Compaq is helping a Swedish wireless company to sell a non-IPsec wireless security product. Sweden-based Columbitech
believes the wireless sector is right to move to virtual private network (VPN) security, but should not use the ubiquitous IPsec protocol as it is not suited to wireless use.
The deal is non-exclusive, but bundles iPaqs and Compaq servers, to handle the central part of the VPN, with software from Columbitech. Sold first in Sweden, the solution will become more widely available if it succeeds in the market, said Pontus Bergdahl, chief executive of Columbitech.
Explaining his rejection of IPsec, Bergdahl said: "IPsec is designed for wireline communications. It does not compress well, and has no resume function if a session is broken. It also does not support roaming across different network types. IPsec VPNs are practical for the office, but less practical roaming outside the office."
Columbitech's system uses the WTLS protocol defined for WAP services, which was developed from the widely used secure sockets layer (SSL) protocol. Although this has had security problems highlighted in the past
, the fact that it operates at a higher layer in the network makes it able to handle roaming and resuming. It also can be compressed to about half the bandwidth required by IPsec, said Bergdahl.
"We would like this to be Compaq's default solution for WLAN security, but we don't expect it to be exclusive," said Bergdahl. Compaq's other solution is from service provider Infowave
With Compaq still deciding how far to adopt the system, and Columbitech's comparatively small marketing budget, users outside Sweden are unlikely to hear of the solution for a while, though Bergdahl says the product is commercially available.
Columbitech has also spoken to Hewlett-Packard, but HP has adopted IPsec and uses a solution from Certicom
In the meantime, Bergdahl is apprehensive that VPN solutions not tailored for wireless use could hinder the adoption of WLANs by reducing their potential performance. He plans to combat this possibility by raising awareness of other security options.
Like many Swedish communications start-ups, Columbitech was formed by ex-Ericsson employees. The company is two years old, venture funded, and intends to build a US presence -- though it is aware that it must first get reference implementations in Europe, said Bergdahl.