Excerpts: Entrust Technologies: A Proposal to John Sheldon and Steve Baronoff
- Entrust provides software products that address the growing need for security in electronic transmissions by providing encryption and authentication through its public key management system. Based on reviews, the Entrust product is the leader in standards-based, cross-platform public key certificate management for corporate use.
- DLJ has hard-circled $10 million from Olympus at a post-money valuation of $90 million and wants to close this round of financing by year-end. Nortel has always had strong security products in the telco world (well-regarded X.25 security solutions) and believes that it can use its experience and distribution capabilities to aid Entrust.
- Entrust is a family of public-key cryptography software products for encryption and digital signatures on computer networks with fully automated key management.
- Entrust offers encryption and digital signatures that offer solutions to the five fundamental network security requirements: confidentiality, access control, integrity, data origin authentication, and non-repudiation.
- Encryption address the confidentiality and access control requirements. Encryption can be used to make a file private so that only the people authorized can decrypt the file to read the information.
- Digital signature addresses the integrity, authentication, and non-repudiation requirements. A digital signature is analogous to a handwritten signature in that a digital signature can be used to assure a reader of the (non-repudiable) source of the information. In addition, a digital signature can ensure that any unauthorized changes to the data will be detected (integrity).
- Key are like passwords. The term key management refers to the secure administration of keys to provide them to users when and where they are required.
- While it is safe to send encrypted messages without fear of interception (because an interceptor is unlikely to be able to decipher the message), there always remains the problem of how to securely transfer the key to the receivers of a message so that they can decrypt the message.
- Historically, encryption systems used what is known as symmetric cryptography. Symmetric cryptography uses the same key for both encryption and decryption. However, a major advance in cryptography occurred with the invention of public-key cryptography. The primary feature of public-key is that it removes the need to use the same key for encryption and decryption.
- Entrust is a unique product in a new product category known as Public-Key Intrastructures (PKI). The Entrust offering is unique in that it is scaleable and allows corporations the ability to extend this security beyond the Web.
- As computers continue to get networked, security of information becomes extremely important. Solving security issues will increase the types of applications that can be accessed through public networks.
- Until 1993, sensitive data was primarily transmitted through private leased lines, but the popularity of the Internet means that organizations are increasingly using public networks to transmit sensitive data and conduct transactions. When compared to private leased lines, public networks offer improved support at a lower price, primarily due to the economies of scale achieved through larger numbers of people sharing the network, and this has been an important factor that has led to the switch from private leased lines to public networks.
- I recently spoke with the V-One Corporation, another Internet security company. In general, they were complimentary about Entrust and said that Entrust is doing very well in the financial community (the ones that are in a position to drive electronic commerce). People like Entrust, because it allows them to manage the certificates themselves. While the market in general in still up in the air, they say that the majority of the interest in in Entrust.
- On the competitive side, the real threat is from AT&T, Motorola and GTE. V-One does not really see Netscape/Microsoft as a real player because 1) they’re version of security is web specific (the digital ID does not exist outside of the web) and 2) the browser authenticates the machine (and the ip address of the connection), not the user. And it is the user that needs to be authenticated.
Source: Deepak Moorjani