RSA targets mainstream market

The encryption software maker and its parent company Security Dynamics announce a set of security services--the first joint effort between the two companies since they merged.

3 min read
SAN FRANCISCO--Kicking off its annual conference here, encryption software maker RSA Data Security and its parent company Security Dynamics announced a set of security services that marked the first joint effort between the two companies since they merged in 1996.

The announcements also marked RSA's bid to become a mainstream player in the PC security software market.

RSA also announced a partnership with PC BIOS maker Phoenix Technologies to protect a PC from intrusion or tampering during its "boot time," from the time a user presses the "on" button to the time the operating system engages.

The companies will team up to embed RSA's cryptographic toolkits in Phoenix's BIOS that ships on PC motherboards. To access the tools, developers will have a new API, the Pre-boot Crypto API, at their disposal.

Two industry trends are making such attacks more of a threat, according to RSA president and CEO Jim Bidzos: the central administration of networked PCs or network computers within a company and the possible deployment of terminals or kiosks in public spaces such as hotel rooms.

"It's the extension of the boot virus idea," said cryptographer Bruce Schneier of Counterpane Systems. "The whole idea of an NC is running other people's code. If I can sneak in there before the operating system boots up, those attacks can work."

Security Dynamics today announced SecurSight, a product line that encompasses four different software modules that plug into various parts of a company's existing computing infrastructure. The four components--Desktop, Manager, Authentication, and Agents--will begin shipping by the end of June.

SecureSight Desktop provides encryption to locally stored files and stores a "passport" of local security information on the user's machine. The passport is accessible only with a smartcard or software token. The Manager component allows an administrator to handle desktop, application, and other access rights through a Netscape browser interface. The Authentication component uses either SecurID smart cards (Security Dynamics' flagship product), hardware tokens, or authentication software to protect data on the network. Agents provide an extra security measure and access control for application servers. Agents for Oracle, Sybase, and Informix applications are currently available.

The SecureSight products will work in conjunction with RSA's new Certificate Security Suite, which provides a high-level programming interface, or API, for a variety of security applications. The Certificate Security Suite will adopt the Common Data Security Architecture (CDSA), giving developers the ability to tie their applications to CDSA-compliant certificate management systems.

"This is the first time the companies are working to roll out products together," Chuck Stuckey, Security Dynamics CEO and chairman, said.

Financial analysts didn't see the newly launched joint strategy having any effect on the company's bottom line, given that the timetable for working together on products has gone according to plans announced at the time of the merger.

The adoption of the CDSA gives all security application developers access to the same high-level API to support back-end public key infrastructures, RSA vice president of marketing Scott Schnell said.

RSA and its parent are putting their support behind IBM's extensions to the CDSA called KeyWorks as the way to back up and recover encryption keys within a public key infrastructure. The three companies will work to develop future enhancements to CDSA.

As reported last week, RSA will also include support in its BSAFE 4.0 toolkit for elliptical curve cryptography (ECC), a relatively new mathematical system that RSA was denigrating several months ago. The new version of the toolkit will be distributed to at least 50 developers in the next quarter.