[11705] in Commercialization & Privatization of the Internet
RSA/NCSA/EIT announcement
daemon@ATHENA.MIT.EDU (Brian Hawthorne - SunSelect Strate)
Thu Apr 14 22:37:10 1994
Date: Thu, 14 Apr 1994 17:11:22 +0500
From: brianh@suneast.east.sun.com (Brian Hawthorne - SunSelect Strategic Marketing)
To: com-priv@psi.com
>The following appeared on EIT's "What's New" page today.
>
>============================================
>For Immediate Release
>
>Secure NCSA Mosaic Establishes Necessary Framework for Electronic
>Commerce on the Internet
>
>PALO ALTO, Calif., April 12, 1994 -- Enterprise Integration Technologies
>(EIT), the National Center for Supercomputing Applications (NCSA) at the
>University of Illinois and RSA Data Security today announced agreements to
>jointly develop and distribute a secure version of NCSA Mosaic, the popular
>point-and-click interface that enables easy access to thousands of
>multimedia information services on the Internet.
>
>The announcement was made in conjunction with the launch of CommerceNet, a
>large-scale market trial of electronic commerce on the Internet. Under the
>agreements, EIT will integrate its Secure-HTTP software with public key
>cryptography from RSA into NCSA Mosaic Clients and World Wide Web (WWW)
>servers. WWW is a general-purpose architecture for information retrieval comprised
>of thousands of computers and servers that is available to anyone on Internet. The
>enhancements will then be made available to NCSA for widespread public
>distribution and commercial licensing.
>
>Jay M. Tenenbaum, chief executive officer of EIT, believes secure NCSA Mosaic
>will help unleash the commercial potential of the Internet by enabling buyers and
>sellers to meet spontaneously and transact business.
>
>"While NCSA Mosaic makes it possible to browse multimedia catalogs, view product
>videos, and fill out order forms, there is currently no commercially safe way to
>consummate a sale," said Tenenbaum. "With public key cryptography, however, one
>can authenticate the identity of trading partners so that access to sensitive information
>can be properly accounted for."
>
>This secure version of NCSA Mosaic allows users to affix digital signatures which
>cannot be repudiated and time stamps to contracts so that they become legally binding
>and auditable. In addition, sensitive information such as credit card numbers and bid
>amounts can be securely exchanged under encryption. Together, these capabilities
>provide the foundation for a broad range of financial services, including the network
>equivalents of credit and debit cards, letters of credit and checks. In short, such secure
>WWW software enables all users to safely transact day-to-day business involving
>even their most valuable information on the Internet.
>
>According to Joseph Hardin, director of the NCSA group that developed NCSA
>Mosaic, over 50,000 copies of the interface software are being downloaded monthly
>from NCSA's public server -- with over 300,000 copies to date. Moreover, five
>companies have signed license agreements with NCSA and announced plans to release
>commercial products based on NCSA Mosaic.
>
>"This large and rapidly growing installed base represents a vast, untapped
>marketplace," says Hardin. The availability of a secure version of NCSA Mosaic
>establishes a valid framework for companies to immediately begin large-scale
>commerce on the Internet."
>
>Jim Bidzos, president of RSA, sees the agreement as the beginning of a new era in
>electronic commerce, where companies routinely transact business over public
>networks.
>
>"RSA is proud to provide the enabling public key software technology and will make
>it available on a royalty-free basis for inclusion in NCSA's public distribution of
>NCSA Mosaic," said Bidzos. RSA and EIT will work together to develop attractive
>licensing programs for commercial use of public key technology in WWW servers."
>
>At the CommerceNet launch, Allan M. Schiffman, chief technical officer of EIT,
>demonstrated a working prototype of secure NCSA Mosaic, along with a companion
>product that provides for a secure WWW server. The prototype was implemented
>using RSA's TIPEM toolkit.
>
>"In integrating public key cryptography into NCSA Mosaic, we took great pains to
>hide the intricacies and preserve the simplicity and intuitive nature of NCSA
>Mosaic," explained Schiffman.
>
>Any user that is familiar with NCSA Mosaic should be able to understand and use the
>software's new security features. Immediately to the left of NCSA's familiar
>spinning globe icon, a second icon has been inserted that is designed to resemble a
>piece of yellow paper. When a document is signed, a red seal appears at the bottom of
>the paper, which the user can click on to see the public key certificates of the signer
>and issuing agencies. When an arriving document is encrypted, the paper folds into a
>closed envelope, signifying that its information is hidden from prying eyes. When the
>user fills out a form containing sensitive information, there is a 'secure send' button
>that will encrypt it prior to transmission.
>
>Distribution of Public Keys
>
>To effectively employ public-key cryptography, an infrastructure must be created to
>certify and standardize the usage of public key certificates. CommerceNet will certify
>public keys on behalf of member companies, and will also authorize third parties such
>as banks, public agencies, industry consortia to issue keys. Such keys will often serve
>as credentials, for example, identifying someone as a customer of a bank, with a
>guaranteed credit line. Significantly, all of the transactions involved in doing routine
>purchases from a catalog can be accomplished without requiring buyers to obtain
>public keys. Using only the server's public key, the buyer can authenticate the identity
>of the seller, and transmit credit card information securely by encrypting it under the
>seller's public key. Because there are far fewer servers than clients, public key
>administration issues are greatly simplified.
>
>Easy Access to Strong Security
>
>To successfully combine simplicity of operation and key administration functions
>with a high level of security that can be accessible to even non-sophisticated users,
>significant changes were necessary for existing WWW security protocols. EIT
>developed a new protocol called Secure-HTTP for dealing with a full range of
>modern cryptographic algorithms and systems in the Web.
>
>Secure-HTTP enables incorporation of a variety of cryptographic standards,
>including, but not limited to, RSA's PKCS-7, and Internet Privacy Enhanced Mail
>(PEM), and supports maximal interoperation between clients and servers using
>different cryptographic algorithms. Cryptosystem and signature system
>interoperation is particularly useful between U.S. residents and non-U.S. residents,
>where the non-U.S. residents may have to use weaker 40-bit keys in conjunction with
>RSA's RC2 (TM) and RC4 (TM) variable keysize ciphers. EIT intends to publish
>Secure-HTTP as an Internet standard, and work with others in the WWW community
>to create a standard that will encourage using the Web for a wide variety of
>commercial transactions.
>
>Availability
>
>EIT will make Secure NCSA Mosaic software available at no charge to
>CommerceNet members in September and NCSA will incorporate these secure
>features in future NCSA Mosaic releases.
>
>Enterprise Integration Technologies Corp., of Palo Alto, Calif., (EIT) is an R&D and
>consulting organization, developing software and services that help companies do
>business on the Internet. EIT is also project manager of CommerceNet.
>
>The National Center for Supercomputer Applications (NCSA), developer of the
>Mosaic hypermedia browser based at the University of Illinois in Champaign, Ill., is
>pursuing a wide variety of software projects aimed at making the Internet more useful
>and easier to use.
>
>RSA Data Security, Inc., Redwood City, Calif., invented Public Key Cryptography
>and performs basic research and development in the cryptographic sciences. RSA
>markets software that facilitates the integration of their technology into applications.
>
>Information on Secure NCSA Mosaic can be obtained by sending e-mail to
>shttp-info@eit.com.
>
>Press Contact:
>
>Nancy Teater
>Hamilton Communications
>Phone: (415) 321-0252
>Fax: (415) 327-4660
>Internet: nrt@hamilton.com
>
Email brianh@East.Sun.COM
PGP and RIPEM keys available on request.
Facsimile +1 508 250 5070
Phone/Vmail +1 508 442 0660
