Contact Us Resource Center RSS How to Buy  

› Home › News & Events › Press Releases

Tumbleweed Communications and nCipher Expand PKI Hardware and Software Integration

Integration of Tumbleweed Valicert Validation Authority and nCipher netHSM Speeds and Secures Key Validation and Management

Lake Buena Vista, FL - DoD Public Key Enabling (PKE) Technical Forum — November 15, 2004 — TumbleweedŽ Communications Corp. (NASDAQ:TMWD), the leading provider of e-mail security, file transfer security, and identity validation solutions, and nCipher plc (LSE:NCH), a leading provider of cryptographic IT security, today announced integration of the Tumbleweed Valicert Validation AuthorityT with the nCipher netHSMT, enabling organizations to improve the overall security and scalability of their PKI validation infrastructure. Tumbleweed has also formally joined the nCipher ReadyT program solidifying the two companies' business and engineering relationship.

At the DoD Public Key Enabling (PKE) Technical Forum, from November 15-19, 2004, Tumbleweed (booth # 201) and nCipher (booth #105) will be showcasing the integration of the Tumbleweed and nCipher products. The Tumbleweed Valicert Validation Authority is the most widely deployed solution for digital certificate validation in the market today. Based on the open standard Online Certificate Validation Protocol (OCSP, RFC 2560), the Validation Authority allows applications to validate the status of a digital certificate in real time, ensuring that revoked credentials cannot be used for secure email, smart card login, web access, wireless, VPN or other electronic transactions.

nCipher's netHSM has been integrated with the Tumbleweed Valicert Validation Authority to protect the integrity of the cryptographic private keys, enable strong, secure validation of certificates and accelerate the cryptographic processing. netHSM allows multiple individual validation servers to share access to hardware-based encryption, decryption and signing functions via secure connections over IP networks. This greatly enhances scalability, reduces deployment costs and centralizes administration. The nCipher netHSM is validated to the Federal Information Processing Standard (FIPS) 140-2 level 3, one of the most stringent standards in the IT security industry. The combination of the Validation Authority and nCipher hardware security modules is deployed by multiple branches of the U.S. Department of Defense, banking and financial institutions world-wide.

Tumbleweed and nCipher have integrated multiple security products to date, including:

• Tumbleweed Secure Transport - used for secure transfer of files over the Internet; can leverage nCipher HSMs for both secure key management and acceleration of SSL.



• Tumbleweed E-mail Firewall (EMF) - integrated email security gateway; can use nCipher for the digital signing of outbound corporate e-mail without the costs or complexity associated with a traditional PKI deployment.



• Tumbleweed Secure Messenger - provides a web-based solution for secure messaging; can also benefit from the key protection and processing acceleration of nCipher hardware.



• Upcoming releases of Tumbleweed products will also integrate the nCipher Document Sealing Engine (DSE 200). DSE200 provides customers with a calibrated, high-accuracy time source for use in time-stamping electronic transactions and documents.

“Cryptography plays an integral role in protecting the integrity of the complex processes involved in the validation of digital certificates,” says Tony Crossman, Director, Strategic Partners at nCipher. “Protecting and managing the cryptographic keys is essential if the result of the validation process itself is going to be trusted. In addition, by applying high performance cryptographic acceleration to the system, one of the most serious transaction bottlenecks associated with the use of a PKI can be overcome.”

“Our customers expect the utmost in security and reliability when it comes to validating digital certificates and we have integrated nCipher’s netHSM with the Tumbleweed Valicert Validation Authority to deliver a superior level of security and performance to our customers” said John Hines, Director of Validation Authority Product Development at Tumbleweed. “The U.S. DOD has deployed over 4.5 million PKI based smart cards, and nCipher has helped us meet the increasing performance and scalability demands of this community, while keeping security standards high.”

About the Tumbleweed Valicert Validation Authority
Tumbleweed Valicert Validation Authority (VA) ensures the validity and integrity of highly valued and trusted transactions. Validation Authority is a Certificate Authority (CA) neutral, extensible server that utilizes multiple validation protocols for checking the validity of X.509 certificates within Public Key (PKI) environments. Validation Authority delivers a comprehensive, scalable, and reliable framework for validating digital certificates in real time, and can validate a certificate issued by any CA.

