TriStrata to enhance its PKI alternative

TriStrata Inc. this week will release a major enhancement to its suite of security software for securing digital transactions. The company is positioning this enhancement as an alternative to public-key infrastructure.

PKI is an increasingly popular security solution that combines digital certificates, digital signatures, encryption and other technologies to protect transactions through the Internet. TriStrata's Secure Information Management System pulls together a similar group of technologies but takes a slightly different approach to managing transactions. That approach increases efficiency and, with the new release, allows a far larger number of users, according to the company.

Several agencies are evaluating their internal needs in response to the technology, said Ken Mendelson, director of government markets and policy at Redwood Shores, Calif.-based TriStrata. The company views the government as a promising market because of agencies' "need to maintain centralized management and control of access" to its computers, he said. TriStrata plans to get a General Services Administration schedule in the next few months.

In PKI, "certificate authorities" verify the identities of the parties involved in a transaction by issuing digital certificates, or electronic credentials. Certificates are stored in online digital directories, which must be constantly updated and checked. And PKI components are distributed, so certificate verification against the appropriate directories takes time.

TriStrata employs what is called "symmetric key" solution, in which the same key is used to encrypt and decrypt the message, adding to the processing speed. Rather than have a certificate authority issue digital certificates and directories to access them, TriStrata uses a centralized, dedicated security server to check the access rights of the individual before allowing the transaction to proceed. The server is not a bottleneck, Mendelson said. Authentication is a 500-byte message—"one packet up and one back," he said.

PKI solutions are more difficult to manage, scale and deploy, said Paul Wahl, president and chief executive officer at TriStrata. Public-key architectures issue "drivers' licenses" to computer users, and PKI systems check those "licenses" for expiration, he said. "We check if you're allowed to drive every time you start the car." The new TriStrata release, the company claims, revokes permissions and denies access in real time and can handle 1 million users per server, compared with 250,000 users in the preceding release. TriStrata Extended Enterprise Security Servers come in pairs, one of which serves as a hot backup and provides fault tolerance and high availability. Each server can process up to 2,000 transactions per second, which is faster than other solutions, according to the company.

The product is "interesting, significant and different from anything I've looked at," said Dorothy Denning, a Georgetown University professor and security expert. The federal market, like any large business enterprise, clearly cares about having a "comprehensive security solution," she said.

Among the features she cited is speed. "You get a speed difference by doing it all with symmetric key," Denning said. And because the system does not require PKI components such as certificate authorities and certificate revocation lists, there "may be a little less of an administrative burden." Symmetric encryption algorithms "can do crypto an order of magnitude faster than PKI systems," Mendelson said.

TriStrata also offers a choice of six encryption algorithms, including stalwarts such as DES, Triple DES and RC4, and integration with e-mail and communications packages such as Microsoft Exchange, Microsoft Outlook and Lotus Notes. The company's solution also works with virtual private network technology.

The company envisions the product's use for e-mail applications, as well as back-office enterprise resource planning and supply chain applications. It has applied for certification with SAP America Inc. but has not received it yet, Wahl said.

The Secure Information Management System is available from TriStrata and through partners, including PricewaterhouseCoopers and Inacom Corp.