Keon Security System Upgraded with Certificates

Security Dynamics Technologies Inc.'s Keon information security framework is being enhanced with digital certificates.

Addressing the growing corporate demand for on-line authentication technology, Security Dynamics on Monday announced Keon Certificate Server 5.0.

The latest in the field of products and programs designed to make it easier to establish secure Web-based businesses, the Certificate Server "is targeted at outbound, new-business-creation activities," said Scott Schnell, Security Dynamics' senior vice president of marketing.

Mr. Schnell, who holds the same title at RSA Data Security Inc., the Security Dynamics subsidiary and preeminent data encryption company, said the certification product should be useful to banks in such areas as electronic bill presentment, any transaction that requires more than a modicum of personal identification, and e-mail and corporate extranet activities involving remote access to computers.

Security Dynamics and RSA are far from alone-or first, for that matter- in marketing a digital certificate system. Like others, they are making claims about "end-to-end security" and ease of installation and use, things that have been elusive.

Many rivals are licensees of RSA technology. One of them, Verisign Inc., is a successful spinoff of RSA and a strategic ally on the Keon Certificate Server.

Security Dynamics, with what Mr. Schnell termed "RSA engineering," is trying to set Keon Certificate Server apart on several fronts.

"We have the Verisign engine, but we are building a lot of things around it," Mr. Schnell said in an interview. These include administrative functions, a certificate revocation list to check that on-line credentials are valid, and support for IPSec, a security protocol for virtual private networks.

Waiting until now was an advantage, he said, because "we are not saddled with code based on old standards or lack of standards."

He said simplification of the public key infrastructure, or PKI, has been achieved through an Internet browser interface and the ability to customize.

"Users don't notice the complexity," Mr. Schnell said. "A subscriber to a service can go through the usual question-and-answer commands and have a certificate installed in the process."

Mr. Schnell pointed out that the certificate system is by definition compatible with the rest of the Keon line that was introduced in January, and with RSA development tools. "We will be the first to integrate a wide range of authentication applications at the desktop," he said.

Keon Certificate Server is also breaking a mold with its pricing, by not charging per certificate. It will be volume priced, with site-licensing possibilities. In an unusual twist, it will be sold both through original equipment makers and directly to companies. Costs as high as $50 per workstation could be driven as low as $5.

"We got a lot of strong customer feedback on the pricing," Mr. Schnell said. "We think, in another year, everybody will be going this way."

The flexibility and per-user pricing should "help organizations spend less time worrying about infrastructure and security, and focus more energy on their business."

With beta testing almost completed, Certificate Server is due for delivery in mid-July.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER