Complete e-business Security for Your Applications







Full text


Complete e-Business Security

for Your Applications


More than 450 million copies of



technology are

embedded in today’s most popular software applications and hardware

devices worldwide. Encompassing the most



set of cryptographic






RSA BSAFE is the

most relied-upon

set of

complementary security products by developers and manufacturers worldwide.

As your company accelerates its e-business initiatives, your future depends




can trust

. For that, RSA Security should be


partner of choice.

For nearly two decades, RSA

Security has focused on the innovation, productization, enhancement and

ongoing support of security products. It’s all we do, and people tell us

we’re the

best in the business.

Just ask our more than

500 partners.

You wouldn’t build a CPU — you’d buy one from

a company who is known and respected in the industry. And why build a

database engine from scratch when you can choose among a number of

tested and proven core database products? So why would you build an

application using anything other than





security software? RSA Security is the most




provider of encryption, security protocols and PKI

compo-nents for electronic business applications. You can


on us.


Technology reaches every corner of your business. With the rise of the Internet economy, organizations worldwide rely on the Internet for interacting with each of their customer touch points, including internal resources as well as partners, resellers and distributors. In addition, networked information and applications are more important — and more distributed throughout the organization — than ever before.

That means that the security and e-business readi-ness of your systems is more important than ever before. While e-business has allowed companies to streamline processes and controls and achieve higher customer satisfaction and increased revenues, it’s also caused great concern over the protection of company assets. And consumers are wary too. That’s why security should be at the top of your list when developing or deploying any business application. And why RSA Security can put your mind at ease — whether your application allows e-commerce trans-actions, involves e-mail, enterprise access or down-loading files to a hand-held device or pager.

RSA Security is the most trusted source of e-security enabling technology. We were the first company to concentrate solely on security systems as the net-working and Internet industry began to proliferate. As pioneers in public key encryption technology, RSA Security recognized early that strong, stable security components are part of the arsenal of tech-nology needed in interactive software applications. The world’s most successful software companies have selected RSA Security precisely because they trust us to provide them with the most advanced security tools in the world.

Backed by a renowned team of security experts, RSA Security continues to enhance its technology. And the RSA BSAFE product line provides you with the most trusted set of products providing complete coverage for all of your networked, Internet, intranet and extranet applications and services, ultimately helping you achieve faster time-to-market, greater interoperability with other standards-based applications, and greater reliability of your applica-tions’ security.


Unmatched security



Over the past several years, the field of cryptography has advanced in step with the overall

advance-ment of technology. To most people, cryptography involves keeping communications private.

However, this is only one part of today’s cryptography.

Encryption is the transformation of data into a form that is virtually impossible to read without the

appropriate knowledge (a key). Its purpose is to ensure privacy by keeping information hidden from

anyone for whom it is not intended; even those who have access to the encrypted data. Decryption

is the reverse of encryption; it is the transformation of encrypted data back into an intelligible form.

Encryption and decryption generally require the use of some secret information, referred to as a key.

For some encryption mechanisms, the same key is used for both encryption and decryption; for other

mechanisms, the keys used for encryption and decryption are different.

Today’s cryptography is more than encryption and decryption. Public key cryptography in particular is

also used for digital authentication — providing assurance that communication is from a particular

person. Authentication is as fundamental a part of our lives as is privacy. Authentication is used

throughout one’s day, especially as we move to a world where decisions and agreements are

commu-nicated electronically.

Cryptography provides mechanisms for such procedures. A digital signature binds a document to the

possessor of a particular key, while a digital time stamp binds a document to its creation at a

particu-lar time. These cryptographic mechanisms can be used to control access to a shared disk drive, a high

security installation, or a pay-per-view TV channel.

The field of cryptography encompasses other uses as well. With just a few basic cryptographic

tools, it is possible to build elaborate schemes and protocols that allow paying for goods and

services using electronic money, prove we know certain information without revealing the

infor-mation itself, and to divide and share a secret quantity in such a way that a subset of the shared

keys can reconstruct the secret.



More than


— complete


security control.

RSA Security products are based on state-of-the-art encryption and authentication algorithms. Simply put, cryptography is the “art and science of using mathematics to secure information and create a high degree of trust in the electronic realm” RSA Security has the richest set of algorithms in the marketplace — both proprietary and in the public domain — and the RSA Public Key Cryptosystem is recognized worldwide as the fundamental technology enabling e-business on the Web. These algorithms are made available in easily integrated software libraries — libraries that have withstood use by millions for over a decade on the Internet. In fact, many of the world’s leading high-tech manufacturers, including @Home, Cisco, Compaq, IBM, Microsoft, Oracle — and more than 500 other licensees — already embed RSA BSAFE technology into their applications. However, cryptography, including all popular secret-and public-key encryption algorithms, is just the foundation of what RSA Security has to offer with the RSA BSAFE product line.

The RSA BSAFE line not only provides core crypto products for those organizations needing basic secu-rity embedded in their applications. It also provides

out-of-the-box security protocol software compo-nents like RSA BSAFE SSL and RSA BSAFE S/MIME to ensure complete security at the protocol level for Internet and messaging applications. And to help build applications that take advantage of a PKI, RSA Security has developed an RSA BSAFE Cert product line, which contains all the tools needed to develop applications that use digital certificates. RSA BSAFE Cert SDKs provide software libraries, sample code and documentation that significantly reduce the amount of work and expertise required to perform cryptographic security procedures with certificates. Each RSA BSAFE developer’s kit is a complete soft-ware development environment providing compre-hensive building-block security components for creating fail-safe software applications. RSA BSAFE technologies are used in e-business applications, enterprise software, cellular phones, Web browsers, complex networking equipment, cable TV boxes and in the majority of PCs on the market in order to provide built-in security for customers.

Beyond that, RSA BSAFE products provide PKI-inte-gration, so that “RSA Secured” applications can be managed along with your other mission-critical networked applications. SAMPLE CODE SECURITY LIBRARIES AND COMPONENTS UNSECURED APPLICATION SECURED APPLICATION BSAFE® Complete e-Security Components for Developers









Whether you need core cryptography routines for your application or a fully implemented protocol, the RSA BSAFE line of SDKs provides you with all of the components you need to make your applications absolutely safe and secure. By using RSA BSAFE products, your staff can save months of development time, enabling you to roll out mission-critical systems earlier and with more confidence. In addition, RSA BSAFE products allow easy and fool-proof integration with other RSA-enabled software and hardware, including networked and enterprise applications, Internet applications including most popular browsers, as well as pagers, cell phones and hand-held devices.


total security solutions:


development time,


time to market.



The RSA BSAFE Crypto products are at the heart of the product line. RSA BSAFE Crypto is the world’s most popular cryptography component with the widest range of data encryption and signing algo-rithms available. It includes all popular secret- and public-key encryption algorithms, including

Triple-DES, the high-performing RC5,™

the RSA Public Key Cryptosystem and the DSA government signature

algorithm, MD5™

and SHA1 message digest routines

and optimized routines for RSA™

public-key genera-tion, primality testing and pseudo-random number generation. Software libraries, sample code and a

complete standards-based implementation enables near-universal interoperability for your networked and e-business applications.

Any programmer using RSA BSAFE Crypto tools can create secure applications without a background in cryptography, mathematics or number theory. And, our trusted algorithm implementations are constantly being upgraded for greater security, performance and standards compliance — that’s why more orga-nizations worldwide use RSA BSAFE Crypto products. Your evolving business depends on secure technology. Why would you trust anyone but the best in protect-ing your electronic assets and reputation?

“RSA’s contribution to the electronic commerce world is much, much broader than what anybody recognizes. RSA BSAFE technology provides the enabling tools — the cryptography and security protocols — essential to conduct secure

transactions over the Internet. Much of what they do is invisible to the majority of the business world today. And maybe that is the way it should be.

Because if it works really well, you shouldn’t have to worry about it.”

J. Russell Gates

Partner, Computer Risk Management Arthur Andersen






Security protocol components

packaged security to



application capabilities.

Internet, multi-tier and distributed client-server applications are quickly becoming the norm for today’s IT and e-business infrastructure. Recent ana-lyst reports indicate that business-to-consumer trading over the Web will exceed $100 billion and business-to-business trading will exceed $2 trillion over the next three years. As companies rush to take advantage of this vast shift in the global economy, it is imperative that secure deployment of applications and services take place.

Secure Sockets Layer (SSL) is the Internet security protocol for point-to-point connections. It provides protection against eavesdropping, tampering and forgery. Clients and servers are able to establish a secure link, or “pipe” across the Internet to protect the information being sent and received. Customers can have greater confidence that their information is confidential, authentic and original during an Internet connection.

However, implementing SSL within an application can be a formidable task. The protocol infrastruc-ture, upper layer services and underlying crypto-graphic algorithms and certifications can pose a time-intensive project for any development

organi-zation. RSA BSAFE SSL products provide developers with a comprehensive, out-of-the-box product that provides all of the components for delivering SSL-enabled applications. With one trusted vendor for everything you need — from an entirely secure pro-tocol to the underlying cryptography — developers can ensure that their applications will be developed faster and with more reliable security.

RSA BSAFE S/MIME builds on the S/MIME standard for secure messaging applications. Like SSL, imple-menting a complex protocol like S/MIME is not a trivial task. The RSA BSAFE S/MIME product provides a complete solution for adding S/MIME functionality to your products. With a tested and proven security subsystem like RSA BSAFE S/MIME, you can acceler-ate development of your applications and be sure they are interoperable with other standards-compli-ant S/MIME-based products.

Both SSL and S/MIME standards were created based on the encryption technologies that RSA Security invented. So if you’re creating a standards compliant product, why not get your software from people who know it best?

“RSA is both a pioneer — they’ve been a clear leader in public key infrastructure dialog and standards bodies — and a critical business and technology partner. RSA has helped us to evolve our security solutions so that we are not only

interoperable between Compaq’s own products, but are interoperable between all products and solutions across the industry.”

Bill Ferguson

Marketing Director



PKI integration

— the next step in


for ensuring


across the


“Public key” technology offers the best solution for securing e-business, but to date, competing solutions for implementing public key technology in an enterprise — known as Public Key Infrastructure (or PKI) — have not been interoperable.

RSA BSAFE Cert products provide programmers and application developers a way to simplify develop-ment of applications that use digital certificates. Digital certificates have emerged as a popular way to bind cryptographic “public” keys to the identity of individuals and entities — greatly aiding in the use of Internet banking, secure e-mail — in fact all forms of e-commerce and e-business. RSA BSAFE Cert products help organizations and software vendors build PKI-enabled applications and security products. In addition to the certificate management proce-dures in the RSA BSAFE Cert libraries, RSA Security

has included protocol support for real time PKI interaction including certificate request/response operations such as certificate enrollment, revocation, lookup and validation.

Applications created with RSA BSAFE Cert can seam-lessly and automatically interoperate with multiple existing PKI products that support PKCS standards (as well as emerging standards like PKIX). This includes virtually all of today’s market leading public key Infrastructure products from RSA Security, VeriSign, Microsoft, Netscape and Entrust.

RSA BSAFE Cert products provide the next level of sophistication and security — as well as ease-of-implementation to assist you in your secure product development initiatives.


Enterprise customers and end users recognize products created using RSA BSAFE technologies as being of the highest quality and the most robust when it comes to security. In fact, if your product or application is stamped with the “RSA Secured” seal of approval, you are assuring your users and customers that their e-mail, online transaction, cell phone call, application or device is protected by the most trusted e-security technology available worldwide.

24 X 7 Support for Your e-Business Solutions

RSA Security has a long track record of ongoing enhancements and support of all of its security solutions. With RSA Security, you can depend on the most comprehensive support program in the industry, including guaranteed response time, maintenance options and the delivery of a continuous stream of new features and upgrades. RSA Security customers can select among a menu of support programs designed to meet their needs. From basic support to round-the-clock premier services, RSA Security is there to help you with your development project.

Professional Services Dedicated to Make You Succeed

Our mission at RSA Security is to help you make your applications absolutely secure from external, internal and other threats. That’s why RSA Security Consulting and Educational Services can provide you with the advanced skills and expertise you may require during each step of the secure application development cycle. From assessing threats to your application security to developing and deploying complete systems, RSA Security employs compre-hensive best practices and methodologies—practices that have been developed from nearly 20 years’ experience.

RSA Laboratories Secures Your Trust

Gartner Group®research shows that 85% of IT organizations have significant concerns about their IT security

testing practices. That’s why RSA Security created RSA Laboratories—a think-tank of the most talented and trusted mathematicians and systems-level security developers with the sole purpose of keeping RSA Security at the top of its field in providing trusted security products to its customers. Founded in 1991, RSA

Laboratories is world-renowned for its cutting-edge cryptographic research and development work.

RSA Laboratories personnel not only occupy top seats on key standards committees worldwide and drive the formation of new and existing standards, they are charged with ongoing high-level development and research of RSA Security’s evolving technology and products as well as industry publishing, conference chair-ing and industry education. In addition, your technical support and consultchair-ing advice comes straight from the experts. It is RSA Security’s philosophy to provide our customers with the best advice and direction possible, and our entire team has access to these premier scientists and engineers.


“Microsoft, Apple, IBM and DEC don’t agree on much, but we all agree RSA Security is the way to go.”

Nathan Myhrvold

Chief Technology Officer Microsoft Corp.

RSA Security: The Most Trusted Name in e-Security

RSA Security offers products, technologies and services that help organizations conduct electronic business in confidence, protecting information and enabling global e-commerce. RSA Security has the global reach, unrivaled technical and systems experience and proven leadership to address the changing security needs of e-business.

In addition to RSA BSAFE solutions, RSA Security offers the following product lines:

RSA Keon™is a family of public key infrastructure

(PKI) products for managing digital certificates that ensure authenticated, private and legally binding electronic communications and transactions. RSA Keon allows organizations to embrace powerful new e-business approaches with confidence, providing a common foundation for secure distributed systems such as Web e-commerce applications, authenticated and private e-mail, virtual private networks and ERP. Modular, flexible and interoperable with other stan-dards-based PKI products, RSA Keon offers more value in a PKI solution. RSA Keon is designed for use and integration with both custom and ISV applica-tions that have been engineered with RSA BSAFE security technology.

RSA SecurID®is a solution to provide centrally

managed, strong, two-factor user authentication services for enterprise networks, operating systems, e-commerce Web sites, and other IT infrastructure, ensuring that only authorized users access data, applications and communications. Supporting a range of authentication devices, including hardware tokens, key fobs, smart cards and software tokens, RSA SecurID solutions create a virtually impenetrable barrier against unauthorized access, protecting network and data resources from potentially devas-tating accidental or malicious intrusion. RSA SecurID user authentication products offer enhanced security to PKI installations, and to the secure applications hosted on the PKI system.

RSA Security is a worldwide services organization, offering complete consulting, design, implementa-tion, training and support services. In addition to the resources of the world’s leading cryptographic devel-opment organization, RSA Security delivers services through partnerships with leading technology firms, providing custom and industry-specific solutions to e-business challenges.


BSAFE, SecurID and ACE/Server are registered trademarks, and RSA Secured, RSA Security and Keon are trademarks of RSA Security Inc. All other trademarks mentioned herein are the property of their respective owners. ©1999 RSA Security Inc. All rights reserved.


OEM and Developer Solutions Group:

2955 Campus Drive, Suite 400, San Mateo, CA 94403 USA Tel 800 PUBLIKEY or 650 295 7600, Fax 650 295 7700

Corporate Headquarters:

Massachusetts, USA, Tel 877 RSA 4900 or 781 301 5000, Fax 781 301 5170

Europe, Middle East and Africa Headquarters:

United Kingdom, Tel +44 118 936 2600, Fax +44 118 936 2790

Asia/Pacific Headquarters:

Singapore, Tel +65 733 5400, Fax +65 733 2400 Japan, Tel +81 3 3539 7511, Fax +81 3 3539 7514





Related subjects :