Sun tightens the security screw

Sun Microsystems is expected to announce two security initiatives today, one introducing a form of encryption for its next-generation Sun Java System Web Server and another that reorganises the way it delivers security features for Solaris.

As part of its initiatives, Sun plans to introduce Sun Java System Web Server 7.0 with support for Elliptic Curve Cryptography (ECC). The company also plans to end its tradition of offering Solaris in two flavours - one for the masses and another version with extensive security enhancements targeted at government agencies, financial institutions and health organisations.

Brian Leonard, Sun's marketing director of web tier products, said: "With this [ECC] announcement, we'll have more security features in our Sun Java Web Server. This is not meant to replace current RSA encryption technology with ECC but rather allows the processing of both."

ECC, which uses smaller public keys to unlock encrypted content, is designed to require less processing power, while conducting faster computations for secure online transactions. Encryption giant RSA uses a different form of algorithms for its encryption technology.

Sun Java System Web Server 7.0, with its support for ECC, is expected to be released in July, Leonard said.

The company is also expected to announce plans next week to change the way it delivers security to organisations and agencies that deal with highly sensitive information, said Chris Ratcliffe, director of Sun's Solaris marketing.

Sun introduced the Solaris 10 operating system last year, as an open-source offering. But it also included 85 per cent of the security features that previously would have been offered in a Trusted Solaris version.

Ratcliffe said: "Over the past 10 or 20 years, we would offer two versions of Solaris. We would create a second version of the release that would be a higher security version called our Trusted Solaris."

Sun plans to introduce its Solaris Trusted Extensions next week, which encompasses the remaining 15 per cent of the security features left out in Solaris 10. The Trusted Extensions will be marketed to government agencies, financial institutions and health care organisations, Ratcliffe noted.

Trusted Extensions, for example, is designed to have the ability to separate access to data based on the profile of the user trying to access the content. He noted organisations that are mandated to use higher levels of security are likely to be the ones to subscribe to the Trusted Extensions support service.

Dawn Kawamoto writes for CNET News.com