Fortezza foiled by smart cards
- By Susan M. Menke, William Jackson
- Mar 03, 1997
Fortezza's controversial high-security scheme for private-key escrow has yet to gain
popularity among agencies and vendors. Although the Fortezza Type II PC Card works faster,
a smart card is cheaper and more compact.
A Defense Department spokeswoman said last week that the Pentagon has approved a plan
to shift away from the private-key escrow approach for Fortezza in favor of key recovery.
This means users no longer have to store keys with the government's key agents. Instead,
they can select their own key agents.
The department spokeswoman said the shift in policy dovetails with the Clinton
administration's plan to permit the use of private agents for key storage.
The present Fortezza PC Card has the Capstone encryption chip. Because the chip has a
classified algorithm, vendors and privacy groups contend that it provides a back door for
surveillance by law enforcement authorities.
It is this chip that will be most affected by DOD's plan to drop key escrow.
Capstone's cousin, the Clipper chip, is built into secure phone, fax and modem devices,
which are less widely used and less likely to be affected if DOD abandons key escrow.
To date, Fortezza's main acceptance has been as an e-mail token for Defense Message
System. Civilian agencies have adopted a wait-and-see attitude. Why? Because choosing
Fortezza means agencies would have to buy or retrofit PC Card readers for their computers
and hand out the individualized tokens to employees.
The cost of the Fortezza cards is an issue even at DOD, where Pentagon brass have said
one reason they want civilian agencies to use Fortezza is so the price tag will fall below
the roughly $100 a card price. Emmett Paige Jr., assistant secretary of Defense for
command, control, communications and intelligence, has said he wants to see the price drop
below $50 a card.
To manage the keys, the government set up a key escrow superstructure. The Treasury
Department's Automated Systems Division shares key management responsibility with the
National Institute of Standards and Technology. NIST maintains a staff of nine employees
to handle half of the government's key escrow activity, NIST spokeswoman Anne Enright
These agents will still be needed by agencies that want to use private-key escrow,
Besides DOD, she said, the Justice Department uses some Fortezza cards. "Even if
DMS or other users drop out, the chips will remain in the program, securely escrowed and
divided among the agents," she said.
The General Services Administration's Judy Spencer, who heads a center responsible for
federal security issues, said, "We're spectators waiting to see how things go"
for Fortezza on the Defense side.
Spencer said she knows of civilian agency pilots using the current Fortezza token for
e-mail. But a Government IT Services Board steering committee is considering public-key
alternatives to Fortezza, she said, and GSA is looking at offering smart cards for secure
Jim Chen, president of V-One Corp. of Rockville, Md., whose DMS Option firewall is one
of several NSA has approved for DMS use, said the price difference between the two
encryption tokens is large: "$3 for the programmed smart card vs. an average $100 for
the Fortezza card," he said.
"There are times you need very, very high security, so Fortezza will continue to
be important for DMS," Chen said.
At civilian agencies, where e-mail secrecy may matter less than ensuring secure
electronic commerce applications, V-One is promoting its SmartGate 2.2 client-server
software and smart cards for end-to-end transactions over open networks, including the
SmartGate uses public-key encryption from RSA Data Security Inc. of Redwood City,
Calif. Each client, including remote ones, must have the SmartGate software installed to
exchange secure messages or electronic data interchange transactions. Existing TCP/IP
stacks need not be replaced, however.
SmartGate tokens can be either physical or virtual, said Ken Newcomer, general manager
of V-One's government systems group. They can even fit into PC parallel or serial ports.
But V-One expects the smart card format endorsed by the International Standards
Organization to be the most common type.
A systems administrator would handle all the tasks to enroll SmartGate users:
Photograph them with a digital camera; print photos on smart cards with an ink-jet
printer; load encryption keys; and assign eight-character passwords.
SmartGate pricing ranges from $6,000 for the server software with limited clients, to
$12,000 with server hardware.
Another encryption supplier, Certicom Corp. of Mississauga, Ontario, has teamed with
the Electronic Transactions Group of Paris-based smart card maker Schlumberger Ltd. to
develop a digital signature card for identification and authorization. Like V-One,
Certicom is promoting smart cards for access control and electronic commerce, officials
The digital signature software resides on Schlumberger's ISO-compliant Multiflex smart
card. Schlumberger also will provide the core operating system and integration services.
Certicom provides the encryption engine-its Elliptic Curve Cryptosystem, an advanced
public-key algorithm that is not yet federally accepted like the Data Encryption Standard,
Clipper and Capstone.
No encrypting coprocessor is required, because the algorithm can generate digital
signatures within the card's chip. The digital signature becomes part of the sender's
private key and the transmitted data, so that any changes or interruptions will be
Contact V-One at 301-838-8900 and Certicom at 905-507-4220.
William Jackson is a Maryland-based freelance writer.