IP: Microsoft Releases Beta Version of CryptoAPI 2.0

[Dave Farber <farber () central cis upenn edu>]

I am sorry for the bad formatting. It is how I got it


From: Mahesh Prakriya <maheshp () microsoft com>
To: "'farber () cis upenn edu'" <farber () central cis upenn edu>
Subject: FW: Microsoft Releases Beta Version of CryptoAPI 2.0
Date: Tue, 10 Sep 1996 15:20:03 -0700
Encoding: 296 TEXT


FYI. Its OK to forward this message to your interesting people list.


Mahesh


> ----------
> From:  Dawn Zeh
> Sent:  Tuesday, September 10, 1996 11:37 AM
> To:    IPTD News
> Subject:       Microsoft Releases Beta Version of CryptoAPI 2.0
>
> News from your Library
>
> Abstract:  Envisioning a new category of secure Internet applications,
> Microsoft today announced cross-platform technology that allows millions of
> developers to add strong
> security to existing and future software programs. CryptoAPI version 2.0,
> which
> Microsoft is making available in beta today
> (http://www.microsoft.com/intdev/security/), provides the underlying
> technology necessary to add security
> features to applications, such as the ability to digitally sign a document
> and send it over the Internet or verify an individual's identity in an
> exchange of personal, financial or medical information.  CryptoAPI 2.0
> creates the foundation for a public key infrastructure (PKI), which will
> provide end users with a highly secure environment for communicating and
> conducting business over the Internet.
>
>                               *****************
> Microsoft Releases Beta Version of CryptoAPI 2.0
>
>  Provides Millions of Developers With Foundation for Highly Secure Internet
> Applications
>
>  REDMOND, Wash., Sept. 10 /PRNewswire/ -- Envisioning a new category of
> secure
> Internet applications, Microsoft Corp. (Nasdaq: MSFT) today announced
> cross-platform technology that allows millions of developers to add strong
> security to existing and future software programs. CryptoAPI version 2.0,
> which
> Microsoft is making available in beta today (http://www.microsoft.com
> /intdev/security/), provides the underlying technology necessary to add
> security
> features to applications, such as the ability to digitally sign a document
> and
> send it over the Internet or verify an individual's identity in an exchange
> of
> personal, financial or medical information.  CryptoAPI 2.0 creates the
> foundation for a public key infrastructure (PKI), which will provide end
> users
> with a highly secure environment for communicating and conducting business
> over
> the Internet.
>
>  Until now, adding cryptographic capabilities to software was extremely
> difficult for most developers.  Each vendor of a cryptographic solution
> required
> software developers to write specific code to take advantage of that vendor's
> service.  In addition, applications that needed to be used outside the United
> States required significant revision to comply with export regulations. The
> challenge developers face in providing different types of cryptography in
> software programs is analogous to the difficulty software developers had in
> supporting printers from different manufacturers before the Microsoft(R)
> Windows(R) operating system provided a common way to recognize printers.
>
>  CryptoAPI 2.0 provides cross-platform, operating-system-level support for
> cryptography in the same way that today's operating systems provide device
> drivers for printers.  As a result, developers can easily use a variety of
> cryptographic solutions -- from exportable, 40-bit software encryption to
> extremely strong, 1,024-bit hardware encryption -- without rewriting their
> applications.  CryptoAPI 2.0 also frees developers from the need to develop
> their own cryptography, providing built-in, replaceable cryptographic
> modules.
>
>  CryptoAPI 2.0 is available to developers using a variety of programming
> languages, including the Visual Basic(R) programming system, the Visual
> C++(R)
> development system set, and Java(TM).  In addition to traditional programming
> interfaces, the cryptographic features are being delivered as a set of COM
> interfaces, providing developers with maximum flexibility in how they build
> cryptography-enabled applications.
>
>  CryptoAPI 2.0 provides the following key benefits:
>
>  -- It eliminates the need for application developers to create their own
> cryptography by providing an interface to third-party cryptographic service
