Chrysalis-ITS Introduces LunaCA; Cryptography System Adds Trust and Assurance to PKI Certification Authority.

OTTAWA--(BUSINESS WIRE)--Nov. 10, 1997--Chrysalis-ITS today introduced the LunaCA family of high-performance encryption co-processors. The LunaCA brings a new level of security to Certification Authorities (CAs) and their clients by taking over sensitive cryptographic processing from the CA's host computer and executing it on the more secure LunaCA processors. Certification Authorities certify and issue digital certificates, which are essential to ensure security in electronic commerce.

The LunaCA provides a new level of security to CAs because the CA's root keys - the fundamental encryption keys on which all the digital certificates it issues are validated - are stored in the LunaCA. The LunaCA's architecture enables users to create keys and sign digital certificates in the LunaCA, without the encryption algorithm A formula used to turn ordinary data, or "plaintext," into a secret code known as "ciphertext." Each algorithm uses a string of bits known as a "key" to perform the calculations. The larger the key (the more bits), the greater the number of potential patterns can be created, thus making or root keys ever being directly addressed by the CA host server. That means the algorithms and keys remain in the LunaCA, and are never moved to the server, where they would be vulnerable to outside intruders, viruses, inadvertent erasing, and complications from system failures.

The LunaCA is available in two models. The LunaCA 2000 is a dual-processor system designed for organizations implementing their own Public Key Infrastructure. These typically are users of products such as Entrust Technologies' Entrust system and Xcert's Sentry CA. The LunaCA 8000 has eight processors, and is designed for third party Certificate Authorities, such as VeriSign, Inc., that generate large numbers of key pairs and certificates daily.

Each LunaCA processor module contains its own 233 MHz (MegaHertZ) One million cycles per second. It is used to measure the transmission speed of electronic devices, including channels, buses and the computer's internal clock. A one-megahertz clock (1 MHz) means some number of bits (16, 32, 64, etc. , 32-bit RISC processor RISC processor [Reduced Instruction Set Computer], computer arithmetic-logic unit that uses a minimal instruction set, emphasizing the instructions used most often and optimizing them for the fastest possible execution. and 1 Mbyte of memory in a PC Card format. This gives each processor module the ability to securely store 605 RSA (1) (Rural Service Area) See MSA.

(2) (Rivest-Shamir-Adleman) A highly secure cryptography method by RSA Security, Inc., Bedford, MA (www.rsa.com), a division of EMC Corporation since 2006. It uses a two-part key. 1024 private keys, each 740 bytes long.

The LunaCA already is being used by VeriSign, Inc., the leading U.S. Certification Authority, and Xcert Software, Inc., a leading provider of CA software.

Hits VeriSign's "Sweet Spot"

VeriSign, Inc. will use the LunaCA for internal operations, according to according to
prep.
1. As stated or indicated by; on the authority of: according to historians.

2. In keeping with: according to instructions.

3. Arnold Schaeffer, VeriSign's Vice President of Engineering. "The LunaCA hits the sweet spot in the market for us," he said. "Its security features will help us protect our private keys, and its performance will speed up many of our operations."

VeriSign uses a combination of hardware, software, and digital signatures for its internal operations. "The LunaCA provides us with the right combination of security, price, and performance that will allow us to replace our high volume software signing operations with the LunaCA," Schaeffer said. "Not only will our customers get their certificates faster, but they also will have the added assurance of hardware private key protection."

Schaeffer noted that VeriSign customers will notice a difference when the LunaCA is used for Secure Electronic Transaction Secure Electronic Transaction (SET) is a standard protocol for securing credit card transactions over insecure networks, specifically, the Internet. SET is not itself a payment system, but rather a set of security protocols and formats that enables users to employ the existing (SET) operations for credit card transactions. "SET requires seven-digit signature operations, each of which takes multiple seconds today," he said. "The LunaCA can do them in seven hundredths of a second."

Entrust support in 1998

"We're delighted to have Chrysalis chrysalis (krĭs`əlĭs): see pupa. join the group of vendors that support PKCS (Public Key Cryptography Standards) Specifications from RSA Laboratories for various techniques used with RSA public key cryptography. With cooperation from security experts worldwide, PKCS #1 covers the RSA standard itself. #11 and other open standards Specifications for hardware and software that are developed by a standards organization or a consortium involved in supporting a standard. Available to the public for developing compliant products, open standards imply "open systems;" that an existing component in a system can be replaced that allow hardware devices to work with Entrust", said Brian O'Higgins, executive vice-president and chief technology officer. "Support for CA hardware devices- such as LunaCA - which provide a higher level of security for critical functions such as certificate signing operations and CA signing key pair generation and storage - will be available in Entrust software products in 1998."

Integrates with Xcert's PKI (Public Key Infrastructure) A framework for creating a secure method for exchanging information based on public key cryptography. The foundation of a PKI is the certificate authority (CA), which issues digital certificates that authenticate the identity of architecture

"The LunaCA provides powerful encryption co-processors through a standard PKCS#11 interface. This makes it the first scaleable solution that fully integrates with Xcert's PKI architecture," said Patrick Richard, Chairman and Chief Technology Officer of Xcert Software Inc. "LunaCA's hot-swappable modularity also provides useful fault tolerance See fault tolerant.

