Certicom Readies Wireless Security Product

Welcome Guest. | Log In| Register | Membership Benefits

September 15, 2000 (3:47 PM EDT)

Certicom Corp. plans to start selling digital certificates for wireless devices Tuesday, continuing its push to deliver needed security in the emerging mobile commerce market.

The Certicom MobileTrust Certificate Authority uses elliptic-curve cryptography (ECC) in providing digital certificates used to authenticate the user of the handheld device to send or receive information or conduct transactions.

The product is the second wireless announcement from Certicom (stock: CERT) in three months. The Ontario company said in June that it would deliver in the fall a client for handhelds that enables secure, VPN connections.

EPocrates Inc., San Carlos, Calif., has embedded MobileTrust within the pilot of a prescription renewal service. The pilot is scheduled to launch near the end of the month and will enable doctors to use a Palm Pilot to renew a patient's prescription, providing the patient buys his drugs from one of ePocrates' pharmacy partners.

MobileTrust will identify the doctor as the patient's and provide the digital signature needed before the prescription can be filled.

Daniel Zucker, ePocrates chief technology officer, said he chose Certicom because it had more security technology for the Palm than competitors.

"Our premiere platform right now is the Palm Pilot, and if you look at applications available for the Palm today ... they all use Certicom," Zucker said. "If you call RSA [Security Inc.] and ask what you have today for the Palm Pilot, there's really no kind of ready-to-ship [encryption] libraries. They'll tell you that you can implement their algorithms, but you sort of have to do it yourself."

Certicom claims its 163-bit encryption technology makes it better for small-memory handheld devices than competitive 1,024-bit products from RSA (stock: RSAS), Bedford, Mass. However, Zucker said nothing is black and white in technology and there are tradeoffs.

The more bits in the vendor's PKI, the higher the security, but the larger the footprint and the slower the technology runs on the hardware.

"The simplest way to break a security algorithm is through exhaustive search, so you can always break something by looking through every single key until you find the right one," Zucker said. "For every bit you add in the key size ... you roughly double the complexity. It definitely adds strength because it makes it more complex to do the attack."

Certicom's upcoming and unnamed VPN client will initially run on version 3.5 of the Palm OS, with support added later for Windows CE from Microsoft Inc. (stock: MSFT), Redmond, Wash., and EPOC OS from Symbian Ltd., London.

The company is working to ensure interoperability with VPN server software from Cisco Systems Inc. (stock: CSCO), San Jose, Calif., and Nortel Networks Corp. (stock: NT), Brampton, Ontario.

Pricing hasn't been announced.

Certicom MobileTrust Certificate Authority will cost $895 a year per server, plus between $5 and $20 per client, depending on the level of security.