PRESS CONTACTS: Kurt Stammberger Nancy Teater RSA Data Security Inc. Hamilton Communication Phone: (415) 595-8782 Phone: (415) 321-0252 Internet: kurt@rsa.com Internet: nrt@hamilton.co
Initial toolkits from Terisa Systems will support the development of secure WWW clients and servers. The World Wide Web is a popular Internet application architecture that enables easy access to multimedia information distributed across the thousands of computers that comprise the Internet. However, use of the WWW in commerce requires features such as authentication, authorization, encryption and payment that are currently not well supported.
Terisa Systems will provide an integrated solution to all of these needs based on RSA's public key cryptography and EIT's Secure-HTTP (HyperText Transfer Protocol), an enhanced version of the World Wide Web's internal communications language. Secure-HTTP ensures the authenticity of transactions and the confidentiality of information exchanged via HTTP. With a Secure-HTTP enabled application, a user can affix digital signatures that cannot be repudiated, permitting digital contracts that are legally binding and auditable. In addition, sensitive information such as credit card numbers and bid amounts can be encrypted and securely exchanged.
Secure-HTTP can incorporate a variety of cryptographic standards and support interoperation between programs using different cryptographic algorithms. This is particularly useful for interaction between domestic and foreign users, where foreign users may not have access to the same algorithms as domestic users.
Allan M. Schiffman, chief technical officer of EIT, said, "We've had tremendous interest on the part of developers in Secure-HTTP, but haven't been able to address their needs for a fully integrated package. Terisa Systems will provide 'one-stop shopping' for developers and give them the technology and support they need to get their applications to the market quickly."
According to John Young, chairman of Smart Valley Inc., "The Internet has been evolving quickly as a medium where businesses can interact, but it is weak in key areas, such as security, which is critically important to business. Terisa Systems is taking a significant step forward in enabling electronic commerce by providing a standard security implementation for software developers in this market."
Public key cryptography is a security technique that uses a matched pair of encryption keys. Data encrypted with an RSA public key can only be decrypted with the corresponding RSA secret key, and vice-versa. In contrast, traditional shared-key cryptography requires correspondents to agree on a secret encryption key before they can communicate. Public key cryptography avoids the need for prior agreement on keys, thus assuring security between unfamiliar correspondents.
James Bidzos, president of RSA, said, "Rapidly growing interest in business use of the Internet is producing a lot of interest in our security technologies. Developers, however, have been looking for a consistent, interoperable, and quick way to incorporate these technologies. Terisa Systems will meet these needs by delivering RSA cryptography wrapped in a high-value Web security system."
In April, EIT, RSA, and NCSA announced an agreement to jointly develop and distribute secure versions of NCSA Mosaic and NCSA HTTPD based on RSA's public key cryptography and EIT's Secure-HTTP software. The enhancements are to be made available to NCSA for widespread public distribution for non-commercial use; Terisa Systems will now assume the responsibility of providing these versions. Terisa Systems' commercial line of toolkits and support systems will further enhance the secure Mosaic and HTTPD implementations with additional performance, functions and support options.
According to Joseph Hardin, director of the group that developed NCSA Mosaic, "Mosaic's growth in the marketplace has been explosive, and has positioned it as the application of choice for users of the World Wide Web. With Secure-HTTP, Mosaic can become a framework for companies to engage easily in routine commerce on the Internet. By providing a standard source for toolkits and support, Terisa Systems will address the need of developers to implement Secure-HTTP applications quickly so they can compete in the World Wide Web marketplace."
SecureWeb Viewer Developer's Toolkit Intended for developers of World Wide Web clients, this toolkit is used to create viewers and other applications that can communicate with Secure-HTTP enhanced WWW servers. In addition, the toolkit will include a facility for managing multiple certificates and keys, enabling, for example, the automatic selection of an appropriate key through negotiation with the server. User interface components will provide easy-to-understand control over secure communications, using icons to make clear the status of confidential or digitally signed documents and other information.
SecureWeb Server Developer's Toolkit Intended for developers of World Wide Web servers, this toolkit facilitates the creation of WWW servers that communicate with Secure-HTTP enhanced viewers. The toolkit addresses the more demanding server aspects of key and certificate administration. It includes tools for storing and managing multiple keys and certificates, associating appropriate keys with requests for particular documents, and managing the revocation of certificates and keys. It also will provide a stronger and more manageable document access control system.
Certificates Certificates are central to the use of public keys, for they guarantee public key authenticity. While Secure-HTTP works with hierarchical public key certificates issued by major institutions, in the future, Terisa Systems plans to provide toolkits that allow organizations to issue their own certificates. These certificates, called "lightweight" because they may not be supported by rigorous user validation, enable businesses to manage the certification process and issue their own certificates.
Availability Initial implementations of Secure-HTTP and Secure-HTTPD will be provided to NCSA in September, 1994 for subsequent non-commercial distribution. Fully-supported Terisa Systems commercial security products will be available in the fourth quarter of 1994.
In addition to toolkits, Terisa Systems will provide full support services, including technical support, tutorials, training, an on-line information service and custom consulting.
Enterprise Integration Technologies Corp. (EIT), of Palo Alto, Calif., is an R&D and consulting organization, developing software and services that help companies do business on the Internet. EIT is also the project manager for CommerceNet, the first large-scale market trial of electronic commerce on the Internet.