The US government has given a strong encryption technology from Hewlett-Packard the go-ahead for export. Hardware products using the company's VerSecure strong encryption scheme can now be exported to four European countries and Australia.
The approval is the broadest general export license granted for strong encryption products thus far. It comes following an exhaustive effort by Hewlett-Packard to establish an encryption system that passes the Clinton administration's restrictive policies regarding strong encryption and key recovery.
The final VerSecure scheme essentially establishes a highly controlled communication checkpoint for keeping any encrypting device - a server, cell phone, PC, etc. - in line with countries' varying and evolving encryption policies.
At the heart of this design are Security Domain Authorities (SDAs). These are basically information centers run by specified third-party organizations in each country that will activate whatever cryptographic capabilities are permitted by law. "Tokens" dispensed by these domain authorities enable each encryption event and feature expiration dates, allowing countries to change policies over time. A country that doesn't require key recovery initially, for example, may add the requirement later.
The current license to export VerSecure-based products is limited to four countries in Europe - Great Britain, Germany, France, and Denmark - as well as Australia. There, Hewlett-Packard has made arrangements for the establishment of SDAs, running some of them itself but promising that third parties will be invited to do the same.
As a result, H-P said, any company or individual in those countries can purchase hardware products employing VerSecure's strong encryption algorithms and use it according to the laws.
With these countries as models, H-P said additional countries will be easier to add to the list of approved nations.
"It's a big breakthrough to export to anybody," said Joe Beyers, general manager of Hewlett-Packard's Internet software business unit. "H-P just chose a set of countries - the next countries will come much more easily."
The product secures data with 128-bit, or "strong" encryption, a level of encryption the Clinton administration does not like seeing exported.
VerSecure users can choose the level of encryption and whether or not to activate the key recovery feature.
