Certicom Corp., which has been trying to win the information security market over to an unconventional form of data encryption, is doing its bit on behalf of another underdog: smart cards.
The Toronto company that champions elliptic curve cryptography - a challenge to the more established commercial methods based on RSA Data Security Inc.'s technology - introduced a Smart Card Evaluation Tool Kit two weeks ago during RSA's annual security industry conference in San Jose, Calif.
The kit is designed to help system developers evaluate and eventually deploy elliptic curve on smart cards-and thereby help to prove Certicom's selling point that the approach brings heavy-duty data protection to cards, pagers, cell phones, and other devices that have limited memory and computing capacity.
Certicom, which was founded in 1985 and has its sales and marketing headquarters in San Mateo, Calif., emphasizes the efficiencies that come with shorter encryption keys. In elliptic curve cryptography, or ECC, a key of 106 computer bits is equivalent to an RSA key of 512 bits; an ECC key size of 210 equals 2,048 in an RSA or digital signature algorithm operation, according to Certicom scientists.
Though ECC lacks the years of rigorous testing and attacking to which RSA programs have been subjected, it recently gained legitimacy as an American National Standards Institute financial standard, catalogued as X9.62. And RSA Data Security's addition of ECC to its BSAFE tool kits has broadened the community of testers.
"That validated (ECC) as a major cryptosystem," said Certicom chief executive officer Philip C. Deck. "If there is anyone you want to compete with on implementation, it's RSA."
The smart card package is similarly aimed at gaining exposure and legitimacy. With cards from Schlumberger and digital certificates from Verisign Inc., Certicom demonstrated chip card-based authentication for electronic commerce at its RSA exhibit.
"The killer application today for smart cards is enterprise authentication, not stored value," said Certicom president Rick Dalmazzi. "This trend is helping fuel the smart card market. Smart cards provide a level of security that simply can't be met by software-only approaches."
The tool kit, to be available this month, includes a Litronic card reader, five smart cards, a Security Builder software development kit, and sample applications.
Digital Bond Inc., a consulting firm, and Entegrity Solutions Corp., which offers a rapid deployment system for public key encryption infrastructures, are early adopters of the kits. John Weinschenk, vice president of San Jose-based Entegrity, said ECC is appealing to "enterprises concerned with price/performance ... ECC on a smart card will provide the ultimate solution for enterprises concerned about security."
Mr. Deck said, "the cost issue is everything." With chip advocates aiming to get a card's cost down to about $4, from $15 to $20, "our whole smart card story is cost."