> provider (CSP) modules that deliver cryptographic technology from specific
> vendors.
>
>  -- CryptoAPI's modular design allows developers to work with a full range
> of
> CSPs that provide either software- or hardware-based cryptography, such as
> software algorithms or smart cards.
>
>  -- Replaceable cryptographic modules let developers create applications for
> worldwide use without having to worry about encryption export issues.
> Replaceable cryptographic modules also enable developers to easily upgrade
> cryptographic technology as it becomes available without having to modify
> their
> applications.
>
>  -- CryptoAPI frees developers from the financial obligation of licensing
> cryptographic technologies directly from CSP vendors.
>
>  At Microsoft's Security Design Review today, which is being attended by
> more
> than 150 independent software vendors, Microsoft will demonstrate beta
> versions
> of CSP modules from BBN Corp., Cylink and Spyrus, in addition to the
> Microsoft
> CSP module, which is based on technology from RSA Data Security.
>
>  "CryptoAPI makes it easy for developers to create applications with the
> world's most widely used encryption technology from RSA," said Jim Bidzos,
> president of RSA.  "The availability of exportable and upgradeable
> cryptography
> provides developers with security functions that are effective throughout the
> world."
>
>  CryptoAPI 2.0 Technical Details
>
>  CryptoAPI 2.0 adds high-level interfaces to the Windows family of operating
> systems for common cryptographic operations such as authentication, signing
> and
> encryption/decryption services.  These cryptography operations make it easier
> for developers to do the following:
>
>  -- Encrypt and decrypt messages, files, programs, passwords, forms,
> credit-card numbers or any other data either residing locally on a PC or
> being
> transmitted over a network, including the Internet
>
>  -- Create and manage public and private keys for public key-based
> encryption
>
>  -- Create and manage digital certificates  Digitally sign a message or data
> to
> ensure that a recipient knows the identity of its creator and that the data
> hasn't been tampered with or altered
>
>  "People need to know whom they're doing business with on the Internet,"
> said
> Stratton Sclavos, president and CEO of VeriSign Inc. "CryptoAPI 2.0 lets
> developers easily create applications that can recognize industry-standard
> identification methods, such as VeriSign's Digital IDs.  We're excited to be
> working with Microsoft and other companies to create a cross-platform public
> key
> infrastructure that allows the Internet to be a secure channel for conducting
> business."
>
>  Microsoft expects CryptoAPI 2.0 to be available on several platforms.  On
> Aug.
> 21, Microsoft announced it is licensing CryptoAPI to RSA Data Security,
> including the rights to incorporate CryptoAPI into RSA's BSAFE and other
> security toolkit products, to port CryptoAPI to new platforms, and to build
> on
> Microsoft's base set of cryptography services.  CryptoAPI 1.0 is now shipping
> in
> Microsoft Internet Explorer 3.0 and the Windows NT(R) operating system
> version
> 4.0.  Microsoft also expects that the functionality of CryptoAPI calling
> RSA's
> cryptographic engine will be shipped for Macintosh and 16-bit versions of
> Windows operating systems in early 1997.
>
>  CryptoAPI Accessible to Developers for Visual Basic and Java
>
>  Microsoft also announced today that CryptoAPI 2.0 is available to millions
> of
> developers using Visual Basic and Java, making it easier to add cryptography
> and
> certificate functionality to their applications. A set of COM interfaces
> encapsulating CryptoAPI's certificate and cryptographic functionality is now
> available on Microsoft's Web site.
>
>  "Providing CryptoAPI as COM interfaces enables the millions of developers
> using tools such as Visual Basic to incorporate cryptography and certificate
> features easily into our applications," said David Mendlen, an architect for
> Ameritech Cellular who uses Visual Basic. "Building exportable applications
> with
> flexible and renewable security lets us provide added value to all of our
> customers without having to rewrite applications for foreign markets."
>
>  "Microsoft is demonstrating its commitment to helping all developers,
> including those using Visual Basic and Java to create secure applications for
> a
> global market," said Brad Silverberg, senior vice president of the Internet
> platform and tools division at Microsoft.  "By providing companies and
> developers with easy access to cryptography, CryptoAPI 2.0 will accelerate
> the
> development of a cost-effective public key infrastructure, giving end users a
> richer and safer computing experience."
>
>  Support From Major Cryptographic Service Providers
>
>  In addition to the bundled CSP based on RSA technology for CryptoAPI 1.0
> and
> CryptoAPI 2.0 beta version provided by Microsoft, six additional corporations
> announced they will provide CSP modules for CryptoAPI.  Atalla (a Tandem
> company), Northern Telecom Inc. (Nortel Secure Networks) and Trusted
> Information
> Systems have committed to provide CSP modules in the future, and at the
> Security
> Design Review, Microsoft is demonstrating beta versions of CSP from BBN
> Corp.,
> Cylink and Spyrus.
>
>  The BBN CSP module supports hardware-based cryptographic key generation and
> storage using BBN's SafeKeyper certificate signing unit.  BBN is a leading
> provider of Internet and internetworking services to businesses and
> organizations.
>
>  Cylink's CSP provides developers with a wide variety of public key
> cryptography services including Diffie-Hellman key management, DES
> encryption,
> DSS digital signatures and standards-based document hashing.  Cylink is a
> leading provider of network security and management systems.
>
>  The Spyrus CSP supports their EES LYNKS Privacy Card, a tamper-resistant
> PCMCIA card that implements multiple U.S. government and commercial
> algorithms
> for key transport, key wrap, hash and digital signature.  In addition, for
> government organizations, Spyrus will ship a CSP that works with Fortezza-
> compliant PCMCIA cards.  Spyrus is a leading provider of information security
> technology, addressing a wide range of security requirements in commercial
> and
> government organizations.
>
>  About Microsoft Internet Security Framework
>
>  The Microsoft Internet Security Framework (MISF) is a comprehensive set of
> cross-platform, interoperable security technologies for electronic commerce
> and
> online communications that support Internet security standards.  MISF
> technologies implemented to date include Authenticode technology, CryptoAPI
> 1.0
> and CryptoAPI 2.0 (beta version), support for client authentication, support
> for
> secure socket layer (SSL) and private communications technology (PCT) secure
> channel protocols, and a beta implementation of the Secure Electronic
> Transactions (SET) protocol for credit-card transactions.  Upcoming MISF
> technologies include a certificate server (demonstrated at the design
> review),
> PFX 1.0 (alpha version demonstrated at design review), and a "wallet."
>
>  In addition, MISF technologies allow corporations to make use of their
> existing investments in network security by integrating with the robust
> Windows
> NT security model.  Windows NT provides mechanisms to control access to all
> system and network resources, the auditing of all security-related events,
> sophisticated password protection, and the ability to lock out intruders. 
> Windows NT also provides a single logon for users and centralmanagement of
> user
> accounts for administrators. For more information on the Microsoft Internet
> Security Framework, visit http://www.microsoft.com/intdev/security/.
>
>  About Microsoft
>
>  Founded in 1975, Microsoft is the worldwide leader in software for personal
> computers.  The company offers a wide range of products and services for
> business and personal use, each designed with the mission of making it easier
> and more enjoyable for people to take advantage of the full power of personal
> computing every day.
>
>  NOTE:  Microsoft, Windows, Visual Basic, Visual C++ and Windows NT are
> either
> registered trademarks or trademarks of Microsoft Corp. in the United States
> and/or other countries.  Java is a trademark of Sun Microsystems Inc. 
>
>  /NOTE TO EDITORS:  If you are interested in viewing additional information
> on
> Microsoft please check out the Microsoft Web page at 
> http://microsoft.com/corpinfo/ on Microsoft's corporate information pages. 
>
>  /CONTACT:  Julie Hatchett of MacKenzie Kesselring, 801-359-1005, or 
> julieh () mkinc com/
> 09:02 EDT
>
> 7776 09/10/96 09:02 EDT HT
> :TICKER: MSFT
> :SUBJECT: SOFT NPRD WA
> Copyright (c) 1996 PR Newswire
> Received by NewsEDGE/LAN: 9/10/96 6:42 AM
>
> THE ABOVE MATERIAL IS COPYRIGHTED AND SHOULD NOT BE
> REPRODUCED OR DISTRIBUTED OUTSIDE OF MICROSOFT.