CNET también está disponible en español.

Ir a español

Don't show this again

Tech Industry

RSA crypto export gets thumbs-up

Security Dynamics' RSA subsidiary wins U.S. approval to export its SecurPC encryption software.

    Security Dynamics (SDTI) today announced that its RSA Data Security subsidiary has won U.S. approval to export RSA's SecurPC 2.0 software, a 128-bit encryption product for securing desktop PCs.

    The U.S. government has approved for export a number of other strong encryption products, including offerings from Netscape, e-commerce software vendor Open Market, and encryption firm Pretty Good Privacy.

    But Security Dynamics officials claim their export license gives them more leeway to sell their product overseas. "The approval for SecurPC is by far the least constraining export license that has been issued," said David Powers, vice president of marketing for Security Dynamics.

    "It is the first product approved for export at 128 bits that is generally available for all U.S. companies and their overseas subsidiaries as well as for all domestic and foreign financial institutions," Powers added. The U.S. Department of Commerce has looser requirements for export of strong encryption in financial software.

    It also lets companies serve as their own escrow agent for storing cryptographic keys in case a government agency wins a court order to obtain the keys. In other encryption export licenses, the government has often required a third-party escrow agent.

    "The company manages its own key recovery system--we call it 'self escrow'," said Power. "We think the term 'trusted third party' is an oxymoron."

    SecurPC is a file encryption product for Windows and Macintosh computers. It lets users encrypt specific files on their PC. Some encrypted files can be sent to others via email, then opened with a password the sender provides, but SecurPC is not an email product itself.

    "We see the product as part of a secure remote access product set. Companies need both strong authentication and file encryption to protect company assets," said Power.

    "This type of encryption, where an individual user can encrypt files, is what people worry about--the ability for the bad guys to encrypt files," he added. "This category has suffered from weak encryption."

    The SecurPC announcement follows two Security Dynamics' announcements earlier this week. Security Dynanmics will resell a new service from Verisign, in which Security Dynamics holds a 25 percent ownership stake, to let companies issue their own digital certificates but have VeriSign handle management and back-office support.

    Yesterday Security Dynamics announced a bundling deal with Ascend for its virtual private network (VPN) products.