From Computer Business Review, a sister publication.
Software and Systems Engineering Ltd, SSE, is intimidating the US government. The small Irish specialist in electronic commerce security software is planning to override the US ban on the export of high level internet data encryption software by shipping TrustedWeb. TrustedWeb, which is in beta test and due to ship in June, is not targeted at the internet but at controlling data access within corporate intranets. It works by defining the level of access to data and applications given to individuals and groups of users. Payroll clerks in a company, for example, might have access to salary data, but only the finance director may have access to projected salary increases. At log-in, users are issued with a ‘token’ containing their role attributes. When they try to access an application, their password and access privileges are verified by a role server, preventing any unauthorized entry. TrustedWeb is positioned as a logical extension to ‘firewall’ software which protects against unauthorized external access to web sites and intranets. Many corporations have delayed the implementation of intranets due to security worries. The threat is that employees and outsiders will get access to sensitive corporate data. In the US, this has been resolved by the adoption of 128-bit encryption. But US government fears of internet-based crime mean that users of 128-bit encryption have to provide the authorities with a key to unscramble the data.
It has also led to a ban on the export of 128-bit encryption, leaving European companies using the vulnerable 40-bit encryption standard. SSE wants to change all that with what it believes is the first 128-bit encryption security package to emerge from Europe – a package which has no export restrictions and which is downloadable from the company’s web site. The product is fairly simple to apply to established intranets, using existing browsers such as Navigator and Explorer, and working with all the main web servers. Pat O’Reilly, SSE’s managing director, says the software can be implemented in a week and requires no changes to existing web pages. SSE itself is something of an oddity. It was established in 1992 through the merger of the Irish wings of Nixdorf Computer Software and Siemens Engineering. It is still 100% owned by Siemens but is treated as an independent, entrepreneurial entity. Its venture capital comes from NewStars, a Siemens group that dishes out advice and funds to internal start-ups from a pot of DM10m. NewStars hopes to build a portfolio of 30 to 40 companies over the next couple of years. SSE is still no ‘new star’ – its activities in defense and finance security and messaging have built it into a company with revenues of DM12m or $7.7m in 1996 and a staff of 60. But TrustedWeb’s 128-bit algorithm, based on the RSA and DES encryption standards, and policy-based security is destined to change all that, says Robert Gogel, the member of the Siemens Nixdorf board which is overseeing the company. The defense contractor Siemens Plessey is already currently testing the software for use in armed forces applications across Europe.