Maverick in Data Security Offering Tool Kit to Help Developers of Smart Cards
By JEFFREY KUTLER
Certicom Corp., which has been trying to win the information security market over to an unconventional form of data encryption, is doing its bit on behalf of another underdog: smart cards.
The Toronto company that champions elliptic curve cryptography - a challenge to the more established commercial methods based on RSA Data Security Inc.'s technology - introduced a Smart Card Evaluation Tool Kit two weeks ago during RSA's annual security industry conference in San Jose, Calif.
The kit is designed to help system developers evaluate and eventually deploy elliptic curve on smart cards-and thereby help to prove Certicom's selling point that the approach brings heavy-duty data protection to cards, pagers, cell phones, and other devices that have limited memory and computing capacity.
Certicom, which was founded in 1985 and has its sales and marketing headquarters in San Mateo, Calif., emphasizes the efficiencies that come with shorter encryption keys. In elliptic curve cryptography, or ECC, a key of 106 computer bits is equivalent to an RSA key of 512 bits; an ECC key size of 210 equals 2,048 in an RSA or digital signature algorithm operation, according to Certicom scientists.
Though ECC lacks the years of rigorous testing and attacking to which RSA programs have been subjected, it recently gained legitimacy as an American National Standards Institute financial standard, catalogued as X9.62. And RSA Data Security's addition of ECC to its BSAFE tool kits has broadened the community of testers.
"That validated (ECC) as a major cryptosystem," said Certicom chief executive officer Philip C. …