Certicom Corp. in San Jose kicked off its PKS 2000 wireless security conference yesterday with a flurry of new products and services targeted to the growing handheld device market.
The company announced new mobile technology for the health care industry, a new certificate authority offering and what it said is the first certificate authority service center to issue elliptic curve cryptography (ECC) certificates for digital signatures.
Certicom's MobileTrust Certificate Authority (CA) is designed to secure real-time transactions from wireless Internet devices. It supports ECC certificates to protect e-commerce, health care and enterprise applications on mobile phones, pagers and personal digital assistants.
Certicom is promoting ECC as the smallest, fastest and most efficient cryptographic algorithm to secure wireless applications on platforms with limited memory, battery capacity and bandwidth. The company is also attempting to reap the benefit of recent digital signature laws that enable businesses to close contracts with digital signatures. A digital signature is a credential issued by a trusted authority that is presented to confirm identity or access information. Digital certificates provide the basis for users to authenticate themselves to other users and sign their transactions.
By providing digital certificates for ECC-based platforms, Certicom said its MobileTrust CA will allow users to conduct legally binding transactions from their wireless and handheld Internet appliances with faster processing speed. MobileTrust CA will issue industry-standard certificates for Secure Sockets Layer and Wireless Transport Layer Security security protocols to enable applications for stock trading, banking and secure e-mail.
Martin Reynolds, vice president of the Gartner Group Inc.'s Dataquest service in San Jose, agrees that the efficiencies of ECC will advance the security of mobile devices. He said Certicom's certificate authority is likely to be more widely accepted in the European market, where users have more cell phones than PCs for making transactions.
"Certicom will either succeed as a powerful stand-alone certificate authority or they will be a target for one of the larger certificate authorities like VeriSign [Inc.]," said Reynolds. "They are an easier acquisition now than if they succeed in a couple of years time."
Certicom's MobileTrust CA service is intended to support "hassle-free" use of client and server certificates for secure wireless transactions.
The MobileTrust managed public-key infrastructure (PKI) services, which the company said are managed out of a secure facility, lets enterprises outsource the management of their PKI-based architecture.
The company also revealed that it's partnering with Chrysalis-ITS in Ottawa, Ontario, to produce new ECC-enabled Luna CA3 secure hardware devices to manage MobileTrust's root signing keys. Firms such as Qualcomm Inc. in San Diego and Tokyo-based Sony Corp. deploy the MobileTrust root certificate in their applications and devices, allowing customers to use certificates from trusted servers.
"MobileTrust will put strong security in the hands of millions of mobile users," said Larry Roshfeld, senior vice president of software products for Aether Systems Inc. in Owings Mills, Md. "Aether has been using Certicom technology to enable high-value wireless transactions like stock trading in our AIM products, and we look forward to adding MobileTrust service to the array of security solutions we offer our enterprise customers." ePocrates Inc. in San Carlos, Calif., a handheld network for physicians, said Certicom's MobileTrust CA service will also allow doctors to digitally sign prescriptions on handheld devices. MobileTrust will provide the digital certificates to physicians using ePocrates' mobile electronic-prescription platform.
According to the companies, this will ensure that each prescription is digitally signed at the time of creation and arrives unaltered at the pharmacy. The applications that support such transactions must comply with state and federal regulations and provide confidentiality, data integrity and strong client authentication for access to sensitive medical data and patient records.
"Using MobileTrust for client certificates, ePocrates can authenticate the prescribing physician's identity and have the prescription digitally signed right on the handheld," said Daniel Zucker, chief technology officer for ePocrates. "With this technology, we aim to satisfy the highest possible security standards."