Certicom Corp. appears to be strengthening its position as a supplier of security technologies for small computing devices and information appliances.
The Canadian company has recently announced several agreements to license cryptographic tool kits. Noteworthy among the licensees are leading providers of set-top television boxes.
To set-top providers Philips Electronics, Neon Technology, and MTX, Certicom is delivering technology based on SSL, the Secure Sockets Layer protocol that is in widespread use in Internet commerce.
Combined with Certicom's championing of elliptic curve cryptography - which it has licensed to several smart card companies and small-device manufacturers such as Palm Computing, among others - the SSL activity has Certicom riding a new wave of data security developments.
Larry Dietz, an information security analyst with Current Analysis Inc., who is based in Santa Clara, Calif., said, "Certicom's play in the set-top box field further establishes them as the leader in this critical new frontier for security solutions."
"Set-top boxes, similar to most next-generation computing devices, have much more challenging security considerations than desktop products," said John Hsueh, vice president of software at Neon Technology in Milpitas, Calif.
The developers' tool kit, which Mr. Hsueh said "provided us with the most advanced security possible," is SSL Plus. The most widely deployed of its kind, SSL Plus is Certicom's by virtue of its acquisition last year of Consensus Development Corp. of Berkeley, Calif.
With both SSL and elliptic curve, an alternative method of data encryption well suited for constrained computing environments, Certicom is hoping to capitalize on the evolution of electronic commerce to remote and wireless devices.
Mr. Hsueh said SSL Plus was "easily and rapidly deployed and our consumers can now safely and securely purchase goods and services from the Internet."
Meanwhile, Certicom has licensed elliptic curve cryptography, or ECC, to BellSouth Wireless Data. SSL Plus with ECC is ready for the next-generation of 3Com Corp.'s organizer, the Palm VII.
Certicom's technology is also embedded with Diversinet Corp.'s digital certification system in an authentication package for Research in Motion Ltd. pagers. All three companies are Canada-based, and RIM is a supplier to BellSouth.
The most recently announced SSL Plus customers, besides Neon, are LPL Financial Services of Boston and San Diego, which operates an extensive brokerage network for independent financial advisers, and Sterling Commerce of Dallas, a leader in business-to-business e-commerce systems.
Mary Van Zandt, Sterling's director of security initiatives, said SSL Plus "proved to be the best at providing the next-generation security capabilities essential for the server authentication and privacy of data transfer across a range of networks."
On the ECC front, Certicom last month said several new members had joined the Standards for Efficient Cryptography Group, which it organized to promote interoperability among the varying implementations of elliptic curve.
The additions, bringing the membership past 20, were announced before the group's first meeting Feb. 18 in San Francisco: ABN Amro, American Express, Deloitte & Touche, Hitachi, InterClear, Pitney Bowes, and Visa International.
Among those already in the fold were Baltimore Technologies, Diversinet, GTE Cybertrust Solutions, Hewlett-Packard, Rainbow Technologies, and Xcert International.
"Visa has always maintained strong advocacy for efficient security standards for a broad range of applications," said Richard K. Hite, its vice president of risk management. "Visa's participation demonstrates our commitment to developing interoperability among the most-efficient security implementations available."
Mona Sana, an American Express Co. security analyst and cryptographer, said ECC "offers significant advantages for token-based electronic commerce applications. We believe the SECG can implement specifications that will accelerate the integration of ECC into these applications."
