Microsoft PressPass – Microsoft, RSA Data Security and Security Dynamics Announce Broad Relationship to Deliver Information Security Solutions
REDMOND, Wash./BEDFORD, Mass./REDWOOD CITY, Calif., Aug. 21, 1996 — Microsoft Corp., Security Dynamics Technologies Inc. and RSA Data Security Inc., a wholly owned subsidiary of Security Dynamics, today announced the signing of a broad set of agreements for cross-licensing Microsoft® and RSA security technologies and granting Microsoft new licensing rights to software for supporting Security Dynamics’ patented SecurID® token technology in future Microsoft products. The agreements provide Microsoft greater access to proven encryption technology and the industry
í
s leading authentication tokens. They also provide strong support for the Microsoft Internet Security Framework (MISF) from the world’s leading provider of security technologies, toolkits and authentication tokens.
With today’s agreements, corporate users can increase security through the addition of SecurID token authentication to the Windows NT® Server network operating system and Microsoft Internet Information Server (IIS), making it easier to provide multiple levels of authentication to ensure secure access to sensitive information. The agreements also provide for easier development of secure cross-platform applications and access to the latest cryptographic technology through the use of toolkits from RSA that feature Microsoft’s cryptographic programming interfaces. As a result, end users can have access to state-of-the-art security as they engage in electronic commerce and communications. In particular, the combination of Microsoft and RSA technologies can enable the creation of several new security features in software products, which can in turn help drive secure purchasing, Web-based subscriptions and other Internet commerce.
The agreements mark the first major development initiative of the recently combined Security Dynamics and RSA organizations. They include the following licensing arrangements:
-
RSA will provide Microsoft with technical cooperation and additional licensing rights to ensure the best possible integration of RSA security technology with Microsoft’s CryptoAPI. This will enhance Microsoft’s ability to deliver the latest encryption functionality in Microsoft operating systems and products.
-
Microsoft will license CryptoAPI to RSA, including rights to incorporate CryptoAPI into RSA’s BSAFE® and other security toolkit products, to port CryptoAPI to new platforms, and to build on Microsoft’s base set of cryptography services. This will allow RSA to provide enhancements for additional algorithms and stronger encryption, provide system-level cryptographic services on a variety of platforms, and aid developers in developing secure applications that use CryptoAPI.
-
Security Dynamics will license software to Microsoft that will enable it to include support for SDI’s SecurID hardware tokens and ACE/Server® authentication products in future versions of Windows NT and Microsoft Internet Information Server. This will enable Microsoft and Security Dynamics to provide an enhanced security solution for customers who require the added security of two-factor authentication.
-
RSA will receive an ongoing revenue stream from Microsoft based on the use of patented RSA technology.
Microsoft and RSA Data Security Offerings
The agreement between Microsoft and RSA builds on the companies’ existing Internet security relationship. Microsoft currently ships RSA encryption technology as the packaged cryptographic engine for its CryptoAPI, which provides the foundation for the other components of the Microsoft Internet Security Framework.
These components – which include the secure sockets layer (SSL) and private communications technology (PCT) secure channel protocols (both the exportable 40-bit technology and the 128-bit technology for use in the United States), client authentication, and Microsoft Authenticode technology for verifying the source and integrity of software programs and components – are already built on RSA encryption and digital signature technology.
ì
The integration of RSA
í
s proven worldwide security technology with Microsoft
í
s products and technologies ensures that Microsoft customers will continue to benefit from industry-leading security solutions,
î
said Brad Silverberg, senior vice president of the Internet platform and tools division at Microsoft.
ì
Expanding Microsoft
í
s relationship with RSA will help extend Microsoft’s leadership in secure Internet products, building upon the technical foundation provided by MISF for secure commerce and communications over the Internet. We are very happy to have RSA as a partner in fulfilling our commitment to deliver cross-platform security solutions.
î
Under the terms of its agreement with Microsoft, RSA obtains the right to incorporate CryptoAPI support into its BSAFE and other security toolkits, allowing developers to create CryptoAPI-compatible applications for Windows® platforms. The agreement also enables RSA to make CryptoAPI available on a variety of platforms. This will facilitate the development of secure, multiplatform applications and support for Internet security standards on and between the most popular computing platforms.
Microsoft will also provide source code that will assist RSA in developing a family of enhanced cryptographic engines for CryptoAPI. By exploiting CryptoAPI’s modular architecture, RSA can provide customers with choices for additional levels of security suited to their particular applications, extending RSA’s leadership in the information security industry.
ì
This expanded relationship with Microsoft and its industry-leading products reaffirms RSA
í
s position as the world standard in security technology and tools,
î
said Jim Bidzos, president of RSA.
ì
We are excited to license CryptoAPI for our development toolkits, as this will make it easy for developers to create applications with the strongest encryption technology from RSA.
î
Microsoft and Security Dynamics Security Offerings
Microsoft plans to incorporate Security Dynamics’ software for SecurID authentication and token technology as a feature of Microsoft Windows NT products, and to collaborate with Security Dynamics to enable Microsoft Internet Information Server to take advantage of SecurID tokens for managing access control. Microsoft
í
s inclusion of the ACE/Client for Windows NT software will provide customers of Windows NT the ability to enhance authentication security of their workstations, servers and intranets through the addition of SecurID tokens and ACE/Server software.
The agreement between Microsoft and Security Dynamics builds on Microsoft’s and Security Dynamics’ existing security relationship for Windows NT. Security Dynamics currently ships hardware and software products, including ACE/Client for Windows NT software, SecurID hardware tokens and ACE/Server authentication software, which together deliver two-factor end-user authentication for extremely secure access to sensitive data. ACE/Client for Windows NT enables the use of the SecurID token for local logon to Windows NT workstations, and remote dial-up logon via Windows NT Remote Access Services with the extra security of two-factor authentication provided by the SecurID token. Security Dynamics also intends to provide secure Internet access to selected Web pages located on Microsoft Internet Information Server.
