Gemplus Teams Up with Digital Certificate Firm

Gemplus, a smart card company that is placing great emphasis on information security, is making common cause with the digital certificate company Baltimore Technologies.

The two Europe-rooted organizations have announced a sales and marketing agreement that includes the integration of Gemplus' GemSafe smart card system into Baltimore's public key infrastructure, or PKI, technology.

Billed as a source of "portable security for e-business," the alliance offers another in a growing number of alternatives for digital authentication via desktop devices in corporate enterprises and potentially at personal computers in the home.

With digital credentials stored in a smart card chip and readable in computer equipment or devices supplied by Gemplus or others, the security they afford becomes portable. Gemplus has been focusing on IT, or information technology, uses of smart cards for more than a year and says its GemSafe has been adopted by the computer makers Compaq Computer Corp., Hewlett-Packard Co., International Business Machines Corp., and numerous software and systems integrators.

Baltimore's joining that list was one of several developments announced at the PKI vendor's Global e-Security '99 convention this month in Dublin, where the company is based. Included among enhancements to its Unicert certificate authority system was a deal with another hardware security vendor, Chrysalis ITS of Ottawa, Canada, for the Luna CA3 system that manages and protects the root keys that govern PKI hierarchies.

Baltimore described Luna CA3 as "the de facto standard for root-key protection, used in PKIs worldwide."

"This extended support for Luna CA3 further enhances our overall PKI offering and provides the highest level of security assurance for mission-critical security infrastructures," which can now also easily accommodate GemSafe cards and readers at the client end, said John O'Sullivan, executive vice president of engineering at Baltimore Technologies.

"We were conscious of the importance of interoperability in choosing our PKI technology, in particular the ability to interface seamlessly with smart cards," said Paddy Holohan, Baltimore's executive vice president of marketing. "Smart cards do not only provide enhanced security; their ease of use offers a convenient, user-friendly means for portable user authentication."

He said the combination of GemSafe cards with Baltimore's Unicert certificates, which is immediately available, "will facilitate the widespread deployment of smart-card-based PKI systems for both e-commerce and enterprise applications."

Baltimore has committed to supporting GemSafe in future versions of the Unicert, MailSecure, and PKI-Plus software. KMD, which operates a digital certificate authority, or CA, in Denmark, is already using an integrated GemSafe-Unicert system.

KMD vice president for technical development Finn Grimstad said, "We recognized that both Baltimore and Gemplus were leaders in their respective fields, and the fact that they had already completed integration work as part of (the vendor-cooperation program) Baltimore PKI World resulted in the easy establishment of our CA services."

Olivier Chavrier, France-based Gemplus' IT marketing manager for Europe, the Middle East, and Africa, said, "PKI technology has become the de facto standard to secure open networks. Smart cards increase the performance of any PKI implementation" through enhanced security, portability, and ease of use.

Officials at Baltimore, now with 450 employees and its stock recently listed on the Nasdaq market, were buoyed by an attendance exceeding 600 at the Dublin event.

They plan to take the show to the United States next year, attempting to rival one sponsored by competitor Entrust Technologies Inc. of Richardson, Tex., which in June attracted 1,200 to its SecureSummit '99 in Orlando.

Both companies license data encryption technology from RSA Security Inc. and participate in that company's fast-growing annual conferences each January, which have been seen as encouraging barometers of interest in information security for the Internet economy.

Baltimore's turnout and response "demonstrated the growing importance of PKI technology in business," said the company's chief executive officer, Fran Rooney. "Feedback from the convention confirmed that PKI has become an integral component of secure e-business. This year's success has built an excellent foundation for what is to come with Global e-Security 2000."

Gemplus was billed as a corporate sponsor of Global e-Security '99, as was Sun Microsystems Inc. Baltimore used the occasion to announce that its Unicert CA will be available this month on Sun Solaris operating systems. WorldTalk Corp., a specialist in e-mail security, said it had joined the Baltimore PKI World program, in part to help broaden the appeal of its WorldTalk/Mail product.

Baltimore also introduced an Advanced Registration Module, or ARM, for Unicert, designed to make it easier to configure and integrate PKI with smart cards and legacy and back-end systems such as human resources data bases.

CBL WorldKey LLC of Geneva demonstrated its Global Peak Certification Authority service at the Dublin conference. A joint venture of Credit Bancorp Ltd. and WiseTrust SA, CBL WorldKey is offering a global certification program that it calls an Attribute Authorization Authority, or AAA.

The AAA "enables businesses, governments, or any organization anywhere in the world to encode specific attributes into their certificates," said CBL WorldKey CEO Richard J. Blech. "With these attributes in place, authentication of the users can be exactly tailored to their e-commerce needs."

Baltimore Technologies is the root key supplier for the WiseKey certification authority used by CBL WorldKey.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER