About ISC – Information Security Corporation

Information Security Corporation (ISC) is headquartered in Oak Park, IL with additional regional offices in Rochester, NY, Arlington, VA, and Santa Cruz, CA. The company was founded in 1989 by Thomas Venn and Michael Markowitz to develop and market data security products based on public key cryptography. For its first two decades, ISC focused on the Federal Government market, but in the last decade has become increasingly involved in the private sector.

Company Background

ISC specializes in the design and development of cybersecurity solutions for:

PKI credential management,
automated provisioning of relying applications,
encryption, and
authentication.

CDK 8.0, the cryptographic module on which all of our current products are based, has been awarded FIPS 140-2 Validation Certificate #3105 by NIST and the Communication Security Establishment (CSE) of the Government of Canada. Our RSA, DSA, ECDSA, AES, TDES, SHS, SHA-3, HMAC, CVL, DRBG, KAS, and KTS implementations have all been certified by NIST for compliance with the relevant Federal Information Processing Standards. The CDK is available as a collection of Windows Dynamic Link Libraries (DLLs) or COM objects, or as object module libraries for various UNIX platforms.

After several years of participation in the IEEE 1363 standards process, ISC implemented Elliptic Curve Cryptography (ECC) and currently uses it in CertAgent and SecretAgent. It is also available to developers as part of our CDKs.

A Brief Corporate History

ISC gained special recognition in the early 90’s for developing the first commercial implementations of the Digital Signature and Secure Hash Algorithms (DSA/SHA), schemes adopted by NIST as mandatory government standards for sender and message authentication (FIPS 186 and FIPS 180-1). Mr. Venn and Dr. Markowitz were awarded Vice President Al Gore’s Hammer award for their participation in one particular GSA program (the FTS2001 bidding process) that used this early product (dsaSIGN).

The popular SecretAgent encryption utility debuted in 1991 and was followed by a fully DoD PKI-compliant release in 1999. SecretAgent supports X.509 certificates and CRLs from a variety of commercial Certificate Authorities (CAs) and offers the latest in encryption and digital signature technology to ensure the confidentiality, integrity, and authenticity of your data. SecretAgent also supports an optional key recovery scheme. This product is widely used throughout the U.S. Federal Government as well as by numerous Fortune 100 corporations.

In 1998, ISC was tasked by NSA to develop the first commercial “software FORTEZZA” product, i.e., a version of SecretAgent that supported MSP version 1 certificates and used the NIST EES (“Skipjack”) for bulk encryption and the DoD-classified KEA algorithm for key exchange. NSA demonstrated ISC’s solution at a TechNet conference that year, showing it to be fully interoperable with a hardware-based system using a FORTEZZA PCMCIA card.

In the last two decades, ISC has focused on the development of a host of certificate lifecycle management applications and cryptographic web services, while continuing to enhance SecretAgent (the latest iteration of which includes transparent rule-based file protection and centralized enterprise-scaleable configuration and management features). CertAgent, an affordable, fully-functional X.509 certificate authority first released in 2001, was recently awarded NIAP Common Criteria certification and was the first fully-qualified CA to appear on the NSA CSfC approved components list.