IBM and Lotus Development Corp. announced Tuesday they are donating industry-standard security software source code to the Internet community which can be used for making online commerce easier and more secure.
The security software is based on Internet standards defined by the Internet Engineering Task Force, the leading international standards organization for the development of the Internet. This will help unify the Internet community by enabling vendors to more easily adopt, develop and promote a standard way to secure any and all applications with digital certificates. With digital certificates, people can sign their names electronically, much like drivers’ licenses are used for identification.
The software source code, also known as a reference implementation, delivers on the IETF’s draft Public Key Infrastructure standards, commonly referred to as PKIX. PKIX provides the mechanism to issue, validate, revoke and renew digital certificates. The reference implementation will be available through the Massachusetts Institute of Technology’s Web site at the end of August.
“Internet software vendors and customers today face a major interoperability hurdle due to proprietary implementation of public key infrastructure, ” said Jeff Schiller, IETF Area Director and MIT Manager of Systems and Operations. “By developing and making the PKIX reference implementation code available to all, IBM and Lotus are enabling software vendors to develop products that interoperate and are giving customers the option to choose products that support cross-product and cross-vendor interoperability.”
“By providing the code at no charge, IBM is making it much easier for companies to adopt the PKIX standard…enabling them to securely link their customers, their remote offices and sites, their partners, their suppliers and vendors via the Internet,” said Jeff Jaffe, IBM General Manager of eNetwork Software and Security. “Internet software vendors now will be able to get encryption-based products to market faster, and users will be able to conduct business safely and securely online while reducing their costs.”
Systems and software vendors now may take advantage of the source code, or reference implementation, and no longer need to invent their own core technology or worry about interoperability of certificates. By selecting a product based on the emerging standards, customers will be able to deploy a single public key infrastructure for all of their security applications, reducing the total cost of ownership including deployment time and expense.
In addition to more than 20 organizations participating in authoring the PKIX standard, leading companies, associations and software vendors have lined up to support PKIX, including (see quotes attached): General Motors, JP Morgan, Netscape, Sun, International Computer Security Association, Security Dynamics, Inc., Intel, Equifax, and DASCOM.
Building on IBM’s leadership in promoting and delivering PKIX, IBM and Lotus intend to integrate this standard public key infrastructure throughout their products, including:
Applications, such as Lotus Notes and Lotus Domino;
Networking software, such as IBM eNetwork Firewall and IBM Global Sign-On;
IBM operating systems, such as AIX, OS/2, OS/400 and OS/390;
IBM’s newly announced digital certificate solution, IBM Vault Registry;
IBM SSL toolkits, which are used today in more than 20 products such as IBM Websphere Application Server and eNetwork Host on Demand.
In addition, Tivoli will provide management support for the standards-based digital certificate environment.
Services and Consulting
Continuing IBM and Lotus’ thrust with PKIX standards, customers in every part of the world can also take advantage of services and consulting support through IBM Global Services. IBM can help implement and deploy an architecture that supports an enterprise-wide PKI that all applications can use. IBM services offerings enable customers to develop their PKI policy, strategy and requirements definition. Planning, architecture and implementation services are also available to help customers effectively use PKI to enhance their business operations.
Available to the public and at no charge, the Public Key Infrastructure reference implementation can be downloaded from the World Wide Web on MIT’s Web site located at at the end of August for Windows NT. A version of the reference implementation will be available for Sun Solaris by the end of the year. IBM plans to offer the complete reference implementation function plus additional enhancements on AIX in January 1999, and plans to support the PKIX standards in the OS/2, OS/400 and OS/390 environments. Distribution of other products incorporating the PKIX standard will be decided by the respective vendors of those products.
The IETF, Internet Engineering Task Force, is an international organization of network designers, operators, vendors, and researchers who continuously work to improve Internet architecture and the smooth operation of the Internet. More information is available at .
IBM creates, develops and manufactures some of the industry’s most advanced information technologies, including computer systems, software, networking systems, storage devices and microelectronics. IBM offers information about the company and its products through the World Wide Web. The fastest, easiest way to get information about IBM software is through the IBM software home page at . More information about today’s announcements is available at .
Lotus Development Corporation, founded in 1982, is a subsidiary of IBM. Lotus offers high-quality software products and services that reflect the company’s unique understanding of the new ways in which individuals and businesses must work together to achieve success. Lotus Notes, Lotus’ premier messaging and collaboration software for the Web, incorporated the first commercially available public key infrastructure (PKI) in 1989 and, with more than 25 million seats, is one of the largest PKIs deployed today. Lotus now markets its products in more than 80 countries worldwide and provides numerous professional consulting, support and education services through the Lotus Services Group. More information is available at .
Customer/Vendor Quotes and References IBM/Lotus PKIX Reference Implementation Announcement
Contact: Randy Sanovic, General Motors Corporation General Director Information Security Phone: 313 667-4767 Debbie Yedlin, Asst. – 313 667-4603
“Common security standards will allow us to interoperate with future as well as with existing information technologies,” said Randy Sanovic, General Director Information Security at General Motors Corporation, the world’s largest industrial corporation and full-line vehicle manufacturer.
