RSA Security has introduced the company's first security product
for Palm handheld devices.
The RSA BSafe/Micro Edition for built-in Secure Sockets Layer (SSL)
and virtual private network support will be embedded in Palm OS 5,
which should be in the hands of developers by the end of the
summer, according to Bill Gulino, group manager for enterprise
marketing at PalmSource, a software subsidiary of Palm.
RSA's plan, announced here at RSA Conference 2002, is to make
Palm-based Internet applications easier to develop by offering
hooks directly into the operating system, said Gulino.
Until now, both the Palm 7 and i7.05 have relied upon a closed-end
proprietary Certicom network, which has been able to provide strong
cryptography with an easy development platform through Certicom's
Mobile Internet Kit Toolkit.
But the rest of the cyberworld isn't proprietary; it's based on
open standards - and all Web browsers use RSA as an open standard.
That means that until Palm adopted an RSA application programming
interface (API), Palm devices could not connect to the Internet
without a Certicom-to-RSA translation.
Prakash Panjwani, business development vice-president at
California-based Certicom, said he is not worried that RSA could be
a threat to his company's market share. Too many people are already
using Certicom's tools in Palm 7s, he said, making it impractical
for them to switch to a new form of cryptography anytime soon.
"The cost of taking our products out and replacing them with new
ones that tie directly into the operating system API is not worth
it," he said.
Under the new agreement with RSA, Palm is simply trying to better
position its devices for secure online transactions and data
sharing, Gulino said.
Developers also said the RSA announcement does not mean a war
between the top two Palm development tools. Developers can still
use Certicom encryption if the client application does not need a
Web browser - such as for a warehouse inventory application.
Internet Security Systems in Atlanta, for example, uses Certicom to
encrypt the local flow of data from its intrusion-detection agents
to the management server.
But an e-commerce application provider, by contrast, would probably
use RSA because it is the de facto Internet SSL browser standard.
"Some may choose the path of least resistance and develop with RSA
products," said Bill Lattin, founder Cylink, an early wide-area
network security provider, and now a principal consultant for
security consulting firm TTFN Associates in California. "The bottom
line is this [RSA announcement] really doesn't change anything.
Development will still be open and developers will choose what they
need for their specific applications."