ISC integrates Public Key Infrastructure Services and Enterprise Solutions into Security Offerings


ISC integrates Public Key Infrastructure Services and Enterprise Solutions into Security Offerings

BALTIMORE -- ISC announced today enhancements to its SecretAgent and DSA Signature software that allow organizations and individuals to utilize X.509 certificates managed by CertCo LLC and VeriSign Inc. Public Key Infrastructures (PKIs).

SecretAgent now provides encryption and digital signature capabilities with certificates issued and managed by CertCo’s Certification System for organizations desiring to operate their own PKI or with certificates issued and managed by VeriSign for individuals and organizations preferring to use a PKI service.

PKI components include a Certification Authority (CA), Organizational/Local Registration Authority (ORA/LRA), and a repository/ directory, which is essential for the distribution and management of user certificates.  The CA and ORA/LRA are responsible for authenticating users and binding the user to his public key through the issuance of an X.509 certificate, for revoking user certificates, and for renewing certificates. Certificate retrieval and certificate status determination are tailored to a customer's specific needs and imbedded organizational infrastructure. SecretAgent integrated with these PKIs is scheduled for delivery to customers during October.

ISC's SecretAgent also incorporates a Lightweight Directory Access Protocol (LDAP) client for accessing certificates published in LDAP enabled PKI Repositories/Directories.

Other SecretAgent enhancements announced and demonstrated at the Information Systems Security Conference include integration with Office Productivity Applications and popular E-Mail clients. Security entries in menus and icons on tool bars permit security to be activated directly in word processing, spread sheet, and presentation graphics applications. SecretAgent integration with E-Mail products including Microsoft Exchange and Outlook, AT&T Easy Commerce's Access Plus, and Novell’s GroupWise are available.

"Seamless integration of security into the office operations, especially for corporations with international operations and corporations operating over the Internet, is essential for the  protection of intellectual property,"  said Tom Venn of Information Security Corporation.  "The use of digital signatures for business operations such as time sheets, vouchers, ordering, and payment enables paper work reduction and eases electronic records retention. SecretAgent with its multiple interfaces is readily integrated with business applications."

Data Encrypting Key recovery is also available in SecretAgent. This feature, allowing authorized corporate personnel to recovery the key used to encrypt data, permits corporate data to be recovered should the originators and recipients of encrypted data to be unavailable or have forgotten their access codes for decryption.

Implemented in SecretAgent are standards based cryptographic technology: the Digital Signature Standard (DSS) and RSA for digital signatures/originator authentication, Secure Hash Standard - 1 for message digests associated with data integrity, Diffie-Hellman and RSA for use in data encrypting key transport, and the Data Encryption Standard (DES) and Triple DES for encrypting data. SecretAgent is exportable.

Elliptic curve technology, specified in IEEE Standard 1363, will be available in SecretAgent in January 1998. Two elliptic curve implementations, over a field of characteristic 2 and a field of characteristic p are being integrated into SecretAgent. These implementations will also be available in Cryptographic Development Kits and a Microsoft Cryptographic Applications Programmer Interface Cryptographic Service Provider in January. Elliptic curve technology offers higher security and higher performance than RSA and DSA.


SecretAgent and DSA Signature are  registered trademarks of Information Security Corporation. Windows, Exchange, and Outlook are  trademarks of Microsoft Corp. GroupWise is a trademark of Novell Inc. Access Plus is  a trade mark of AT&T.