(architecture) fault tolerance - 1. The ability of a system or component to continue normal operation despite the presence of hardware or software faults. This often involves some degree of redundancy.

2. in some of Xcert's large customer installations" added Richard.

Modular design for maximum uptime

Any LunaCA processor module can be replaced without affecting the server's operation. That means if one LunaCA processor module fails, it can be replaced with another. This "hot-swapping" capability assures maximum uptime.

Key Cloning

LunaCA allows keys from one of its processors to be replicated, or "cloned" on another LunaCA processor. The cloning is done within the LunaCA system, so the keys are never exposed to outside dangers.

Key splitting

Certain keys, such as a Certificate Authority's root keys, are so important that they require extraordinary security measures. The LunaCA enables users to break these keys into a number of segments and write each segment to a separate encryption token. To reassemble re·as·sem·ble
v. re·as·sem·bled, re·as·sem·bling, re·as·sem·bles

v.tr.
1. To bring or gather together again: reassembled the band for a reunion tour.

2. the key, the holder of each token must be present. This capability, called "key splitting", assures that no one person can access the key without the participation of the others.

FIPS (Federal Information Processing Standards) A series of publications issed by the U.S. National Institute of Standards and Technology (NIST) that specifies information security guidelines for federal government departments and agencies. Level 3 tamperproof tam·per·proof
adj.
Designed to prevent tampering or provide evidence of tampering: tamperproof aspirin containers.  design

The LunaCA's processors are designed to the FIPS Level 3 standard, which assures that the processor cannot be physically compromised. The processor is in a sealed PC Card-format case. If the case is opened, all the keys in the processor are erased, making them inaccessible to the cracker.

Cost and availability

The LunaCA 2000 and LunaCA 8000 are priced at $3,375 and $13,500 respectively. They are available immediately. Both support the PKCS#11 public key cryptography An encryption method that uses a two-part key: a public key and a private key. To send an encrypted message to someone, you use the recipient's public key, which can be sent to you via regular e-mail or made available on any public Web site or venue. standard, and are designed to meet FIPS (Federal Information Processing Standard Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States Federal government for use by all non-military government agencies and by government contractors. ) Level 3 tamperproof specifications. The LunaCA family will be shown for the first time at the Treasury Management Association trade show November 10-12 in San Francisco.

About Chrysalis-ITS

Chrysalis-ITS, Inc., produces standards-based cryptographic tokens and co-processors that add value, improve the performance, and increase the security of Internet security applications.

Chrysalis advanced cryptographic technology can be used by some of the most widely used enterprise security products. They include IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) (r) Corporation's CommercePOINT(TM) electronic commerce software, which uses the Chrysalis-ITS implementation of the PKCS#11 standard, the Netscape Communicator(TM) 4.0.1 browser, Entrust Technologies(TM) EntrustPERMIT(TM), the TimeStep enterprise security system; the InfoCrypt Series(TM) of secure virtual private networking products from Isolation Systems, and the Recluse(TM) high-assurance Web server from Odyssey Research Associates.

More information on Chrysalis-ITS and the Luna Token product family is available on the company's World Wide Web site at http://www.chrysalis-its.com .

CONTACT: Chrysalis-ITS g.m marketing communications

Benita Baker Edgar E. Geithner

613/731.6788 508/875.3821

bbaker@chrysalis-its.com edgar@gdotm.com

COPYRIGHT 1997 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Publication:	Business Wire
Date:	Nov 10, 1997
Words:	1023
Previous Article:	Utility Marketing Services and DocuCorp Offer Cost-Effective Utilities Billing Solutions.
Next Article:	Suez Lyonnaise des Eaux, Through Its Subsidiary SITA, Becomes the European Leader And the World's Third Largest Waste Services Company.
Topics:	Computer network equipment industry Product introduction Encryption software Network hardware industry Product introduction Servers (Computers)

Related Articles
RE: Chrysalis-ITS Announces LunaCA To Become Entrust-Ready(TM); Entrust(R) Customers Offered Additional Hardware Security & Backup with...
Baltimore Technologies CA to Support Chrysalis-ITS Cryptographic Hardware.
Chrysalis-ITS Launches Network Security Processing Development Platform.
Racal Launches New Public Key Infrastructure Tools Providing Easy Access to E-Commerce.
Chrysalis-ITS Selected as Exclusive Hardware Security Provider to VeriSign and VeriSign International Affiliates Worldwide.
AICPA's WebTrust Standards for Certification Authorities Adopted by VeriSign, World's Leading Issuer of Digital Certificates.
ICSA Labs, a Division of TruSecure Corporation, Announces First Testing and Certification Program For Network Intrusion Detection Systems.
Inside AICPA.
CONTRACT AWARD: SSP-LITRONIC WINS $2.3 MILLION INITIAL CONTRACT FOR DOD SECURITY INFRASTRUCTURE.
ADVISORY/ICSA Labs, the Security Industry's Leading Product Testing and Certification Authority, Hosts Educational Session at InfoSec London.