Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers Request free information on products written about or advertised in BYTE Submit a press release, or scan recent announcements Talk with BYTE's staff and readers about products and technologies

ArticlesCorporations Eye Private Security Schemes

August 1995 / News & Views / Corporations Eye Private Security Schemes
Peter Wayner

Over two years ago, the U.S. Government raised the passions of many computer users when it offered encryption chips named "Clipper" that left a back door open for surveillance. Any law enforcement employee with a warrant could tap into a central database of "escrowed" keys and decrypt the data encrypted with this chip. The Clipper chip never found much of a market beyond the U.S. Government, because of its cost and its aura of Big Brother, but the notion of escrowing keys with a third party lives on. Several influential companies are investigating providing private backups of keys to corporations and users.

The distinction between giving the government copies of the keys and storing them with a private data backup agency may seem small to individ uals, but it can make a crucial difference for corporations. Many businesses face the problem of recovering encrypted files when employees with the keys leave the company, retire, go on vacation, call in sick, or disappear.

Several companies both large and small are testing the market for providing software that escrows keys automatically for businesses. Trusted Information Systems (Glenwood, MD), a security software company that first started investigating software-based escrow systems over a year ago, is one such company (see "Software-Key Escrow Emerges," October 1994 BYTE). They're also currently working with National Semiconductor, which is exploring providing special smartcards. Motorola recently announced plans to build escrowing features into its encryption products. RSA Data Security (Redwood City, CA), one of the pioneers in the field, offers an intriguing feature in its software for the Windows PC and the Macintosh. The escrow back door can be turned off easily.

The escrow systems enc rypt files by using standard algorithms, but they finish by appending a copy of the encryption key that can be used to read the hidden data. This key is encrypted with a different key, which is usually the escrow service's public key. Now, only people with the corresponding secret key that matches the public key can unlock the appended key and get at the contents of the main file.

Someone within the company, such as the general counsel or the MIS manager, may hold the secret key. Another option is to have an external service bureau hold a copy of the key. Many software companies may vie for this job, but they may have some unexpected competitors. Bankers Trust will likely enter the market and trade on the corporate culture of privacy and security that it developed in the banking business.

It is not clear how external service bureaus will guarantee their work. Stewart Baker, a former general counsel of the National Security Agency (Ft. Meade, MD), predicts that escrow companies may offer bonds in the same way that locksmiths guarantee their fidelity. One of the biggest problems may be estimating the value of the keys, because information can have such a protean nature.

Up to the News & Views section contentsGo to previous article: Jeeves Comes to Visual BasicGo to next article: Whatever Happened To...SearchSend a comment on this articleSubscribe to BYTE or BYTE on CD-ROM  
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network