RealTime IT News

Zergo Breaks Into Security Standards

From Australia.internet.com

Australian-based encryption and security company Zergo Asia-Pacific announced that its public key infrastructure (PKI) products provisionally qualified for evaluation at the ITSEC E3 level.

ITSEC (Information Technology Security Evaluation Criteria) is a measure of how well a security product meets defined requirements. While it is currently a UK-based standard, ITSEC is gaining acceptance throughout Europe as a precursor international recognition. ITSEC's E3 level is considered most secure for commercial use, and is hence a coveted standard for which to qualify.

Four of Zergo Asia-Pacific's products that incorporate PKI technology are under evaluation: Zergo Tache and Tache Exchange, which use 128 bit triple DES security for e-mail systems; Zergo Secure Key, a PKI registration product; and Zergo Forms, an e-commerce security product. Secure Key when used in conjunction with Forms generates public keys and certificates required for encryption.

ITSEC's initial acceptance moves Zergo one step closer to being an internationally-recognised security product vendor. Once it has been granted E3 status, Zergo's PKI technology will be cleared for various Australian Government applications.

While Zergo's products are reported to be the first to proceed to this round of ITSEC's evaluation process, the company sad they are also the first in Australia to be accepted for appraisal by the Australasian Information Security Evaluation Program (AISEP).

According to Zergo Asia-Pacific's marketing manager Zoran Markovic, no other company has ever secured this simultaneous evaluation. The process is long and involves several organisations, but Zergo Asia-Pacific's CEO John Palfreyman believed this was necessary to establish products that can be relied upon to work.

"It's a bit like a lock," he said. "You can't really tell from the outside whether a lock is secure until you have a qualified person actually look at it from the inside and see exactly how it works."

Any talk of what world-first standard encryption could mean for Zergo will have to wait for the moment, as final approval by AISEP is not expected for three to six months.

Ultimately though, Markovic maintains that these standards give merchants and commercial customers that added peace of mind.

"In the end, the Government can say that Zergo has been approved for non-military security applications," he said.