Hewlett-Packard Co. of Palo Alto, Calif., has proclaimed a breakthrough in data encryption technology that it says will clear the way for on-line banking and other forms of global commerce on the Internet.
Unveiled last month in Washington, the international cryptography framework, or ICF, won a U.S. government endorsement that has eluded other versions of what is known in data security circles as "strong cryptography."
With early approvals coming from government agencies in Britain and France and export sanction from the Department of Commerce, Hewlett-Packard said it expects ICF to become "the secured passageway" for domestic and international transmissions such as corporate files, banking data, medical records, and passwords.
Under a storm of criticism from high-technology companies and system suppliers like RSA Data Security Inc., the U.S. government had stood in the way of strong-encryption exports because of Cold War concerns that the military would be unable to decode enemies' communications.
ICF, which Hewlett-Packard will license and market in many of its products, allows for multiple levels of security that can be adjusted to any task, the company says. Also, it says, the framework can comply with varying regulations and satisfies the U.S. concerns, despite being able to support "keys" - the computer bit streams that encode messages - of any length. (The longer the key, the more difficult it is to unravel.)
Enabling exportability, Hewlett-Packard said, is the fact that the cryptographic devices are disabled until activated by a "policy activation token" - a smart card or software module that triggers the appropriate encryption algorithm.
The development "fortifies the walls of cyberspace security for electronic commerce," said HP chairman Lewis E. Platt. "People can feel as safe sending financial information over the Internet as they can putting it in a safety deposit box."
Mr. Platt also said ICF addresses "the security and data-integrity issues that have impaired and frightened users in the past."
The technology "is flexible enough that we can apply new encryption rules" as they are developed, he added.
Hewlett-Packard listed RSA Data Security, Intel Corp., Microsoft Corp., and Trusted Information Systems as "partners developing ICF technologies and products." Gemplus, Informix, Netscape, Oracle, and Verifone were the first to announce support for ICF in their Internet-related products.
"Electronic commerce must be freed from the limitations of political boundaries to succeed," said RSA president Jim Bidzos. "By developing an exportable encryption framework acceptable to the U.S. government, HP is making a significant contribution to the competitiveness of the U.S. technology industry."
