Developers wanting to incorporate PKI (public key infrastructure) technology into their applications soon will have more options, following last week's news that the RSA key encryption algorithm is now in the public domain.
RSA Security Inc. has held a patent on this algorithm for 17 years, but only relinquished its ownership last week -- a mere two weeks before it was due to expire anyway. With RSA's dominance of the long-patented technology over, stronger PKI toolkits for application integration will emerge to offer customers greater flexibility and choices, security experts said.
Dublin, Ireland-based Baltimore Technologies, an RSA rival, pounced on its newfound opportunity by revamping and bringing over its suite of developer toolkits to a new audience on American shores. The toolkits, which have been marketed overseas but not in the United States because of the RSA patent, will be called Baltimore KeyTools and will help build security into XML, messaging, and Web systems, said Andrew Morbitzer, vice president of marketing at Baltimore.
Available later this month on the Web, Baltimore KeyTools development suite will include KeyTools Lite and KeyTools Pro, which are needed to build applications for digital certificate-based systems; KeyTools SSL (Secure Sockets Layer); Key Tools XML; KeyTools SMIME (Secure MIME); and KeyTools Crypto. To further promote ease of use, Baltimore has removed the run-time license model for the suite and will offer a free online download of KeyTools Lite.
RSA Security, based in Bedford, Mass., said it relinquished the patent early to clear up "misinformation" in the market about its role in connection with the patent. Company officials also downplayed the significance of its patent release.
"Some would have you believe there's going to be this huge change and innovation, and I would argue that," said Scott Schnell, senior vice president of marketing at RSA.
But security analysts, including David Thompson of Stamford, Conn.-based Meta Group, disagreed.
"I think it is a very big deal," Thompson said. "There certainly have been a number of vendor organizations that I've run into that had to cancel products they were going to release or scale [plans] back because of RSA restrictions."
Created in 1977 by Ronald Rivest, Adi Shamir, and Leonard Adelman, the RSA algorithm was patented in 1983. This meant any company wanting to use the algorithm within the United Sates was required to obtain a license from RSA. That expense could be counted among the factors that has slowed PKI growth, said Jim Alderson, director of security knowledge engineering at Melbourne, Fla.-based eSecurity.
"RSA will say that they have not made any revenues worth considering over the licensing of [their] algorithm but that's just because most people stopped short of implementing it due to the license fees," Alderson said.
Thompson, who noted many user complaints against PKI due to its lack of application support, agreed. "It has been puzzling to me why RSA was so protective of this algorithm, making it more difficult to use PKI."
Ultimately, Thompson said RSA must prove its worth via its products. Also, since the advanced toolkits are still difficult to use, many "middleware" companies, such as Needham, Mass.-based Shym Technologies and Ubizen in Belgium, will continue to be sought out by customers for PKI and security integration in larger applications such as ERP (enterprise resource planning), SAP, and PeopleSoft.
RSA is not allowing its patent release to go by without an announcement of its own. Last week, it introduced a beefed-up version of its RSA BSafe Crypto-C security software. The new software, available by the end of the third quarter, will increase speeds and performance of RSA encryption by 500 percent, Schnell said.
Via a partnership with Intel, RSA will also provide new customization for Intel's Itanium processors to quintuple the speed of conducting secure transactions on servers.