SSH boosts e-commerce security

SSH Communications Security Corp. next month plans to release its Tectia product suite for securing access to proprietary e-commerce applications by making use of the Internet Engineering Task Force (IETF) standard Secure Shell Protocol instead of the Web-based encryption standard Secure Sockets Layer (SSL).

Tectia’s server-based software will use SSH to authenticate and encrypt customer relationship management (CRM) and enterprise resource planning (ERP) systems. It is expected to provide single sign-on support to multiple back-end applications after the user, who must have the SSH Tectia desktop client software, has authenticated once via password or stronger authentication, such as smart cards or encryption-based hardware tokens.

“SSL requires the applications to be fully Web-enabled. This doesn’t,” says SSH Communications’ Chief Executive Officer George Adams, noting the Tectia software will start at US$15,000. “We are taking the underlying Secure Shell Protocol so it can be this mechanism for hundreds of thousands of user systems, while also enforcing security policy for them via the Tectia manager.”

Until now, system administrators more often have used the SSH protocol as freeware or commercial software to securely access remote systems. SSH Communications says Tectia will broaden the use of SSH so it can provide end-to-end security in business applications without having to alter them for Web-based access.

The Tectia Management Server, which runs on any midrange Intel-compatible or Sun Sparc computer, gathers logs on authentication and application access to the Tectia servers. The manager station also can configure the servers and set group policies.

As an option, SSH Communications is providing server-based software that can check the validity of public-key infrastructure digital certificates in business environments that want to rely on multi-vendor certificates as the means for proving identity.

In the area of SSH commercial software, SSH Communications competes with F-Secure and VanDyke Software Inc.