One of them, RSA Security, hopes to change the technology's fortunes when it unveils next week new software that attempts to remove two of the major barriers to public-key infrastructure deployment: application integration and end-user invisibility.
RSA's Keon Web Passport builds on a concept VeriSign introduced last year under the name Personal Trust Agent, according to company officials. PTA and, now, Web Passport employ a small, downloadable module to bridge applications to PKI certificates without having to build PKI support into the application itself. The Keon product, a 700KB plug-in, will support most major applications, including messaging programs that use Secure Multipurpose Internet Mail Extension, all Web browsers and secure forms as well.
But Web Passport goes further, RSA officials claim, as it automates the certificate enrollment process. When a user visits a Keon-enabled Web site but lacks a certificate, Keon issues the plug-in and then retrieves a certificate (which could be from any of the major certificate authorities). The user is then enrolled based on information stored in a Lightweight Directory Access Protocol directory. Bottom line: The end client doesn't have to do anything but accept the plug-in download to start using PKI.
Since Keon works with any application and any certificate and takes the end user out of the enrollment process, the hope is that the software will make PKI at once less visible and more widely accepted.
So far, the key applications for PKI have been single-sign-on and virtual private network authentication. But most vendors, over the long term, envision a world where PKI is used in everyday external, Web-based transactions.
In the short term, however, RSA officials understand users will start with smaller, probably internal deployments and gradually give certificates to customers and partners over the Web.
Electronic Data Systems is starting with single sign-on. Gavin Grounds, director of information assurance services at the Plano, Texas, company, believes PKI is on the cusp of legitimisation. "PKI has for a long time been stuck in that paradoxâ€"we want something immensely secure and immensely simple," Grounds says. "I think we are just now finally starting to get there."
Chris Smith, director of IT at Eastern Federal Credit Union, has used PKI since 1997 but believes it's on the verge of a breakthrough. "It hasn't been without challenges," says Smith, who uses PKI for authenticating his own users. "Even with a very narrow implementation and with mainstream applications, we had to plug holes we shouldn't have. Software like Keon could really open up what we do with PKI."
But it's no guarantee, as security analyst Steve Gibson points out.
"The problem to date has been it's just not transparent enough," says Gibson, who runs Gibson Research. "While this could help, I don't think anything will get truly better until the operating system gets much tighter integration with PKI."
RSA is beta testing Keon Web Passport, which won't ship until the first quarter of next year.
