News

IPSec Toolkit Extends to VxWorks and Emerging Industry Standards With Support for IPv6, Automated PKI Certificate Enrollment, Network Address Translation, and Rijndael Cipher

SSH Communications Security (SSH), a world-leading developer of Internet security technologies, today announced SSH® IPSEC ExpressTM 4.0, a new release of its award-winning IPSEC Express toolkit. SSH IPSEC Express 4.0 extends the functionality of its IPSec (Internet Protocol Security) solutions by adding support for the VxWorks operating system and the industry's latest Internet and industry standards such as IPv6, enhanced PKI, and the new Rijndael cryptography standard. SSH's security toolkits implement IPSec and PKI standards to bring strong, cryptographic security to IP networks. SSH IPSEC Express 4.0 enables OEMs to bring their IPSec-based security applications to market quickly and efficiently.

About IPSec and SSH IPSEC Express

IPSec is an IETF (Internet Engineering Task Force) standard for protecting IP traffic using cryptography on the packet level. This Internet protocol is the predominant security technology used in VPNs (Virtual Private Networks). A driving force for IPSec, VPNs allow users to establish secure data communications between multiple networks or network devices using insecure public networks such as the Internet. SSH's IPSec technology adds scalable, strong security to IP networks, without limiting its flexibility to enable new types of business opportunities, such as secure local and global communications between companies. SSH IPSEC Express is the world's leading toolkit for IPSec.

"SSH IPSEC Express 4.0 provides a highly scalable, reliable IPSec and PKI security solution previously unavailable for embedded devices such as Internet appliances, VPNs and routers," said George Adams, president and CEO of SSH, Inc. "With the inclusion of IPv6, NAT compatibility, enhanced PKI capabilities, and Rijndael cryptography, SSH IPSEC Express 4.0 underscores SSH's commitment to innovation and advancing Internet security technologies for our customers and partners."

SSH IPSEC Express 4.0 delivers major new features, including IPv6 support, VxWorks support, Rijndael cryptography, port- or host-based NAT (Network Address Translation), expanded support for very large numbers of SAs (Security Associations), enhanced CA (Certificate Authority) trust, improved CMP (Certificate Management Protocol) and client-side SCEP (Simple Certificate Enrollment Protocol), and client-side OCSP (Online Certificate Status Protocol).

VxWorks - VxWorks is the most widely adopted real-time operating system in the embedded industry. SSH IPSEC Express 4.0 now provides an integrated turnkey IPSec, IKE, and X.509 PKI certificate solutions for vendors using the VxWorks platform.

IPv6 Support - SSH IPSEC Express 4.0 offers OEMs support for the industry's next generation standard, IPv6, also called "IPng" (IP Next Generation). IPv6 is the most current version of the IP (Internet Protocol) under review by the IETF. It lengthens IP addresses from 32 bits to 128 bits, extending the number of potential network addresses to accommodate the exploding growth of wireline and wireless users and devices on the Internet. IPv6 mandates IPSec for secure communications.

Enhanced PKI Functionality - SSH IPSEC Express 4.0 includes features for easy integration and interoperability with PKIs. In addition to OCSP, SSH IPSEC Express 4.0 now includes features such as client-side SCEP and CMP for automated certificate enrollment. Additionally, as an alternative to CRLs (Certificate Revocation Lists) in time critical certificate validity checks, certificates can now be validated online using OCSP.

Port- or Host-Based NAT - NAT devices map and expand the number of IP addresses from one network to another to enable greater numbers of users and IP-connected devices within local networks, mask specific user IP addresses from exposure to the open Internet, and save costs by reducing the number of Internet addresses and connections enterprises need for employee Internet access. SSH IPSEC Express 4.0 offers OEM vendors integrated IPSec-NAT compatibility for easier deployment in their products and faster time-to-market. When combined with SSH's NAT TraversalTM Toolkit, announced in September 2000, complete, end-to-end IPSec security through NAT devices is achievable.

Rijndael - Rijndael is the proposed AES (Advanced Encryption Standard) candidate recently selected by NIST (National Institute of Standards and Technology). The algorithm can be implemented very efficiently on a wide range of processors in software and in hardware. SSH IPSEC Express 4.0 provides OEM vendors with off-the-shelf, leading-edge support for this key new cryptography algorithm standard.

Expanded Support for SAs - SSH IPSEC Express 4.0 users will have the added benefit of scaling to very large systems. This feature will allow up to 50,000 IPSec SAs for enterprise-class intranets and extranets for business-to-business e-commerce and enterprise resource planning. The technology will also bring IPSec to large multi-site enterprise networks and multi-company VPNs. This scalability allows the same technology base to support the smallest to the largest system requirements.

Pricing and Availability

SSH IPSEC Express 4.0 is shipping immediately to licensees under active maintenance agreements. The SSH IPSEC Express 4.0 Toolkit is available for licensing and immediate delivery. Please contact an SSH Sales representative for further details.

© 2002 SSH Communications Security Corp. All rights reserved. ssh® is a registered trademark of SSH Communications Security Corp in the United States and in certain other jurisdictions. All other names and marks are property of their respective owners.