Authentica Security Technologies Inc, a Waltham, Massachusetts network security company yesterday launched its first product, PageVault, a document security system that the company claims protects documents throughout their lifecycle by protecting the keys that access the documents, rather than the documents themselves.
PageVault is a server that runs on Solaris and Windows NT and a client that runs on Windows and Macintosh platforms and plugs into Adobe Systems Inc’s Exchange software to convert documents in Adobe’s portable document format (PDF) into an encrypted, unreadable form. The company says it is working on support for Microsoft Corp Word and Lotus Notes documents and is also working with document management companies such as Documentum and PC Docs Inc on integration issues. It is also looking at a Linux version of the key server.
Its encryption uses keys 128 bits long and says it has export approval from the US Department of Commerce to export its technology to any nation except the seven ‘terrorist’ nations designated by the US government. By securing the keys to the document, rather than the environment in which it resides, the company claims it can guarantee security of the document wherever it is.
Each page of the document is encrypted using the RC4 encryption and digitally signed. As each page has a different key, pages within a single document can be made available to different people or organizations. This is particularly relevant as the system employs key escrow, ultimately giving law enforcement agencies access to documents with the right court order and some parts of the document may be relevant to their inquiries and others not. The separate keys enable those pages that are not relevant to remain secret. The company was touting a federal government agency customer that it couldn’t name just yet.
The PageVault server issues the keys and they always reside on the key server – all the key management is done on the server. The client application is not able to capture the keys in any way on the client machine, says the company. Authentica CEO, Lance Urbas says that there are plenty of companies that can do one of those, but he believes none that can do both – and the company is submitting patent filings accordingly. Urbas joined Authentica in December 1998 after serving as the senior VP engineering and technical services at Raptor Systems, and then general manager of Axent Technologies’ network security business unit after Raptor was bought by Axent. The company has investment from two Massachusetts-based venture capitalists, Greylock and North Bridge Venture Partners. PageVault server costs $14,000 for 100 users.