Doors Opening for Cryptographic Key-Maker

Selling a device that competes against smart cards, and through other hardware and software that seems tailor-made for the Internet commerce boom, Rainbow Technologies Inc. is showing signs of emerging from years of data-security obscurity.

The company has generated "more excitement than we have seen in years" with its iKey, the little semiconductor carrier that arguably outperforms smart cards, said Rainbow chief technology officer Shawn Abbott.

Beyond that, the Irvine, Calif., company this week is making a series of product development and reseller announcements indicating increased momentum in the information security market in general and in demand for Rainbow specialties in particular.

Implicit in the announcements is a growing interest in these cryptography-related technologies among financial services companies, which turn to Rainbow products -- at times through reseller channels -- to shore up security in their on-line infrastructures.

The company has so opened its eyes to banking and financial opportunities that Mr. Abbott, a premier computer security expert, has taken an interest in the hot topic of electronic bill presentment and payment.

"Banks are in a position to add value and get paid for it," Mr. Abbott said, adding that data security products are bound to play a role. "This is a burgeoning market and a big reason why we want to stay close to banks."

In business since 1984, and with $110 million of annual sales, Rainbow is typical of a class of technology company that thrived on government contracts and did not gain much private-sector recognition until the "technology transfer" phenomenon took hold.

The heavy use of data encryption to secure sensitive government files spawned the need for highly assured user authentication through the Defense Department's Fortezza card program, for example.

As the same technology was applied to secure Internet purchases and financial transactions, cryptography and authentication operations burgeoned, and the processing of the complex algorithms had to be made more efficient.

Rainbow Technologies, among a group that includes International Business Machines Corp. and a number of smaller and younger firms, serves those markets with an emphasis on security embedded in hardware devices. Rainbow's flagship in this area, the Cryptoswift accelerator, enhances the security of Web servers and enables customers such as E-Trade Group and Wells Fargo Bank to keep up the pace of encrypted on-line transactions.

Rainbow, which claims Cryptoswift is the most widely deployed Internet security product because of its incorporation in popular Net commerce platforms, is introducing a "secure key storage" enhancement. The private keys that are used in scrambling secure messages are converted into safer hardware-storage mode.

Mr. Abbott pointed out that hardware-based key storage has been long accepted in government and banking. Private keys in software on a server are easy prey for hackers, and therefore "putting keys into hardware is cheap insurance."

"These days, e-business servers are expected to meet the same high-reliability and security standards" as in high-assurance financial and government systems, Mr. Abbott said, "and Cryptoswift will let them meet those objectives."

Mr. Abbott said it was technically challenging to make hardware storage work on Internet products and required "education of the marketplace."

Secure key storage works on the current generation of Netscape enterprise, directory, and certificate servers, and Microsoft compatibility is one generation away, Mr. Abbott said.

One opening into the banking world is Identrus, the joint venture of major multinational institutions that is combining smart cards, digital certificates, and related technologies to authenticate buyers and sellers in business-to-business electronic commerce. Rainbow has supplied its hardware security module to Bank of America Corp. for its Identrus effort, currently well into interoperability testing with other banks.

Mr. Abbott said hardware for physical security and key management "is the last piece of the puzzle" for that type of banking network infrastructure. Other customers include Datek Online, Stamps.com, and Royal Bank of Canada.

In another potentially significant inroad into banking, Rainbow signed Piedmont Technology Group of Charlotte, N.C., as a Cryptoswift reseller.

Piedmont is a major distributor to First Union Corp., also of Charlotte.

"This is the first really big bank we have gotten through a VAR," or value-added reseller, said Robert P. Bova, Rainbow's director of business development.

"We hope that what we do here will bring more VARs to us."

John Cugliari, director of marketing for Piedmont Technology Group, said the Cryptoswift accelerator will fit into "our comprehensive line of end-to-end, Internet-based business solutions.

"One of our on-line banking customers recently solved their SSL (Secure Sockets Layer protocol) transaction delays by incorporating Cryptoswift into its electronic commerce servers.

Cryptoswift lets us provide our customers with the highest level of Internet performance and security available."

On the iKey front, I/O Software of Riverside, Calif., said it is combining the token with its SecureSuite program, which offers a set of security options including biometrics and smart cards. The iKey can replace passwords and other authentication methods for controlling access to computers and networks.

The device is designed to fit on a key ring and be inserted in a computer's USB -- universal serial bus -- port. The memory and programming can be the same as on a smart card, but there is no need to distribute and install special reading equipment. Rainbow emphasizes that it can get the unit cost under $10 in large quantities, perhaps higher than each smart card but without the added infrastructure costs.

"We made one proposal to a bank that we could deliver a smart card reader for $15, and they said even that was too expensive," Mr. Abbott said.

He said higher-order memories, such as 64K, can be delivered on the iKey chip faster and more practically than on smart cards.

Rainbow has shipped 100 iKey developer kits.

Company officials have said that iKey will not necessarily derail smart cards, though they expect to make an impact in corporate or enterprise networks that can benefit from a "plug and play" authentication system that costs less than those requiring other types of hardware tokens.

At the same time, Mr. Abbott said, iKey, as it becomes capable of performing complex digital signature calculations, could help accelerate the upgrading of on-line banking programs to digital certificates, a higher form of identity assurance than passwords and personal identification numbers.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER