Aiming to make Internet transactions over Palm's handheld devices more secure, RSA Security this week introduced the company's first security product for Palm.
The RSA BSafe/Micro Edition for built-in Secure Sockets Layer (SSL) and virtual private network support will be embedded in Palm OS 5, which should be in the hands of developers by the end of the summer, according to Bill Gulino, group manager for enterprise marketing at PalmSource Inc., a software subsidiary of Palm.
RSA's plan, announced here at RSA Conference 2002, is to make Palm-based Internet applications easier to develop by offering hooks directly into the operating system, said Gulino.
Until now, both the Palm 7 and i7.05 have relied upon a closed-end proprietary Certicom network, which has been able to provide strong cryptography with an easy development platform through Certicom's Mobile Internet Kit Toolkit.
But the rest of the cyberworld isn't proprietary; it's based on open standards -- and all Web browsers contain RSA as that open standard. That means that until Palm adopted an RSA application programming interface (API), Palm devices couldn't connect to the Internet without a Certicom-to-RSA translation.
Prakash Panjwani, business development vice president at Certicom, said he's not worried that RSA could be a threat to his company's market share. Too many people are already using Certicom's tools in Palm 7s, he said, making it impractical for them to switch to a new form of cryptography anytime soon.
"The cost of taking our products out and replacing them with new ones that tie directly into the operating system API is not worth it," he said.
Under the new agreement with RSA, Palm isn't bumping Certicom, said Gulino. Instead, Palm is simply trying to better position its devices for secure online transactions and data sharing.
Developers, too, said the RSA announcement doesn't mean a war between the top two Palm development tools. Developers can still use Certicom encryption if the client application doesn't need a Web browser -- such as for a warehouse inventory application. Internet Security Systems Inc. in Atlanta, for example, uses Certicom to encrypt the local flow of data from its intrusion-detection agents to the management server.
But an e-commerce application provider, by contrast, would probably use RSA because it is the de facto Internet SSL browser standard.
"Some may chose the path of least resistance and develop with RSA products," said Bill Lattin, founder of Cylink, an early wide-area network security provider, and now a principal consultant for security consulting firm TTFN Associates in Los Altos, Calif. "The bottom line is this [RSA announcement] really doesn't change anything. Development will still be open and developers will choose what they need for their specific applications."