Creation of OATH, Cross-Industry Reference Architecture to Support Strong
Authentication Across All Networks, Applications and Devices
SAN FRANCISCO, RSA Conference 2004, Feb. 23 /PRNewswire-FirstCall/ --
VeriSign, Inc. (Nasdaq: VRSN), the leading provider of critical infrastructure
services for the Internet and telecommunications networks, today announced the
Open Authentication reference architecture (OATH), a revolutionary approach
designed to accelerate the adoption of strong authentication technology across
all networks. Leveraging existing standards and an open reference platform,
OATH will ensure that secure user and device credentials can be provisioned
and verified by a wide variety of industry-leading software and hardware
solutions, removing traditional barriers to widespread adoption.
Strong Authentication connotes a stringent level of security that combines
a user ID with a software or hardware 'token' to form a unique credential that
validates a user's identity when accessing a network or software application.
It represents a foundational element for delivering on the promise of trusted
commerce, communications, and content over public networks.
Traditional approaches, where online identities are secured only by static
passwords, are becoming increasingly vulnerable to attacks, resulting in
unauthorized network access and more recently, widespread identity theft.
Existing two-factor authentication approaches, while more effective, are often
too expensive and complex to deploy and their lack of interoperability poses
significant barriers to adoption. An industry-wide collaborative effort to
promote Strong Authentication will remove these barriers and broaden
enterprises' use of the Internet to communicate, collaborate, and conduct
commerce in new ways.
"As we've seen with personal computers, networking, and other advances,
ubiquitous adoption of any technology requires a fundamental shift from
proprietary to open architecture," said Stratton Sclavos, chairman and CEO,
VeriSign. "An open, standards-based Strong Authentication architecture, such
as OATH, will be a key enabler and accelerator of secure communications and
commerce. Customers demand choice, flexibility, and investment protection.
Today's announcement supplies the missing pieces and sets forth a path for the
industry to offer a multitude of affordable solutions that can be deployed
with unprecedented ease and scale."
OATH: A Collaborative Effort for Strong Authentication
Leading hardware and software providers have joined with VeriSign in
support for the OATH reference architecture, which leverages widely adopted
protocols and technology (for example, LDAP and RADIUS) as its foundation. In
addition, the companies will develop and promote new open specifications for
credential provisioning and One Time Password (OTP) algorithms. These
specifications will be brought forward and refined within appropriate groups,
including the IETF, TCG, and Smart Card Alliance.
As an end-result, device manufacturers, software vendors, and service
providers who develop OATH-compliant products will be able to create and offer
interoperable solutions for network, application and content protection. The
OATH architecture calls for a new, more versatile generation of physical
tokens that can combine three authentication methods, including OTP, PKI-based
authentication (using X509.v3 certificates,) and SIM-based authentication (for
GSM and 3G networks.) Armed with such flexibility, the same device will be
capable of securely authenticating an end-user across multiple networks and
applications with much greater flexibility and interoperability.
By adopting OATH, customers will benefit from more technology choices,
seamless integration and lower total cost of ownership. They will also be able
to leverage their existing network, application, and directory infrastructures
instead of having to purchase and deploy proprietary solutions.
"By working with a key cross-section of the industry, including hardware
manufacturers and infrastructure providers, VeriSign hopes to drive a
much-needed revolution in the authentication market," said Mark Griffiths,
vice president, Authentication Services, VeriSign Security Services. "As OATH
adoption takes hold, we will see real-time authentication requirements move
from enterprise to Internet scale. In addition to a full suite of OATH
compliant solutions delivered in conjunction with partners, VeriSign will also
be introducing the first network-based authentication utility. Leveraging our
ATLAS infrastructure, this new service will offer unlimited scale and
reliability further reducing the complexity and cost of enterprise
deployment."
For more information on the organizations working with VeriSign, and
endorsing the OATH architecture, please see the attached quote sheet.
For more information on OATH, please go to:
http://www.openauthentication.org .
An initial proposal for the reference architecture is available at
http://www.openauthentication.org/resources.asp .
About VeriSign
VeriSign, Inc. delivers critical infrastructure services that make the
Internet and telecommunications networks more intelligent, reliable and
secure. Every day VeriSign helps thousands of businesses and millions of
consumers connect, communicate, and transact with confidence. Additional news
and information about the company is available at http://www.verisign.com .
Statements in this announcement other than historical data and information
constitute forward-looking statements within the meaning of Section 27A of the
Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934.
These statements involve risks and uncertainties that could cause VeriSign's
actual results to differ materially from those stated or implied by such
forward-looking statements. The potential risks and uncertainties include,
among others, VeriSign's limited operating history under its current business
structure; uncertainty of future revenue and profitability and potential
fluctuations in quarterly operating results; the ability of VeriSign to
successfully develop and market new services and customer acceptance of any
new services; the risk that VeriSign's announced strategic relationships may
not result in additional products, services, customers and revenues; increased
competition and pricing pressures; and risks related to potential security
breaches. More information about potential factors that could affect the
company's business and financial results is included in VeriSign's filings
with the Securities and Exchange Commission, including in the company's Annual
Report on Form 10-K for the year ended December 31, 2002 and quarterly reports
on Form 10-Q. VeriSign undertakes no obligation to update any of the forward-
looking statements after the date of this press release.
