[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Entrust Software

To: cl-elec-exch@lists.glhec.org
Subject: RE: Entrust Software
From: dharris@cfi-nc.org
Date: Wed, 22 Apr 1998 13:44:09 -0400
Sender: owner-cl-elec-exch@lists.glhec.org

Everyone,

Sorry to take so long getting this distributed & out to the list but I was
out for two days & Greg Wheaton, from Entrust was out the following two
days so I'm just now getting all the pieces & parts pulled together to send
to you.  Greg will be sending out evaluation software to PHEAA, Great
Lakes, USA Group & Texas Gulf today or tomorrow.

Below you will find my original e-mail to Greg & his reponse back.   You
also might want to check out their web site.  The software seems
promising.....we shall see about the pricing!  As soon as I get more
information about price together I'll forward it to the list serve too.
---------------------- Forwarded by Dawn S Harris/College Foundation Inc on
04/22/98 01:34 PM ---------------------------


Greg Wheaton <greg.wheaton@entrust.com> on 04/22/98 11:47:06 AM

To:   Dawn S Harris/College Foundation Inc
cc:
Subject:  RE:




> Dawn Harris
> College Foundation Inc.
> 919.834-2893 X461
> dharris@cfi-nc.org
>
Hi Dawn,

     In response to your email inquiry it seems to me that you have
already done a fair bit of research on our product offerings. I would be
more than happy to fill in the gaps and give you the detail you require to
make an educated decision.
     Before getting into product specific information I would like to
give you a brief breakdown of our Public Key Infrastructure concepts and
how
it might differ from what some of our competitors might offer. We believe
that when you break down the components in a trusted security process, only
Entrust can satisfy all your needs.
     There is often a lot of confusion on the differences in what people
call a PKI. Most companies that say they sell a PKI really mean they offer
CA (Certificate Authority) Services. At Entrust we believe that the CA
service is a vital piece of the puzzle but there are many more.
In a CA only product and our Entrust product line we both offer:
*    Certificate Authority - The ability to issue digital certificates.
*    Certificate Repository - A centrally accessed area to retrieve user
certificates.
This is where the similarities end.
The Entrust PKI does so much more:
*    Revocation system - The ability to actively revoke users anytime
*    Key backup/ Recovery - Always needed with users loosing passwords or
corrupt machines
*     Support for Non-repudiation - End users cannot deny that they sent
any digitally signed data. (made possible by two-keypair technology)
*    Automatic Key update - Certificates have life spans, Entrust
automatically automates the update process to make it invisible to the end
user.
*    Management of Key histories - Keys that have been updated can still
be user to read & verify data from a previous certificate.
*    Cross certification - very important in your scenario, the ability
to cross certify CA's to created a shared Trust environment.
*    Time Stamping - Add validity to non-repudiation
*    Client Side PKI software - performs all crypto processes so the
Server is free for management only requests. End result is a very fast
crypto process.

I'm not trying to overload you with information in your first email and I'm
more than willing to discuss all these points with you at any time. Your
other questions I have answered in the rest of the body text below. Please
feel free to contact me anytime.

Greg Wheaton
Inside Sales Associate
Entrust Technologies
Phone : 613-247-3673 Fax: 613-248-3050
E-Mail: greg.wheaton@entrust.com
Web: http://www.entrust.com

Download Entrust Solo for your personal security solution
http://www.entrust.com/solo/solo_eval.htm

> Greg,
>
> As I indicated in our telephone conversation Thursday, I am researching
> various
> software alternatives for the CommonLine Electronic Exchange Subcommittee
> for use in encrypting electronic applications over the internet.
>
> The software should meet the following design requirements that have been
> developed by the committee which are:
>
>      1)   Files must be encrypted & then the message itself is to be
>           digitally signed.
>
>           --We had settled on the RSA algorithm with a 1024-bit key as
the
>           standard for both encryption and digital signatures.  This was
>           primarily because the RSA algorithm was as part of the PGP
>           solution we were planning to use. It is not a requirement,
>           per se.  The appeal of that algorithm in PGP was its ubiquitous
>           application. It was available for both 16- and 32-bit as well
as
>           DOS and UNIX.
>
Entrust Software uses a wide range of encryption algorithms for both the
symmetric keys and the public/private key pairs (including RSA). Here is a
listing of all the algorithms we currently support
http://www.entrust.com/entrust/algorithm.htm

>      2)   Should support private/public key technology.
>
>           --PGP worked as a hybrid system with the body of the attachment
>           encrypted using a symmetric key algorithm and the session key
>           encrypted using a public key algorithm.  In addition it
provided
>           a mathematical digest of the text and a "signature" to support
>           authentication.  Ideally the replacement product would work in
a
>           similar fashion, which I believe Entrust does.
>
This is the exact process that the Entrust client performs. Everytime a
piece of information is being encrypted a symmetric key is created and
through our symmetric key algorithms the information is encrypted and then
encrypted again using the larger public key.