“This is an essential building block in constructing a worldwide e-commerce framework.”
Contact: Charles Blauner, JP Morgan Phone: 212-648-4284
J.P. Morgan is a leading global financial firm that meets critical financial needs for business enterprises, governments, and individuals.
“From accessing portfolio information to providing access to markets, businesses are increasingly using the Internet,” said Charles Blauner Vice President; Security & Internet Architecture at J.P. Morgan & Co. Incorporated, a leading global financial firm. “Public-key Cryptographic Infrastructures are the key facilitator for providing these services in a secure fashion. The progress announced today in advancing common open standards through the development of a freely available reference implementation will help accelerate the adoption of those standards. These standards are critical to insure the interoperability of products that financial service companies need to serve their clients today and in the future in a secure fashion.”
Contact: Ben Horowitz, Netscape Communications Corporation
“In the Net Economy, companies require extranet security solutions that provide performance, scalability, reliability and that extend outside the enterprise to include partners, customers and suppliers,” said Ben Horowitz, vice president of the Mission Control product line at Netscape Communications Corporation. “Interoperability among vendors’ security products is key to success. With IBM’s announcement today, IBM joins Netscape among the growing list of vendors validating the Internet open source code model for product development and cross-company interoperability.”
Contact: Robert Moskowitz, ICSA, Inc.
“I applaud IBM and Lotus for putting the PKIX reference implementation in the public domain,” said Robert Moskowitz, Senior Technical Director, ICSA, Inc. “Having a reference standard to follow helps improve computer security worldwide by enabling people to more rapidly build and test interoperable security products.”
Contact: Richard Mack, Security Dynamics Phone: 781-687-7846. Email: [RHMack@SecurityDynamics.com]
Security Dynamics helps enterprise customers and their partners protect business information. The Company provides information security solutions, technologies and services that leverage Security Dynamics’ expertise in authentication management, encryption and access control.
“Security Dynamics and RSA Data Security applaud IBM’s initiative to present the PKIX standard in the public domain,” said Chuck Stuckey, chairman, president and CEO of Security Dynamics Technologies, Inc. “This philosophy of interoperability and open security standards is paramount to the successful implementation of PKI products and services, and one that is embodied in Security Dynamics’ architecture for enterprise security.”
Contact: Mike Premi, Intel Corporation Phone: 503-264-2842 Email: [Mike.Premi@intel.com]
Intel supplies the personal computing industry with the chips, boards, systems and software that are the “ingredients” of the most popular computing architecture. These products help create advanced computing systems for personal computer users. Intel helps you build faster, simpler networks.
“Interoperable PKI frameworks are a critical requirement for electronic commerce,” said Michael Glancy, general manager of the Platform Security Division at Intel, “and we are delighted by the step that Lotus has taken with this reference implementation. By building on top of CDSA, the PKIX reference provides a single, open public key infrastructure that will accelerate the deployment of electronic commerce solutions.”
Contact: Penny Bruce, Partner PR Manager, Java Software Sun Microsystems, Inc. Phone: 408-343-1796 Email: [firstname.lastname@example.org]
“Public Key Infrastructure is a crucial component of Internet security and electronic commerce, and Sun is pleased that IBM is donating a reference implementation that will help accelerate PKI deployment,” said Dr. Li Gong, Java Security Architect and Distinguished Engineer, Sun Microsystems, Inc.’s Java Software. “The publicly available reference implementation will also provide a testbed for interoperability with other PKI technology products, such as the certificate support in the core JDK 1.2 packages.”
Contact: Dave Mooney, Public Affairs, Equifax Phone: 404-885-8117
Equifax’s worldwide knowledge-based information, transaction processing, consulting and software businesses, are designed to bring buyers and sellers together…thus changing the shape of global commerce.
“Strong standards are fundamental to the phenomenal growth that we expect within the electronic commerce arena. Today’s announcement by IBM and Lotus to donate a reference implementation of the PKIX standard for digital certificates should accelerate interoperability. IBM has a long history in the security arena and this latest contribution of standards simply confirms our decision in choosing them as the technology partner for our digital certificate service,” said Jeff Johnson, SVP of Electronic Commerce.
Contact: Lauren de Vries, Manager of PR and Events for DASCOM, Inc.
Phone: 408-460-3600 E-mail: [email@example.com]
DASCOM is a leading provider of scalable Intranet security solutions to the Global 1000. IntraVerse provides network security management and authorization for enterprise intranets and extranets.
“IBM’s leadership in furthering the standard for Public Key Infrastructure through the PKIX Reference Implementation is a significant step towards establishment of interoperable security standards for electronic commerce,” said Greg Clark, DASCOM Chief Technology Officer. “DASCOM looks forward to the benefits of this work underpinning our security solutions”.