nCipher Chosen to Provide Transaction Security and Database Encryption for Exostar

WOBURN, MASS – December 2, 2002 – nCipher plc (LSE:NCH), a leading provider of cryptographic IT security solutions, announced today that Exostar, a global Internet exchange for the aerospace and defense industry, has chosen nCipher’s nShieldâ„? hardware security module (HSM) to protect its online eCollaboration service, ForumPass. Exostar is using nCipher’s FIPS-validated equipment to provide database and document encryption within the exchange and for XML-based security used to integrate external applications and Web services. First customers for this service include Rolls-Royce who is using the service to improve collaboration on the development of its Trent 900 engines.

As the world’s dominant Web-based aerospace and defense exchange, Exostar brings together manufacturers, suppliers and customers together to trade and collaborate. The exchange is built around the efficient flow of sensitive information in the form of financial transactions, product specifications and project descriptions between remote participants from different organizations. In such a security conscious industry sector, Exostar places great emphasis not only on the fundamental security of the exchange but also on its ability to enhance its range of services, adding more value to its customers without compromising security or harming the user experience. Recently Exostar upgraded its collaboration service, ForumPass, to do just this and as part of the deployment selected nShield encryption hardware from nCipher.

“Our customers demand the highest levels of security. With respect to collaboration, this means end-to-end encryption to protect every document, including database encryption for documents held on the exchange. Particular attention is also given to the authentication process used to positively identify users and to extend this access control into other systems by securely sharing authentication information. nCipher came highly recommended, their products displayed superior performance, and their people were extremely knowledgeable,” said Jeff Nigriny, security manager, Exostar. “nCipher’s combination of key management and hardware protection offers a unique and powerful solution that has allowed us to follow best practice security measures and build a highly secure Internet collaboration exchange for the defense and aerospace industry.”

End-to-end encryption and database encryption technologies for the ForumPass collaboration service are based on software provided by Virginia-based Evincible. It relies on nCipher’s nShield HSM for the secure generation, protection and management of various cryptographic keys used to provide strong encryption for privacy and create electronic signatures to prove integrity and authenticity. As part of the overall system nShield performs the following functions –

· Protect the keys that are associated with individual users and that enable end-to-end encryption of documents as they are exchanged
· Protect and manage keys used to encrypt documents stored or archived on the exchange in a distributed database
· Digitally sign all SAML transactions, a secure XML-based language used by Web services in the exchange of authentication information and security credentials from one site to another, or for users to gain access to other applications
· Digitally sign audit logs to ensure overall integrity by establishing a mechanism to detect tampering of audit records

“The very nature of online exchanges with highly variable usage patterns and requirement to be “always-on’, forces us to take system scalability and cost of ownership very seriously”, said Reddy Velagala, VP Services at Evincible. “We evaluated products from competing hardware vendors, and selected nCipher as having one of the most scalable and robust hardware encryption technologies available, matching our requirements for end-to-end security in online trading applications”.

Overall project integration was performed by @stake, a digital security consulting firm based in Cambridge, MA. “Exostar’s encryption solution needed to meet the stringent requirements of its unique customer base of defense and aerospace users. By offering a FIPS 140 (Federal Information Processing Standard) validated HSM that offers flexible key management and scalable hardware encryption, nCipher’s nShield was a perfect fit for Exostar’s security needs,” said Andrew Jaquith, Program Director, @stake.

“The Exostar online trading exchange is a great example of a highly sophisticated security application using a hardware cryptographic platform to achieve several security objectives,” said Richard Moulds, VP Marketing at nCipher. “We are very pleased to be supporting these types of advanced customer applications, demonstrating the value of hardware based cryptography to provide end-to-end security for online applications.”

About Exostar

Exostar is an electronic business service provider built for and with the $400 billion aerospace and defense industry. Exostar connects manufacturers, suppliers and customers in a highly secure virtual marketplace for sourcing, commerce and collaboration. Exostar’s objective is to create value for members by reducing process costs and improving cycle times. It does this by providing on-line services and tools that the global aerospace and defense industry uses to standardize eBusiness processes and systems. Exostar’s founding partners are BAE SYSTEMS (LSE:BA), Boeing (NYSE:BA), Lockheed Martin Corp. (NYSE:LMT), Raytheon Co. (NYSE:RTN, RTNB) and Rolls-Royce (LSE:RR). For more information, please visit

About Evincible LLC
Evincible was founded with a single purpose in mind: to strengthen and protect e-business. Our focus is providing products that bridge the integration chasm between business applications and security components such as PKI. Our products shelter our customers from the complexity of developing these connections making the process of implementing e-business security: simple, cost effective, flexible and complete.

About @Stake
@stake provides corporations with digital security services that secure critical infrastructure and electronic relationships. @stake applies industry expertise and pioneering research to design and build secure business solutions. As the first company to develop an empirical model measuring the Return On Security Investment (ROSI), @stake works where security and business intersect. Through its SmartRisk methodology and proprietary tools, @stake delivers world-class consulting and education to its clients, including four of the world’s ten largest banks, premier financial institutions, global telecommunications and wireless service providers, and leaders in biotechnology, manufacturing, media, online gaming, and utilities. Headquartered in Cambridge, MA, @stake has offices in Denver, Hamburg, London, New York, Raleigh, San Francisco, and Seattle. For more information, go to

About nCipher
nCipher is redefining cryptographic security to protect points of risk across the enterprise-from network appliances to Web servers, to custom software applications and back-end databases. nCipher provides hardware and software solutions that enable organizations to implement best practice security by addressing the challenges of cryptographic key management and performance. Many of the world’s leading organizations-from Microsoft and Barclays Bank to PricewaterhouseCoopers and the U.S. Navy-rely on nCipher to deliver a sound e-security infrastructure. nCipher’s products are particularly well suited to organizations with high volumes of security-sensitive transactions, such as banking and financial institutions, government departments, e-retailers and online service providers.

nCipher is listed on the London Stock Exchange as a TechMARK 100 company (LSE:NCH) with offices in Cambridge, UK; Boston, New York, Paris, Hamburg and Tokyo. For more information on nCipher, visit

Don't miss