Spyrus has added one more data encryption standard to its product menu as it seeks to cover the full spectrum of information security needs.
The Santa Clara, Calif., network security and digital certificate specialist announced TLS Gold, a software developer's tool kit for the Transaction Layer Security protocol.
TLS, the focus of a standardization effort within the Internet Engineering Task Force, is a successor to SSL, the security vehicle for most credit card payments and other transactional sessions conducted on the World Wide Web.
SSL, the Secure Sockets Layer protocol, was invented by Netscape Communications Corp.
In the TLS form it gains "open standard" status, and Spyrus is making a bid for market share by emphasizing flexibility.
Only TLS Gold, it said, gives system developers a choice of cryptographic algorithms. They are not locked in to those of RSA Data Security Inc., the most common on the market, and can instead opt for Diffie-Hellman encryption or the Digital Signature Standard.
The licensing of the latter two is "simpler because there are not so many parties involved," said John Sweet, Spyrus' director of electronic commerce.
With the Internet Engineering Task Force overseeing improvements, "no single vendor controls the implementation," said Mr. Sweet, who joined Spyrus after its recent acquisition of the digital wallet developer BlueMoney Software Corp., of which he was chief executive officer. TLS Gold brings the added benefit of a "choice of ciphers," he said.
Spyrus remains the only vendor besides San Mateo, Calif.-based RSA that can directly license the latter's BSAFE cryptographic tool kit with SSL. The BSAFE source code is included within TLS Gold.
Privately held Spyrus has been broadening its products and services in hopes of establishing itself as a one-stop source of data security technology. It has done that in part through acquisitions, including BlueMoney and Signet Systems of Australia, a provider of public key encryption infrastructures.
Last year it bought the ValueChecker line of portable smart card readers from a unit of Oki Electronics of Japan, helping to widen Spyrus' range in chip cards and other hardware security tokens.
The Spyrus catalogue extends to Talisman/DS, a media encryption system for desktop and laptop computers. Talisman, which can be combined with smart cards or higher-level PCMCIA-type security cards, prevents theft of sensitive data in computer hard disks.
The company's activity in transaction security has accelerated since its 1997 acquisition of Terisa Systems Inc.
Spyrus played a key role in the commercial acceptance of SSL since the release of its first tool kit in October 1995. The company has also been close to the development of SET, the Secure Electronic Transaction protocol, which the MasterCard and Visa associations have promoted as a superior payment-security alternative to SSL. Terisa was responsible for the SET reference implementation.
Mr. Sweet said he sees Spyrus as out in front of other SSL/TLS competitors, which he identified as RSA Data Security; Certicom Corp., which last year bought SSL tool kit leader Consensus Development Corp.; and Netscape, which is now an America Online Inc. subsidiary. Competition should be good for the spread of TLS.
TLS "is an important step forward because it establishes an open standard for a critical part of security on the Internet," said Win Treese, an Open Market Inc. executive who is chairman of the Internet Engineering Task Force's TLS Working Group. "TLS has been widely reviewed by the IETF community. The resulting protocol is both improved and free of control by any single vendor."
