Judging from the turnout, fear and uncertainty still bring in the crowds. The 10th annual RSA Conference got under way here in San Francisco under a benign spring sky as 10,000 people trooped in to gab about cryptology enhancements, hackers, e-security and digital signatures. The event kicked off with a press luncheon hosted by RSA Security Inc. and Scott Schnell, the company's senior vice president of marketing and corporate development. To strains of Kenny G (perhaps this encrypted our conversations), Schnell noted that the most popular panel was titled "Hackers and Threats," which must explain the abundance of ponytails, tattoos and army jackets. But not to be outdone, Schnell said the event has decidedly gone mainstream, evolving from 60 mathematicians 10 years ago to the enterprises and businesses "who must secure their electronic transactions and computer systems" today.
Several specific announcements were directly related to RSA Security, the Bedford, Mass.-based company that has been at the forefront of computer security issues since the genesis of the browser-based Internet.
First, the company is expanding its RSA BSafe technology to include cable broadband access, as well as Java applets using IPSec protocols. Designed to increase security on virtual private networks (VPN), RSA's new tool kit is designed to allow developers access to the policy management, certificate management and cryptographic libraries necessary to build greater security into the burgeoning corporate VPN market. This is a broad acknowledgement that voice, data and video networks must all be secured against unwanted intrusion and violation.
Themes of this tool kit include always-on technology, high-speed verification, and acceptance of multiple technology platforms such as mobile devices, along with an effort to simplify users' access to adopt new technology within a security framework. All told, this is RSA's positioning in the cable broadband appliance market: to secure the network infrastructure. RSA hopes to populate cable modems with its security architecture at the manufacturing site, leaving the rest of us free to get on with our work and lifting a great deal of the security burden from IT personnel.
A second announcement was related to technology enhancements to BSafe Crypto. Those enhancements will double the speed of verification and authentication and add support for digital signing in XML-based files; they will also enable public-key infrastructure technology in Java applets. These features, according to Schnell, should permit certificate status protocols to determine in real time the validity of digital certificates -- something he said was of particular interest to the financial services community.
RSA Security also announced an alliance with LM Ericsson Telephone Co. and will be licensing RSA BSafe to the Stockholm-based mobile phone maker. This deal gives Ericsson Internet-enabled wireless mobile phones and devices with embedded security from RSA. This is similar to a deal RSA already has with Matsushita Communications Industrial Co. to incorporate BSafe Crypto into I-Mode phones. RSA already has licensing deals with Nokia Corp., Fujitsu Ltd. and NEC Corp.
Finally, RSA revealed an alliance with Mountain View, Calif.-based VeriSign Inc., as well as moves to incorporate BSafe Crypto into the Palm operating system before the end of this year.
All of these announcements point too the creation of a "personal trusted device" as described by Schnell -- a device that offers authentication, digital signing capability, phone and desktop integration, embedded with Bluetooth technology and RSA level security.
According to Christian Christiansen, program vice president for Internet infrastructure and security software at Framingham, MA-based IDC, "It looks like they have stepped up to the fact that they need to be a major player in the wireless security area. The Ericsson deal is a powerful indication of a move in that direction."
Christiansen said that as mobile devices are able to access more data, and as the data "becomes more confidential and privacy becomes more of a concern," security is critical to the emergence of wireless infrastructure.
"You need security, privacy and trust to get to the real electronic wallet," said Christiansen. "You need a high degree of confidence, not that you won't be ripped off, but that someone isn't tracking your interactions -- that it will be a trusted connection with the party you intended."
He added that it will probably be about three or four years until we get to that state here in the U.S., and about one or two years in Europe.
Security as the province of scientists has clearly moved on to every class of communications and storage. That's the real theme of RSA Conference 2001.
This story, "RSA Conference: Hackers, threats and security concerns dominate" was originally published by Computerworld.