om Cruise could have been stopped. As agent Ethan Hunt in the film Mission Impossible, Cruise trips up retinal scan, fingerprint and voiceprint security systems and ferrets out identification codes to gain entry to the CIA's "secure room" and download the agency's most sensitive data. But agent Hunt would have hit a virtual brick wall had he been trying to break in via the Internet and faced the data security and electronic identification systems designed, marketed and managed by Joseph Vignaly '82, Jeffrey Breed '85, Jeanne Gorman '87 and others of GTE CyberTrust Solutions.
In the real world of high-tech online data security, "you can't do a 'Tom Cruise,'" says Vignaly, director of marketing and business development for CyberTrust. "The security breaches through which Cruise and his coterie easily assumed and discarded identities in cyberspace could not have happened if our company's certification authority system had been in place."
One of Vignaly's favorite New Yorker cartoons illustrates pointedly the pitfalls of doing business over the Net, where people and businesses are known only through the electronic facades they present to other users. The cartoon shows a dog sitting at a computer. The caption reads, "No one knows you're a dog on the Internet." CyberTrust helps customers and vendors unveil the Net's "dogs" by providing a reliable means to verify the identity of another user.
This is more than a matter of satisfying one's curiosity. Being able to certify the identity of an individual, a business or a Web site is critical to the secure conduct of communication and commerce over networks. Banks want to know that users making withdrawals are entitled to the money. Retailers want to know that a customer is authorized to make purchases with the credit card number he's presenting. Stock brokers want to feel confident they know who they are trading with. And consumers want to know that the Web businesses they patronize are legitimate.
Vignaly says that it is also important to everyone doing business over the Net that their transactions have not been tampered with while in transit. "If someone issues a stock trade online, asking a broker to sell 100 shares, he wants to be assured that the broker gets the message he sent, and not one that's been changed to say, 'Sell 1,000 shares of stock.'"
To establish electronic identities, CyberTrust uses digital certificates that verify that all parties involved in a transaction are who they say they are. "Digital certificates are basically a means to securely identify yourself over the Internet. They are like a passport or a driver's license," Vignaly explains.
The certificates, which use the Secure Electronic Transaction (SET) protocol, can also be used to control access to data and Web sites, to ensure privacy for Internet transactions, to assure the secure transmission and integrity of sensitive information, like credit card numbers, and to provide proof that an electronic transaction has taken place. The key to the integrity of the certificates is that they are "signed" by a trusted third party, a certification authority like CyberTrust, which binds its own digital identity to the certificate's public and private keys (for more on public-key cryptography, see How Private? How Safe?).
Vignaly says digital certificates are safer and more reliable than traditional means of verifying the identity of computer users, including passwords and PIN numbers. "There's no way you can use PINs or passwords over and over again and keep them secure," he says. "Usually, the more PINs and passwords people have to remember, the easier they make them, increasing the risk of misuse and theft. With digital certificates, there's nothing to remember."
Vignaly cites the Wall Street Journal's on-line subscriber service as an ideal candidate for digital certificates. Currently, each subscriber gets a password to access the Journal's Web site. But when a password is given to somebody who has not paid to use the service, the newspaper loses revenue. "Digital certificates enable companies to limit use of their services and products to an individual rather than to a password," he says.
CyberTrust Solutions is a three-year-old commercial initiative for GTE, a telecommunications company known worldwide for developing government and defense communications systems and equipment. Its customers include the National Security Agency. CyberTrust evolved from work that GTE Government Systems was doing in high-security cryptography-specifically, developing key management systems for governments. The parent company quickly recognized that its electronic security products had wide-ranging commercial applications that could be tailored to business customers' specific security needs. "Bankers, retailers, credit card companies and other business clients seek the confidence, protection and privacy of traditional, face-to-face transactions as they conduct business by highly impersonal electronic means," Vignaly says.
"Our philosophy is that while the technology is new, the relationships between vendor and client have remained the same. What you need to know is that the people you're talking to are who you think they are. The traditional standards of trust that begin with eye contact and a handshake are not possible when you move business and legal transactions onto the Internet."
Not long after Vignaly went to work for GTE he moved from doing project-focused engineering to managing programs, then on to product management in what he calls a step-by-step migration. Along the way, he earned an M.B.A. at Babson College. Today he is fully immersed in the product side of the business, but finds that his solid understanding of the technology behind each project serves him well. At times, it causes his nontechnical colleagues to confer upon him a little mystique he believes is unwarranted.
"I do absolutely nothing related to my degree in mechanical engineering now," he says. "The advantage I have is that WPI taught me to break down a problem, analyze it, solve it, get it running and move on to the next project. While others might throw up their hands and say, 'It's math; I can't do it,' my technical background enables me to answer the broad questions and give potential customers an explanation of what's going on with the products we promote."
Jeff Breed's career has also evolved considerably since he joined GTE in 1985. Back then, the products he works with today-in fact, the whole electronic security industry itself-did not exist. He started out doing hardware design and eventually moved into customer support. In his current post as program manager, he oversees the development of complicated software solutions to electronic security problems that customers bring to CyberTrust. "We define the appropriate platform on which to run the certification authority software package we offer," he says. "Then we help integrate the customer's existing technology with the new platform, build the business around it, and train the customer to use it."
Breed says it is no surprise that GTE likes to hire WPI graduates. In addition to the obvious geographic considerations, Breed says WPI alumni are a natural fit at CyberTrust because of the strong technical and project-oriented education they bring to the company. "The focus on project work at WPI is important because that's the way industry works," he says. "The technical projects I worked on at WPI helped me think in broader terms and recognize how my work affects the work of others. I also think WPI attracts well-rounded people who have a broad array of interests and good communications skills."
GTE's CyberTrust division also employs David J. Altieri '76, Timothy J. Dray '85, Mohamed Dembele '95, Jorge Guajardo '95, Anu Karna '98, Richard L. Laferriere '89, Sergey Perepelitsa '96 M.S., Eugene R. Valois '89 and Benjamin Wu '94 M.S., and has been adding one or two new WPI grads a year. GTE and CyberTrust also work on other projects with WPI faculty and graduate students, including electrical and computer engineering professor Cristof Paar (see Keys to the Future).
Like Vignaly and Breed, Jeanne Gorman is working in an area she didn't foresee when she joined the company. "I went right to GTE after graduation thinking I would design hardware," says the electrical engineering major, who now works on access-control products. "I've had five different jobs at GTE as the communications projects I worked on slowly evolved into more security-related projects. I work on anything 'desktop': Web-servers, Internet and extranet (a subset of Internet) applications, business to business transactions-mostly with banking and telecommunications customers who are looking for technical solutions."
All three graduates see the financial and telecommunications industries as the most interesting and forward-thinking global markets when it comes to electronic security. "American Express and MasterCard are our cornerstone customers," says Vignaly. "We provide certification authority services to them from our Needham facility. We also have a number of international telecommunications customers, including Deutsche Telecom, Telecom Italia, and SwissCom, and a joint venture underway with Japan's NTT and the Nomura Research Institute."
Looking ahead, Vignaly sees the technology evolving and expanding as the company works to outpace high customer demand worldwide with solutions that provide even greater levels of security and reliability.
Last Updated: 11/20/98 8:52:50 EST