Business Week International Special Report
THE KEY TO SAFE BUSINESS ON THE NET (int'l edition)
They came from AT&T. Oracle. National Semiconductor. Adobe Systems. Visa International. Speaker after speaker, more than 20 in all, crowed about tiny RSA Data Security Inc.'s products at a conference hosted by the company. "Gee," said a friend who whispered into RSA President Jim Bidzos' ear. "You must have pictures of all these guys with hookers, naked."
Well, no. What RSA has is something really useful--software to make doing business in cyberspace safe. Outside of spy agencies, RSA's "public-key encryption" is regarded as the best security there is. Ask RSA's big-name clients--Apple, Microsoft, Motorola, and Lotus. "Public-key cryptography is a cornerstone of the Information Superhighway," says Nathan P. Myhrvold, Microsoft Corp.'s senior vice-president for advanced technology. "And RSA is the most widely accepted public-key system."
Acceptance didn't come overnight. The privately held Redwood City (Calif.) company took 12 years to reach its current size: 45 employees and less than $10 million in sales. But with computer and online companies and giants such as Visa International and MasterCard International Inc. using RSA technology, the company is poised to take off. How big? "It'll be a nuclear explosion," says Bidzos. He figures revenues will double each year.
The fuel is a rather simple concept. Each party in a transaction holds two software "keys." Public keys are published, like listed phone numbers. Private keys are known only to their holders. Both keys are needed to encode and decode a message.
Example: To buy flowers on the Internet, you encode your credit-card number using the public key of the card issuer. The only key that unscrambles the data to complete the transaction is the issuer's private key. Or you send E-mail coded with your private key and the receiver uses your public key to decode it. Since the public key unlocks only messages that were encoded with your private key, the receiver can be sure you're the sender.
So far, nobody has cracked the code, despite an annual RSA hackers contest. RSA figures it would take a supercomputer hundreds of hours to get just one credit-card number. The biggest risk, then, is sloppy protection of a private key.
SIGNING UP LOTUS. RSA's success comes almost in spite of itself. Its technique was invented by Stanford University researchers in 1977. Three Massachusetts Institute of Technology professors--Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman--made it a usable system, then founded RSA and nailed down crucial patents. But, says Adleman, now a professor at the University of Southern California, his "lack of aptitude in business" almost sank the company. Rivest, the chairman, is the only founder still active in RSA business.
When Bidzos, a marketing expert, arrived in 1986, the company "was $750,000 in debt and had no customers," he says. That year, RSA signed up Lotus Development Corp., which uses the technology in Notes. Since then, the client list has swollen. The latest: AT&T and VLSI Technology Inc., which will use RSA algorithms in encryption chips.
Will the love-in last? RSA's main patent expires in five years, and Viacrypt, a tiny company that licenses RSA technology, is mounting a challenge--but with little success thus far. A big factor in RSA's favor: Although it's in a position to do so, it is not gouging on price. "They have not been piggy," says Edward J. Hogan, senior vice-president at MasterCard. Even now, says Bidzos, "I don't see us raising prices." That's how to win friends and influence people.By Russell Mitchell in Redwood City, Calif.