RSA Upgrading Its Keon PKI Security Software

BEDFORD, MASSACHUSETTS (08/25/2000) - RSA Security Inc. this week will unveil an upgraded version of its public-key infrastructure software, adding support for digital certificates from multiple vendors and making it easier for security administrators to register users to receive certificates through an automated download process.

Available for Windows NT or Unix, RSA's Keon 5.5 suite includes a certificate server for managing user registration and a security server for storing the digital credentials. Users get client software that lets a Keon X.509 certificate - and now certificates from Baltimore Technologies Inc., Netscape Communications Corp. and IBM Corp. - be used in multiple applications for signing electronic documents, encrypting them or simply proving identity on the Web.

Previously, Keon only supported certificates from RSA and VeriSign Inc. Soon, RSA plans to add support for Microsoft Corp. certificates, says Lina Liberty, RSAs director of product management.

Keon, which debuted one year ago, is used by about 100 customers in either pilot or production mode, Liberty says.

One customer, Eastern Corporate Federal Credit Union, which provides financial services to roughly 175 credit unions, has distributed hundreds of Keon digital certificates to customers. The main use of the certificates is to let credit union employees gain access to sensitive information at the www. Web site by proving their identity, says Chris Smith, president of computer information systems at the Woburn, Mass., company.

Certificates are widely considered to be better proof of identity than a re-usable password.

EasCorp., as it's known, spends about $50 per user on the Keon certificate system, and plans to use its system for transferring funds in the future as well as providing secure Web access, Smith says. Using a one-time password sent through old-fashioned registered mail, users can then register online to download certificates from EasCorp.'s Keon server.

RSA says Keon 5.5 expands the options for certificate registration by letting users authenticate to an NT LAN.

"This allows customers to take advantage of existing authentication environments," Liberty says.

Once authentication is completed, the Keon 5.5 server could automate the download of the digital certificate to the user.

RSA says it makes sure a single certificate will work with various applications, such as secure e-mail. This week, RSA adds Web access and control products from Netegrity Inc., EnCommerce Inc., Internet Dynamics and Securant Technologies Inc. to its list of Keon-certified applications.

Keon 5.5 can cost as little as $1 per user or as much as $200 per user, depending on number of users, with 500 users being the breaking point where prices drop substantially. Special starter packages of 100-user licenses are available for $5,000.