Shym Enhances Windows 2000 Encryption

Public Key Infrastructure (PKI) should be a cornerstone of e-business since it offers immediate and unarguable validation of a user's identity. But because PKI toolkits can be complex to implement, many e-businesses have loose or nonexistent PKI policies. Shym Technology Inc. ( plans to help with its SnapSecure, which integrates and automates PKI policies into e-business software.

PKI uses certificates to validate identities during secure operations. PKI has a wider acceptance at e-commerce sites, but Shym officials believe there are equally important applications in the business-to-business realm, where PKI has yet to be implemented. "This e-business thing is forcing us to extend our applications beyond the enterprise," says Michael Rothman, executive vice president at Shym.

"You would think every company would be doing this, but that’s just not the case," Rothman says. He feels that businesses should be more interested in knowing that the people using their applications are business partners, rather than benign or malicious intruders.

Microsoft Corp. ( has acknowledged the utility of PKI in e-business by integrating a certificate server into Windows 2000. While the certificate server is in place for enterprises with Windows 2000, roadblocks remain.

First, using the certificate server native in Windows 2000 requires administrators to configure the software to recognize and use the PKI toolkit, requiring a fair amount of expertise on the user’s part. Shym’s SnapSecure ‘snaps’ into the certificate server, creating a bridge between the certificate server and PKI toolkits.

In addition, Microsoft’s implementation of PKI is on a per-user, per-instance basis, requiring users to take the initiative when performing a secure transaction. Enforcement of PKI policies is difficult for administrators.

SnapSecure automates policy enforcement. Administrators can configure and set policies according to enterprise security needs. Once in place, these policies are automated, not requiring users to determine which transactions require certificates, and which transactions do not. Shym’s implementation is transparent -- the amount of intrusion into the end users experience is minimal.

Integrating PKI toolkits into non-Microsoft applications, such as Lotus Notes or PeopleSoft, can be difficult. Information assets from one of these applications requires PKI scripting and configuration on the part of administrators, who may lack the skill to perform these tasks.

"We’re focused on the application support problem," Rothman says, suggesting that SnapSecure’s value lies in the ability to integrate PKI into applications that currently lack PKI support. David Thompson, an analyst at Meta Group Inc. ( agrees that SnapSecure can simplify a PKI implementation for these applications. "They’ve done all the work ahead of time," he says.

Thompson, however, says SnapSecure’s greatest value is its automated certificate policies. "SnapSecure allow administrators to centralize and enforce polices, something they’re unable to do with other tools," he says. While administrators may welcome the policy enforcement, end user will welcome its transparency. "They’ll be using certificates, whether they’re aware of it or not," he says.

In addition to providing a bridge between Windows 2000’s certificate server and a PKI toolkit, SnapSecure takes advantage of another feature of Windows 2000: Active Directory. Centralized policies and certificates are stored in Active Directory, allowing global access to PKI functions.