“Security Dynamics is widely recognized as a worldwide leader in identification and authentication of end users,”
said Jim Allchin, senior vice president of the desktop and business systems division at Microsoft.
“In order to further enhance the Microsoft Internet Security Framework, it is a natural evolution to choose SecurID technology to provide additional identification and authentication security for Windows NT and IIS. This extra security builds upon the C2-compliant security capabilities built into Windows NT, making it one of the most secure commercial operating systems available.”
“More and more of our security-conscious customers are adopting Windows NT as a standard for enterprise computing,”
said Charles R. Stuckey Jr., chairman and CEO of Security Dynamics.
”
The integration of SecurID two-factor authentication solutions into the
Windows NT environment will be a major benefit for customers of Windows NT. With the development of our ACE/Client for Windows NT and integration of our authentication software with IIS, we’re providing the highest level of protection for sensitive data stored on Windows NT resources and on corporate Web sites running IIS. We intend to support Windows NT as a leading platform on both clients and servers for deploying secure Internet and corporate applications.”
About Security Dynamics and RSA Data Security
Security Dynamics (NASDAQ
“SDTI”
) designs, develops, markets and supports a family of security products used to protect and manage access to computer-based information resources. The company’s family of products employs patent-protected token technology and software or hardware access control products to authenticate the identity of users accessing networked or standalone computing resources. Acquired in July 1996 by Security Dynamics, RSA Data Security Inc. is a recognized world leader in cryptography and developer tools for security. The combined companies enjoy broad acceptance in the marketplace, with Security Dynamics’ customers including Fortune 500 companies, financial institutions, education, health care and government organizations worldwide, and RSA’s encryption technology licensees including Microsoft, Novell Inc., Netscape Communications Corp., Intuit Inc., Lotus Development Corp. and hundreds of other companies. The combined companies are positioned to supply solutions and standards for corporate enterprisewide networks, intranets and the Internet. Security Dynamics and RSA can also be found on the World Wide Web at (http://www.securid.com/) and (http://www.rsa.com/) .
About Microsoft
Founded in 1975, Microsoft (NASDAQ
“MSFT”
) is the worldwide leader in software for personal computers. The company offers a wide range of products and services for business and personal use, each designed with the mission of making it easier and more enjoyable for people to take advantage of the full power of personal computing every day.
Microsoft, Windows NT and Windows are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.
SecurID and ACE/Server are registered trademarks of Security Dynamics Technologies Inc.
BSAFE is a registered trademark of RSA Data Security Inc.
Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://microsoft.com/presspass/ on Microsoft’s corporate information pages.
Additional Background
About BSAFE
BSAFE is the world’s best-selling cryptography engine. It provides software developers with multiple algorithms and modules for adding encryption and authentication features to applications. BSAFE includes modules for popular encryption techniques such as RSA, DES, RC2, RC4 and RC5, and it also supports RSA digital signatures and X.509 certificates.
About SecurID
Functioning as a client to Security Dynamics’ ACE/Server software, ACE/Client for Windows NT is used in conjunction with the patented SecurID token. ACE/Client for Windows NT provides users of Windows NT with a level of user authentication significantly more secure than the reusable password typically provided in remote access and direct logon environments. To access Windows NT or IIS-based environments, the user enters his or her secret personal identification number (PIN) followed by the current code displayed on the SecurID token’s LCD. This two-factor passcode provides a high level of security for networks while affording maximum user convenience and cost-effectiveness. ACE/Server software centrally manages and administers user profiles and maintains a comprehensive audit trail that records all access attempts.
About CryptoAPI
Microsoft
í
s CryptoAPI 1.0, the foundation for the Microsoft Internet Security Framework, provides extensible, exportable, system-level access to common cryptographic functions such as encryption, hashing and digital signatures. Now available in the Windows NT operating system version 4.0 and shipped as part of Microsoft Internet Explorer 3.0, CryptoAPI is currently scheduled to be delivered to OEMs as part of the Windows 95 OEM Service Release in the third quarter of 1996.
Through its open architecture, CryptoAPI allows third-party hardware and software vendors known as cryptographic service providers (CSPs) to provide various replaceable cryptographic techniques and encryption strengths that are made available to applications via a single API. The default CSP shipped with the CryptoAPI implements the cryptographic algorithms licensed from RSA. CryptoAPI 2.0, scheduled to be released in beta during the third quarter of 1996, will add certificate management functions as well as high-level APIs for performing common cryptographic functions.
About Microsoft Internet Security Framework
The Microsoft Internet Security Framework is a comprehensive set of cross-platform, interoperable security technologies for electronic commerce and online communications that support Internet security standards. MISF technologies that have been implemented to date are Authenticode technology, CryptoAPI 1.0, support for client authentication and support for SSL and PCT protocols. In the coming months, MISF will deliver a certificate server, certificate management functions via CryptoAPI 2.0, a
ì
wallet,
î
an implementation of the Secure Electronic Transactions (SET) protocol for credit-card transactions, and technology to allow the secure transfer of personal security information.
MISF technologies integrate with the robust Windows NT security model. Windows NT provides mechanisms to control access to all system and network resources, the auditing of all security-related events, sophisticated password protection and the ability to lock out intruders. Windows NT also provides a single logon for users and central management of user accounts for administrators. For more information on the Microsoft Internet Security Framework, visit http://www.microsoft.com/security/ .