RSA Data Security Inc. said it has been awarded a U.S. patent on data encryption technology that can improve the performance of smart cards and other small computing devices.
The award underscores RSA's commitment to a promising area of cryptography initially championed by competitors.
The patent is for a technique dubbed "storage-efficient basis conversion." It is designed to ensure compatibility between two implementations of elliptic curve cryptography, or ECC.
RSA said the existence of two common but conflicting numbering systems for ECC limits its usability and acceptance. Basis conversion is said to resolve the incompatibility between the polynomial and normal bases of calculation-and in a manner efficient enough to be handled within small or constrained computing appliances such as pagers, cell phones, or smart cards.
Until early last year, RSA - the biggest company in the encryption field and a de facto standards-setter - generally downplayed the idea that ECC would displace the more established RSA methods of encoding and deciphering protected data.
Market interest in ECC, much of it generated by Certicom Corp. of Canada and affiliated scientists at the University of Waterloo, Ontario, led RSA to add ECC to its system developers' tool kits and to try to beat Certicom at parts of its own game.
But Certicom chairman and chief executive officer Philip C. Deck scoffed at RSA's patent announcement last week. He said his company had already dealt with basis conversion "faster and better" and has a patent filing of its own.
He read RSA's move as a recognition that "ECC is where the market is going." He conceded that interoperability obstacles can be significant- Certicom organized the Standards for Efficient Cryptography Group last year to address them-but "basis conversion isn't one of those problems."
Burt Kaliski, RSA's chief scientist and director of the San Mateo, Calif., company's laboratory arm, contended that "the invention described in the patent may enhance interoperability because the 'overhead' for adding conversion capabilities to devices is now only a small fraction of the amount previously required for conversion."
With efficient basis conversion, he said, system developers need not stay on the sidelines waiting to learn whether the polynomial or normal basis of numbering for elliptic curves wins out.
In data encryption, the strength or breakability of a code is determined by the length of a key, measured in computer bits. ECC's attraction lies in its ability to accomplish with a 160-bit string the equivalent of 1,024 for an RSA algorithm.
A conventional ECC basis conversion would require a mathematical table of 25,600 bits-essentially negating the possibility of using a current- generation smart card with only 65,636 bits of total memory, RSA said.
Its invention reduces the conversion-memory requirement from 25,600 to 320.
Mr. Deck said RSA's achievement is "no big deal," and he claimed that Certicom technology operates "eight times faster."
Despite the differences, philosophical and otherwise, both companies are participating in and supporting a race to lower that "processing overhead" and raise the likelihood that digital certificates and other forms of electronic commerce security will be embedded in relatively small computer chips.
Nagy Moustafa, president and CEO of Diversinet Corp., a Toronto-based digital certification company that has allied with Certicom to pursue the small-device market, said he viewed RSA's announcement as a contributor to the "overhead-lowering" movement.
Diversinet itself has devised an approach to digital certification, based on "permissions" that are more compact than full-scale certificates, that is well suited to constrained devices. Certicom and Diversinet technology has been deployed in RIM pagers, marketed by BellSouth in the United States and used for some financial services delivery.
Certicom, meanwhile, is developing "bullet certificates" that reduce the computing demands in standard digital signature operations.
But Mr. Moustafa said that, given RSA's entrenched market position, Diversinet must try to be "encryption independent."
"We have a lot of people requesting RSA," he said. "They may have licensing agreements with RSA or have an existing application using RSA" and not want to replace it with ECC.
And he said some still are concerned that ECC has not passed the tests of time and hack attacks that keep comfort with RSA high.
