RealTime IT News

RSA Encryption Algorithm Paroled

RSA Security Inc. Wednesday strayed from conformity by offering its watershed encryption algorithm to the public two weeks before the 17-year-old safe-guarding patent was due to expire.

The RSA public key encryption algorithm -- that's "c = me mod n" to the mathematically inclined -- is considered the standard for encryption and the core technology that secures the vast majority of the e-business on the Net.

The U.S. patent for said algorithm, No. 4,405,829 "Cryptographic Communications System And Method," was issued to the Massachusetts Institute of Technology on Sept. 20, 1983, licensed exclusively to RSA Security and was set to expire Sept. 20.

In a move akin to today's open source offerings of Linux by Red Hat Inc. and others of its ilk, this of an encryption algorithm will allow rivals to incorporate the algorithm into its own products.

Art Coviello, chief executive officer of RSA Security, told InternetNews.com Wednesday that the release is less altruistic than it really seems: it's part of the firm's strategy for expansion.

"Releasing the RSA algorithm into the public domain now is a symbolic next step in the evolution of this market, as we believe it will cement the position of RSA encryption as the standard in all categories of wired and wireless applications and devices," Coviello said.

Coviello said lifting the veil on the algorithm couldn't have been more timely because the latest version of its RSA BSAFE® Crypto-C security software, which utilizes innovative MultiPrime™ was released Wednesday, making encryption performance faster by 500 percent -- something rivals cannot stay on par with just yet.

"We really want this to be the de facto standard of technology," Coviello said.

The firm has made a number of enhancements to the algorithm to accommodate a wide range of software applications, operating systems and chip designs. Since the start of 2000 alone, about 200 firms have turned to RSA for its encryption technology.

Andrew Morbitzer, vice president of marketing for rival security firm Baltimore Technologies, couldn't agree more that RSA was thinking of itself with the move.

In fact, Morbitzer said the top dog of security intended the move to serve as a stalemate to Baltimore's upcoming release of encryption toolkits -- for free.

Morbitzer called RSA's move a calculated, "pathetic and cynical" ploy to squeeze the last bit of what he deemed a monopolization by the innovative security firm.

"When you look at their business practices -- they're unscrupulous," Morbitzer said. "When a company wants to license RSA's encryption library, they have to sit down with them and go over deals file by file. What they charge as a flat fee depends on the size of the company. But they also demand a certain amount of revenue based on what that company charges. You basically give your business to them."

Morbitzer noted that the algorithm was only patented in the U.S. and that Baltimore has been able to successfully capitalize on the encryption toolkits overseas where the patent does not apply.

"We observe open standards at Baltimore," he continued. "We are diametrically opposed to what they do. We are offering a single solution -- RSA offered two versions of the same application that had to be used together."

Morbitzer said RSA rules are so stringent for some of Baltimore's clients, that they sometimes not to choose to use RSA's encryption libraries.

Scott Schmell, vice president of marketing for RSA, told InternetNews.com Thursday that neither he nor anyone else at RSA planned any such public relations scoop as far as he knew: the announcement of the patent parole days before Baltimore's announcement of new, free toolkit