>           --Each service provider (lender, guarantor or servicer) is
>           responsible for maintaining a database of public keys   for the
>           organizations they expect to communicate with & there must be a
>           process for exchanging public keys with other CommonLine
> participants.
>           The product would ideally work with these procedures which can
> be
>
>           found in the addendum for the CommonLine Reference Manual.
This
>           can be found at ftp://www.usagroup.com/download/commspec should
>           you care to examine it.
>
It sounds like you want each organization be a centrally managed PKI. All
entrust PKI's can be cross certified or can manually exchange keys to allow
for secure information transmissions.

>      3)   The software must be available for both end use as well as for
>           development & distribution.   The end use version should be
able
> to
>           function as a stand alone version, preferably with a command
> line
>
>           interface.
>
We have versions of the client that support command line interface and
since
client side software is one of the strengths of our PKI it will be on all
the individual stations.

> CommonLine is a standards-setting body under the auspices of NCHELP
> (National
> Council of Higher Education Loan Programs Inc.).  NCHELP is a national
> consortium of independent agencies: lenders, post-secondary schools,
> guarantors
> and servicers, all of which are players in the student loan process.  The
> focus
> of CommonLine is data and transmission standards for originating student
> loans
> electronically. My subcommittee focuses on the messaging infrastructure
> for
>
> these transactions.
>
> The CommonLine standard is now used to originate electronically the vast
> majority of student loans across the nation.  The participants in NCHELP
> collectively have a very strong influence on national policy and national
> standards for issues dealing with many aspects of higher education
> financing.
> Members include USA Group, Edfund, SLMA, Nellie Mae, AFSA, The Access
> Group,
> TGSLC, PHEAA, Great Lakes, NYHESC, Citibank Student Loan Corp, Signet
> Bank,
>
> Penn State, US Bank, Bank One, UC Berkeley to name but a few.
>
> I would think it would be in your interest to have Entrust become a
> standard for
> the student loan industry.  The standards we set will see wide-spread
> implementation, but there is typically a one-half year lag time.
>
> Our estimates for the eventual number of licenses include:
>
>      10-20 School Based Software (SBS) developers.  These organizations
>           develop software that is distributed to schools for the capture
> &
>
>           transmission of student loan data electronically.  We assume
> these
>           developers would require the Entrust/File product.
>
These 10-20 SBS, would they each require their own CA or would be joined
together by some central administration office that could act as their CA?
Entrust File would be required to complete this task.

>      100+ Medium-use lenders, guarantors & schools who would integrate
the
>           software into their own back-end loan processing systems
located
> on
>           main-frames or mid-range systems in order to have automated
>           batch feeds, but would not develop PC software to distribute to
> schools.
>           Again, we are assuming these would require the Entrust/File
> product.
>
The same type of scenario as above. Would these organizations each need
their own PKI?

>      100+ Lenders & guarantors who are "low-tech" users & would use the
> software
>           as a stand alone product & process the files manually to feed
to
> their
>           loan processing systems.   We are assuming these companies
would
>           require the Entrust/Solo product.
>
Entrust Solo as a stand alone solution is a perfect fit in this
environment.

>      1500+ Colleges & Universities who would use software the SBS
> developers
>           have developed.  We are assuming they would use the
> Entrust/Client
>           product incorporated in the run-time module of the Entrust/File
> product.
>
There is no run-time module of Entrust File. The application that has been
developed runs independent of the Toolkit but does require the use of
Entrust Client. Who would be the CA for this section?

> If the capabilities and pricing of the Entrust products appear to fit our
> needs
>
Do you have any preset pricing limitations? I know this sounds like a
strange question but it would help me to more readily identify what
solution
we have would best suit your needs.

> we will be happy to ask the CommonLine members to sign Letters of Intent
> in
>  order
> to provide you with more accurate numbers as we get closer to an
> agreement.
>
> There are four members of our subcommittee who have agreed to evaluate
the
> software
> products we are considering.  I will be contacting you by phone tomorrow
> to
>  see
> if Entrust will, in fact, fill our needs and if you would be willing to
> send
> copies of the software out to the evaluation team for their review.
> Because of
> the delays we hope to have the software evaluated & selected by mid to
> late
>  May
> so the developers will have the summer to develop SBS and tested prior to
> peak
> application processing for next year.
>
>
> I hope this gives you the information you needed before talking to your
> management.
> Should you have any questions please feel free to contact me.  I will be
> unavailable
> Thursday & Friday this week, April 16-17, but will be here tomorrow and
> return on
> Monday.  If you need to speak with someone during those two days you can
> ask for
> Bill Horn at extension 531.
>
>
> Dawn Harris
> College Foundation Inc.
> 919.834-2893 X461
> dharris@cfi-nc.org
>
     Dawn, can you send me your official mailing address?
Prev by Date: FW:AT&T CDK interface
Next by Date: CmnLn Elec Exch: 4/16 Minutes
Prev by thread: FW:AT&T CDK interface
Next by thread: CmnLn Elec Exch: 4/16 Minutes
Index(es):
- Date
- Thread