Certicom Corp. has announced movianCrypt, software that encrypts all data on handheld devices that use the Palm OS, to protect valuable corporate information in the event the device is lost or stolen.

The product is the second in Certicom's new movian line, following the March announcement of movianVPN, a virtual private network client for wireless handheld devices running Palm 0S and Windows CE.

Tracy Grover, product manager for movianCrypt, says there are more than 20 million PDAs in use and Gartner Group predicts another 30 million will ship by 2004. About 40% of Palm devices are paid for by enterprises and some 80% of them sync with corporate PCs in the workplace, Grover says.

The standard security modules provided with the devices are easily hacked, she says, using password cracking tools widely available on the Internet.

movianEncrypt is intended to get around these issues by encrypting all data using the 128-bit Rijndael encryption algorithm, which is slated to become the federal government's Advanced Encryption Standard (AES). The initial version works with devices running Palm OS 3.0 or above, and the Handspring Visor Series running Palm OS 3.1 and above. A version for Windows CE is due out soon.

The product encrypts all data on the device, not just files in certain folders, Grover says. Files are decrypted as they are opened, but she says the process happens so fast that it's imperceptible to the user. Files are encrypted again after they are closed, using spare processor cycles so as not to diminish PDA performance. Users can disable encryption on a per-application basis.

Users must enter a pass phrase when they log in to the device, but the phrase is never stored on the PDA so it can't be lifted from it or cracked. Rather, the phrase is used to create a hash that unlocks a copy of a digital key; the key authenticates the user to the device.

movianCrypt can be downloaded from the Certicom Web site for $39.95, or $34.95 in quantities of 10 to 99.

www.certicom.com