[ISN] NSA Buys License for Certicom's Encryption Technology

From: InfoSec News (isn@private)
Date: Sun Oct 26 2003 - 23:55:50 PST

Next message: InfoSec News: "Re: [ISN] Microsoft posts 'revisions' to security bulletins"

Previous message: InfoSec News: "[ISN] Brazil Becomes a Cybercrime Lab"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.eweek.com/article2/0,4149,1362957,00.asp

By Dennis Fisher 
October 24, 2003   
 
In an extraordinary move, the National Security Agency has purchased a 
license for Certicom Corp.'s elliptic curve cryptography (ECC) system, 
and plans to make the technology a standard means of securing 
classified communications. 

As part of the $25 million agreement, the NSA can grant sublicenses 
within a limited field of use. This most likely will include other 
government agencies, federal contractors and other parties that send 
sensitive data to the agency. 

This is the first time that the NSA has endorsed any sort of 
public-key cryptography system. 

Certicom officials said the agency approached the company about 
licensing Certicom's ECC intellectual property. ECC is a type of 
public-key cryptography that utilizes much smaller keys than other 
systems such as RSA. The technology is designed for use in constrained 
environments where memory and computing power are at a premium. 

In the case of the NSA deal, the agency wanted to use a 512-bit key 
for the ECC system. This is the equivalent of an RSA key of 15,360 
bits. 

Certicom has worked with the NSA, based at Fort Meade, Md., on several 
classified projects in the past, and this agreement is essentially an 
outgrowth of that work, officials said. 

"They were very interested in getting the best IP out there, and we 
own a lot of the patents in this area," said Tony Rosati, director of 
marketing at Certicom, based in Mississauga, Ontario. "If you want to 
build an NSA-approved product, they want this in there." 

The agreement, announced Friday, runs for the life of Certicom's 
patents on the ECC technology, which are valid for an average of about 
14 years, Rosati said. Certicom implements its ECC technology in a 
variety of encryption products, including movianVPN, movianMail and 
movianCrypt. The company also provides security and cryptographic 
toolkits for developers. 




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "Re: [ISN] Microsoft posts 'revisions' to security bulletins"
Previous message: InfoSec News: "[ISN] Brazil Becomes a Cybercrime Lab"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Oct 27 2003 - 03:05:29 PST