Security driven by need to communicate

The Asian marketplace for security products is closely tied to the regional demand for general networking products - because security is driven by the need to communicate.

The Asian marketplace for security products is closely tied to the regional demand for general networking products - because Security is driven by the need to communicate.

So says Scott Schnell, senior vice-president of RSA's Marketing and Corporate Development, who was in Singapore as part of the RSA Conference 2001 Asia being held here from 9-12 July - the first time RSA is holding a conference in this region.

Modeled after the US-based RSA Conference, now in its 10th year, the decision to host an Asian conference was influenced in part by expected increase in Asian spending within the networking and communications arena.

"There's no need for digital security until you have communications between parties," said Schnell, who admitted that the company is investing heavily in Asia, with business growing in the region of 100% - business in Asia for the last quarter was double that of the year before.

Although the bulk of the revenue for the company comes from US, followed by Europe, Asia is expected to increase spending for security as spending increases in network infrastructure, though it has been lagging behind the US and Europe, the rate of infrastructure growth has been projected to boom in the next five years according to IDC.

Schnell noted that of the company's three product lines, the BSAFE product line does exceptionally well in Asia, outperforming other parts of the world in sales. The BSAFE encryption solutions represent about twenty percent of the company's sales, while SecurID authentication solutions contribute the lion's share of about seventy percent of company revenue. The third line, Keon, covers PKI products and contributes the remaining ten percent of company revenue.

The rapid proliferation of broadband access in Asia has brought about a burgeoning market for secure access, believes Schnell, who also added that the big drivers for BSAFE were broadband, and SSL implementations of all kinds. Instant-on, always-connected, highly-available bandwidth requires security he said, adding that Asia has more broadband than anywhere in the world, aided by the fact that most of the commerce centers are densely populated - building a broadband infrastructure means less cost.

"SSL was originally used between browsers and web servers, but it's now used in all manner of devices." He said. "It's the fundamental security standard in the I-mode system in Japan."

Sony: New encrypted channel for next-generation copy protection
RSA recently signed a deal with Sony to ensure that the next generation of broadband-enabled Playstation 2s would have SSL-based browsers as well as encrypted storage.

The addition of a secure channel would enable Sony to create a new distribution channel - users would be able to download games, cutting costs for the manufacturing and associated overheads that come from distributing games on discs. The encryption would also prevent the data from being hijacked or replicated - much like taking the CSS technology used in DVD encryption, and combining it with subscription-based offerings like what Microsoft is doing.

The creation of a new channel won't necessarily replace retail as much as augment it, but the proliferation of such a model creates what Schnell calls 'next-generation copyright protection'.

The fact that I-mode is built on an infrastructure that is compatible with the existing Internet was in a large part responsible for its success. Because I-mode phones use a sub-set of HTML, they use SSL to connect securely to backend systems, rather than WTLS, the standard secure protocol for WAP.

SSL uses RSA's public-key cryptosystem in its authentication process.

Recently the company also signed with J-Phone, Sony and Matsushita for them to use SSL in their upcoming I-mode phones.

Other vendors like Ericsson, Nokia, Openwave and Symbian have also tied up with RSA to use BSAFE Wireless Core encryption to enable their next generation phones to handle client-side SSL.

With the promise of 3G networks and broadband wireless access, it is possible for cell phones to evolve into wireless broadband modems.

"The only thing missing from it is IPSec for it to be a fully secure network-layer communication terminal," said Schnell. "Hooking your PC up to your cell phone gives you a very secure high-speed communications channel that would eliminate the use for any kind of fixed wired infrastructure."

The phone itself might potentially become a portable broadband modem, or the phone itself could function as the secure terminal, while next-generation smart cards might provide the answer to authentication in the mobile market - users can port their digital identities/certificates from one phone to another.

A pilot experiment with Ericsson using a Bluetooth-enabled phone allowed digital certificates to be signed on the phone while conducting transactions over a PC's browser.

The PC was connected to the mobile phone through a Bluetooth transceiver, the hashes generated on the PC were transmitted to the phone to be signed using the key pair that resided on the chip card in the phone.

The SIM chip becomes the device-independent universal ID. With Bluetooth, devices can communicate with one another (or a PC) within a short distance and allow for PKI authentication to be done conveniently.

"Bluetooth creates a way to create, and unify your infrastructure from the digital ID point of view," said Schnell.