The Validation Authority is the:

• Recognized leader in the field and is deployed at the majority of Identrus member banks
  
• Most widely deployed OCSP responder in the US Department of Defense PKI.

In addition to the Tumbleweed Valicert Validation Authority, Tumbleweed also offers a suite of plug-in applications to simplify certificate validation processing at the application level. Server Validator (SV) is a plug-in for the most widely used Secure Web Servers on multiple OS platforms. Desktop Validator (DV) is a Microsoft OS based plug-in that provides highly flexible validation options for Microsoft Windows based applications.

About nCipher
nCipher provides hardware and software solutions that enable organisations to implement best practice IT security by addressing the technical challenges of using encryption.

The IT security industry has developed universal standards for protecting the confidentiality of information as it passes through the Internet by means of encryption. These standards are what allow the web browser of a desktop PC to communicate securely with a website anywhere in the world, giving rise to the familiar ‘padlock’ icon on the browser’s screen. nCipher products called ‘Hardware Security Modules’ or ‘HSMs’ support these industry encryption standards and protect the encryption keys that must remain an absolute secret for encryption to have any benefits. Our products have received more hardware security validations than those of any vendor in the world, following testing administered by the US Government’s National Institute for Standards and Technology.

Many of the world's leading organisations - from Microsoft and Barclays Bank to PricewaterhouseCoopers and the U.S. Navy - rely on nCipher to deliver a sound IT security infrastructure. nCipher's products are particularly well suited to organisations with high volumes of security-sensitive transactions, such as banking and financial institutions, government departments, online retailers and online service providers.

nCipher is listed on the London Stock Exchange (LSE:NCH) and is a member of the FTSE TechMARK and FTSE4Good indices with offices in Cambridge, UK; Boston, Washington, Hamburg and Tokyo. For more information on nCipher, visit www.ncipher.com.

About Tumbleweed
A leading email security, file transfer security and Identity Validation company with more than 10 years in the business, Tumbleweed provides comprehensive solutions for managing mission critical data communication channels. From our e-mail security suite, point solutions for Spam, inbound and outbound filtering, to secure file transfer and certificate authentication, Tumbleweed has a variety of solutions currently used by enterprises and governments to help mitigate risk and increase network bandwidth. Tumbleweed customers include ABN Amro, Bank of America Securities, Catholic Healthcare West, JP Morgan Chase & Co., The Regence Group (Blue Cross/Blue Shield), St. Luke's Episcopal Healthcare System, the US Food and Drug Administration, and the US Navy and Marine Corps. Tumbleweed was founded in 1993 and is headquartered in Redwood City, Calif. For additional information about Tumbleweed go to www.tumbleweed.com or call 650-216-2000.

SAFE HARBOR STATEMENT
TTumbleweed cautions that forward-looking statements contained in this press release are based on plans and expectations as of the date of the press release, and that a number of factors could cause the actual results to differ materially from the guidance given at this time. These factors are described in the Safe Harbor statement below.

Except for the historical information contained herein, the matters discussed in this press release may constitute forward-looking statements that involve risks and uncertainties that could cause actual results to differ materially from those projected, particularly with respect to integration of technology and sales of combined technology. In some cases, forward-looking statements can be identified by terminology such as “may,” “will,” “should,” “potential,” “continue,” “expects,” “anticipates,” “intends,” “plans,” “believes,” “estimates,” and similar expressions. For further cautions about the risks of investing in Tumbleweed, we refer you to the documents Tumbleweed files from time to time with the Securities and Exchange Commission, particularly Tumbleweed’s Form 10-K filed March 15, 2004, Form 10-Q filed May 10, 2004, Form 10-Q filed August 12, 2004, and Form 10-Q filed November 9, 2004.
Tumbleweed assumes no obligation to update information contained in this press release, which represents the Company’s expectations only as of the date of this release and should not be viewed as a statement about the Company’s expectations after such date. Although this release may remain available on the Company’s website or elsewhere, its continued availability does not indicate that the Company is reaffirming or confirming any of the information contained herein.

###

Contact for nCipher:
Liz Harris
+44 1223 723612
liz@ncipher.com