Intel Corp., reeling from a controversy over a supposed privacy weakness in its Pentium III chip, has taken another step that may help reassure computer users about security.
Intel has teamed up with RSA Data Security Inc. to strengthen hardware security with the Intel 810 Chipset that was announced last week.
The new-generation chip includes a random number generator. Randomly produced numbers are the basis for the cryptographic operations that RSA software is called on to perform throughout the corporate and electronic commerce worlds.
RSA has enhanced its BSAFE tool kits to make it easy for system developers to take advantage of the Intel chip's random number generator, or RNG.
The capability is different from-and addresses different concerns than- the Pentium III's embedded serial number that aroused the ire of privacy advocates in recent months. Though many corporations and their software suppliers saw the serial number as a valid tool for authenticating system users, Intel agreed to ship the chips to personal computer manufacturers with the serial numbers turned off.
Mike Vergara, product manager for RSA Data Security's core cryptographic product line, said his company was not affected by the serial number debate and is pleased to focus on the "vastly different" RNG enhancement.
"Everyone dealing with desktop security knows that the random number is the first building block for cryptography," Mr. Vergara said in an interview. "Intel makes people's lives a lot easier by doing this."
RNG has been integrated with RSA's BSAFE Crypto-C and Crypto-J software development kits so that "our users can easily handle this on new PCs while still being able to maintain a high level of security on older PCs," Mr. Vergara said.
RSA, which is based in San Mateo, Calif., said its upgraded software will be available concurrently with the Intel 810 Chipset next month. Intel intends to distribute the Crypto-C kit to all its security software licensees, and RSA will work directly with developers to create security- enhancing applications.
The RNG programs are the first of what both companies said are many that will result from an alliance that they started in January. It put RSA in position to be the first company in the field to announce such support for the new Intel Chipset.
The next steps are not being disclosed, but Scott Schnell, senior vice president of marketing of both RSA and its parent, Security Dynamics Technologies Inc., said, "We will continue to promote the integration of our security products into new environments."
"We look forward to continuing our relationship with RSA as we expand our hardware security offerings in the future," said Michael Glancy, general manager of Intel's platform security division.
As is generally the case with data encryption and authentication methods, systems are better protected when the techniques are built into hardware. The Intel chip generates the random-number "seeds" for data encryption keys in a few milliseconds, and the process is not as vulnerable to compromise or error as are software-based mechanisms that may require user input via a computer mouse or keyboard.
"For most people, (RNG) is more efficient," Mr. Vergara said. "It doesn't require the user to do anything."
He conceded that a number generator alone does not create a "fully trusted PC," but it is "one key part of making the PC more secure."
In a separate announcement, RSA said the electronic commerce security vendor Authentic8 Inc. has chosen to incorporate BSAFE Crypto-C in its systems.
Authentic8, a Bellevue, Wash., company founded on smart card technologies originally developed by Philips Electronics, combines chip cards with public key encryption infrastructures for establishing digital credentials in e-commerce.
"Authentic8 customers will be able to achieve a higher level of trust, especially in remote-access situations," with the RSA implementation and its multiple encryption options, Mr. Schnell said.
