Press Release tool bar

Microsoft Logo




Users of computer networks, and especially users of the Internet, need trustworthy communication. PCT is a new, more secure, and more efficient version of the popular SSL scheme for general purpose secure communication. PCT is more secure because it fixes several security flaws in SSL, it has much better assurance that data is delivered correctly, and it is simpler. It is more efficient because it sends fewer messages and handles the data more smoothly. PCT is specified by an open standard and is compatible with SSL, so the industry can easily adopt it. -Butler Lampson, Architect, Microsoft Corporation

For Release 10:30 a.m. EDT

Sept. 27, 1995

Microsoft Publishes Specifications Designed to Help Improve Security on the Internet

ATLANTA ù Sept. 27, 1995 ù Microsoft Corp. today announced the publication of two specifications that address key Internet security issues. Software designed with these specifications will enable developers to incorporate improved security technology into their applications, giving businesses and consumers confidence that their transactions and communications will be secure.

The two specifications ù Secure Transaction Technology (STT) and Private Communication Technology (PCT) ù were published today on the Internet. To help encourage widespread adoption of STT and PCT, Microsoft is making the specifications available at no charge to all software developers, businesses, card brands and financial institutions that want to create STT-compliant and PCT-compliant applications.

ôWe set out a year ago to build STT, a security system that meets the strict requirements of the payment-card industry. STTÆs design uses sophisticated cryptographic techniques to help protect and authenticate consumers, merchants and financial institutions that use bank cards to conduct business on the Internet,ö said Craig Mundie, senior vice president of the consumer systems division at Microsoft. ôAfter doing so, we felt we could also apply our expertise to the InternetÆs need for general-purpose security. PCT builds upon Secure Sockets Layer by incorporating strong authentication and other technologies we developed for STT.ö

STT, jointly developed with Visa International, is supported by the Internet Shopping Network, RSA Data Security Inc. and Spyglass Inc. The PCT specification is supported by Cylink Corp., FTP Software Inc., Internet Shopping Network, NetManage Inc., OpenMarket Inc., Spyglass Inc. and Starwave Corp.

ôWe cannot afford to have doubt cast over the ability to conduct business on the Internet,ö said Marc Miller, executive vice president of marketing and business development for Spyglass Inc. ôWe applaud Microsoft for approaching the security issue as it should be approached ù in an open forum within the Internet community. Our whole business model is based on partnerships. WeÆre happy to be working with Microsoft to provide an open, specifications-based solution to help ensure the viability of this exciting new medium.ö

The Secure Transaction Technology specification, jointly developed by Microsoft and Visa, is designed to provide a secure method for handling credit-card transactions across private and public networks. By providing a technology that can be completely integrated with the current bank-card system, STT will serve as a reliable payment system for software providers to incorporate into their products. STT also preserves the branded transaction relationships that merchants and financial institutions have with their customers.

The Private Communication Technology specification is designed to secure general-purpose business and personal communications on the Internet. PCT includes features such as privacy, authentication and mutual identification. As a secure communications technology, PCT builds on the earlier advances embodied in Secure Sockets Layer (SSL). PCT enhances SSL by separating authentication from encryption. This means that PCT allows applications to use authentication that is significantly stronger than the 40-bit key limit for encryption allowed by the U.S. government for export.

ôThe Internet Shopping Network is committed to providing the most secure online shopping environment possible,ö said Boris Putanec, vice president of engineering for the Internet Shopping Network. ôSTT delivers one of the highest levels of security and authentication for shopping transactions, boosting electronic commerce.ö

Microsoft plans to incorporate both STT and PCT into its own products, such as the Microsoft« Internet Explorer 2.0, which ships with the Window« operating system, and is encouraging other software developers to do the same.

The specifications released by Microsoft include use of encryption capabilities based on technology from RSA Data Security Inc.

Founded in 1975, Microsoft (NASDAQ ôMSFTö) is the worldwide leader in software for personal computers. The company offers a wide range of products and services for business and personal use, each designed with the mission of making it easier and more enjoyable for people to take advantage of the full power of personal computing every day.

#########

Microsoft is either a registered trademark or trademark in the United States and/or other countries.

For More Information, Press Only:

Shelly Julien or Katherine Rooks, Waggener Edstrom, (206) 637-9097

For Online Product Information:

Internet Web site: http://www.windows.microsoft.com