RSA's 'Nightingale' software sings security song
- By John K. Waters
RSA Security recently disclosed its plans to integrate its products into a single identity management system that will deliver common administration and integration of its security solutions. Increasingly, identity handling is a programmer's concern, and RSA is in a position to greatly influence the course of such development.
Part of RSA's plans is a system, code-named "Nightingale" and developed by the company's RSA Labs research arm, that is engineered to enhance the security and privacy of conventional servers for particularly sensitive data. Such data could include healthcare information, credit card numbers, cryptographic keys and personal information used for password reset.
Key to Nightingale is "secret splitting." Secret splitting is a process that distributes sensitive data and then stores it cryptographically in two separate locations: the Nightingale server and any application server. This data-splitting strategy is designed to foil an attacker who compromises either server.
According to Dr. Ari Juels, Nightingale is the first full-fledged commercial product to come out of RSA Labs. For Juels, a principal research scientist at RSA Labs, the project was "near and dear" to his heart. "It's an elegant way of handling a general problem," Juels told Programmers Report. "It's good to see something so practical come out of such a rarified environment."
Nightingale was built with RSA BSAFE software, which was debuted recently by RDA in a Web services version. The idea here is to allow standards-based security for architectures that take advantage of Web services, ostensibly by addressing some of the maturity concerns of those companies that have yet to adopt Web services.
RSA made its announcements as part of its 12th annual RSA Conference, which drew an estimated 10,000 attendees in San Francisco.
To link to an RSA white paper on identity and access management issues, please go to http://www.rsasecurity.com/solutions/idmgt/whitepapers/IAMBUS_WP_0104.pdf
For other Programmers Report articles, please go to http://www.adtmag.com/article.asp?id=6265
John K. Waters is a freelance writer based in Silicon Valley. He can be reached