INDUSTRY SUPPORT FOR OATH
ACTIVCARD:
"By participating in the Open Authentication Reference Architecture,
ActivCard will lend its leadership and expertise towards establishing trusted
digital identities as a key component of secure communications and
transactions. Consistent with ActivCard's mission, the establishment and
support of industry standards for strong authentication are essential for
broad market acceptance and for providing lowest total cost of ownership."
Ed MacBeth, vice president of strategic alliances at ActivCard
ALADDIN:
"OATH Reference Architecture will provide validation of two-factor
authentication as a mission critical element in network security. Aladdin's
market proven eToken technology, and our newly launched device incorporating
both smartcard-based PKI and OTP functionality, the industry's first-ever,
will support the OATH architecture."
Avishai Ziv, vice president of business development at Aladdin Knowledge
Systems
ARM:
"ARM firmly believes in the Open Authentication Initiative and the part it
will play in enabling a higher standard of security in mobile devices. Mobile
security is of increasing concern as cellular phones and PDAs become a
pervasive computing environment .Use of the ARM(R) TrustZone(TM) solution in a
Strong Authentication framework is a positive step for deploying M-Commerce in
portable devices."
Tiago Alves, product manager, TrustZone technology, ARM
AUTHENEX:
"Authentication is similar to the lock that opens the door to the network
castle. Network security efforts have been concentrated on building thick
walls, gated windows and reinforced doors, but the lock itself is weak. The
adoption of OATH will deliver a strong authentication lock at a lower cost to
safeguard every network."
Henry Hon, executive vice president, Authenex
AVENTAIL:
"SSL VPN technology is driving huge growth in anywhere application layer
access from an unprecedented breadth of Internet-enabled devices. This level
of access makes strong authentication for business partners and employees even
more critical, but the cost of deploying strong authentication can be cost
prohibitive. The OATH initiative will allow more enterprises to securely use
the Internet and SSL VPNs as a business tool because it will drive the cost of
strong authentication deployments down."
Sarah Daniels, vice president of product management and marketing,
Aventail Corporation
AXALTO:
"Axalto e-gate USB smart cards bring a unique combination to OATH of
portability, simplicity and the strongest cryptographic capabilities
available. This initiative also opens up the ability to deliver higher value
and interoperability to our customers through practical integration with
important existing initiatives. The portable, secure identification supplied
by e-gate USB tokens when combined with the Axalto One-Time Password or Axalto
DeXa. Badge Identity Management solution makes a strong addition to the OATH
initiative."
Francois Lasnier, vice president, Access and ID, Axalto
BEA SYSTEMS:
"Strong authentication based on open standards supports our quest to
provide our enterprise customers with a strong application security
infrastructure that's easy to use, integrate and deploy. Using the WebLogic
Security Provider SSPI, WebLogic customers will be able to take full advantage
of the benefits of OATH architecture."
George Kassabgi, vice president and general manager, application security
infrastructure, BEA Systems
GEMPLUS:
"Open Architecture has proven to be valuable for an entire eco-system,
bringing healthy competition together with strong industry support. We believe
the industry needs direction. Currently, there isn't one solution for end-user
authentication, rather multiple methods and solutions that must match diverse
criteria, such as Enterprise IT security and Remote network access, be it
Wireless or fixed. Gemplus believes this the OATH Reference Architecture will
trigger new market opportunities by allowing Wireless Service providers to
enable Business Travelers to remotely access their Enterprise resources."
Philippe Martineau, vice president, WLAN, Gemplus
HP:
"An open standards-based approach for stronger user authentication will
allow enterprises to be more adaptive, better manage costs, and mitigate
risks. Security needs to be built-in, not a bolt-on. The industry needs to
work together towards a more interoperable standards-based approach to the use
of authentication technologies in IT. HP sees the OATH initiative as a step in
the right direction. HP will work with VeriSign and others to contribute to
the completion of the OATH proposals and take them to the appropriate industry
standards bodies."
Tony Redmond, vice president and head of HP's Security Office
IBM:
"Our customers want an open specification around strong authentication,
and we look forward to working with VeriSign to bring this specification to a
standards body for consideration. We plan to be the first to deliver an
integrated identity management solution that works with OATH, giving our
customers the power to provision identities to applications, operating systems
and network devices."
Joe Anthony, director of integrated identity management, Tivoli Software,
IBM
RAINBOW TECHNOLOGIES:
"Open standards-based strong authentication will enable customers in all
vertical markets, including government agencies, to share more critical
information over a wider boundary while increasing information security. We
look forward to working with VeriSign to deliver open and easy-to-deploy
authentication solutions such as USB tokens that can securely contain multiple
credentials."
Michael Williams, vice president of business development, Rainbow
Technologies.
SOURCE VeriSign, Inc.
 back to top
Related links:
http://www.verisign.com
CONTACT:
media, Brendan P. Lewis, +1-650-426-4470, or
brlewis@verisign.com, or investors, Kathleen Bare,
+1-650-426-3241, or kbare@verisign.com, both of VeriSign
|
