The RSA BSafe/Micro Edition for built-in Secure Sockets Layer (SSL) and virtual private network support will be embedded in Palm OS 5, which should be in the hands of developers by the end of the summer, according to Bill Gulino, group manager for enterprise marketing at PalmSource, a software subsidiary of Palm.
RSA's plan, announced here at RSA Conference 2002, is to make Palm-based Internet applications easier to develop by offering hooks directly into the operating system, said Gulino.
Until now, both the Palm 7 and i7.05 have relied upon a closed-end proprietary Certicom network, which has been able to provide strong cryptography with an easy development platform through Certicom's Mobile Internet Kit Toolkit.
But the rest of the cyberworld isn't proprietary; it's based on open standards - and all Web browsers use RSA as an open standard. That means that until Palm adopted an RSA application programming interface (API), Palm devices could not connect to the Internet without a Certicom-to-RSA translation.
Prakash Panjwani, business development vice-president at California-based Certicom, said he is not worried that RSA could be a threat to his company's market share. Too many people are already using Certicom's tools in Palm 7s, he said, making it impractical for them to switch to a new form of cryptography anytime soon.
"The cost of taking our products out and replacing them with new ones that tie directly into the operating system API is not worth it," he said.
Under the new agreement with RSA, Palm is simply trying to better position its devices for secure online transactions and data sharing, Gulino said.
Developers also said the RSA announcement does not mean a war between the top two Palm development tools. Developers can still use Certicom encryption if the client application does not need a Web browser - such as for a warehouse inventory application. Internet Security Systems in Atlanta, for example, uses Certicom to encrypt the local flow of data from its intrusion-detection agents to the management server.
But an e-commerce application provider, by contrast, would probably use RSA because it is the de facto Internet SSL browser standard.
"Some may choose the path of least resistance and develop with RSA products," said Bill Lattin, founder Cylink, an early wide-area network security provider, and now a principal consultant for security consulting firm TTFN Associates in California. "The bottom line is this [RSA announcement] really doesn't change anything. Development will still be open and developers will choose what they need for their specific applications."