Check out the new USENIX Web site.

Developing and Deploying Corporate Cryptographic Systems


Diane E. Coe and Judith A. Furlong
The MITRE Corporation
Bedford, Massachusetts

Abstract

The MITRE Corporation has developed a number of cryptographic systems that provide security-related capabilities for its growing electronic information environment. These cryptographic systems were developed using commercial off-the-shelf products and widely accepted standards. Standards were adhered to in order to assure interoperability with emerging products such as those used to conduct electronic commerce on the Internet. However, there are many shortcomings within the marketplace and the Internet community that are limiting the extent to which interoperability can be achieved. Products are not as "open" as we need them to be, infrastructures are not in place, and standards are still evolving. This paper presents many of the issues with which we are faced and, in some cases, provides solutions. MITRE's needs are not unique. They are the needs of any enterprise wishing to provide an integrated security solution for the access and exchange of valuable electronic information.

This paper first introduces The MITRE Corporation and describes its corporate cryptographic systems and information infrastructure. The paper then discusses issues associated with integrating MITRE's cryptographic systems with emerging electronic commerce products both for use within the corporation and for conducting electronic commerce externally. The paper concludes with recommendations and lends some insight into where The MITRE Corporation is headed in terms of its corporate cryptographic systems and electronic commerce.


Download the full text of this paper in ASCII (43,741 bytes) and POSTSCRIPT (863,676 bytes) form.

To Become a USENIX Member, please see our Membership Information.