Certicom Corp. and 14 other companies have established a consortium to set technical standards for elliptic curve cryptography.
The ECC technique has been championed by Certicom as an alternative to the RSA data encryption algorithms in common corporate use.
The long streams of digital bits that are keys to locking and unlocking encrypted message codes are shorter and faster to process under the ECC method. This makes it attractive for securing communications or electronic commerce on space-constrained devices such as smart cards, personal digital assistants, and mobile telephones.
Some cryptographic scientists have withheld total approval of ECC, saying it needs further laboratory testing and market proving. That process is under way. Even RSA Data Security Inc., despite partiality to its own inventions that became de facto standards, has made ECC methods available in its tool kits for system developers.
The new Certicom-centered consortium, the Standards for Efficient Cryptography Group, or SECG, is tackling a different problem: the diverse ways in which ECC can be implemented.
"While ECC has become widely accepted as the key technology for next- generation communications and commerce solutions, the existing standards have fostered the creation of many diverse implementations that are not interoperable or compatible," said Scott Vanstone, chief cryptographer for Certicom and a member of SECG's advisory board. "The SECG will solve these challenges through a specific focus, while delivering the full benefits of elliptic curve technology for a wide range of solutions throughout the information security infrastructure."
Among the 15 founding members-Certicom said participation in the group and advisory board is open-are communications, software, and payment- security companies interested in streamlining crypto processes, such as Certicom licensees 3Com Corp., Hewlett-Packard Co., and Motorola Inc.
Among those on the advisory board are Alfred Menezes of the University of Waterloo in Canada, who with Mr. Vanstone and others did important work on ECC, and the prominent data security consultant Bruce Schneier of Counterpane Systems in Minneapolis.
Certicom, which has offices in Toronto and San Mateo, Calif., said it will host a conference in February where the first SECG documents will be reviewed.
The company said the standards have been under development for several months and draw on efforts undertaken under the ANSI (American National Standards Institute,) ISO (International Organization for Standardization), and IEEE (Institute of Electrical and Electronics Engineers) frameworks.
Bob Frith, manager of standards strategy and development for Motorola, said wireless communications and electronic commerce technologies "will require highly scalable and efficient elliptic-curve-based public key infrastructures. We believe the SECG can define specifications that will accelerate the integration of elliptic curve cryptography" into these applications.
"The SECG will facilitate interoperability between independently developed implementations of ECC," said Denny Georg, director of the computer systems laboratory and general manager of systems and technology in HP's enterprise systems group. -Jeffrey Kutler
u
Certicom announced two vice president appointments: Stewart Noyce, responsible for corporate marketing strategy and execution, and Richard Depew in international business development.
Mr. Noyce has 15 years of experience in the network computing industry, including senior product management and marketing positions with Geoworks and Sun Microsystems.
Mr. Depew is responsible for marketing and licensing strategies abroad and for partnerships and distribution channels in Europe, Latin America, and Asia. He was previously vice president of global sales at Litronic, a developer of smart-card-based security tokens.
