RSA tools follow SET standard
RSA Data Security announces a software toolkit to make it easier for software developers to create e-commerce applications that comply with the Secure Electronic Transactions (SET) protocol for secure credit card purchases via the Internet.
S/Pay Developer's Kit, the first of its kind to hit the market, comes with the complex cryptography built in as objects, streamlining development for software engineers who are not security experts. SET is an emerging standard for bank card payments now being finalized by Visa International and Mastercard International. It has also been adopted by Microsoft and Netscape Communications.
The new developer's kit marks RSA's initial step into the tools market. Its primary business has been licensing its patented cryptographic algorithms to companies that use then to build secure hardware or software applications.
S/Pay's initial customers include Atalla, NEC, Nihon Unisys, NTT Data, Open Market, Tandem Computers, VeriFone, and VeriSign, partially owned by RSA.
The toolkit is "designed to provide developers with the quickest way to market implementations for the safe transmission of sensitive personal and financial information over the Internet," Jim Bidzos, RSA president, said in a statement.
Because S/Pay is designed specifically for credit card transactions that include only small amounts of data, Gary Kinghorn, RSA's director of product marketing, said it has been cleared by United States officials for export. Export limits on encryption have been highly controversial among U.S. software companies.
Other software companies, including Microsoft and RSA spinoff Terisa Systems, are believed to be working on SET toolkits that might compete with RSA's.
RSA's suite of tools includes separate modules for developing cardholder, merchant, and bank/acquirer applications. Each has a high-level application API (application programming interface), source code, as well as SET protocol support, and each shares a common implementation of strong cryptographic and message libraries.
Now in beta testing, the first release of S/Pay is expected in January, when RSA holds its annual developers conference; a Japanese version is due by mid-year.
Pricing is based on either a one-time license fee with an annual renewal for unlimited copies. Unlimited licenses are $150,000 for cardholder applications, $175,000 for merchant applications, and $60,000 and up for acquirer applications.
RSA is a wholly-owned subsidiary of Security Dynamics Technologies (SDTI).