RSA Data Security Inc. has announced a cryptography enhancement that it expects will tap into a rich vein of demand for electronic commerce systems.
The San Mateo, Calif., company, a dominant force in the commercial data encryption market, introduced a new version of its BSAFE SSL-J tool kit. SSL-J is designed for developers in the Java language, which is well suited for Internet commerce because of its programming flexibility and ability to run on any operating platform.
RSA described its newly available version, 2.1, as the first to provide Transaction Layer Security components for Java.
TLS is an advanced and improved version of SSL, the Secure Sockets Layer protocol that defines cryptographic procedures for safeguarding credit card transactions and other communications between Web sites.
SSL, a contribution originally from Netscape Communications Corp., is so entrenched that the MasterCard and Visa associations have had a hard time displacing it with SET (Secure Electronic Transaction), which has more authentication features tailored for credit cards.
Transaction Layer Security does not substitute for SET, but the card community is exploring ways to accommodate an orderly transition from SSL to SET. TLS, the focus of a standardization effort overseen by the Internet Engineering Task Force, is likely to raise service providers' level of comfort.
Security vendors such as RSA can play a key role in the process. A competitor, San Jose, Calif.-based Spyrus, recently came out with its TLS Gold tool kit. As a licensee of RSA, Spyrus was the first to offer that company's patented algorithms alongside other choices.
RSA product manager Michael Vergara said RSA supports TLS encryption in its BSAFE SSL-C tool kit for the C programming language, which was announced in January.
The latest announcement "reinforces RSA's ongoing commitment to expand and enhance its Java security offerings and provide developers with one- stop shopping for all Java security needs," said Scott Schnell, senior vice president of marketing for RSA and its parent, Security Dynamics Technologies Inc. of Bedford, Mass.
"With these new Java-based products, RSA is delivering proven security products from trusted experts to the Java developer community," Mr. Schnell said.
Mr. Vergara said a case could be made that demand for TLS will be correlated with the growing popularity of Java, an invention of Sun Microsystems Inc. He said this is among the many signs of "Java coming of age," as acceptance increases among large corporations.
With growth in e-commerce, "we are seeing demand for not just TLS, but everything across the board," Mr. Vergara said. "Customers are demanding all versions of SSL and TLS in Java. As software becomes Web-enabled, Java is seen by many as the best way to distribute it."
He pointed out that there are still some "performance issues" related to Java that lead companies to prefer C programming on high-volume server computers, whereas Java is better for "porting" to client personal computers. RSA's combination of SSL-C and SSL-J takes care of both ends.
The SSL-J developers kit, at $295, goes hand-in-hand with RSA's BSAFE Crypto-J 2.2 software, which, with Intel computer chips, supports random number generation, a necessary foundation for generating the security codes that scramble sensitive data.
Crypto-J has also been enhanced to serve the encryption export market, a growing opportunity for RSA and others now that certain U.S. restrictions are being reexamined.
The tandem availability of BSAFE Crypto-J and Crypto-C made RSA the logical choice for Just in Time Solutions Inc.'s BillCast on-line billing system, said Brian Valente, the San Francisco company's senior marketing director.
"We required technology that was not only solid in terms of security algorithms, but also easy to implement, with excellent name recognition in the industry," he said. He said the Java product, with its high-speed cryptographic operations, was crucial for accepting thousands of authentication tokens a day.