Features

Small cryptographers’ meeting turns into a huge affair in S.F. 

SAN FRANCISCO – Ten years ago, when most people still thought of computer hackers only as the nerdy henchmen to villains in science fiction movies, a group of less than 100 cryptographers got together in a Silicon Valley hotel to share ideas. 

Now the Internet is a pervasive part of life, a platform where $657 billion worth of commerce was transacted last year, according to Forrester Research. With that figure expected to increase 10 times by 2004, online security has become a mainstream concern. 

For evidence, just look at what happened to that small cryptographers’ gathering. 

It has exploded into a mammoth trade show and conference that is bringing more than 10,000 people to a San Francisco convention center this week. They will peruse exhibits by 250 security companies, chatter at a “cryptographers’ gala” and gather for a closing ceremony featuring comedian Dana Carvey. 

Lecture topics range from the arcane — one is titled “On the Strength of Simply Iterated Feistel Ciphers with Whitening Keys” — to the straightforward, like “Authenticity in e-Business.” 

The RSA Conference, named for the Bedford, Mass.-based security company that puts it together, began Sunday and runs through Thursday. In another sign that security has become important business, the sponsors include Intel, Microsoft, Hewlett-Packard, IBM and Compaq. 

“I think the RSA thing has come of age, and people are taking the whole topic seriously,” said Michael Ruehle, president and CEO of BioID America Inc., who plans to show off new technology from his company that scans a user’s face, voice and lip movements to ensure proper access. 

Biometric devices, which grant or deny access to users based on ironclad personal characteristics, have been available for years. But despite the glaring problems with passwords — they are easily stolen or forgotten — biometrics have yet to move into widespread use because of their high cost and varying reliability. 

However, they could get a boost from the federal electronic signatures law that took effect last year. The measure grants legal legitimacy to documents approved or digitally “signed” online. That is expected to drive up demand for anything used to initiate a digital signature — such as fingerprint readers and other biometric devices, or “smart cards” that have identification information embedded in them. 

Security experts expect biometrics soon will be commonly built into cell phones, handheld computers and anything else connecting to computer networks. Ruehle hopes to strike up partnerships this week to speed that process along. 

“These products are starting to be integrated into real-world environments,” Ruehle said. “They’re not just add-ons. We’re striving to make that functionality transparent to the end user.” 

The most immediate challenge for Internet security and cryptography is online fraud, which by some estimates takes place eight to 12 times as much as it does in the real world. 

“The anonymity and ubiquity of the Internet that make it so attractive to users and the market place are the same qualities that make it difficult to secure,” said Mike Houlahan, a vice president of Arcot Systems Inc., a Silicon Valley company that makes software designed to limit access to computer files and networks. 

Fighting back is no easy task, which makes the security conference a vital place for sharing information. 

Marina Donovan, an RSA Security Inc. vice president who is managing the conference, expects a great deal of discussion on developing an industry standard for securing transactions over wireless devices. 

“That impacts everybody, even my mother,” she said. “Security is a mainstream issue. People need to know how to do business online with confidence.”