Zergo Breaks Into Security Standards

From Australia.internet.com

Australian-based encryption and security company
Zergo Asia-Pacific announced that its public key
infrastructure (PKI) products provisionally qualified for evaluation at the
ITSEC E3 level.

ITSEC (Information Technology Security Evaluation Criteria) is a measure of
how well a security product meets defined requirements. While it is
currently a UK-based standard, ITSEC is gaining acceptance throughout
Europe as a precursor international recognition.
ITSEC’s E3 level is considered most secure for commercial use, and is hence
a coveted standard for which to qualify.

Four of Zergo Asia-Pacific’s products that incorporate PKI technology are
under evaluation: Zergo Tache and Tache Exchange, which use 128 bit triple
DES security for e-mail systems; Zergo Secure Key, a PKI registration
product; and Zergo Forms, an e-commerce security product.
Secure Key when used in conjunction with Forms generates public keys and
certificates required for encryption.

ITSEC’s initial acceptance moves Zergo one step closer to being an
internationally-recognised security product vendor. Once it has been
granted E3 status, Zergo’s PKI technology will be cleared for various
Australian Government applications.

While Zergo’s products are reported to be the first to proceed to this round of ITSEC’s
evaluation process, the company sad they are also the first in Australia to be accepted for
appraisal by the Australasian Information Security Evaluation Program
(AISEP).

According to Zergo Asia-Pacific’s marketing manager Zoran
Markovic, no other company has ever secured this simultaneous evaluation.
The process is long and involves several organisations, but Zergo
Asia-Pacific’s CEO John Palfreyman believed this was necessary to establish
products that can be relied upon to work.

“It’s a bit like a lock,” he said. “You can’t really tell from the outside
whether a lock is secure until you have a qualified person actually look at
it from the inside and see exactly how it works.”

Any talk of what world-first standard encryption could mean for Zergo will
have to wait for the moment, as final approval by AISEP is not expected for
three to six months.

Ultimately though, Markovic maintains that these standards give merchants
and commercial customers that added peace of mind.

“In the end, the
Government can say that Zergo has been approved for non-military security
applications,” he said.