Netscape plans for later this quarter a set of security interfaces for Communicator 1.0 designed to let Web-based applications securely communicate with servers over IP-based networks.
Netscape's set of interfaces, code-named Security Native API (SNAPI), will complement Intel's Common Data Security Architecture, for which Netscape announced support in October. Since then the companies have reportedly been working in sync on their architectures, and Intel appears to be favoring SNAPI over Microsoft's CryptoAPI (CAPI).
Microsoft is beta testing the second version of CAPI - very similar in concept to SNAPI - and adding support for more security features, but it has not committed to any platforms beyond Windows NT and Windows 95. SNAPI is meant to be more extensible and provide a cross-platform approach to integrating encryption processing with applications, according to Netscape officials. SNAPI will support Windows, Unix, Macintosh, and OS/2.
Netscape will demonstrate SNAPI at the RSA Data Security Conference in San Francisco in two weeks and will use it to verify users' digital signatures from smart cards run through a reader machine.
Eric Greenberg, senior security product manager at Netscape, said users will be able to put a smart card in a reader and use Navigator as a "personalized browser." Other applications of the technology could be to authenticate electronic commerce and Internet-based banking transactions, Greenberg said.
Analysts say smart cards will be useful for validating users' identities and access privileges to network resources.
"Token-based authentication will take off ... because you can store so much on the cards," says Erica Rugullies, an analyst with the Hurwitz Group, in Newton, Massachusetts.
At the RSA conference, Netscape will demonstrate an early implementation of SNAPI with VeriSign, Litronic, Consensus, and Hewlett-Packard.
Netscape will integrate SNAPI with Secure Sockets Layer, which provides for authentication and encryption channels for applications over TCP/IP, and Secure MIME, which encrypts email messages.
SNAPI is designed for high- and low-level security services that could be implemented in software or hardware and are used to manage cryptographic keys, store certificates, and define security policies.
One smart card developer familiar with both CAPI and SNAPI says that Netscape's version may have some advantages.
"SNAPI has a better chance of being cross-platform, and it divides up security functions better," the developer says.