX, or 4GL, which normally don't support SSL.

DynaSoft AB will announce that Hewlett-Packard will incorporate DynaSoft's Secure Single Sign-On technology into its Praesidium. DynaSoft, which operates in the United States through its Securix subsidiary, in September announced a similar distribution agreement with Sun Microsystems.

Back to introduction page