Over the last few years, we’ve all heard the increasingly vociferous claims made for electronic data interchange, electronic mail and wide area networking in general: hackneyed buzzphrases such as strategic business advantage, and the advent of 1992 have been bandied about as if they were going out of fashion, which, unfortunately, they clearly are not. Few would be prepared to argue that such advances as EDI do not have an important role to play in the commercial and financial sectors, but a relatively untouched angle on the whole subject was given last week by Brighton, Sussex-based Computer Security Ltd. Computer Security is convinced that these technologies do in fact offer the key to the future, but also puts forward the somewhat apocalyptic view that without sufficient security measures they may well become the key to crime and collapse. But then, a company dealing in the provision of data integrity and security software would say that, wouldn’t it?

Scaremongering

Managing director Jim Foord, however, is anxious to deny categorically any accusations of scaremongering, and claims that he could give many examples of breaches in data integrity were it not for the fact that his clients quite naturally like to shroud their misadventures in a cloak of secrecy. Like one of the Big Four High Street banks, which some years ago was rumoured to have taken no action against an electronic fraudster in return for a detailed account of how the UKP750,000 theft was carried out, so that customers – and potential criminals – were kept in the dark about how insecure the whole system was; or like the senior executive of an anonymous multinational whose laptop went missing one day – the loss was immediately reported to Computer Security, which subsequently took on the company as a client, but Foord says that to this day he still has not been told what information the laptop contained, and who would have been interested in it. Aside from the more sensational reports of data crime, such as the recent case of deliberate dissemination of a computer virus, it is certain that data crime does exist, and with the move towards more distributed processing power, the opportunities for its increasingly artful exponents will duly become more plentiful. Computer Security’s software design is based on the premise that no code designed to ensure data integrity as it passes from A to B is impossible to crack – the idea is to set up such a large number of combinations that decryption would take so long as to be impracticable. –

By Mark John-

To give a measure of the time-periods involved, Foord reckons that one of its top level codes would require eight years’ processing on a Cray 1 supercomputer to crack. The Computer Security range of hardware and software products for personal computers to mainframes has recently been supplemented by that of Redwood City, California-based RSA Data Security Inc, whose products it is now marketing in Europe. Computer Security explained that the effectivenes of RSA’s encryption software is based on the difficulty of factorising prime numbers – which may sound like a conjurer explaining one trick by performing another. For the benefit of the dazed journalists present, an analogy was given to explain how the Massachusettes Institute of Technology-developed RSA system handles the encryption and decryption of electronic signatures, which like written signatures establish the origin and authority of a message. Imagine a company that wants to send classified information to a number of parties over a wire. In the analogy, this company is provided with an English-to-Sanscrit dictionary – the only one in the world, and belonging uniquely to that company. The signature, which may be composed of a number of elements, is translated into Sanscrit and sent to the appropriate parties, each of whom has a Sanscrit to English dictionary. In this way, they can convert the signature back to English, but in order to reproduce the original Sanscrit signature, they would need to go through the whole of their one-way dictionary

to translate each element – a virtually insuperable task. In the RSA Key Cryptosystem, the English-to-Sanscrit dictionary corresponds to the private key, used uniquely by that company to sign the document, while the Sanscrit-to-English dictionary relates to the public key that is freely distributed so that recipients can check the authenticity of the document received. RSA’s Public Key Cryptosystem, like Computer Security’s SafeGuard products, have found their market largely in the banking and fin-ancial sectors, but both expect the commercial sector to get more interested in view of the technological developments mentioned earlier. In the last few days, RSA has finally clinched a deal with the US Department of Defense to use the Cryptosystem in support of the US government Protection of Logistics Unclassified Sensitive Data – PLUS – programme, and more good news came as the RSA software – which uses object-oriented techniques in the C and C++H languages – was recently endorsed as a standard within the 600,000 user US Internet network that was the victim of the virus unleashed by Robert Morris – now convicted and awaiting sentence; it is also being put forward for ratification by the Consultative Committee on Telegraphy and Telephony as a European standard.

Lotus Notes

Apart from distribution by Computer Security, RSA software is also sold OEM by firms including DEC, Motorola and Lotus Development, which has recently announced the Notes package incorporating RSA’s BSAFE system. Computer Security does around UKP4m and UKP5m business a year and was saved four years ago by venture capitalists Advent, which, along with Legal & General and Commercial Union, is a major shareholder in the concern. It presently sells via its own dealers, but Foord says that in the future it may be looking to engineer licence deals similar to those of its new US trading partner.