From: Dave Banisar <cpsr@access.digex.net>
Date: Thu, 14 Apr 94 07:44:18 PDT
To: Cypherpunks@toad.com
Subject: Press Release on Secure NCSA Mosiac
Message-ID: <9404141045.AA01426@Hacker2.cpsr.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Secure NCSA Mosaic establishes  necessary framework for electronic commerce 
onthe Internet PALO ALTO, CALIF. (APRIL 12) BUSINESS WIRE - April 12, 1994--
Enterprise Integration Technologies (EIT), the National Center for 
Supercomputing Applications (NCSA) at the University of Illinois and RSA Data 
Security Tuesday announced agreements to jointly develop and distribute a 
secure version of NCSA Mosaic, the popular point-and-click interface that 
enables easy access to thousands of multimedia information services on the 
Internet. 

The announcement was made in conjunction with the launch of CommerceNet, a 
large-scale market trial of electronic commerce on the Internet.  Under the 
agreements, EIT will integrate its Secure-HTTP software with public key 
cryptography from RSA into NCSA Mosaic Clients and World Wide Web (WWW) 
servers.  WWW is a general-purpose architecture for information retrieval 
comprised of thousands of computers and servers that is available to anyone 
on Internet.  The enhancements will then be made available to NCSA for 
widespread public distribution and commercial licensing. 

Jay M. Tenenbaum, chief executive officer of EIT, believes secure NCSA Mosaic 
will help unleash the commercial potential of the Internet by enabling buyers 
and sellers to meet spontaneously and transact business. 

"While NCSA Mosaic makes it possible to browse multimedia catalogs, view 
product videos, and fill out order forms, there is currently no commercially 
safe way to consummate a sale," said Tenenbaum.  "With public key 
cryptography, however, one can authenticate the identity of trading partners 
so that access to sensitive information can be properly accounted for." 

This secure version of NCSA Mosaic allows users to affix digital signatures 
which cannot be repudiated and time stamps to contracts so that they become 
legally binding and auditable.  In addition, sensitive information such as 
credit card numbers and bid amounts can be securely exchanged under 
encryption.  Together, these capabilities provide the foundation for a broad 
range of financial services, including the network equivalents of credit and 
debit cards, letters of credit and checks.  In short, such secure WWW 
software enables all users to safely transact day-to-day business involving 
even their most valuable information on the Internet. 

According to Joseph Hardin, director of the NCSA group that developed NCSA 
Mosaic, over 50,000 copies of the interface software are being downloaded 
monthly from NCSA's public server - with over 300,000 copies to date. 
Moreover, five companies have signed license agreements with NCSA and 
announced plans to release commercial products based on NCSA Mosaic. 

"This large and rapidly growing installed base represents a vast, untapped 
marketplace," said Hardin.  "The availability of a secure version of NCSA 
Mosaic establishes a valid framework for companies to immediately begin large-
scale commerce on the Internet." 

Jim Bidzos, president of RSA, sees the agreement as the beginning of a new 
era in electronic commerce, where companies routinely transact business over 
public networks. 

"RSA is proud to provide the enabling public key software technology and will 
make it available on a royalty-free basis for inclusion in NCSA's public 
distribution of NCSA Mosaic,"  said Bidzos.  "RSA and EIT will work together 
to develop attractive licensing programs for commercial use of public key 
technology in WWW servers." 

At the CommerceNet launch, Allan M. Schiffman, chief technical officer of 
EIT, demonstrated a working prototype of secure NCSA Mosaic, along with a 
companion product that provides for a secure WWW server. The prototype was 
implemented using RSA's TIPEM toolkit. 

"In integrating public key cryptography into NCSA Mosaic, we took great pains 
to hide the intricacies and preserve the simplicity and intuitive nature of 
NCSA Mosaic," explained Schiffman. 

Any user that is familiar with NCSA Mosaic should be able to understand and 
use the software's new security features.  Immediately to the left of NCSA's 
familiar spinning globe icon, a second icon has been inserted that is 
designed to resemble a piece of yellow paper. When a document is signed, a 
red seal appears at the bottom of the paper, which the user can click on to 
see the public key certificates of the signer and issuing agencies.  When an 
arriving document is encrypted, the paper folds into a closed envelope, 
signifying that its formation is hidden from prying eyes.  When the user 
fills out a form containing sensitive information, there is a "secure send" 
button that will encrypt it prior to transmission. 

To effectively employ public-key cryptography, an infrastructure must be 
created to certify and standardize the usage of public key certificates. 
CommerceNet will certify public keys on behalf of member companies, and will 
also authorize third parties such as banks, public agencies and industry 
consortia to issue keys.  Such keys will often serve as credentials, for 
example, identifying someone as a customer of a bank, with a guaranteed 
credit line. 

Significantly, all of the transactions involved in doing routine purchases 
from a catalog can be accomplished without requiring buyers to obtain public 
keys.  Using only the server's public key, the buyer can authenticate the 
identity of the seller, and transmit credit card information securely by 
encrypting it under the seller's public key. Because there are fewer servers 
than clients, public key administration issues are greatly simplified. 

To successfully combine simplicity of operation and key administration 
functions with a high level of security that can be accessible to even non-
sophisticated users, significant changes were necessary for existing WWW 
security protocols.  EIT developed a new protocol called Secure-HTTP for 
dealing with a full range of modern cryptographic algorithms and systems in 
the Web. 

Secure-HTTP enables incorporation of a variety of cryptographic standards, 
including, but not limited to, RSA's PKCS-7, and Internet Privacy Enhanced 
Mail (PEM), and supports maximal interoperation between clients and servers 
using different cryptographic algorithms. Cryptosystem and signature system 
interoperation is particularly useful between U.S. residents and non-U.S. 
residents, where the non-U.S. residents may have to use weaker 40-bit keys in 
conjunction with RSA's RC2 and RC4 variable keysize ciphers.  EIT intends to 
publish Secure-HTTP as an Internet standard, and work with others in the WWW 
community to create a standard that will encourage using the Web for a wide 
variety of commercial transactions. 

EIT will make Secure NCSA Mosaic software available at no charge to 
CommerceNet members in September and NCSA will incorporate these secure 
features in future NCSA Mosaic releases. 

Enterprise Integration Technologies Corp., of Palo Alto, (EIT), is an R&D and 
consulting organization, developing software and services that help companies 
do business on the Internet.  EIT is also project manager of CommerceNet. 

The National Center for Supercomputing Applications (NCSA), developer of the 
Mosaic hypermedia browser based at the University of Illinois in Champaign, 
Ill., is pursuing a wide variety of software projects aimed at making the 
Internet more useful and easier to use. 

RSA Data Security Inc., Redwood City, Calif., invented Public Key 
Cryptography and performs basic research and development in the cryptographic 
sciences. RSA markets software that facilitates the integration of their 
technology into applications. 

Information on Secure NCSA Mosaic can be obtained by sending e-mail to shttp-
infoeit.com. 

--30--pc/sf  

CONTACT:  Hamilton Communications 
    Nancy Teater, 415/321-0252 

KEYWORD:  CALIFORNIA ILLINOIS INDUSTRY KEYWORD:  COMPUTERS/ELECTRONICS COMED 
Z REPEATS: New York 212-575-8822 or 800-221-2462; Boston 617-330-5311 or 800-
225-2030; SF 415-986-4422 or 800-227-0845; LA 310-820-9473    



Transmitted:  94-04-12 12:08:00 EDT