NEW SECURITY STANDARD FROM THE OPEN GROUP BRINGS THE REALIZATION OF HIGH-VALUE E-COMMERCE FOR EVERYONE A STEP FURTHER

Entrust, IBM, Intel, Motorola, Netscape, TIS Work to Deliver Security Specification Which Will Help Address Issues Undermining the Full Potential of E-Commerce

Cambridge, MA (January 6, 1998) -- In a move to introduce a consistent approach to security for Internet and Intranet implementations, The Open Group announced today that it has adopted Intel’s Common Data Security Architecture (CDSA) 2.0 specification as an industry-accepted specification for the development of secure applications that are interoperable, extensible and offer cross-platform support. The Open Group's adoption of CDSA is intended to address pervasive concerns in the industry regarding the reliability and security of electronic commerce applications.

Initiated by Intel Architecture Labs and supported by leading companies, including IBM, Netscape, Entrust, TIS, Motorola, Hewlett-Packard, Sun, Shell Companies and JP Morgan, CDSA provides a single, coherent and comprehensive set of services to address today’s security needs, which has not been possible until now.

The full potential of e-commerce is being undermined by the confusion over the use of security products, such as cryptography and the common perception that the Internet is inherently insecure. Without a standard approach to security, companies are unable to assess the value or implication of the many individual products available -- will they work with other products, can they be legally used in every country? As a result, few companies are willing to commit any real value or mission-critical information to the Internet. For this reason e-commerce today is almost entirely restricted to low value transactions, such as the sale of books.

By supporting standard access to an extensible set of plug-in service modules, CDSA offers flexible and configurable use of cryptography, certificate management, trust policy management, key and certificate lookup, storage and retrieval, and optional commercial key recovery.

"Addressing both the real and perceived security issues associated with the Internet is a key requirement in the delivery of a ubiquitous, global infrastructure," said Joseph

De Feo, president and CEO of The Open Group. "Fundamental to this goal is an industry-supported collection of standards, technologies and products that deliver a recognized level of security and reliability, which we refer to as the IT DialTone architecture and of which CDSA is a pivotal component."

"CDSA provides an open, standards-based approach to security that is critical to the growth of Internet commerce," said Craig Kinnie, vice president and director of Intel Architecture Labs. "The Open Group's ratification provides assurance that CDSA has been widely reviewed and accepted by the industry as the first extensible security solution for a common security platform, and many companies are already developing

applications based on the CDSA architecture. Intel will be deploying CDSA in several products over the next year."

"The Open Group's ratification of CDSA is a turning point for secure e-business," said Kathy Kincaid, director of I/T security programs at IBM. "A common security API makes technology like the IBM KeyWorks toolkit essential. With the new standard, the industry can now provide the broad security solutions our customers will seek as they look to exploit the business benefits of open networks."

Currently, businesses and individuals working on the Internet are faced with a bewildering range of laws and regulations regarding the use of cryptography. CDSA can be configured to comply with any such framework, at the same time removing the need for applications and middleware to be redesigned for each new jurisdiction in which they are expected to operate. This will simplify the creation and management of commercial global infrastructures that fully utilize Internet technology and deliver real e-commerce potential.

CDSA will deliver benefits to both the suppliers of technology and their customers. For suppliers, the new standard will enable them to bring interoperable applications using

e-commerce, content protection and more secure communications technologies to the market quicker and more cost-effectively.

The CDSA specification is now an industry standard published by The Open Group. Information about CDSA is available at http://www.intel.com/ial/security, including complete text of the specification, its background and other resources.