All future Microsoft software is to usenCipher'shardware security modules (HSMs) and time stamping
technology to protect and authenticate it. Software developers who
use Microsoft system-building products will also find it in the
Microsoft Authenticode protocol.
"It is a big deal for us," said nCipher product manager Avia
Dadon, "but not the biggest. It is in the range of high six figures
to low seven figures, and we have many deals in the financial
services and government markets that are much bigger."
Dadon said non-traditional markets such as life sciences, retail
and independent services vendors (ISVs) are starting to drive the
market for encryption and authentication tools.
"The need for compliance is widespread," he said, "People need
to be able to authenticate the sender, for non-repudiation of the
message, and to assure the integrity of the message, all of which
can be done with encryption."
The nCipher technology allows systems developers to prove their
products' authenticity and to show that the software has not been
modified, potentially for malicious purposes.
"
Authenticode is a critical technology for helping to build
confidence and trust in computing," said David Cross, Microsoft's
director of program management for Windows security. "nCipher's
technology is a vital component and a critical part of the signing
process for Microsoft software."
nCipher's Time Stamp Server (TSS) allows developers to use
secure digital signatures and auditable time stamps when publishing
the software. It removes the traditional reliance on the host
computer's system clock, which is vulnerable to tampering, said an
nCipher spokesman.
The time-stamp is produced within the tamper-resistant boundary
of an embedded nCipher HSM and can be calibrated and synchronised
to independently provided calibration and audit services, such
those from the National Institute of
Standards & Technology.