Bulk Provisioning Protocol and Symmetric Key Container drafts submitted to
IETF; HOTP draft accepted as RFC 4226
SAN JOSE, Calif., Feb. 15 /PRNewswire/ -- RSA CONFERENCE 2006 -- OATH, the
Initiative for Open AuTHentication, today announced that its member companies
endorsed the submission of two new drafts for a 'Portable Symmetric Key
Container' format and 'XKMS Provisioning of OATH Shared Secret Keys' to the
Internet Engineering Task Force (IETF). This marks another milestone in
OATH's mission to drive the ubiquity of strong authentication technology
across all networks, applications, and devices through an open-standards-based
approach.
The Portable Symmetric Key Container Internet draft defines a standard
format for importing, exporting or provisioning symmetric key based
credentials between different systems. With increasing use of symmetric key
based authentication systems such as one time password (OTP) and challenge
response systems this specification will promote vendor interoperability and
enable customers to deploy best-of-breed solutions.
XKMS Provisioning of OATH Shared Secret Keys Internet draft specifies a
means of bulk provisioning of symmetric keys (e.g. OATH credentials) between
different systems. The specification can also be extended to support
registration of symmetric keys for other cryptographic protocols. This
protocol is primarily targeted towards bulk provisioning use cases that were
outlined in the OATH Reference Architecture.
The following OATH members made significant contributions to these drafts:
-- ActivIdentity
-- Axalto
-- BMC Software
-- Diversinet
-- PortWise
-- VeriSign
These submissions follow the approval of an earlier OATH endorsed
specification by the IETF to a RFC. In December 2005, IETF approved the
Internet draft for 'HOTP: An HMAC-Based One-Time Password Algorithm' as RFC
4226. The RFC is available publicly at http://www.ietf.org/rfc/rfc4226.txt .
Bank of America announced their satisfaction in OATH's rapid progress on
its open and interoperable framework for strong authentication. The bank
believes OATH's growing membership expands the range of convenient methods for
authenticating Internet transactions based on consumer preferences and
business requirements.
"Vendor lock-in is one of the key concerns for enterprises deploying
strong authentication," said Siddharth Bajaj, Director of Advanced Products
and Research at VeriSign and Chair of the Technology Focus Group for OATH. "We
are excited at OATH to continue addressing this concern by delivering
specifications identified in the OATH roadmap on schedule."
"By achieving its technology milestones, OATH stands as a growing and
influential force in establishing specifications for an open-standards-based
approach to strong authentication," said John Gunn, vice president of global
marketing for Aladdin Knowledge Systems, an OATH member. "We're delighted to
be a part of this industry-wide movement to make it simpler for enterprises
and individuals to conduct secure online transactions and communications."
About the Initiative for Open AuTHentication
The Initiative for Open AuTHentication (OATH) is the industry's leading
collaboration of device, platform and application companies, and end user
customers of authentication technologies. OATH participants hope to foster use
of strong authentication across networks, devices and applications. OATH
participants work collectively to facilitate standards and build a reference
architecture for open authentication while evangelizing the benefits of strong
interoperable authentication in a networked world. As OATH grows, the
organization is actively seeking feedback and technology contributions from
end-user participants who share a common vision for open authentication
technology and the products that provide this important measure of security.
OATH is dedicated to helping customers reduce the cost and complexity of
deploying strong authentication within enterprises, and across the Internet.
Since its formation, OATH's membership includes security industry leaders from
token manufacturers, platform vendors, smartcard providers, and security
services companies. End user companies are joining OATH to add their voice
and ideas towards the goal of open authentication.
Some current OATH members include: ActivIdentity, Inc.; Aladdin Knowledge
Systems; AOL; ARM; Assa Abloy ITG; Authenex, Inc.; Aventail Corporation;
Axalto; BMC Software; CertiSign Digital; Checkpoint Software Technologies;
Citrix Systems; Crypto Intelligence; Deepnet Technologies; Diamelle; Digital
Persona; Discretix Technologies; Diversinet Corp.; DynaSig Corp.; Encentuate;
Entrust Technologies, Inc.; Forum Systems, Inc.; Gemplus Corp; IBM; Identita;
Identity Engines; Imprivata; iovation, Inc.; IronKey; Iteon; Juniper Networks,
Inc.; K.K. Athena Smartcard Solutions; Livo Technologies SA; nCryptone;
Passgo; Passlogix, Inc.; Phoenix Technologies Ltd.; PortWise, Inc.; RedCannon
Security, Inc.; SafLink; SafeNet, Inc.; SanDisk; Signify; Smart Card Alliance;
SPYRUS; TriCipher, Inc.; VASCO Data Security; VeriSign, Inc.; 41st Parameter;
and Xelios Systems.
To join OATH, go to: http://www.openauthentication.org/membership.asp .
Access the enrollment form by visiting:
http://www.openauthentication.org/membership_form.asp .
To learn more about OATH, e-mail info@openauthentication.org or visit
http://www.openauthentication.org .
All company and product names are trademarks of their respective holders.
Contact:
Dan Chmielewski
Madison Alexander PR, Inc.
949-231-2965
dchm@madisonalexanderpr.com
Joann Killeen
Madison Alexander PR, Inc.
310-476-6491
joannk@madisonalexanderpr.com
SOURCE OATH
 back to top
Related links:
http://www.openauthentication.org
CONTACT:
Dan Chmielewski, +1-949-231-2965,
dchm@madisonalexanderpr.com , or Joann Killeen, +1-310-476-6491,
joannk@madisonalexanderpr.com , both of Madison Alexander PR,
Inc.
|
