Hewlett-Packard has revealed further details of its plans for a range of products and services that will allow companies to send data securely over the Internet. HP over the next six weeks will launch products aimed at providing complete end-to-end security and data integrity for transactions running over the Internet.
Billed as HP's Praesidium Enterprise Security Framework, the collection of products includes smart cards for password control and encryption, a system to provide a sophisticated level of authentication for user access and a secure Web server operating system. HP is also launching a new range of consulting services to support the new products.
Praesidium consists of four main elements. The first two, due to be formally announced in a week, are the Security Service and the Virtual Vault. At the heart of the Security Service is the Praesidium Authorisation Server, which HP co-developed with Citicorp and previewed last April. The server provides a central point for companies to manage data access.
The rules-based system allows companies to set personal profiles for groups or individuals, which are then used to place limits on the files staff can access, when they can use the system, or the amount of money they are authorised to manage.
The Security Service will also include new consultancy services to help companies set up the system and to define the rules. HP initially will be selling this direct to its own large corporate customers. But the worldwide plan is to build an Internet reseller channel capable of selling to smaller organisations, according to Jolanta Pilecka, HP UK's Internet marketing manager.
Virtual Vault is a secure Web server that runs on a special version of the HP/UX operating system which has been fortified to B1 level O/S security standard. Virtual Vault is built on a product developed by SecureWare, which HP bought last February, and controls all transactions going through to CGI (Common Gateway Interface) applications within an organisation.
This allows only known transaction types to pass through its Trusted Gateway and will only accept transactions sent by a Web browser.
The two other parts of the Praesidium package, due to be unveiled in early October, offer authentication via smart cards, and an approach to encryption that is intended to get around the U.S. government's export restrictions on sophisticated encryption system.
HP created the smart-card authentication technology as part of the Imaginecard alliance, which the US company set up with Informix Software Inc. and Gemplus SA, a French specialist in smart-card technology.
To gain access to the system, users will have to insert their smart card into the PCMCIA slot of their PC and seek authentication, for example by entering a personal identification number or password that corresponds with information held on the card's chip before being able to proceed.
The card could be used by employees to access, distribute and share confidential information online via Intranets and private networks, and to control physical access to buildings, as well as to purchase goods online and conduct electronic banking via the Internet.
The smart cards will come in a wide range of sizes, says Steve Hanney, Internet marketing manager for HP UK. The most sophisticated so far envisaged will contain an 8-bit microprocessor, 256 bytes of RAM, 16Kb of ROM, and 8Kb of EEPROM.
The card will also be able to encrypt data, thanks to the final part of the Praesidium package, the Internet Cryptography Framework (ICF). This is an attempt by HP to build a basic encryption engine that can be exported round the world and customized to local conditions and rules.
The fine details are still under negotiation with the U.S. government, says Gary O'Neall, R&D manager at HP's Enterprise Solutions Lab, but the basis of the ICF is a standard exportable hardware-based cryptography engine, which can be modified with custom chips to handle special requirements, such a local legislation, corporate policies, or industry-specific applications.
HP has already received interest in the new range of offerings from telephone companies and financial services organisations, as well as manufacturing companies, Hanney says.