Microsoft now uses RSA encryption in its Internet-related products, but at present the company is the only operating system vendor to have such a security framework, according to RSA vice president of marketing Scott Schnell.
Enabling secure communications over the Net is seen as a critical step to getting both consumers and businesses to use the Internet for purchases or to send sensitive information. Electronic commerce advocates hope that using encryption and other methods to secure transactions will increase consumer confidence in, and reliance on, Internet commerce.
The pact gives Microsoft the right to integrate RSA and Security Dynamics security technologies into Windows NT Server. In return, RSA gets the right to use Microsoft's CryptoAPI in its BSafe toolkits. The CryptoAPI is the basis for Microsoft's security strategy, the Microsoft Internet Security Framework (MISF). RSA's security toolkits will feature Microsoft's cryptographic programming interfaces, thus making it easier to develop secure cross-platform applications.
"This is about integration, interoperability, and standards," said Jim Bidzos, RSA president. "We're doing a tight integration of RSA and Security Dynamics technology with Microsoft products so developers can have broad access to cryptography and can integrate security into applications with CryptoAPI."
Because the agreements are not exclusive, RSA and Security Dynamics can do similar deals with vendors of other operating systems or with Microsoft rivals such as Netscape Communications. RSA will receive an undisclosed amount of revenue from the agreements.
The deal also grants Microsoft new rights to software for supporting Security Dynamics' patented SecureID token technology, a kind of enhanced smart card, in future Microsoft products.
Under today's agreement, Microsoft will add Security Dynamics' tokens to its NT Server operating system and allow for multiple levels of authentication to protect sensitive information. Microsoft already includes Security Dynamics hardware tokens and software for highly secure access to sensitive data in Windows NT software, but will now extend and expand those relationships.
Microsoft currently ships RSA encryption as the packaged cryptographic engine for its CryptoAPI. Those include the secure sockets layer (SSL) and private communications technology (PCT) protocols, including both the 40-bit technology that can be exported and the 128-bit technology that can be used only in the United States under current regulations, as well as client authentication. Microsoft's Authenticode technology for verifying the source and integrity of software already uses RSA encryption and digital signature technology.
Microsoft will also provide source code that will assist RSA in developing a family of enhanced cryptographic engines for CryptoAPI.