TriStrata to enhance its PKI alternative

TriStrata Inc. this week will release a major enhancement to its suite of security software for securing digital transactions. The company is positioning this enhancement as an alternative to public-key infrastructure.

PKI is an increasingly popular security solution that combines digital certificates, digital signatures, encryption and other technologies to protect transactions through the Internet. TriStrata's Secure Information Management System pulls together a similar group of technologies but takes a slightly different approach to managing transactions. That approach increases efficiency and, with the new release, allows a far larger number of users, according to the company.

Several agencies are evaluating their internal needs in response to the technology, said Ken Mendelson, director of government markets and policy at Redwood Shores, Calif.-based TriStrata. The company views the government as a promising market because of agencies' "need to maintain centralized management and control of access" to its computers, he said. TriStrata plans to get a General Services Administration schedule in the next few months.

In PKI, "certificate authorities" verify the identities of the parties involved in a transaction by issuing digital certificates, or electronic credentials. Certificates are stored in online digital directories, which must be constantly updated and checked. And PKI components are distributed, so certificate verification against the appropriate directories takes time.

TriStrata employs what is called "symmetric key" solution, in which the same key is used to encrypt and decrypt the message, adding to the processing speed. Rather than have a certificate authority issue digital certificates and directories to access them, TriStrata uses a centralized, dedicated security server to check the access rights of the individual before allowing the transaction to proceed. The server is not a bottleneck, Mendelson said. Authentication is a 500-byte message—"one packet up and one back," he said.

PKI solutions are more difficult to manage, scale and deploy, said Paul Wahl, president and chief executive officer at TriStrata. Public-key architectures issue "drivers' licenses" to computer users, and PKI systems check those "licenses" for expiration, he said. "We check if you're allowed to drive every time you start the car." The new TriStrata release, the company claims, revokes permissions and denies access in real time and can handle 1 million users per server, compared with 250,000 users in the preceding release. TriStrata Extended Enterprise Security Servers come in pairs, one of which serves as a hot backup and provides fault tolerance and high availability. Each server can process up to 2,000 transactions per second, which is faster than other solutions, according to the company.

The product is "interesting, significant and different from anything I've looked at," said Dorothy Denning, a Georgetown University professor and security expert. The federal market, like any large business enterprise, clearly cares about having a "comprehensive security solution," she said.

Among the features she cited is speed. "You get a speed difference by doing it all with symmetric key," Denning said. And because the system does not require PKI components such as certificate authorities and certificate revocation lists, there "may be a little less of an administrative burden." Symmetric encryption algorithms "can do crypto an order of magnitude faster than PKI systems," Mendelson said.

TriStrata also offers a choice of six encryption algorithms, including stalwarts such as DES, Triple DES and RC4, and integration with e-mail and communications packages such as Microsoft Exchange, Microsoft Outlook and Lotus Notes. The company's solution also works with virtual private network technology.

The company envisions the product's use for e-mail applications, as well as back-office enterprise resource planning and supply chain applications. It has applied for certification with SAP America Inc. but has not received it yet, Wahl said.

The Secure Information Management System is available from TriStrata and through partners, including PricewaterhouseCoopers and Inacom Corp.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.