nCipher's Hardware Security Modules and Time Stamping Technology Deployed by Microsoft to Authenticate Software.nCipher Technology Used to Publish Microsoft Software Products and as Part of the Microsoft Authenticode Scheme to Help Protect All Commercial and Enterprise Developers STONEHAM, Mass. -- nCipher plc (LSE LSE - Language Sensitive Editor :NCH NCH National Coalition for the Homeless NCH National Coalition for History NCH National Council for Hypnotherapy (UK) NCH National Center for Homeopathy NCH Notched NCH National Claims History NCH Nielsen Clearing House ), a global leader in protecting critical enterprise data, announces that Microsoft Corporation (company) Microsoft Corporation - The biggest supplier of operating systems and other software for IBM PC compatibles. Software products include MS-DOS, Microsoft Windows, Windows NT, Microsoft Access, LAN Manager, MS Client, SQL Server, Open Data Base Connectivity (ODBC), MS Mail, is using nCipher's hardware security modules (HSMs) and time stamping time stamping The stamping of order tickets with the time of entry and execution. For example, options exchanges require stamping of order tickets with the times of execution to the nearest minute. technology to help protect its commercially published software. nCipher's HSMs and time stamping hardware are important components in securing the underlying cryptography and time stamps used as part of the Microsoft Authenticode protocol for digitally signing software in order to prove its authenticity and determine that the software has not been modified, potentially for malicious purposes. Authenticode code signing A method of ensuring that an executable program has come from a valid software publisher and has not been altered by anyone in between. Also known as "object signing," an EXE, CAB, driver or other executable file is digitally signed and transmitted along with a digital certificate from a is at the heart of a broad initiative championed by Microsoft to identify software authored by commercial and corporate application developers, helping to assure users of the code's origin and that the code has not been tampered with since its publication as it executes on Microsoft platforms. The recent launch of Windows Vista The current version of Windows for the desktop. It was released in late 2006 for businesses and early 2007 for consumers. Vista adds numerous features, including improved security and advanced multimedia capabilities. makes it more evident to the user whether or not they are downloading an application that has not been signed. "Authenticode is a critical technology for helping to build confidence and trust in computing," says David B. Cross, director of Program Management for Windows Security at Microsoft. "nCipher's technology is a vital component and a critical part of the signing process for Microsoft software." Microsoft Authenticode is a technology provided by Microsoft to its developer community to enable the signing and time stamping of code that is to be published and shared with others. Digital signatures provide a proven way to establish the software's authenticity and expose any attempt to tamper To meddle, alter, or improperly interfere with something; to make changes or corrupt, as in tampering with the evidence. with the code. However, the security provided by a digital signature is directly related to the measures taken to protect the cryptographic keys on which they are based. Furthermore, digital signatures have a finite life and can expire long before the code itself becomes obsolete. For this reason the additional use of a time-stamp is required to ensure that the original signature can always be validated even after the original certificate has expired. "There is no doubt that the use of Authenticode will become even more prevalent and valuable as software providers increasingly distribute software online rather than as a pre-packaged shrink-wrapped product," says Richard Moulds, vice president marketing at nCipher. "Microsoft's decision to use our time stamping technology and hardware security modules as the backbone of its own Authenticode deployment upholds the well established best practice of performing sensitive cryptographic functions and the associated key management tasks within a trusted hardware device. nCipher is working with the Microsoft developer community to adopt the same high standards as Microsoft as the best way to protect their brand and deliver tangible security benefits to their customers." nCipher's Time Stamp Server (TSS See ITU. ) is an easily deployed and cost effective time stamping solution that supports the Authenticode protocol in a convenient appliance package. It allows software developers to utilize secure digital signatures and auditable time stamping functionality as part of the software publishing process. nCipher's TSS is fundamental to an Authenticode implementation by removing the traditional reliance on the host computer's system clock, which is vulnerable to tampering. The TSS appliance provides an accurate and verifiable time-stamp, produced within the tamper-resistant boundary of an embedded nCipher HSM (1) (Hierarchical Storage Management) The automatic movement of files from hard disk to slower, less-expensive storage media. The typical hierarchy is from magnetic disk to optical disc to tape. and can be calibrated cal·i·brate tr.v. cal·i·brat·ed, cal·i·brat·ing, cal·i·brates 1. To check, adjust, or determine by comparison with a standard (the graduations of a quantitative measuring instrument): and synchronized to independently provided calibration and audit services, such as the service maintained by NIST (National Institute of Standards & Technology, Washington, DC, www.nist.gov) The standards-defining agency of the U.S. government, formerly the National Bureau of Standards. It is one of three agencies that fall under the Technology Administration (www.technology. . About nCipher nCipher protects critical enterprise data for many of the world's most security-conscious organizations. Delivering solutions in the fields of identity management, data protection, enterprise key management and cryptographic hardware, nCipher enables businesses to identify who can access data, to protect data in transit and at rest, and to comply with the growing number of privacy-driven regulations. nCipher plc is listed on the London Stock Exchange London Stock Exchange London marketplace for securities. It was formed in 1773 by a group of stockbrokers who had been doing business informally in local coffeehouses. (LSE:NCH). www.ncipher.com The names of actual companies and products mentioned herein may be the trademarks of their respective owners. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion