Christopher Allen (consensus@netcom.com)
Tue, 14 Jun 1994 08:01:58 -0700

I thought that you all might be interested in this:

Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Thu, 9 Jun 94 08:23:55 PDT
From: jim@RSA.COM (Jim Bidzos)
To: Christopher Allen <consensus@netcom.com>
Subject: [nrt@hamilton.com: Re: Press Release]


Kurt Stammberger
RSA Data Security Inc.
Phone: (415) 595-8782
Internet: kurt@rsa.com

Nancy Teater
Hamilton Communications
Phone: (415) 321-0252
Internet: nrt@hamilton.com



PALO ALTO, Calif., June 13, 1994 - RSA Data Security Inc. (RSA) and
Enterprise Integration Technologies Corp. (EIT) today announced the
formation of Terisa Systems, a joint venture that will market, license and
support technologies that make secure Internet transactions possible. The
new company will provide toolkits and support to developers of Internet
applications for the World Wide Web (WWW) and NCSA Mosaic.

RSA is the world leader in commercial cryptography and principal source of
public key cryptosystems; EIT is a leading developer of software supporting
commercial use of the Internet. Terisa Systems will combine the strengths
of both companies to provide developers of Internet applications with a
complete, consistent, and well-supported solution to their security needs.

Initial toolkits from Terisa Systems will support the development of secure
WWW clients and servers. The World Wide Web is a popular Internet
application architecture that enables easy access to multimedia information
distributed across the thousands of computers that comprise the Internet.
However, use of the WWW in commerce requires features such as
authentication, authorization, encryption and payment that are currently
not well supported.

Terisa Systems will provide an integrated solution to all of these needs
based on RSA's public key cryptography and EIT's Secure-HTTP (HyperText
Transport Protocol), an enhanced version of the World Wide Web's internal
communications language. Secure-HTTP ensures the authenticity of
transactions and the confidentiality of information exchanged via HTTP.
With a Secure-HTTP enabled application, a user can affix digital signatures
that cannot be repudiated, permitting digital contracts that are legally
binding and auditable. In addition, sensitive information such as credit
card numbers and bid amounts can be encrypted and securely exchanged.

Secure-HTTP can incorporate a variety of cryptographic standards and
support interoperation between programs using diffeent cryptographic
algorithms. This is particularly useful for interaction between domestic
and foreign users, where foreign users may not have access to the same
algorithms as domestic users.

Allan M. Schiffman, chief technical officer of EIT, said, "We've had
tremendous interest on the part of developers in Secure-HTTP, but haven't
been able to address their needs for a fully integrated package. Terisa
Systems will provide 'one-stop shopping' for developers and give them the
technology and support they need to get their applications to the market

According to John Young, chairman of Smart Valley Inc., "The Internet has
been evolving quickly as a medium where businesses can interact, but it is
weak in key areas, such as security, which is critically important to
business. Terisa Systems is taking a significant step forward in enabling
electronic commerce by providing a standard security implementation for
software developers in this market."

RSA Technology

Terisa Systems' Secure-HTTP toolkits will use RSA public key cryptography
technology to permit spontaneous, secure communications between unfamiliar
correspondents over non-secure, open, public networks. RSA's technology
provides privacy through encryption and authentication through digital
signatures. Terisa Systems will be the one source from which WWW
application developers can obtain RSA security technology, complete with
Secure-HTTP integration and support.

Public key cryptography is a security technique that uses a matched pair of
encryption keys. Data encrypted with an RSA public key can only be
decrypted with the corresponding RSA secret key, and vice-versa. In
contrast, traditional shared-key cryptography requires correspondents to
agree on a secret encryption key before they can communicate. Public key
cryptography avoids the need for prior agreement on keys, thus assuring
security between unfamiliar correspondents.

James Bidzos, president of RSA, said, "Rapidly growing interest in business
use of the Internet is producing a lot of interest in our security
technologies. Developers, however, have been looking for a consistent,
interoperable, and quick way to incorporate these technologies. Terisa
Systems will meet these needs by delivering RSA cryptography wrapped in a
high-value Web security system."

NCSA Mosaic

NCSA Mosaic, one of the most popular World Wide Web browsers, was developed
by the National Center for Supercomputing Applications (NCSA) at the
University of Illinois. Mosaic is a multi-platform program with a
point-and-click user interface for accessing the Internet and is primarily
known for its ability to view multimedia World Wide Web information. NCSA
also distributes NCSA HTTPD, a WWW server software package that makes
information available to Mosaic and other WWW browsers. The first toolkits
from Terisa Systems will include support for implementation of Secure-HTTP
in NCSA Mosaic and NCSA HTTPD.

In April, EIT, RSA, and NCSA announced an agreement to jointly develop and
distribute secure versions of NCSA Mosaic and NCSA HTTPD based on RSA's
public key cryptography and EIT's Secure-HTTP software. The enhancements
are to be made available to NCSA for widespread public distribution for
non-commercial use; Terisa Systems will now assume the responsibility of
providing these versions. Terisa Systems' commercial line of toolkits and
support systems will further enhance the secure Mosaic and HTTPD
implementations with additional performance, functions and support options.

According to Joseph Hardin, director of the group that developed NCSA
Mosaic, "Mosaic's growth in the marketplace has been explosive, and has
positioned it as the application of choice for users of the World Wide Web.
With Secure-HTTP, Mosaic can become a framework for companies to engage
easily in routine commerce on the Internet. By providing a standard source
for toolkits and support, Terisa Systems will address the need of
developers to implement Secure-HTTP applications quickly so they can
compete in the World Wide Web marketplace."

Products and Services

Terisa Systems will deliver a full line of toolkits and services.

SecureWeb Viewer Developer's Toolkit - Intended for developers of World
Wide Web clients, this toolkit is used to create viewers and other
applications that can communicate with Secure-HTTP enhanced WWW servers.
In addition, the toolkit will include a facility for managing multiple
certificates and keys, enabling, for example, the automatic selection of an
appropriate key through negotiation with the server. User interface
components will provide easy-to-understand control over secure
communications, using icons to make clear the status of confidential or
digitally signed documents and other information.

SecureWeb Server Developer's Toolkit - Intended for developers of World
Wide Web servers, this toolkit facilitates the creation of WWW servers that
communicate with Secure-HTTP enhanced viewers. The toolkit addresses the
more demanding server aspects of key and certificate administration. It
includes tools for storing and managing multiple keys and certificates,
associating appropriate keys with requests for particular documents, and
managing the revocation of certificates and keys. It also will provide a
stronger and more manageable document access control system.

Certificates are central to the use of public keys, for they guarantee
public key authenticity. While Secure-HTTP works with hierarchical public
key certificates issued by major institutions, in the future, Terisa
Systems plans to provide toolkits that allow organizations to issue their
own certificates. These certificates, called "lightweight" because they
may not be supported by rigorous user validation, enable businesses to
manage the certification process and issue their own certificates.

Initial implementations of Secure-HTTP and Secure-HTTPD will be provided to
NCSA in September, 1994 for subsequent non-commercial distribution.
Fully-supported Terisa Systems commercial security products will be
available in the fourth quarter of 1994.

In addition to toolkits, Terisa Systems will provide full support services,
including technical support, tutorials, training, an on-line information
service and custom consulting.

RSA Data Security Inc., Redwood City, Calif., invented the leading public
key cryptography system and performs basic research and development in
cryptography. RSA markets software that facilitates the integration of
their technology into applications.

Enterprise Integration Technologies Corp. (EIT), of Palo Alto, Calif., is
an R&D and consulting organization, developing software and services that
help companies do business on the Internet. EIT is also the project
manager for CommerceNet, the first large-scale market trial of electronic
commerce on the Internet.

Additional information on Terisa Systems can be obtained by sending e-mail
to terisa@eit.com. Telephone (415) 617-1836. Additional information on
Secure-HTTP is available by sending e-mail to shttp-info@eit.com;
additional RSA Data Security information is available by sending e-mail to


Nancy R. Teater      Hamilton Communications       phone: +1 415 321 0252
nrt@hamilton.com                                   fax:   +1 415 327 4660

------------------------------------------------------------------------ ..Christopher Allen Consensus Development Corporation.. ..<consensus@netcom.com> 4104-24th Street #419.. .. San Francisco, CA 94114-3615.. .. o415/647-6383 f415/647-6384.. ..Mosaic/World-Wide-Web Front Door: .. ..ftp://netcom7.netcom.com/pub/consensus/www/ConsensusFrontDoor.html ..