RSA Hopes to Move Digital Certificates Online

Digital certificates have long been used to secure transactions over wired networks. Now RSA Security Inc. is teaming with VeriSign Inc. to provide the same sort of trust and validation services in the emerging wireless world.

In an announcement last week at the RSA Conference 2000 in San Jose, Bedford, Mass.-based RSA said it would work with VeriSign, a Mountain View, Calif.-based provider of digital certificate technology, to build products based on RSA's upcoming BSafe Secure Sockets Layer-C and BSafe Transport Layer Security (TLS) protocols.

Software components built with those tools will be compatible with VeriSign's wireless trust services and will incorporate VeriSign's digital certificate root keys. RSA plans to support VeriSign's Personal Trust Agent technology in the protocols.

RSA will also support VeriSign's TLS certificates to address the need for validation and revocation of certificates over wireless connections.

RSA is offering VeriSign developers and service providers free software development kits designed to be used with VeriSign's free Wireless Application Protocol (WAP) server digital certificates and wireless trust offerings.

"For wireless e-commerce to succeed, application developers and service providers must deliver at least the same degree of trust and security which people have come to expect from the wired Internet world," said Stratton Sclavos, president and CEO of VeriSign, in a statement.

RSA Security and VeriSign are members of the WAP Forum, an industry group that is developing standards for wireless information and telephony services for digital mobile phones and wireless terminals.

Eric Hemmendinger, an analyst at Aberdeen Group Inc. in Boston, said that the RSA and VeriSign announcement was just one in a series of similar product positionings at the RSA 2000 conference.

Other companies, including U.K.-based Baltimore Technologies PLC, Needham Heights, Mass.-based Cybertrust (which Baltimore Technologies plans to acquire) and Entrust Technologies Inc. in Plano, Texas, are also entering the wireless market, he said.

"These are not announcements of products that enterprises will buy right now but positioning announcements for players in a market that will evolve over the next two or three years," said Hemmendinger.

He added that although wireless technology is already available to allow cellular phones to be used as client or authentication devices, mass-market acceptance of these products is still two or three years off.

RSA also announced two new security protocol components for wireless and embedded applications.