HP UX Security Products and Features Software HP’s Paradigm Shift

Common Data Security Architecture (CDSA) White Paper

What Is CDSA?

promote interoperability. The syntax for expressing PKCS definitions are based on the Abstract Syntax Notation One (ASN.1), which is defined in two ISO standards that describe data syntax and encoding.

While these higher-level protocols provide the basis for secure Internet application interoperability, the APIs of the cryptographic libraries give the application developer access to the cryptographic algorithms necessary to ensure data privacy, authentication, and integrity. CDSA provides a comprehensive set of the cryptographic building-block libraries, much like other cryptographics libraries already available to application developers.

HP’s Paradigm Shift

By offering CDSA, HP changes the way software developers can approach writing and disseminating commercial security applications.

HP’s license agreement allows developers to write applications that make free use of CDSA and to market the application as a product without paying royalties. The code is available on HP platforms on a right-to-use (not right-to-distribute) basis. HP places no limitations on how the cryptographic libraries can be used, in that any application can link to it or use it, royalty-free.

Large and small developers alike benefit from the likelihood that the CDSA crypto APIs will become pervasive through their adoption by the Open Group. Application developers will benefit from the portability of code written using CDSA APIs. An application written with CDSA APIs and linked against a CDSA library on a particular platform could be moved to any other platform as long as the other platform had the appropriate CDSA library. No code would have to be modified to make use of the same cryptographic capabilities or functionality. As long as the other system has CDSA, you would simply have to recompile.

U.S. application developers implementing CDSA may need to seek U.S. government approval for the export or reexport of their products due to the export control nature of certain cryptography technologies and implementations. In addition, the import and use of certain products with cryptography in some countries may require local country authorization. You should consult with proper government authorities or your legal counsel before distributing your products with cryptography.