Vendors team on certificate management

Security Dynamics Technologies Inc. and subsidiary RSA Data Security Inc. last week announced their entry into the digital certificate management market with their new Keon Certificate Server 5.0.

This is the first full move for the companies into the public-key infrastructure arena, which uses digital certificates and encryption to verify user identities and secure data being sent across networks. The Keon server is intended to provide organizations with full-function certificate management capability that can be handled in-house.

Many federal agencies have initiated PKI pilots in the past year to provide data security and user authentication for the wide range of government services being moved to the Internet. But it can be burdensome to handle all the policies of issuing, managing and revoking the thousands of certificates that usually are needed for even one internal application.

Because of this recognized need in government, RSA and Security Dynamics are going to focus much of their marketing on federal agencies, said Tim Matthews, director of product marketing for RSA. "There is a tremendous amount of PKI opportunity in the government," he said.

The Keon server is a completely World Wide Web-based management system, which eliminates the need for additional certificate software on each client. Being Web-based, administrators can move around freely in an organization while maintaining access to the certificate management system, Matthews said.The certificates themselves are priced per user and not per certificate, which makes it much less expensive for agencies that issue more than one certificate to each user, he said.

The companies announced the Keon strategy in January as a way to leverage RSA's BSAFE cryptography components and development tools and Security Dynamics' SecurID authentication tools.

The first Keon Certificate Server is being offered through a partnership with PKI vendor VeriSign Inc. and Netscape Communications Corp. and builds on technologies from all four companies involved.

In addition to certificate management, the server includes an agent technology designed to make it easier to use such PKI features as user authentication and data encryption with applications that originally were not designed to be used in a PKI environment. "[Agencies] want to PKI-enable a lot of in-house systems [and] legacy applications, and this makes it much easier," Matthews said.

The two companies are facing stiff competition in the enterprise market from Entrust Technologies Inc. and Baltimore Technologies Inc. While the Keon agent technology could give the two companies new leverage, it still will be an uphill battle to gain market share, said Phil Schacter, director and senior analyst at the Burton Group.

"The agent technology that they have built into the technology is meant to tie back into legacy applications at any organization to make it easier to leverage PKI," Schacter said. "It's an aggressive strategy on RSA's part, and clearly they have to prove that they can market this solution successfully."

But even with more established players and more companies getting involved in the enterprise PKI market every day, RSA is confident about its move.

"I don't think there are many companies that understand the technology as well as we do," Matthews said. "We have been selling PKI cryptography into this market for a long time."

Security Dynamics also brings many contacts and a lot of experience because millions of people use its SecurID two-token user authentication products, he said.