[ISN] NSA Buys License for Certicom's Encryption Technology

From: InfoSec News (isn@private)
Date: Sun Oct 26 2003 - 23:55:50 PST

  • Next message: InfoSec News: "Re: [ISN] Microsoft posts 'revisions' to security bulletins"

    http://www.eweek.com/article2/0,4149,1362957,00.asp
    
    By Dennis Fisher 
    October 24, 2003   
     
    In an extraordinary move, the National Security Agency has purchased a 
    license for Certicom Corp.'s elliptic curve cryptography (ECC) system, 
    and plans to make the technology a standard means of securing 
    classified communications. 
    
    As part of the $25 million agreement, the NSA can grant sublicenses 
    within a limited field of use. This most likely will include other 
    government agencies, federal contractors and other parties that send 
    sensitive data to the agency. 
    
    This is the first time that the NSA has endorsed any sort of 
    public-key cryptography system. 
    
    Certicom officials said the agency approached the company about 
    licensing Certicom's ECC intellectual property. ECC is a type of 
    public-key cryptography that utilizes much smaller keys than other 
    systems such as RSA. The technology is designed for use in constrained 
    environments where memory and computing power are at a premium. 
    
    In the case of the NSA deal, the agency wanted to use a 512-bit key 
    for the ECC system. This is the equivalent of an RSA key of 15,360 
    bits. 
    
    Certicom has worked with the NSA, based at Fort Meade, Md., on several 
    classified projects in the past, and this agreement is essentially an 
    outgrowth of that work, officials said. 
    
    "They were very interested in getting the best IP out there, and we 
    own a lot of the patents in this area," said Tony Rosati, director of 
    marketing at Certicom, based in Mississauga, Ontario. "If you want to 
    build an NSA-approved product, they want this in there." 
    
    The agreement, announced Friday, runs for the life of Certicom's 
    patents on the ECC technology, which are valid for an average of about 
    14 years, Rosati said. Certicom implements its ECC technology in a 
    variety of encryption products, including movianVPN, movianMail and 
    movianCrypt. The company also provides security and cryptographic 
    toolkits for developers. 
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Oct 27 2003 - 03:05:29 PST