Royal Mail Selects nCipher to Provide Secure Online Services

Cambridge, UK – xx October 2003 – nCipher plc (LSE:NCH) ), a leading provider of cryptographic IT security solutions, today announces Royal Mail has selected nCipher’s nShieldâ„? hardware security modules (HSMs) to help deliver safe internet transactions and services from its web site www.royalmail.com. As well as providing postcodes online, mail and parcel tracking and philately services, the popular Internet portal also allows customers to shop for travel insurance and foreign currency and to pay bills online.

Central to the success and reputation of the Royal Mail Web site is adherence to the highest industry standards in Web site security in order to offer safe internet transactions to all of its customers. In particular, Royal Mail wanted to be sure that they were following best security practice in relation to stringent data privacy legislation relating to financial and other personal information. They needed to deploy a highly secure solution for the storage and retrieval of confidential customer information including credit card and bank details.

Working together with nCipher, Royal Mail has implemented a solution which protects customer data by encrypting it inside a tamper-resistant nShield HSM, ensuring that access to this sensitive data can be strictly controlled. This means that unencrypted credit card or bank account details are never stored where they may be open to external or internal attack. The sensitive cryptographic keys used to perform the encryption process are also stored and managed within the nCipher HSM which has been independently validated to the Federal Information Processing Standard (FIPS 140-2 Level 3) – one of the industry’s most stringent security standards. Were it not for the use of the nCipher HSM these keys and the encryption process would be unprotected in the open memory space of the host server where they might be vulnerable to key-finding attacks.

“We considered deploying software based encryption products but when it became clear that the security of the encryption keys could not be guaranteed we decided to adopt a more secure approach and establish a tamper-resistant hardware-based security environment,” says Martin Roe, Security and Integrity Manager for Royal Mail eBusiness. “nCipher’s name is synonymous with security, basing a solution on nCipher’s best of breed HSMs allows us to deliver a highly secure e-business infrastructure which also ensures current and future compliance with privacy legislation relating to the storage of personal customer details.”

“Online customers are becoming increasingly concerned with the safety of online transactions, services and customer data, so a successful Web site is one they can trust” says Colin Bastable, vice president international sales at nCipher. “nCipher is the market leader in applying hardware-based cryptography security to manage and protect customer data and has enabled Royal Mail to develop a Web site secured to the highest level.”

The system is now live and currently has more than 3 million users per day.

About Royal Mail
Royal Mail Group plc is a public limited company wholly owned by the Government, with annual sales in excess of £8 billion and more than 200,000 employees.

Our marketplace is changing rapidly and we are providing hundreds of services to meet new demands – from electronic billing to banking, from warehousing to customer returns.

Through our trusted brands, we reach everybody every working day in mail, parcels and express services and Post Office branches. Today, we are reinventing our business to meet the changing needs of our customers and the demands of competition. Our goal is to be the world’s leading postal service. www.royalmail.com

About nCipher
nCipher is redefining cryptographic security to protect points of risk across the enterprise – from network appliances to Web servers, to custom software applications and back-end databases. nCipher provides hardware and software solutions that enable organizations to implement best practice security by addressing the challenges of cryptographic key management and performance. Many of the world’s leading organizations – from Microsoft and Barclays Bank to PricewaterhouseCoopers and the U.S. Navy – rely on nCipher to deliver a sound e-security infrastructure. nCipher’s products are particularly well suited to organizations with high volumes of security-sensitive transactions, such as banking and financial institutions, government departments, e-retailers and online service providers. nCipher is listed on the London Stock Exchange (LSE:NCH) and is a member of the FTSE TechMARK and FTSE4Good indices with offices in Cambridge, UK; Boston, Seattle, Paris, Hamburg, Singapore and Tokyo. For more information on nCipher, visit www.ncipher.com