Highlights
- Secure web access for employees and partners
- Improve performance
"nCipher was one of the first Hardware Security Module vendors to support iPlanet Certificate Management System through its nShield device."
Download in PDF »
Netscape is a leading provider of software and services for businesses that want to transform the way they create and keep customers in the net economy. A division of America Online, Inc., Netscape is based in Mountain View, Calif.
Since its founding in 1994, Netscape has applied many of its own technologies to the communications and collaboration needs of its employees and partners. The company not only maintains its own internal and external web sites to act as a valuable resource for product development and sales analysis, it also uses this technology to promote online meetings where people can convene and discuss their work.
The demands placed on this technological framework created a number of issues, the foremost of which was security. Beyond managing the activity of its employee base, the company needed to fortify links with its external partners like Sun Microsystems and integrate with its new corporate parent, AOL. These external associations brought many administrative complexities. In particular, the company had to open up previously private Web sites, while still tracking user origin and other essential pieces of transactional information.
Digital Certification Was Not Enough
Netscape has a history of utilizing digital certificate technology to govern access to its Web sites. While passwords were cumbersome and cookies insecure, digital certificates offered an easier and more efficient means for Netscape to manage online interactions. “By issuing certificates to our employees and partners from different certificate authorties (CAs), we were able to distinguish the identity and home company of users presenting a certificate and base Web server authentication and firewall rule sets on the issuing distinguished name (DN) of the certificate,” said Bill Burns, senior security engineer for Netscape.
The IS department quickly turned to the company’s own and newest certificate technology for this task. Burns and his team used the iPlanet Certificate Management System, from the Sun-Netscape Alliance, to issue certificates and manage the Web access process. The system provided single sign-on access to key corporate intranet sites, and through an automated process that was later added, used LDAP-based directory services to authenticate users asking for certificates. In doing this, the system checked users against a range of internal databases before certificates were issued or revoked.
But the Netscape user base also needed an externally signed certification authority to send S/MIME encrypted mail outside the company. Part of the requirement for doing this was a hardware resource for private key management. “Private key material had to be stored on hardware in order for the public CA to sign our CA for S/MIME. nCipher was one of the first hardware security module vendors to support iPlanet Certificate Management System through its nShield device,” said Burns.
In addition to the secure management of digital keys and powerful acceleration of cryptographic key processing, nShield helped to improve the overall system performance and ease with which Netscape and its partners could transact. In fact, help desk calls concerning digital certificates fell dramatically with the new system. The process, which previously required manual approval and took ten mouse clicks, now takes three mouse clicks and happens in under five seconds, even through a dial-up connection.