Creation of OATH, Cross-Industry Reference Architecture to Support Strong Authentication Across All Networks, Applications and Devices
SAN FRANCISCO, RSA Conference 2004, Feb. 23 /PRNewswire-FirstCall/ – VeriSign, Inc. (Nasdaq: VRSN – News), the leading provider of critical infrastructure services for the Internet and telecommunications networks, today announced the Open Authentication reference architecture (OATH), a revolutionary approach designed to accelerate the adoption of strong authentication technology across all networks. Leveraging existing standards and an open reference platform, OATH will ensure that secure user and device credentials can be provisioned and verified by a wide variety of industry-leading software and hardware solutions, removing traditional barriers to widespread adoption.
Strong Authentication connotes a stringent level of security that combines a user ID with a software or hardware ‘token’ to form a unique credential that validates a user’s identity when accessing a network or software application. It represents a foundational element for delivering on the promise of trusted commerce, communications, and content over public networks.
Traditional approaches, where online identities are secured only by static passwords, are becoming increasingly vulnerable to attacks, resulting in unauthorized network access and more recently, widespread identity theft. Existing two-factor authentication approaches, while more effective, are often too expensive and complex to deploy and their lack of interoperability poses significant barriers to adoption. An industry-wide collaborative effort to promote Strong Authentication will remove these barriers and broaden enterprises’ use of the Internet to communicate, collaborate, and conduct commerce in new ways.
“As we’ve seen with personal computers, networking, and other advances, ubiquitous adoption of any technology requires a fundamental shift from proprietary to open architecture,” said Stratton Sclavos, chairman and CEO, VeriSign. “An open, standards-based Strong Authentication architecture, such as OATH, will be a key enabler and accelerator of secure communications and commerce. Customers demand choice, flexibility, and investment protection. Today’s announcement supplies the missing pieces and sets forth a path for the industry to offer a multitude of affordable solutions that can be deployed with unprecedented ease and scale.”
OATH: A Collaborative Effort for Strong Authentication
Leading hardware and software providers have joined with VeriSign in support for the OATH reference architecture, which leverages widely adopted protocols and technology (for example, LDAP and RADIUS) as its foundation. In addition, the companies will develop and promote new open specifications for credential provisioning and One Time Password (OTP) algorithms. These specifications will be brought forward and refined within appropriate groups, including the IETF, TCG, and Smart Card Alliance.
As an end-result, device manufacturers, software vendors, and service providers who develop OATH-compliant products will be able to create and offer interoperable solutions for network, application and content protection. The OATH architecture calls for a new, more versatile generation of physical tokens that can combine three authentication methods, including OTP, PKI-based authentication (using X509.v3 certificates,) and SIM-based authentication (for GSM and 3G networks.) Armed with such flexibility, the same device will be capable of securely authenticating an end-user across multiple networks and applications with much greater flexibility and interoperability.
By adopting OATH, customers will benefit from more technology choices, seamless integration and lower total cost of ownership. They will also be able to leverage their existing network, application, and directory infrastructures instead of having to purchase and deploy proprietary solutions.
“By working with a key cross-section of the industry, including hardware manufacturers and infrastructure providers, VeriSign hopes to drive a much-needed revolution in the authentication market,” said Mark Griffiths, vice president, Authentication Services, VeriSign Security Services. “As OATH adoption takes hold, we will see real-time authentication requirements move from enterprise to Internet scale. In addition to a full suite of OATH compliant solutions delivered in conjunction with partners, VeriSign will also be introducing the first network-based authentication utility. Leveraging our ATLAS infrastructure, this new service will offer unlimited scale and reliability further reducing the complexity and cost of enterprise deployment.”
For more information on OATH, please go to: http://www.openauthentication.org .
An initial proposal for the reference architecture is available at http://www.openauthentication.org/resources.asp .
VeriSign, Inc. delivers critical infrastructure services that make the Internet and telecommunications networks more intelligent, reliable and secure. Every day VeriSign helps thousands of businesses and millions of consumers connect, communicate, and transact with confidence. Additional news and information about the company is available at http://www.verisign.com .